In Progress Please Help

Status
This thread has been Locked and is not open to further replies. Please start a New Thread if you're having a similar issue. View our Welcome Guide to learn how to use this site.

froggie2

Thread Starter
Joined
Oct 15, 2017
Messages
22
Tech Support Guy System Info Utility version 1.0.0.4
OS Version: Microsoft Windows 10 Home, 64 bit
Processor: Intel(R) Core(TM) i5-5200U CPU @ 2.20GHz, Intel64 Family 6 Model 61 Stepping 4
Processor Count: 4
RAM: 8107 Mb
Graphics Card: Intel(R) HD Graphics 5500, 1024 Mb
Hard Drives: C: 886 GB (833 GB Free); D: 24 GB (23 GB Free);
Motherboard: LENOVO, Lenovo G70-80
Antivirus: Avira Antivirus, Enabled and Updated

My computer ran a test today then came up on Lenovo Solution Center. Failed Storage devices, Target Read test, Random seek test, Smart Short self test. sm1000lm024 hn-m101mbb-931.51 gbs, Result Code-whd01voom-um7vki. Before this when running updates for my laptop I got error code0x8e5e03fa. I worked with Tech support guy Macboatmaster now he has sent me here for your help.
 

askey127

Malware Specialist
Joined
Dec 22, 2006
Messages
3,721
Hi Froggie,
Let's see if we can find any malware/adware that could cause the errors.
-----------------------------------------------------------
Download and Run the Farbar Scan Tool
  • Download FRST64 and save to your Desktop.
  • Double click Frst64.exe to launch it.
  • FRST64 will start to run.
    • When the tool opens click Yes to disclaimer.
    • Press the Scan button.
    • When finished scanning, 2 logs will open on your Desktop, FRST.txt and Addition.txt
    • Please post them in your next reply.
If you lose track of them, they will be saved in the same location as FRST64.exe
Feel free to use separate replies if it's more convenient.

askey127
 

froggie2

Thread Starter
Joined
Oct 15, 2017
Messages
22
Hi Froggie,
Let's see if we can find any malware/adware that could cause the errors.
-----------------------------------------------------------
Download and Run the Farbar Scan Tool
  • Download FRST64 and save to your Desktop.
  • Double click Frst64.exe to launch it.
  • FRST64 will start to run.
    • When the tool opens click Yes to disclaimer.
    • Press the Scan button.
    • When finished scanning, 2 logs will open on your Desktop, FRST.txt and Addition.txt
    • Please post them in your next reply.
If you lose track of them, they will be saved in the same location as FRST64.exe
Feel free to use separate replies if it's more convenient.

askey127
First page:
Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 21-10-2017
Ran by Frogg (administrator) on LAPTOP-Q70T35AI (22-10-2017 13:31:36)
Running from C:\Users\Frogg\Downloads
Loaded Profiles: Frogg (Available Profiles: Frogg)
Platform: Windows 10 Home Version 1607 14393.576 (X64) Language: English (United States)
Internet Explorer Version 11 (Default browser: Edge)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/
==================== Processes (Whitelisted) =================
(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
(Intel Corporation) C:\Windows\System32\igfxCUIService.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\Antivirus\sched.exe
(SUPERAntiSpyware.com) C:\Program Files\SUPERAntiSpyware\SASCore64.exe
(Lenovo Group Limited) C:\Program Files\Lenovo\ImController\Service\Lenovo.Modern.ImController.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\Antivirus\avguard.exe
(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes Anti-Exploit\mbae-svc.exe
(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes Anti-Exploit\mbae64.exe
(Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v3.0\WPF\PresentationFontCache.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\Antivirus\avshadow.exe
(Windows (R) Win 7 DDK provider) C:\Windows\System32\AdminService.exe
(Conexant Systems Inc.) C:\Windows\System32\CxAudMsg64.exe
(ELAN Microelectronics Corp.) C:\Program Files\Elantech\ETDService.exe
(Lenovo) C:\Program Files (x86)\Lenovo\GDCAgentSetupRed\GDCAgent.exe
(Intel Corporation) C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe
(Conexant Systems, Inc.) C:\Windows\SysWOW64\SASrv.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\Launcher\Avira.ServiceHost.exe
(ELAN Microelectronics Corp.) C:\Program Files\Elantech\ETDCtrl.exe
(ELAN Microelectronics Corp.) C:\Program Files\Elantech\ETDCtrlHelper.exe
(ELAN Microelectronics Corp.) C:\Program Files\Elantech\ETDIntelligent.exe
(Intel Corporation) C:\Windows\System32\igfxEM.exe
(Intel Corporation) C:\Windows\System32\igfxHK.exe
() C:\Windows\System32\igfxTray.exe
(Lenovo Group Limited) C:\Program Files (x86)\Lenovo\ImController\PluginHost\Lenovo.Modern.ImController.PluginHost.SettingsApp.exe
(Microsoft Corporation) C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\RemindersServer.exe
() C:\Program Files\WindowsApps\Microsoft.SkypeApp_11.19.856.0_x64__kzf8qxf38zg5c\SkypeHost.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\Antivirus\avgnt.exe
(Conexant Systems, Inc.) C:\Program Files\CONEXANT\cAudioFilterAgent\CAudioFilterAgent64.exe
(Lenovo(beijing) Limited) C:\ProgramData\Lenovo\ImController\Plugins\IdeaOSDPackage\x64\utility.exe
(CyberLink Corp.) C:\Program Files (x86)\Lenovo\Lenovo Photo Master\PhotoMasterImportAgent.exe
(CyberLink) C:\Program Files (x86)\Lenovo\Power2Go\CLMLSvc_P2G8.exe
(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes Anti-Exploit\mbae.exe
(Lenovo) C:\Program Files\Lenovo\Lenovo Solution Center\LSCNotify.exe
(Intel Corporation) C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\Launcher\Avira.Systray.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
() C:\Program Files\WindowsApps\Microsoft.Windows.Photos_2017.35063.13610.0_x64__8wekyb3d8bbwe\Microsoft.Photos.exe
(Microsoft Corporation) C:\Windows\ImmersiveControlPanel\SystemSettings.exe
(Microsoft Inc.) C:\Program Files\WindowsApps\Microsoft.MicrosoftSolitaireCollection_3.17.8162.0_x64__8wekyb3d8bbwe\Solitaire.exe
(Microsoft Corporation) C:\Windows\System32\smartscreen.exe
(Microsoft Corporation) C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe
(Microsoft Corporation) C:\Windows\System32\browser_broker.exe
(Microsoft Corporation) C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe
(Microsoft Corporation) C:\Windows\System32\InstallAgent.exe
(Microsoft Corporation) C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe
(Microsoft Corporation) C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe
(Adobe Systems Incorporated) C:\Windows\System32\Macromed\Flash\FlashUtil_ActiveX.exe
==================== Registry (Whitelisted) ===========================
(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
HKLM\...\Run: [cAudioFilterAgent] => C:\Program Files\Conexant\cAudioFilterAgent\cAudioFilterAgent64.exe [919768 2014-11-20] (Conexant Systems, Inc.)
HKLM\...\Run: [SmartAudio] => C:\Program Files\CONEXANT\SAII\SACpl.exe [1830616 2014-04-10] (Conexant Systems, Inc.)
HKLM\...\Run: [ETDCtrl] => C:\Program Files\Elantech\ETDCtrl.exe [3743648 2015-06-25] (ELAN Microelectronics Corp.)
HKLM\...\Run: [IAStorIcon] => C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe [322472 2015-07-22] (Intel Corporation)
HKLM\...\Run: [LenovoUtility] => C:\ProgramData\Lenovo\ImController\Plugins\IdeaOSDPackage\x64\utility.exe [911272 2017-07-27] (Lenovo(beijing) Limited)
HKLM-x32\...\Run: [CanonQuickMenu] => C:\Program Files (x86)\Canon\Quick Menu\CNQMMAIN.EXE [1282120 2013-05-02] (CANON INC.)
HKLM-x32\...\Run: [CLMLServer_For_P2G8] => C:\Program Files (x86)\Lenovo\Power2Go\CLMLSvc_P2G8.exe [110344 2014-09-09] (CyberLink)
HKLM-x32\...\Run: [CLVirtualDrive] => C:\Program Files (x86)\Lenovo\Power2Go\VirtualDrive.exe [492808 2014-09-09] (CyberLink Corp.)
HKLM-x32\...\Run: [Malwarebytes Anti-Exploit] => C:\Program Files (x86)\Malwarebytes Anti-Exploit\mbae.exe [2480592 2017-09-18] (Malwarebytes Corporation)
HKU\S-1-5-21-1293126154-4048386552-4034077246-1001\...\Run: [PhotoMasterImportAgent] => C:\Program Files (x86)\Lenovo\Lenovo Photo Master\PhotoMasterImportAgent.exe [675608 2016-09-22] (CyberLink Corp.)
HKU\S-1-5-21-1293126154-4048386552-4034077246-1001\Control Panel\Desktop\\SCRNSAVE.EXE -> C:\WINDOWS\system32\ssText3d.scr [231936 2016-07-16] (Microsoft Corporation)
==================== Internet (Whitelisted) ====================
(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
Tcpip\Parameters: [DhcpNameServer] 192.168.1.254
Tcpip\..\Interfaces\{a9a399cd-803e-4174-88b9-f40a611e34a8}: [DhcpNameServer] 150.209.1.3
Tcpip\..\Interfaces\{c9c87feb-4467-44d6-9c17-895a069e7cd4}: [DhcpNameServer] 192.168.1.254
Internet Explorer:
==================
HKU\S-1-5-21-1293126154-4048386552-4034077246-1001\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://lenovo15.msn.com/?pc=LCTE
HKU\S-1-5-21-1293126154-4048386552-4034077246-1001\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://lenovo15.msn.com/?pc=LCTE
HKU\S-1-5-21-1293126154-4048386552-4034077246-1001\Software\Microsoft\Internet Explorer\Main,Secondary Start Pages = hxxp://mystart.lenovo.com
SearchScopes: HKU\S-1-5-21-1293126154-4048386552-4034077246-1001 -> DefaultScope {2108C12A-C289-40BB-BF3B-7A0FDB79C6E1} URL =
SearchScopes: HKU\S-1-5-21-1293126154-4048386552-4034077246-1001 -> {2108C12A-C289-40BB-BF3B-7A0FDB79C6E1} URL =
BHO: Canon Easy-WebPrint EX BHO -> {3785D0AD-BFFF-47F6-BF5B-A587C162FED9} -> C:\Program Files\Canon\Easy-WebPrint EX\ewpexbho.dll [2015-02-23] (CANON INC.)
BHO-x32: Canon Easy-WebPrint EX BHO -> {3785D0AD-BFFF-47F6-BF5B-A587C162FED9} -> C:\Program Files (x86)\Canon\Easy-WebPrint EX\ewpexbho.dll [2015-02-23] (CANON INC.)
Toolbar: HKLM - Canon Easy-WebPrint EX - {759D9886-0C6F-4498-BAB6-4A5F47C6C72F} - C:\Program Files\Canon\Easy-WebPrint EX\ewpexhlp.dll [2015-02-23] (CANON INC.)
Toolbar: HKLM-x32 - Canon Easy-WebPrint EX - {759D9886-0C6F-4498-BAB6-4A5F47C6C72F} - C:\Program Files (x86)\Canon\Easy-WebPrint EX\ewpexhlp.dll [2015-02-23] (CANON INC.)
Edge:
======
Edge Extension: (Adblock Plus) -> 10_EyeoGmbHAdblockPlus_d55gg7py3s0m0 => C:\Program Files\WindowsApps\EyeoGmbH.AdblockPlus_0.9.9.0_neutral__d55gg7py3s0m0 [2016-11-04]
Edge Extension: (AdBlock) -> EdgeExtension_BetaFishAdBlock_c1wakc4j0nefm => C:\Program Files\WindowsApps\BetaFish.AdBlock_1.12.0.0_neutral__c1wakc4j0nefm [2017-05-02]
Edge Extension: (LastPass: Free Password Manager) -> hdokiejnpimakedhajhdlcegeplioahd_LastPassLastPassFreePasswordManager_qq0fmhteeht3j => C:\Program Files\WindowsApps\LastPass.LastPassFreePasswordManager_4.1.45.0_neutral__qq0fmhteeht3j [2017-06-23]
FireFox:
========
FF ProfilePath: C:\Users\Frogg\AppData\Roaming\Mozilla\Firefox\Profiles\lFD1FhPA.default [2017-10-12]
FF DefaultSearchEngine.US: Mozilla\Firefox\Profiles\lFD1FhPA.default -> Google
FF Extension: (Avira Browser Safety) - C:\Users\Frogg\AppData\Roaming\Mozilla\Firefox\Profiles\lFD1FhPA.default\Extensions\[email protected] [2016-10-02]
FF Extension: (Adblock Plus Pop-up Addon) - C:\Users\Frogg\AppData\Roaming\Mozilla\Firefox\Profiles\lFD1FhPA.default\Extensions\[email protected] [2016-06-17]
FF Extension: (Firefox Hotfix) - C:\Users\Frogg\AppData\Roaming\Mozilla\Firefox\Profiles\lFD1FhPA.default\Extensions\[email protected] [2016-09-11]
FF Extension: (Avira SafeSearch Plus) - C:\Users\Frogg\AppData\Roaming\Mozilla\Firefox\Profiles\lFD1FhPA.default\Extensions\[email protected] [2017-02-01]
FF Extension: (LastPass) - C:\Users\Frogg\AppData\Roaming\Mozilla\Firefox\Profiles\lFD1FhPA.default\Extensions\[email protected] [2016-04-22]
FF Extension: (Facebook Phishing Protector) - C:\Users\Frogg\AppData\Roaming\Mozilla\Firefox\Profiles\lFD1FhPA.default\Extensions\{023e9ca0-63f3-47b1-bcb2-9badf9d9ef28}.xpi [2016-06-01]
FF Extension: (NoScript) - C:\Users\Frogg\AppData\Roaming\Mozilla\Firefox\Profiles\lFD1FhPA.default\Extensions\{73a6fe31-595d-460b-a920-fcc0f8843232}.xpi [2016-09-05]
FF Extension: (Adblock Plus) - C:\Users\Frogg\AppData\Roaming\Mozilla\Firefox\Profiles\lFD1FhPA.default\Extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi [2016-06-01]
FF Plugin: @adobe.com/FlashPlayer -> C:\WINDOWS\system32\Macromed\Flash\NPSWF64_27_0_0_170.dll [2017-10-16] ()
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\WINDOWS\SysWoW64\Macromed\Flash\NPSWF32_27_0_0_170.dll [2017-10-16] ()
FF Plugin-x32: @canon.com/EPPEX -> C:\Program Files (x86)\Canon\My Image Garden\AddOn\CIG\npmigfpi.dll [2011-11-30] (CANON INC.)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.33.5\npGoogleUpdate3.dll [2017-04-27] (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.33.5\npGoogleUpdate3.dll [2017-04-27] (Google Inc.)
Chrome:
=======
CHR HomePage: Default -> hxxps://news.google.com/
CHR StartupUrls: Default -> "hxxps://news.google.com/news?pz=1&hl=en&tab=nn"
CHR NewTab: Default -> Not-active:"chrome-extension://jelapgibppoamgnfbjgochimdakalbob/stubby.html", Not-active:"chrome-extension://ipmkfpcnmccejididiaagpgchgjfajgp/html/newtab.html"
CHR DefaultSearchURL: Default -> hxxps://www.bing.com/search?q={searchTerms}&PC=U316&FORM=CHROMN
CHR DefaultSearchKeyword: Default -> bing.com
CHR DefaultNewTabURL: Default -> hxxps://www.bing.com/chrome/newtab
CHR DefaultSuggestURL: Default -> hxxps://www.bing.com/osjson.aspx?query={searchTerms}&language={language}&PC=U316
CHR Profile: C:\Users\Frogg\AppData\Local\Google\Chrome\User Data\Default [2017-10-20]
CHR Extension: (Magic Actions for YouTube™) - C:\Users\Frogg\AppData\Local\Google\Chrome\User Data\Default\Extensions\abjcfabbhafbcdfjoecdgepllmpfceif [2017-10-17]
CHR Extension: (Docs) - C:\Users\Frogg\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2017-10-14]
CHR Extension: (Google Drive) - C:\Users\Frogg\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2016-03-23]
CHR Extension: (Spider Solitaire) - C:\Users\Frogg\AppData\Local\Google\Chrome\User Data\Default\Extensions\bcopgabdbdohekgeabpbfhledmdahkpe [2016-03-23]
CHR Extension: (YouTube) - C:\Users\Frogg\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2016-03-23]
CHR Extension: (Dominoes) - C:\Users\Frogg\AppData\Local\Google\Chrome\User Data\Default\Extensions\bomhoanbpkeifgklbpebekfgblgficjn [2017-09-26]
CHR Extension: (Adblock Plus) - C:\Users\Frogg\AppData\Local\Google\Chrome\User Data\Default\Extensions\cfhdojbkjhnklbpkdaibdccddilifddb [2017-09-26]
CHR Extension: (Mahjongg Mahjongg) - C:\Users\Frogg\AppData\Local\Google\Chrome\User Data\Default\Extensions\djgifnjpclblfhjamijejgmmmajndglm [2016-03-23]
CHR Extension: (Solitaire Games) - C:\Users\Frogg\AppData\Local\Google\Chrome\User Data\Default\Extensions\eljmkmbmhmgmpmmbkagbobpmpocacdbo [2016-03-23]
CHR Extension: (Sheets) - C:\Users\Frogg\AppData\Local\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2017-10-14]
CHR Extension: (Avira Browser Safety) - C:\Users\Frogg\AppData\Local\Google\Chrome\User Data\Default\Extensions\flliilndjeohchalpbbcdekjklbdgfkk [2017-06-07]
CHR Extension: (Google Docs Offline) - C:\Users\Frogg\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2016-03-24]
CHR Extension: (Medical Dictionary & News) - C:\Users\Frogg\AppData\Local\Google\Chrome\User Data\Default\Extensions\gldgjlicknhpandoncpoeajjlebjlhgk [2017-05-12]
CHR Extension: (Pinterest Save Button) - C:\Users\Frogg\AppData\Local\Google\Chrome\User Data\Default\Extensions\gpdjojdkbbmdfjfahjcgigfpmkopogic [2017-10-14]
CHR Extension: (LastPass: Free Password Manager) - C:\Users\Frogg\AppData\Local\Google\Chrome\User Data\Default\Extensions\hdokiejnpimakedhajhdlcegeplioahd [2017-10-17]
CHR Extension: (Avira SafeSearch Plus) - C:\Users\Frogg\AppData\Local\Google\Chrome\User Data\Default\Extensions\ipmkfpcnmccejididiaagpgchgjfajgp [2017-06-10]
CHR Extension: (DiscoverAncestry) - C:\Users\Frogg\AppData\Local\Google\Chrome\User Data\Default\Extensions\jelapgibppoamgnfbjgochimdakalbob [2017-05-17]
CHR Extension: (Hidden Object Games) - C:\Users\Frogg\AppData\Local\Google\Chrome\User Data\Default\Extensions\kfcjejipaofdlncnaamfgpailbolbpll [2016-03-23]
CHR Extension: (Solitaire Games - World Collection) - C:\Users\Frogg\AppData\Local\Google\Chrome\User Data\Default\Extensions\kpmleklkkbobaonglkhkedkjofilkfjk [2016-03-23]
CHR Extension: (Mahjong Cook) - C:\Users\Frogg\AppData\Local\Google\Chrome\User Data\Default\Extensions\loambmkdgoagobnnemmjiebofdblfipp [2016-03-23]
CHR Extension: (Mahjong Solitaire) - C:\Users\Frogg\AppData\Local\Google\Chrome\User Data\Default\Extensions\neojceinbonpjjcokpokpeobkhcpiloc [2016-03-23]
CHR Extension: (Chrome Web Store Payments) - C:\Users\Frogg\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2017-08-22]
CHR Extension: (Addiction Solitaire) - C:\Users\Frogg\AppData\Local\Google\Chrome\User Data\Default\Extensions\pccpnfkgaclkfihepjegbbpnhbncelfb [2016-03-23]
CHR Extension: (Gmail) - C:\Users\Frogg\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2016-03-23]
CHR Extension: (Chrome Media Router) - C:\Users\Frogg\AppData\Local\Google\Chrome\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm [2017-09-26]
CHR Extension: (Send Link by Email or Gmail) - C:\Users\Frogg\AppData\Local\Google\Chrome\User Data\Default\Extensions\plcgkgghkdfgfhiidfjkhmainebgmklf [2016-03-23]
CHR HKLM\...\Chrome\Extension: [flliilndjeohchalpbbcdekjklbdgfkk] - hxxps://clients2.google.com/service/update2/crx
CHR HKLM\...\Chrome\Extension: [ipmkfpcnmccejididiaagpgchgjfajgp] - hxxps://clients2.google.com/service/update2/crx
CHR HKLM-x32\...\Chrome\Extension: [flliilndjeohchalpbbcdekjklbdgfkk] - hxxps://clients2.google.com/service/update2/crx
CHR HKLM-x32\...\Chrome\Extension: [ipmkfpcnmccejididiaagpgchgjfajgp] - hxxps://clients2.google.com/service/update2/crx
==================== Services (Whitelisted) ====================
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
R2 !SASCORE; C:\Program Files\SUPERAntiSpyware\SASCORE64.EXE [172344 2014-07-22] (SUPERAntiSpyware.com)
S2 AntiVirMailService; C:\Program Files (x86)\Avira\Antivirus\avmailc7.exe [1128432 2017-10-05] (Avira Operations GmbH & Co. KG)
R2 AntiVirSchedulerService; C:\Program Files (x86)\Avira\Antivirus\sched.exe [490968 2017-10-05] (Avira Operations GmbH & Co. KG)
R2 AntiVirService; C:\Program Files (x86)\Avira\Antivirus\avguard.exe [490968 2017-10-05] (Avira Operations GmbH & Co. KG)
S2 AntiVirWebService; C:\Program Files (x86)\Avira\Antivirus\avwebg7.exe [1525240 2017-10-05] (Avira Operations GmbH & Co. KG)
R2 Avira.ServiceHost; C:\Program Files (x86)\Avira\Launcher\Avira.ServiceHost.exe [408944 2017-10-16] (Avira Operations GmbH & Co. KG)
S2 CCSDK; C:\Program Files (x86)\Lenovo\CCSDK\CCSDK.exe [688992 2017-02-27] (Lenovo)
R2 ETDService; C:\Program Files\Elantech\ETDService.exe [134888 2015-06-25] (ELAN Microelectronics Corp.)
R2 GDCAgent; C:\Program Files (x86)\Lenovo\GDCAgentSetupRed\GDCAgent.exe [1155512 2015-07-29] (Lenovo)
R2 IAStorDataMgrSvc; C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe [18856 2015-07-22] (Intel Corporation)
R2 igfxCUIService2.0.0.0; C:\WINDOWS\system32\igfxCUIService.exe [373680 2017-05-26] (Intel Corporation)
R2 ImControllerService; C:\Program Files\Lenovo\ImController\Service\Lenovo.Modern.ImController.exe [68416 2017-09-08] (Lenovo Group Limited)
S3 LSC.Services.SystemService; C:\Program Files\Lenovo\Lenovo Solution Center\App\LSC.Services.SystemService.exe [273232 2016-06-02] (Lenovo)
R2 MbaeSvc; C:\Program Files (x86)\Malwarebytes Anti-Exploit\mbae-svc.exe [155088 2017-09-18] (Malwarebytes Corporation)
S3 WdNisSvc; C:\Program Files\Windows Defender\NisSrv.exe [347328 2016-07-16] (Microsoft Corporation)
S3 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [103720 2016-07-16] (Microsoft Corporation)
S4 ReimageRealTimeProtector; C:\Program Files\Reimage\Reimage Protector\ReiGuard.exe [X]
===================== Drivers (Whitelisted) ======================
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
R0 avdevprot; C:\WINDOWS\System32\DRIVERS\avdevprot.sys [60920 2017-10-05] (Avira Operations GmbH & Co. KG)
R2 avgntflt; C:\WINDOWS\System32\DRIVERS\avgntflt.sys [176224 2017-10-05] (Avira Operations GmbH & Co. KG)
R1 avipbb; C:\WINDOWS\system32\DRIVERS\avipbb.sys [167464 2017-10-05] (Avira Operations GmbH & Co. KG)
R1 avkmgr; C:\WINDOWS\system32\DRIVERS\avkmgr.sys [44488 2017-10-05] (Avira Operations GmbH & Co. KG)
R2 avnetflt; C:\WINDOWS\system32\DRIVERS\avnetflt.sys [88488 2017-10-05] (Avira Operations GmbH & Co. KG)
R0 avusbflt; C:\WINDOWS\System32\Drivers\avusbflt.sys [38048 2017-10-05] (Avira Operations GmbH & Co. KG)
R1 CLVirtualDrive; C:\WINDOWS\system32\DRIVERS\CLVirtualDrive.sys [91912 2013-11-12] (CyberLink)
S3 dg_ssudbus; C:\WINDOWS\system32\DRIVERS\ssudbus.sys [131984 2017-05-18] (Samsung Electronics Co., Ltd.)
R1 ESProtectionDriver; C:\Program Files (x86)\Malwarebytes Anti-Exploit\mbae64.sys [77440 2017-09-18] ()
R3 ETDSMBus; C:\WINDOWS\system32\DRIVERS\ETDSMBus.sys [31136 2015-05-27] (ELAN Microelectronic Corp.)
S3 NetAdapterCx; C:\WINDOWS\System32\drivers\NetAdapterCx.sys [90624 2016-07-16] ()
S3 NETwNe64; C:\WINDOWS\System32\drivers\NETwew01.sys [3343872 2015-10-30] (Intel Corporation)
R3 rt640x64; C:\WINDOWS\System32\drivers\rt640x64.sys [886528 2015-05-28] (Realtek )
R3 RTSUER; C:\WINDOWS\system32\Drivers\RtsUer.sys [410880 2015-07-03] (Realsil Semiconductor Corporation)
R3 rtsuvc; C:\WINDOWS\system32\DRIVERS\rtsuvc.sys [3059416 2015-06-11] (Realtek Semiconductor Corp.)
R1 SASDIFSV; C:\Program Files\SUPERAntiSpyware\SASDIFSV64.SYS [14928 2011-07-22] (SUPERAdBlocker.com and SUPERAntiSpyware.com)
R1 SASKUTIL; C:\Program Files\SUPERAntiSpyware\SASKUTIL64.SYS [12368 2011-07-12] (SUPERAdBlocker.com and SUPERAntiSpyware.com)
S3 ssudmdm; C:\WINDOWS\system32\DRIVERS\ssudmdm.sys [166288 2017-05-18] (Samsung Electronics Co., Ltd.)
S3 WdBoot; C:\WINDOWS\system32\drivers\WdBoot.sys [44056 2016-07-16] (Microsoft Corporation)
S3 WdFilter; C:\WINDOWS\system32\drivers\WdFilter.sys [290144 2016-07-16] (Microsoft Corporation)
S3 WdNisDrv; C:\WINDOWS\System32\Drivers\WdNisDrv.sys [123232 2016-07-16] (Microsoft Corporation)
S3 wsvd; C:\WINDOWS\system32\DRIVERS\wsvd.sys [102376 2012-06-13] ("CyberLink)
==================== NetSvcs (Whitelisted) ===================
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

==================== One Month Created files and folders ========
(If an entry is included in the fixlist, the file/folder will be moved.)
2017-10-22 13:31 - 2017-10-22 13:32 - 000021124 _____ C:\Users\Frogg\Downloads\FRST.txt
2017-10-22 13:31 - 2017-10-22 13:31 - 000000000 ____D C:\FRST
2017-10-22 13:29 - 2017-10-22 13:30 - 002402816 _____ (Farbar) C:\Users\Frogg\Downloads\FRST64.exe
2017-10-18 03:28 - 2017-10-18 03:28 - 000000000 ___HD C:\OneDriveTemp
2017-10-17 16:26 - 2017-10-17 16:31 - 000748192 _____ (TechGuy, Inc.) C:\Users\Frogg\Downloads\SysInfo.exe
2017-10-16 13:06 - 2017-10-16 13:06 - 000003374 _____ C:\WINDOWS\System32\Tasks\Avira_Antivirus_Systray
2017-10-16 13:06 - 2017-10-16 13:06 - 000000000 ____H C:\WINDOWS\system32\Drivers\Msft_Kernel_avusbflt_01011.Wdf
2017-10-16 13:06 - 2017-10-05 18:53 - 000176224 _____ (Avira Operations GmbH & Co. KG) C:\WINDOWS\system32\Drivers\avgntflt.sys
2017-10-16 13:06 - 2017-10-05 18:53 - 000167464 _____ (Avira Operations GmbH & Co. KG) C:\WINDOWS\system32\Drivers\avipbb.sys
2017-10-16 13:06 - 2017-10-05 18:53 - 000088488 _____ (Avira Operations GmbH & Co. KG) C:\WINDOWS\system32\Drivers\avnetflt.sys
2017-10-16 13:06 - 2017-10-05 18:53 - 000060920 _____ (Avira Operations GmbH & Co. KG) C:\WINDOWS\system32\Drivers\avdevprot.sys
2017-10-16 13:06 - 2017-10-05 18:53 - 000044488 _____ (Avira Operations GmbH & Co. KG) C:\WINDOWS\system32\Drivers\avkmgr.sys
2017-10-16 13:06 - 2017-10-05 18:53 - 000038048 _____ (Avira Operations GmbH & Co. KG) C:\WINDOWS\system32\Drivers\avusbflt.sys
2017-10-16 01:09 - 2017-10-17 09:26 - 080740352 _____ C:\WINDOWS\system32\config\SOFTWARE
2017-10-15 23:29 - 2017-10-16 01:09 - 000000000 ____D C:\WINDOWS\Microsoft Antimalware
2017-10-15 14:08 - 2017-10-15 14:08 - 000033818 _____ C:\Users\Frogg\Documents\Report.html
2017-10-12 14:52 - 2017-10-12 14:52 - 000000000 ____D C:\Users\Public\Documents\CyberLink
2017-10-11 19:09 - 2017-10-11 19:09 - 000000000 ____D C:\WINDOWS\System32\Tasks\Event Viewer Tasks
2017-10-10 14:49 - 2017-10-10 14:49 - 126925120 ____C (Microsoft Corporation) C:\WINDOWS\system32\MRT-KB890830.exe
2017-10-09 11:34 - 2017-10-09 11:34 - 000000000 ____H C:\WINDOWS\system32\Drivers\Msft_User_iMDriver_01_11_00.Wdf
2017-10-09 11:26 - 2017-09-08 03:57 - 000103744 _____ (Lenovo Group Limited.) C:\WINDOWS\system32\ImController.CoInstaller.dll
2017-10-09 11:26 - 2017-09-08 03:57 - 000039744 _____ (Lenovo Group Limited) C:\WINDOWS\system32\ImController.InfInstaller.exe
2017-10-09 11:23 - 2017-09-08 03:57 - 002365296 _____ (Microsoft Corporation) C:\WINDOWS\system32\WudfUpdate_01011.dll
2017-10-09 11:23 - 2017-09-08 03:57 - 000266560 _____ (Lenovo Group Limited) C:\WINDOWS\system32\iMDriverHelper.dll
2017-10-09 10:40 - 2017-10-09 10:40 - 000000000 ____D C:\Program Files (x86)\Citrix
2017-10-09 10:39 - 2017-10-09 10:39 - 000000000 ____D C:\Users\Frogg\AppData\Local\GoToAssist Corporate
2017-10-07 13:12 - 2017-10-07 13:13 - 000414188 _____ C:\WINDOWS\Minidump\100717-37390-01.dmp
2017-10-07 13:12 - 2017-10-07 13:12 - 000000000 _____ C:\WINDOWS\system32\reimage.rep
2017-10-07 12:56 - 2017-10-07 12:56 - 000012710 _____ C:\WINDOWS\system32\Native.exe
2017-10-04 09:32 - 2017-10-04 09:32 - 000004352 _____ C:\WINDOWS\System32\Tasks\ReimageUpdater
2017-10-04 09:31 - 2017-10-11 21:03 - 000000000 ____D C:\Program Files\Reimage
2017-10-04 09:31 - 2017-10-10 12:36 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Reimage Repair
2017-10-04 09:31 - 2017-10-04 09:32 - 000000000 ____D C:\ProgramData\Reimage Protector
2017-10-04 09:29 - 2017-10-09 12:00 - 000000157 _____ C:\WINDOWS\Reimage.ini
==================== One Month Modified files and folders ========
(If an entry is included in the fixlist, the file/folder will be moved.)
2017-10-22 12:47 - 2016-09-17 06:17 - 000000000 ____D C:\WINDOWS\system32\SleepStudy
2017-10-22 10:12 - 2016-07-16 07:36 - 000000000 ____D C:\WINDOWS\CbsTemp
2017-10-20 09:04 - 2016-03-25 16:58 - 000000000 ____D C:\ProgramData\Malwarebytes Anti-Exploit
2017-10-18 22:54 - 2016-07-16 07:47 - 000000000 ____D C:\WINDOWS\AppReadiness
2017-10-18 03:32 - 2016-11-21 09:43 - 000288457 _____ C:\WINDOWS\system32\InstallUtil.InstallLog
2017-10-18 03:28 - 2016-03-22 23:23 - 000000000 ___RD C:\Users\Frogg\OneDrive
2017-10-18 03:27 - 2016-09-17 06:26 - 000000000 ____D C:\Users\Frogg
2017-10-18 03:27 - 2016-09-17 06:19 - 000000180 _____ C:\WINDOWS\system32\{A6D608F0-0BDE-491A-97AE-5C4B05D86E01}.bat
2017-10-18 03:27 - 2016-03-22 23:20 - 000000000 __SHD C:\Users\Frogg\IntelGraphicsProfiles
2017-10-18 00:16 - 2016-07-16 07:47 - 000000000 ____D C:\WINDOWS\LiveKernelReports
2017-10-17 22:30 - 2016-07-16 07:47 - 000000000 ___HD C:\Program Files\WindowsApps
2017-10-17 13:00 - 2016-03-23 00:00 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Avira
2017-10-17 13:00 - 2016-02-22 18:32 - 000000000 ____D C:\ProgramData\Package Cache
2017-10-17 11:55 - 2016-03-22 23:59 - 000000000 ____D C:\Temporary Holding Folder
2017-10-17 09:26 - 2016-09-17 06:46 - 000000006 ____H C:\WINDOWS\Tasks\SA.DAT
2017-10-17 09:26 - 2016-07-16 02:04 - 000786432 _____ C:\WINDOWS\system32\config\BBI
2017-10-16 20:26 - 2016-07-16 07:47 - 000000000 ____D C:\WINDOWS\SysWOW64\Macromed
2017-10-16 20:26 - 2016-07-16 07:47 - 000000000 ____D C:\WINDOWS\system32\Macromed
2017-10-16 13:06 - 2016-03-23 00:00 - 000000000 ____D C:\ProgramData\Avira
2017-10-16 13:06 - 2016-03-23 00:00 - 000000000 ____D C:\Program Files (x86)\Avira
2017-10-15 20:27 - 2016-07-16 02:04 - 000032768 _____ C:\WINDOWS\system32\config\ELAM
2017-10-13 09:10 - 2017-07-28 10:16 - 000000000 ____D C:\Program Files\rempl
2017-10-12 18:27 - 2016-07-16 07:49 - 000835576 _____ (Adobe Systems Incorporated) C:\WINDOWS\SysWOW64\FlashPlayerApp.exe
2017-10-12 18:27 - 2016-07-16 07:49 - 000177656 _____ (Adobe Systems Incorporated) C:\WINDOWS\SysWOW64\FlashPlayerCPLApp.cpl
2017-10-12 14:44 - 2016-03-25 16:58 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Exploit
2017-10-12 14:44 - 2016-03-25 16:58 - 000000000 ____D C:\Program Files (x86)\Malwarebytes Anti-Exploit
2017-10-10 14:50 - 2016-03-23 23:25 - 000000000 ____D C:\WINDOWS\system32\MRT
2017-10-10 14:48 - 2016-03-23 23:25 - 126925120 ____C (Microsoft Corporation) C:\WINDOWS\system32\MRT.exe
2017-10-10 12:35 - 2016-03-22 23:20 - 000000000 ____D C:\Users\Frogg\AppData\Local\Packages
2017-10-10 12:32 - 2016-12-10 22:15 - 000007597 _____ C:\Users\Frogg\AppData\Local\resmon.resmoncfg
2017-10-10 12:31 - 2016-05-29 14:51 - 000000000 ____D C:\Users\Frogg\AppData\Local\ElevatedDiagnostics
2017-10-10 12:27 - 2016-07-16 07:47 - 000000000 ____D C:\WINDOWS\system32\NDF
2017-10-09 11:27 - 2016-07-16 07:45 - 000000000 ____D C:\WINDOWS\INF
2017-10-07 13:12 - 2017-01-12 21:00 - 000000000 ____D C:\WINDOWS\Minidump
2017-10-07 13:12 - 2016-08-09 10:21 - 1223975283 _____ C:\WINDOWS\MEMORY.DMP
2017-09-26 18:01 - 2016-03-23 00:08 - 000002279 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk
==================== Files in the root of some directories =======
2016-12-10 22:15 - 2017-10-10 12:32 - 000007597 _____ () C:\Users\Frogg\AppData\Local\resmon.resmoncfg
2016-09-17 06:20 - 2016-09-17 06:20 - 000000000 ____H () C:\ProgramData\DP45977C.lfl
Some files in TEMP:
====================
2017-10-04 09:31 - 2017-10-04 09:31 - 013489912 _____ (Reimage) C:\Users\Frogg\AppData\Local\Temp\ReimagePackage.exe
2016-08-16 03:48 - 2016-08-16 03:48 - 000488960 _____ () C:\Users\Frogg\AppData\Local\Temp\sqlite3.exe
==================== Bamital & volsnap ======================
(There is no automatic fix for files that do not pass verification.)
C:\WINDOWS\system32\winlogon.exe => File is digitally signed
C:\WINDOWS\system32\wininit.exe => File is digitally signed
C:\WINDOWS\explorer.exe => File is digitally signed
C:\WINDOWS\SysWOW64\explorer.exe => File is digitally signed
C:\WINDOWS\system32\svchost.exe => File is digitally signed
C:\WINDOWS\SysWOW64\svchost.exe => File is digitally signed
C:\WINDOWS\system32\services.exe => File is digitally signed
C:\WINDOWS\system32\User32.dll => File is digitally signed
C:\WINDOWS\SysWOW64\User32.dll => File is digitally signed
C:\WINDOWS\system32\userinit.exe => File is digitally signed
C:\WINDOWS\SysWOW64\userinit.exe => File is digitally signed
C:\WINDOWS\system32\rpcss.dll => File is digitally signed
C:\WINDOWS\system32\dnsapi.dll => File is digitally signed
C:\WINDOWS\SysWOW64\dnsapi.dll => File is digitally signed
C:\WINDOWS\system32\Drivers\volsnap.sys => File is digitally signed
LastRegBack: 2017-10-21 08:52
==================== End of FRST.txt ============================

Page 2
Additional scan result of Farbar Recovery Scan Tool (x64) Version: 21-10-2017
Ran by Frogg (22-10-2017 13:32:42)
Running from C:\Users\Frogg\Downloads
Windows 10 Home Version 1607 14393.576 (X64) (2016-09-17 10:50:41)
Boot Mode: Normal
==========================================================

==================== Accounts: =============================
Administrator (S-1-5-21-1293126154-4048386552-4034077246-500 - Administrator - Disabled)
DefaultAccount (S-1-5-21-1293126154-4048386552-4034077246-503 - Limited - Disabled)
Frogg (S-1-5-21-1293126154-4048386552-4034077246-1001 - Administrator - Enabled) => C:\Users\Frogg
Guest (S-1-5-21-1293126154-4048386552-4034077246-501 - Limited - Disabled)
==================== Security Center ========================
(If an entry is included in the fixlist, it will be removed.)
AV: Avira Antivirus (Enabled - Up to date) {B3F630BD-538D-1B4A-14FA-14B63235278F}
AV: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: Avira Antivirus (Enabled - Up to date) {0897D159-75B7-14C4-2E4A-2FC449B26D32}
AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
==================== Installed Programs ======================
(Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)
Adobe Flash Player 27 NPAPI (HKLM-x32\...\Adobe Flash Player NPAPI) (Version: 27.0.0.170 - Adobe Systems Incorporated)
Avira (HKLM-x32\...\{79C4A62C-8CC2-44AC-91FE-1299A215B4B7}) (Version: 1.2.98.29730 - Avira Operations GmbH & Co. KG) Hidden
Avira (HKLM-x32\...\{f5da837f-e932-4f55-995c-7e97c5cbebdd}) (Version: 1.2.98.29730 - Avira Operations GmbH & Co. KG)
Avira Antivirus (HKLM-x32\...\Avira Antivirus) (Version: 15.0.32.12 - Avira Operations GmbH & Co. KG)
Canon Easy-WebPrint EX (HKLM-x32\...\Easy-WebPrint EX) (Version: 1.6.0.0 - Canon Inc.)
Canon IJ Scan Utility (HKLM-x32\...\Canon_IJ_Scan_Utility) (Version: - Canon Inc.)
Canon MG2500 series MP Drivers (HKLM\...\{1199FAD5-9546-44f3-81CF-FFDB8040B7BF}_Canon_MG2500_series) (Version: 1.00 - Canon Inc.)
Canon MG2500 series On-screen Manual (HKLM-x32\...\Canon MG2500 series On-screen Manual) (Version: 7.6.1 - Canon Inc.)
Canon MG2500 series User Registration (HKLM-x32\...\Canon MG2500 series User Registration) (Version: - ‭Canon Inc.)
Canon My Image Garden (HKLM-x32\...\Canon My Image Garden) (Version: 2.0.1 - Canon Inc.)
Canon My Image Garden Design Files (HKLM-x32\...\Canon My Image Garden Design Files) (Version: 2.0.0 - Canon Inc.)
Canon My Printer (HKLM-x32\...\CanonMyPrinter) (Version: 3.1.0 - Canon Inc.)
Canon Quick Menu (HKLM-x32\...\CanonQuickMenu) (Version: 2.2.1 - Canon Inc.)
Conexant HD Audio (HKLM\...\CNXT_AUDIO_HDA) (Version: 8.66.4.0 - Conexant)
CyberLink Power2Go 8 (HKLM-x32\...\InstallShield_{2A87D48D-3FDF-41fd-97CD-A1E370EFFFE2}) (Version: 8.0.0.4505 - CyberLink Corp.)
Dolby Digital Plus Advanced Audio (HKLM\...\{B0BFC63F-EA07-419E-960B-3FB2ED5DD0B2}) (Version: 7.6.5.1 - Dolby Laboratories Inc)
FastStone Image Viewer 5.5 (HKLM-x32\...\FastStone Image Viewer) (Version: 5.5 - FastStone Soft)
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 61.0.3163.100 - Google Inc.)
Google Update Helper (HKLM-x32\...\{60EC980A-BDA2-4CB6-A427-B07A5498B4CA}) (Version: 1.3.33.5 - Google Inc.) Hidden
Intel(R) Chipset Device Software (HKLM-x32\...\{60c073df-e736-4210-9c3a-5fc2b651cef3}) (Version: 10.1.1.7 - Intel(R) Corporation) Hidden
Intel(R) Management Engine Components (HKLM\...\{1CEAC85D-2590-4760-800F-8DE5E91F3700}) (Version: 11.0.0.1153 - Intel Corporation)
Intel(R) Processor Graphics (HKLM-x32\...\{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}) (Version: 20.19.15.4531 - Intel Corporation)
Intel(R) Rapid Storage Technology (HKLM\...\{409CB30E-E457-4008-9B1A-ED1B9EA21140}) (Version: 14.5.2.1088 - Intel Corporation)
KB4023057 (HKLM\...\{0C050BEE-16BE-4998-8959-2A421433DB6E}) (Version: 2.5.0.0 - Microsoft Corporation)
Lenovo App Explorer (HKU\S-1-5-21-1293126154-4048386552-4034077246-1001\...\Host App Service) (Version: 0.272.1.265 - SweetLabs for Lenovo)
Lenovo EasyCamera (HKLM-x32\...\{E399A5B3-ED53-4DEA-AF04-8011E1EB1EAC}) (Version: 6.3.9600.11105 - Realtek Semiconductor Corp.)
Lenovo OneKey Recovery (HKLM\...\{46F4D124-20E5-4D12-BE52-EC177A7A4B42}) (Version: 8.1.0.4706 - CyberLink Corp.) Hidden
Lenovo OneKey Recovery (HKLM-x32\...\InstallShield_{46F4D124-20E5-4D12-BE52-EC177A7A4B42}) (Version: 8.1.0.4706 - CyberLink Corp.)
Lenovo Photo Master (HKLM-x32\...\{BC94C56A-3649-420C-8756-2ADEBE399D33}) (Version: 2.5.5720.01 - CyberLink Corp.)
Lenovo pointing device (HKLM\...\Elantech) (Version: 11.4.65.2 - ELAN Microelectronic Corp.)
Lenovo PowerDVD12 (HKLM-x32\...\{B46BEA36-0B71-4A4E-AE41-87241643FA0A}) (Version: 12.0.5709.60 - CyberLink Corp.) Hidden
Lenovo PowerDVD12 (HKLM-x32\...\InstallShield_{B46BEA36-0B71-4A4E-AE41-87241643FA0A}) (Version: 12.0.5709.60 - CyberLink Corp.)
Lenovo QuickOptimizer (HKLM\...\{8D2C871B-1B9F-45AC-9C43-2BB18089CDFA}) (Version: 1.0.019.00 - Lenovo)
Lenovo Solution Center (HKLM\...\{C1FC707B-AE6B-4DC4-89A5-6628A01F8103}) (Version: 3.3.003.00 - Lenovo)
Malwarebytes Anti-Exploit version 1.10.1.41 (HKLM\...\Malwarebytes Anti-Exploit_is1) (Version: 1.10.1.41 - Malwarebytes)
Metric Collection SDK (HKLM-x32\...\{DDAA788F-52E6-44EA-ADB8-92837B11BF26}) (Version: 1.1.0012.00 - Lenovo Group Limited) Hidden
Metric Collection SDK 35 (HKLM-x32\...\{C2B5B5B0-2545-4E94-B4BA-548D4BF0B196}) (Version: 1.2.0010.00 - Lenovo Group Limited) Hidden
Microsoft Office (HKLM-x32\...\{90150000-0138-0409-0000-0000000FF1CE}) (Version: 15.0.4693.1005 - Microsoft Corporation)
Microsoft OneDrive (HKU\S-1-5-21-1293126154-4048386552-4034077246-1001\...\OneDriveSetup.exe) (Version: 17.3.6998.0830 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{837b34e3-7c30-493c-8f6a-2b0f04e2912c}) (Version: 8.0.59193 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.61030 (HKLM-x32\...\{ca67548a-5ebe-413a-b50c-4b9ceb6d66c6}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.61030 (HKLM-x32\...\{33d1fd90-4274-48a1-9bc1-97e33d9c2d6f}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x64) - 12.0.30501 (HKLM-x32\...\{050d4fc8-5d48-4b8f-8972-47c82c46020f}) (Version: 12.0.30501.0 - Microsoft Corporation)
Qualcomm Atheros 61x4 Bluetooth Suite (64) (HKLM\...\{628988B4-3FA5-4EA6-BAA3-DA640F6718BD}) (Version: 10.0.0.116 - Qualcomm Atheros)
Qualcomm Atheros 61x4 Wireless LAN Installer (HKLM-x32\...\{20CA507E-24AA-4741-87CF-CC1B250790B7}) (Version: 11.0.0.067 - Qualcomm Atheros)
REACHit (HKLM-x32\...\{4532E4C5-C84D-4040-A044-ECFCC5C6995B}) (Version: 2.5.005.12 - Lenovo)
Realtek Card Reader (HKLM-x32\...\{5BC2B5AB-80DE-4E83-B8CF-426902051D0A}) (Version: 10.0.10125.31214 - Realtek Semiconductor Corp.)
Realtek Ethernet Controller Driver (HKLM-x32\...\{8833FFB6-5B0C-4764-81AA-06DFEED9A476}) (Version: 10.1.505.2015 - Realtek)
SUPERAntiSpyware (HKLM\...\{CDDCBBF1-2703-46BC-938B-BCC81A1EEAAA}) (Version: 6.0.1216 - SUPERAntiSpyware.com)
User Manuals (HKLM-x32\...\{F07C2CF8-4C53-4EC3-8162-A6221E36EB88}) (Version: 4.0.0.1 - Lenovo) Hidden
User Manuals (HKLM-x32\...\InstallShield_{F07C2CF8-4C53-4EC3-8162-A6221E36EB88}) (Version: 4.0.0.1 - Lenovo)
Windows 10 Update and Privacy Settings (HKLM\...\{4DFCD818-036A-4229-A67D-CF17DC461D92}) (Version: 1.0.14.0 - Microsoft Corporation)
==================== Custom CLSID (Whitelisted): ==========================
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
CustomCLSID: HKU\S-1-5-21-1293126154-4048386552-4034077246-1001_Classes\CLSID\{cece6816-6107-4dc7-bdbc-20cd5ae1ffed}\localserver32 -> C:\ProgramData\Lenovo\ImController\Plugins\LenovoAppPromotionPlugin\x64\DesktopToastsHelper.exe => No File
ContextMenuHandlers1: [CLVDShellExt] -> {3E2A0A32-6E14-4BAD-AA87-BBB6A75EBFF2} => C:\Program Files (x86)\Common Files\CyberLink\ShellExtComponent\CLVDShellExt.dll [2014-09-10] (Cyberlink)
ContextMenuHandlers1: [SHAREit.FileContextMenuExt] -> {430BD134-576D-4E75-87CD-0F5C6221A82B} => C:\Program Files (x86)\Lenovo\SHAREit\ShellEx\ShellExt64.dll [2015-09-25] (Lenovo)
ContextMenuHandlers1: [Shell Extension for Malware scanning] -> {45AC2688-0253-4ED8-97DE-B5370FA7D48A} => C:\Program Files (x86)\Avira\Antivirus\shlext64.dll [2017-10-05] (Avira Operations GmbH & Co. KG)
ContextMenuHandlers2: [CLVDShellExt] -> {3E2A0A32-6E14-4BAD-AA87-BBB6A75EBFF2} => C:\Program Files (x86)\Common Files\CyberLink\ShellExtComponent\CLVDShellExt.dll [2014-09-10] (Cyberlink)
ContextMenuHandlers3: [MBAMShlExt] -> {57CE581A-0CB6-4266-9CA0-19364C90A0B3} => C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamext.dll [2016-03-10] (Malwarebytes)
ContextMenuHandlers4: [SHAREit.FileContextMenuExt] -> {430BD134-576D-4E75-87CD-0F5C6221A82B} => C:\Program Files (x86)\Lenovo\SHAREit\ShellEx\ShellExt64.dll [2015-09-25] (Lenovo)
ContextMenuHandlers5: [igfxcui] -> {3AB1675A-CCFF-11D2-8B20-00A0C93CB1F4} => -> No File
ContextMenuHandlers5: [igfxDTCM] -> {9B5F5829-A529-4B12-814A-E81BCB8D93FC} => C:\WINDOWS\system32\igfxDTCM.dll [2017-05-26] (Intel Corporation)
ContextMenuHandlers6: [MBAMShlExt] -> {57CE581A-0CB6-4266-9CA0-19364C90A0B3} => C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamext.dll [2016-03-10] (Malwarebytes)
ContextMenuHandlers6: [Shell Extension for Malware scanning] -> {45AC2688-0253-4ED8-97DE-B5370FA7D48A} => C:\Program Files (x86)\Avira\Antivirus\shlext64.dll [2017-10-05] (Avira Operations GmbH & Co. KG)
==================== Scheduled Tasks (Whitelisted) =============
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
Task: {0B8C6A59-2379-461F-A4F9-D6453AE49E5E} - System32\Tasks\Lenovo\LSC\Lenovo Solution Center Notifications => C:\Program Files\Lenovo\Lenovo Solution Center\LSCNotify.exe [2016-06-02] (Lenovo)
Task: {35D21E32-5834-4B12-9443-7EF18B1316CA} - System32\Tasks\Lenovo\ImController\TimeBasedEvents\3415f03b-a4cd-4b61-8aea-8b898de7db71 => C:\Program Files\Lenovo\ImController\Service\Lenovo.Modern.ImController.exe [2017-09-08] (Lenovo Group Limited)
Task: {42561776-FC12-4D75-92A3-0D3A2E83ACA0} - System32\Tasks\Lenovo\ImController\TimeBasedEvents\101bbd88-1136-4959-9527-8d34b68ab34e => C:\Program Files\Lenovo\ImController\Service\Lenovo.Modern.ImController.exe [2017-09-08] (Lenovo Group Limited)
Task: {4B4624CF-DF88-47CA-A57C-752B7DA26868} - System32\Tasks\Avira_Antivirus_Systray => C:\Program Files (x86)\Avira\Antivirus\avgnt.exe [2017-10-05] (Avira Operations GmbH & Co. KG)
Task: {4BF864DF-B288-4871-92BA-91304E4E6750} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2016-03-23] (Google Inc.)
Task: {53A24751-2F28-43D4-B231-7E22E8A94ED1} - System32\Tasks\Avira SystrayStartTrigger => Avira.SystrayStartTrigger.exe
Task: {55932C28-80DB-4533-9F44-DBB171DF4902} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2017-10-16] (Adobe Systems Incorporated)
Task: {63CE299B-08FC-4BCE-B691-CF2DABDCAA19} - System32\Tasks\Lenovo\LSC\LSCHardwareScan => C:\Program Files\Lenovo\Lenovo Solution Center\LSC.exe [2016-06-02] (Lenovo)
Task: {642498F3-4E73-467A-BAB9-195199B69454} - System32\Tasks\CyberLink\Photo Master Gadget startup => C:\Program Files (x86)\Lenovo\Lenovo Photo Master\PhotoMasterWorker.exe [2016-09-22] (CyberLink Corp.)
Task: {6B7DCB55-6119-4250-91CE-6ACA9A083E19} - System32\Tasks\Lenovo\ImController\TimeBasedEvents\ca1ee854-8ae1-4412-8a4f-39afa1096a4d => C:\Program Files\Lenovo\ImController\Service\Lenovo.Modern.ImController.exe [2017-09-08] (Lenovo Group Limited)
Task: {77C35247-DA02-4270-8997-FF1A4E389063} - System32\Tasks\Lenovo\SHPrompt => C:\Program Files (x86)\Lenovo\SHAREit\ShareitPrompt.exe [2015-09-25] ()
Task: {77E8FD33-A723-4779-955D-9271E6A3DA7A} - System32\Tasks\Lenovo\Lenovo Customer Feedback Program 64 => C:\Program Files (x86)\Lenovo\Customer Feedback Program\Lenovo.TVT.CustomerFeedback.Agent.exe [2015-07-08] (Lenovo)
Task: {8A5012D5-E8D4-4B04-B66F-80AE121BF698} - System32\Tasks\Lenovo\Lenovo Solution Center Launcher => C:\Program Files\lenovo\lenovo solution center\App\LSC.Services.UpdateStatusService.exe [2016-06-02] ()
Task: {8F5C1B7D-92B7-4C55-813A-A0449C6A9B38} - System32\Tasks\Lenovo\ImController\Plugins\LenovoSystemUpdatePlugin_WeeklyTask => %windir%\System32\reg.exe add hklm\SOFTWARE\Lenovo\SystemUpdatePlugin\scheduler /v start /t reg_dword /d 1 /f /reg:32
Task: {91C82BAD-91AD-4DD3-86F0-936745D9D2C1} - System32\Tasks\Lenovo\ImController\TimeBasedEvents\37f3b2b1-6cf4-48a6-ab77-c2533477653e => C:\Program Files\Lenovo\ImController\Service\Lenovo.Modern.ImController.exe [2017-09-08] (Lenovo Group Limited)
Task: {95FE804B-BEBF-4CD0-B2BA-4F996F8E0820} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2016-03-23] (Google Inc.)
Task: {A475DCB3-AB42-4759-A769-D8277ECE4571} - System32\Tasks\Lenovo\REACHit Agent Update => C:\Program Files (x86)\Lenovo\REACHit\REACHitAgent.exe [2016-05-18] (Lenovo)
Task: {A48C8E3B-163B-4720-9658-BD8686D43CC7} - System32\Tasks\Lenovo\ImController\Lenovo iM Controller Scheduled Maintenance => %windir%\system32\sc.exe START ImControllerService
Task: {AC9AF3C7-4103-4A77-B0A3-B693746D8C2E} - System32\Tasks\OneDrive Standalone Update Task => C:\Users\Frogg\AppData\Local\Microsoft\OneDrive\17.3.6517.0809\OneDriveStandaloneUpdater.exe
Task: {DE702F65-7505-4389-A351-762A834C4A54} - C:\Windows\System32\Tasks\Microsoft\Windows\PLA\System\{99F495C5-AB94-4647-AD93-5AB7956DF128}_System Diagnostics => Command(1): C:\WINDOWS\system32\rundll32.exe -> C:\WINDOWS\system32\pla.dll,PlaHost "system\System Diagnostics" "$(Arg0)"
Task: {DE702F65-7505-4389-A351-762A834C4A54} - C:\Windows\System32\Tasks\Microsoft\Windows\PLA\System\{99F495C5-AB94-4647-AD93-5AB7956DF128}_System Diagnostics => Command(2): C:\WINDOWS\system32\schtasks.exe -> /delete /f /tn "\Microsoft\Windows\PLA\System\{99F495C5-AB94-4647-AD93-5AB7956DF128}_System Diagnostics"
Task: {E24FF5E5-6CD0-49A7-AFC2-EF2467677A4E} - System32\Tasks\PDVDServ12 Task => C:\Program Files (x86)\Lenovo\PowerDVD12\PDVD12Serv.exe [2015-09-11] (CyberLink Corp.)
Task: {E3DA59C4-D15D-4DAD-ACFC-EE5D05134538} - System32\Tasks\App Explorer => C:\Users\Frogg\AppData\Local\Host App Service\Engine\HostAppServiceUpdater.exe <==== ATTENTION
Task: {E56180D1-B387-44BA-A45C-520A194262D5} - System32\Tasks\Lenovo\REACHit Agent Startup => C:\Program Files (x86)\Lenovo\REACHit\REACHitAgent.exe [2016-05-18] (Lenovo)
Task: {ECA7069F-B568-43A4-94BC-104FF46F86E0} - System32\Tasks\Lenovo\SHUpdate => C:\Program Files (x86)\Lenovo\SHAREit\ShareitUpdater.exe [2015-09-25] ()
Task: {F81A4BAB-5A32-4FD6-8FBC-0F350BFB3A1A} - System32\Tasks\Microsoft\Windows\PLA\LSC Memory => C:\Windows\system32\rundll32.exe C:\Windows\system32\pla.dll,PlaHost "LSC Memory" "$(Arg0)"
Task: {FBB7E4DE-1AD5-48BA-A8F6-6A432996DA86} - System32\Tasks\ReimageUpdater => C:\Program Files\Reimage\Reimage Protector\ReiGuard.exe <==== ATTENTION
(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)

==================== Shortcuts & WMI ========================
(The entries could be listed to be restored or removed.)

ShortcutWithArgument: C:\Users\Frogg\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Dominoes.lnk -> C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) -> --profile-directory=Default --app-id=bomhoanbpkeifgklbpebekfgblgficjn
==================== Loaded Modules (Whitelisted) ==============
2016-07-16 07:42 - 2016-07-16 07:42 - 000231424 _____ () C:\WINDOWS\SYSTEM32\ism32k.dll
2016-12-14 21:28 - 2016-12-09 06:29 - 002681200 _____ () C:\WINDOWS\System32\CoreUIComponents.dll
2016-05-27 15:50 - 2017-05-26 05:11 - 000401840 _____ () C:\WINDOWS\system32\igfxTray.exe
2016-09-17 10:11 - 2016-09-17 10:11 - 000134656 _____ () C:\Windows\ShellExperiences\Windows.UI.Shell.SharedUtilities.dll
2016-12-14 21:29 - 2016-12-09 05:41 - 000474112 _____ () C:\Windows\ShellExperiences\QuickActions.dll
2016-11-09 11:24 - 2016-11-02 06:15 - 001401856 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\Cortana.Core.dll
2017-09-05 22:47 - 2017-09-05 22:47 - 000074752 _____ () C:\Program Files\WindowsApps\Microsoft.SkypeApp_11.19.856.0_x64__kzf8qxf38zg5c\SkypeHost.exe
2017-09-05 22:47 - 2017-09-05 22:47 - 000203264 _____ () C:\Program Files\WindowsApps\Microsoft.SkypeApp_11.19.856.0_x64__kzf8qxf38zg5c\SkypeBackgroundTasks.dll
2017-09-05 22:47 - 2017-09-05 22:48 - 036162048 _____ () C:\Program Files\WindowsApps\Microsoft.SkypeApp_11.19.856.0_x64__kzf8qxf38zg5c\SkyWrap.dll
2017-09-05 22:47 - 2017-09-05 22:47 - 002237952 _____ () C:\Program Files\WindowsApps\Microsoft.SkypeApp_11.19.856.0_x64__kzf8qxf38zg5c\skypert.dll
2016-11-09 11:24 - 2016-11-02 06:21 - 009760768 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\CortanaApi.dll
2016-11-09 11:24 - 2016-11-02 06:14 - 000757248 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\CSGSuggestLib.dll
2016-11-09 11:24 - 2016-11-02 06:15 - 001033216 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\Cortana.Actions.dll
2016-11-09 11:24 - 2016-11-02 06:16 - 002424320 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\Cortana.BackgroundTask.dll
2016-11-09 11:24 - 2016-11-02 06:17 - 004853760 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\RemindersUI.dll
2017-08-08 21:55 - 2017-08-08 21:59 - 000019968 _____ () C:\Program Files\WindowsApps\Microsoft.Windows.Photos_2017.35063.13610.0_x64__8wekyb3d8bbwe\Microsoft.Photos.exe
2017-08-08 21:55 - 2017-08-08 21:59 - 028986880 _____ () C:\Program Files\WindowsApps\Microsoft.Windows.Photos_2017.35063.13610.0_x64__8wekyb3d8bbwe\Microsoft.Photos.dll
2017-08-08 21:55 - 2017-08-08 21:59 - 000428032 _____ () C:\Program Files\WindowsApps\Microsoft.Windows.Photos_2017.35063.13610.0_x64__8wekyb3d8bbwe\Microsoft.Photos.AGM.Native.Windows.dll
2017-08-08 21:55 - 2017-08-08 22:00 - 020510208 _____ () C:\Program Files\WindowsApps\Microsoft.Windows.Photos_2017.35063.13610.0_x64__8wekyb3d8bbwe\PhotosApp.Windows.dll
2017-08-08 21:55 - 2017-08-08 21:59 - 002339328 _____ () C:\Program Files\WindowsApps\Microsoft.Windows.Photos_2017.35063.13610.0_x64__8wekyb3d8bbwe\MediaEngine.dll
2017-08-08 21:55 - 2017-08-08 21:58 - 003041792 _____ () C:\Program Files\WindowsApps\Microsoft.Windows.Photos_2017.35063.13610.0_x64__8wekyb3d8bbwe\AppCore.Windows.dll
2017-06-08 06:37 - 2017-06-08 06:37 - 003139496 _____ () C:\Program Files\WindowsApps\Microsoft.Windows.Photos_2017.35063.13610.0_x64__8wekyb3d8bbwe\Microsoft.UI.Xaml.dll
2017-06-15 06:46 - 2017-06-15 06:49 - 000046080 _____ () C:\Program Files\WindowsApps\Microsoft.Windows.Photos_2017.35063.13610.0_x64__8wekyb3d8bbwe\Microsoft.Photos.Edit.Services.dll
2017-08-08 21:55 - 2017-08-08 21:59 - 001361920 _____ () C:\Program Files\WindowsApps\Microsoft.Windows.Photos_2017.35063.13610.0_x64__8wekyb3d8bbwe\Microsoft.RichMedia.Ink.Controls.dll
2017-01-24 13:51 - 2016-09-22 02:24 - 000884504 _____ () C:\Program Files (x86)\Lenovo\Lenovo Photo Master\subsys\Kernel\Boomerang\UNO.dll
2017-01-24 13:50 - 2016-09-22 02:11 - 000081920 _____ () C:\Program Files (x86)\Lenovo\Lenovo Photo Master\koan\_ctypes.pyd
2016-02-22 18:44 - 2014-07-04 00:35 - 000627672 _____ () C:\Program Files (x86)\Lenovo\Power2Go\CLMediaLibrary.dll
2014-07-04 16:35 - 2014-07-04 16:35 - 000016856 _____ () C:\Program Files (x86)\Lenovo\Power2Go\CLMLSvcPS.dll
==================== Alternate Data Streams (Whitelisted) =========
(If an entry is included in the fixlist, only the ADS will be removed.)

==================== Safe Mode (Whitelisted) ===================
(If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)

==================== Association (Whitelisted) ===============
(If an entry is included in the fixlist, the registry item will be restored to default or removed.)

==================== Internet Explorer trusted/restricted ===============
(If an entry is included in the fixlist, it will be removed from the registry.)

==================== Hosts content: ===============================
(If needed Hosts: directive could be included in the fixlist to reset Hosts.)
2015-10-30 03:24 - 2015-10-30 03:21 - 000000824 _____ C:\WINDOWS\system32\Drivers\etc\hosts

==================== Other Areas ============================
(Currently there is no automatic fix for this section.)
HKU\S-1-5-21-1293126154-4048386552-4034077246-1001\Control Panel\Desktop\\Wallpaper -> C:\Users\Frogg\Pictures\20160619_150122.jpg
DNS Servers: 192.168.1.254
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1)
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer => (SmartScreenEnabled: RequireAdmin)
Windows Firewall is enabled.
==================== MSCONFIG/TASK MANAGER disabled items ==
HKLM\...\StartupApproved\Run32: => "CanonQuickMenu"
==================== FirewallRules (Whitelisted) ===============
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
FirewallRules: [{55A71FCA-7451-41FF-B0DB-6CA4BB7BB763}] => (Allow) C:\Program Files (x86)\Lenovo\SHAREit\SHAREit.exe
FirewallRules: [{E2646C07-62BD-4D84-BD0D-46D9D90B8542}] => (Allow) C:\Program Files (x86)\Lenovo\SHAREit\SHAREit.exe
FirewallRules: [{E28CFA49-5D18-4444-AF1B-17403B8C6090}] => (Allow) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
==================== Restore Points =========================
14-10-2017 01:58:16 Windows Update
17-10-2017 08:26:20 Windows Update
20-10-2017 10:33:14 Windows Update
==================== Faulty Device Manager Devices =============

==================== Event log errors: =========================
Application errors:
==================
Error: (10/22/2017 10:12:25 AM) (Source: ESENT) (EventID: 474) (User: )
Description: Catalog Database (1696) Catalog Database: The database page read from the file "C:\WINDOWS\system32\CatRoot2\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\catdb" at offset 37912576 (0x0000000002428000) (database page 9255 (0x2427)) for 4096 (0x00001000) bytes failed verification due to a page checksum mismatch. The stored checksum was [7f7a7f7a092c5fdf] and the computed checksum was [7f7a7f7a092c5b87]. The read operation will fail with error -1018 (0xfffffc06). If this condition persists then please restore the database from a previous backup. This problem is likely due to faulty hardware. Please contact your hardware vendor for further assistance diagnosing the problem.
Error: (10/22/2017 10:11:10 AM) (Source: ESENT) (EventID: 474) (User: )
Description: Catalog Database (1696) Catalog Database: The database page read from the file "C:\WINDOWS\system32\CatRoot2\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\catdb" at offset 37912576 (0x0000000002428000) (database page 9255 (0x2427)) for 4096 (0x00001000) bytes failed verification due to a page checksum mismatch. The stored checksum was [7f7a7f7a092c5fdf] and the computed checksum was [7f7a7f7a092c5b87]. The read operation will fail with error -1018 (0xfffffc06). If this condition persists then please restore the database from a previous backup. This problem is likely due to faulty hardware. Please contact your hardware vendor for further assistance diagnosing the problem.
Error: (10/22/2017 09:34:05 AM) (Source: ESENT) (EventID: 474) (User: )
Description: Catalog Database (1696) Catalog Database: The database page read from the file "C:\WINDOWS\system32\CatRoot2\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\catdb" at offset 37912576 (0x0000000002428000) (database page 9255 (0x2427)) for 4096 (0x00001000) bytes failed verification due to a page checksum mismatch. The stored checksum was [7f7a7f7a092c5fdf] and the computed checksum was [7f7a7f7a092c5b87]. The read operation will fail with error -1018 (0xfffffc06). If this condition persists then please restore the database from a previous backup. This problem is likely due to faulty hardware. Please contact your hardware vendor for further assistance diagnosing the problem.
Error: (10/22/2017 09:32:38 AM) (Source: ESENT) (EventID: 474) (User: )
Description: Catalog Database (1696) Catalog Database: The database page read from the file "C:\WINDOWS\system32\CatRoot2\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\catdb" at offset 37912576 (0x0000000002428000) (database page 9255 (0x2427)) for 4096 (0x00001000) bytes failed verification due to a page checksum mismatch. The stored checksum was [7f7a7f7a092c5fdf] and the computed checksum was [7f7a7f7a092c5b87]. The read operation will fail with error -1018 (0xfffffc06). If this condition persists then please restore the database from a previous backup. This problem is likely due to faulty hardware. Please contact your hardware vendor for further assistance diagnosing the problem.
Error: (10/22/2017 08:02:28 AM) (Source: Application Hang) (EventID: 1002) (User: )
Description: The program MicrosoftEdgeCP.exe version 11.0.14393.82 stopped interacting with Windows and was closed. To see if more information about the problem is available, check the problem history in the Security and Maintenance control panel.
Process ID: 218c
Start Time: 01d34b2cf25c6343
Termination Time: 24
Application Path: C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe
Report Id: dd9570a1-b720-11e7-af54-507b9db6e45c
Faulting package full name: Microsoft.MicrosoftEdge_38.14393.0.0_neutral__8wekyb3d8bbwe
Faulting package-relative application ID: MicrosoftEdge
Error: (10/22/2017 07:57:34 AM) (Source: Application Hang) (EventID: 1002) (User: )
Description: The program MicrosoftEdgeCP.exe version 11.0.14393.82 stopped interacting with Windows and was closed. To see if more information about the problem is available, check the problem history in the Security and Maintenance control panel.
Process ID: bb4
Start Time: 01d34b2b1388ddb6
Termination Time: 31
Application Path: C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe
Report Id: 2e00c4eb-b720-11e7-af54-507b9db6e45c
Faulting package full name: Microsoft.MicrosoftEdge_38.14393.0.0_neutral__8wekyb3d8bbwe
Faulting package-relative application ID: MicrosoftEdge
Error: (10/21/2017 08:44:47 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: microsoftedgecp.exe, version: 11.0.14393.82, time stamp: 0x57a55786
Faulting module name: EdgeContent.dll, version: 11.0.14393.576, time stamp: 0x584a79a3
Exception code: 0xc0000409
Fault offset: 0x0000000000067cc0
Faulting process id: 0x1e88
Faulting application start time: 0x01d34abcb278c1be
Faulting application path: C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\microsoftedgecp.exe
Faulting module path: C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\EdgeContent.dll
Report Id: e781dd15-17d1-47a3-a31a-fd18bb7cf3cc
Faulting package full name: Microsoft.MicrosoftEdge_38.14393.0.0_neutral__8wekyb3d8bbwe
Faulting package-relative application ID: MicrosoftEdge
Error: (10/21/2017 10:33:11 AM) (Source: ESENT) (EventID: 474) (User: )
Description: Catalog Database (1696) Catalog Database: The database page read from the file "C:\WINDOWS\system32\CatRoot2\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\catdb" at offset 37912576 (0x0000000002428000) (database page 9255 (0x2427)) for 4096 (0x00001000) bytes failed verification due to a page checksum mismatch. The stored checksum was [7f7a7f7a092c5fdf] and the computed checksum was [7f7a7f7a092c5b87]. The read operation will fail with error -1018 (0xfffffc06). If this condition persists then please restore the database from a previous backup. This problem is likely due to faulty hardware. Please contact your hardware vendor for further assistance diagnosing the problem.
Error: (10/21/2017 09:50:08 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: microsoftedgecp.exe, version: 11.0.14393.82, time stamp: 0x57a55786
Faulting module name: EdgeContent.dll, version: 11.0.14393.576, time stamp: 0x584a79a3
Exception code: 0xc0000409
Fault offset: 0x0000000000067cc0
Faulting process id: 0x177c
Faulting application start time: 0x01d34a6f7a7a3469
Faulting application path: C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\microsoftedgecp.exe
Faulting module path: C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\EdgeContent.dll
Report Id: 04adc174-95dc-48d7-93a5-542ed23d74a5
Faulting package full name: Microsoft.MicrosoftEdge_38.14393.0.0_neutral__8wekyb3d8bbwe
Faulting package-relative application ID: MicrosoftEdge
Error: (10/21/2017 09:48:52 AM) (Source: ESENT) (EventID: 474) (User: )
Description: Catalog Database (1696) Catalog Database: The database page read from the file "C:\WINDOWS\system32\CatRoot2\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\catdb" at offset 37912576 (0x0000000002428000) (database page 9255 (0x2427)) for 4096 (0x00001000) bytes failed verification due to a page checksum mismatch. The stored checksum was [7f7a7f7a092c5fdf] and the computed checksum was [7f7a7f7a092c5b87]. The read operation will fail with error -1018 (0xfffffc06). If this condition persists then please restore the database from a previous backup. This problem is likely due to faulty hardware. Please contact your hardware vendor for further assistance diagnosing the problem.

System errors:
=============
Error: (10/22/2017 12:43:12 PM) (Source: DCOM) (EventID: 10016) (User: LAPTOP-Q70T35AI)
Description: The application-specific permission settings do not grant Local Activation permission for the COM Server application with CLSID
{9E175B6D-F52A-11D8-B9A5-505054503030}
and APPID
{9E175B9C-F52A-11D8-B9A5-505054503030}
to the user LAPTOP-Q70T35AI\Frogg SID (S-1-5-21-1293126154-4048386552-4034077246-1001) from address LocalHost (Using LRPC) running in the application container Microsoft.MicrosoftEdge_38.14393.0.0_neutral__8wekyb3d8bbwe SID (S-1-15-2-3624051433-2125758914-1423191267-1740899205-1073925389-3782572162-737981194). This security permission can be modified using the Component Services administrative tool.
Error: (10/22/2017 10:12:48 AM) (Source: Microsoft-Windows-WindowsUpdateClient) (EventID: 20) (User: NT AUTHORITY)
Description: Installation Failure: Windows failed to install the following update with error 0x8e5e03fa: Microsoft .NET Framework 4.7 for Windows 10 Version 1607 for x64 (KB3186568).
Error: (10/22/2017 09:34:35 AM) (Source: Microsoft-Windows-WindowsUpdateClient) (EventID: 20) (User: NT AUTHORITY)
Description: Installation Failure: Windows failed to install the following update with error 0x8e5e03fa: Microsoft .NET Framework 4.7 for Windows 10 Version 1607 for x64 (KB3186568).
Error: (10/22/2017 08:57:47 AM) (Source: DCOM) (EventID: 10016) (User: LAPTOP-Q70T35AI)
Description: The application-specific permission settings do not grant Local Activation permission for the COM Server application with CLSID
{9E175B6D-F52A-11D8-B9A5-505054503030}
and APPID
{9E175B9C-F52A-11D8-B9A5-505054503030}
to the user LAPTOP-Q70T35AI\Frogg SID (S-1-5-21-1293126154-4048386552-4034077246-1001) from address LocalHost (Using LRPC) running in the application container Microsoft.MicrosoftEdge_38.14393.0.0_neutral__8wekyb3d8bbwe SID (S-1-15-2-3624051433-2125758914-1423191267-1740899205-1073925389-3782572162-737981194). This security permission can be modified using the Component Services administrative tool.
Error: (10/21/2017 11:28:17 PM) (Source: DCOM) (EventID: 10016) (User: LAPTOP-Q70T35AI)
Description: The machine-default permission settings do not grant Local Activation permission for the COM Server application with CLSID
{C2F03A33-21F5-47FA-B4BB-156362A2F239}
and APPID
{316CDED5-E4AE-4B15-9113-7055D84DCC97}
to the user LAPTOP-Q70T35AI\Frogg SID (S-1-5-21-1293126154-4048386552-4034077246-1001) from address LocalHost (Using LRPC) running in the application container TrivialTechnology.CribbageFree_1.1.0.3_neutral__0ynvawc60ma20 SID (S-1-15-2-4200055338-4047228265-3682435746-4085777901-541256719-1414108398-3799493607). This security permission can be modified using the Component Services administrative tool.
Error: (10/21/2017 11:27:46 PM) (Source: DCOM) (EventID: 10016) (User: LAPTOP-Q70T35AI)
Description: The machine-default permission settings do not grant Local Activation permission for the COM Server application with CLSID
{C2F03A33-21F5-47FA-B4BB-156362A2F239}
and APPID
{316CDED5-E4AE-4B15-9113-7055D84DCC97}
to the user LAPTOP-Q70T35AI\Frogg SID (S-1-5-21-1293126154-4048386552-4034077246-1001) from address LocalHost (Using LRPC) running in the application container TrivialTechnology.CribbageFree_1.1.0.3_neutral__0ynvawc60ma20 SID (S-1-15-2-4200055338-4047228265-3682435746-4085777901-541256719-1414108398-3799493607). This security permission can be modified using the Component Services administrative tool.
Error: (10/21/2017 11:25:48 PM) (Source: DCOM) (EventID: 10016) (User: LAPTOP-Q70T35AI)
Description: The machine-default permission settings do not grant Local Activation permission for the COM Server application with CLSID
{C2F03A33-21F5-47FA-B4BB-156362A2F239}
and APPID
{316CDED5-E4AE-4B15-9113-7055D84DCC97}
to the user LAPTOP-Q70T35AI\Frogg SID (S-1-5-21-1293126154-4048386552-4034077246-1001) from address LocalHost (Using LRPC) running in the application container TrivialTechnology.CribbageFree_1.1.0.3_neutral__0ynvawc60ma20 SID (S-1-15-2-4200055338-4047228265-3682435746-4085777901-541256719-1414108398-3799493607). This security permission can be modified using the Component Services administrative tool.
Error: (10/21/2017 09:14:41 PM) (Source: DCOM) (EventID: 10016) (User: LAPTOP-Q70T35AI)
Description: The application-specific permission settings do not grant Local Activation permission for the COM Server application with CLSID
{9E175B6D-F52A-11D8-B9A5-505054503030}
and APPID
{9E175B9C-F52A-11D8-B9A5-505054503030}
to the user LAPTOP-Q70T35AI\Frogg SID (S-1-5-21-1293126154-4048386552-4034077246-1001) from address LocalHost (Using LRPC) running in the application container Microsoft.MicrosoftEdge_38.14393.0.0_neutral__8wekyb3d8bbwe SID (S-1-15-2-3624051433-2125758914-1423191267-1740899205-1073925389-3782572162-737981194). This security permission can be modified using the Component Services administrative tool.
Error: (10/21/2017 12:05:06 PM) (Source: DCOM) (EventID: 10016) (User: LAPTOP-Q70T35AI)
Description: The application-specific permission settings do not grant Local Activation permission for the COM Server application with CLSID
{9E175B6D-F52A-11D8-B9A5-505054503030}
and APPID
{9E175B9C-F52A-11D8-B9A5-505054503030}
to the user LAPTOP-Q70T35AI\Frogg SID (S-1-5-21-1293126154-4048386552-4034077246-1001) from address LocalHost (Using LRPC) running in the application container Microsoft.MicrosoftEdge_38.14393.0.0_neutral__8wekyb3d8bbwe SID (S-1-15-2-3624051433-2125758914-1423191267-1740899205-1073925389-3782572162-737981194). This security permission can be modified using the Component Services administrative tool.
Error: (10/21/2017 10:35:00 AM) (Source: Microsoft-Windows-WindowsUpdateClient) (EventID: 20) (User: NT AUTHORITY)
Description: Installation Failure: Windows failed to install the following update with error 0x8e5e03fa: Microsoft .NET Framework 4.7 for Windows 10 Version 1607 for x64 (KB3186568).

CodeIntegrity:
===================================
Date: 2017-10-03 13:30:57.819
Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume3\Program Files\Windows Defender\MsMpEng.exe because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.
Date: 2017-10-03 10:09:38.104
Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume3\Program Files\Windows Defender\MsMpEng.exe because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.
Date: 2017-10-02 16:02:31.822
Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume3\Program Files\Windows Defender\MsMpEng.exe because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.
Date: 2017-10-02 10:40:06.739
Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume3\Program Files\Windows Defender\MsMpEng.exe because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.
Date: 2017-10-02 10:02:46.849
Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume3\Program Files\Windows Defender\MsMpEng.exe because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.
Date: 2017-10-01 16:49:25.287
Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume3\Program Files\Windows Defender\MsMpEng.exe because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.
Date: 2017-10-01 09:20:32.419
Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume3\Program Files\Windows Defender\MsMpEng.exe because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.
Date: 2017-09-30 18:35:36.586
Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume3\Program Files\Windows Defender\MsMpEng.exe because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.
Date: 2017-09-30 09:42:52.065
Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume3\Program Files\Windows Defender\MsMpEng.exe because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.
Date: 2017-09-29 16:47:10.557
Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume3\Program Files\Windows Defender\MsMpEng.exe because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

==================== Memory info ===========================
Processor: Intel(R) Core(TM) i5-5200U CPU @ 2.20GHz
Percentage of memory in use: 46%
Total physical RAM: 8107.08 MB
Available physical RAM: 4321.71 MB
Total Virtual: 9387.08 MB
Available Virtual: 5021.82 MB
==================== Drives ================================
Drive c: (Windows) (Fixed) (Total:886.62 GB) (Free:836.66 GB) NTFS
Drive d: (LENOVO) (Fixed) (Total:25 GB) (Free:23.7 GB) NTFS
==================== MBR & Partition Table ==================
========================================================
Disk: 0 (Size: 931.5 GB) (Disk ID: B45E7BD7)
Partition: GPT.
==================== End of Addition.txt ============================
 

askey127

Malware Specialist
Joined
Dec 22, 2006
Messages
3,721
Froggie2,
--------------------------------------------------------
Run A Fix With FRST
Download the attached Fixlist.txt file and save it to your Downloads folder.
NOTE. It's important that both the program FRST64.exe and Fixlist.txt be in the same location, or the fix will not work.
(Both on the Desktop is OK, or both in the Downloads folder)

Run FRST64 and press the FIX button just once, and wait. DO NOT PRESS THE SCAN BUTTON.
If for some reason the tool wishes to restart, please make sure you let the system restart normally.
The tool may start again automatically and complete additional work after the system reboot. Let it complete its run.
When finished, FRST64 will generate a log on the Desktop named (Fixlog.txt). Please post its contents in your reply.

After this is completed, we will check the hard drive for other content and errors.
askey127
 

Attachments

Last edited:

froggie2

Thread Starter
Joined
Oct 15, 2017
Messages
22
Froggie2,
--------------------------------------------------------
Run A Fix With FRST
Download the attached Fixlist.txt file and save it to your Downloads folder.
NOTE. It's important that both the program FRST64.exe and Fixlist.txt be in the same location, or the fix will not work.
(Both on the Desktop is OK, or both in the Downloads folder)

Run FRST64 and press the FIX button just once, and wait. DO NOT PRESS THE SCAN BUTTON.
If for some reason the tool wishes to restart, please make sure you let the system restart normally.
The tool may start again automatically and complete additional work after the system reboot. Let it complete its run.
When finished, FRST64 will generate a log on the Desktop named (Fixlog.txt). Please post its contents in your reply.

After this is completed, we will check the hard drive for other content and errors.
askey127

Hi askey127,
I tried to do this it comes of with a box saying: Farbar Recovery Scan Tool (x64)Version 23-10-2017 01 No fixlist found The fixlist.txt should be in the same folder/directory tool is located.
I found it moved to Desktop in This P.C on windows C.
I found it moved it and tried again and it still gives me that box. I am not a computer wiz can you tell me what I am doing wrong.
 

askey127

Malware Specialist
Joined
Dec 22, 2006
Messages
3,721
After you download the file from this thread. Did you see it? It's just below my instruction post above.
Go find it . It will be in your folder called downloads after you click it and save it. Name Fixlist.txt

There was earlier there the file called FRST64.exe in the same place. That is what you ran to get the two logs earlier.
If they are now both in the downloads folder
, follow the directions by opening FRST64 and clicking FIX.
 
Status
This thread has been Locked and is not open to further replies. Please start a New Thread if you're having a similar issue. View our Welcome Guide to learn how to use this site.

Users Who Are Viewing This Thread (Users: 0, Guests: 1)

As Seen On
As Seen On...

Welcome to Tech Support Guy!

Are you looking for the solution to your computer problem? Join our site today to ask your question. This site is completely free -- paid for by advertisers and donations.

If you're not already familiar with forums, watch our Welcome Guide to get started.

Join over 807,865 other people just like you!

Latest posts

Staff online

Top