Tech Support Guy banner
  • IMPORTANT: Only authorized members may reply to threads in this forum due to the complexity of the malware removal process. Authorized members include Malware Specialists and Trainees, Administrators, Moderators, and Trusted Advisors. Regular members are not permitted to reply, and any such posts will be deleted without notice or further explanation. Notice
Status
Not open for further replies.

Remote access allowed dumb I know

4K views 15 replies 2 participants last post by  iMacg3 
#1 ·
Tech Support Guy System Info Utility version 1.0.0.4
OS Version: Microsoft Windows 10 Home, 64 bit
Processor: Intel(R) Core(TM) i7-7700HQ CPU @ 2.80GHz, Intel64 Family 6 Model 158 Stepping 9
Processor Count: 8
RAM: 8050 Mb
Graphics Card: Intel(R) HD Graphics 630, 1024 Mb
Hard Drives: C: 212 GB (23 GB Free); D: 24 GB (16 GB Free);
Motherboard: LENOVO, LNVNB161216
Antivirus: Windows Defender, Enabled and Updated

Hi is anyone able to help me with this problem? I purchased a new HP printer. I went to what I thought was the HP support as instructed and they asked me to let them do remote service on my computer to hook up the printer. I stupidly let them. I realized my mistake and closed out. But now my computer is really acting goofy. Very slow, not opening programs correctly. I ran Malwarebytes scan, Adwcleaner. I downloaded Kaspersky virus protector and its virus remover program. Nothing was identified as a problem. My computer was almost unusable. Then my audio stopped working. I removed Kaspersky and the computer started running faster. I restored my computer to an earlier date and the audio is working. But now the computer is still running slow and will not let me open some programs.
Any help would be appreciated. I contacted our local computer repair, but can't get my computer in for quite a while.
Thank you!
Pam
 
See less See more
#3 ·
Hi sportsmom2x2, welcome to the Tech Support Guy malware removal forum.

I am iMacg3 and will be helping you with your computer problems.

Please keep the following information in mind before we begin:
  • Back up any important data before we continue.
    • Back up any important data on your computer to external media. I will not knowingly suggest any steps that will damage your computer; however, malware infections are often unpredictable and it may be necessary to reformat and reinstall your operating system depending on the infection.
  • Do not install any new software or run any fixes/tools on your system unless I request that you do so.
    • Running additional tools on your system can interfere with the clean-up process, or cause issues such as false positives.
  • Please read all instructions carefully, and complete them in the order listed.
    • Items that are especially important will be highlighted in bold or red.
  • If your computer seems to start working normally, please don't abandon the topic.
    • Even if your system is behaving normally, there may still be some malware remnants left over. Additionally, malware can re-infect the computer if some remnants are left. Therefore, please complete all requested steps to make sure any malware is successfully eradicated from your PC.
  • If you have pirated or illegal software on your computer, uninstall it now before proceeding.
    • Using pirated/cracked software is an easy way to infect your computer - almost as easy as intentionally downloading malware. Therefore, please remove any, if present, before we begin the clean-up.
  • If you have questions at any time during the cleanup, feel free to ask.

---------------------------------------------------
Farbar Recovery Scan Tool (FRST)

Download Farbar Recovery Scan Tool and save it to your desktop.

Note: You need to run the version compatible with your system. If you are not sure which version applies to your system, download both of them and try to run them. Only one of them will run on your system, and that will be the right version.
  • Right-click FRST.exe/FRST64.exe then click "Run as administrator"
  • When the tool opens, click Yes to the disclaimer.
  • Press the Scan button.
  • When finished, it will produce logs called FRST.txt and Addition.txt in the same directory the tool was run from.
  • Please copy and paste the logs in your next reply.

---------------------------------------------------

In your next reply, please include:
  • FRST.txt
  • Addition.txt
 
#4 ·
Additional scan result of Farbar Recovery Scan Tool (x64) Version: 06-11-2019
Ran by bailey (07-11-2019 22:00:10)
Running from C:\Users\baile\Desktop
Windows 10 Home Version 1809 17763.805 (X64) (2019-08-08 02:30:09)
Boot Mode: Normal
==========================================================
==================== Accounts: =============================
Administrator (S-1-5-21-260720292-2504253849-2348319339-500 - Administrator - Disabled)
Baile (S-1-5-21-260720292-2504253849-2348319339-1002 - Limited - Disabled)
bailey (S-1-5-21-260720292-2504253849-2348319339-1001 - Administrator - Enabled) => C:\Users\baile
DefaultAccount (S-1-5-21-260720292-2504253849-2348319339-503 - Limited - Disabled)
Guest (S-1-5-21-260720292-2504253849-2348319339-501 - Limited - Disabled)
WDAGUtilityAccount (S-1-5-21-260720292-2504253849-2348319339-504 - Limited - Disabled)
==================== Security Center ========================
(If an entry is included in the fixlist, it will be removed.)
AV: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
==================== Installed Programs ======================
(Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)
Adobe Bridge CC 2018 (HKLM-x32\...\KBRG_8_1) (Version: 8.1 - Adobe Systems Incorporated)
Adobe Bridge CC 2019 (HKLM-x32\...\KBRG_9_0_1) (Version: 9.0.1 - Adobe Systems Incorporated)
Adobe Creative Cloud (HKLM-x32\...\Adobe Creative Cloud) (Version: 5.0.0.354 - Adobe Systems Incorporated)
Adobe Flash Player 32 PPAPI (HKLM-x32\...\Adobe Flash Player PPAPI) (Version: 32.0.0.270 - Adobe)
Adobe Illustrator CC 2019 (HKLM-x32\...\ILST_23_0_1) (Version: 23.0.1 - Adobe Systems Incorporated)
Adobe Lightroom CC (HKLM-x32\...\LRCC_2_1_1) (Version: 2.1.1 - Adobe Systems Incorporated)
Adobe Lightroom Classic CC (HKLM-x32\...\LTRM_8_0) (Version: 8.0 - Adobe Systems Incorporated)
Adobe Photoshop CC 2018 (HKLM-x32\...\PHSP_19_1_7) (Version: 19.1.7 - Adobe Systems Incorporated)
Adobe Photoshop CC 2019 (HKLM-x32\...\PHSP_20_0_1) (Version: 20.0.1 - Adobe Systems Incorporated)
Apple Application Support (32-bit) (HKLM-x32\...\{FD52A2FF-4D16-49C4-A2CD-DAC752C18BA2}) (Version: 8.0 - Apple Inc.)
Apple Application Support (64-bit) (HKLM\...\{9B061D60-4E2C-4987-BFFD-423E3D477660}) (Version: 8.0 - Apple Inc.)
Apple Mobile Device Support (HKLM\...\{6CECF0FB-EE71-4FE5-8AE0-FA007408934A}) (Version: 13.0.0.38 - Apple Inc.)
Apple Software Update (HKLM-x32\...\{A3985C05-7386-411F-A4BF-32A73F37EB44}) (Version: 2.6.3.1 - Apple Inc.)
Bonjour (HKLM\...\{56DDDFB8-7F79-4480-89D5-25E1F52AB28F}) (Version: 3.1.0.1 - Apple Inc.)
Dolby Atmos Windows API SDK (HKLM\...\{1F4A261B-588C-4A43-B1F0-49365AC430C7}) (Version: 1.1.3.23 - Dolby Laboratories, Inc.)
Dolby Atmos Windows APP (HKLM\...\{3FC92273-FEF4-4C0B-9AF4-F38D747EB765}) (Version: 1.0.0.10 - Dolby Laboratories, Inc.)
Epic Games Launcher Prerequisites (x64) (HKLM\...\{66C5838F-B854-4A55-89E6-A6138747A4DF}) (Version: 1.0.0.0 - Epic Games, Inc.) Hidden
Fitbit Connect (HKLM-x32\...\{F76678F2-2FF6-40D7-9B16-A39B0A820ED2}) (Version: 1.0.3.5512 - Fitbit Inc.)
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 78.0.3904.97 - Google LLC)
Google Update Helper (HKLM-x32\...\{60EC980A-BDA2-4CB6-A427-B07A5498B4CA}) (Version: 1.3.35.341 - Google LLC) Hidden
Grammarly (HKU\S-1-5-21-260720292-2504253849-2348319339-1001\...\GrammarlyForWindows) (Version: 1.5.45 - Grammarly)
HP Dropbox Plugin (HKLM-x32\...\{96A402D4-6126-4899-AEA8-AA764304A7B1}) (Version: 49.1.321.0 - HP)
HP EmailSMTP Plugin (HKLM-x32\...\{39BEAF4B-67DB-4820-9864-BCCD4E6C5987}) (Version: 49.1.321.0 - HP)
HP FTP Plugin (HKLM-x32\...\{F6E456FC-18B7-4F41-AF13-9EECFF500A46}) (Version: 49.1.321.0 - HP)
HP Google Drive Plugin (HKLM-x32\...\{9EDF968A-5D0C-4AF3-9669-1369E2921AA1}) (Version: 49.1.321.0 - HP)
HP OfficeJet Pro 8020 series Basic Device Software (HKLM\...\{7D2A3164-AFBF-4225-9C99-2A2DD82CD4F1}) (Version: 49.3.4475.19206 - HP Inc.)
HP Officejet Pro 8600 Basic Device Software (HKLM\...\{791A06E2-340F-43B0-8FAB-62D151339362}) (Version: 28.0.1315.0 - Hewlett-Packard Co.)
HP Officejet Pro 8600 Help (HKLM-x32\...\{46235FF7-2CBE-4A84-BEDA-87348D1F7850}) (Version: 28.0.0 - Hewlett Packard)
HP SFTP Plugin (HKLM-x32\...\{1A3B3517-5C77-4382-9915-B8F0C2AB691F}) (Version: 49.1.321.0 - HP)
HP SharePoint Plugin (HKLM-x32\...\{DB2306C6-0DEA-4468-AE0F-9CDEA7BE842E}) (Version: 49.1.321.0 - HP)
HP Update (HKLM-x32\...\{912D30CF-F39E-4B31-AD9A-123C6B794EE2}) (Version: 5.005.002.002 - Hewlett-Packard)
I.R.I.S. OCR (HKLM-x32\...\{CA6BCA2F-EDEB-408F-850B-31404BE16A61}) (Version: 12.3.4.0 - HP)
iCloud (HKLM\...\{E3597C85-5970-4166-BE96-ED1D18CD1088}) (Version: 7.14.0.29 - Apple Inc.)
Intel(R) Chipset Device Software (HKLM-x32\...\{bb0592a7-5772-4736-9d55-2402740085db}) (Version: 10.1.1.38 - Intel(R) Corporation) Hidden
Intel(R) Management Engine Components (HKLM\...\{1CEAC85D-2590-4760-800F-8DE5E91F3700}) (Version: 11.6.0.1039 - Intel Corporation)
Intel(R) Processor Graphics (HKLM-x32\...\{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}) (Version: 21.20.16.4627 - Intel Corporation) Hidden
iTunes (HKLM\...\{227F49DB-D6E0-4AE2-8348-AA8F5AAB2F1F}) (Version: 12.10.1.4 - Apple Inc.)
Launcher Prerequisites (x64) (HKLM-x32\...\{c6c5a357-c7ca-4a5f-9789-3bb1af579253}) (Version: 1.0.0.0 - Epic Games, Inc.) Hidden
Lenovo Migration Assistant (HKLM\...\Lenovo Migration Assistant_is1) (Version: 1.0.1.12 - Lenovo)
Lenovo Yoga Mode Control (HKLM\...\{3F2E25D6-49D3-45D5-A7BD-13F5D6F64171}_is1) (Version: 2.0.0.9 - Lenovo)
Malwarebytes version 4.0.4.49 (HKLM\...\{35065F43-4BB2-439A-BFF7-0F1014F2E0CD}_is1) (Version: 4.0.4.49 - Malwarebytes)
Microsoft Office Professional 2013 - en-us (HKLM\...\ProfessionalRetail - en-us) (Version: 15.0.5179.1000 - Microsoft Corporation)
Microsoft OneDrive (HKU\S-1-5-21-260720292-2504253849-2348319339-1001\...\OneDriveSetup.exe) (Version: 19.174.0902.0013 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{7299052b-02a4-4627-81f2-1818da5d550d}) (Version: 8.0.56336 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{071c9b48-7c32-4621-a0ac-3f809523288f}) (Version: 8.0.56336 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.61030 (HKLM-x32\...\{ca67548a-5ebe-413a-b50c-4b9ceb6d66c6}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.61030 (HKLM-x32\...\{33d1fd90-4274-48a1-9bc1-97e33d9c2d6f}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x64) - 12.0.30501 (HKLM-x32\...\{050d4fc8-5d48-4b8f-8972-47c82c46020f}) (Version: 12.0.30501.0 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x64) - 12.0.40660 (HKLM-x32\...\{ef6b00ec-13e1-4c25-9064-b2f383cb8412}) (Version: 12.0.40660.0 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.30501 (HKLM-x32\...\{f65db027-aff3-4070-886a-0d87064aabb1}) (Version: 12.0.30501.0 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.40660 (HKLM-x32\...\{61087a79-ac85-455c-934d-1fa22cc64f36}) (Version: 12.0.40660.0 - Microsoft Corporation)
Microsoft Visual C++ 2017 Redistributable (x64) - 14.15.26706 (HKLM-x32\...\{95ac1cfa-f4fb-4d1b-8912-7f9d5fbb140d}) (Version: 14.15.26706.0 - Microsoft Corporation)
Microsoft Visual C++ 2017 Redistributable (x86) - 14.15.26706 (HKLM-x32\...\{7e9fae12-5bbf-47fb-b944-09c49e75c061}) (Version: 14.15.26706.0 - Microsoft Corporation)
Office 15 Click-to-Run Extensibility Component (HKLM-x32\...\{90150000-008C-0000-0000-0000000FF1CE}) (Version: 15.0.5179.1000 - Microsoft Corporation) Hidden
Office 15 Click-to-Run Licensing Component (HKLM\...\{90150000-008F-0000-1000-0000000FF1CE}) (Version: 15.0.5179.1000 - Microsoft Corporation) Hidden
Office 15 Click-to-Run Localization Component (HKLM-x32\...\{90150000-008C-0409-0000-0000000FF1CE}) (Version: 15.0.5179.1000 - Microsoft Corporation) Hidden
OverDrive for Windows (HKLM-x32\...\{FF27E73D-C30A-4F32-B2D7-22069F01DDB9}) (Version: 3.6.0 - OverDrive, Inc.)
Product Improvement Study for HP OfficeJet Pro 8020 series (HKLM\...\{5F486205-E3D0-40CA-BDD1-92C41A09B153}) (Version: 49.3.4475.19206 - HP Inc.)
UltraVPN (HKLM-x32\...\UltraVPN) (Version: 0.2.4 - UltraVPN)
Update for Windows 10 for x64-based Systems (KB4023057) (HKLM\...\{16AD6161-2E47-4BF1-AA77-0946EFE93E08}) (Version: 2.61.0.0 - Microsoft Corporation)
Vulkan Run Time Libraries 1.0.33.0 (HKLM\...\VulkanRT1.0.33.0) (Version: 1.0.33.0 - LunarG, Inc.)
Vulkan Run Time Libraries 1.0.42.0 (HKLM\...\VulkanRT1.0.42.0) (Version: 1.0.42.0 - LunarG, Inc.) Hidden
Vulkan Run Time Libraries 1.0.42.0 (HKLM\...\VulkanRT1.0.42.0-2) (Version: 1.0.42.0 - LunarG, Inc.) Hidden
Vulkan Run Time Libraries 1.0.42.0 (HKLM\...\VulkanRT1.0.42.0-3) (Version: 1.0.42.0 - LunarG, Inc.)
Wacom Pen (HKLM\...\ISD Tablet Driver) (Version: 7.3.4-38 - Wacom Technology Corp.)
Wacom Tablet (HKLM\...\Wacom Tablet Driver) (Version: 6.3.29-6 - Wacom Technology Corp.)
WD Backup (HKLM-x32\...\{09C422A7-0421-40A5-933A-9177BEDF9B3B}) (Version: 1.9.6598.18388 - Western Digital Technologies, Inc) Hidden
WD Backup (HKLM-x32\...\{61ccf853-a113-4862-9d4a-6dd2b869c9db}) (Version: 1.9.6598.18388 - Western Digital Technologies, Inc.)
Windows 10 Update Assistant (HKLM-x32\...\{D5C69738-B486-402E-85AC-2456D98A64E4}) (Version: 1.4.9200.22589 - Microsoft Corporation)
Packages:
=========
Autodesk SketchBook -> C:\Program Files\WindowsApps\89006A2E.AutodeskSketchBook_5.1.0.0_x64__tf1gferkr813w [2019-11-05] (Autodesk Inc.)
Bamboo Paper -> C:\Program Files\WindowsApps\D91E29CF.BambooPaper_1.7.2.0_x64__38kynpdw5g1aw [2019-11-03] (Wacom Europe GmbH)
Candy Crush Soda Saga -> C:\Program Files\WindowsApps\king.com.CandyCrushSodaSaga_1.151.300.0_x86__kgqvnymyfvs32 [2019-11-04] (king.com)
Facebook -> C:\Program Files\WindowsApps\Facebook.Facebook_186.2619.19263.0_x86__8xx8rvfyw5nnt [2019-11-03] (Facebook Inc)
Fitbit -> C:\Program Files\WindowsApps\Fitbit.Fitbit_2.44.1997.0_x64__6mqt6hf9g46tw [2019-11-03] (Fitbit)
HP Smart -> C:\Program Files\WindowsApps\AD2F1837.HPPrinterControl_105.1.618.0_x64__v10z8vjag6ke6 [2019-11-03] (HP Inc.)
Instagram -> C:\Program Files\WindowsApps\Facebook.InstagramBeta_41.1788.50991.0_x86__8xx8rvfyw5nnt [2019-11-03] (Instagram)
LastPass: Free Password Manager -> C:\Program Files\WindowsApps\LastPass.LastPassFreePasswordManager_4.36.0.0_neutral__qq0fmhteeht3j [2019-11-04] (LastPass)
Lenovo Account Portal -> C:\Program Files\WindowsApps\LenovoCorporation.LenovoID_2.0.37.0_x86__4642shxvsv8s2 [2019-11-03] (LENOVO INCORPORATED.)
Lenovo Vantage -> C:\Program Files\WindowsApps\E046963F.LenovoCompanion_10.1909.24.0_x64__k1h2ywk1493x8 [2019-11-03] (LENOVO INC.)
Libby, by OverDrive -> C:\Program Files\WindowsApps\2FA138F6.LibbybyOverDrive_1.4.2.0_x64__daecb9042jmvt [2019-11-03] (OverDrive Inc.)
Mail and Calendar -> C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_16005.12026.20368.0_x64__8wekyb3d8bbwe [2019-11-04] (Microsoft Corporation) [MS Ad]
Messenger -> C:\Program Files\WindowsApps\Facebook.317180B0BB486_196.2292.59195.0_x86__8xx8rvfyw5nnt [2019-11-03] (Facebook Inc)
Microsoft Advertising SDK for XAML -> C:\Program Files\WindowsApps\Microsoft.Advertising.Xaml_10.1811.1.0_x64__8wekyb3d8bbwe [2019-11-03] (Microsoft Corporation) [MS Ad]
Microsoft Advertising SDK for XAML -> C:\Program Files\WindowsApps\Microsoft.Advertising.Xaml_10.1811.1.0_x86__8wekyb3d8bbwe [2019-11-03] (Microsoft Corporation) [MS Ad]
Microsoft News -> C:\Program Files\WindowsApps\Microsoft.BingNews_4.32.12463.0_x64__8wekyb3d8bbwe [2019-11-03] (Microsoft Corporation) [MS Ad]
Microsoft Solitaire Collection -> C:\Program Files\WindowsApps\Microsoft.MicrosoftSolitaireCollection_4.4.10022.0_x64__8wekyb3d8bbwe [2019-11-03] (Microsoft Studios) [MS Ad]
MSN Weather -> C:\Program Files\WindowsApps\Microsoft.BingWeather_4.32.12463.0_x64__8wekyb3d8bbwe [2019-11-03] (Microsoft Corporation) [MS Ad]
Netflix -> C:\Program Files\WindowsApps\4DF9E0F8.Netflix_6.95.602.0_x64__mcm4njqhnhss8 [2019-11-03] (Netflix, Inc.)
OverDrive - Library eBooks & Audiobooks -> C:\Program Files\WindowsApps\2FA138F6.OverDriveMediaConsole_3.8.0.5_neutral__daecb9042jmvt [2019-11-03] (OverDrive Inc.)
Pandora -> C:\Program Files\WindowsApps\PandoraMediaInc.29680B314EFC2_15.0.2.0_x64__n619g4d5j0fnw [2019-11-03] (Pandora Media Inc) [Startup Task]
Photos Add-on -> C:\Program Files\WindowsApps\Microsoft.Windows.Photos.DLC.Main_2017.39121.36610.0_x64__8wekyb3d8bbwe [2019-11-03] (Microsoft Corporation)
Photos Media Engine Add-on -> C:\Program Files\WindowsApps\Microsoft.Photos.MediaEngineDLC_1.0.0.0_x64__8wekyb3d8bbwe [2019-11-03] (Microsoft Corporation)
Spotify Music -> C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.118.611.0_x86__zpdnekdrzrea0 [2019-11-04] (Spotify AB) [Startup Task]
==================== Custom CLSID (Whitelisted): ==============
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
CustomCLSID: HKU\S-1-5-21-260720292-2504253849-2348319339-1001_Classes\CLSID\{0E270DAA-1BE6-48F2-AC49-321D2822FE4F} -> [Creative Cloud Files] => C:\Users\baile\Creative Cloud Files [2017-12-20 00:57]
CustomCLSID: HKU\S-1-5-21-260720292-2504253849-2348319339-1001_Classes\CLSID\{e8c77137-e224-5791-b6e9-ff0305797a13}\InprocServer32 -> C:\Program Files (x86)\Adobe\Adobe Creative Cloud\Utils\npAdobeAAMDetect64.dll (Adobe Inc. -> Adobe Systems)
ShellIconOverlayIdentifiers: [ AccExtIco1] -> {AB9CF9F8-8A96-4F9D-BF21-CE85714C3A47} => C:\Program Files (x86)\Common Files\Adobe\CoreSyncExtension\CoreSync_x64.dll [2018-03-05] (Adobe Systems Incorporated -> )
ShellIconOverlayIdentifiers: [ AccExtIco2] -> {853B7E05-C47D-4985-909A-D0DC5C6D7303} => C:\Program Files (x86)\Common Files\Adobe\CoreSyncExtension\CoreSync_x64.dll [2018-03-05] (Adobe Systems Incorporated -> )
ShellIconOverlayIdentifiers: [ AccExtIco3] -> {42D38F2E-98E9-4382-B546-E24E4D6D04BB} => C:\Program Files (x86)\Common Files\Adobe\CoreSyncExtension\CoreSync_x64.dll [2018-03-05] (Adobe Systems Incorporated -> )
ShellIconOverlayIdentifiers: [00asw] -> {472083B0-C522-11CF-8763-00608CC02F24} => -> No File
ShellIconOverlayIdentifiers: [00avg] -> {472083B0-C522-11CF-8763-00608CC02F24} => -> No File
ContextMenuHandlers1: [AccExt] -> {2A118EB5-5797-4F5E-8B3D-F4ECBA3C98E4} => C:\Program Files (x86)\Common Files\Adobe\CoreSyncExtension\CoreSync_x64.dll [2018-03-05] (Adobe Systems Incorporated -> )
ContextMenuHandlers1: [PhotoStreamsExt] -> {89D984B3-813B-406A-8298-118AFA3A22AE} => C:\Program Files\Common Files\Apple\Internet Services\ShellStreams64.dll [2019-10-01] (Apple Inc. -> Apple Inc.)
ContextMenuHandlers3: [MBAMShlExt] -> {57CE581A-0CB6-4266-9CA0-19364C90A0B3} => C:\Program Files\Malwarebytes\Anti-Malware\mbshlext.dll [2019-06-26] (Malwarebytes Corporation -> Malwarebytes)
ContextMenuHandlers5: [igfxDTCM] -> {9B5F5829-A529-4B12-814A-E81BCB8D93FC} => C:\WINDOWS\System32\DriverStore\FileRepository\igdlh64.inf_amd64_3d757484a892eacf\igfxDTCM.dll [2017-09-18] (Microsoft Windows Hardware Compatibility Publisher -> Intel Corporation)
ContextMenuHandlers6: [AccExt] -> {2A118EB5-5797-4F5E-8B3D-F4ECBA3C98E4} => C:\Program Files (x86)\Common Files\Adobe\CoreSyncExtension\CoreSync_x64.dll [2018-03-05] (Adobe Systems Incorporated -> )
ContextMenuHandlers6: [MBAMShlExt] -> {57CE581A-0CB6-4266-9CA0-19364C90A0B3} => C:\Program Files\Malwarebytes\Anti-Malware\mbshlext.dll [2019-06-26] (Malwarebytes Corporation -> Malwarebytes)
==================== Codecs (Whitelisted) ====================
==================== Shortcuts & WMI ========================
==================== Loaded Modules (Whitelisted) =============
2015-09-11 14:17 - 2015-09-11 14:17 - 001374208 ____R (The OpenSSL Project, hxxp://www.openssl.org/) [File not signed] C:\Program Files (x86)\Fitbit Connect\LIBEAY32.dll
==================== Alternate Data Streams (Whitelisted) ========
(If an entry is included in the fixlist, only the ADS will be removed.)
AlternateDataStreams: C:\Users\baile\OneDrive:${3D0CE612-FDEE-43f7-8ACA-957BEC0CCBA0}.SyncRootIdentity [130]
AlternateDataStreams: C:\Users\Public\Shared Files:VersionCache [231]
==================== Safe Mode (Whitelisted) ==================
(If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MBAMService => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\MBAMService => ""="Service"
==================== Association (Whitelisted) =================
==================== Internet Explorer trusted/restricted ==========
==================== Hosts content: =========================
(If needed Hosts: directive could be included in the fixlist to reset Hosts.)
2017-03-18 15:03 - 2019-07-11 01:06 - 000000830 _____ C:\WINDOWS\system32\drivers\etc\hosts
2018-08-20 13:44 - 2018-08-20 15:07 - 000000442 _____ C:\WINDOWS\system32\drivers\etc\hosts.ics
==================== Other Areas ===========================
(Currently there is no automatic fix for this section.)
HKU\S-1-5-21-260720292-2504253849-2348319339-1001\Control Panel\Desktop\\Wallpaper -> C:\Users\baile\AppData\Local\Microsoft\Windows\Themes\TranscodedWallpaper
DNS Servers: 192.168.1.1 - 207.190.94.2
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1)
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer => (SmartScreenEnabled: )
Windows Firewall is enabled.
==================== MSCONFIG/TASK MANAGER disabled items ==
(If an entry is included in the fixlist, it will be removed.)
HKLM\...\StartupApproved\Run: => "Logitech Download Assistant"
HKLM\...\StartupApproved\Run: => "iTunesHelper"
HKLM\...\StartupApproved\Run32: => "Adobe Creative Cloud"
HKLM\...\StartupApproved\Run32: => "Fitbit Connect"
HKU\S-1-5-21-260720292-2504253849-2348319339-1001\...\StartupApproved\StartupFolder: => "Send to OneNote.lnk"
HKU\S-1-5-21-260720292-2504253849-2348319339-1001\...\StartupApproved\StartupFolder: => "Facebook Gameroom.lnk"
HKU\S-1-5-21-260720292-2504253849-2348319339-1001\...\StartupApproved\Run: => "OneDrive"
HKU\S-1-5-21-260720292-2504253849-2348319339-1001\...\StartupApproved\Run: => "iCloudServices"
HKU\S-1-5-21-260720292-2504253849-2348319339-1001\...\StartupApproved\Run: => "iCloudDrive"
HKU\S-1-5-21-260720292-2504253849-2348319339-1001\...\StartupApproved\Run: => "Fitbit Connect"
HKU\S-1-5-21-260720292-2504253849-2348319339-1001\...\StartupApproved\Run: => "Steam"
HKU\S-1-5-21-260720292-2504253849-2348319339-1001\...\StartupApproved\Run: => "EpicGamesLauncher"
==================== FirewallRules (Whitelisted) ================
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
FirewallRules: [{DEC86BCC-7FC1-4B7A-8983-71F81D058E60}] => (Allow) %systemroot%\system32\alg.exe No File
FirewallRules: [{7734ADFC-7C1C-44DE-BF5C-257A9A98AF58}] => (Allow) C:\Program Files\HP\HP Officejet Pro 8600\Bin\HPNetworkCommunicatorCom.exe (Hewlett Packard -> Hewlett-Packard Co.)
FirewallRules: [{E4568B92-1FCC-4061-83C5-437E0EE0D0F3}] => (Allow) C:\Program Files\HP\HP Officejet Pro 8600\Bin\HPNetworkCommunicator.exe (Hewlett Packard -> Hewlett-Packard Co.)
FirewallRules: [{EC4565FE-47FE-4C96-89F6-EC930E9138CB}] => (Allow) C:\Program Files\HP\HP Officejet Pro 8600\Bin\DeviceSetup.exe (Hewlett Packard -> Hewlett-Packard Co.)
FirewallRules: [{3DDB871E-AE54-4D06-9CC2-E312CF97D35C}] => (Allow) C:\Program Files\HP\HP Officejet Pro 8600\bin\SendAFax.exe (Hewlett Packard -> Hewlett-Packard Co.)
FirewallRules: [{2A5EF8C4-4E73-43DA-9C64-B5AF013130E1}] => (Allow) C:\Program Files\HP\HP Officejet Pro 8600\bin\DigitalWizards.exe (Hewlett Packard -> Hewlett-Packard Co.)
FirewallRules: [{8348AB0B-6BB6-4F6B-80E8-934C66C21791}] => (Allow) C:\Program Files\HP\HP Officejet Pro 8600\bin\FaxApplications.exe (Hewlett Packard -> Hewlett-Packard Co.)
FirewallRules: [{F110E177-1997-42B6-AB07-24234331214B}] => (Allow) C:\Program Files\Microsoft Office 15\root\Office15\outlook.exe (Microsoft Corporation -> Microsoft Corporation)
FirewallRules: [{BB9E4FCE-C6D4-4D79-A5B5-6596087E3486}] => (Allow) C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc. -> Apple Inc.)
FirewallRules: [{205AC0AE-3A23-4EFF-9D8D-1407C7350A9B}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe (Apple Inc. -> Apple Inc.)
FirewallRules: [{0FD7C4B0-A458-45A0-A28F-74DD83578761}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe (Apple Inc. -> Apple Inc.)
FirewallRules: [{6733E1F9-EA29-4E45-9CFA-FD25A297EAB6}] => (Allow) C:\Program Files (x86)\Bonjour\mDNSResponder.exe (Apple Inc. -> Apple Inc.)
FirewallRules: [{DB029122-856A-4900-896E-B5F828836049}] => (Allow) C:\Program Files (x86)\Bonjour\mDNSResponder.exe (Apple Inc. -> Apple Inc.)
FirewallRules: [{804A7CAC-7F3A-4DBB-891F-7190D303AFB7}] => (Allow) C:\Program Files\Lenovo\Lenovo Migration Assistant\MigrationAssistant.exe (Lenovo -> )
FirewallRules: [{72732D93-EF99-4D73-BA99-C6A0CE94331C}] => (Allow) C:\Program Files\Lenovo\Lenovo Migration Assistant\MigrationAssistant.exe (Lenovo -> )
FirewallRules: [{FAF09736-6A4E-4DC2-B805-66E05FDBF34F}] => (Allow) C:\Program Files\Lenovo\Lenovo Migration Assistant\maService.exe (Lenovo -> )
FirewallRules: [{99585B7F-5666-4DDC-8E2E-1589685D4EA1}] => (Allow) C:\Program Files\Lenovo\Lenovo Migration Assistant\maService.exe (Lenovo -> )
FirewallRules: [{F28C4457-7D97-4710-BEEC-1BCF418ADA39}] => (Allow) C:\Users\baile\Downloads\iTunes.exe (Apple Inc. -> Apple Inc.)
FirewallRules: [{8DBDFB17-4E00-4F72-BDC3-91BC178A322D}] => (Allow) C:\Program Files\HP\HP OfficeJet Pro 8020 series\bin\FaxApplications.exe (HP Inc -> HP Inc.)
FirewallRules: [{4DB55019-A598-4D81-BD89-ABAAA4FC6028}] => (Allow) C:\Program Files\HP\HP OfficeJet Pro 8020 series\bin\DigitalWizards.exe (HP Inc -> HP Inc.)
FirewallRules: [{8B484D45-BF67-48C9-851D-A74C81505CF9}] => (Allow) C:\Program Files\HP\HP OfficeJet Pro 8020 series\bin\SendAFax.exe (HP Inc -> HP Inc.)
FirewallRules: [{ECB93F95-3992-4E5F-A4C3-83715CFA1DA9}] => (Allow) C:\Program Files\HP\HP OfficeJet Pro 8020 series\bin\FaxPrinterUtility.exe (HP Inc -> HP Inc.)
FirewallRules: [{F51D7996-B502-4861-B92A-F542F6FFFAD4}] => (Allow) C:\Program Files\HP\HP OfficeJet Pro 8020 series\Bin\DeviceSetup.exe (HP Inc -> HP Inc.)
FirewallRules: [{488EAE1E-A1A4-4FCC-B6EE-5E4DE222DAFF}] => (Allow) LPort=5357
FirewallRules: [{2CD808EA-8086-497D-B665-B3B19F8FFAE3}] => (Allow) C:\Program Files\HP\HP OfficeJet Pro 8020 series\Bin\HPNetworkCommunicatorCom.exe (HP Inc -> HP Inc.)
FirewallRules: [{F8BD7C21-0643-4DE1-8A7F-6F23634309FD}] => (Allow) C:\Users\baile\AppData\Local\Temp\7zS0B0B\HPDiagnosticCoreUI.exe No File
FirewallRules: [{F7F65726-1206-4388-8E0E-293C34F56029}] => (Allow) C:\Users\baile\AppData\Local\Temp\7zS0B0B\HPDiagnosticCoreUI.exe No File
FirewallRules: [{B03D518E-2727-49AF-90F5-8CFC654099FB}] => (Allow) C:\Users\baile\AppData\Local\Temp\7zS621E\HPDiagnosticCoreUI.exe No File
FirewallRules: [{B46221E6-A78D-4DA6-A8B0-114C15C11205}] => (Allow) C:\Users\baile\AppData\Local\Temp\7zS621E\HPDiagnosticCoreUI.exe No File
FirewallRules: [TCP Query User{D81F5BC7-EBFD-4BE6-BF59-FEA1CA323F60}C:\users\baile\appdata\local\temp\7zs621e\devicemanager\devicemanager.exe] => (Allow) C:\users\baile\appdata\local\temp\7zs621e\devicemanager\devicemanager.exe No File
FirewallRules: [UDP Query User{DFB5C2C7-782B-4C3A-A1D7-679004ADA982}C:\users\baile\appdata\local\temp\7zs621e\devicemanager\devicemanager.exe] => (Allow) C:\users\baile\appdata\local\temp\7zs621e\devicemanager\devicemanager.exe No File
FirewallRules: [{B2073E64-8313-4425-A121-9CCFB622819B}] => (Allow) C:\Users\baile\AppData\Local\Temp\7zS08E9\HPDiagnosticCoreUI.exe No File
FirewallRules: [{9F8A7177-7502-4BE6-91F2-5D4EFBDBEC19}] => (Allow) C:\Users\baile\AppData\Local\Temp\7zS08E9\HPDiagnosticCoreUI.exe No File
FirewallRules: [{844005BA-38EC-416B-B18D-9CFAEAC09569}] => (Allow) C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.118.611.0_x86__zpdnekdrzrea0\Spotify.exe (Spotify AB -> Spotify Ltd)
FirewallRules: [{DE4C90DC-BC53-4139-827D-B9CBDA579C52}] => (Allow) C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.118.611.0_x86__zpdnekdrzrea0\Spotify.exe (Spotify AB -> Spotify Ltd)
FirewallRules: [{A105883B-96F7-423A-8C20-506380A509E5}] => (Allow) C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.118.611.0_x86__zpdnekdrzrea0\Spotify.exe (Spotify AB -> Spotify Ltd)
FirewallRules: [{16FF5671-92BC-4180-95A9-4EAEA3320DA4}] => (Allow) C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.118.611.0_x86__zpdnekdrzrea0\Spotify.exe (Spotify AB -> Spotify Ltd)
FirewallRules: [{CCA606C4-7859-4BD4-9E90-435CD9CE0CE9}] => (Allow) C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.118.611.0_x86__zpdnekdrzrea0\Spotify.exe (Spotify AB -> Spotify Ltd)
FirewallRules: [{A3F64B59-443C-47D8-91E6-9C77A2A0704E}] => (Allow) C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.118.611.0_x86__zpdnekdrzrea0\Spotify.exe (Spotify AB -> Spotify Ltd)
FirewallRules: [{5A850F60-EBD5-4C40-B4AE-4C484127A373}] => (Allow) C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.118.611.0_x86__zpdnekdrzrea0\Spotify.exe (Spotify AB -> Spotify Ltd)
FirewallRules: [{B83C2E6D-6565-4396-9145-CA18658E1F77}] => (Allow) C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.118.611.0_x86__zpdnekdrzrea0\Spotify.exe (Spotify AB -> Spotify Ltd)
FirewallRules: [{8653C202-C107-4816-97B4-CB3F9850235B}] => (Allow) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google LLC -> Google LLC)
==================== Restore Points =========================
26-10-2019 17:01:07 Scheduled Checkpoint
31-10-2019 23:12:28 Removed Kaspersky Password Manager
03-11-2019 16:03:05 Intel® Driver & Support Assistant
03-11-2019 18:18:29 Restore Operation
03-11-2019 18:57:36 Removed Kaspersky Password Manager
07-11-2019 01:45:44 Windows Update
==================== Faulty Device Manager Devices ============
==================== Event log errors: ========================
Application errors:
==================
Error: (11/07/2019 12:51:26 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: adwcleaner_7.4.1.exe, version: 7.4.1.0, time stamp: 0x5d715fba
Faulting module name: adwcleaner_7.4.1.exe, version: 7.4.1.0, time stamp: 0x5d715fba
Exception code: 0xc0000005
Fault offset: 0x00420a46
Faulting process id: 0x1a0c
Faulting application start time: 0x01d59537ba2ae03e
Faulting application path: C:\Users\baile\Desktop\adwcleaner_7.4.1.exe
Faulting module path: C:\Users\baile\Desktop\adwcleaner_7.4.1.exe
Report Id: 1469d0cb-2f83-49a8-8300-4b534dfbc38e
Faulting package full name:
Faulting package-relative application ID:
Error: (11/06/2019 06:59:59 PM) (Source: Application Hang) (EventID: 1002) (User: )
Description: The program FRST64.exe version 6.11.2019.0 stopped interacting with Windows and was closed. To see if more information about the problem is available, check the problem history in the Security and Maintenance control panel.
Process ID: 1d0c
Start Time: 01d59504da7e013b
Termination Time: 4
Application Path: C:\Users\baile\Desktop\FRST64.exe
Report Id: a059c78f-1bcd-40f9-8933-baa8c57c2d8a
Faulting package full name:
Faulting package-relative application ID:
Hang type: Cross-process
Error: (11/06/2019 06:46:29 PM) (Source: Application Hang) (EventID: 1002) (User: )
Description: The program FRST64.exe version 6.11.2019.0 stopped interacting with Windows and was closed. To see if more information about the problem is available, check the problem history in the Security and Maintenance control panel.
Process ID: 4378
Start Time: 01d595036c824d3b
Termination Time: 3
Application Path: C:\Users\baile\Desktop\FRST64.exe
Report Id: bdfbfe04-191b-4a74-b5a6-7389c57b92e7
Faulting package full name:
Faulting package-relative application ID:
Hang type: Cross-process
Error: (11/06/2019 02:57:25 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: SkypeApp.exe, version: 8.53.0.85, time stamp: 0x5d966ef7
Faulting module name: Windows.UI.Xaml.dll, version: 10.0.17763.802, time stamp: 0x322dae8f
Exception code: 0xc000027b
Fault offset: 0x0000000000701a52
Faulting process id: 0x2afc
Faulting application start time: 0x01d594c855a51250
Faulting application path: C:\Program Files\WindowsApps\Microsoft.SkypeApp_14.53.85.0_x64__kzf8qxf38zg5c\SkypeApp.exe
Faulting module path: C:\Windows\System32\Windows.UI.Xaml.dll
Report Id: 41d5e7ac-58af-4bf7-9ba4-d916e777c8e0
Faulting package full name: Microsoft.SkypeApp_14.53.85.0_x64__kzf8qxf38zg5c
Faulting package-relative application ID: App
Error: (11/06/2019 02:40:05 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: adwcleaner_7.4.2.exe, version: 7.4.2.0, time stamp: 0x5dadf380
Faulting module name: ISD_Tablet.dll, version: 7.3.4.38, time stamp: 0x59216f3c
Exception code: 0xc0000005
Fault offset: 0x000dc6ae
Faulting process id: 0x192c
Faulting application start time: 0x01d594e2302d7e19
Faulting application path: C:\Users\baile\Desktop\adwcleaner_7.4.2.exe
Faulting module path: C:\WINDOWS\SYSTEM32\ISD_Tablet.dll
Report Id: 9e6c23fd-9153-4441-849b-bb165100f7b8
Faulting package full name:
Faulting package-relative application ID:
Error: (11/06/2019 02:40:00 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: explorer.exe, version: 10.0.17763.771, time stamp: 0xe9df2906
Faulting module name: combase.dll, version: 10.0.17763.737, time stamp: 0xc366780e
Exception code: 0xc0000005
Fault offset: 0x000000000004aaa4
Faulting process id: 0x2f3c
Faulting application start time: 0x01d594cd1495ae06
Faulting application path: C:\WINDOWS\explorer.exe
Faulting module path: C:\WINDOWS\System32\combase.dll
Report Id: a75cbd13-572f-400b-83c9-6a18d0fc006d
Faulting package full name:
Faulting package-relative application ID:
Error: (11/06/2019 02:40:00 PM) (Source: .NET Runtime) (EventID: 1026) (User: )
Description: Application: explorer.exe
Framework Version: v4.0.30319
Description: The process was terminated due to an unhandled exception.
Exception Info: exception code c0000005, exception address 00007FFA01F8AAA4
Error: (11/06/2019 03:09:53 AM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 10800032
System errors:
=============
Error: (11/07/2019 09:57:24 PM) (Source: DCOM) (EventID: 10016) (User: YOGA720-15IKB)
Description: The application-specific permission settings do not grant Local Activation permission for the COM Server application with CLSID
{2593F8B9-4EAF-457C-B68A-50F6B8EA6B54}
and APPID
{15C20B67-12E7-4BB6-92BB-7AFF07997402}
to the user YOGA720-15IKB\bailey SID (S-1-5-21-260720292-2504253849-2348319339-1001) from address LocalHost (Using LRPC) running in the application container Unavailable SID (Unavailable). This security permission can be modified using the Component Services administrative tool.
Error: (11/07/2019 09:03:31 PM) (Source: DCOM) (EventID: 10016) (User: YOGA720-15IKB)
Description: The application-specific permission settings do not grant Local Activation permission for the COM Server application with CLSID
{2593F8B9-4EAF-457C-B68A-50F6B8EA6B54}
and APPID
{15C20B67-12E7-4BB6-92BB-7AFF07997402}
to the user YOGA720-15IKB\bailey SID (S-1-5-21-260720292-2504253849-2348319339-1001) from address LocalHost (Using LRPC) running in the application container Unavailable SID (Unavailable). This security permission can be modified using the Component Services administrative tool.
Error: (11/07/2019 09:03:24 PM) (Source: DCOM) (EventID: 10016) (User: YOGA720-15IKB)
Description: The application-specific permission settings do not grant Local Activation permission for the COM Server application with CLSID
{2593F8B9-4EAF-457C-B68A-50F6B8EA6B54}
and APPID
{15C20B67-12E7-4BB6-92BB-7AFF07997402}
to the user YOGA720-15IKB\bailey SID (S-1-5-21-260720292-2504253849-2348319339-1001) from address LocalHost (Using LRPC) running in the application container Unavailable SID (Unavailable). This security permission can be modified using the Component Services administrative tool.
Error: (11/07/2019 08:26:19 PM) (Source: DCOM) (EventID: 10016) (User: YOGA720-15IKB)
Description: The application-specific permission settings do not grant Local Activation permission for the COM Server application with CLSID
{2593F8B9-4EAF-457C-B68A-50F6B8EA6B54}
and APPID
{15C20B67-12E7-4BB6-92BB-7AFF07997402}
to the user YOGA720-15IKB\bailey SID (S-1-5-21-260720292-2504253849-2348319339-1001) from address LocalHost (Using LRPC) running in the application container Unavailable SID (Unavailable). This security permission can be modified using the Component Services administrative tool.
Error: (11/07/2019 08:25:35 PM) (Source: DCOM) (EventID: 10016) (User: YOGA720-15IKB)
Description: The application-specific permission settings do not grant Local Activation permission for the COM Server application with CLSID
{2593F8B9-4EAF-457C-B68A-50F6B8EA6B54}
and APPID
{15C20B67-12E7-4BB6-92BB-7AFF07997402}
to the user YOGA720-15IKB\bailey SID (S-1-5-21-260720292-2504253849-2348319339-1001) from address LocalHost (Using LRPC) running in the application container Unavailable SID (Unavailable). This security permission can be modified using the Component Services administrative tool.
Error: (11/07/2019 08:25:22 PM) (Source: DCOM) (EventID: 10016) (User: YOGA720-15IKB)
Description: The application-specific permission settings do not grant Local Activation permission for the COM Server application with CLSID
{2593F8B9-4EAF-457C-B68A-50F6B8EA6B54}
and APPID
{15C20B67-12E7-4BB6-92BB-7AFF07997402}
to the user YOGA720-15IKB\bailey SID (S-1-5-21-260720292-2504253849-2348319339-1001) from address LocalHost (Using LRPC) running in the application container Unavailable SID (Unavailable). This security permission can be modified using the Component Services administrative tool.
Error: (11/07/2019 08:16:54 PM) (Source: DCOM) (EventID: 10016) (User: YOGA720-15IKB)
Description: The application-specific permission settings do not grant Local Activation permission for the COM Server application with CLSID
{2593F8B9-4EAF-457C-B68A-50F6B8EA6B54}
and APPID
{15C20B67-12E7-4BB6-92BB-7AFF07997402}
to the user YOGA720-15IKB\bailey SID (S-1-5-21-260720292-2504253849-2348319339-1001) from address LocalHost (Using LRPC) running in the application container Unavailable SID (Unavailable). This security permission can be modified using the Component Services administrative tool.
Error: (11/07/2019 07:40:57 PM) (Source: DCOM) (EventID: 10016) (User: YOGA720-15IKB)
Description: The application-specific permission settings do not grant Local Activation permission for the COM Server application with CLSID
{2593F8B9-4EAF-457C-B68A-50F6B8EA6B54}
and APPID
{15C20B67-12E7-4BB6-92BB-7AFF07997402}
to the user YOGA720-15IKB\bailey SID (S-1-5-21-260720292-2504253849-2348319339-1001) from address LocalHost (Using LRPC) running in the application container Unavailable SID (Unavailable). This security permission can be modified using the Component Services administrative tool.
Windows Defender:
===================================
Date: 2019-11-05 23:14:29.618
Description:
Windows Defender Antivirus scan has been stopped before completion.
Scan ID: {9BD470F9-86C4-40CE-A9FA-7F6F24C7859F}
Scan Type: Antimalware
Scan Parameters: Quick Scan
Date: 2019-10-20 17:45:48.825
Description:
Windows Defender Antivirus scan has been stopped before completion.
Scan ID: {E3E3B27C-5DCB-4D6E-8FD1-7CA8B0AF7DC1}
Scan Type: Antimalware
Scan Parameters: Quick Scan
Date: 2019-10-17 00:36:47.818
Description:
Windows Defender Antivirus scan has been stopped before completion.
Scan ID: {ED4FDAAD-A3C7-4B4B-8EFD-FF1FCF1B06C0}
Scan Type: Antimalware
Scan Parameters: Quick Scan
Date: 2019-10-13 14:40:45.986
Description:
Windows Defender Antivirus scan has been stopped before completion.
Scan ID: {8B05BCA6-3FDD-4DC4-9829-94D742A38185}
Scan Type: Antimalware
Scan Parameters: Quick Scan
Date: 2019-10-10 20:07:00.331
Description:
Windows Defender Antivirus scan has been stopped before completion.
Scan ID: {2FDB2CF4-351C-4F3F-9A39-CE1ECDCF2E9A}
Scan Type: Antimalware
Scan Parameters: Quick Scan
Date: 2019-11-03 18:49:57.311
Description:
Windows Defender Antivirus has encountered an error trying to load signatures and will attempt reverting back to a known-good set of signatures.
Signatures Attempted: Current
Error Code: 0x80070003
Error description: The system cannot find the path specified.
Signature version: 0.0.0.0;0.0.0.0
Engine version: 0.0.0.0
CodeIntegrity:
===================================
Date: 2019-11-07 21:52:12.798
Description:
Code Integrity determined that a process (\Device\HarddiskVolume3\Windows\System32\MicrosoftEdgeCP.exe) attempted to load \Device\HarddiskVolume3\Program Files\Malwarebytes\Anti-Malware\mbae64.dll that did not meet the Store signing level requirements.
Date: 2019-11-07 21:50:12.962
Description:
Code Integrity determined that a process (\Device\HarddiskVolume3\Windows\System32\MicrosoftEdgeCP.exe) attempted to load \Device\HarddiskVolume3\Program Files\Malwarebytes\Anti-Malware\mbae64.dll that did not meet the Store signing level requirements.
Date: 2019-11-07 21:50:02.980
Description:
Code Integrity determined that a process (\Device\HarddiskVolume3\Windows\System32\MicrosoftEdgeCP.exe) attempted to load \Device\HarddiskVolume3\Program Files\Malwarebytes\Anti-Malware\mbae64.dll that did not meet the Store signing level requirements.
Date: 2019-11-07 21:49:53.328
Description:
Code Integrity determined that a process (\Device\HarddiskVolume3\Windows\System32\MicrosoftEdgeCP.exe) attempted to load \Device\HarddiskVolume3\Program Files\Malwarebytes\Anti-Malware\mbae64.dll that did not meet the Store signing level requirements.
Date: 2019-11-07 21:49:52.967
Description:
Code Integrity determined that a process (\Device\HarddiskVolume3\Windows\System32\MicrosoftEdgeCP.exe) attempted to load \Device\HarddiskVolume3\Program Files\Malwarebytes\Anti-Malware\mbae64.dll that did not meet the Store signing level requirements.
Date: 2019-11-07 21:49:42.041
Description:
Code Integrity determined that a process (\Device\HarddiskVolume3\Windows\System32\MicrosoftEdgeCP.exe) attempted to load \Device\HarddiskVolume3\Program Files\Malwarebytes\Anti-Malware\mbae64.dll that did not meet the Store signing level requirements.
Date: 2019-11-07 21:49:27.804
Description:
Code Integrity determined that a process (\Device\HarddiskVolume3\Windows\System32\MicrosoftEdgeCP.exe) attempted to load \Device\HarddiskVolume3\Program Files\Malwarebytes\Anti-Malware\mbae64.dll that did not meet the Store signing level requirements.
Date: 2019-11-07 21:49:15.389
Description:
Code Integrity determined that a process (\Device\HarddiskVolume3\Windows\System32\MicrosoftEdgeCP.exe) attempted to load \Device\HarddiskVolume3\Program Files\Malwarebytes\Anti-Malware\mbae64.dll that did not meet the Store signing level requirements.
==================== Memory info ===========================
BIOS: LENOVO 4MCN33WW(V2.05) 07/19/2018
Motherboard: LENOVO LNVNB161216
Processor: Intel(R) Core(TM) i7-7700HQ CPU @ 2.80GHz
Percentage of memory in use: 46%
Total physical RAM: 8050.39 MB
Available physical RAM: 4307.85 MB
Total Virtual: 10994.39 MB
Available Virtual: 6566.58 MB
==================== Drives ================================
Drive c: (Windows) (Fixed) (Total:212.23 GB) (Free:60.56 GB) NTFS
Drive d: (LENOVO) (Fixed) (Total:25 GB) (Free:16.94 GB) NTFS
Drive e: (My Passport) (Fixed) (Total:931.48 GB) (Free:759.2 GB) NTFS
\\?\Volume{f502dc90-57ed-4a7b-a2e2-fa55f122b281}\ (WINRE_DRV) (Fixed) (Total:0.98 GB) (Free:0.43 GB) NTFS
\\?\Volume{d43090cd-ee40-4e84-a945-39394c9839b4}\ (SYSTEM_DRV) (Fixed) (Total:0.25 GB) (Free:0.22 GB) FAT32
==================== MBR & Partition Table ====================
==========================================================
Disk: 0 (Size: 238.5 GB) (Disk ID: A3FF1E49)
Partition: GPT.
==========================================================
Disk: 1 (Size: 931.5 GB) (Disk ID: 16F2A91F)
Partition: GPT.
==================== End of Addition.txt =======================
 
#5 ·
Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 06-11-2019
Ran by bailey (administrator) on YOGA720-15IKB (LENOVO 80X7) (07-11-2019 21:58:51)
Running from C:\Users\baile\Desktop
Loaded Profiles: bailey (Available Profiles: bailey)
Platform: Windows 10 Home Version 1809 17763.805 (X64) Language: English (United States)
Default browser: Chrome
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/
==================== Processes (Whitelisted) =================
(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
(Adobe Inc. -> Adobe Inc.) C:\Program Files (x86)\Common Files\Adobe\Adobe Desktop Common\ElevationManager\AdobeUpdateService.exe
(Adobe Inc. -> Adobe Systems, Incorporated) C:\Program Files (x86)\Common Files\Adobe\AdobeGCClient\AGMService.exe
(Adobe Inc. -> Adobe Systems, Incorporated) C:\Program Files (x86)\Common Files\Adobe\AdobeGCClient\AGSService.exe
(Apple Inc. -> Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(Apple Inc. -> Apple Inc.) C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(Dolby Laboratories, Inc. -> ) C:\Program Files\Dolby\Dolby DAX3\API\DAX3API.exe
(Dolby Laboratories, Inc. -> ) C:\Program Files\Dolby\Dolby DAX3\APP\DAX3TrayIcon.exe
(Fitbit, Inc. -> Fitbit, Inc.) [File not signed] C:\Program Files (x86)\Fitbit Connect\FitbitConnectService.exe
(Google Inc -> Google LLC) C:\Program Files (x86)\Google\Update\1.3.35.342\GoogleCrashHandler.exe
(Google Inc -> Google LLC) C:\Program Files (x86)\Google\Update\1.3.35.342\GoogleCrashHandler64.exe
(Hewlett Packard -> Hewlett-Packard Co.) C:\Program Files\HP\HP Officejet Pro 8600\Bin\HPNetworkCommunicator.exe
(Hewlett Packard -> Hewlett-Packard Co.) C:\Program Files\HP\HP Officejet Pro 8600\Bin\ScanToPCActivationApp.exe
(Hewlett-Packard Company -> Hewlett-Packard) C:\Program Files (x86)\HP\HP Software Update\hpwuschd2.exe
(HP Inc -> HP Inc.) C:\Program Files\HP\HP OfficeJet Pro 8020 series\Bin\HPNetworkCommunicatorCom.exe
(HP Inc -> HP Inc.) C:\Program Files\HP\HP OfficeJet Pro 8020 series\Bin\ScanToPCActivationApp.exe
(Intel Corporation - pGFX -> Intel Corporation) C:\Windows\System32\Intel\DPTF\esif_uf.exe
(Intel Corporation -> Intel Corporation) C:\Windows\Temp\DPTF\esif_assist_64.exe
(Intel(R) pGFX -> Intel Corporation) C:\Windows\System32\DriverStore\FileRepository\igdlh64.inf_amd64_3d757484a892eacf\igfxCUIService.exe
(Intel(R) pGFX -> Intel Corporation) C:\Windows\System32\DriverStore\FileRepository\igdlh64.inf_amd64_3d757484a892eacf\igfxEM.exe
(Intel(R) pGFX -> Intel Corporation) C:\Windows\System32\DriverStore\FileRepository\igdlh64.inf_amd64_3d757484a892eacf\IntelCpHDCPSvc.exe
(Intel(R) pGFX -> Intel Corporation) C:\Windows\System32\DriverStore\FileRepository\igdlh64.inf_amd64_3d757484a892eacf\IntelCpHeciSvc.exe
(Intel(R) Wireless Connectivity Solutions -> Intel Corporation) C:\Windows\System32\ibtsiva.exe
(Lenovo -> ) C:\Program Files\Lenovo\Lenovo Migration Assistant\maService.exe
(LENOVO -> Lenovo) C:\Program Files\Lenovo\YMC\ymc.exe
(Malwarebytes Inc -> Malwarebytes) C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe
(Malwarebytes Inc -> Malwarebytes) C:\Program Files\Malwarebytes\Anti-Malware\mbamtray.exe
(Microsoft Corporation -> Microsoft Corporation) C:\Program Files\Microsoft Office 15\ClientX64\officeclicktorun.exe
(Microsoft Corporation -> Microsoft Corporation) C:\Program Files\Microsoft Office 15\root\office15\OUTLOOK.EXE
(Microsoft Corporation -> Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v3.0\WPF\PresentationFontCache.exe
(Microsoft Corporation -> Microsoft Corporation) C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe
(Microsoft Corporation) C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_16005.12026.20368.0_x64__8wekyb3d8bbwe\HxOutlook.exe
(Microsoft Corporation) C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_16005.12026.20368.0_x64__8wekyb3d8bbwe\HxTsr.exe
(Microsoft Corporation) C:\Program Files\WindowsApps\Microsoft.WindowsStore_11911.1001.8.0_x64__8wekyb3d8bbwe\WinStore.App.exe
(Microsoft Corporation) C:\Program Files\WindowsApps\Microsoft.ZuneMusic_10.19101.10711.0_x64__8wekyb3d8bbwe\Music.UI.exe
(Microsoft Corporation) C:\Program Files\WindowsApps\Microsoft.ZuneVideo_10.19101.10711.0_x64__8wekyb3d8bbwe\Video.UI.exe
(Microsoft Windows -> Microsoft Corporation) C:\Windows\ImmersiveControlPanel\SystemSettings.exe
(Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\browser_broker.exe
(Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\MicrosoftEdgeCP.exe
(Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\MicrosoftEdgeSH.exe
(Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\smartscreen.exe
(Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\wlanext.exe
(Microsoft Windows Publisher -> Microsoft Corporation) C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.1910.4-0\MsMpEng.exe
(Microsoft Windows Publisher -> Microsoft Corporation) C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.1910.4-0\NisSrv.exe
(Network Protect Ltd -> UltraVPN) C:\Program Files (x86)\UltraVPN\UltraVPN.exe
(Network Protect Ltd -> UltraVPN) C:\Program Files (x86)\UltraVPN\UltraVPNSvc.exe
(Realtek Semiconductor Corp. -> Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe
(Realtek Semiconductor Corp. -> Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe
(Realtek Semiconductor Corp. -> Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe
(Realtek Semiconductor Corp. -> Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
(Wacom Technology Corp. -> Wacom Technology) C:\Program Files\Tablet\ISD\WacomHost.exe
(Wacom Technology Corp. -> Wacom Technology) C:\Program Files\Tablet\Wacom\WacomHost.exe
(Wacom Technology Corporation -> Wacom Technology, Corp.) C:\Program Files\Tablet\ISD\ISD_Tablet.exe
(Wacom Technology Corporation -> Wacom Technology, Corp.) C:\Program Files\Tablet\ISD\ISD_TabletUser.exe
(Wacom Technology Corporation -> Wacom Technology, Corp.) C:\Program Files\Tablet\ISD\WTabletServiceISD.exe
(Wacom Technology Corporation -> Wacom Technology, Corp.) C:\Program Files\Tablet\Wacom\Wacom_Tablet.exe
(Wacom Technology Corporation -> Wacom Technology, Corp.) C:\Program Files\Tablet\Wacom\Wacom_TabletUser.exe
(Wacom Technology Corporation -> Wacom Technology, Corp.) C:\Program Files\Tablet\Wacom\Wacom_TouchUser.exe
(Wacom Technology Corporation -> Wacom Technology, Corp.) C:\Program Files\Tablet\Wacom\WTabletServicePro.exe
(Western Digital Technologies, Inc. -> Western Digital Technologies, Inc.) C:\Program Files (x86)\Western Digital\WD App Manager\Plugins\WD Backup\App\WDBackupService.exe
(Western Digital Technologies, Inc. -> Western Digital Technologies, Inc.) C:\Program Files (x86)\Western Digital\WD App Manager\WDAppManager.exe
==================== Registry (Whitelisted) ===================
(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
HKLM\...\Run: [AdobeAAMUpdater-1.0] => C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe [509936 2018-04-10] (Adobe Systems Incorporated -> Adobe Systems Incorporated)
HKLM\...\Run: [AdobeGCInvoker-1.0] => C:\Program Files (x86)\Common Files\Adobe\AdobeGCClient\AGCInvokerUtility.exe [2872400 2019-10-08] (Adobe Inc. -> Adobe Systems, Incorporated)
HKLM\...\Run: [Logitech Download Assistant] => C:\Windows\System32\LogiLDA.dll [3942864 2016-10-13] (Logitech -> Logitech, Inc.)
HKLM\...\Run: [RTHDVCPL] => C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [18376680 2017-06-08] (Realtek Semiconductor Corp. -> Realtek Semiconductor)
HKLM\...\Run: [RtHDVBg_Dolby] => C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe [1489888 2017-06-08] (Realtek Semiconductor Corp. -> Realtek Semiconductor)
HKLM\...\Run: [RtHDVBg_LENOVO_DOLBYDRAGON] => C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe [1489888 2017-06-08] (Realtek Semiconductor Corp. -> Realtek Semiconductor)
HKLM\...\Run: [RtHDVBg_LENOVO_MICPKEY] => C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe [1489888 2017-06-08] (Realtek Semiconductor Corp. -> Realtek Semiconductor)
HKLM\...\Run: [APP] => C:\Program Files\Dolby\Dolby DAX3\APP\DAX3TrayIcon.exe [963376 2016-10-27] (Dolby Laboratories, Inc. -> )
HKLM\...\Run: [iTunesHelper] => C:\Users\baile\Downloads\iTunesHelper.exe [302904 2019-10-03] (Apple Inc. -> Apple Inc.)
HKLM-x32\...\Run: [Adobe Creative Cloud] => C:\Program Files (x86)\Adobe\Adobe Creative Cloud\ACC\Creative Cloud.exe [401464 2019-09-27] (Adobe Inc. -> Adobe Inc.)
HKLM-x32\...\Run: [HP Software Update] => C:\Program Files (x86)\Hp\HP Software Update\HPWuSchd2.exe [96056 2013-05-30] (Hewlett-Packard Company -> Hewlett-Packard)
HKLM-x32\...\Run: [Fitbit Connect] => C:\Program Files (x86)\Fitbit Connect\Fitbit Connect.exe [3414184 2015-09-11] (Fitbit, Inc. -> Fitbit, Inc.) [File not signed]
HKLM-x32\...\Run: [WDAppManager] => C:\Program Files (x86)\Western Digital\WD App Manager\AppManagerLauncher.exe [21888 2018-01-24] (Western Digital Technologies, Inc. -> Western Digital Technologies, Inc.)
HKU\S-1-5-21-260720292-2504253849-2348319339-1001\...\Run: [iCloudServices] => C:\Program Files (x86)\Common Files\Apple\Internet Services\iCloudServices.exe [67384 2019-10-01] (Apple Inc. -> Apple Inc.)
HKU\S-1-5-21-260720292-2504253849-2348319339-1001\...\Run: [iCloudDrive] => C:\Program Files (x86)\Common Files\Apple\Internet Services\iCloudDrive.exe [110392 2019-10-01] (Apple Inc. -> Apple Inc.)
HKU\S-1-5-21-260720292-2504253849-2348319339-1001\...\Run: [HP Officejet Pro 8600 (NET)] => C:\Program Files\HP\HP Officejet Pro 8600\Bin\ScanToPCActivationApp.exe [2573416 2012-10-17] (Hewlett Packard -> Hewlett-Packard Co.)
HKU\S-1-5-21-260720292-2504253849-2348319339-1001\...\Run: [Fitbit Connect] => C:\Program Files (x86)\Fitbit Connect\Fitbit Connect.exe [3414184 2015-09-11] (Fitbit, Inc. -> Fitbit, Inc.) [File not signed]
HKU\S-1-5-21-260720292-2504253849-2348319339-1001\...\Run: [HP OfficeJet Pro 8020 series (NET)] => C:\Program Files\HP\HP OfficeJet Pro 8020 series\Bin\ScanToPCActivationApp.exe [4071840 2018-12-10] (HP Inc -> HP Inc.)
HKU\S-1-5-21-260720292-2504253849-2348319339-1001\...\MountPoints2: {1285eeda-e8c4-11e9-82dd-a87f714249d0} - "E:\VZW_Software_upgrade_assistant.exe"
HKLM\Software\Microsoft\Active Setup\Installed Components: [{8A69D345-D564-463c-AFF1-A69D9E530F96}] -> C:\Program Files (x86)\Google\Chrome\Application\78.0.3904.97\Installer\chrmstp.exe [2019-11-07] (Google LLC -> Google LLC)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\UltraVPN.lnk [2019-02-01]
ShortcutTarget: UltraVPN.lnk -> C:\Program Files (x86)\UltraVPN\UltraVPN.exe (Network Protect Ltd -> UltraVPN)
Startup: C:\Users\baile\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Monitor Ink Alerts - .lnk [2019-08-22]
ShortcutAndArgument: Monitor Ink Alerts - .lnk -> C:\WINDOWS\system32\RunDll32.exe => "C:\Program Files\HP\HP Officejet Pro 8600\bin\HPStatusBL.dll",RunDLLEntry SERIALNUMBER=CN3AOEWGF505KC;CONNECTION=NW;MONITOR=1;
Startup: C:\Users\baile\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Monitor Ink Alerts - HP Officejet Pro 8600 (Network).lnk [2019-10-16]
ShortcutAndArgument: Monitor Ink Alerts - HP Officejet Pro 8600 (Network).lnk -> C:\WINDOWS\system32\RunDll32.exe => "C:\Program Files\HP\HP Officejet Pro 8600\bin\HPStatusBL.dll",RunDLLEntry SERIALNUMBER=CN3AOEWGF505KC;CONNECTION=NW;MONITOR=1;
Startup: C:\Users\baile\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Send to OneNote.lnk [2019-10-22]
ShortcutTarget: Send to OneNote.lnk -> C:\Program Files\Microsoft Office 15\root\office15\ONENOTEM.EXE (Microsoft Corporation -> Microsoft Corporation)
FF HKLM\SOFTWARE\Policies\Mozilla\Firefox: Restriction <==== ATTENTION
CHR HKLM\SOFTWARE\Policies\Google: Restriction <==== ATTENTION
==================== Scheduled Tasks (Whitelisted) ============
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
Task: {0E41EACB-602F-472D-A50B-BAC99EBC6892} - System32\Tasks\AdobeAAMUpdater-1.0-MicrosoftAccount-baileyl032017@outlook.com => C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe [509936 2018-04-10] (Adobe Systems Incorporated -> Adobe Systems Incorporated)
Task: {10A2D8F3-B81B-4C19-AA59-BED341E8F286} - System32\Tasks\Adobe Flash Player PPAPI Notifier => C:\WINDOWS\SysWOW64\Macromed\Flash\FlashUtil32_32_0_0_270_pepper.exe [1453112 2019-10-09] (Adobe Inc. -> Adobe)
Task: {138C7D27-E8F7-45CF-824E-5382F35FB876} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [153168 2017-12-30] (Google Inc -> Google Inc.)
Task: {25B126E2-E129-4B8C-A051-AE8F6C2AC12F} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [153168 2017-12-30] (Google Inc -> Google Inc.)
Task: {280D02D9-6D81-45CC-B7FA-7DFB7C4EDA71} - System32\Tasks\Adobe Uninstaller => C:\Program Files (x86)\Adobe\Adobe Creative Cloud\ACC\Creative Cloud.exe [401464 2019-09-27] (Adobe Inc. -> Adobe Inc.)
Task: {3E154EAE-7138-4F19-9F37-D9157CEBB0E1} - System32\Tasks\Kaspersky_Upgrade_{E7FE8BD6-07C8-4138-AB61-92AA886397EA} => C:\Program Files\Common Files\AV\Kaspersky Anti-Virus\upgrade.exe [595904 2019-10-21] (Kaspersky Lab -> AO Kaspersky Lab)
Task: {53FA9348-5DED-47C7-AC6F-4F0F7A0836D9} - System32\Tasks\Microsoft\Office\Office ClickToRun Service Monitor => C:\Program Files\Microsoft Office 15\ClientX64\OfficeC2RClient.exe [979024 2019-02-13] (Microsoft Corporation -> Microsoft Corporation)
Task: {80649F8B-3557-47EF-AE0C-E42DA7305790} - System32\Tasks\HPCustParticipation HP OfficeJet Pro 8020 series => C:\Program Files\HP\HP OfficeJet Pro 8020 series\Bin\HPCustPartic.exe [6692256 2019-07-25] (HP Inc -> HP Inc.)
Task: {854037A7-409A-4E7E-8839-B64D9DD70321} - System32\Tasks\Antivirus Emergency Update => C:\Program Files (x86)\AVG\Antivirus\AvEmUpdate.exe
Task: {86498FD1-0AB2-4547-9638-10E5FD662851} - System32\Tasks\Adobe Flash Player Updater => C:\WINDOWS\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [335416 2019-10-09] (Adobe Inc. -> Adobe)
Task: {9893ED56-95D5-4BC0-811C-C7FD7240F18F} - System32\Tasks\Microsoft\Windows\Windows Defender\Windows Defender Cache Maintenance => C:\ProgramData\Microsoft\Windows Defender\platform\4.18.1910.4-0\MpCmdRun.exe [469928 2019-11-03] (Microsoft Windows Publisher -> Microsoft Corporation)
Task: {ABCD284A-8C24-49C7-8EAC-395A6E913A97} - System32\Tasks\Microsoft\Office\Office Automatic Updates => C:\Program Files\Microsoft Office 15\ClientX64\OfficeC2RClient.exe [979024 2019-02-13] (Microsoft Corporation -> Microsoft Corporation)
Task: {B8E1E233-B0BD-4527-9C18-8A9E74A99A8D} - System32\Tasks\Microsoft\Windows\Windows Defender\Windows Defender Scheduled Scan => C:\ProgramData\Microsoft\Windows Defender\platform\4.18.1910.4-0\MpCmdRun.exe [469928 2019-11-03] (Microsoft Windows Publisher -> Microsoft Corporation)
Task: {D7E912F0-CD6F-456B-A47A-42DCED783974} - System32\Tasks\AdobeAAMUpdater-1.0-YOGA720-15IKB-bailey => C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe [509936 2018-04-10] (Adobe Systems Incorporated -> Adobe Systems Incorporated)
Task: {E631038B-2CFE-4CA4-9F1F-8732D0DFB9A8} - System32\Tasks\Apple\AppleSoftwareUpdate => C:\Program Files (x86)\Apple Software Update\SoftwareUpdate.exe [616832 2019-09-04] (Apple Inc. -> Apple Inc.)
Task: {E6B19B21-5958-4DF3-8199-D0E8A3CD31F8} - System32\Tasks\Microsoft\Windows\Windows Defender\Windows Defender Verification => C:\ProgramData\Microsoft\Windows Defender\platform\4.18.1910.4-0\MpCmdRun.exe [469928 2019-11-03] (Microsoft Windows Publisher -> Microsoft Corporation)
Task: {E78A56F7-58D9-4451-BB2B-B9FF5AE1BD63} - System32\Tasks\Microsoft\Windows\Windows Defender\Windows Defender Cleanup => C:\ProgramData\Microsoft\Windows Defender\platform\4.18.1910.4-0\MpCmdRun.exe [469928 2019-11-03] (Microsoft Windows Publisher -> Microsoft Corporation)
Task: {EE3668F8-BBB2-4DDE-9358-770A17D5080C} - System32\Tasks\Apple Diagnostics => C:\Program Files (x86)\Common Files\Apple\Internet Services\EReporter.exe [67896 2019-10-01] (Apple Inc. -> Apple Inc.)
Task: {F9330818-1ABC-4A7E-83C5-454D9B18F8AA} - System32\Tasks\Lenovo\Lenovo MigrationAssistant logon task => C:\Program Files\Lenovo\Lenovo Migration Assistant\maService.exe [151920 2017-12-06] (Lenovo -> )
Task: {FD2632BD-314B-4274-8CCD-5DBBB8FB4359} - System32\Tasks\AdobeGCInvoker-1.0 => C:\Program Files (x86)\Common Files\Adobe\AdobeGCClient\AGCInvokerUtility.exe [2872400 2019-10-08] (Adobe Inc. -> Adobe Systems, Incorporated)
Task: {FD7E4D41-F141-40D9-AAB5-790B1C8CF50E} - System32\Tasks\AVG\Overseer => C:\Program Files\Common Files\AVG\Overseer\overseer.exe
(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)
Task: C:\WINDOWS\Tasks\CreateExplorerShellUnelevatedTask.job => C:\WINDOWS\explorer.exe
==================== Internet (Whitelisted) ====================
(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
Tcpip\Parameters: [DhcpNameServer] 192.168.1.1 207.190.94.2 207.190.94.129
Tcpip\..\Interfaces\{3c4a9f21-8085-4361-98eb-ab3060e81302}: [DhcpNameServer] 192.168.1.1 207.190.94.2 207.190.94.129
Internet Explorer:
==================
HKU\S-1-5-21-260720292-2504253849-2348319339-1001\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://lenovo17win10.msn.com/?pc=LCTE
HKU\S-1-5-21-260720292-2504253849-2348319339-1001\Software\Microsoft\Internet Explorer\Main,Secondary Start Pages = hxxp://mystart.lenovo.com
SearchScopes: HKU\S-1-5-21-260720292-2504253849-2348319339-1001 -> DefaultScope {D4DBA3E0-BA8B-43C2-9BDB-2CD84DB0CF9F} URL =
SearchScopes: HKU\S-1-5-21-260720292-2504253849-2348319339-1001 -> {D4DBA3E0-BA8B-43C2-9BDB-2CD84DB0CF9F} URL =
BHO: Skype for Business Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX64\Microsoft Office\Office15\OCHelper.dll [2019-08-27] (Microsoft Corporation -> Microsoft Corporation)
BHO: Microsoft SkyDrive Pro Browser Helper -> {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} -> C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX64\Microsoft Office\Office15\GROOVEEX.DLL [2019-10-14] (Microsoft Corporation -> Microsoft Corporation)
Toolbar: HKU\S-1-5-21-260720292-2504253849-2348319339-1001 -> No Name - {EF293C5A-9F37-49FD-91C4-2B867063FC54} - No File
Handler-x32: osf - {D924BDC6-C83A-4BD5-90D0-095128A113D1} - C:\Program Files\Microsoft Office 15\root\Office15\MSOSB.DLL [2017-12-20] (Microsoft Corporation -> Microsoft Corporation)
Edge:
======
DownloadDir: C:\Users\baile\Downloads
Edge Extension: (LastPass: Free Password Manager) -> hdokiejnpimakedhajhdlcegeplioahd_LastPassLastPassFreePasswordManager_qq0fmhteeht3j => C:\Program Files\WindowsApps\LastPass.LastPassFreePasswordManager_4.36.0.0_neutral__qq0fmhteeht3j [2019-11-04]
FireFox:
========
FF Plugin: adobe.com/AdobeAAMDetect -> C:\Program Files (x86)\Adobe\Adobe Creative Cloud\Utils\npAdobeAAMDetect64.dll [2019-09-27] (Adobe Inc. -> Adobe Systems)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\Program Files\Microsoft Office 15\root\Office15\NPSPWRAP.DLL [2017-12-20] (Microsoft Corporation -> Microsoft Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.35.342\npGoogleUpdate3.dll [2019-11-05] (Google Inc -> Google LLC)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.35.342\npGoogleUpdate3.dll [2019-11-05] (Google Inc -> Google LLC)
FF Plugin-x32: adobe.com/AdobeAAMDetect -> C:\Program Files (x86)\Adobe\Adobe Creative Cloud\Utils\npAdobeAAMDetect32.dll [2019-09-27] (Adobe Inc. -> Adobe Systems)
FF Plugin HKU\S-1-5-21-260720292-2504253849-2348319339-1001: @rocketlife.com/RocketLife Secure Plug-In Layer;version=1.0.5 -> C:\Users\baile\AppData\Roaming\Visan\plugins\npRLSecurePluginLayer.dll [2011-11-15] (RocketLife -> RocketLife, LLP)
Chrome:
=======
CHR DefaultProfile: Default
CHR HomePage: Default -> file:///C:/Users/Owner/Documents/Medical
CHR StartupUrls: Default -> "hxxp://google.com/"
CHR DefaultSearchKeyword: Default -> lp
CHR Profile: C:\Users\baile\AppData\Local\Google\Chrome\User Data\Default [2019-11-07]
CHR Extension: (Slides) - C:\Users\baile\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2017-12-30]
CHR Extension: (Docs) - C:\Users\baile\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2017-12-30]
CHR Extension: (Google Drive) - C:\Users\baile\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2018-10-16]
CHR Extension: (YouTube) - C:\Users\baile\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2017-12-30]
CHR Extension: (Honey) - C:\Users\baile\AppData\Local\Google\Chrome\User Data\Default\Extensions\bmnlcjabgnpnenekpadlanbbkooimhnj [2019-10-19]
CHR Extension: (Rakuten Ebates: Get Cash Back For Shopping) - C:\Users\baile\AppData\Local\Google\Chrome\User Data\Default\Extensions\chhjbpecpncaggjpdakmflnfcopglcmi [2019-11-03]
CHR Extension: (Netflix) - C:\Users\baile\AppData\Local\Google\Chrome\User Data\Default\Extensions\deceagebecbceejblnlcjooeohmmeldh [2017-12-30]
CHR Extension: (Sheets) - C:\Users\baile\AppData\Local\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2017-12-30]
CHR Extension: (Google Docs Offline) - C:\Users\baile\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2018-08-15]
CHR Extension: (LastPass: Free Password Manager) - C:\Users\baile\AppData\Local\Google\Chrome\User Data\Default\Extensions\hdokiejnpimakedhajhdlcegeplioahd [2019-11-03]
CHR Extension: (Grammarly for Chrome) - C:\Users\baile\AppData\Local\Google\Chrome\User Data\Default\Extensions\kbfnbcaeplbcioakkpcpgfkobkghlhen [2019-11-03]
CHR Extension: (No Name) - C:\Users\baile\AppData\Local\Google\Chrome\User Data\Default\Extensions\nenlahapcbofgnanklpelkaejcehkggg [2018-11-15]
CHR Extension: (Chrome Web Store Payments) - C:\Users\baile\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2019-10-03]
CHR Extension: (Gmail) - C:\Users\baile\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2019-04-23]
CHR Extension: (Chrome Media Router) - C:\Users\baile\AppData\Local\Google\Chrome\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm [2019-11-03]
CHR Profile: C:\Users\baile\AppData\Local\Google\Chrome\User Data\Guest Profile [2019-08-28]
CHR Profile: C:\Users\baile\AppData\Local\Google\Chrome\User Data\System Profile [2019-08-28]
CHR HKLM-x32\...\Chrome\Extension: [mbckjcfnjmoiinpgddefodcighgikkgn] - hxxps://clients2.google.com/service/update2/crx
==================== Services (Whitelisted) ===================
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
R2 AdobeUpdateService; C:\Program Files (x86)\Common Files\Adobe\Adobe Desktop Common\ElevationManager\AdobeUpdateService.exe [823352 2019-09-27] (Adobe Inc. -> Adobe Inc.)
R2 AGMService; C:\Program Files (x86)\Common Files\Adobe\AdobeGCClient\AGMService.exe [3147344 2019-10-08] (Adobe Inc. -> Adobe Systems, Incorporated)
R2 AGSService; C:\Program Files (x86)\Common Files\Adobe\AdobeGCClient\AGSService.exe [2914896 2019-10-08] (Adobe Inc. -> Adobe Systems, Incorporated)
R2 Apple Mobile Device Service; C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe [96056 2019-08-26] (Apple Inc. -> Apple Inc.)
S3 BEService; C:\Program Files (x86)\Common Files\BattlEye\BEService.exe [8473200 2019-06-09] (BattlEye Innovations e.K. -> )
R2 ClickToRunSvc; C:\Program Files\Microsoft Office 15\ClientX64\OfficeClickToRun.exe [3058256 2019-02-13] (Microsoft Corporation -> Microsoft Corporation)
R2 Dolby DAX API Service; C:\Program Files\Dolby\Dolby DAX3\API\DAX3API.exe [212784 2017-04-28] (Dolby Laboratories, Inc. -> )
S3 EasyAntiCheat; C:\Program Files (x86)\EasyAntiCheat\EasyAntiCheat.exe [803440 2019-06-09] (EasyAntiCheat Oy -> EasyAntiCheat Ltd)
R2 esifsvc; C:\WINDOWS\system32\Intel\DPTF\esif_uf.exe [2211448 2016-11-08] (Intel Corporation - pGFX -> Intel Corporation)
R2 Fitbit Connect; C:\Program Files (x86)\Fitbit Connect\FitbitConnectService.exe [1435304 2015-09-11] (Fitbit, Inc. -> Fitbit, Inc.) [File not signed]
R2 ibtsiva; C:\WINDOWS\system32\ibtsiva.exe [515232 2017-06-22] (Intel(R) Wireless Connectivity Solutions -> Intel Corporation)
R2 MBAMService; C:\Program Files\Malwarebytes\Anti-Malware\mbamservice.exe [6960640 2019-11-05] (Malwarebytes Inc -> Malwarebytes)
R2 UltraVPNSvc; C:\Program Files (x86)\UltraVPN\UltraVPNSvc.exe [3226440 2019-02-01] (Network Protect Ltd -> UltraVPN)
S3 WD Backup Drive Helper; C:\WINDOWS\SysWOW64\dllhost.exe /Processid:{4AB831D3-8315-414C-8A7A-303105288D0B} [19256 2018-09-15] (Microsoft Windows -> Microsoft Corporation)
S3 WD Backup Drive Helper; C:\WINDOWS\SysWOW64\dllhost.exe /Processid:{4AB831D3-8315-414C-8A7A-303105288D0B} [19256 2018-09-15] (Microsoft Windows -> Microsoft Corporation)
S3 WD Backup Snapshot; C:\WINDOWS\SysWOW64\dllhost.exe /Processid:{302480DF-3AC5-4400-BE7B-DD77AF93B6DD} [19256 2018-09-15] (Microsoft Windows -> Microsoft Corporation)
S3 WD Backup Snapshot; C:\WINDOWS\SysWOW64\dllhost.exe /Processid:{302480DF-3AC5-4400-BE7B-DD77AF93B6DD} [19256 2018-09-15] (Microsoft Windows -> Microsoft Corporation)
R3 WdNisSvc; C:\ProgramData\Microsoft\Windows Defender\platform\4.18.1910.4-0\NisSrv.exe [3201616 2019-11-03] (Microsoft Windows Publisher -> Microsoft Corporation)
R2 WinDefend; C:\ProgramData\Microsoft\Windows Defender\platform\4.18.1910.4-0\MsMpEng.exe [103168 2019-11-03] (Microsoft Windows Publisher -> Microsoft Corporation)
R2 WTabletServiceISD; C:\Program Files\Tablet\ISD\WTabletServiceISD.exe [1645656 2017-05-24] (Wacom Technology Corporation -> Wacom Technology, Corp.)
R2 WTabletServicePro; C:\Program Files\Tablet\Wacom\WTabletServicePro.exe [1816520 2018-04-03] (Wacom Technology Corporation -> Wacom Technology, Corp.)
R2 ymc; C:\Program Files\Lenovo\YMC\ymc.exe [49032 2016-12-23] (LENOVO -> Lenovo)
===================== Drivers (Whitelisted) ===================
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
S3 aftap0901; C:\WINDOWS\System32\drivers\aftap0901.sys [48624 2018-03-06] (AnchorFree Inc -> The OpenVPN Project)
S3 dg_ssudbus; C:\WINDOWS\system32\DRIVERS\ssudbus.sys [131984 2017-05-18] (Samsung Electronics Co., Ltd. -> Samsung Electronics Co., Ltd.)
R3 dptf_acpi; C:\WINDOWS\System32\drivers\dptf_acpi.sys [72592 2016-10-24] (Intel Corporation -> Intel Corporation)
R3 dptf_cpu; C:\WINDOWS\System32\drivers\dptf_cpu.sys [67984 2016-10-24] (Intel Corporation -> Intel Corporation)
R3 esif_lf; C:\WINDOWS\system32\DRIVERS\esif_lf.sys [355216 2016-10-24] (Intel Corporation -> Intel Corporation)
R1 ESProtectionDriver; C:\WINDOWS\system32\drivers\mbae64.sys [153312 2019-11-07] (Malwarebytes Corporation -> Malwarebytes)
R3 ibtusb; C:\WINDOWS\system32\DRIVERS\ibtusb.sys [129008 2017-06-22] (Intel(R) Wireless Connectivity Solutions -> Intel Corporation)
R2 MBAMChameleon; C:\WINDOWS\System32\Drivers\MbamChameleon.sys [248480 2019-11-07] (Malwarebytes Inc -> Malwarebytes)
S0 MbamElam; C:\WINDOWS\System32\DRIVERS\MbamElam.sys [20936 2019-11-05] (Microsoft Windows Early Launch Anti-malware Publisher -> Malwarebytes)
R3 MBAMFarflt; C:\WINDOWS\System32\DRIVERS\farflt.sys [224408 2019-11-07] (Malwarebytes Corporation -> Malwarebytes)
R3 MBAMProtection; C:\WINDOWS\system32\DRIVERS\mbam.sys [73584 2019-11-07] (Malwarebytes Corporation -> Malwarebytes)
R3 MBAMSwissArmy; C:\WINDOWS\System32\Drivers\mbamswissarmy.sys [278344 2019-11-07] (Malwarebytes Inc -> Malwarebytes)
R3 MBAMWebProtection; C:\WINDOWS\system32\DRIVERS\mwac.sys [116832 2019-11-07] (Malwarebytes Corporation -> Malwarebytes)
S3 Netaapl; C:\WINDOWS\System32\drivers\netaapl64.sys [23040 2017-11-27] (Microsoft Windows Hardware Compatibility Publisher -> Apple Inc.)
R3 Netwtw06; C:\WINDOWS\System32\drivers\Netwtw06.sys [8723968 2018-09-15] (Microsoft Windows -> Intel Corporation)
R3 rtsuvc; C:\WINDOWS\system32\DRIVERS\rtsuvc.sys [3227648 2017-03-02] (Realtek Semiconductor Corp. -> Realtek Semiconductor Corp.)
S3 ssudmdm; C:\WINDOWS\system32\DRIVERS\ssudmdm.sys [166288 2017-05-18] (Samsung Electronics Co., Ltd. -> Samsung Electronics Co., Ltd.)
R3 tap0901; C:\WINDOWS\System32\drivers\tap0901.sys [39040 2018-08-15] (GZ Systems Limited -> The OpenVPN Project)
S3 USBAAPL64; C:\WINDOWS\System32\Drivers\usbaapl64.sys [54784 2017-11-27] (Microsoft Windows Hardware Compatibility Publisher -> Apple, Inc.)
R3 WacHidRouterISD; C:\WINDOWS\system32\DRIVERS\wachidrouter_isd.sys [142424 2017-05-24] (Wacom Technology Corporation -> Wacom Technology, Corp.)
S0 WdBoot; C:\WINDOWS\System32\drivers\wd\WdBoot.sys [46472 2019-11-03] (Microsoft Windows Early Launch Anti-malware Publisher -> Microsoft Corporation)
R3 WDC_SAM; C:\WINDOWS\System32\drivers\wdcsam64.sys [26880 2015-11-12] (WDKTestCert wdclab,130885612892544312 -> Western Digital Technologies, Inc.)
R0 WdFilter; C:\WINDOWS\System32\drivers\wd\WdFilter.sys [351968 2019-11-03] (Microsoft Windows -> Microsoft Corporation)
R3 WdNisDrv; C:\WINDOWS\System32\drivers\wd\WdNisDrv.sys [53984 2019-11-03] (Microsoft Windows -> Microsoft Corporation)
==================== NetSvcs (Whitelisted) ===================
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
==================== One month (created) ===================
(If an entry is included in the fixlist, the file/folder will be moved.)
2019-11-07 21:58 - 2019-11-07 21:59 - 000030779 _____ C:\Users\baile\Desktop\FRST.txt
2019-11-07 21:57 - 2019-11-07 21:57 - 002259968 _____ (Farbar) C:\Users\baile\Desktop\FRST64.exe
2019-11-07 21:53 - 2019-11-07 21:53 - 000000000 ____D C:\Users\baile\AppData\Roaming\Western Digital
2019-11-07 21:52 - 2019-11-07 21:52 - 000002233 _____ C:\Users\Public\Desktop\WD Backup.lnk
2019-11-07 21:52 - 2019-11-07 21:52 - 000002233 _____ C:\ProgramData\Desktop\WD Backup.lnk
2019-11-07 21:52 - 2019-11-07 21:52 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\WD Discovery
2019-11-07 21:52 - 2019-11-07 21:52 - 000000000 ____D C:\Program Files (x86)\Western Digital
2019-11-07 02:25 - 2019-11-07 02:25 - 000278344 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\mbamswissarmy.sys
2019-11-07 02:25 - 2019-11-07 02:25 - 000224408 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\farflt.sys
2019-11-07 02:25 - 2019-11-07 02:25 - 000116832 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\mwac.sys
2019-11-07 02:25 - 2019-11-07 02:25 - 000073584 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\mbam.sys
2019-11-07 02:24 - 2019-11-07 02:24 - 000248480 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\MbamChameleon.sys
2019-11-07 00:51 - 2019-11-07 00:51 - 007622344 _____ (Malwarebytes) C:\Users\baile\Desktop\adwcleaner_7.4.2.exe
2019-11-06 19:42 - 2019-11-06 19:42 - 000000000 ____D C:\Users\baile\AppData\Local\EpicGamesLauncher
2019-11-06 19:42 - 2019-11-06 19:42 - 000000000 ____D C:\Users\baile\AppData\Local\CrashReportClient
2019-11-06 15:01 - 2019-11-06 15:01 - 000291606 _____ C:\Users\baile\Downloads\TCPView.zip
2019-11-05 15:34 - 2019-11-05 15:34 - 001883976 _____ (Malwarebytes) C:\Users\baile\Downloads\MBSetup.exe
2019-11-05 14:28 - 2019-11-07 02:49 - 000003274 _____ C:\WINDOWS\system32\Tasks\Adobe Uninstaller
2019-11-04 01:26 - 2019-11-07 19:35 - 000003712 _____ C:\WINDOWS\system32\Tasks\Kaspersky_Upgrade_{E7FE8BD6-07C8-4138-AB61-92AA886397EA}
2019-11-04 01:26 - 2019-11-07 19:34 - 000000000 ____D C:\Users\baile\AppData\Roaming\KasperskyUpgradeLogs
2019-11-03 19:21 - 2019-11-03 19:21 - 000001652 _____ C:\Users\baile\Desktop\Nov2019 - Shortcut.lnk
2019-11-03 18:57 - 2019-11-03 18:57 - 000000000 ____D C:\Users\baile\AppData\Local\Kaspersky Lab
2019-11-03 18:13 - 2019-11-03 18:42 - 000000000 ____D C:\$SysReset
2019-11-03 15:05 - 2019-11-03 15:05 - 000000000 ____D C:\Users\baile\AppData\Roaming\AVAST Software
2019-11-03 14:24 - 2019-11-03 14:24 - 000000000 ____D C:\ProgramData\Kaspersky Lab Setup Files
2019-11-02 18:28 - 2019-11-02 18:28 - 000000000 ____D C:\Users\baile\AppData\Local\TempTaskUpdateDetectionB4D7477D-46BC-4F33-A858-0E5D9DE22D7F
2019-10-29 17:29 - 2019-11-04 13:51 - 000000000 ____D C:\Users\baile\Documents\Kohls
2019-10-21 21:14 - 2019-11-07 02:24 - 000153312 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\mbae64.sys
2019-10-21 21:14 - 2019-11-05 15:35 - 000020936 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\MbamElam.sys
2019-10-21 21:14 - 2019-11-05 15:35 - 000002028 _____ C:\Users\Public\Desktop\Malwarebytes.lnk
2019-10-21 21:14 - 2019-11-05 15:35 - 000002028 _____ C:\ProgramData\Desktop\Malwarebytes.lnk
2019-10-21 21:14 - 2019-11-03 18:42 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes
2019-10-21 21:13 - 2019-10-21 21:13 - 066367928 _____ (Malwarebytes ) C:\Users\baile\Downloads\mb3-setup-37469.37469-3.8.3.2965-1.0.627-1.0.12633.exe
2019-10-21 20:02 - 2019-11-05 14:29 - 000000000 ____D C:\Program Files\Common Files\AV
2019-10-21 19:58 - 2019-10-21 19:58 - 003003104 _____ (Kaspersky) C:\Users\baile\Downloads\kav20.0.14.1085abcen_es_fr_19078.exe
2019-10-17 23:35 - 2019-10-17 23:36 - 000000000 ____D C:\Users\baile\Documents\HP Printer
2019-10-17 21:17 - 2019-10-18 11:38 - 000000000 ___RD C:\Users\baile\Documents\RocketLifeNetwork
2019-10-17 21:17 - 2019-10-17 21:17 - 000000000 ____D C:\Users\baile\AppData\Roaming\Visan
2019-10-17 21:17 - 2019-10-17 21:17 - 000000000 ____D C:\Users\baile\AppData\Local\RLPlatform
2019-10-17 18:49 - 2019-10-17 18:50 - 000000000 ____D C:\Users\baile\Documents\Walgreens
2019-10-17 16:35 - 2019-10-17 16:35 - 000000000 ____D C:\Users\baile\Documents\HpReg_Backup
2019-10-17 16:34 - 2019-10-17 19:22 - 000002088 _____ C:\Users\Public\Desktop\HP Print and Scan Doctor.lnk
2019-10-17 16:34 - 2019-10-17 19:22 - 000002088 _____ C:\ProgramData\Desktop\HP Print and Scan Doctor.lnk
2019-10-17 16:34 - 2019-10-17 16:34 - 000000000 ____D C:\Users\baile\AppData\Roaming\HPPSDr
2019-10-17 15:56 - 2019-10-17 15:56 - 000000000 ____D C:\ProgramData\Visan
2019-10-17 15:55 - 2019-10-17 15:55 - 000003746 _____ C:\WINDOWS\system32\Tasks\HPCustParticipation HP OfficeJet Pro 8020 series
2019-10-17 15:55 - 2019-10-17 15:55 - 000001332 _____ C:\Users\Public\Desktop\HP Print Scan Doctor Downloader - HP OfficeJet Pro 8020 series.lnk
2019-10-17 15:55 - 2019-10-17 15:55 - 000001332 _____ C:\ProgramData\Desktop\HP Print Scan Doctor Downloader - HP OfficeJet Pro 8020 series.lnk
2019-10-17 15:55 - 2019-10-17 15:55 - 000001322 _____ C:\Users\Public\Desktop\HP OfficeJet Pro 8020 series-HP Scan.lnk
2019-10-17 15:55 - 2019-10-17 15:55 - 000001322 _____ C:\ProgramData\Desktop\HP OfficeJet Pro 8020 series-HP Scan.lnk
2019-10-17 15:55 - 2019-10-17 15:55 - 000001285 _____ C:\Users\Public\Desktop\Shop for Supplies - HP OfficeJet Pro 8020 series.lnk
2019-10-17 15:55 - 2019-10-17 15:55 - 000001285 _____ C:\ProgramData\Desktop\Shop for Supplies - HP OfficeJet Pro 8020 series.lnk
2019-10-17 15:53 - 2019-10-17 15:54 - 138462472 _____ C:\Users\baile\Downloads\OJP8020_Full_WebPack_49.3.4475.exe
2019-10-17 15:51 - 2019-10-17 15:51 - 000000000 ____D C:\Users\baile\AppData\Local\GoToAssist Remote Support Customer
2019-10-16 20:03 - 2019-10-16 20:03 - 000000000 ____D C:\Users\baile\Downloads\WebKit.resources
2019-10-16 20:03 - 2019-10-16 20:03 - 000000000 ____D C:\Users\baile\Downloads\MediaAccessibility.resources
2019-10-16 20:03 - 2019-10-16 20:03 - 000000000 ____D C:\Users\baile\Downloads\iTunes.Resources
2019-10-16 20:03 - 2019-10-16 20:03 - 000000000 ____D C:\Users\baile\Downloads\Foundation.resources
2019-10-16 20:03 - 2019-10-16 20:03 - 000000000 ____D C:\Users\baile\Downloads\CoreText.resources
2019-10-16 20:03 - 2019-10-16 20:03 - 000000000 ____D C:\Users\baile\Downloads\CoreMedia.resources
2019-10-16 20:03 - 2019-10-16 20:03 - 000000000 ____D C:\Users\baile\Downloads\CoreFoundation.resources
2019-10-16 20:03 - 2019-10-16 20:03 - 000000000 ____D C:\Users\baile\Downloads\ColorSync.resources
2019-10-16 20:03 - 2019-10-16 20:03 - 000000000 ____D C:\Users\baile\Downloads\CFNetwork.resources
2019-10-16 20:03 - 2019-10-16 20:03 - 000000000 ____D C:\Users\baile\Downloads\AVFoundationCF.resources
2019-10-16 20:03 - 2019-10-16 20:03 - 000000000 ____D C:\Users\baile\Downloads\AuthKitWin.resources
2019-10-16 20:03 - 2019-10-16 20:03 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\iTunes
2019-10-16 20:03 - 2019-10-16 20:03 - 000000000 ____D C:\Program Files\iPod
2019-10-16 20:01 - 2019-10-16 20:01 - 000000000 ____D C:\WINDOWS\system32\Tasks\Apple
2019-10-16 20:01 - 2019-10-16 20:01 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\iCloud
2019-10-16 20:01 - 2019-10-16 20:01 - 000000000 ____D C:\Program Files (x86)\Apple Software Update
2019-10-15 21:06 - 2019-11-06 14:50 - 000000000 ____D C:\Users\baile\Documents\Medicare
2019-10-12 18:30 - 2019-10-12 18:30 - 000002441 _____ C:\Users\baile\Desktop\Outlook 2013.lnk
2019-10-09 23:17 - 2019-11-05 22:17 - 000000127 _____ C:\Users\baile\Desktop\Facebook.url
2019-10-08 19:52 - 2019-10-08 19:52 - 026806784 _____ (Microsoft Corporation) C:\WINDOWS\system32\edgehtml.dll
2019-10-08 19:52 - 2019-10-08 19:52 - 024616960 _____ (Microsoft Corporation) C:\WINDOWS\system32\Hydrogen.dll
2019-10-08 19:52 - 2019-10-08 19:52 - 023455744 _____ (Microsoft Corporation) C:\WINDOWS\system32\mshtml.dll
2019-10-08 19:52 - 2019-10-08 19:52 - 020816384 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\edgehtml.dll
2019-10-08 19:52 - 2019-10-08 19:52 - 019284992 _____ (Microsoft Corporation) C:\WINDOWS\system32\HologramWorld.dll
2019-10-08 19:52 - 2019-10-08 19:52 - 019014144 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mshtml.dll
2019-10-08 19:52 - 2019-10-08 19:52 - 017485312 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.UI.Xaml.dll
2019-10-08 19:52 - 2019-10-08 19:52 - 015220224 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.UI.Xaml.dll
2019-10-08 19:52 - 2019-10-08 19:52 - 012960768 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieframe.dll
2019-10-08 19:52 - 2019-10-08 19:52 - 012259840 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ieframe.dll
2019-10-08 19:52 - 2019-10-08 19:52 - 009680400 _____ (Microsoft Corporation) C:\WINDOWS\system32\ntoskrnl.exe
2019-10-08 19:52 - 2019-10-08 19:52 - 008903168 _____ (Microsoft Corporation) C:\WINDOWS\system32\mstscax.dll
2019-10-08 19:52 - 2019-10-08 19:52 - 007921664 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mstscax.dll
2019-10-08 19:52 - 2019-10-08 19:52 - 007872000 _____ (Microsoft Corporation) C:\WINDOWS\system32\Chakra.dll
2019-10-08 19:52 - 2019-10-08 19:52 - 007645392 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Media.Protection.PlayReady.dll
2019-10-08 19:52 - 2019-10-08 19:52 - 006542464 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Media.Protection.PlayReady.dll
2019-10-08 19:52 - 2019-10-08 19:52 - 006065152 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Chakra.dll
2019-10-08 19:52 - 2019-10-08 19:52 - 005436696 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfcore.dll
2019-10-08 19:52 - 2019-10-08 19:52 - 005086208 _____ (Microsoft Corporation) C:\WINDOWS\system32\wininet.dll
2019-10-08 19:52 - 2019-10-08 19:52 - 004873728 _____ (Microsoft Corporation) C:\WINDOWS\system32\jscript9.dll
2019-10-08 19:52 - 2019-10-08 19:52 - 004628992 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wininet.dll
2019-10-08 19:52 - 2019-10-08 19:52 - 004588544 _____ (Microsoft Corporation) C:\WINDOWS\system32\sppsvc.exe
2019-10-08 19:52 - 2019-10-08 19:52 - 004057088 _____ (Microsoft Corporation) C:\WINDOWS\system32\EdgeContent.dll
2019-10-08 19:52 - 2019-10-08 19:52 - 003702784 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\jscript9.dll
2019-10-08 19:52 - 2019-10-08 19:52 - 003567104 _____ (Microsoft Corporation) C:\WINDOWS\system32\diagtrack.dll
2019-10-08 19:52 - 2019-10-08 19:52 - 003550384 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mfcore.dll
2019-10-08 19:52 - 2019-10-08 19:52 - 003387392 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppXDeploymentServer.dll
2019-10-08 19:52 - 2019-10-08 19:52 - 002699768 _____ (Microsoft Corporation) C:\WINDOWS\system32\KernelBase.dll
2019-10-08 19:52 - 2019-10-08 19:52 - 002699264 _____ (Microsoft Corporation) C:\WINDOWS\system32\WebRuntimeManager.dll
2019-10-08 19:52 - 2019-10-08 19:52 - 002469440 _____ (Microsoft Corporation) C:\WINDOWS\system32\msmpeg2vdec.dll
2019-10-08 19:52 - 2019-10-08 19:52 - 002437344 _____ (Microsoft Corporation) C:\WINDOWS\system32\msxml6.dll
2019-10-08 19:52 - 2019-10-08 19:52 - 002429768 _____ (Microsoft Corporation) C:\WINDOWS\system32\WMVCORE.DLL
2019-10-08 19:52 - 2019-10-08 19:52 - 002421760 _____ (Microsoft Corporation) C:\WINDOWS\system32\win32kbase.sys
2019-10-08 19:52 - 2019-10-08 19:52 - 002323696 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msmpeg2vdec.dll
2019-10-08 19:52 - 2019-10-08 19:52 - 002298880 _____ (Microsoft Corporation) C:\WINDOWS\system32\ResetEngine.dll
2019-10-08 19:52 - 2019-10-08 19:52 - 002278240 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfasfsrcsnk.dll
2019-10-08 19:52 - 2019-10-08 19:52 - 002192384 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppXDeploymentExtensions.onecore.dll
2019-10-08 19:52 - 2019-10-08 19:52 - 002160160 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\WMVCORE.DLL
2019-10-08 19:52 - 2019-10-08 19:52 - 002110472 _____ (Microsoft Corporation) C:\WINDOWS\system32\AudioEng.dll
2019-10-08 19:52 - 2019-10-08 19:52 - 002072176 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\KernelBase.dll
2019-10-08 19:52 - 2019-10-08 19:52 - 002050560 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.CloudStore.dll
2019-10-08 19:52 - 2019-10-08 19:52 - 002015400 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msxml6.dll
2019-10-08 19:52 - 2019-10-08 19:52 - 001994976 _____ (Microsoft Corporation) C:\WINDOWS\system32\ntdll.dll
2019-10-08 19:52 - 2019-10-08 19:52 - 001929728 _____ (Microsoft Corporation) C:\WINDOWS\system32\audiosrv.dll
2019-10-08 19:52 - 2019-10-08 19:52 - 001918792 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\AudioEng.dll
2019-10-08 19:52 - 2019-10-08 19:52 - 001904128 _____ (Microsoft Corporation) C:\WINDOWS\system32\FntCache.dll
2019-10-08 19:52 - 2019-10-08 19:52 - 001830200 _____ (Microsoft Corporation) C:\WINDOWS\system32\rdpserverbase.dll
2019-10-08 19:52 - 2019-10-08 19:52 - 001751432 _____ (Microsoft Corporation) C:\WINDOWS\system32\sppobjs.dll
2019-10-08 19:52 - 2019-10-08 19:52 - 001701880 _____ (Microsoft Corporation) C:\WINDOWS\system32\winload.efi
2019-10-08 19:52 - 2019-10-08 19:52 - 001677816 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\user32.dll
2019-10-08 19:52 - 2019-10-08 19:52 - 001674480 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ntdll.dll
2019-10-08 19:52 - 2019-10-08 19:52 - 001666232 _____ (Microsoft Corporation) C:\WINDOWS\system32\user32.dll
2019-10-08 19:52 - 2019-10-08 19:52 - 001608192 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppXDeploymentExtensions.desktop.dll
2019-10-08 19:52 - 2019-10-08 19:52 - 001590072 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\rdpserverbase.dll
2019-10-08 19:52 - 2019-10-08 19:52 - 001472576 _____ (Microsoft Corporation) C:\WINDOWS\system32\winload.exe
2019-10-08 19:52 - 2019-10-08 19:52 - 001388032 _____ (Microsoft Corporation) C:\WINDOWS\system32\bcastdvruserservice.dll
2019-10-08 19:52 - 2019-10-08 19:52 - 001344960 _____ (Microsoft Corporation) C:\WINDOWS\system32\winresume.efi
2019-10-08 19:52 - 2019-10-08 19:52 - 001331536 _____ (Microsoft Corporation) C:\WINDOWS\system32\AudioSes.dll
2019-10-08 19:52 - 2019-10-08 19:52 - 001309696 _____ (Microsoft Corporation) C:\WINDOWS\system32\webplatstorageserver.dll
2019-10-08 19:52 - 2019-10-08 19:52 - 001291264 _____ (Microsoft Corporation) C:\WINDOWS\system32\werconcpl.dll
2019-10-08 19:52 - 2019-10-08 19:52 - 001289192 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mfasfsrcsnk.dll
2019-10-08 19:52 - 2019-10-08 19:52 - 001253688 _____ (Microsoft Corporation) C:\WINDOWS\system32\hvix64.exe
2019-10-08 19:52 - 2019-10-08 19:52 - 001247560 _____ (Microsoft Corporation) C:\WINDOWS\system32\ClipUp.exe
2019-10-08 19:52 - 2019-10-08 19:52 - 001224704 _____ (Microsoft Corporation) C:\WINDOWS\system32\reseteng.dll
2019-10-08 19:52 - 2019-10-08 19:52 - 001201136 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfmpeg2srcsnk.dll
2019-10-08 19:52 - 2019-10-08 19:52 - 001182448 _____ (Microsoft Corporation) C:\WINDOWS\system32\winresume.exe
2019-10-08 19:52 - 2019-10-08 19:52 - 001098136 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\AudioSes.dll
2019-10-08 19:52 - 2019-10-08 19:52 - 001087800 _____ (Microsoft Corporation) C:\WINDOWS\system32\ReAgent.dll
2019-10-08 19:52 - 2019-10-08 19:52 - 001056056 _____ (Microsoft Corporation) C:\WINDOWS\system32\pidgenx.dll
2019-10-08 19:52 - 2019-10-08 19:52 - 001054928 _____ (Microsoft Corporation) C:\WINDOWS\system32\ApplyTrustOffline.exe
2019-10-08 19:52 - 2019-10-08 19:52 - 001048888 _____ (Microsoft Corporation) C:\WINDOWS\system32\hvax64.exe
2019-10-08 19:52 - 2019-10-08 19:52 - 001024712 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mfmpeg2srcsnk.dll
2019-10-08 19:52 - 2019-10-08 19:52 - 000981504 _____ (Microsoft Corporation) C:\WINDOWS\system32\MusUpdateHandlers.dll
2019-10-08 19:52 - 2019-10-08 19:52 - 000917816 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ReAgent.dll
2019-10-08 19:52 - 2019-10-08 19:52 - 000912384 _____ (Microsoft Corporation) C:\WINDOWS\system32\EdgeManager.dll
2019-10-08 19:52 - 2019-10-08 19:52 - 000901120 _____ (Microsoft Corporation) C:\WINDOWS\system32\usocore.dll
2019-10-08 19:52 - 2019-10-08 19:52 - 000895560 _____ (Microsoft Corporation) C:\WINDOWS\system32\wer.dll
2019-10-08 19:52 - 2019-10-08 19:52 - 000883200 _____ (Microsoft Corporation) C:\WINDOWS\system32\CPFilters.dll
2019-10-08 19:52 - 2019-10-08 19:52 - 000860160 _____ C:\WINDOWS\system32\MBR2GPT.EXE
2019-10-08 19:52 - 2019-10-08 19:52 - 000851272 _____ (Microsoft Corporation) C:\WINDOWS\system32\ci.dll
2019-10-08 19:52 - 2019-10-08 19:52 - 000848896 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MSMPEG2ENC.DLL
2019-10-08 19:52 - 2019-10-08 19:52 - 000843264 _____ (Microsoft Corporation) C:\WINDOWS\system32\jscript.dll
2019-10-08 19:52 - 2019-10-08 19:52 - 000833024 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\webplatstorageserver.dll
2019-10-08 19:52 - 2019-10-08 19:52 - 000829440 _____ (Microsoft Corporation) C:\WINDOWS\system32\HologramCompositor.dll
2019-10-08 19:52 - 2019-10-08 19:52 - 000805296 _____ (Microsoft Corporation) C:\WINDOWS\system32\BioIso.exe
2019-10-08 19:52 - 2019-10-08 19:52 - 000794112 _____ (Microsoft Corporation) C:\WINDOWS\system32\LogonController.dll
2019-10-08 19:52 - 2019-10-08 19:52 - 000782336 _____ (Microsoft Corporation) C:\WINDOWS\system32\winlogon.exe
2019-10-08 19:52 - 2019-10-08 19:52 - 000764928 _____ (Microsoft Corporation) C:\WINDOWS\system32\updatehandlers.dll
2019-10-08 19:52 - 2019-10-08 19:52 - 000764216 _____ (Microsoft Corporation) C:\WINDOWS\system32\wimgapi.dll
2019-10-08 19:52 - 2019-10-08 19:52 - 000750592 _____ (Microsoft Corporation) C:\WINDOWS\system32\AudioEndpointBuilder.dll
2019-10-08 19:52 - 2019-10-08 19:52 - 000690688 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\CPFilters.dll
2019-10-08 19:52 - 2019-10-08 19:52 - 000687104 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\jscript.dll
2019-10-08 19:52 - 2019-10-08 19:52 - 000681720 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wer.dll
2019-10-08 19:52 - 2019-10-08 19:52 - 000670208 _____ (Microsoft Corporation) C:\WINDOWS\system32\SettingsHandlers_Devices.dll
2019-10-08 19:52 - 2019-10-08 19:52 - 000663040 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\EdgeManager.dll
2019-10-08 19:52 - 2019-10-08 19:52 - 000662024 _____ (Microsoft Corporation) C:\WINDOWS\system32\computecore.dll
2019-10-08 19:52 - 2019-10-08 19:52 - 000657408 _____ (Microsoft Corporation) C:\WINDOWS\system32\BootMenuUX.dll
2019-10-08 19:52 - 2019-10-08 19:52 - 000652088 _____ (Microsoft Corporation) C:\WINDOWS\system32\securekernel.exe
2019-10-08 19:52 - 2019-10-08 19:52 - 000605496 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wimgapi.dll
2019-10-08 19:52 - 2019-10-08 19:52 - 000604336 _____ (Microsoft Corporation) C:\WINDOWS\system32\audiodg.exe
2019-10-08 19:52 - 2019-10-08 19:52 - 000595456 _____ (Microsoft Corporation) C:\WINDOWS\system32\vbscript.dll
2019-10-08 19:52 - 2019-10-08 19:52 - 000578560 _____ (Microsoft Corporation) C:\WINDOWS\system32\SppExtComObj.Exe
2019-10-08 19:52 - 2019-10-08 19:52 - 000575488 _____ (Microsoft Corporation) C:\WINDOWS\system32\MusNotification.exe
2019-10-08 19:52 - 2019-10-08 19:52 - 000532992 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\vbscript.dll
2019-10-08 19:52 - 2019-10-08 19:52 - 000531976 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mf.dll
2019-10-08 19:52 - 2019-10-08 19:52 - 000522104 _____ (Microsoft Corporation) C:\WINDOWS\system32\systemreset.exe
2019-10-08 19:52 - 2019-10-08 19:52 - 000519992 _____ (Microsoft Corporation) C:\WINDOWS\system32\wimserv.exe
2019-10-08 19:52 - 2019-10-08 19:52 - 000519168 _____ (Microsoft Corporation) C:\WINDOWS\system32\sppcext.dll
2019-10-08 19:52 - 2019-10-08 19:52 - 000518144 _____ (Microsoft Corporation) C:\WINDOWS\system32\schannel.dll
2019-10-08 19:52 - 2019-10-08 19:52 - 000508728 _____ (Microsoft Corporation) C:\WINDOWS\system32\WerFault.exe
2019-10-08 19:52 - 2019-10-08 19:52 - 000506200 _____ (Microsoft Corporation) C:\WINDOWS\system32\mf.dll
2019-10-08 19:52 - 2019-10-08 19:52 - 000495616 _____ (Microsoft Corporation) C:\WINDOWS\system32\werui.dll
2019-10-08 19:52 - 2019-10-08 19:52 - 000462136 _____ (Microsoft Corporation) C:\WINDOWS\system32\msv1_0.dll
2019-10-08 19:52 - 2019-10-08 19:52 - 000453432 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\rdbss.sys
2019-10-08 19:52 - 2019-10-08 19:52 - 000449368 _____ (Microsoft Corporation) C:\WINDOWS\system32\Faultrep.dll
2019-10-08 19:52 - 2019-10-08 19:52 - 000444728 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\WerFault.exe
2019-10-08 19:52 - 2019-10-08 19:52 - 000444416 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\schannel.dll
2019-10-08 19:52 - 2019-10-08 19:52 - 000430592 _____ (Microsoft Corporation) C:\WINDOWS\system32\MusNotificationUx.exe
2019-10-08 19:52 - 2019-10-08 19:52 - 000428032 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\werui.dll
2019-10-08 19:52 - 2019-10-08 19:52 - 000421176 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\pci.sys
2019-10-08 19:52 - 2019-10-08 19:52 - 000387832 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Faultrep.dll
2019-10-08 19:52 - 2019-10-08 19:52 - 000385336 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msv1_0.dll
2019-10-08 19:52 - 2019-10-08 19:52 - 000376568 _____ (Microsoft Corporation) C:\WINDOWS\system32\MusNotifyIcon.exe
2019-10-08 19:52 - 2019-10-08 19:52 - 000357888 _____ (Microsoft Corporation) C:\WINDOWS\system32\WaaSMedicSvc.dll
2019-10-08 19:52 - 2019-10-08 19:52 - 000353792 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msrd3x40.dll
2019-10-08 19:52 - 2019-10-08 19:52 - 000294512 _____ (Microsoft Corporation) C:\WINDOWS\system32\skci.dll
2019-10-08 19:52 - 2019-10-08 19:52 - 000282424 _____ (Microsoft Corporation) C:\WINDOWS\system32\browserbroker.dll
2019-10-08 19:52 - 2019-10-08 19:52 - 000257024 _____ (Microsoft Corporation) C:\WINDOWS\system32\WaaSMedicCapsule.dll
2019-10-08 19:52 - 2019-10-08 19:52 - 000250880 _____ (Microsoft Corporation) C:\WINDOWS\system32\FileHistory.exe
2019-10-08 19:52 - 2019-10-08 19:52 - 000241152 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msltus40.dll
2019-10-08 19:52 - 2019-10-08 19:52 - 000224568 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\wof.sys
2019-10-08 19:52 - 2019-10-08 19:52 - 000217088 _____ (Microsoft Corporation) C:\WINDOWS\system32\DWWIN.EXE
2019-10-08 19:52 - 2019-10-08 19:52 - 000213504 _____ (Microsoft Corporation) C:\WINDOWS\system32\wersvc.dll
2019-10-08 19:52 - 2019-10-08 19:52 - 000213304 _____ (Microsoft Corporation) C:\WINDOWS\system32\wermgr.exe
2019-10-08 19:52 - 2019-10-08 19:52 - 000201736 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\appid.sys
2019-10-08 19:52 - 2019-10-08 19:52 - 000193336 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wermgr.exe
2019-10-08 19:52 - 2019-10-08 19:52 - 000180736 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\DWWIN.EXE
2019-10-08 19:52 - 2019-10-08 19:52 - 000163232 _____ (Microsoft Corporation) C:\WINDOWS\system32\WerFaultSecure.exe
2019-10-08 19:52 - 2019-10-08 19:52 - 000160768 _____ (Microsoft Corporation) C:\WINDOWS\system32\umpo.dll
2019-10-08 19:52 - 2019-10-08 19:52 - 000147944 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\WerFaultSecure.exe
2019-10-08 19:52 - 2019-10-08 19:52 - 000134656 _____ (Microsoft Corporation) C:\WINDOWS\system32\dnscmmc.dll
2019-10-08 19:52 - 2019-10-08 19:52 - 000122368 _____ (Microsoft Corporation) C:\WINDOWS\system32\wercplsupport.dll
2019-10-08 19:52 - 2019-10-08 19:52 - 000120832 _____ (Microsoft Corporation) C:\WINDOWS\system32\updatecsp.dll
2019-10-08 19:52 - 2019-10-08 19:52 - 000104464 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\bindflt.sys
2019-10-08 19:52 - 2019-10-08 19:52 - 000092160 _____ (Microsoft Corporation) C:\WINDOWS\system32\wsqmcons.exe
2019-10-08 19:52 - 2019-10-08 19:52 - 000088576 _____ (Microsoft Corporation) C:\WINDOWS\system32\WaaSMedicAgent.exe
2019-10-08 19:52 - 2019-10-08 19:52 - 000078336 _____ (Microsoft Corporation) C:\WINDOWS\system32\fhuxgraphics.dll
2019-10-08 19:52 - 2019-10-08 19:52 - 000060416 _____ (Microsoft Corporation) C:\WINDOWS\system32\TpmTasks.dll
2019-10-08 19:52 - 2019-10-08 19:52 - 000050688 _____ (Microsoft Corporation) C:\WINDOWS\system32\NAPCRYPT.DLL
2019-10-08 19:52 - 2019-10-08 19:52 - 000041984 _____ (Microsoft Corporation) C:\WINDOWS\system32\werdiagcontroller.dll
2019-10-08 19:52 - 2019-10-08 19:52 - 000039304 _____ (Microsoft Corporation) C:\WINDOWS\system32\NtlmShared.dll
2019-10-08 19:52 - 2019-10-08 19:52 - 000035840 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\werdiagcontroller.dll
2019-10-08 19:52 - 2019-10-08 19:52 - 000033056 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\NtlmShared.dll
2019-10-08 19:52 - 2019-10-08 19:52 - 000000315 _____ C:\WINDOWS\system32\DrtmAuth8.bin
2019-10-08 19:52 - 2019-10-08 19:52 - 000000315 _____ C:\WINDOWS\system32\DrtmAuth7.bin
2019-10-08 19:52 - 2019-10-08 19:52 - 000000315 _____ C:\WINDOWS\system32\DrtmAuth6.bin
2019-10-08 19:52 - 2019-10-08 19:52 - 000000315 _____ C:\WINDOWS\system32\DrtmAuth5.bin
2019-10-08 19:52 - 2019-10-08 19:52 - 000000315 _____ C:\WINDOWS\system32\DrtmAuth4.bin
2019-10-08 19:52 - 2019-10-08 19:52 - 000000315 _____ C:\WINDOWS\system32\DrtmAuth3.bin
2019-10-08 19:52 - 2019-10-08 19:52 - 000000315 _____ C:\WINDOWS\system32\DrtmAuth2.bin
2019-10-08 19:52 - 2019-10-08 19:52 - 000000315 _____ C:\WINDOWS\system32\DrtmAuth1.bin
==================== One month (modified) ==================
(If an entry is included in the fixlist, the file/folder will be moved.)
2019-11-07 21:59 - 2018-04-12 15:34 - 000000000 ____D C:\FRST
2019-11-07 21:58 - 2018-09-15 01:33 - 000000000 ____D C:\WINDOWS\registration
2019-11-07 21:52 - 2017-11-09 18:41 - 000000000 ____D C:\ProgramData\Package Cache
2019-11-07 20:16 - 2017-12-20 15:47 - 000000000 ____D C:\Users\baile\Documents\Outlook Files
2019-11-07 19:42 - 2019-08-07 19:58 - 000000000 ___DC C:\WINDOWS\Panther
2019-11-07 19:37 - 2019-10-01 20:08 - 000000000 ___HD C:\Users\Public\Documents\AdobeGCData
2019-11-07 19:37 - 2019-10-01 20:08 - 000000000 ___HD C:\ProgramData\Documents\AdobeGCData
2019-11-07 19:35 - 2019-08-07 20:30 - 000004164 _____ C:\WINDOWS\system32\Tasks\User_Feed_Synchronization-{B393C7FE-B95B-48A2-8819-C5B1623E23B2}
2019-11-07 19:35 - 2019-08-07 20:29 - 000011433 _____ C:\WINDOWS\diagwrn.xml
2019-11-07 19:35 - 2019-08-07 20:29 - 000011433 _____ C:\WINDOWS\diagerr.xml
2019-11-07 19:35 - 2019-03-19 01:02 - 000000000 ___HD C:\$WINDOWS.~BT
2019-11-07 19:32 - 2017-12-19 19:36 - 000000000 ____D C:\Users\baile\AppData\Roaming\WTablet
2019-11-07 19:31 - 2018-09-15 01:33 - 000000000 ____D C:\ProgramData\regid.1991-06.com.microsoft
2019-11-07 02:37 - 2019-08-07 20:34 - 000005768 _____ C:\WINDOWS\system32\PerfStringBackup.INI
2019-11-07 02:24 - 2019-08-07 20:30 - 000000006 ____H C:\WINDOWS\Tasks\SA.DAT
2019-11-07 02:24 - 2018-09-15 01:31 - 000000000 ____D C:\WINDOWS\INF
2019-11-07 02:24 - 2018-09-15 00:09 - 001048576 _____ C:\WINDOWS\system32\config\BBI
2019-11-07 02:23 - 2018-09-15 00:09 - 000032768 _____ C:\WINDOWS\system32\config\ELAM
2019-11-07 01:55 - 2018-09-15 01:23 - 000000000 ____D C:\WINDOWS\CbsTemp
2019-11-07 01:12 - 2017-12-30 22:58 - 000002380 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk
2019-11-07 00:52 - 2018-06-21 03:36 - 000000000 ____D C:\Users\baile\AppData\Local\CrashDumps
2019-11-06 20:30 - 2017-12-20 00:53 - 000000000 ____D C:\Users\baile\AppData\Local\Adobe
2019-11-06 20:17 - 2019-08-07 20:24 - 000453088 _____ C:\WINDOWS\system32\FNTCACHE.DAT
2019-11-06 19:51 - 2019-08-07 20:25 - 000000000 ____D C:\Users\baile
2019-11-06 19:51 - 2018-04-13 03:46 - 000000000 ____D C:\Users\baile\AppData\Local\Facebook
2019-11-06 19:48 - 2018-09-15 01:33 - 000000000 ___HD C:\Program Files\WindowsApps
2019-11-06 19:48 - 2018-09-15 01:33 - 000000000 ____D C:\WINDOWS\AppReadiness
2019-11-06 19:45 - 2018-03-22 21:52 - 000000000 ____D C:\Users\baile\AppData\Roaming\Millisecond Software
2019-11-06 19:42 - 2019-06-09 22:32 - 000000000 ____D C:\Users\baile\Downloads\Epic Games
2019-11-06 15:02 - 2011-07-25 12:40 - 000300832 _____ (Sysinternals - www.sysinternals.com) C:\Users\baile\Downloads\Tcpview.exe
2019-11-06 15:02 - 2010-07-28 15:47 - 000199544 _____ (Sysinternals - www.sysinternals.com) C:\Users\baile\Downloads\Tcpvcon.exe
2019-11-06 15:02 - 2010-07-02 16:03 - 000041074 _____ C:\Users\baile\Downloads\tcpview.chm
2019-11-06 15:02 - 2006-07-28 09:32 - 000007005 _____ C:\Users\baile\Downloads\Eula.txt
2019-11-06 15:02 - 2002-09-02 13:13 - 000007983 _____ C:\Users\baile\Downloads\TCPVIEW.HLP
2019-11-06 14:14 - 2019-08-07 20:24 - 000000000 ____D C:\WINDOWS\system32\SleepStudy
2019-11-06 13:45 - 2017-12-19 21:12 - 000000000 ____D C:\Users\baile\AppData\Local\Packages
2019-11-06 13:44 - 2018-04-24 19:10 - 000000000 ____D C:\Users\baile\Documents\Amazon
2019-11-06 12:13 - 2017-12-20 00:54 - 000000000 ____D C:\Program Files (x86)\Adobe
2019-11-06 12:09 - 2017-12-19 19:36 - 000000000 ____D C:\Users\baile\AppData\Local\VirtualStore
2019-11-05 14:01 - 2019-08-07 20:30 - 000003420 _____ C:\WINDOWS\system32\Tasks\GoogleUpdateTaskMachineUA
2019-11-05 14:01 - 2019-08-07 20:30 - 000003296 _____ C:\WINDOWS\system32\Tasks\GoogleUpdateTaskMachineCore
2019-11-05 14:01 - 2017-12-30 22:57 - 000000000 ____D C:\Program Files (x86)\Google
2019-11-03 20:09 - 2017-12-19 19:38 - 000000000 ___RD C:\Users\baile\OneDrive
2019-11-03 19:57 - 2018-01-12 21:58 - 000000000 ___RD C:\Users\baile\iCloudDrive
2019-11-03 19:37 - 2018-09-15 01:33 - 000000000 ____D C:\WINDOWS\system32\NDF
2019-11-03 18:53 - 2019-08-07 20:30 - 000003376 _____ C:\WINDOWS\system32\Tasks\OneDrive Standalone Update Task-S-1-5-21-260720292-2504253849-2348319339-1001
2019-11-03 18:53 - 2019-08-07 20:25 - 000002370 _____ C:\Users\baile\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\OneDrive.lnk
2019-11-03 18:53 - 2018-09-15 01:33 - 000000000 ___HD C:\WINDOWS\ELAMBKUP
2019-11-03 18:45 - 2018-09-15 01:33 - 000000000 ___RD C:\WINDOWS\ImmersiveControlPanel
2019-11-03 18:45 - 2018-09-15 01:33 - 000000000 ____D C:\WINDOWS\SysWOW64\Dism
2019-11-03 18:45 - 2018-09-15 01:33 - 000000000 ____D C:\WINDOWS\system32\WinBioPlugIns
2019-11-03 18:45 - 2018-09-15 01:33 - 000000000 ____D C:\WINDOWS\system32\SystemResetPlatform
2019-11-03 18:45 - 2018-09-15 01:33 - 000000000 ____D C:\WINDOWS\system32\oobe
2019-11-03 18:45 - 2018-09-15 01:33 - 000000000 ____D C:\WINDOWS\system32\migwiz
2019-11-03 18:45 - 2018-09-15 01:33 - 000000000 ____D C:\WINDOWS\system32\lv-LV
2019-11-03 18:45 - 2018-09-15 01:33 - 000000000 ____D C:\WINDOWS\system32\lt-LT
2019-11-03 18:45 - 2018-09-15 01:33 - 000000000 ____D C:\WINDOWS\system32\et-EE
2019-11-03 18:45 - 2018-09-15 01:33 - 000000000 ____D C:\WINDOWS\system32\es-MX
2019-11-03 18:45 - 2018-09-15 01:33 - 000000000 ____D C:\WINDOWS\ShellExperiences
2019-11-03 18:45 - 2018-09-15 01:33 - 000000000 ____D C:\WINDOWS\Provisioning
2019-11-03 18:45 - 2018-09-15 01:33 - 000000000 ____D C:\WINDOWS\PolicyDefinitions
2019-11-03 18:45 - 2018-09-15 01:33 - 000000000 ____D C:\WINDOWS\L2Schemas
2019-11-03 18:45 - 2018-09-15 00:09 - 000000000 ____D C:\WINDOWS\system32\Sysprep
2019-11-03 18:43 - 2017-12-26 15:51 - 000000000 ____D C:\Users\baile\AppData\Local\Microsoft Help
2019-11-03 18:43 - 2017-12-20 00:57 - 000000000 ___RD C:\Users\baile\Creative Cloud Files
2019-11-03 18:42 - 2018-01-05 00:16 - 000000000 ____D C:\Users\baile\Documents\2 Pam Health Savings Account
2019-11-03 18:42 - 2017-12-19 19:36 - 000000000 ____D C:\Users\baile\AppData\Local\ConnectedDevicesPlatform
2019-11-03 18:42 - 2017-11-09 18:42 - 000000000 ____D C:\Program Files (x86)\Intel
2019-11-03 18:20 - 2018-05-05 14:45 - 000000000 ____D C:\Users\baile\Documents\Pam
2019-11-03 18:20 - 2018-04-12 15:41 - 000000000 ____D C:\ProgramData\Malwarebytes
2019-11-03 18:20 - 2017-12-26 22:55 - 000000000 __RHD C:\MSOCache
2019-11-03 18:20 - 2017-11-09 18:42 - 000000000 ___HD C:\Intel
2019-11-03 18:20 - 2017-11-09 18:41 - 000000000 ____D C:\Program Files\Intel
2019-11-03 16:27 - 2018-01-29 00:21 - 000000000 ____D C:\Users\baile\AppData\Local\AVAST Software
2019-11-03 15:36 - 2017-12-20 01:27 - 000000000 ____D C:\WINDOWS\system32\MRT
2019-11-03 15:25 - 2017-12-19 22:35 - 000000000 ____D C:\Users\baile\AppData\Local\ElevatedDiagnostics
2019-11-03 14:35 - 2018-04-13 04:22 - 000000000 ____D C:\WINDOWS\system32\Drivers\wd
2019-11-03 01:30 - 2017-12-20 00:58 - 000000000 ____D C:\Program Files\Common Files\Adobe
2019-11-03 01:28 - 2018-06-17 15:34 - 000000000 ____D C:\ProgramData\Packages
2019-11-03 01:28 - 2017-12-20 00:54 - 000000000 ____D C:\ProgramData\Adobe
2019-11-03 01:27 - 2018-05-19 00:49 - 000000000 ____D C:\Users\baile\AppData\Local\D3DSCache
2019-11-02 14:01 - 2017-12-19 19:38 - 000000000 ____D C:\Users\baile\AppData\Local\Comms
2019-11-02 01:38 - 2018-01-13 01:27 - 000000000 ____D C:\Users\baile\Documents\Microsoft data
2019-11-01 12:00 - 2018-11-28 18:21 - 000000000 ____D C:\Users\baile\AppData\Roaming\Grammarly
2019-10-31 23:48 - 2018-09-15 01:33 - 000000000 ____D C:\WINDOWS\LiveKernelReports
2019-10-22 00:03 - 2018-01-13 01:36 - 000000000 ____D C:\Users\baile\Documents\Travel
2019-10-21 20:32 - 2018-01-05 00:16 - 000000000 ____D C:\Users\baile\Documents\Cross Bow
2019-10-21 17:09 - 2018-01-05 00:16 - 000000000 ____D C:\Users\baile\Documents\1 Greg Health Savings Account
2019-10-21 01:22 - 2018-02-10 13:14 - 000000000 ____D C:\Users\baile\Documents\American Family
2019-10-17 21:17 - 2018-06-17 21:14 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\HP
2019-10-17 18:50 - 2017-12-20 00:25 - 000000000 ____D C:\Users\baile\AppData\Local\PlaceholderTileLogoFolder
2019-10-17 18:29 - 2018-06-17 21:14 - 000000000 ____D C:\ProgramData\HP
2019-10-17 17:37 - 2019-10-01 20:08 - 000003518 _____ C:\WINDOWS\system32\Tasks\AdobeGCInvoker-1.0
2019-10-17 16:34 - 2018-06-17 21:14 - 000000000 ____D C:\Program Files (x86)\HP
2019-10-17 15:57 - 2018-06-17 21:13 - 000000000 ____D C:\Users\baile\AppData\Local\HP
2019-10-17 15:55 - 2018-06-17 21:14 - 000000000 ____D C:\Program Files\HP
2019-10-16 20:03 - 2019-06-12 16:45 - 000000000 ____D C:\Users\baile\Downloads\JavaScriptCore.resources
2019-10-16 20:01 - 2017-12-22 22:38 - 000002535 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Apple Software Update.lnk
2019-10-15 18:19 - 2017-12-20 16:49 - 000000000 ____D C:\Program Files\Microsoft Office 15
2019-10-09 20:48 - 2019-08-07 20:30 - 000004598 _____ C:\WINDOWS\system32\Tasks\Adobe Flash Player PPAPI Notifier
2019-10-09 20:48 - 2019-08-07 20:30 - 000004422 _____ C:\WINDOWS\system32\Tasks\Adobe Flash Player Updater
2019-10-09 20:48 - 2018-09-15 01:33 - 000000000 ____D C:\WINDOWS\SysWOW64\Macromed
2019-10-09 20:48 - 2018-09-15 01:33 - 000000000 ____D C:\WINDOWS\system32\Macromed
2019-10-08 21:56 - 2018-09-15 01:33 - 000000000 ____D C:\WINDOWS\SysWOW64\oobe
2019-10-08 21:56 - 2018-09-15 01:33 - 000000000 ____D C:\WINDOWS\bcastdvr
2019-10-08 21:56 - 2018-09-15 00:09 - 000000000 ____D C:\WINDOWS\system32\Dism
2019-10-08 19:53 - 2017-12-20 01:26 - 127230528 ____C (Microsoft Corporation) C:\WINDOWS\system32\MRT.exe
==================== Files in the root of some directories ========
2019-08-16 18:02 - 2019-08-16 18:02 - 000000000 _____ () C:\Users\baile\AppData\Local\BITCC06.tmp
2019-08-16 18:02 - 2019-08-16 18:02 - 000000000 _____ () C:\Users\baile\AppData\Local\BITCC36.tmp
2018-09-25 22:03 - 2018-09-25 22:03 - 000000000 _____ () C:\Users\baile\AppData\Local\oobelibMkey.log
2019-08-09 16:03 - 2019-08-09 16:03 - 000000017 _____ () C:\Users\baile\AppData\Local\resmon.resmoncfg
==================== SigCheck ============================
(There is no automatic fix for files that do not pass verification.)
==================== End of FRST.txt ========================
 
#7 ·
Hi sportsmom2x2,

---------------------------------------------------
Farbar Recovery Scan Tool - Fix

  • Highlight the contents of the below code box and press Ctrl + C on your keyboard:
    Code:
    Start::
    CreateRestorePoint:
    ShellIconOverlayIdentifiers: [00asw] -> {472083B0-C522-11CF-8763-00608CC02F24} => -> No File
    ShellIconOverlayIdentifiers: [00avg] -> {472083B0-C522-11CF-8763-00608CC02F24} => -> No File
    AlternateDataStreams: C:\Users\baile\OneDrive:${3D0CE612-FDEE-43f7-8ACA-957BEC0CCBA0}.SyncRootIdentity [130]
    AlternateDataStreams: C:\Users\Public\Shared Files:VersionCache [231]
    FirewallRules: [{DEC86BCC-7FC1-4B7A-8983-71F81D058E60}] => (Allow) %systemroot%\system32\alg.exe No File
    FirewallRules: [{F8BD7C21-0643-4DE1-8A7F-6F23634309FD}] => (Allow) C:\Users\baile\AppData\Local\Temp\7zS0B0B\HPDiagnosticCoreUI.exe No File
    FirewallRules: [{F7F65726-1206-4388-8E0E-293C34F56029}] => (Allow) C:\Users\baile\AppData\Local\Temp\7zS0B0B\HPDiagnosticCoreUI.exe No File
    FirewallRules: [{B03D518E-2727-49AF-90F5-8CFC654099FB}] => (Allow) C:\Users\baile\AppData\Local\Temp\7zS621E\HPDiagnosticCoreUI.exe No File
    FirewallRules: [{B46221E6-A78D-4DA6-A8B0-114C15C11205}] => (Allow) C:\Users\baile\AppData\Local\Temp\7zS621E\HPDiagnosticCoreUI.exe No File
    FirewallRules: [TCP Query User{D81F5BC7-EBFD-4BE6-BF59-FEA1CA323F60}C:\users\baile\appdata\local\temp\7zs621e\devicemanager\devicemanager.exe] => (Allow) C:\users\baile\appdata\local\temp\7zs621e\devicemanager\devicemanager.exe No File
    FirewallRules: [UDP Query User{DFB5C2C7-782B-4C3A-A1D7-679004ADA982}C:\users\baile\appdata\local\temp\7zs621e\devicemanager\devicemanager.exe] => (Allow) C:\users\baile\appdata\local\temp\7zs621e\devicemanager\devicemanager.exe No File
    FirewallRules: [{B2073E64-8313-4425-A121-9CCFB622819B}] => (Allow) C:\Users\baile\AppData\Local\Temp\7zS08E9\HPDiagnosticCoreUI.exe No File
    FirewallRules: [{9F8A7177-7502-4BE6-91F2-5D4EFBDBEC19}] => (Allow) C:\Users\baile\AppData\Local\Temp\7zS08E9\HPDiagnosticCoreUI.exe No File
    HKU\S-1-5-21-260720292-2504253849-2348319339-1001\...\MountPoints2: {1285eeda-e8c4-11e9-82dd-a87f714249d0} - "E:\VZW_Software_upgrade_assistant.exe" 
    FF HKLM\SOFTWARE\Policies\Mozilla\Firefox: Restriction <==== ATTENTION
    CHR HKLM\SOFTWARE\Policies\Google: Restriction <==== ATTENTION
    SearchScopes: HKU\S-1-5-21-260720292-2504253849-2348319339-1001 -> DefaultScope {D4DBA3E0-BA8B-43C2-9BDB-2CD84DB0CF9F} URL =
    SearchScopes: HKU\S-1-5-21-260720292-2504253849-2348319339-1001 -> {D4DBA3E0-BA8B-43C2-9BDB-2CD84DB0CF9F} URL = 
    Toolbar: HKU\S-1-5-21-260720292-2504253849-2348319339-1001 -> No Name - {EF293C5A-9F37-49FD-91C4-2B867063FC54} - No File
    2019-10-17 15:51 - 2019-10-17 15:51 - 000000000 ____D C:\Users\baile\AppData\Local\GoToAssist Remote Support Customer
    folder: C:\ProgramData\Visan
    Emptytemp:
    End::
NOTICE: This script was written specifically for this user, for use on that particular machine. Running this on another machine may cause damage to your operating system
  • Double-click FRST.exe/FRST64.exe to run it.
  • Press the Fix button just once and wait.
    Note: No need to paste the script into FRST.
  • Restart the computer if prompted.
  • When the fix is complete FRST will generate a log in the same location it was run from (Fixlog.txt)
  • Please copy and paste its contents into your reply.

---------------------------------------------------

In your next reply, please include:
  • Fixlog.txt
 
#8 ·
Fix result of Farbar Recovery Scan Tool (x64) Version: 09-11-2019 01
Ran by bailey (10-11-2019 00:03:04) Run:2
Running from C:\Users\baile\Desktop
Loaded Profiles: bailey (Available Profiles: bailey)
Boot Mode: Normal
==============================================
fixlist content:
*****************
CreateRestorePoint:
ShellIconOverlayIdentifiers: [00asw] -> {472083B0-C522-11CF-8763-00608CC02F24} => -> No File
ShellIconOverlayIdentifiers: [00avg] -> {472083B0-C522-11CF-8763-00608CC02F24} => -> No File
AlternateDataStreams: C:\Users\baile\OneDrive:${3D0CE612-FDEE-43f7-8ACA-957BEC0CCBA0}.SyncRootIdentity [130]
AlternateDataStreams: C:\Users\Public\Shared Files:VersionCache [231]
FirewallRules: [{DEC86BCC-7FC1-4B7A-8983-71F81D058E60}] => (Allow) %systemroot%\system32\alg.exe No File
FirewallRules: [{F8BD7C21-0643-4DE1-8A7F-6F23634309FD}] => (Allow) C:\Users\baile\AppData\Local\Temp\7zS0B0B\HPDiagnosticCoreUI.exe No File
FirewallRules: [{F7F65726-1206-4388-8E0E-293C34F56029}] => (Allow) C:\Users\baile\AppData\Local\Temp\7zS0B0B\HPDiagnosticCoreUI.exe No File
FirewallRules: [{B03D518E-2727-49AF-90F5-8CFC654099FB}] => (Allow) C:\Users\baile\AppData\Local\Temp\7zS621E\HPDiagnosticCoreUI.exe No File
FirewallRules: [{B46221E6-A78D-4DA6-A8B0-114C15C11205}] => (Allow) C:\Users\baile\AppData\Local\Temp\7zS621E\HPDiagnosticCoreUI.exe No File
FirewallRules: [TCP Query User{D81F5BC7-EBFD-4BE6-BF59-FEA1CA323F60}C:\users\baile\appdata\local\temp\7zs621e\devicemanager\devicemanager.exe] => (Allow) C:\users\baile\appdata\local\temp\7zs621e\devicemanager\devicemanager.exe No File
FirewallRules: [UDP Query User{DFB5C2C7-782B-4C3A-A1D7-679004ADA982}C:\users\baile\appdata\local\temp\7zs621e\devicemanager\devicemanager.exe] => (Allow) C:\users\baile\appdata\local\temp\7zs621e\devicemanager\devicemanager.exe No File
FirewallRules: [{B2073E64-8313-4425-A121-9CCFB622819B}] => (Allow) C:\Users\baile\AppData\Local\Temp\7zS08E9\HPDiagnosticCoreUI.exe No File
FirewallRules: [{9F8A7177-7502-4BE6-91F2-5D4EFBDBEC19}] => (Allow) C:\Users\baile\AppData\Local\Temp\7zS08E9\HPDiagnosticCoreUI.exe No File
HKU\S-1-5-21-260720292-2504253849-2348319339-1001\...\MountPoints2: {1285eeda-e8c4-11e9-82dd-a87f714249d0} - "E:\VZW_Software_upgrade_assistant.exe"
FF HKLM\SOFTWARE\Policies\Mozilla\Firefox: Restriction <==== ATTENTION
CHR HKLM\SOFTWARE\Policies\Google: Restriction <==== ATTENTION
SearchScopes: HKU\S-1-5-21-260720292-2504253849-2348319339-1001 -> DefaultScope {D4DBA3E0-BA8B-43C2-9BDB-2CD84DB0CF9F} URL =
SearchScopes: HKU\S-1-5-21-260720292-2504253849-2348319339-1001 -> {D4DBA3E0-BA8B-43C2-9BDB-2CD84DB0CF9F} URL =
Toolbar: HKU\S-1-5-21-260720292-2504253849-2348319339-1001 -> No Name - {EF293C5A-9F37-49FD-91C4-2B867063FC54} - No File
2019-10-17 15:51 - 2019-10-17 15:51 - 000000000 ____D C:\Users\baile\AppData\Local\GoToAssist Remote Support Customer
folder: C:\ProgramData\Visan
Emptytemp:
*****************
Restore point was successfully created.
HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\00asw => removed successfully
HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\00avg => removed successfully
C:\Users\baile\OneDrive => ":${3D0CE612-FDEE-43f7-8ACA-957BEC0CCBA0}.SyncRootIdentity" ADS could not remove.
C:\Users\Public\Shared Files => ":VersionCache" ADS removed successfully
"HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{DEC86BCC-7FC1-4B7A-8983-71F81D058E60}" => removed successfully
"HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{F8BD7C21-0643-4DE1-8A7F-6F23634309FD}" => removed successfully
"HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{F7F65726-1206-4388-8E0E-293C34F56029}" => removed successfully
"HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{B03D518E-2727-49AF-90F5-8CFC654099FB}" => removed successfully
"HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{B46221E6-A78D-4DA6-A8B0-114C15C11205}" => removed successfully
"HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\TCP Query User{D81F5BC7-EBFD-4BE6-BF59-FEA1CA323F60}C:\users\baile\appdata\local\temp\7zs621e\devicemanager\devicemanager.exe" => removed successfully
"HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\UDP Query User{DFB5C2C7-782B-4C3A-A1D7-679004ADA982}C:\users\baile\appdata\local\temp\7zs621e\devicemanager\devicemanager.exe" => removed successfully
"HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{B2073E64-8313-4425-A121-9CCFB622819B}" => removed successfully
"HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{9F8A7177-7502-4BE6-91F2-5D4EFBDBEC19}" => removed successfully
HKU\S-1-5-21-260720292-2504253849-2348319339-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{1285eeda-e8c4-11e9-82dd-a87f714249d0} => not found
HKLM\SOFTWARE\Policies\Mozilla => removed successfully
HKLM\SOFTWARE\Policies\Google => removed successfully
"HKU\S-1-5-21-260720292-2504253849-2348319339-1001\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope" => removed successfully
HKU\S-1-5-21-260720292-2504253849-2348319339-1001\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{D4DBA3E0-BA8B-43C2-9BDB-2CD84DB0CF9F} => removed successfully
"HKU\S-1-5-21-260720292-2504253849-2348319339-1001\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{EF293C5A-9F37-49FD-91C4-2B867063FC54}" => removed successfully
C:\Users\baile\AppData\Local\GoToAssist Remote Support Customer => moved successfully
========================= folder: C:\ProgramData\Visan ========================
2019-10-17 15:56 - 2019-10-17 15:56 - 000000000 ____D [00000000000000000000000000000000] () C:\ProgramData\Visan\AppIcons
2015-01-22 15:32 - 2015-01-22 15:32 - 000044887 ____A [C027A70F9ABAAAEC16DB5925CC7577DD] () C:\ProgramData\Visan\AppIcons\HP Photo Creations.ico
====== End of Folder: ======
=========== EmptyTemp: ==========
BITS transfer queue => 11034624 B
DOMStore, IE Recovery, AppCache, Feeds Cache, Thumbcache, IconCache => 620273603 B
Java, Flash, Steam htmlcache => 1839 B
Windows/system/drivers => 1504409 B
Edge => 1873140 B
Chrome => 559136556 B
Firefox => 0 B
Opera => 0 B
Temp, IE cache, history, cookies, recent:
Default => 0 B
Users => 0 B
ProgramData => 0 B
Public => 0 B
systemprofile => 0 B
systemprofile32 => 0 B
LocalService => 7624 B
NetworkService => 12050 B
baile => 9449011 B
RecycleBin => 7188771769 B
EmptyTemp: => 7.8 GB temporary data Removed.
================================
The system needed a reboot.
==== End of Fixlog 00:04:30 ====
 
#9 ·
Hi sportsmom2x2,

---------------------------------------------------
ESET Online Scanner

Download ESET Online Scanner and save it to your desktop.
  • Right-click on esetonlinescanner_enu.exe and select Run as Administrator.
  • When the tool opens, click Get Started.
  • Read and accept the license agreement.
  • At the Welcome to ESET Online Scanner window, click Get Started.
  • Select whether you would like to send anonymous data to ESET.
  • Note: if you see the "Welcome Back to ESET Online Scanner" screen, click Computer Scan > Full Scan.
  • Click on the Full Scan option.
  • Select Enable ESET to detect and remove potentially unwanted applications, then click Start scan.
  • ESET will now begin scanning your computer. This may take some time.
  • When the scan is finished and if threats have been detected, select Save scan log. Save it to your desktop as eset.txt. Click on Continue.
  • ESET Online Scanner may ask if you'd like to turn on the Periodic Scan feature. Click on Continue.
  • On the next screen, you can leave feedback about the program if you wish. Check the box for Delete application data on closing. If you left feedback, click Submit and continue. If not, Close without feedback.
  • Open the scan log on your desktop (eset.txt) and copy and paste its contents into your next reply.

---------------------------------------------------

In your next reply, please include:
  • eset.txt
 
#14 ·
If all is well:

The following will remove the tools we used as well as reset system restore points:

---------------------------------------------------
KpRm

Download KpRm by kernel-panik and save it to your desktop.
  • Right-click kprm_(version).exe and select Run as Administrator.
  • When the tool opens, ensure all boxes are checked, and select Run.
  • Once complete, click OK.
  • A log will open in Notepad titled kprm-(date).txt.
  • Please copy and paste its contents in your next reply.
----------------------------------------------------
Some tips to keep your computer safe on the Internet

Make sure to use strong passwords. There are password managers (for example, Bitwarden) that can help you use secure passwords, and keep track of them.

How to create a strong password
----------------------------------------------------
Keeping software up-to-date is important as well. Programs such as UCheck, Heimdal Free, or PatchMyPC can help keep software on your computer up-to-date.

To keep your operating system up-to-date, make sure that Windows Update is enabled on your computer.
----------------------------------------------------
I recommend backing up your PC regularly. There are several ways to back up your computer, such as using a cloud-based service online, external hard drive, or CD/DVD.

The following articles have more information about methods to back up your computer:

What's the Best Way to Back Up My Computer?

5 Ways to Back up Your Data
----------------------------------------------------
Here are some articles about how to keep your computer safe on the Internet -

Simple and easy ways to keep your computer safe and secure on the Internet - by Lawrence Abrams

Answers to common security questions - Best Practices - by quietman7

COMPUTER SECURITY - a short guide to staying safer online - Malware Removal

PC Safety and Security - What Do I Need? - Tech Support Forum
----------------------------------------------------

Safe surfing :)
 
#15 ·
# Run at 11/12/2019 11:40:42 PM
# KpRm (Kernel-panik) version 1.22
# Website https://kernel-panik.me/tool/kprm/
# Run by bailey from C:\Users\baile\Desktop
# Computer Name: YOGA720-15IKB
# OS: Windows 10 X64 (18362)
# Number of passes: 2
- Checked options -
~ Registry Backup
~ Delete Tools
~ Restore System Settings
~ UAC Restore
~ Delete Restore Points
~ Create Restore Point
- Create Registry Backup -
~ [OK] Hive C:\WINDOWS\System32\config\SOFTWARE backed up
~ [OK] Hive C:\Users\baile\NTUSER.dat backed up
[OK] Registry Backup: C:\KPRM\backup\2019-11-12-23-40-34
- Remove Tools -
No tools found
- Restore System Settings -
[OK] Flush DNS
[OK] Reset WinSock
[OK] Hide Hidden file.
[OK] Show Extensions for known file types
[OK] Hide protected operating system files
- Restore UAC -
[OK] Set ConsentPromptBehaviorAdmin with default (5) value
[OK] Set ConsentPromptBehaviorUser with default (3) value
[OK] Set EnableInstallerDetection with default (0) value
[OK] Set EnableLUA with default (1) value
[OK] Set EnableSecureUIAPaths with default (1) value
[OK] Set EnableUIADesktopToggle with default (0) value
[OK] Set EnableVirtualization with default (1) value
[OK] Set FilterAdministratorToken with default (0) value
[OK] Set PromptOnSecureDesktop with default (1) value
[OK] Set ValidateAdminCodeSignatures with default (0) value
- Clear Restore Points -
~ [OK] RP named Windows Update created at 11/08/2019 07:54:47 deleted
~ [OK] RP named Removed HP Officejet Pro 8600 Basic Device Software created at 11/11/2019 17:03:26 deleted
[OK] All system restore points have been successfully deleted
- Create Restore Point -
[OK] System Restore Point created
- Display System Restore Point -
~ RP named KpRm created at 11/13/2019 05:40:59 found
-- KPRM finished in 40.91s --
Thank you again for your help
 
Status
Not open for further replies.
You have insufficient privileges to reply here.
Top