Tech Support Guy banner
  • IMPORTANT: Only authorized members may reply to threads in this forum due to the complexity of the malware removal process. Authorized members include Malware Specialists and Trainees, Administrators, Moderators, and Trusted Advisors. Regular members are not permitted to reply, and any such posts will be deleted without notice or further explanation. Notice
Status
Not open for further replies.

Could I have a virus?

Solved 
7K views 69 replies 2 participants last post by  DR.M 
#1 ·
Hi My computer has been very slow lately. It seems to search for ever before it opens programs up. It is significantly slower than it has been in the past. Should I delete Internet Explorer? Would that speed things up or did something nasty find a home? Thank you so much for your help. This site is wonderful.

Tech Support Guy System Info Utility version 1.0.0.9
OS Version: Microsoft Windows 10 Home, 64 bit, Build 19042, Installed 20200617165859.000000-360
Processor: Intel(R) Core(TM) i7-7700HQ CPU @ 2.80GHz, Intel64 Family 6 Model 158 Stepping 9, CPU Count: 8
Total Physical RAM: 8 GB
Graphics Card: Intel(R) HD Graphics 630, 1024 MB
Hard Drives: C: 212 GB (63 GB Free); D: 24 GB (12 GB Free);
Motherboard: LENOVO LNVNB161216, ver SDK0J40709 WIN, s/n MP1CCYG9
System: LENOVO, ver LENOVO - 1, s/n MP1CCYG9
Antivirus: Windows Defender, Enabled and Updated
 
#2 ·
Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 01-12-2021
Ran by bailey (administrator) on YOGA720-15IKB (LENOVO 80X7) (01-12-2021 22:16:07)
Running from C:\Users\baile\Desktop
Loaded Profiles: bailey
Platform: Microsoft Windows 10 Home Version 20H2 19042.1348 (X64) Language: English (United States)
Default browser: Chrome
Boot Mode: Normal

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(Adobe Inc. -> Adobe Systems, Incorporated) C:\Program Files (x86)\Common Files\Adobe\AdobeGCClient\AGMService.exe
(Adobe Inc. -> Adobe Systems, Incorporated) C:\Program Files (x86)\Common Files\Adobe\AdobeGCClient\AGSService.exe
(Apple Inc. -> Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(Apple Inc. -> Apple Inc.) C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(Apple Inc.) C:\Program Files\WindowsApps\AppleInc.iCloud_12.5.74.0_x86__nzyj5cx40ttqa\iCloud\APSDaemon.exe
(Apple Inc.) C:\Program Files\WindowsApps\AppleInc.iCloud_12.5.74.0_x86__nzyj5cx40ttqa\iCloud\iCloudServices.exe
(Dolby Laboratories, Inc. -> ) C:\Program Files\Dolby\Dolby DAX3\API\DAX3API.exe
(Dolby Laboratories, Inc. -> Dolby Laboratories, Inc.) C:\Program Files\Dolby\Dolby DAX3\APP\DAX3TrayIcon.exe
(Express Vpn LLC -> ExpressVPN) C:\Program Files (x86)\ExpressVPN\bootstrap\amd64\nssm.exe
(Express Vpn LLC -> ExpressVPN) C:\Program Files (x86)\ExpressVPN\expressvpnd\expressvpnd.exe
(Express Vpn LLC -> ExpressVPN) C:\Program Files (x86)\ExpressVPN\expressvpn-ui\ExpressVPN.exe
(Express Vpn LLC -> ExpressVPN) C:\Program Files (x86)\ExpressVPN\expressvpn-ui\ExpressVPNNotificationService.exe
(Fitbit, Inc. -> Fitbit, Inc.) [File not signed] C:\Users\baile\Downloads\FitbitConnectService.exe
(Google LLC -> Google LLC) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe <34>
(Google LLC -> Google LLC) C:\Program Files (x86)\Google\Update\1.3.36.112\GoogleCrashHandler.exe
(Google LLC -> Google LLC) C:\Program Files (x86)\Google\Update\1.3.36.112\GoogleCrashHandler64.exe
(HP Inc. -> HP Inc.) C:\Program Files\HPPrintScanDoctor\HPPrintScanDoctorService.exe
(Intel Corporation -> Intel Corporation) C:\Windows\System32\Intel\DPTF\esif_uf.exe
(Intel Corporation -> Intel Corporation) C:\Windows\Temp\DPTF\esif_assist_64.exe
(Intel(R) pGFX -> Intel Corporation) C:\Windows\System32\DriverStore\FileRepository\igdlh64.inf_amd64_3d757484a892eacf\igfxCUIService.exe
(Intel(R) pGFX -> Intel Corporation) C:\Windows\System32\DriverStore\FileRepository\igdlh64.inf_amd64_3d757484a892eacf\igfxEM.exe
(Intel(R) pGFX -> Intel Corporation) C:\Windows\System32\DriverStore\FileRepository\igdlh64.inf_amd64_3d757484a892eacf\IntelCpHDCPSvc.exe
(Intel(R) pGFX -> Intel Corporation) C:\Windows\System32\DriverStore\FileRepository\igdlh64.inf_amd64_3d757484a892eacf\IntelCpHeciSvc.exe
(Intel(R) Wireless Connectivity Solutions -> Intel Corporation) C:\Windows\System32\ibtsiva.exe
(Lenovo -> ) C:\Program Files\Lenovo\Lenovo Migration Assistant\maService.exe
(Lenovo -> Lenovo Group Ltd.) C:\Program Files (x86)\Lenovo\VantageService\3.9.23.0\Lenovo.Vantage.AddinHost.Amd64.exe <2>
(Lenovo -> Lenovo Group Ltd.) C:\Program Files (x86)\Lenovo\VantageService\3.9.23.0\Lenovo.Vantage.AddinHost.exe <4>
(Lenovo -> Lenovo Group Ltd.) C:\Program Files (x86)\Lenovo\VantageService\3.9.23.0\LenovoVantageService.exe
(Lenovo -> Lenovo Group Ltd.) C:\Windows\Lenovo\ImController\Service\Lenovo.Modern.ImController.exe
(LENOVO -> Lenovo) C:\Program Files\Lenovo\YMC\ymc.exe
(Logitech Inc -> Logitech) C:\ProgramData\Logishrd\LogiOptions\Software\Current\LogiOverlay.exe
(Logitech Inc -> Logitech, Inc.) C:\Program Files\Logitech\LogiOptions\LogiOptions.exe
(Logitech Inc -> Logitech, Inc.) C:\ProgramData\Logishrd\LogiOptions\Software\Current\LogiOptionsMgr.exe
(Malwarebytes Inc -> Malwarebytes) C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe
(Malwarebytes Inc -> Malwarebytes) C:\Program Files\Malwarebytes\Anti-Malware\mbamtray.exe
(Microsoft Corporation -> Microsoft Corporation) C:\Program Files\Microsoft Office 15\ClientX64\officeclicktorun.exe
(Microsoft Corporation -> Microsoft Corporation) C:\Program Files\Microsoft Office 15\root\office15\ONENOTEM.EXE
(Microsoft Corporation -> Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v3.0\WPF\PresentationFontCache.exe
(Microsoft Corporation) C:\Program Files\WindowsApps\Microsoft.549981C3F5F10_3.2110.13603.0_x64__8wekyb3d8bbwe\Cortana.exe
(Microsoft Corporation) C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_16005.14326.20544.0_x64__8wekyb3d8bbwe\HxOutlook.exe
(Microsoft Corporation) C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_16005.14326.20544.0_x64__8wekyb3d8bbwe\HxTsr.exe
(Microsoft Corporation) C:\Program Files\WindowsApps\Microsoft.YourPhone_1.21102.134.0_x64__8wekyb3d8bbwe\YourPhoneAppProxy\YourPhoneAppProxy.exe
(Microsoft Windows -> Microsoft Corporation) C:\Windows\splwow64.exe
(Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\dllhost.exe <2>
(Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\MoUsoCoreWorker.exe
(Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\smartscreen.exe
(Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\wlanext.exe
(Microsoft Windows Publisher -> Microsoft Corporation) C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.2110.6-0\MpCopyAccelerator.exe
(Microsoft Windows Publisher -> Microsoft Corporation) C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.2110.6-0\MsMpEng.exe
(Microsoft Windows Publisher -> Microsoft Corporation) C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.2110.6-0\NisSrv.exe
(Realtek Semiconductor Corp. -> Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe <3>
(Realtek Semiconductor Corp. -> Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
(Realtek Semiconductor Corp. -> Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RtkAudioService64.exe
(Wacom Technology Corp. -> Wacom Technology) C:\Program Files\Tablet\ISD\WacomHost.exe
(Wacom Technology Corporation -> Wacom Technology, Corp.) C:\Program Files\Tablet\ISD\ISD_Tablet.exe
(Wacom Technology Corporation -> Wacom Technology, Corp.) C:\Program Files\Tablet\ISD\ISD_TabletUser.exe
(Wacom Technology Corporation -> Wacom Technology, Corp.) C:\Program Files\Tablet\ISD\WTabletServiceISD.exe
(Western Digital Technologies, Inc. -> Western Digital Technologies, Inc.) C:\Program Files (x86)\Western Digital\WD App Manager\Plugins\WD Backup\App\WDBackupService.exe
(Western Digital Technologies, Inc. -> Western Digital Technologies, Inc.) C:\Program Files (x86)\Western Digital\WD App Manager\WDAppManager.exe

==================== Registry (Whitelisted) ===================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [AdobeAAMUpdater-1.0] => C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe [509936 2018-04-10] (Adobe Systems Incorporated -> Adobe Systems Incorporated)
HKLM\...\Run: [AdobeGCInvoker-1.0] => C:\Program Files (x86)\Common Files\Adobe\AdobeGCClient\AGCInvokerUtility.exe [3412736 2021-09-07] (Adobe Inc. -> Adobe Systems, Incorporated)
HKLM\...\Run: [RTHDVCPL] => C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [18382824 2017-08-10] (Realtek Semiconductor Corp. -> Realtek Semiconductor)
HKLM\...\Run: [RtHDVBg_Dolby] => C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe [1493992 2017-08-10] (Realtek Semiconductor Corp. -> Realtek Semiconductor)
HKLM\...\Run: [RtHDVBg_LENOVO_DOLBYDRAGON] => C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe [1493992 2017-08-10] (Realtek Semiconductor Corp. -> Realtek Semiconductor)
HKLM\...\Run: [APP] => C:\Program Files\Dolby\Dolby DAX3\APP\DAX3TrayIcon.exe [999216 2017-04-28] (Dolby Laboratories, Inc. -> Dolby Laboratories, Inc.)
HKLM\...\Run: [iTunesHelper] => C:\Users\baile\Downloads\iTunesHelper.exe [340440 2021-04-16] (Apple Inc. -> Apple Inc.)
HKLM\...\Run: [Logitech Download Assistant] => C:\Windows\System32\LogiLDA.dll [3831808 2021-08-30] (Microsoft Windows Hardware Compatibility Publisher -> Logitech)
HKLM\...\Run: [LogiOptions] => C:\Program Files\Logitech\LogiOptions\LogiOptions.exe [1675680 2021-09-24] (Logitech Inc -> Logitech, Inc.)
HKLM-x32\...\Run: [WDAppManager] => C:\Program Files (x86)\Western Digital\WD App Manager\AppManagerLauncher.exe [21888 2018-01-24] (Western Digital Technologies, Inc. -> Western Digital Technologies, Inc.)
HKLM-x32\...\Run: [Polarr] => C:\ProgramData\SquirrelMachineInstalls\Polarr.exe [73300232 2020-06-16] (Polarr, Inc. -> Polarr, Inc.) [File not signed]
HKLM-x32\...\Run: [Fitbit Connect] => C:\Users\baile\Downloads\Fitbit Connect.exe [3414184 2015-09-11] (Fitbit, Inc. -> Fitbit, Inc.) [File not signed]
HKLM-x32\...\Run: [ExpressVPNNotificationService] => C:\Program Files (x86)\ExpressVPN\expressvpn-ui\ExpressVPNNotificationServiceStarter.exe [373600 2021-01-18] (Express Vpn LLC -> ExpressVPN)
HKU\S-1-5-21-260720292-2504253849-2348319339-1001\...\Run: [Fitbit Connect] => C:\Users\baile\Downloads\Fitbit Connect.exe [3414184 2015-09-11] (Fitbit, Inc. -> Fitbit, Inc.) [File not signed]
HKU\S-1-5-21-260720292-2504253849-2348319339-1001\...\Run: [Steam] => C:\Users\baile\New folder\steam.exe [3421984 2020-12-07] (Valve -> Valve Corporation)
HKU\S-1-5-21-260720292-2504253849-2348319339-1001\...\Run: [ExpressVPN4] => C:\Program Files (x86)\ExpressVPN\expressvpn-ui\ExpressVPN.exe [850272 2021-01-18] (Express Vpn LLC -> ExpressVPN)
HKU\S-1-5-21-260720292-2504253849-2348319339-1003\...\RunOnce: [Delete Cached Update Binary] => C:\WINDOWS\system32\cmd.exe /q /c del /q "C:\Users\supportaccount\AppData\Local\Microsoft\OneDrive\Update\OneDriveSetup.exe"
HKU\S-1-5-21-260720292-2504253849-2348319339-1003\...\RunOnce: [Delete Cached Standalone Update Binary] => C:\WINDOWS\system32\cmd.exe /q /c del /q "C:\Users\supportaccount\AppData\Local\Microsoft\OneDrive\StandaloneUpdater\OneDriveSetup.exe"
HKU\S-1-5-21-260720292-2504253849-2348319339-1003\...\RunOnce: [Uninstall 20.114.0607.0002\amd64] => C:\WINDOWS\system32\cmd.exe /q /c rmdir /s /q "C:\Users\supportaccount\AppData\Local\Microsoft\OneDrive\20.114.0607.0002\amd64"
HKU\S-1-5-21-260720292-2504253849-2348319339-1003\...\RunOnce: [Uninstall 20.114.0607.0002] => C:\WINDOWS\system32\cmd.exe /q /c rmdir /s /q "C:\Users\supportaccount\AppData\Local\Microsoft\OneDrive\20.114.0607.0002"
HKLM\...\Print\Monitors\HP 5912 Status Monitor: hpinksts5912LM.dll
HKLM\Software\Microsoft\Active Setup\Installed Components: [{8A69D345-D564-463c-AFF1-A69D9E530F96}] -> C:\Program Files (x86)\Google\Chrome\Application\96.0.4664.45\Installer\chrmstp.exe [2021-11-18] (Google LLC -> Google LLC)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\UltraVPN.lnk [2019-02-01]
ShortcutTarget: UltraVPN.lnk -> C:\Program Files (x86)\UltraVPN\UltraVPN.exe (No File)
Startup: C:\Users\baile\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Send to OneNote.lnk [2021-02-04]
ShortcutTarget: Send to OneNote.lnk -> C:\Program Files\Microsoft Office 15\root\office15\ONENOTEM.EXE (Microsoft Corporation -> Microsoft Corporation)

==================== Scheduled Tasks (Whitelisted) ============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

Task: {0E41EACB-602F-472D-A50B-BAC99EBC6892} - System32\Tasks\AdobeAAMUpdater-1.0-MicrosoftAccount-baileyl032017@outlook.com => C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe [509936 2018-04-10] (Adobe Systems Incorporated -> Adobe Systems Incorporated)
Task: {10D771B3-2D11-4309-B81F-F345B570E2B4} - System32\Tasks\CreateExplorerShellUnelevatedTask => C:\WINDOWS\Explorer.exe /NOUACCHECK
Task: {138C7D27-E8F7-45CF-824E-5382F35FB876} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [153168 2017-12-30] (Google Inc -> Google Inc.)
Task: {1C8DB84F-ABA5-4A26-A45D-43F5CB8E2551} - System32\Tasks\Lenovo\Vantage\Schedule\DailyTelemetryTransmission => C:\Program Files (x86)\Lenovo\VantageService\3.9.23.0\ScheduleEventAction.exe [26656 2021-09-16] (Lenovo -> Lenovo Group Ltd.)
Task: {1F3D31A8-1D0B-47FF-8300-4DE9302035ED} - System32\Tasks\HPPSDrTelemetryWatch => C:\Program Files (x86)\HP\Diagnostics\TelemetryWatch\PSDrTelemetryWatch.exe [32808 2020-01-14] (HP Inc. -> )
Task: {25B126E2-E129-4B8C-A051-AE8F6C2AC12F} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [153168 2017-12-30] (Google Inc -> Google Inc.)
Task: {2B43315B-9203-4867-B1B8-DDE1FCA2DAB0} - System32\Tasks\Microsoft\Windows\Windows Defender\Windows Defender Verification => C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.2110.6-0\MpCmdRun.exe [901056 2021-11-02] (Microsoft Windows Publisher -> Microsoft Corporation)
Task: {2DFF51F1-CABB-4908-BA77-B2BAB7347C9C} - System32\Tasks\Lenovo\Lenovo Service Bridge\S-1-5-21-260720292-2504253849-2348319339-1001 => C:\Users\baile\AppData\Local\Programs\Lenovo\Lenovo Service Bridge\LSBUpdater.exe (No File)
Task: {35CAA328-CAF4-45D0-861D-C51C75003317} - System32\Tasks\EOSv3 Scheduler onTime => C:\Users\baile\Desktop\esetonlinescanner_enu.exe SCHED (No File)
Task: {3E154EAE-7138-4F19-9F37-D9157CEBB0E1} - System32\Tasks\Kaspersky_Upgrade_{E7FE8BD6-07C8-4138-AB61-92AA886397EA} => C:\Program Files\Common Files\AV\Kaspersky Anti-Virus\upgrade.exe /scheduledStart (No File)
Task: {4203DD3A-E54A-4B39-8EA5-4221F09A10C2} - \Lenovo\ImController\Plugins\LenovoSystemUpdatePlugin_WeeklyTask -> No File <==== ATTENTION
Task: {5354DF98-3BD6-4CF4-A69D-0760B8DCCED0} - System32\Tasks\AdobeGCInvoker-1.0 => C:\Program Files (x86)\Common Files\Adobe\AdobeGCClient\AGCInvokerUtility.exe [3412736 2021-09-07] (Adobe Inc. -> Adobe Systems, Incorporated)
Task: {62A2E1E1-C65A-45F3-824B-C6065D3A8234} - System32\Tasks\Microsoft\Windows\Windows Defender\Windows Defender Cache Maintenance => C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.2110.6-0\MpCmdRun.exe [901056 2021-11-02] (Microsoft Windows Publisher -> Microsoft Corporation)
Task: {6863D520-4E94-40DE-A3B8-C31B1B1C88DD} - System32\Tasks\Lenovo\Vantage\Schedule\Lenovo.Vantage.SmartPerformance.SScan => C:\Program Files (x86)\Lenovo\VantageService\3.9.23.0\ScheduleEventAction.exe [26656 2021-09-16] (Lenovo -> Lenovo Group Ltd.)
Task: {75FC977E-C869-4B08-9988-563190B5B43B} - \Lenovo\ImController\Lenovo iM Controller Scheduled Maintenance -> No File <==== ATTENTION
Task: {7848135A-8EF5-4AFB-A798-B422DE4CA12A} - System32\Tasks\Lenovo\ImController\TimeBasedEvents\d040a9c9-0bfd-4db9-b6f8-17b5843acf3a => C:\WINDOWS\Lenovo\ImController\Service\Lenovo.Modern.ImController.exe [81896 2021-08-12] (Lenovo -> Lenovo Group Ltd.)
Task: {79A1E239-70EF-4BB7-BA0E-332CA981BE4B} - System32\Tasks\Microsoft\Windows\Windows Defender\Windows Defender Cleanup => C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.2110.6-0\MpCmdRun.exe [901056 2021-11-02] (Microsoft Windows Publisher -> Microsoft Corporation)
Task: {803F7B91-5F41-4098-AA84-63C57968A1CA} - System32\Tasks\TVT\TVSUUpdateTask => C:\Program Files (x86)\Lenovo\System Update\tvsuShim.exe /CM -search R -action INSTALL -includerebootpackages 1,3,4 -noicon -noreboot -nolicense -defaultupdate -schtask (No File)
Task: {854037A7-409A-4E7E-8839-B64D9DD70321} - System32\Tasks\Antivirus Emergency Update => C:\Program Files (x86)\AVG\Antivirus\AvEmUpdate.exe (No File)
Task: {8C821A8B-B520-4EF5-9D53-D66DDE610A8F} - System32\Tasks\TVT\TVSUUpdateTask_UserLogOn => C:\Program Files (x86)\Lenovo\System Update\tvsuShim.exe PendingTask (No File)
Task: {9248D8AE-60DD-47FD-958B-DDD8017FCD9C} - System32\Tasks\Lenovo\Vantage\Lenovo.Vantage.ServiceMaintainance => %systemroot%\system32\sc.exe start LenovoVantageService
Task: {93D579DE-FE95-4CCF-925B-8520B66A1947} - System32\Tasks\Microsoft\Windows\Windows Defender\Windows Defender Scheduled Scan => C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.2110.6-0\MpCmdRun.exe [901056 2021-11-02] (Microsoft Windows Publisher -> Microsoft Corporation)
Task: {A50783FA-E77E-4EC5-A69E-CE0ED433B888} - System32\Tasks\EOSv3 Scheduler onLogOn => C:\Users\baile\Desktop\esetonlinescanner_enu.exe LOGON (No File)
Task: {A9273BAF-7D29-4FA6-8AD5-DB9A00224729} - System32\Tasks\Microsoft\Office\Office ClickToRun Service Monitor => C:\Program Files\Microsoft Office 15\ClientX64\OfficeC2RClient.exe [972184 2021-03-17] (Microsoft Corporation -> Microsoft Corporation)
Task: {BDC5B506-7DF0-4127-BEE1-7C98924A29A4} - System32\Tasks\Lenovo\BatteryGauge\BatteryGaugeMaintenance => C:\ProgramData\Lenovo\ImController\Plugins\LenovoBatteryGaugePackage\x64\BGHelper.exe (No File)
Task: {D16B6888-B74A-4AAC-976A-1D2AFE5D16E3} - \Lenovo\ImController\Lenovo iM Controller Monitor -> No File <==== ATTENTION
Task: {D7E912F0-CD6F-456B-A47A-42DCED783974} - System32\Tasks\AdobeAAMUpdater-1.0-YOGA720-15IKB-bailey => C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe [509936 2018-04-10] (Adobe Systems Incorporated -> Adobe Systems Incorporated)
Task: {D86AA673-AC0D-47E7-ACC6-104447534C96} - System32\Tasks\Lenovo\ImController\TimeBasedEvents\37eff6f5-1f0a-44d7-b67e-64146bc110ed => C:\WINDOWS\Lenovo\ImController\Service\Lenovo.Modern.ImController.exe [81896 2021-08-12] (Lenovo -> Lenovo Group Ltd.)
Task: {DCEBA8D9-EDC4-48AA-97D8-C949C81E62BF} - System32\Tasks\Lenovo\ImController\TimeBasedEvents\18be2cdc-ad9c-4df9-9c5c-34438fd4860a => C:\WINDOWS\Lenovo\ImController\Service\Lenovo.Modern.ImController.exe [81896 2021-08-12] (Lenovo -> Lenovo Group Ltd.)
Task: {E631038B-2CFE-4CA4-9F1F-8732D0DFB9A8} - System32\Tasks\Apple\AppleSoftwareUpdate => C:\Program Files (x86)\Apple Software Update\SoftwareUpdate.exe [616832 2019-09-04] (Apple Inc. -> Apple Inc.)
Task: {EC6B61A4-0F42-49F5-83DA-B1C2D337B005} - System32\Tasks\Microsoft\Office\Office Automatic Updates => C:\Program Files\Microsoft Office 15\ClientX64\OfficeC2RClient.exe [972184 2021-03-17] (Microsoft Corporation -> Microsoft Corporation)
Task: {EE3668F8-BBB2-4DDE-9358-770A17D5080C} - System32\Tasks\Apple Diagnostics => C:\Users\baile\AppData\Local\Microsoft\WindowsApps\eReporter-AppX.exe [0 2021-08-26] () [simlink -> ]
Task: {F60FFFC9-E623-4E0B-A0DA-769D93A59936} - System32\Tasks\Adobe Uninstaller => C:\Program Files (x86)\Adobe\Adobe Creative Cloud\ACC\Creative Cloud.exe --sapCode=PHSP --productVersion=20.0.1 --productPlatform=win64 --appletID=AppsPanel_BL --appletVersion=1.0 --appMode=Uninstall (No File)
Task: {F9330818-1ABC-4A7E-83C5-454D9B18F8AA} - System32\Tasks\Lenovo\Lenovo MigrationAssistant logon task => C:\Program Files\Lenovo\Lenovo Migration Assistant\maService.exe [151920 2017-12-06] (Lenovo -> )
Task: {FD7E4D41-F141-40D9-AAB5-790B1C8CF50E} - System32\Tasks\AVG\Overseer => C:\Program Files\Common Files\AVG\Overseer\overseer.exe /from_scheduler:1 (No File)

(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

Tcpip\Parameters: [DhcpNameServer] 192.168.1.1
Tcpip\..\Interfaces\{22bdf8f0-d55e-4cab-bdff-f39f79a367ff}: [NameServer] 10.186.0.1
Tcpip\..\Interfaces\{3c4a9f21-8085-4361-98eb-ab3060e81302}: [DhcpNameServer] 192.168.1.1

Edge:
=======
DownloadDir: C:\Users\baile\Downloads
Edge Notifications: HKU\S-1-5-21-260720292-2504253849-2348319339-1001 -> hxxps://gundersenhealthengage.mrcommunities.com
Edge Extension: (No Name) -> AutoFormFill_5ED10D46BD7E47DEB1F3685D2C0FCE08 => C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\Assets\HostExtensions\AutoFormFill [not found]
Edge Extension: (No Name) -> BookReader_B171F20233094AC88D05A8EF7B9763E8 => C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\Assets\BookViewer [not found]
Edge Extension: (No Name) -> hdokiejnpimakedhajhdlcegeplioahd_LastPassLastPassFreePasswordManager_qq0fmhteeht3j => C:\Program Files\WindowsApps\LastPass.LastPassFreePasswordManager_4.49.0.0_neutral__qq0fmhteeht3j [not found]
Edge Extension: (No Name) -> LearningTools_7706F933-971C-41D1-9899-8A026EB5D824 => C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\Assets\HostExtensions\LearningTools [not found]
Edge Extension: (No Name) -> PinJSAPI_EC01B57063BE468FAB6DB7EBFC3BF368 => C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\Assets\HostExtensions\PinJSAPI [not found]
Edge DefaultProfile: Default
Edge Profile: C:\Users\baile\AppData\Local\Microsoft\Edge\User Data\Default [2021-11-30]
Edge HomePage: Default -> hxxp://lenovo17win10.msn.com/?pc=LCTE
Edge StartupUrls: Default -> "hxxps://us.search.yahoo.com/yhs/web?hspart=omr&hsimp=yhs-001&type=88fptxqjxp1acegikmwv4003219&param1=y6bdVFVIsvuYsgEClQfz8Gt8Oby4iBdjLq7%2Fysk4Phe5sV980wpeWqTlm5o9JII7iwwCvodvHVmpLIImL8j7rfbdJPlUwIIjqsZs2SjQQqCJvjS%2FQWY7KMbX%2FIbp9XkODOpZ1gnHRs3GPSypa6phnT6z2I1QoBwvRV%2FZDyyoVAPPPUsCDpVGq%2BpJ8sRZ0c7vOtazvH%2FdN4JThvEz%2B3sI%2BQIXutpSjLkz26%2BjMooTs0HZK%2FprPDR%2FVhBGYy41OTdWRLZ1nxtk9tzcE5AP%2Bso8ZX6rWFU6IgCN2KGbkqMOTzHtLQ6MgRDwf7aT8P66GsUbwrq9Mk7vfQzO8tvlB5sDEg%2F6d6juo%2F7hR5zLtsx3AxbWbHpmwcF7OSyZyPwkQyZejStlfM1yVRFc9JqPkXOpuA%3D%3D"
Edge Extension: (Honey) - C:\Users\baile\AppData\Local\Microsoft\Edge\User Data\Default\Extensions\amnbcmdbanbkjhnfoeceemmmdiepnbpp [2021-08-29]
Edge Extension: (LastPass: Free Password Manager) - C:\Users\baile\AppData\Local\Microsoft\Edge\User Data\Default\Extensions\bbcinlkgjjkejfdpemiealijmmooekmp [2021-11-26]
Edge Extension: (Grammarly for Microsoft Edge) - C:\Users\baile\AppData\Local\Microsoft\Edge\User Data\Default\Extensions\cnlefmmeadmemmdciolhbnfeacpdfbkd [2021-11-23]
Edge Extension: (Fancy & Cool Text Generator) - C:\Users\baile\AppData\Local\Microsoft\Edge\User Data\Default\Extensions\fafnphaopehepcmfnakggljonnhkofpk [2021-08-15]
Edge Extension: (Rakuten: Get Cash Back For Shopping) - C:\Users\baile\AppData\Local\Microsoft\Edge\User Data\Default\Extensions\gmmlpenookphoknnpfilofakghemolmg [2021-11-23]
Edge Extension: (Malwarebytes Browser Guard) - C:\Users\baile\AppData\Local\Microsoft\Edge\User Data\Default\Extensions\ihcjicgdanjaechkgeegckofjjedodee [2021-11-26]
Edge HKLM-x32\...\Edge\Extension: [ihcjicgdanjaechkgeegckofjjedodee]

FireFox:
========
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\Program Files\Microsoft Office 15\root\Office15\NPSPWRAP.DLL [2017-12-20] (Microsoft Corporation -> Microsoft Corporation)
FF Plugin-x32: @parallelgraphics.com/Cortona -> C:\Program Files (x86)\Common Files\ParallelGraphics\Cortona\npcortona.dll [2019-09-12] (Parallel Graphics Limited -> ParallelGraphics)
FF Plugin HKU\S-1-5-21-260720292-2504253849-2348319339-1001: @rocketlife.com/RocketLife Secure Plug-In Layer;version=1.0.5 -> C:\Users\baile\AppData\Roaming\Visan\plugins\npRLSecurePluginLayer.dll [2011-11-15] (RocketLife -> RocketLife, LLP)
FF Plugin HKU\S-1-5-21-260720292-2504253849-2348319339-1001: SkypeForBusinessPlugin-16.2 -> C:\Users\baile\AppData\Local\Microsoft\SkypeForBusinessPlugin\16.2.0.511\npGatewayNpapi.dll [2019-08-03] (Microsoft Corporation -> Microsoft Corporation)
FF Plugin HKU\S-1-5-21-260720292-2504253849-2348319339-1001: SkypeForBusinessPlugin64-16.2 -> C:\Users\baile\AppData\Local\Microsoft\SkypeForBusinessPlugin\16.2.0.511\npGatewayNpapi-x64.dll [2019-08-03] (Microsoft Corporation -> Microsoft Corporation)

Chrome:
=======
CHR DefaultProfile: Default
CHR Profile: C:\Users\baile\AppData\Local\Google\Chrome\User Data\Default [2021-12-01]
CHR Notifications: Default -> hxxps://typiccor.com; hxxps://www.facebook.com; hxxps://www.youtube.com
CHR HomePage: Default -> file:///C:/Users/Owner/Documents/Medical
CHR StartupUrls: Default -> "hxxp://google.com/"
CHR Extension: (Slides) - C:\Users\baile\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2017-12-30]
CHR Extension: (Docs) - C:\Users\baile\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2017-12-30]
CHR Extension: (Google Drive) - C:\Users\baile\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2020-10-20]
CHR Extension: (YouTube) - C:\Users\baile\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2017-12-30]
CHR Extension: (Honey) - C:\Users\baile\AppData\Local\Google\Chrome\User Data\Default\Extensions\bmnlcjabgnpnenekpadlanbbkooimhnj [2021-11-19]
CHR Extension: (Rakuten: Get Cash Back For Shopping) - C:\Users\baile\AppData\Local\Google\Chrome\User Data\Default\Extensions\chhjbpecpncaggjpdakmflnfcopglcmi [2021-11-18]
CHR Extension: (Netflix) - C:\Users\baile\AppData\Local\Google\Chrome\User Data\Default\Extensions\deceagebecbceejblnlcjooeohmmeldh [2017-12-30]
CHR Extension: (Sheets) - C:\Users\baile\AppData\Local\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2017-12-30]
CHR Extension: (Google Docs Offline) - C:\Users\baile\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2021-11-30]
CHR Extension: (LastPass: Free Password Manager) - C:\Users\baile\AppData\Local\Google\Chrome\User Data\Default\Extensions\hdokiejnpimakedhajhdlcegeplioahd [2021-11-25]
CHR Extension: (Malwarebytes Browser Guard) - C:\Users\baile\AppData\Local\Google\Chrome\User Data\Default\Extensions\ihcjicgdanjaechkgeegckofjjedodee [2021-11-24]
CHR Extension: (Grammarly for Chrome) - C:\Users\baile\AppData\Local\Google\Chrome\User Data\Default\Extensions\kbfnbcaeplbcioakkpcpgfkobkghlhen [2021-11-23]
CHR Extension: (Capital One Shopping: Add to Chrome for Free) - C:\Users\baile\AppData\Local\Google\Chrome\User Data\Default\Extensions\nenlahapcbofgnanklpelkaejcehkggg [2021-11-19]
CHR Extension: (Chrome Web Store Payments) - C:\Users\baile\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2021-01-28]
CHR Extension: (Gmail) - C:\Users\baile\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2020-10-22]
CHR Profile: C:\Users\baile\AppData\Local\Google\Chrome\User Data\Guest Profile [2020-08-15]
CHR Profile: C:\Users\baile\AppData\Local\Google\Chrome\User Data\System Profile [2020-08-15]
CHR HKLM-x32\...\Chrome\Extension: [ihcjicgdanjaechkgeegckofjjedodee]
CHR HKLM-x32\...\Chrome\Extension: [mbckjcfnjmoiinpgddefodcighgikkgn]

==================== Services (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R2 AGMService; C:\Program Files (x86)\Common Files\Adobe\AdobeGCClient\AGMService.exe [3833088 2021-09-07] (Adobe Inc. -> Adobe Systems, Incorporated)
R2 AGSService; C:\Program Files (x86)\Common Files\Adobe\AdobeGCClient\AGSService.exe [3603200 2021-09-07] (Adobe Inc. -> Adobe Systems, Incorporated)
R2 Apple Mobile Device Service; C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe [99104 2021-03-16] (Apple Inc. -> Apple Inc.)
S3 BEService; C:\Program Files (x86)\Common Files\BattlEye\BEService.exe [8473200 2019-06-09] (BattlEye Innovations e.K. -> )
R2 ClickToRunSvc; C:\Program Files\Microsoft Office 15\ClientX64\OfficeClickToRun.exe [3052952 2021-03-17] (Microsoft Corporation -> Microsoft Corporation)
R2 Dolby DAX API Service; C:\Program Files\Dolby\Dolby DAX3\API\DAX3API.exe [212784 2017-04-28] (Dolby Laboratories, Inc. -> )
S3 EasyAntiCheat; C:\Program Files (x86)\EasyAntiCheat\EasyAntiCheat.exe [803440 2019-06-09] (EasyAntiCheat Oy -> EasyAntiCheat Ltd)
R2 ExpressVPNService; C:\Program Files (x86)\ExpressVPN\bootstrap\amd64\nssm.exe [437088 2021-01-18] (Express Vpn LLC -> ExpressVPN)
R2 Fitbit Connect; C:\Users\baile\Downloads\FitbitConnectService.exe [1435304 2015-09-11] (Fitbit, Inc. -> Fitbit, Inc.) [File not signed]
R2 HPPrintScanDoctorService; C:\Program Files\HPPrintScanDoctor\HPPrintScanDoctorService.exe [299680 2021-11-01] (HP Inc. -> HP Inc.)
R2 ImControllerService; C:\WINDOWS\Lenovo\ImController\Service\Lenovo.Modern.ImController.exe [81896 2021-08-12] (Lenovo -> Lenovo Group Ltd.)
R2 LenovoVantageService; C:\Program Files (x86)\Lenovo\VantageService\3.9.23.0\LenovoVantageService.exe [31248 2021-09-16] (Lenovo -> Lenovo Group Ltd.)
R3 MBAMService; C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe [7848632 2021-11-07] (Malwarebytes Inc -> Malwarebytes)
S3 WD Backup Drive Helper; C:\WINDOWS\SysWOW64\dllhost.exe /Processid:{4AB831D3-8315-414C-8A7A-303105288D0B} [19256 2020-10-15] (Microsoft Windows -> Microsoft Corporation)
S3 WD Backup Snapshot; C:\WINDOWS\SysWOW64\dllhost.exe /Processid:{302480DF-3AC5-4400-BE7B-DD77AF93B6DD} [19256 2020-10-15] (Microsoft Windows -> Microsoft Corporation)
R3 WdNisSvc; C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.2110.6-0\NisSrv.exe [2872024 2021-11-02] (Microsoft Windows Publisher -> Microsoft Corporation)
R2 WinDefend; C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.2110.6-0\MsMpEng.exe [128376 2021-11-02] (Microsoft Windows Publisher -> Microsoft Corporation)
R2 ymc; C:\Program Files\Lenovo\YMC\ymc.exe [49032 2016-12-23] (LENOVO -> Lenovo)

===================== Drivers (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

S3 aftap0901; C:\WINDOWS\System32\drivers\aftap0901.sys [48624 2018-03-06] (AnchorFree Inc -> The OpenVPN Project)
S3 dg_ssudbus; C:\WINDOWS\system32\DRIVERS\ssudbus2.sys [159864 2021-06-29] (Samsung Electronics Co., Ltd. -> Samsung Electronics Co., Ltd.)
R1 ESProtectionDriver; C:\WINDOWS\system32\drivers\mbae64.sys [160176 2021-09-10] (Microsoft Windows Hardware Compatibility Publisher -> Malwarebytes)
S3 expressvpnsplittunnel; C:\Program Files (x86)\ExpressVPN\splittunnel\expressvpnsplittunnel.sys [37024 2021-01-18] (ExprsVPN LLC -> ExpressVPN)
R3 expressvpnwintun; C:\WINDOWS\System32\drivers\expressvpn-wintun.sys [46824 2021-01-18] (Express VPN International Ltd. -> ExpressVPN)
R2 MBAMChameleon; C:\WINDOWS\System32\Drivers\MbamChameleon.sys [210352 2021-12-01] (Microsoft Windows Hardware Compatibility Publisher -> Malwarebytes)
S0 MbamElam; C:\WINDOWS\System32\DRIVERS\MbamElam.sys [19912 2020-12-27] (Microsoft Windows Early Launch Anti-malware Publisher -> Malwarebytes)
R3 MBAMFarflt; C:\WINDOWS\System32\DRIVERS\farflt.sys [193448 2021-12-01] (Microsoft Windows Hardware Compatibility Publisher -> Malwarebytes)
R3 MBAMProtection; C:\WINDOWS\system32\DRIVERS\mbam.sys [69040 2021-12-01] (Microsoft Windows Hardware Compatibility Publisher -> Malwarebytes)
R3 MBAMSwissArmy; C:\WINDOWS\System32\Drivers\mbamswissarmy.sys [248992 2021-11-07] (Malwarebytes Inc -> Malwarebytes)
R3 MBAMWebProtection; C:\WINDOWS\system32\DRIVERS\mwac.sys [149424 2021-12-01] (Microsoft Windows Hardware Compatibility Publisher -> Malwarebytes)
S3 Netaapl; C:\WINDOWS\System32\drivers\netaapl64.sys [23040 2017-11-27] (Microsoft Windows Hardware Compatibility Publisher -> Apple Inc.)
S3 ssudmdm; C:\WINDOWS\system32\DRIVERS\ssudmdm.sys [167280 2020-11-11] (Samsung Electronics Co., Ltd. -> Samsung Electronics Co., Ltd.)
R3 tap0901; C:\WINDOWS\System32\drivers\tap0901.sys [39040 2018-08-15] (GZ Systems Limited -> The OpenVPN Project)
R3 tapexpressvpn; C:\WINDOWS\System32\drivers\tapexpressvpn.sys [52904 2021-01-18] (ExprsVPN LLC -> The OpenVPN Project)
S3 USBAAPL64; C:\WINDOWS\System32\Drivers\usbaapl64.sys [54784 2017-11-27] (Microsoft Windows Hardware Compatibility Publisher -> Apple, Inc.)
R3 WacHidRouterISD; C:\WINDOWS\system32\DRIVERS\wachidrouter_isd.sys [142424 2017-05-24] (Wacom Technology Corporation -> Wacom Technology, Corp.)
S0 WdBoot; C:\WINDOWS\System32\drivers\wd\WdBoot.sys [48520 2021-11-02] (Microsoft Windows Early Launch Anti-malware Publisher -> Microsoft Corporation)
S3 WDC_SAM; C:\WINDOWS\System32\drivers\wdcsam64.sys [26880 2015-11-12] (WDKTestCert wdclab,130885612892544312 -> Western Digital Technologies, Inc.)
R0 WdFilter; C:\WINDOWS\System32\drivers\wd\WdFilter.sys [435424 2021-11-02] (Microsoft Windows -> Microsoft Corporation)
R3 WdNisDrv; C:\WINDOWS\System32\drivers\wd\WdNisDrv.sys [86240 2021-11-02] (Microsoft Windows -> Microsoft Corporation)

==================== NetSvcs (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

==================== One month (created) (Whitelisted) =========

(If an entry is included in the fixlist, the file/folder will be moved.)

2021-12-01 22:16 - 2021-12-01 22:16 - 000033062 _____ C:\Users\baile\Desktop\FRST.txt
2021-12-01 22:14 - 2021-12-01 22:14 - 002311680 _____ (Farbar) C:\Users\baile\Desktop\FRST64.exe
2021-12-01 22:12 - 2021-12-01 22:12 - 000064513 _____ C:\Users\baile\Desktop\frst.htm
2021-12-01 21:51 - 2021-12-01 21:55 - 002311680 _____ (Farbar) C:\Users\baile\Downloads\FRST64.exe
2021-12-01 02:19 - 2021-12-01 02:19 - 008540344 _____ (Malwarebytes) C:\Users\baile\Desktop\adwcleaner_8.3.1(1).exe
2021-12-01 02:09 - 2021-12-01 02:09 - 000193448 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\farflt.sys
2021-12-01 02:09 - 2021-12-01 02:09 - 000149424 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\mwac.sys
2021-12-01 02:09 - 2021-12-01 02:09 - 000069040 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\mbam.sys
2021-12-01 02:08 - 2021-12-01 02:08 - 000210352 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\MbamChameleon.sys
2021-11-30 05:32 - 2021-11-30 05:32 - 000001942 _____ C:\Users\baile\Desktop\PC Health Check.lnk
2021-11-30 05:32 - 2021-11-30 05:32 - 000001352 _____ C:\Users\baile\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\PC Health Check.lnk
2021-11-30 05:32 - 2021-11-30 05:32 - 000000000 ___RD C:\Users\baile\AppData\Local\PCHealthCheck
2021-11-30 05:31 - 2021-11-30 05:31 - 014233600 _____ C:\Users\baile\Downloads\WindowsPCHealthCheckSetup.msi
2021-11-29 17:54 - 2021-11-29 17:54 - 000000000 ____D C:\Users\baile\AppData\Local\LogiBolt
2021-11-29 17:53 - 2021-11-29 17:54 - 000000000 ____D C:\ProgramData\Logishrd
2021-11-29 17:53 - 2021-11-29 17:53 - 000000000 ____D C:\Users\baile\AppData\Roaming\Logishrd
2021-11-29 17:53 - 2021-11-29 17:53 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Logitech
2021-11-29 17:53 - 2021-11-29 17:53 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Logi
2021-11-29 17:53 - 2021-11-29 17:53 - 000000000 ____D C:\Program Files\Logitech
2021-11-29 17:53 - 2021-11-29 17:53 - 000000000 ____D C:\Program Files\Logi
2021-11-28 16:23 - 2021-11-28 16:23 - 000000000 ____D C:\WINDOWS\Panther
2021-11-12 14:59 - 2021-11-12 14:59 - 000272384 _____ C:\WINDOWS\system32\TpmTool.exe
2021-11-12 14:59 - 2021-11-12 14:59 - 000223744 _____ C:\WINDOWS\SysWOW64\TpmTool.exe
2021-11-12 14:59 - 2021-11-12 14:59 - 000060928 _____ C:\WINDOWS\system32\runexehelper.exe
2021-11-12 14:59 - 2021-11-12 14:59 - 000011363 _____ C:\WINDOWS\system32\DrtmAuthTxt.wim
2021-11-12 14:53 - 2021-11-12 14:53 - 000000000 ___HD C:\$WinREAgent
2021-11-07 18:27 - 2021-11-07 18:27 - 000248992 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\mbamswissarmy.sys

==================== One month (modified) ==================

(If an entry is included in the fixlist, the file/folder will be moved.)

2021-12-01 22:16 - 2020-08-05 03:17 - 000000000 ____D C:\FRST
2021-12-01 22:10 - 2019-01-08 18:57 - 000000000 ____D C:\Users\baile\Documents\House
2021-12-01 22:10 - 2018-05-05 14:45 - 000000000 ____D C:\Users\baile\Documents\Pam
2021-12-01 21:58 - 2020-08-05 03:18 - 000039246 _____ C:\Users\baile\Downloads\Addition.txt
2021-12-01 21:58 - 2020-08-05 03:17 - 000042236 _____ C:\Users\baile\Downloads\FRST.txt
2021-12-01 21:58 - 2019-12-07 03:13 - 000000000 ____D C:\WINDOWS\INF
2021-12-01 21:26 - 2017-12-30 22:57 - 000000000 ____D C:\Program Files (x86)\Google
2021-12-01 21:01 - 2020-06-17 16:53 - 000000000 ____D C:\WINDOWS\system32\SleepStudy
2021-12-01 20:38 - 2019-12-07 03:14 - 000000000 ____D C:\ProgramData\regid.1991-06.com.microsoft
2021-12-01 20:21 - 2020-06-17 16:58 - 000004164 _____ C:\WINDOWS\system32\Tasks\User_Feed_Synchronization-{B393C7FE-B95B-48A2-8819-C5B1623E23B2}
2021-12-01 20:18 - 2019-12-07 03:14 - 000000000 ___HD C:\Program Files\WindowsApps
2021-12-01 20:18 - 2019-12-07 03:14 - 000000000 ____D C:\WINDOWS\AppReadiness
2021-12-01 02:14 - 2017-12-20 00:53 - 000000000 ____D C:\Users\baile\AppData\Local\Adobe
2021-12-01 02:00 - 2017-12-20 15:47 - 000000000 ____D C:\Users\baile\Documents\Outlook Files
2021-11-30 21:51 - 2019-10-01 20:08 - 000000000 ___HD C:\Users\Public\Documents\AdobeGCData
2021-11-30 16:07 - 2018-02-12 23:29 - 000000000 ____D C:\Users\baile\Documents\Recipies
2021-11-30 14:09 - 2020-06-17 16:59 - 000840602 _____ C:\WINDOWS\system32\PerfStringBackup.INI
2021-11-30 14:04 - 2020-06-17 16:58 - 000000000 ____D C:\WINDOWS\system32\Tasks\Lenovo
2021-11-30 05:39 - 2020-06-17 16:58 - 000000006 ____H C:\WINDOWS\Tasks\SA.DAT
2021-11-30 05:39 - 2020-06-17 16:53 - 000008192 ___SH C:\DumpStack.log.tmp
2021-11-30 05:39 - 2019-12-07 03:14 - 000000000 ____D C:\WINDOWS\ServiceState
2021-11-30 05:38 - 2019-12-07 03:03 - 001310720 _____ C:\WINDOWS\system32\config\BBI
2021-11-29 17:45 - 2019-12-07 03:03 - 000000000 ____D C:\WINDOWS\CbsTemp
2021-11-28 20:30 - 2020-01-16 21:03 - 000000000 ____D C:\Users\baile\Documents\2020 Calif Trip
2021-11-28 20:30 - 2018-01-05 00:16 - 000000000 ____D C:\Users\baile\Documents\2 Pam Health Savings Account
2021-11-28 16:23 - 2017-11-09 18:26 - 000000000 ____D C:\ProgramData\Lenovo
2021-11-26 23:41 - 2018-04-10 00:41 - 000000000 ____D C:\Users\baile\Documents\Battle Pirates
2021-11-26 23:01 - 2018-06-21 03:36 - 000000000 ____D C:\Users\baile\AppData\Local\CrashDumps
2021-11-26 23:00 - 2021-10-13 22:31 - 000003882 _____ C:\WINDOWS\system32\Tasks\HPPSDrTelemetryWatch
2021-11-26 22:39 - 2020-12-20 18:18 - 000000000 ____D C:\Users\baile\Documents\Christmas
2021-11-25 21:02 - 2018-01-05 00:17 - 000000000 ____D C:\Users\baile\Documents\Verizon
2021-11-25 15:52 - 2020-06-26 02:38 - 000002445 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Edge.lnk
2021-11-25 15:52 - 2020-06-26 02:38 - 000002283 _____ C:\Users\Public\Desktop\Microsoft Edge.lnk
2021-11-19 13:49 - 2018-06-17 15:34 - 000000000 ____D C:\ProgramData\Packages
2021-11-19 03:34 - 2017-12-20 16:49 - 000000000 ____D C:\Program Files\Microsoft Office 15
2021-11-18 14:01 - 2020-07-13 22:29 - 000002267 _____ C:\Users\Public\Desktop\Google Chrome.lnk
2021-11-18 14:01 - 2017-12-30 22:58 - 000002308 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk
2021-11-17 23:50 - 2020-06-17 16:58 - 000003376 _____ C:\WINDOWS\system32\Tasks\OneDrive Standalone Update Task-S-1-5-21-260720292-2504253849-2348319339-1001
2021-11-17 23:50 - 2020-06-17 16:31 - 000002386 _____ C:\Users\baile\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\OneDrive.lnk
2021-11-17 16:36 - 2018-05-27 12:01 - 000000000 ____D C:\Users\baile\Documents\DNR Licenses
2021-11-17 16:11 - 2020-06-26 02:38 - 000003480 _____ C:\WINDOWS\system32\Tasks\MicrosoftEdgeUpdateTaskMachineUA
2021-11-17 16:11 - 2020-06-26 02:38 - 000003356 _____ C:\WINDOWS\system32\Tasks\MicrosoftEdgeUpdateTaskMachineCore
2021-11-13 00:27 - 2020-06-17 16:53 - 000442704 _____ C:\WINDOWS\system32\FNTCACHE.DAT
2021-11-13 00:26 - 2019-12-07 03:14 - 000000000 ___SD C:\WINDOWS\system32\DiagSvcs
2021-11-13 00:26 - 2019-12-07 03:14 - 000000000 ___RD C:\WINDOWS\ImmersiveControlPanel
2021-11-13 00:26 - 2019-12-07 03:14 - 000000000 ____D C:\WINDOWS\SysWOW64\setup
2021-11-13 00:26 - 2019-12-07 03:14 - 000000000 ____D C:\WINDOWS\SysWOW64\Dism
2021-11-13 00:26 - 2019-12-07 03:14 - 000000000 ____D C:\WINDOWS\SystemResources
2021-11-13 00:26 - 2019-12-07 03:14 - 000000000 ____D C:\WINDOWS\system32\setup
2021-11-13 00:26 - 2019-12-07 03:14 - 000000000 ____D C:\WINDOWS\system32\oobe
2021-11-13 00:26 - 2019-12-07 03:14 - 000000000 ____D C:\WINDOWS\system32\Dism
2021-11-13 00:26 - 2019-12-07 03:14 - 000000000 ____D C:\WINDOWS\ShellExperiences
2021-11-13 00:26 - 2019-12-07 03:14 - 000000000 ____D C:\WINDOWS\bcastdvr
2021-11-13 00:26 - 2019-12-07 03:03 - 000000000 ____D C:\WINDOWS\servicing
2021-11-11 14:32 - 2017-12-20 01:27 - 000000000 ____D C:\WINDOWS\system32\MRT
2021-11-11 14:30 - 2017-12-20 01:26 - 141529560 ____C (Microsoft Corporation) C:\WINDOWS\system32\MRT.exe
2021-11-09 12:59 - 2017-12-19 21:12 - 000000000 ____D C:\Users\baile\AppData\Local\Packages
2021-11-07 22:57 - 2018-10-20 15:40 - 000000000 ____D C:\Users\baile\Documents\Margie
2021-11-07 11:50 - 2018-03-31 18:25 - 000000000 ____D C:\Users\baile\Documents\Margie Birthday
2021-11-05 12:06 - 2017-12-19 19:38 - 000000000 ____D C:\Users\baile\AppData\Local\Comms
2021-11-03 00:40 - 2018-01-05 00:16 - 000000000 ____D C:\Users\baile\Documents\Computer
2021-11-02 12:37 - 2018-04-13 04:22 - 000000000 ____D C:\WINDOWS\system32\Drivers\wd
2021-11-01 21:45 - 2021-05-09 02:29 - 000000000 ____D C:\Program Files\HPPrintScanDoctor

==================== Files in the root of some directories ========

2019-08-16 18:02 - 2019-08-16 18:02 - 000000000 _____ () C:\Users\baile\AppData\Local\BITCC06.tmp
2019-08-16 18:02 - 2019-08-16 18:02 - 000000000 _____ () C:\Users\baile\AppData\Local\BITCC36.tmp
2018-09-25 22:03 - 2018-09-25 22:03 - 000000000 _____ () C:\Users\baile\AppData\Local\oobelibMkey.log
2019-08-09 16:03 - 2019-08-09 16:03 - 000000017 _____ () C:\Users\baile\AppData\Local\resmon.resmoncfg

==================== SigCheck ============================

(There is no automatic fix for files that do not pass verification.)

==================== End of FRST.txt ========================
 
#3 ·
Additional scan result of Farbar Recovery Scan Tool (x64) Version: 01-12-2021
Ran by bailey (01-12-2021 22:17:10)
Running from C:\Users\baile\Desktop
Microsoft Windows 10 Home Version 20H2 19042.1348 (X64) (2020-06-17 22:58:59)
Boot Mode: Normal
==========================================================

==================== Accounts: =============================

(If an entry is included in the fixlist, it will be removed.)

Administrator (S-1-5-21-260720292-2504253849-2348319339-500 - Administrator - Disabled)
Baile (S-1-5-21-260720292-2504253849-2348319339-1002 - Limited - Disabled)
bailey (S-1-5-21-260720292-2504253849-2348319339-1001 - Administrator - Enabled) => C:\Users\baile
DefaultAccount (S-1-5-21-260720292-2504253849-2348319339-503 - Limited - Disabled)
Guest (S-1-5-21-260720292-2504253849-2348319339-501 - Limited - Disabled)
supportaccount (S-1-5-21-260720292-2504253849-2348319339-1003 - Administrator - Enabled) => C:\Users\supportaccount
WDAGUtilityAccount (S-1-5-21-260720292-2504253849-2348319339-504 - Limited - Disabled)

==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AV: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AV: Malwarebytes (Enabled - Up to date) {23007AD3-69FE-687C-2629-D584AFFAF72B}
AS: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

==================== Installed Programs ======================

(Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

Adobe Genuine Service (HKLM-x32\...\AdobeGenuineService) (Version: - Adobe)
Amazon Games (HKU\S-1-5-21-260720292-2504253849-2348319339-1001\...\{4DD10B06-78A4-4E6F-AA39-25E9C38FA568}) (Version: 2.1.5699.1 - Amazon.com Services, Inc.)
Amazon Photos (HKU\S-1-5-21-260720292-2504253849-2348319339-1001\...\Amazon Photos) (Version: 6.5.0 - Amazon.com, Inc.)
Apple Application Support (32-bit) (HKLM-x32\...\{C3A282C9-4C8B-4A63-B449-3A064FB378D7}) (Version: 8.2 - Apple Inc.)
Apple Application Support (64-bit) (HKLM\...\{CC046FB9-E84E-4092-B924-DBE33DA2BE75}) (Version: 8.2 - Apple Inc.)
Apple Mobile Device Support (HKLM\...\{74CC99EB-7DC0-4CB0-847A-F8C2FE39690C}) (Version: 14.5.0.7 - Apple Inc.)
Apple Software Update (HKLM-x32\...\{A3985C05-7386-411F-A4BF-32A73F37EB44}) (Version: 2.6.3.1 - Apple Inc.)
Bonjour (HKLM\...\{56DDDFB8-7F79-4480-89D5-25E1F52AB28F}) (Version: 3.1.0.1 - Apple Inc.)
Cortona3D Viewer (HKLM\...\{71C24FD8-9FA4-4727-B1CB-E22B1E6D8403}) (Version: 8.6.212 - ParallelGraphics)
Dolby Atmos Windows API SDK (HKLM\...\{1F4A261B-588C-4A43-B1F0-49365AC430C7}) (Version: 1.1.3.23 - Dolby Laboratories, Inc.)
Dolby Atmos Windows APP (HKLM\...\{3CCE82BF-69CF-4172-8AFE-1DACB991A62B}) (Version: 1.1.3.21 - Dolby Laboratories, Inc.)
Epic Games Launcher Prerequisites (x64) (HKLM\...\{F9C5C994-F6B9-4D75-B3E7-AD01B84073E9}) (Version: 1.0.0.0 - Epic Games, Inc.) Hidden
ExpressVPN (HKLM-x32\...\{57e033a5-c75e-4823-83af-c1b6b3b759ab}) (Version: 10.0.9.2 - ExpressVPN)
ExpressVPN (HKLM-x32\...\{E5B9C3E5-889C-4F22-A959-F4B876CD0833}) (Version: 10.0.9.2 - ExpressVPN) Hidden
Fitbit Connect (HKLM-x32\...\{F76678F2-2FF6-40D7-9B16-A39B0A820ED2}) (Version: 1.0.3.5512 - Fitbit Inc.)
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 96.0.4664.45 - Google LLC)
Grammarly (HKU\S-1-5-21-260720292-2504253849-2348319339-1001\...\GrammarlyForWindows) (Version: 1.5.45 - Grammarly)
Grammarly for Microsoft® Office Suite (HKLM\...\{DE46CC28-5477-4CFB-9AE2-8C7C111E3EE7}) (Version: 6.8.261 - Grammarly) Hidden
Grammarly for Microsoft® Office Suite (HKU\S-1-5-21-260720292-2504253849-2348319339-1001\...\{ee962c45-b827-4262-a720-3a939910ce37}) (Version: 6.8.261 - Grammarly)
I.R.I.S. OCR (HKLM-x32\...\{CA6BCA2F-EDEB-408F-850B-31404BE16A61}) (Version: 12.3.4.0 - HP)
iCloud Outlook (HKLM\...\{969F33A2-7E0F-43FC-8896-6EF0C028CA12}) (Version: 10.9.0.9 - Apple Inc.)
Intel(R) Chipset Device Software (HKLM-x32\...\{bb0592a7-5772-4736-9d55-2402740085db}) (Version: 10.1.1.38 - Intel(R) Corporation) Hidden
Intel(R) Management Engine Components (HKLM\...\{1CEAC85D-2590-4760-800F-8DE5E91F3700}) (Version: 11.6.0.1039 - Intel Corporation)
Intel(R) Processor Graphics (HKLM-x32\...\{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}) (Version: 21.20.16.4627 - Intel Corporation) Hidden
iTunes (HKLM\...\{653C59E1-B78D-4D82-9259-C14DFD9F6EFC}) (Version: 12.11.3.17 - Apple Inc.)
Launcher Prerequisites (x64) (HKLM-x32\...\{43a03b9c-4770-409c-a999-587b60700b63}) (Version: 1.0.0.0 - Epic Games, Inc.) Hidden
Launcher Prerequisites (x64) (HKLM-x32\...\{c6c5a357-c7ca-4a5f-9789-3bb1af579253}) (Version: 1.0.0.0 - Epic Games, Inc.) Hidden
Lenovo Migration Assistant (HKLM\...\Lenovo Migration Assistant_is1) (Version: 1.0.1.12 - Lenovo)
Lenovo Vantage Service (HKLM-x32\...\VantageSRV_is1) (Version: 3.9.23.0 - Lenovo Group Ltd.)
Lenovo Yoga Mode Control (HKLM\...\{3F2E25D6-49D3-45D5-A7BD-13F5D6F64171}_is1) (Version: 2.0.0.9 - Lenovo)
Logi Bolt (HKLM\...\LogiBolt) (Version: 1.01.415.0 - Logi)
Logitech Options (HKLM\...\LogiOptions) (Version: 9.40.86 - Logitech)
Luminar 4 (HKLM\...\Luminar 4) (Version: 4.3.0.7119 - Skylum)
Malwarebytes version 4.4.10.144 (HKLM\...\{35065F43-4BB2-439A-BFF7-0F1014F2E0CD}_is1) (Version: 4.4.10.144 - Malwarebytes)
Microsoft Edge (HKLM-x32\...\Microsoft Edge) (Version: 96.0.1054.34 - Microsoft Corporation)
Microsoft Office Professional 2013 - en-us (HKLM\...\ProfessionalRetail - en-us) (Version: 15.0.5397.1002 - Microsoft Corporation)
Microsoft OneDrive (HKU\S-1-5-21-260720292-2504253849-2348319339-1001\...\OneDriveSetup.exe) (Version: 21.220.1024.0005 - Microsoft Corporation)
Microsoft OneDrive (HKU\S-1-5-21-260720292-2504253849-2348319339-1003\...\OneDriveSetup.exe) (Version: 20.124.0621.0006 - Microsoft Corporation)
Microsoft Update Health Tools (HKLM\...\{29B15818-E79F-4AB0-8938-9410C807AD76}) (Version: 2.84.0.0 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{7299052b-02a4-4627-81f2-1818da5d550d}) (Version: 8.0.56336 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{071c9b48-7c32-4621-a0ac-3f809523288f}) (Version: 8.0.56336 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.61030 (HKLM-x32\...\{ca67548a-5ebe-413a-b50c-4b9ceb6d66c6}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.61030 (HKLM-x32\...\{33d1fd90-4274-48a1-9bc1-97e33d9c2d6f}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x64) - 12.0.30501 (HKLM-x32\...\{050d4fc8-5d48-4b8f-8972-47c82c46020f}) (Version: 12.0.30501.0 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x64) - 12.0.40660 (HKLM-x32\...\{ef6b00ec-13e1-4c25-9064-b2f383cb8412}) (Version: 12.0.40660.0 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.30501 (HKLM-x32\...\{f65db027-aff3-4070-886a-0d87064aabb1}) (Version: 12.0.30501.0 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.40660 (HKLM-x32\...\{61087a79-ac85-455c-934d-1fa22cc64f36}) (Version: 12.0.40660.0 - Microsoft Corporation)
Microsoft Visual C++ 2015-2019 Redistributable (x64) - 14.23.27820 (HKLM-x32\...\{852adda4-4c78-4a38-b583-c0b360a329d6}) (Version: 14.23.27820.0 - Microsoft Corporation)
Microsoft Visual C++ 2017 Redistributable (x86) - 14.15.26706 (HKLM-x32\...\{7e9fae12-5bbf-47fb-b944-09c49e75c061}) (Version: 14.15.26706.0 - Microsoft Corporation)
Office 15 Click-to-Run Extensibility Component (HKLM-x32\...\{90150000-008C-0000-0000-0000000FF1CE}) (Version: 15.0.5397.1002 - Microsoft Corporation) Hidden
Office 15 Click-to-Run Licensing Component (HKLM\...\{90150000-008F-0000-1000-0000000FF1CE}) (Version: 15.0.5397.1002 - Microsoft Corporation) Hidden
Office 15 Click-to-Run Localization Component (HKLM-x32\...\{90150000-008C-0409-0000-0000000FF1CE}) (Version: 15.0.5397.1002 - Microsoft Corporation) Hidden
OverDrive for Windows (HKLM-x32\...\{FF27E73D-C30A-4F32-B2D7-22069F01DDB9}) (Version: 3.6.0 - OverDrive, Inc.)
Polarr (HKU\S-1-5-21-260720292-2504253849-2348319339-1001\...\Polarr) (Version: 1.0.0 - Polarr, Inc.)
Polarr (HKU\S-1-5-21-260720292-2504253849-2348319339-1003\...\Polarr) (Version: 1.0.0 - Polarr, Inc.)
Skype Meetings App (HKLM-x32\...\{BC1D9E47-8927-4AA1-A891-7763BC2475B7}) (Version: 16.2.0.511 - Microsoft Corporation)
Steam (HKLM-x32\...\Steam) (Version: 2.10.91.91 - Valve Corporation)
Update for Windows 10 for x64-based Systems (KB4023057) (HKLM\...\{16AD6161-2E47-4BF1-AA77-0946EFE93E08}) (Version: 2.61.0.0 - Microsoft Corporation)
Vulkan Run Time Libraries 1.0.33.0 (HKLM\...\VulkanRT1.0.33.0) (Version: 1.0.33.0 - LunarG, Inc.)
Vulkan Run Time Libraries 1.0.42.0 (HKLM\...\VulkanRT1.0.42.0) (Version: 1.0.42.0 - LunarG, Inc.) Hidden
Vulkan Run Time Libraries 1.0.42.0 (HKLM\...\VulkanRT1.0.42.0-2) (Version: 1.0.42.0 - LunarG, Inc.) Hidden
Vulkan Run Time Libraries 1.0.42.0 (HKLM\...\VulkanRT1.0.42.0-3) (Version: 1.0.42.0 - LunarG, Inc.) Hidden
Vulkan Run Time Libraries 1.0.42.0 (HKLM\...\VulkanRT1.0.42.0-4) (Version: 1.0.42.0 - LunarG, Inc.) Hidden
Vulkan Run Time Libraries 1.0.42.0 (HKLM\...\VulkanRT1.0.42.0-5) (Version: 1.0.42.0 - LunarG, Inc.)
Wacom Pen (HKLM\...\ISD Tablet Driver) (Version: 7.3.4-38 - Wacom Technology Corp.)
Wacom Tablet (HKLM\...\Wacom Tablet Driver) (Version: 6.3.29-6 - Wacom Technology Corp.)
WD Backup (HKLM-x32\...\{09C422A7-0421-40A5-933A-9177BEDF9B3B}) (Version: 1.9.6598.18388 - Western Digital Technologies, Inc) Hidden
WD Backup (HKLM-x32\...\{61ccf853-a113-4862-9d4a-6dd2b869c9db}) (Version: 1.9.6598.18388 - Western Digital Technologies, Inc.)
Windows 10 Update Assistant (HKLM-x32\...\{D5C69738-B486-402E-85AC-2456D98A64E4}) (Version: 1.4.9200.22589 - Microsoft Corporation)
Windows PC Health Check (HKLM\...\{014B7442-C784-45D3-A152-F7D2C651F28A}) (Version: 3.3.2110.22002 - Microsoft Corporation)
Windows PC Health Check (HKLM\...\{B1E7D0FD-7CFE-4E0C-A5DA-0F676499DB91}) (Version: 3.2.2110.14001 - Microsoft Corporation)
Zoom (HKU\S-1-5-21-260720292-2504253849-2348319339-1001\...\ZoomUMX) (Version: 5.4.3 (58891.1115) - Zoom Video Communications, Inc.)

Packages:
=========
Autodesk SketchBook -> C:\Program Files\WindowsApps\89006A2E.AutodeskSketchBook_5.1.0.0_x64__tf1gferkr813w [2020-09-27] (Autodesk Inc.)
Bamboo Paper -> C:\Program Files\WindowsApps\D91E29CF.BambooPaper_2.0.23.0_x64__38kynpdw5g1aw [2021-11-18] (Wacom Europe GmbH)
Facebook -> C:\Program Files\WindowsApps\FACEBOOK.FACEBOOK_2021.927.1.0_neutral__8xx8rvfyw5nnt [2021-10-01] (Facebook Inc)
Fitbit -> C:\Program Files\WindowsApps\Fitbit.Fitbit_2.44.1997.0_x64__6mqt6hf9g46tw [2020-09-27] (Fitbit)
HP Smart -> C:\Program Files\WindowsApps\AD2F1837.HPPrinterControl_132.3.262.0_x64__v10z8vjag6ke6 [2021-11-19] (HP Inc.)
iCloud -> C:\Program Files\WindowsApps\AppleInc.iCloud_12.5.74.0_x86__nzyj5cx40ttqa [2021-08-26] (Apple Inc.) [Startup Task]
Instagram -> C:\Program Files\WindowsApps\Facebook.InstagramBeta_42.0.19.0_neutral__8xx8rvfyw5nnt [2021-11-04] (Instagram)
Journalist -> C:\Program Files\WindowsApps\49752MichaelS.Scherotter.Journalist_1.1.631.0_x64__9eg5g21zq32qm [2021-07-27] (Michael S. Scherotter)
LastPass: Free Password Manager -> C:\Program Files\WindowsApps\LastPass.LastPassFreePasswordManager_4.69.0.0_neutral__qq0fmhteeht3j [2021-04-15] (LastPass)
Lenovo Account Portal -> C:\Program Files\WindowsApps\LenovoCorporation.LenovoID_2.0.37.0_x86__4642shxvsv8s2 [2020-09-27] (LENOVO INCORPORATED.)
Lenovo Vantage -> C:\Program Files\WindowsApps\E046963F.LenovoCompanion_10.2110.17.0_x64__k1h2ywk1493x8 [2021-11-18] (LENOVO INC.)
Libby, by OverDrive -> C:\Program Files\WindowsApps\2FA138F6.LibbybyOverDrive_1.4.2.0_x64__daecb9042jmvt [2020-09-27] (OverDrive Inc.)
Messenger -> C:\Program Files\WindowsApps\FACEBOOK.317180B0BB486_1300.7.115.0_x64__8xx8rvfyw5nnt [2021-11-10] (Facebook Inc) [Startup Task]
Microsoft Advertising SDK for XAML -> C:\Program Files\WindowsApps\Microsoft.Advertising.Xaml_10.1811.1.0_x64__8wekyb3d8bbwe [2020-09-27] (Microsoft Corporation) [MS Ad]
Microsoft Advertising SDK for XAML -> C:\Program Files\WindowsApps\Microsoft.Advertising.Xaml_10.1811.1.0_x86__8wekyb3d8bbwe [2020-09-27] (Microsoft Corporation) [MS Ad]
Microsoft Solitaire Collection -> C:\Program Files\WindowsApps\Microsoft.MicrosoftSolitaireCollection_4.10.10270.0_x64__8wekyb3d8bbwe [2021-10-31] (Microsoft Studios) [MS Ad]
Microsoft Whiteboard -> C:\Program Files\WindowsApps\Microsoft.Whiteboard_51.10913.5796.0_x64__8wekyb3d8bbwe [2021-12-01] (Microsoft Corporation)
Netflix -> C:\Program Files\WindowsApps\4DF9E0F8.Netflix_6.97.752.0_x64__mcm4njqhnhss8 [2021-04-15] (Netflix, Inc.)
OverDrive - Library eBooks & Audiobooks -> C:\Program Files\WindowsApps\2FA138F6.OverDriveMediaConsole_3.8.0.5_neutral__daecb9042jmvt [2020-09-27] (OverDrive Inc.)
Pandora -> C:\Program Files\WindowsApps\PandoraMediaInc.29680B314EFC2_15.0.3.0_x64__n619g4d5j0fnw [2020-09-27] (Pandora Media Inc) [Startup Task]
Photos Add-on -> C:\Program Files\WindowsApps\Microsoft.Windows.Photos.DLC.Main_2021.39122.10110.0_x64__8wekyb3d8bbwe [2021-04-15] (Microsoft Corporation)
Photos Media Engine Add-on -> C:\Program Files\WindowsApps\Microsoft.Photos.MediaEngineDLC_1.0.0.0_x64__8wekyb3d8bbwe [2020-09-27] (Microsoft Corporation)
Spotify Music -> C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.173.517.0_x86__zpdnekdrzrea0 [2021-11-26] (Spotify AB) [Startup Task]

==================== Custom CLSID (Whitelisted): ==============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

CustomCLSID: HKU\S-1-5-21-260720292-2504253849-2348319339-1001_Classes\CLSID\{018D5C66-4533-4307-9B53-224DE2ED1FE6} -> [OneDrive - Personal] => {a52bba46-e9e1-435f-b3d9-28daa648c0f6}
CustomCLSID: HKU\S-1-5-21-260720292-2504253849-2348319339-1001_Classes\CLSID\{2AD206F1-152C-4F9D-A24E-6F93FE7A4AFC}\InprocServer32 -> C:\Users\baile\AppData\Local\Grammarly\Grammarly for Microsoft Office Suite\6.8.261\D457D793AD\GrammarlyShim64.dll (Grammarly, Inc. -> CompanyName)
CustomCLSID: HKU\S-1-5-21-260720292-2504253849-2348319339-1001_Classes\CLSID\{3E3AD4BD-346A-460A-80E8-90699B75C00B}\InprocServer32 -> C:\Users\baile\AppData\Local\Microsoft\SkypeForBusinessPlugin\16.2.0.511\GatewayActiveX-x64.dll (Microsoft Corporation -> Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-260720292-2504253849-2348319339-1001_Classes\CLSID\{4BE56754-B616-4998-B825-D16983AEE1B2}\InprocServer32 -> C:\Users\baile\AppData\Local\Grammarly\Grammarly for Microsoft Office Suite\6.8.261\D457D793AD\Grammarly.AddIn.Connect.ActiveX.dll (Grammarly, Inc. -> Grammarly)
ContextMenuHandlers3: [MBAMShlExt] -> {57CE581A-0CB6-4266-9CA0-19364C90A0B3} => C:\Program Files\Malwarebytes\Anti-Malware\mbshlext.dll [2020-08-03] (Malwarebytes Corporation -> Malwarebytes)
ContextMenuHandlers5: [igfxDTCM] -> {9B5F5829-A529-4B12-814A-E81BCB8D93FC} => C:\WINDOWS\System32\DriverStore\FileRepository\igdlh64.inf_amd64_3d757484a892eacf\igfxDTCM.dll [2017-09-18] (Microsoft Windows Hardware Compatibility Publisher -> Intel Corporation)
ContextMenuHandlers6: [MBAMShlExt] -> {57CE581A-0CB6-4266-9CA0-19364C90A0B3} => C:\Program Files\Malwarebytes\Anti-Malware\mbshlext.dll [2020-08-03] (Malwarebytes Corporation -> Malwarebytes)

==================== Codecs (Whitelisted) ====================

==================== Shortcuts & WMI ========================

(The entries could be listed to be restored or removed.)

ShortcutWithArgument: C:\Users\baile\Desktop\Hulu.lnk -> C:\Program Files (x86)\Google\Chrome\Application\chrome_proxy.exe (Google LLC) -> --profile-directory=Default --app-id=epffkfffophpagfbbklffindaiconkmc
ShortcutWithArgument: C:\Users\baile\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Hulu.lnk -> C:\Program Files (x86)\Google\Chrome\Application\chrome_proxy.exe (Google LLC) -> --profile-directory=Default --app-id=epffkfffophpagfbbklffindaiconkmc

==================== Loaded Modules (Whitelisted) =============

2015-09-11 14:17 - 2015-09-11 14:17 - 001374208 ____R (The OpenSSL Project, hxxp://www.openssl.org/) [File not signed] C:\Users\baile\Downloads\LIBEAY32.dll

==================== Alternate Data Streams (Whitelisted) ========

==================== Safe Mode (Whitelisted) ==================

(If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)

HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MBAMService => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\MBAMService => ""="Service"

==================== Association (Whitelisted) =================

==================== Internet Explorer (Whitelisted) ==========

HKU\S-1-5-21-260720292-2504253849-2348319339-1001\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://lenovo17win10.msn.com/?pc=LCTE
HKU\S-1-5-21-260720292-2504253849-2348319339-1001\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://lenovo17win10.msn.com/?pc=LCTE
HKU\S-1-5-21-260720292-2504253849-2348319339-1001\Software\Microsoft\Internet Explorer\Main,Secondary Start Pages = hxxp://mystart.lenovo.com/
SearchScopes: HKLM -> DefaultScope {D4DBA3E0-BA8B-43C2-9BDB-2CD84DB0CF9F} URL = hxxp://www.bing.com/search?q={searchTerms}&form=PRLNC1&src=IE11TR&pc=LCTE
SearchScopes: HKLM -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
SearchScopes: HKLM -> {D4DBA3E0-BA8B-43C2-9BDB-2CD84DB0CF9F} URL = hxxp://www.bing.com/search?q={searchTerms}&form=PRLNC1&src=IE11TR&pc=LCTE
SearchScopes: HKLM-x32 -> DefaultScope {D4DBA3E0-BA8B-43C2-9BDB-2CD84DB0CF9F} URL = hxxp://www.bing.com/search?q={searchTerms}&form=PRLNC1&src=IE11TR&pc=LCTE
SearchScopes: HKLM-x32 -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
SearchScopes: HKLM-x32 -> {D4DBA3E0-BA8B-43C2-9BDB-2CD84DB0CF9F} URL = hxxp://www.bing.com/search?q={searchTerms}&form=PRLNC1&src=IE11TR&pc=LCTE
SearchScopes: HKU\S-1-5-21-260720292-2504253849-2348319339-1001 -> DefaultScope {D4DBA3E0-BA8B-43C2-9BDB-2CD84DB0CF9F} URL =
SearchScopes: HKU\S-1-5-21-260720292-2504253849-2348319339-1001 -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxp://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IESR02
SearchScopes: HKU\S-1-5-21-260720292-2504253849-2348319339-1001 -> {D4DBA3E0-BA8B-43C2-9BDB-2CD84DB0CF9F} URL =
BHO: Skype for Business Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX64\Microsoft Office\Office15\OCHelper.dll [2021-03-17] (Microsoft Corporation -> Microsoft Corporation)
BHO: Microsoft SkyDrive Pro Browser Helper -> {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} -> C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX64\Microsoft Office\Office15\GROOVEEX.DLL [2021-10-19] (Microsoft Corporation -> Microsoft Corporation)
Handler-x32: osf - {D924BDC6-C83A-4BD5-90D0-095128A113D1} - C:\Program Files\Microsoft Office 15\root\Office15\MSOSB.DLL [2017-12-20] (Microsoft Corporation -> Microsoft Corporation)

==================== Hosts content: =========================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2017-03-18 15:03 - 2019-07-11 01:06 - 000000830 _____ C:\WINDOWS\system32\drivers\etc\hosts

2018-08-20 13:44 - 2021-04-03 23:13 - 000000443 _____ C:\WINDOWS\system32\drivers\etc\hosts.ics

==================== Other Areas ===========================

(Currently there is no automatic fix for this section.)

HKU\S-1-5-21-260720292-2504253849-2348319339-1001\Control Panel\Desktop\\Wallpaper -> c:\users\baile\pictures\saved pictures\1 my kids and family\brady and ricki\2_devils lake j (8).jpg
HKU\S-1-5-21-260720292-2504253849-2348319339-1003\Control Panel\Desktop\\Wallpaper -> C:\WINDOWS\web\wallpaper\Windows\img0.jpg
DNS Servers: 192.168.1.1
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1)
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer => (SmartScreenEnabled: )
Windows Firewall is enabled.

==================== MSCONFIG/TASK MANAGER disabled items ==

(If an entry is included in the fixlist, it will be removed.)

MSCONFIG\Services: EasyAntiCheat => 3
MSCONFIG\Services: WTabletServiceISD => 2
MSCONFIG\Services: WTabletServicePro => 2
HKLM\...\StartupApproved\Run: => "Logitech Download Assistant"
HKLM\...\StartupApproved\Run: => "iTunesHelper"
HKLM\...\StartupApproved\Run32: => "Adobe Creative Cloud"
HKLM\...\StartupApproved\Run32: => "Fitbit Connect"
HKLM\...\StartupApproved\Run32: => "Polarr"
HKU\S-1-5-21-260720292-2504253849-2348319339-1001\...\StartupApproved\StartupFolder: => "Facebook Gameroom.lnk"
HKU\S-1-5-21-260720292-2504253849-2348319339-1001\...\StartupApproved\Run: => "OneDrive"
HKU\S-1-5-21-260720292-2504253849-2348319339-1001\...\StartupApproved\Run: => "iCloudServices"
HKU\S-1-5-21-260720292-2504253849-2348319339-1001\...\StartupApproved\Run: => "iCloudDrive"
HKU\S-1-5-21-260720292-2504253849-2348319339-1001\...\StartupApproved\Run: => "Fitbit Connect"
HKU\S-1-5-21-260720292-2504253849-2348319339-1001\...\StartupApproved\Run: => "Steam"
HKU\S-1-5-21-260720292-2504253849-2348319339-1001\...\StartupApproved\Run: => "EpicGamesLauncher"

==================== FirewallRules (Whitelisted) ================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

FirewallRules: [UDP Query User{FB915863-E8D0-430A-BAF4-DFE4634B338A}C:\users\baile\appdata\local\microsoft\skypeforbusinessplugin\16.2.0.511\pluginhost.exe] => (Allow) C:\users\baile\appdata\local\microsoft\skypeforbusinessplugin\16.2.0.511\pluginhost.exe (Microsoft Corporation -> Microsoft Corporation)
FirewallRules: [TCP Query User{131D7F90-ACA0-4069-96D0-1F3A00E14292}C:\users\baile\appdata\local\microsoft\skypeforbusinessplugin\16.2.0.511\pluginhost.exe] => (Allow) C:\users\baile\appdata\local\microsoft\skypeforbusinessplugin\16.2.0.511\pluginhost.exe (Microsoft Corporation -> Microsoft Corporation)
FirewallRules: [{F110E177-1997-42B6-AB07-24234331214B}] => (Allow) C:\Program Files\Microsoft Office 15\root\Office15\outlook.exe (Microsoft Corporation -> Microsoft Corporation)
FirewallRules: [{BB9E4FCE-C6D4-4D79-A5B5-6596087E3486}] => (Allow) C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc. -> Apple Inc.)
FirewallRules: [{205AC0AE-3A23-4EFF-9D8D-1407C7350A9B}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe (Apple Inc. -> Apple Inc.)
FirewallRules: [{0FD7C4B0-A458-45A0-A28F-74DD83578761}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe (Apple Inc. -> Apple Inc.)
FirewallRules: [{6733E1F9-EA29-4E45-9CFA-FD25A297EAB6}] => (Allow) C:\Program Files (x86)\Bonjour\mDNSResponder.exe (Apple Inc. -> Apple Inc.)
FirewallRules: [{DB029122-856A-4900-896E-B5F828836049}] => (Allow) C:\Program Files (x86)\Bonjour\mDNSResponder.exe (Apple Inc. -> Apple Inc.)
FirewallRules: [{804A7CAC-7F3A-4DBB-891F-7190D303AFB7}] => (Allow) C:\Program Files\Lenovo\Lenovo Migration Assistant\MigrationAssistant.exe (Lenovo -> )
FirewallRules: [{72732D93-EF99-4D73-BA99-C6A0CE94331C}] => (Allow) C:\Program Files\Lenovo\Lenovo Migration Assistant\MigrationAssistant.exe (Lenovo -> )
FirewallRules: [{FAF09736-6A4E-4DC2-B805-66E05FDBF34F}] => (Allow) C:\Program Files\Lenovo\Lenovo Migration Assistant\maService.exe (Lenovo -> )
FirewallRules: [{99585B7F-5666-4DDC-8E2E-1589685D4EA1}] => (Allow) C:\Program Files\Lenovo\Lenovo Migration Assistant\maService.exe (Lenovo -> )
FirewallRules: [{79DACE7C-7FD1-4534-8DB6-A4C01272E426}] => (Allow) C:\Users\baile\AppData\Local\Temp\7zS6307\HPDiagnosticCoreUI.exe => No File
FirewallRules: [{B90D8F06-67FB-438F-BB03-1F9B0BE888D6}] => (Allow) C:\Users\baile\AppData\Local\Temp\7zS6307\HPDiagnosticCoreUI.exe => No File
FirewallRules: [{E54CB9F1-20C0-41D4-8AFC-40C587F5A399}] => (Allow) C:\Users\baile\New folder\Steam.exe (Valve -> Valve Corporation)
FirewallRules: [{AB9F7C8B-357B-4AA5-8551-8FC526F6C262}] => (Allow) C:\Users\baile\New folder\Steam.exe (Valve -> Valve Corporation)
FirewallRules: [{FBAB87EB-3143-438F-A499-4B2B87274C23}] => (Allow) C:\Users\baile\New folder\bin\cef\cef.win7\steamwebhelper.exe => No File
FirewallRules: [{9855952E-5160-4906-86E7-81AC8D76D02F}] => (Allow) C:\Users\baile\New folder\bin\cef\cef.win7\steamwebhelper.exe => No File
FirewallRules: [{CCCC2654-EEB2-49C0-9DE2-FA07E08758E9}] => (Allow) C:\Users\baile\New folder\steamapps\common\Rebel Forces\RebelForces.exe () [File not signed]
FirewallRules: [{1C84C52E-82C6-4AC8-8B61-CFEEDFDD7ECA}] => (Allow) C:\Users\baile\New folder\steamapps\common\Rebel Forces\RebelForces.exe () [File not signed]
FirewallRules: [{6BF03055-F70E-4244-BA2F-FDDEDF019799}] => (Allow) C:\Users\baile\AppData\Roaming\Zoom\bin\Zoom.exe (Zoom Video Communications, Inc. -> Zoom Video Communications, Inc.)
FirewallRules: [{7BCF03C9-86FC-4BFF-B88D-B2A4FDD51DE7}] => (Allow) C:\Users\baile\AppData\Roaming\Zoom\bin\airhost.exe => No File
FirewallRules: [{5AEB08F6-1C0B-4A4B-A8FF-5F4FAA13B07E}] => (Allow) C:\Users\baile\AppData\Roaming\Zoom\bin\airhost.exe => No File
FirewallRules: [{4765E7B2-E045-474A-99DF-C6F971C7A6CC}] => (Allow) C:\Users\baile\New folder\bin\cef\cef.win7x64\steamwebhelper.exe (Valve -> Valve Corporation)
FirewallRules: [{E063C019-70C6-42D0-BE28-D7378F0FB7B2}] => (Allow) C:\Users\baile\New folder\bin\cef\cef.win7x64\steamwebhelper.exe (Valve -> Valve Corporation)
FirewallRules: [{B9A21285-F63E-47F8-82D6-F4B65D670A26}] => (Allow) C:\Users\baile\AppData\Local\Temp\7zS55EB\HPDiagnosticCoreUI.exe => No File
FirewallRules: [{729625C7-D1C6-4748-99F8-A1C988A69C5D}] => (Allow) C:\Users\baile\AppData\Local\Temp\7zS55EB\HPDiagnosticCoreUI.exe => No File
FirewallRules: [{5A2E9522-BC99-433F-AE07-12284CC5496A}] => (Allow) C:\Users\baile\Downloads\iTunes.exe (Apple Inc. -> Apple Inc.)
FirewallRules: [{7F47A809-E9D9-4151-A1D7-42CF484F58FB}] => (Allow) C:\Users\baile\AppData\Local\Temp\7zS24EB\HPDiagnosticCoreUI.exe => No File
FirewallRules: [{11ED6C43-1D20-42D9-9098-98883A44C353}] => (Allow) C:\Users\baile\AppData\Local\Temp\7zS24EB\HPDiagnosticCoreUI.exe => No File
FirewallRules: [{3DCEE9B3-CCED-434E-B228-53E643B35785}] => (Allow) C:\Users\baile\AppData\Local\Temp\7zS21AA\HPDiagnosticCoreUI.exe => No File
FirewallRules: [{57A1CEDB-9A69-42D6-B986-5288B604C51F}] => (Allow) C:\Users\baile\AppData\Local\Temp\7zS21AA\HPDiagnosticCoreUI.exe => No File
FirewallRules: [{6D052F5E-A43F-4219-9399-D83AF6C0EC20}] => (Allow) C:\Users\baile\AppData\Local\Temp\7zS6D7D\HPDiagnosticCoreUI.exe => No File
FirewallRules: [{A57E59F3-37DD-4BC4-BD0D-CA4861594D14}] => (Allow) C:\Users\baile\AppData\Local\Temp\7zS6D7D\HPDiagnosticCoreUI.exe => No File
FirewallRules: [{3C50D189-BE36-4E84-9B49-16F1565345D5}] => (Allow) C:\Users\baile\AppData\Local\Temp\7zS7CE5\HPDiagnosticCoreUI.exe (HP Inc. -> HPDC LP)
FirewallRules: [{3D1EF359-1690-41E9-9DA7-380660E6D699}] => (Allow) C:\Users\baile\AppData\Local\Temp\7zS7CE5\HPDiagnosticCoreUI.exe (HP Inc. -> HPDC LP)
FirewallRules: [{E24BEBF0-7961-4468-8B36-B43B30E892DA}] => (Allow) C:\Program Files\WindowsApps\Microsoft.SkypeApp_15.78.159.0_x86__kzf8qxf38zg5c\Skype\Skype.exe (Skype Software Sarl -> Skype Technologies S.A.)
FirewallRules: [{109682B1-CB8C-4DC1-AA4F-97C5920A01F5}] => (Allow) C:\Program Files\WindowsApps\Microsoft.SkypeApp_15.78.159.0_x86__kzf8qxf38zg5c\Skype\Skype.exe (Skype Software Sarl -> Skype Technologies S.A.)
FirewallRules: [{B01CC7BF-461C-4973-A65D-0DD1B8E89769}] => (Allow) C:\Program Files\WindowsApps\Microsoft.SkypeApp_15.78.159.0_x86__kzf8qxf38zg5c\Skype\Skype.exe (Skype Software Sarl -> Skype Technologies S.A.)
FirewallRules: [{F9164E6F-39EE-4E35-81D9-067E432681A2}] => (Allow) C:\Program Files\WindowsApps\Microsoft.SkypeApp_15.78.159.0_x86__kzf8qxf38zg5c\Skype\Skype.exe (Skype Software Sarl -> Skype Technologies S.A.)
FirewallRules: [{295D0A1D-BF67-4485-8A2C-696C625C6FD5}] => (Allow) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google LLC -> Google LLC)
FirewallRules: [{C8397B83-63B2-454C-A613-5C9FC72F3C3C}] => (Allow) C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.173.517.0_x86__zpdnekdrzrea0\Spotify.exe (Spotify AB -> Spotify Ltd)
FirewallRules: [{BAD8CBE0-42DE-4048-A44E-75645C494D20}] => (Allow) C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.173.517.0_x86__zpdnekdrzrea0\Spotify.exe (Spotify AB -> Spotify Ltd)
FirewallRules: [{22117095-6DD3-4BCD-A7A5-5B915E0F5875}] => (Allow) C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.173.517.0_x86__zpdnekdrzrea0\Spotify.exe (Spotify AB -> Spotify Ltd)
FirewallRules: [{A904CBDE-DB1A-4FDC-B194-16FE6E6785F0}] => (Allow) C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.173.517.0_x86__zpdnekdrzrea0\Spotify.exe (Spotify AB -> Spotify Ltd)
FirewallRules: [{87186114-5705-4BB8-9F4D-22A0BDE5453E}] => (Allow) C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.173.517.0_x86__zpdnekdrzrea0\Spotify.exe (Spotify AB -> Spotify Ltd)
FirewallRules: [{5031472B-E669-4227-A608-1A0D4EFCBDF0}] => (Allow) C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.173.517.0_x86__zpdnekdrzrea0\Spotify.exe (Spotify AB -> Spotify Ltd)
FirewallRules: [{B247D1C0-8D69-4620-9530-BBE6EC14CA12}] => (Allow) C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.173.517.0_x86__zpdnekdrzrea0\Spotify.exe (Spotify AB -> Spotify Ltd)
FirewallRules: [{AF222F92-229C-422A-A80F-64C3E7F87B52}] => (Allow) C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.173.517.0_x86__zpdnekdrzrea0\Spotify.exe (Spotify AB -> Spotify Ltd)
FirewallRules: [{57382B5D-78B2-4D71-A607-7BC55AB1DC39}] => (Allow) C:\ProgramData\Logishrd\LogiOptions\Software\Current\LogiOptionsMgr.EXE (Logitech Inc -> Logitech, Inc.)

==================== Restore Points =========================

12-11-2021 14:54:20 Windows Modules Installer
19-11-2021 19:00:20 Scheduled Checkpoint
20-11-2021 02:42:31 AdwCleaner_BeforeCleaning_20/11/2021_02:42:31
28-11-2021 19:30:29 Scheduled Checkpoint
29-11-2021 17:45:27 Windows Modules Installer
30-11-2021 05:32:05 Installed Windows PC Health Check

==================== Faulty Device Manager Devices ============

==================== Event log errors: ========================

Application errors:
==================
Error: (12/01/2021 02:17:21 AM) (Source: SecurityCenter) (EventID: 16) (User: )
Description: Error while updating status to SECURITY_PRODUCT_STATE_ON.

Error: (12/01/2021 02:17:16 AM) (Source: SecurityCenter) (EventID: 16) (User: )
Description: Error while updating status to SECURITY_PRODUCT_STATE_ON.

Error: (12/01/2021 02:17:11 AM) (Source: SecurityCenter) (EventID: 16) (User: )
Description: Error while updating status to SECURITY_PRODUCT_STATE_ON.

Error: (12/01/2021 02:17:06 AM) (Source: SecurityCenter) (EventID: 16) (User: )
Description: Error while updating status to SECURITY_PRODUCT_STATE_ON.

Error: (12/01/2021 02:17:01 AM) (Source: SecurityCenter) (EventID: 16) (User: )
Description: Error while updating status to SECURITY_PRODUCT_STATE_ON.

Error: (12/01/2021 02:16:56 AM) (Source: SecurityCenter) (EventID: 16) (User: )
Description: Error while updating status to SECURITY_PRODUCT_STATE_ON.

Error: (12/01/2021 02:16:51 AM) (Source: SecurityCenter) (EventID: 16) (User: )
Description: Error while updating status to SECURITY_PRODUCT_STATE_ON.

Error: (12/01/2021 02:16:46 AM) (Source: SecurityCenter) (EventID: 16) (User: )
Description: Error while updating status to SECURITY_PRODUCT_STATE_ON.

System errors:
=============
Error: (12/01/2021 02:23:16 AM) (Source: DCOM) (EventID: 10010) (User: YOGA720-15IKB)
Description: The server {2593F8B9-4EAF-457C-B68A-50F6B8EA6B54} did not register with DCOM within the required timeout.

Error: (12/01/2021 02:23:16 AM) (Source: DCOM) (EventID: 10010) (User: YOGA720-15IKB)
Description: The server {2593F8B9-4EAF-457C-B68A-50F6B8EA6B54} did not register with DCOM within the required timeout.

Error: (12/01/2021 02:23:16 AM) (Source: DCOM) (EventID: 10010) (User: YOGA720-15IKB)
Description: The server {2593F8B9-4EAF-457C-B68A-50F6B8EA6B54} did not register with DCOM within the required timeout.

Error: (12/01/2021 02:23:16 AM) (Source: DCOM) (EventID: 10010) (User: YOGA720-15IKB)
Description: The server {2593F8B9-4EAF-457C-B68A-50F6B8EA6B54} did not register with DCOM within the required timeout.

Error: (12/01/2021 02:23:15 AM) (Source: DCOM) (EventID: 10010) (User: YOGA720-15IKB)
Description: The server {2593F8B9-4EAF-457C-B68A-50F6B8EA6B54} did not register with DCOM within the required timeout.

Error: (12/01/2021 02:23:15 AM) (Source: DCOM) (EventID: 10010) (User: YOGA720-15IKB)
Description: The server {2593F8B9-4EAF-457C-B68A-50F6B8EA6B54} did not register with DCOM within the required timeout.

Error: (12/01/2021 02:07:30 AM) (Source: DCOM) (EventID: 10010) (User: YOGA720-15IKB)
Description: The server {2593F8B9-4EAF-457C-B68A-50F6B8EA6B54} did not register with DCOM within the required timeout.

Error: (11/30/2021 05:40:16 AM) (Source: DCOM) (EventID: 10010) (User: YOGA720-15IKB)
Description: The server {2593F8B9-4EAF-457C-B68A-50F6B8EA6B54} did not register with DCOM within the required timeout.

Windows Defender:
================
Date: 2021-12-01 20:40:23
Description:
Microsoft Defender Antivirus scan has been stopped before completion.
Scan Type: Antimalware
Scan Parameters: Quick Scan

Date: 2021-11-29 19:05:47
Description:
Microsoft Defender Antivirus scan has been stopped before completion.
Scan Type: Antimalware
Scan Parameters: Quick Scan

Date: 2021-11-29 17:45:15
Description:
Microsoft Defender Antivirus scan has been stopped before completion.
Scan Type: Antimalware
Scan Parameters: Quick Scan

Date: 2021-11-28 16:53:02
Description:
Microsoft Defender Antivirus scan has been stopped before completion.
Scan Type: Antimalware
Scan Parameters: Quick Scan

Date: 2021-11-27 14:57:59
Description:
Microsoft Defender Antivirus scan has been stopped before completion.
Scan Type: Antimalware
Scan Parameters: Quick Scan
Event[0]:

Date: 2021-11-24 00:44:29
Description:
Microsoft Defender Antivirus Real-Time Protection feature has encountered an error and failed.
Feature: Behavior Monitoring
Error Code: 0x80004005
Error description: Unspecified error
Reason: The filter driver requires an up-to-date engine in order to function. You must install the latest security intelligence updates in order to enable real-time protection.

Date: 2021-11-23 13:26:03
Description:
Microsoft Defender Antivirus Real-Time Protection feature has encountered an error and failed.
Feature: Behavior Monitoring
Error Code: 0x80004005
Error description: Unspecified error
Reason: Antimalware security intelligence has stopped functioning for an unknown reason. In some instances, restarting the service may resolve the problem.

Date: 2021-11-23 13:25:58
Description:
Microsoft Defender Antivirus Real-Time Protection feature has encountered an error and failed.
Feature: Behavior Monitoring
Error Code: 0x80004005
Error description: Unspecified error
Reason: Real-time protection has stopped functioning for an unknown reason. Restart the service in order to recover.

CodeIntegrity:
===============
Date: 2021-05-26 02:58:15
Description:
Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume3\Windows\System32\WindowManagementAPI.dll because the set of per-page image hashes could not be found on the system.

Date: 2020-09-27 21:49:42
Description:
Windows is unable to verify the image integrity of the file \Device\HarddiskVolume3\Windows\System32\drivers\afunix.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

Date: 2020-09-27 21:49:41
Description:
Windows is unable to verify the image integrity of the file \Device\HarddiskVolume3\Windows\System32\drivers\WdiWiFi.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

Date: 2020-09-27 21:49:41
Description:
Windows is unable to verify the image integrity of the file \Device\HarddiskVolume3\Windows\System32\drivers\BTHUSB.SYS because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

Date: 2020-09-06 02:43:43
Description:
Code Integrity determined that a process (\Device\HarddiskVolume3\Program Files (x86)\Microsoft\Edge\Application\msedge.exe) attempted to load \Device\HarddiskVolume3\Program Files\Malwarebytes\Anti-Malware\mbae64.dll that did not meet the Microsoft signing level requirements.

==================== Memory info ===========================

BIOS: LENOVO 4MCN33WW(V2.05) 07/19/2018
Motherboard: LENOVO LNVNB161216
Processor: Intel(R) Core(TM) i7-7700HQ CPU @ 2.80GHz
Percentage of memory in use: 67%
Total physical RAM: 8050.39 MB
Available physical RAM: 2631.77 MB
Total Virtual: 11122.39 MB
Available Virtual: 3408.78 MB

==================== Drives ================================

Drive c: (Windows) (Fixed) (Total:212.23 GB) (Free:63.73 GB) NTFS
Drive d: (LENOVO) (Fixed) (Total:25 GB) (Free:12.17 GB) NTFS

\\?\Volume{f502dc90-57ed-4a7b-a2e2-fa55f122b281}\ (WINRE_DRV) (Fixed) (Total:0.98 GB) (Free:0.47 GB) NTFS
\\?\Volume{d43090cd-ee40-4e84-a945-39394c9839b4}\ (SYSTEM_DRV) (Fixed) (Total:0.25 GB) (Free:0.22 GB) FAT32

==================== MBR & Partition Table ====================

==========================================================
Disk: 0 (Size: 238.5 GB) (Disk ID: A3FF1E49)

Partition: GPT.

==================== End of Addition.txt =======================
 
#4 ·
Hi, sportsmom.

Adhere to the guidelines below, and then carefully follow, with the same order, all the instructions after:

1. Always ask before acting. Do not continue if you are not sure, or if something unexpected happens!

2. Do not run any tools unless instructed to do so. Also, do not uninstall or install any software during the procedure, unless I ask you to do so.

3. If your computer seems to start working normally, don't abandon the topic. Even if your system is behaving normally, there may still be some malware remnants left over. Additionally, malware can re-infect the computer if some remnants are left. Therefore, please complete all requested steps to make sure any malware is successfully eradicated from your PC.

4. You have to reply to my posts within 3 days. If you need some additional time, just let me know. Otherwise, I will leave the topic due to lack of feedback. If you are able, I would request you to check this thread at least once per day so that we can resolve your issues effectively and efficiently.

5. Logs from malware diagnostic or removal programs can take some time to get analyzed. Also, have in mind that all the experts here are volunteers and may not be available to assist when you post. Please, be patient, while I analyze your logs.

====================

My first comments regarding your logs:

There is no sign of an active infection in the computer. Let's start with these steps, in order to do some tidiness.

1. Uninstall programs

The following programs were possibly pre-installed when you bought the computer. If you don't really need them, please uninstall them:

Lenovo Migration Assistant
Lenovo Vantage Service
Lenovo Yoga Mode Control

If you uninstall them, make sure to restart the computer at the end of the procedure.

2. FRST fix

Please do the following to run a FRST fix.

NOTICE: This script was written specifically for this user. Running it on another machine may cause damage to your operating system
  • Please select the entire contents of the code box below, from the "Start::" line to "End::", including both lines. Right-click and select "Copy ". No need to paste anything to anywhere.
Code:
Start::
CreateRestorePoint:
CloseProcesses:
SearchScopes: HKU\S-1-5-21-260720292-2504253849-2348319339-1001 -> DefaultScope {D4DBA3E0-BA8B-43C2-9BDB-2CD84DB0CF9F} URL =
SearchScopes: HKU\S-1-5-21-260720292-2504253849-2348319339-1001 -> {D4DBA3E0-BA8B-43C2-9BDB-2CD84DB0CF9F} URL =
FirewallRules: [{79DACE7C-7FD1-4534-8DB6-A4C01272E426}] => (Allow) C:\Users\baile\AppData\Local\Temp\7zS6307\HPDiagnosticCoreUI.exe => No File
FirewallRules: [{B90D8F06-67FB-438F-BB03-1F9B0BE888D6}] => (Allow) C:\Users\baile\AppData\Local\Temp\7zS6307\HPDiagnosticCoreUI.exe => No File
FirewallRules: [{FBAB87EB-3143-438F-A499-4B2B87274C23}] => (Allow) C:\Users\baile\New folder\bin\cef\cef.win7\steamwebhelper.exe => No File
FirewallRules: [{9855952E-5160-4906-86E7-81AC8D76D02F}] => (Allow) C:\Users\baile\New folder\bin\cef\cef.win7\steamwebhelper.exe => No File
FirewallRules: [{5AEB08F6-1C0B-4A4B-A8FF-5F4FAA13B07E}] => (Allow) C:\Users\baile\AppData\Roaming\Zoom\bin\airhost.exe => No File
FirewallRules: [{B9A21285-F63E-47F8-82D6-F4B65D670A26}] => (Allow) C:\Users\baile\AppData\Local\Temp\7zS55EB\HPDiagnosticCoreUI.exe => No File
FirewallRules: [{729625C7-D1C6-4748-99F8-A1C988A69C5D}] => (Allow) C:\Users\baile\AppData\Local\Temp\7zS55EB\HPDiagnosticCoreUI.exe => No File
FirewallRules: [{7F47A809-E9D9-4151-A1D7-42CF484F58FB}] => (Allow) C:\Users\baile\AppData\Local\Temp\7zS24EB\HPDiagnosticCoreUI.exe => No File
FirewallRules: [{11ED6C43-1D20-42D9-9098-98883A44C353}] => (Allow) C:\Users\baile\AppData\Local\Temp\7zS24EB\HPDiagnosticCoreUI.exe => No File
FirewallRules: [{3DCEE9B3-CCED-434E-B228-53E643B35785}] => (Allow) C:\Users\baile\AppData\Local\Temp\7zS21AA\HPDiagnosticCoreUI.exe => No File
FirewallRules: [{57A1CEDB-9A69-42D6-B986-5288B604C51F}] => (Allow) C:\Users\baile\AppData\Local\Temp\7zS21AA\HPDiagnosticCoreUI.exe => No File
FirewallRules: [{6D052F5E-A43F-4219-9399-D83AF6C0EC20}] => (Allow) C:\Users\baile\AppData\Local\Temp\7zS6D7D\HPDiagnosticCoreUI.exe => No File
FirewallRules: [{A57E59F3-37DD-4BC4-BD0D-CA4861594D14}] => (Allow) C:\Users\baile\AppData\Local\Temp\7zS6D7D\HPDiagnosticCoreUI.exe => No File
Task: {35CAA328-CAF4-45D0-861D-C51C75003317} - System32\Tasks\EOSv3 Scheduler onTime => C:\Users\baile\Desktop\esetonlinescanner_enu.exe SCHED (No File)
Task: {3E154EAE-7138-4F19-9F37-D9157CEBB0E1} - System32\Tasks\Kaspersky_Upgrade_{E7FE8BD6-07C8-4138-AB61-92AA886397EA} => C:\Program Files\Common Files\AV\Kaspersky Anti-Virus\upgrade.exe /scheduledStart (No File)
Task: {4203DD3A-E54A-4B39-8EA5-4221F09A10C2} - \Lenovo\ImController\Plugins\LenovoSystemUpdatePlugin_WeeklyTask -> No File <==== ATTENTION
Task: {75FC977E-C869-4B08-9988-563190B5B43B} - \Lenovo\ImController\Lenovo iM Controller Scheduled Maintenance -> No File <==== ATTENTION
Task: {803F7B91-5F41-4098-AA84-63C57968A1CA} - System32\Tasks\TVT\TVSUUpdateTask => C:\Program Files (x86)\Lenovo\System Update\tvsuShim.exe /CM -search R -action INSTALL -includerebootpackages 1,3,4 -noicon -noreboot -nolicense -defaultupdate -schtask (No File)
Task: {854037A7-409A-4E7E-8839-B64D9DD70321} - System32\Tasks\Antivirus Emergency Update => C:\Program Files (x86)\AVG\Antivirus\AvEmUpdate.exe (No File)
Task: {8C821A8B-B520-4EF5-9D53-D66DDE610A8F} - System32\Tasks\TVT\TVSUUpdateTask_UserLogOn => C:\Program Files (x86)\Lenovo\System Update\tvsuShim.exe PendingTask (No File)
Task: {A50783FA-E77E-4EC5-A69E-CE0ED433B888} - System32\Tasks\EOSv3 Scheduler onLogOn => C:\Users\baile\Desktop\esetonlinescanner_enu.exe LOGON (No File)
Task: {BDC5B506-7DF0-4127-BEE1-7C98924A29A4} - System32\Tasks\Lenovo\BatteryGauge\BatteryGaugeMaintenance => C:\ProgramData\Lenovo\ImController\Plugins\LenovoBatteryGaugePackage\x64\BGHelper.exe (No File)
Task: {D16B6888-B74A-4AAC-976A-1D2AFE5D16E3} - \Lenovo\ImController\Lenovo iM Controller Monitor -> No File <==== ATTENTION
Task: {F60FFFC9-E623-4E0B-A0DA-769D93A59936} - System32\Tasks\Adobe Uninstaller => C:\Program Files (x86)\Adobe\Adobe Creative Cloud\ACC\Creative Cloud.exe --sapCode=PHSP --productVersion=20.0.1 --productPlatform=win64 --appletID=AppsPanel_BL --appletVersion=1.0 --appMode=Uninstall (No File)
Task: {FD7E4D41-F141-40D9-AAB5-790B1C8CF50E} - System32\Tasks\AVG\Overseer => C:\Program Files\Common Files\AVG\Overseer\overseer.exe /from_scheduler:1 (No File)
Edge Extension: (No Name) -> AutoFormFill_5ED10D46BD7E47DEB1F3685D2C0FCE08 => C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\Assets\HostExtensions\AutoFormFill [not found]
Edge Extension: (No Name) -> BookReader_B171F20233094AC88D05A8EF7B9763E8 => C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\Assets\BookViewer [not found]
Edge Extension: (No Name) -> hdokiejnpimakedhajhdlcegeplioahd_LastPassLastPassFreePasswordManager_qq0fmhteeht3j => C:\Program Files\WindowsApps\LastPass.LastPassFreePasswordManager_4.49.0.0_neutral__qq0fmhteeht3j [not found]
Edge Extension: (No Name) -> LearningTools_7706F933-971C-41D1-9899-8A026EB5D824 => C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\Assets\HostExtensions\LearningTools [not found]
Edge Extension: (No Name) -> PinJSAPI_EC01B57063BE468FAB6DB7EBFC3BF368 => C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\Assets\HostExtensions\PinJSAPI [not found]
Edge StartupUrls: Default -> "hxxps://us.search.yahoo.com/yhs/web?hspart=omr&hsimp=yhs-001&type=88fptxqjxp1acegikmwv4003219&param1=y6bdVFVIsvuYsgEClQfz8Gt8Oby4iBdjLq7%2Fysk4Phe5sV980wpeWqTlm5o9JII7iwwCvodvHVmpLIImL8j7rfbdJPlUwIIjqsZs2SjQQqCJvjS%2FQWY7KMbX%2FIbp9XkODOpZ1gnHRs3GPSypa6phnT6z2I1QoBwvRV%2FZDyyoVAPPPUsCDpVGq%2BpJ8sRZ0c7vOtazvH%2FdN4JThvEz%2B3sI%2BQIXutpSjLkz26%2BjMooTs0HZK%2FprPDR%2FVhBGYy41OTdWRLZ1nxtk9tzcE5AP%2Bso8ZX6rWFU6IgCN2KGbkqMOTzHtLQ6MgRDwf7aT8P66GsUbwrq9Mk7vfQzO8tvlB5sDEg%2F6d6juo%2F7hR5zLtsx3AxbWbHpmwcF7OSyZyPwkQyZejStlfM1yVRFc9JqPkXOpuA%3D%3D"
CHR HKLM-x32\...\Chrome\Extension: [mbckjcfnjmoiinpgddefodcighgikkgn]
2019-08-16 18:02 - 2019-08-16 18:02 - 000000000 _____ () C:\Users\baile\AppData\Local\BITCC06.tmp
2019-08-16 18:02 - 2019-08-16 18:02 - 000000000 _____ () C:\Users\baile\AppData\Local\BITCC36.tmp
CMD: DISM /Online /Cleanup-Image /RestoreHealth
CMD: SFC /scannow
EmptyTemp:
End::
  • Please right-click on FRST64 on your Desktop, to run it as administrator. When the tool opens, click "yes" to the disclaimer.
  • Press the Fix button once and wait.
  • FRST will process fixlist.txt
  • When finished, it will produce a log fixlog.txt on your Desktop.
  • Please post the log in your next reply.

3. Run AdwCleaner (Scan mode)

Download AdwCleaner and save it to your desktop.
  • Double click AdwCleaner.exe to run it.
  • Click Scan Now.
    • When the scan has finished, a Scan Results window will open.
    • Click Cancel (at this point do not attempt to Quarantine anything that is found)
  • Now click the Log Filestab.
    • Double click on the latest scan log (Scan logs have a [S0*] suffix, where * is replaced by a number. The latest scan will have the largest number)
    • A Notepad file will open containing the results of the scan.
    • Please post the contents of the file in your next reply.

4. Run Malwarebytes (Scan mode)
  • Open Malware you have already installed.
  • Click the little gear on the top right (Settings) and when it opens, click the Security tab and make sure about the following:
    Code:
    Under the title Scan Options, ALL the options are checked.
    Under the title Windows Security Center (Premium only) the option is NOT checked.
    Under the title Potentially unwanted items all options are set to Always.
  • Click on the little gear to return to the main menu and select Scan. The program will start scanning your computer. This may take about 10 minutes, but in some cases it may be take longer.
  • When finished, you will see the Threat Scan Summary window open.
If threats are not found, click View Report and proceed to the two last steps below.

If threats are found, make sure that all threats are not selected, close the program and proceed to the next steps below.
  • Open Malwarebytes again, click on the Scanner, and then on the Reports tab.
  • Find the report with the most recent date and double click on it.
  • Click on Export and then Copy to Clipboard.
  • Paste its content here, in your next reply.

In your next reply, please post:
  1. A reply if you uninstalled the Lenovo programs
  2. The fixlog.txt
  3. The AdwCleaner[S0*].txt
  4. The Malwarebytes report
 
#6 ·
# -------------------------------
# Malwarebytes AdwCleaner 8.3.1.0
# -------------------------------
# Build: 11-18-2021
# Database: 2021-12-02.1 (Cloud)
# Support: https://www.malwarebytes.com/support
#
# -------------------------------
# Mode: Scan
# -------------------------------
# Start: 12-04-2021
# Duration: 00:00:08
# OS: Windows 10 Home
# Scanned: 32021
# Detected: 2

***** [ Services ] *****

No malicious services found.

***** [ Folders ] *****

No malicious folders found.

***** [ Files ] *****

No malicious files found.

***** [ DLL ] *****

No malicious DLLs found.

***** [ WMI ] *****

No malicious WMI found.

***** [ Shortcuts ] *****

No malicious shortcuts found.

***** [ Tasks ] *****

No malicious tasks found.

***** [ Registry ] *****

No malicious registry entries found.

***** [ Chromium (and derivatives) ] *****

No malicious Chromium entries found.

***** [ Chromium URLs ] *****

No malicious Chromium URLs found.

***** [ Firefox (and derivatives) ] *****

No malicious Firefox entries found.

***** [ Firefox URLs ] *****

No malicious Firefox URLs found.

***** [ Hosts File Entries ] *****

No malicious hosts file entries found.

***** [ Preinstalled Software ] *****

Preinstalled.LenovoIMController Folder C:\ProgramData\LENOVO\IMCONTROLLER
Preinstalled.LenovoIMController Folder C:\Windows\LENOVO\IMCONTROLLER

AdwCleaner_Debug.log - [406222 octets] - [14/11/2019 02:07:22]
AdwCleaner[S00].txt - [1388 octets] - [14/11/2019 02:07:42]
AdwCleaner[C00].txt - [1576 octets] - [14/11/2019 02:08:01]
AdwCleaner[S01].txt - [1511 octets] - [16/11/2019 15:46:51]
AdwCleaner[C01].txt - [1699 octets] - [16/11/2019 15:47:00]
AdwCleaner[S02].txt - [1633 octets] - [16/11/2019 17:10:20]
AdwCleaner[S03].txt - [1694 octets] - [17/11/2019 01:02:06]
AdwCleaner[C03].txt - [1882 octets] - [17/11/2019 01:02:20]
AdwCleaner[S04].txt - [1816 octets] - [22/11/2019 15:52:44]
AdwCleaner[C04].txt - [2004 octets] - [22/11/2019 19:37:57]
AdwCleaner[S05].txt - [1981 octets] - [26/11/2019 16:47:36]
AdwCleaner[C05].txt - [2149 octets] - [26/11/2019 16:47:58]
AdwCleaner[S06].txt - [2060 octets] - [27/11/2019 18:34:45]
AdwCleaner[C06].txt - [2248 octets] - [27/11/2019 19:09:57]
AdwCleaner[S07].txt - [2182 octets] - [29/11/2019 14:19:30]
AdwCleaner[C07].txt - [2370 octets] - [29/11/2019 14:20:14]
AdwCleaner[S08].txt - [2304 octets] - [02/12/2019 19:27:50]
AdwCleaner[S09].txt - [2365 octets] - [11/12/2019 16:12:44]
AdwCleaner[C09].txt - [2553 octets] - [11/12/2019 16:12:54]
AdwCleaner[S10].txt - [2487 octets] - [13/12/2019 22:28:22]
AdwCleaner[S11].txt - [2548 octets] - [19/12/2019 00:02:39]
AdwCleaner[S12].txt - [2609 octets] - [26/12/2019 16:17:49]
AdwCleaner[S13].txt - [2670 octets] - [08/01/2020 23:23:12]
AdwCleaner[C13].txt - [2858 octets] - [08/01/2020 23:23:22]
AdwCleaner[S14].txt - [3205 octets] - [13/01/2020 04:37:35]
AdwCleaner[C14].txt - [3355 octets] - [13/01/2020 04:39:50]
AdwCleaner[S15].txt - [2994 octets] - [10/02/2020 05:11:01]
AdwCleaner[S16].txt - [3055 octets] - [11/02/2020 05:51:10]
AdwCleaner[C16].txt - [3245 octets] - [11/02/2020 05:51:19]
AdwCleaner[S17].txt - [3177 octets] - [14/02/2020 15:18:29]
AdwCleaner[S18].txt - [3238 octets] - [20/02/2020 04:02:12]
AdwCleaner[S19].txt - [3299 octets] - [22/02/2020 09:50:36]
AdwCleaner[C19].txt - [3489 octets] - [22/02/2020 09:50:58]
AdwCleaner[S20].txt - [3421 octets] - [24/02/2020 05:06:12]
AdwCleaner[S21].txt - [3482 octets] - [24/02/2020 17:23:21]
AdwCleaner[S22].txt - [3543 octets] - [13/03/2020 19:58:29]
AdwCleaner[C22].txt - [3733 octets] - [13/03/2020 19:58:44]
AdwCleaner[S23].txt - [3665 octets] - [24/03/2020 02:42:27]
AdwCleaner[S24].txt - [3726 octets] - [07/04/2020 03:18:20]
AdwCleaner[C24].txt - [3916 octets] - [07/04/2020 03:21:34]
AdwCleaner[S25].txt - [3848 octets] - [05/05/2020 02:12:43]
AdwCleaner[C25].txt - [4038 octets] - [05/05/2020 02:13:36]
AdwCleaner[S26].txt - [3970 octets] - [08/05/2020 01:32:57]
AdwCleaner[S27].txt - [4031 octets] - [10/05/2020 01:34:37]
AdwCleaner[S28].txt - [4092 octets] - [12/05/2020 01:29:37]
AdwCleaner[S29].txt - [4153 octets] - [22/05/2020 23:00:19]
AdwCleaner[S30].txt - [4214 octets] - [05/06/2020 04:18:07]
AdwCleaner[S31].txt - [4275 octets] - [12/06/2020 00:52:10]
AdwCleaner[S32].txt - [4336 octets] - [15/06/2020 00:38:19]
AdwCleaner[S33].txt - [5188 octets] - [29/06/2020 02:36:13]
AdwCleaner[C33].txt - [5367 octets] - [29/06/2020 16:44:06]
AdwCleaner[S34].txt - [4519 octets] - [09/07/2020 03:35:12]
AdwCleaner[C34].txt - [4709 octets] - [09/07/2020 03:35:26]
AdwCleaner[S35].txt - [4641 octets] - [18/07/2020 14:21:40]
AdwCleaner[C35].txt - [4831 octets] - [18/07/2020 14:21:52]
AdwCleaner[S36].txt - [4763 octets] - [21/07/2020 15:02:31]
AdwCleaner[C36].txt - [4953 octets] - [21/07/2020 15:02:38]
AdwCleaner[S37].txt - [4885 octets] - [28/07/2020 12:43:44]
AdwCleaner[C37].txt - [5075 octets] - [28/07/2020 12:44:33]
AdwCleaner[S38].txt - [5007 octets] - [02/08/2020 04:24:52]
AdwCleaner[C38].txt - [5197 octets] - [02/08/2020 04:25:07]
AdwCleaner[S39].txt - [5352 octets] - [03/08/2020 01:59:14]
AdwCleaner[C39].txt - [5504 octets] - [03/08/2020 01:59:25]
AdwCleaner[S40].txt - [5251 octets] - [03/08/2020 13:31:31]
AdwCleaner[S41].txt - [5312 octets] - [03/08/2020 20:01:07]
AdwCleaner[C41].txt - [5502 octets] - [03/08/2020 20:01:22]
AdwCleaner[S42].txt - [5434 octets] - [04/08/2020 05:20:04]
AdwCleaner[S43].txt - [5950 octets] - [06/10/2020 03:42:13]
AdwCleaner[C43].txt - [6203 octets] - [06/10/2020 03:43:10]
AdwCleaner[S44].txt - [5925 octets] - [11/10/2020 03:57:22]
AdwCleaner[S45].txt - [5986 octets] - [11/10/2020 03:58:07]
AdwCleaner[C45].txt - [6226 octets] - [11/10/2020 03:58:35]
AdwCleaner[S46].txt - [5800 octets] - [17/10/2020 06:02:56]
AdwCleaner[C46].txt - [5990 octets] - [17/10/2020 06:04:44]
AdwCleaner[S47].txt - [5922 octets] - [26/10/2020 05:08:28]
AdwCleaner[C47].txt - [6112 octets] - [26/10/2020 20:47:14]
AdwCleaner[S48].txt - [6044 octets] - [29/10/2020 02:59:58]
AdwCleaner[C48].txt - [6234 octets] - [29/10/2020 12:59:33]
AdwCleaner[S49].txt - [6621 octets] - [03/11/2020 04:50:40]
AdwCleaner[S50].txt - [6682 octets] - [18/11/2020 02:06:54]
AdwCleaner[C50].txt - [6935 octets] - [18/11/2020 19:34:28]
AdwCleaner[S51].txt - [6657 octets] - [26/11/2020 02:29:45]
AdwCleaner[S52].txt - [6718 octets] - [07/12/2020 02:58:05]
AdwCleaner[C52].txt - [6958 octets] - [07/12/2020 02:58:27]
AdwCleaner[S53].txt - [6532 octets] - [07/12/2020 13:02:51]
AdwCleaner[C53].txt - [6722 octets] - [07/12/2020 13:02:58]
AdwCleaner[S54].txt - [6654 octets] - [13/12/2020 04:37:06]
AdwCleaner[C54].txt - [6844 octets] - [13/12/2020 14:47:02]
AdwCleaner[S55].txt - [6777 octets] - [22/12/2020 04:02:12]
AdwCleaner[C55].txt - [6967 octets] - [22/12/2020 04:06:03]
AdwCleaner[S56].txt - [6899 octets] - [07/01/2021 04:59:59]
AdwCleaner[S57].txt - [6960 octets] - [20/01/2021 14:31:13]
AdwCleaner[C57].txt - [7150 octets] - [20/01/2021 14:31:27]
AdwCleaner[S58].txt - [7081 octets] - [22/02/2021 04:56:47]
AdwCleaner[S59].txt - [7597 octets] - [09/03/2021 02:49:15]
AdwCleaner[C59].txt - [8093 octets] - [09/03/2021 02:49:45]
AdwCleaner[S60].txt - [7572 octets] - [17/03/2021 04:55:24]
AdwCleaner[C60].txt - [7813 octets] - [17/03/2021 04:55:52]
AdwCleaner[S61].txt - [7386 octets] - [25/03/2021 04:11:04]
AdwCleaner[C61].txt - [7577 octets] - [25/03/2021 04:11:21]
AdwCleaner[S62].txt - [7688 octets] - [03/04/2021 05:55:02]
AdwCleaner[C62].txt - [7840 octets] - [03/04/2021 05:55:11]
AdwCleaner[S63].txt - [7631 octets] - [10/04/2021 03:17:12]
AdwCleaner[S64].txt - [7692 octets] - [16/04/2021 04:34:30]
AdwCleaner[C64].txt - [7882 octets] - [16/04/2021 20:45:15]
AdwCleaner[S65].txt - [7814 octets] - [19/04/2021 05:00:41]
AdwCleaner[C65].txt - [8004 octets] - [19/04/2021 16:05:11]
AdwCleaner[S66].txt - [8391 octets] - [01/05/2021 05:20:44]
AdwCleaner[C66].txt - [8644 octets] - [01/05/2021 05:21:13]
AdwCleaner[S67].txt - [8058 octets] - [20/05/2021 04:37:53]
AdwCleaner[C67].txt - [8248 octets] - [20/05/2021 04:38:16]
AdwCleaner[S68].txt - [8180 octets] - [03/06/2021 03:48:23]
AdwCleaner[C68].txt - [8370 octets] - [03/06/2021 03:48:33]
AdwCleaner[S69].txt - [8302 octets] - [08/06/2021 04:29:54]
AdwCleaner[C69].txt - [8492 octets] - [08/06/2021 04:30:02]
AdwCleaner[S70].txt - [8424 octets] - [03/07/2021 00:54:42]
AdwCleaner[S71].txt - [8485 octets] - [10/07/2021 02:27:45]
AdwCleaner[C71].txt - [8675 octets] - [10/07/2021 02:27:51]
AdwCleaner[S72].txt - [8607 octets] - [22/07/2021 12:35:11]
AdwCleaner[S73].txt - [8668 octets] - [27/07/2021 02:05:43]
AdwCleaner[S74].txt - [9184 octets] - [25/08/2021 18:34:50]
AdwCleaner[C74].txt - [9679 octets] - [25/08/2021 18:36:04]
AdwCleaner[S75].txt - [9159 octets] - [06/10/2021 16:06:13]
AdwCleaner[C75].txt - [9573 octets] - [06/10/2021 19:25:02]
AdwCleaner[S76].txt - [9187 octets] - [15/10/2021 22:46:37]
AdwCleaner[C76].txt - [9588 octets] - [15/10/2021 22:47:05]
AdwCleaner[S77].txt - [9309 octets] - [20/11/2021 02:42:24]
AdwCleaner[C77].txt - [9710 octets] - [20/11/2021 02:42:43]
AdwCleaner[S78].txt - [9431 octets] - [28/11/2021 03:27:46]
AdwCleaner[C78].txt - [9832 octets] - [28/11/2021 06:28:09]
AdwCleaner[S79].txt - [9553 octets] - [01/12/2021 02:20:59]
AdwCleaner[S80].txt - [9614 octets] - [04/12/2021 04:39:31]
AdwCleaner[C80].txt - [10015 octets] - [04/12/2021 04:39:56]

########## EOF - C:\AdwCleaner\Logs\AdwCleaner[S81].txt ##########
 
#7 ·
I will wait for the other things I asked before give you new instructions.

Please, follow my instructions with the order I give them to you. Here, for example, I would like you to run FRST fix before running AdwCleaner.
 
#8 ·
Sorry I goofed and deleted the Fixlog, because I had posted the wrong date at first.

  1. A reply if you uninstalled the Lenovo programs Programs were Deleted.
  2. Fix result of Farbar Recovery Scan Tool (x64) Version: 01-12-2021
    Ran by bailey (04-12-2021 05:23:58) Run:7
    Running from C:\Users\baile\Desktop
    Loaded Profiles: bailey & supportaccount
    Boot Mode: Normal
    ==============================================

    fixlist content:
    *****************
    CreateRestorePoint:
    CloseProcesses:
    SearchScopes: HKU\S-1-5-21-260720292-2504253849-2348319339-1001 -> DefaultScope {D4DBA3E0-BA8B-43C2-9BDB-2CD84DB0CF9F} URL =
    SearchScopes: HKU\S-1-5-21-260720292-2504253849-2348319339-1001 -> {D4DBA3E0-BA8B-43C2-9BDB-2CD84DB0CF9F} URL =
    FirewallRules: [{79DACE7C-7FD1-4534-8DB6-A4C01272E426}] => (Allow) C:\Users\baile\AppData\Local\Temp\7zS6307\HPDiagnosticCoreUI.exe => No File
    FirewallRules: [{B90D8F06-67FB-438F-BB03-1F9B0BE888D6}] => (Allow) C:\Users\baile\AppData\Local\Temp\7zS6307\HPDiagnosticCoreUI.exe => No File
    FirewallRules: [{FBAB87EB-3143-438F-A499-4B2B87274C23}] => (Allow) C:\Users\baile\New folder\bin\cef\cef.win7\steamwebhelper.exe => No File
    FirewallRules: [{9855952E-5160-4906-86E7-81AC8D76D02F}] => (Allow) C:\Users\baile\New folder\bin\cef\cef.win7\steamwebhelper.exe => No File
    FirewallRules: [{5AEB08F6-1C0B-4A4B-A8FF-5F4FAA13B07E}] => (Allow) C:\Users\baile\AppData\Roaming\Zoom\bin\airhost.exe => No File
    FirewallRules: [{B9A21285-F63E-47F8-82D6-F4B65D670A26}] => (Allow) C:\Users\baile\AppData\Local\Temp\7zS55EB\HPDiagnosticCoreUI.exe => No File
    FirewallRules: [{729625C7-D1C6-4748-99F8-A1C988A69C5D}] => (Allow) C:\Users\baile\AppData\Local\Temp\7zS55EB\HPDiagnosticCoreUI.exe => No File
    FirewallRules: [{7F47A809-E9D9-4151-A1D7-42CF484F58FB}] => (Allow) C:\Users\baile\AppData\Local\Temp\7zS24EB\HPDiagnosticCoreUI.exe => No File
    FirewallRules: [{11ED6C43-1D20-42D9-9098-98883A44C353}] => (Allow) C:\Users\baile\AppData\Local\Temp\7zS24EB\HPDiagnosticCoreUI.exe => No File
    FirewallRules: [{3DCEE9B3-CCED-434E-B228-53E643B35785}] => (Allow) C:\Users\baile\AppData\Local\Temp\7zS21AA\HPDiagnosticCoreUI.exe => No File
    FirewallRules: [{57A1CEDB-9A69-42D6-B986-5288B604C51F}] => (Allow) C:\Users\baile\AppData\Local\Temp\7zS21AA\HPDiagnosticCoreUI.exe => No File
    FirewallRules: [{6D052F5E-A43F-4219-9399-D83AF6C0EC20}] => (Allow) C:\Users\baile\AppData\Local\Temp\7zS6D7D\HPDiagnosticCoreUI.exe => No File
    FirewallRules: [{A57E59F3-37DD-4BC4-BD0D-CA4861594D14}] => (Allow) C:\Users\baile\AppData\Local\Temp\7zS6D7D\HPDiagnosticCoreUI.exe => No File
    Task: {35CAA328-CAF4-45D0-861D-C51C75003317} - System32\Tasks\EOSv3 Scheduler onTime => C:\Users\baile\Desktop\esetonlinescanner_enu.exe SCHED (No File)
    Task: {3E154EAE-7138-4F19-9F37-D9157CEBB0E1} - System32\Tasks\Kaspersky_Upgrade_{E7FE8BD6-07C8-4138-AB61-92AA886397EA} => C:\Program Files\Common Files\AV\Kaspersky Anti-Virus\upgrade.exe /scheduledStart (No File)
    Task: {4203DD3A-E54A-4B39-8EA5-4221F09A10C2} - \Lenovo\ImController\Plugins\LenovoSystemUpdatePlugin_WeeklyTask -> No File <==== ATTENTION
    Task: {75FC977E-C869-4B08-9988-563190B5B43B} - \Lenovo\ImController\Lenovo iM Controller Scheduled Maintenance -> No File <==== ATTENTION
    Task: {803F7B91-5F41-4098-AA84-63C57968A1CA} - System32\Tasks\TVT\TVSUUpdateTask => C:\Program Files (x86)\Lenovo\System Update\tvsuShim.exe /CM -search R -action INSTALL -includerebootpackages 1,3,4 -noicon -noreboot -nolicense -defaultupdate -schtask (No File)
    Task: {854037A7-409A-4E7E-8839-B64D9DD70321} - System32\Tasks\Antivirus Emergency Update => C:\Program Files (x86)\AVG\Antivirus\AvEmUpdate.exe (No File)
    Task: {8C821A8B-B520-4EF5-9D53-D66DDE610A8F} - System32\Tasks\TVT\TVSUUpdateTask_UserLogOn => C:\Program Files (x86)\Lenovo\System Update\tvsuShim.exe PendingTask (No File)
    Task: {A50783FA-E77E-4EC5-A69E-CE0ED433B888} - System32\Tasks\EOSv3 Scheduler onLogOn => C:\Users\baile\Desktop\esetonlinescanner_enu.exe LOGON (No File)
    Task: {BDC5B506-7DF0-4127-BEE1-7C98924A29A4} - System32\Tasks\Lenovo\BatteryGauge\BatteryGaugeMaintenance => C:\ProgramData\Lenovo\ImController\Plugins\LenovoBatteryGaugePackage\x64\BGHelper.exe (No File)
    Task: {D16B6888-B74A-4AAC-976A-1D2AFE5D16E3} - \Lenovo\ImController\Lenovo iM Controller Monitor -> No File <==== ATTENTION
    Task: {F60FFFC9-E623-4E0B-A0DA-769D93A59936} - System32\Tasks\Adobe Uninstaller => C:\Program Files (x86)\Adobe\Adobe Creative Cloud\ACC\Creative Cloud.exe --sapCode=PHSP --productVersion=20.0.1 --productPlatform=win64 --appletID=AppsPanel_BL --appletVersion=1.0 --appMode=Uninstall (No File)
    Task: {FD7E4D41-F141-40D9-AAB5-790B1C8CF50E} - System32\Tasks\AVG\Overseer => C:\Program Files\Common Files\AVG\Overseer\overseer.exe /from_scheduler:1 (No File)
    Edge Extension: (No Name) -> AutoFormFill_5ED10D46BD7E47DEB1F3685D2C0FCE08 => C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\Assets\HostExtensions\AutoFormFill [not found]
    Edge Extension: (No Name) -> BookReader_B171F20233094AC88D05A8EF7B9763E8 => C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\Assets\BookViewer [not found]
    Edge Extension: (No Name) -> hdokiejnpimakedhajhdlcegeplioahd_LastPassLastPassFreePasswordManager_qq0fmhteeht3j => C:\Program Files\WindowsApps\LastPass.LastPassFreePasswordManager_4.49.0.0_neutral__qq0fmhteeht3j [not found]
    Edge Extension: (No Name) -> LearningTools_7706F933-971C-41D1-9899-8A026EB5D824 => C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\Assets\HostExtensions\LearningTools [not found]
    Edge Extension: (No Name) -> PinJSAPI_EC01B57063BE468FAB6DB7EBFC3BF368 => C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\Assets\HostExtensions\PinJSAPI [not found]
    Edge StartupUrls: Default -> "hxxps://us.search.yahoo.com/yhs/web?hspart=omr&hsimp=yhs-001&type=88fptxqjxp1acegikmwv4003219&param1=y6bdVFVIsvuYsgEClQfz8Gt8Oby4iBdjLq7%2Fysk4Phe5sV980wpeWqTlm5o9JII7iwwCvodvHVmpLIImL8j7rfbdJPlUwIIjqsZs2SjQQqCJvjS%2FQWY7KMbX%2FIbp9XkODOpZ1gnHRs3GPSypa6phnT6z2I1QoBwvRV%2FZDyyoVAPPPUsCDpVGq%2BpJ8sRZ0c7vOtazvH%2FdN4JThvEz%2B3sI%2BQIXutpSjLkz26%2BjMooTs0HZK%2FprPDR%2FVhBGYy41OTdWRLZ1nxtk9tzcE5AP%2Bso8ZX6rWFU6IgCN2KGbkqMOTzHtLQ6MgRDwf7aT8P66GsUbwrq9Mk7vfQzO8tvlB5sDEg%2F6d6juo%2F7hR5zLtsx3AxbWbHpmwcF7OSyZyPwkQyZejStlfM1yVRFc9JqPkXOpuA%3D%3D"
    CHR HKLM-x32\...\Chrome\Extension: [mbckjcfnjmoiinpgddefodcighgikkgn]
    2019-08-16 18:02 - 2019-08-16 18:02 - 000000000 _____ () C:\Users\baile\AppData\Local\BITCC06.tmp
    2019-08-16 18:02 - 2019-08-16 18:02 - 000000000 _____ () C:\Users\baile\AppData\Local\BITCC36.tmp
    CMD: DISM /Online /Cleanup-Image /RestoreHealth
    CMD: SFC /scannow
    EmptyTemp:

    *****************

    Restore point was successfully created.
    Processes closed successfully.
    "HKU\S-1-5-21-260720292-2504253849-2348319339-1001\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope" => removed successfully
    HKU\S-1-5-21-260720292-2504253849-2348319339-1001\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{D4DBA3E0-BA8B-43C2-9BDB-2CD84DB0CF9F} => removed successfully
    "HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{79DACE7C-7FD1-4534-8DB6-A4C01272E426}" => removed successfully
    "HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{B90D8F06-67FB-438F-BB03-1F9B0BE888D6}" => removed successfully
    "HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{FBAB87EB-3143-438F-A499-4B2B87274C23}" => removed successfully
    "HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{9855952E-5160-4906-86E7-81AC8D76D02F}" => removed successfully
    "HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{5AEB08F6-1C0B-4A4B-A8FF-5F4FAA13B07E}" => removed successfully
    "HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{B9A21285-F63E-47F8-82D6-F4B65D670A26}" => removed successfully
    "HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{729625C7-D1C6-4748-99F8-A1C988A69C5D}" => removed successfully
    "HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{7F47A809-E9D9-4151-A1D7-42CF484F58FB}" => removed successfully
    "HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{11ED6C43-1D20-42D9-9098-98883A44C353}" => removed successfully
    "HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{3DCEE9B3-CCED-434E-B228-53E643B35785}" => removed successfully
    "HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{57A1CEDB-9A69-42D6-B986-5288B604C51F}" => removed successfully
    "HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{6D052F5E-A43F-4219-9399-D83AF6C0EC20}" => removed successfully
    "HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{A57E59F3-37DD-4BC4-BD0D-CA4861594D14}" => removed successfully
    "HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{35CAA328-CAF4-45D0-861D-C51C75003317}" => removed successfully
    "HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{35CAA328-CAF4-45D0-861D-C51C75003317}" => removed successfully
    C:\WINDOWS\System32\Tasks\EOSv3 Scheduler onTime => moved successfully
    "HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\EOSv3 Scheduler onTime" => removed successfully
    "HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{3E154EAE-7138-4F19-9F37-D9157CEBB0E1}" => removed successfully
    "HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{3E154EAE-7138-4F19-9F37-D9157CEBB0E1}" => removed successfully
    C:\WINDOWS\System32\Tasks\Kaspersky_Upgrade_{E7FE8BD6-07C8-4138-AB61-92AA886397EA} => moved successfully
    "HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Kaspersky_Upgrade_{E7FE8BD6-07C8-4138-AB61-92AA886397EA}" => removed successfully
    "HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{4203DD3A-E54A-4B39-8EA5-4221F09A10C2}" => removed successfully
    "HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{4203DD3A-E54A-4B39-8EA5-4221F09A10C2}" => removed successfully
    "HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Lenovo\ImController\Plugins\LenovoSystemUpdatePlugin_WeeklyTask" => removed successfully
    "HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{75FC977E-C869-4B08-9988-563190B5B43B}" => removed successfully
    "HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{75FC977E-C869-4B08-9988-563190B5B43B}" => removed successfully
    "HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Lenovo\ImController\Lenovo iM Controller Scheduled Maintenance" => removed successfully
    "HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{803F7B91-5F41-4098-AA84-63C57968A1CA}" => removed successfully
    "HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{803F7B91-5F41-4098-AA84-63C57968A1CA}" => removed successfully
    C:\WINDOWS\System32\Tasks\TVT\TVSUUpdateTask => moved successfully
    "HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\TVT\TVSUUpdateTask" => removed successfully
    "HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Boot\{854037A7-409A-4E7E-8839-B64D9DD70321}" => removed successfully
    "HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{854037A7-409A-4E7E-8839-B64D9DD70321}" => removed successfully
    C:\WINDOWS\System32\Tasks\Antivirus Emergency Update => moved successfully
    "HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Antivirus Emergency Update" => removed successfully
    "HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{8C821A8B-B520-4EF5-9D53-D66DDE610A8F}" => removed successfully
    "HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{8C821A8B-B520-4EF5-9D53-D66DDE610A8F}" => removed successfully
    C:\WINDOWS\System32\Tasks\TVT\TVSUUpdateTask_UserLogOn => moved successfully
    "HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\TVT\TVSUUpdateTask_UserLogOn" => removed successfully
    "HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{A50783FA-E77E-4EC5-A69E-CE0ED433B888}" => removed successfully
    "HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{A50783FA-E77E-4EC5-A69E-CE0ED433B888}" => removed successfully
    C:\WINDOWS\System32\Tasks\EOSv3 Scheduler onLogOn => moved successfully
    "HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\EOSv3 Scheduler onLogOn" => removed successfully
    "HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{BDC5B506-7DF0-4127-BEE1-7C98924A29A4}" => removed successfully
    "HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{BDC5B506-7DF0-4127-BEE1-7C98924A29A4}" => removed successfully
    C:\WINDOWS\System32\Tasks\Lenovo\BatteryGauge\BatteryGaugeMaintenance => moved successfully
    "HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Lenovo\BatteryGauge\BatteryGaugeMaintenance" => removed successfully
    "HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{D16B6888-B74A-4AAC-976A-1D2AFE5D16E3}" => removed successfully
    "HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{D16B6888-B74A-4AAC-976A-1D2AFE5D16E3}" => removed successfully
    "HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Lenovo\ImController\Lenovo iM Controller Monitor" => removed successfully
    "HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{F60FFFC9-E623-4E0B-A0DA-769D93A59936}" => removed successfully
    "HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{F60FFFC9-E623-4E0B-A0DA-769D93A59936}" => removed successfully
    C:\WINDOWS\System32\Tasks\Adobe Uninstaller => moved successfully
    "HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Adobe Uninstaller" => removed successfully
    "HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Boot\{FD7E4D41-F141-40D9-AAB5-790B1C8CF50E}" => removed successfully
    "HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{FD7E4D41-F141-40D9-AAB5-790B1C8CF50E}" => removed successfully
    C:\WINDOWS\System32\Tasks\AVG\Overseer => moved successfully
    "HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\AVG\Overseer" => removed successfully
    HKCU\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\ExtensionsStore\datastore\Config\AutoFormFill_5ED10D46BD7E47DEB1F3685D2C0FCE08 => removed successfully
    HKCU\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\ExtensionsStore\datastore\Config\BookReader_B171F20233094AC88D05A8EF7B9763E8 => removed successfully
    HKCU\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\ExtensionsStore\datastore\Config\hdokiejnpimakedhajhdlcegeplioahd_LastPassLastPassFreePasswordManager_qq0fmhteeht3j => removed successfully
    HKCU\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\ExtensionsStore\datastore\Config\LearningTools_7706F933-971C-41D1-9899-8A026EB5D824 => removed successfully
    HKCU\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\ExtensionsStore\datastore\Config\PinJSAPI_EC01B57063BE468FAB6DB7EBFC3BF368 => removed successfully
    "Edge StartupUrls" => removed successfully
    HKLM\SOFTWARE\Wow6432Node\Google\Chrome\Extensions\mbckjcfnjmoiinpgddefodcighgikkgn => removed successfully
    C:\Users\baile\AppData\Local\BITCC06.tmp => moved successfully
    C:\Users\baile\AppData\Local\BITCC36.tmp => moved successfully

    ========= DISM /Online /Cleanup-Image /RestoreHealth =========

    Deployment Image Servicing and Management tool
    Version: 10.0.19041.844

    Image Version: 10.0.19042.1348

    [== 3.8% ]

    [== 4.5% ]

    [=== 5.3% ]

    [=== 6.3% ]

    [==== 7.0% ]

    [==== 8.0% ]

    [==== 8.2% ]

    [===== 9.2% ]

    [===== 10.1% ]

    [====== 11.1% ]

    [======= 12.1% ]

    [======= 13.1% ]

    [======== 14.0% ]

    [======== 15.0% ]

    [========= 16.0% ]

    [========= 17.0% ]

    [========== 18.0% ]

    [========== 18.9% ]

    [=========== 19.9% ]

    [============ 20.9% ]

    [============ 21.9% ]

    [============= 22.9% ]

    [============= 23.8% ]

    [============== 24.2% ]

    [============== 25.1% ]

    [============== 25.7% ]

    [=============== 26.0% ]

    [=============== 26.0% ]

    [=============== 27.0% ]

    [================ 28.0% ]

    [================ 29.0% ]

    [================= 30.0% ]

    [================= 30.9% ]

    [================== 31.9% ]

    [=================== 32.9% ]

    [=================== 33.9% ]

    [=================== 34.4% ]

    [==================== 35.4% ]

    [===================== 36.4% ]

    [===================== 37.3% ]

    [===================== 37.7% ]

    [====================== 38.1% ]

    [====================== 38.3% ]

    [====================== 38.6% ]

    [====================== 38.7% ]

    [====================== 39.1% ]

    [====================== 39.5% ]

    [======================= 39.8% ]

    [======================= 39.9% ]

    [======================= 40.8% ]

    [======================== 41.4% ]

    [======================== 42.2% ]

    [======================== 42.9% ]

    [========================= 43.5% ]

    [========================= 44.3% ]

    [========================= 44.6% ]

    [========================== 45.2% ]

    [========================== 46.1% ]

    [===========================47.0% ]

    [===========================48.0% ]

    [===========================49.0% ]

    [===========================50.0% ]

    [===========================50.9% ]

    [===========================51.9% ]

    [===========================52.9% ]

    [===========================53.7% ]

    [===========================53.7% ]

    [===========================53.7% ]

    [===========================53.8% ]

    [===========================53.9% ]

    [===========================53.9% ]

    [===========================54.0% ]

    [===========================54.0% ]

    [===========================54.0% ]

    [===========================54.0% ]

    [===========================54.1% ]

    [===========================54.1% ]

    [===========================54.2% ]

    [===========================54.3% ]

    [===========================54.3% ]

    [===========================54.4% ]

    [===========================54.5% ]

    [===========================54.5% ]

    [===========================54.6% ]

    [===========================54.6% ]

    [===========================54.6% ]

    [===========================54.6% ]

    [===========================54.7% ]

    [===========================54.7% ]

    [===========================54.7% ]

    [===========================54.8% ]

    [===========================54.8% ]

    [===========================54.9% ]

    [===========================54.9% ]

    [===========================55.0% ]

    [===========================55.2% ]

    [===========================55.3% ]

    [===========================55.4% ]

    [===========================55.5% ]

    [===========================55.6% ]

    [===========================55.6% ]

    [===========================55.7% ]

    [===========================56.6% ]

    [===========================57.6%= ]

    [===========================58.6%= ]

    [===========================59.5%== ]

    [===========================62.3%==== ]

    [===========================84.9%================= ]

    [==========================100.0%==========================]
    The restore operation completed successfully.
    The operation completed successfully.

    ========= End of CMD: =========

    ========= SFC /scannow =========

    Beginning system scan. This process will take some time.

    Beginning verification phase of system scan.

    Verification 0% complete.
    Verification 1% complete.
    Verification 1% complete.
    Verification 2% complete.
    Verification 3% complete.
    Verification 3% complete.
    Verification 4% complete.
    Verification 5% complete.
    Verification 5% complete.
    Verification 6% complete.
    Verification 7% complete.
    Verification 7% complete.
    Verification 8% complete.
    Verification 9% complete.
    Verification 9% complete.
    Verification 10% complete.
    Verification 10% complete.
    Verification 11% complete.
    Verification 12% complete.
    Verification 12% complete.
    Verification 13% complete.
    Verification 14% complete.
    Verification 14% complete.
    Verification 15% complete.
    Verification 16% complete.
    Verification 16% complete.
    Verification 17% complete.
    Verification 18% complete.
    Verification 18% complete.
    Verification 19% complete.
    Verification 19% complete.
    Verification 20% complete.
    Verification 21% complete.
    Verification 21% complete.
    Verification 22% complete.
    Verification 23% complete.
    Verification 23% complete.
    Verification 24% complete.
    Verification 25% complete.
    Verification 25% complete.
    Verification 26% complete.
    Verification 27% complete.
    Verification 27% complete.
    Verification 28% complete.
    Verification 29% complete.
    Verification 29% complete.
    Verification 30% complete.
    Verification 30% complete.
    Verification 31% complete.
    Verification 32% complete.
    Verification 32% complete.
    Verification 33% complete.
    Verification 34% complete.
    Verification 34% complete.
    Verification 35% complete.
    Verification 36% complete.
    Verification 36% complete.
    Verification 37% complete.
    Verification 38% complete.
    Verification 38% complete.
    Verification 39% complete.
    Verification 39% complete.
    Verification 40% complete.
    Verification 41% complete.
    Verification 41% complete.
    Verification 42% complete.
    Verification 43% complete.
    Verification 43% complete.
    Verification 44% complete.
    Verification 45% complete.
    Verification 45% complete.
    Verification 46% complete.
    Verification 47% complete.
    Verification 47% complete.
    Verification 48% complete.
    Verification 48% complete.
    Verification 49% complete.
    Verification 50% complete.
    Verification 50% complete.
    Verification 51% complete.
    Verification 52% complete.
    Verification 52% complete.
    Verification 53% complete.
    Verification 54% complete.
    Verification 54% complete.
    Verification 55% complete.
    Verification 56% complete.
    Verification 56% complete.
    Verification 57% complete.
    Verification 58% complete.
    Verification 58% complete.
    Verification 59% complete.
    Verification 59% complete.
    Verification 60% complete.
    Verification 61% complete.
    Verification 61% complete.
    Verification 62% complete.
    Verification 63% complete.
    Verification 63% complete.
    Verification 64% complete.
    Verification 65% complete.
    Verification 65% complete.
    Verification 66% complete.
    Verification 67% complete.
    Verification 67% complete.
    Verification 68% complete.
    Verification 68% complete.
    Verification 69% complete.
    Verification 70% complete.
    Verification 70% complete.
    Verification 71% complete.
    Verification 72% complete.
    Verification 72% complete.
    Verification 73% complete.
    Verification 74% complete.
    Verification 74% complete.
    Verification 75% complete.
    Verification 76% complete.
    Verification 76% complete.
    Verification 77% complete.
    Verification 77% complete.
    Verification 78% complete.
    Verification 79% complete.
    Verification 79% complete.
    Verification 80% complete.
    Verification 81% complete.
    Verification 81% complete.
    Verification 82% complete.
    Verification 83% complete.
    Verification 83% complete.
    Verification 84% complete.
    Verification 85% complete.
    Verification 85% complete.
    Verification 86% complete.
    Verification 87% complete.
    Verification 87% complete.
    Verification 88% complete.
    Verification 88% complete.
    Verification 89% complete.
    Verification 90% complete.
    Verification 90% complete.
    Verification 91% complete.
    Verification 92% complete.
    Verification 92% complete.
    Verification 93% complete.
    Verification 94% complete.
    Verification 94% complete.
    Verification 95% complete.
    Verification 96% complete.
    Verification 96% complete.
    Verification 97% complete.
    Verification 97% complete.
    Verification 98% complete.
    Verification 99% complete.
    Verification 99% complete.
    Verification 100% complete.

    Windows Resource Protection found corrupt files and successfully repaired them.

    For online repairs, details are included in the CBS log file located at

    windir\Logs\CBS\CBS.log. For example C:\Windows\Logs\CBS\CBS.log. For offline

    repairs, details are included in the log file provided by the /OFFLOGFILE flag.

    ========= End of CMD: =========

    =========== EmptyTemp: ==========

    BITS transfer queue => 0 B
    DOMStore, IE Recovery, AppCache, Feeds Cache, Thumbcache, IconCache => 1399662400 B
    Java, Flash, Steam htmlcache => 84360260 B
    Windows/system/drivers => 10775482 B
    Edge => 0 B
    Chrome => 905107563 B
    Firefox => 0 B
    Opera => 0 B

    Temp, IE cache, history, cookies, recent:
    Default => 0 B
    ProgramData => 0 B
    Public => 0 B
    systemprofile => 0 B
    systemprofile32 => 0 B
    LocalService => 0 B
    NetworkService => 1578308 B
    baile => 905832042 B
    supportaccount => 905832042 B

    RecycleBin => 3681635 B
    EmptyTemp: => 3.9 GB temporary data Removed.

    ================================

    The system needed a reboot.

    ==== End of Fixlog 05:42:22 ====
 
#10 ·
They were all done in the order you instructed, but deleted the Fixlog So they are out of order. Very Sorry.
  1. The Malwarebytes report
  2. Malwarebytes
    www.malwarebytes.com

    -Log Details-
    Scan Date: 12/4/21
    Scan Time: 6:12 AM
    Log File: 6d5c1510-54fb-11ec-88a7-00ff4b07db70.json

    -Software Information-
    Version: 4.4.10.144
    Components Version: 1.0.1499
    Update Package Version: 1.0.48132
    License: Trial

    -System Information-
    OS: Windows 10 (Build 19042.1348)
    CPU: x64
    File System: NTFS
    User: YOGA720-15IKB\bailey

    -Scan Summary-
    Scan Type: Threat Scan
    Scan Initiated By: Manual
    Result: Completed
    Objects Scanned: 328175
    Threats Detected: 0
    Threats Quarantined: 0
    Time Elapsed: 4 min, 48 sec

    -Scan Options-
    Memory: Enabled
    Startup: Enabled
    Filesystem: Enabled
    Archives: Enabled
    Rootkits: Enabled
    Heuristics: Enabled
    PUP: Detect
    PUM: Detect

    -Scan Details-
    Process: 0
    (No malicious items detected)

    Module: 0
    (No malicious items detected)

    Registry Key: 0
    (No malicious items detected)

    Registry Value: 0
    (No malicious items detected)

    Registry Data: 0
    (No malicious items detected)

    Data Stream: 0
    (No malicious items detected)

    Folder: 0
    (No malicious items detected)

    File: 0
    (No malicious items detected)

    Physical Sector: 0
    (No malicious items detected)

    WMI: 0
    (No malicious items detected)

    (end)
 
#12 ·
Thank you. :)

Let's continue.

1. AdwCleaner (Clean mode)
  • Double click AdwCleaner.exe on your Desktop, to run it as you did before.
  • Click Scan Now.
  • When the scan has finished a Scan Results window will open.
  • Please check all the boxes and then click Quarantine (nothing was found in your case)
  • Click Next.
    • If any pre-installed software was found on your machine, a prompt window will open. Click OK to close it.
    • Check any pre-installed software items you want to remove (please select the 2 items found).
    • Click Quarantine.
  • A prompt to save your work will appear.
    • Click Continue when you're ready to proceed.
  • A prompt to restart your computer will appear.
    • Click Restart Now.
  • Once your computer has restarted:
    • If it doesn't open automatically, please start AdwCleaner.
    • Click the Log Files tab.
    • Double click on the latest Clean log (Clean logs have a [C0*] suffix, where * is replaced by a number, the latest scan will have the largest number)
    • A Notepad file will open containing the results of the removal.
    • Please post the contents of the file in your next reply.

2. Fresh FRST logs.
  • Double-click on the FRST icon to run it, as you did before. When the tool opens click Yes to disclaimer.
  • Press Scan button and wait for a while.
  • The scanner will produced two logs on your Desktop: FRST.txt and Addition.txt.
  • Please copy and paste the content of these two logs in your next reply.

In your next reply please post:
  1. The AdwCleaner[C0*].txt
  2. The fresh FRST logs, Addition and FRST
 
#13 ·
# -------------------------------
# Malwarebytes AdwCleaner 8.3.1.0
# -------------------------------
# Build: 11-18-2021
# Database: 2021-12-02.1 (Cloud)
# Support: https://www.malwarebytes.com/support
#
# -------------------------------
# Mode: Clean
# -------------------------------
# Start: 12-04-2021
# Duration: 00:00:00
# OS: Windows 10 Home
# Cleaned: 2
# Awaiting reboot:1
# Failed: 0

***** [ Services ] *****

No malicious services cleaned.

***** [ Folders ] *****

No malicious folders cleaned.

***** [ Files ] *****

No malicious files cleaned.

***** [ DLL ] *****

No malicious DLLs cleaned.

***** [ WMI ] *****

No malicious WMI cleaned.

***** [ Shortcuts ] *****

No malicious shortcuts cleaned.

***** [ Tasks ] *****

No malicious tasks cleaned.

***** [ Registry ] *****

No malicious registry entries cleaned.

***** [ Chromium (and derivatives) ] *****

No malicious Chromium entries cleaned.

***** [ Chromium URLs ] *****

No malicious Chromium URLs cleaned.

***** [ Firefox (and derivatives) ] *****

No malicious Firefox entries cleaned.

***** [ Firefox URLs ] *****

No malicious Firefox URLs cleaned.

***** [ Hosts File Entries ] *****

No malicious hosts file entries cleaned.

***** [ Preinstalled Software ] *****

Deleted Preinstalled.LenovoIMController Folder C:\ProgramData\LENOVO\IMCONTROLLER
Needs Reboot Preinstalled.LenovoIMController Folder C:\Windows\LENOVO\IMCONTROLLER

*************************

[+] Delete Tracing Keys
[+] Reset Winsock

*************************

***** Reboot Required to Complete *****

***** [ Folders ] *****

Cleaning failed C:\Windows\LENOVO\IMCONTROLLER

*************************

AdwCleaner_Debug.log - [441356 octets] - [14/11/2019 02:07:22]
AdwCleaner[S00].txt - [1388 octets] - [14/11/2019 02:07:42]
AdwCleaner[C00].txt - [1576 octets] - [14/11/2019 02:08:01]
AdwCleaner[S01].txt - [1511 octets] - [16/11/2019 15:46:51]
AdwCleaner[C01].txt - [1699 octets] - [16/11/2019 15:47:00]
AdwCleaner[S02].txt - [1633 octets] - [16/11/2019 17:10:20]
AdwCleaner[S03].txt - [1694 octets] - [17/11/2019 01:02:06]
AdwCleaner[C03].txt - [1882 octets] - [17/11/2019 01:02:20]
AdwCleaner[S04].txt - [1816 octets] - [22/11/2019 15:52:44]
AdwCleaner[C04].txt - [2004 octets] - [22/11/2019 19:37:57]
AdwCleaner[S05].txt - [1981 octets] - [26/11/2019 16:47:36]
AdwCleaner[C05].txt - [2149 octets] - [26/11/2019 16:47:58]
AdwCleaner[S06].txt - [2060 octets] - [27/11/2019 18:34:45]
AdwCleaner[C06].txt - [2248 octets] - [27/11/2019 19:09:57]
AdwCleaner[S07].txt - [2182 octets] - [29/11/2019 14:19:30]
AdwCleaner[C07].txt - [2370 octets] - [29/11/2019 14:20:14]
AdwCleaner[S08].txt - [2304 octets] - [02/12/2019 19:27:50]
AdwCleaner[S09].txt - [2365 octets] - [11/12/2019 16:12:44]
AdwCleaner[C09].txt - [2553 octets] - [11/12/2019 16:12:54]
AdwCleaner[S10].txt - [2487 octets] - [13/12/2019 22:28:22]
AdwCleaner[S11].txt - [2548 octets] - [19/12/2019 00:02:39]
AdwCleaner[S12].txt - [2609 octets] - [26/12/2019 16:17:49]
AdwCleaner[S13].txt - [2670 octets] - [08/01/2020 23:23:12]
AdwCleaner[C13].txt - [2858 octets] - [08/01/2020 23:23:22]
AdwCleaner[S14].txt - [3205 octets] - [13/01/2020 04:37:35]
AdwCleaner[C14].txt - [3355 octets] - [13/01/2020 04:39:50]
AdwCleaner[S15].txt - [2994 octets] - [10/02/2020 05:11:01]
AdwCleaner[S16].txt - [3055 octets] - [11/02/2020 05:51:10]
AdwCleaner[C16].txt - [3245 octets] - [11/02/2020 05:51:19]
AdwCleaner[S17].txt - [3177 octets] - [14/02/2020 15:18:29]
AdwCleaner[S18].txt - [3238 octets] - [20/02/2020 04:02:12]
AdwCleaner[S19].txt - [3299 octets] - [22/02/2020 09:50:36]
AdwCleaner[C19].txt - [3489 octets] - [22/02/2020 09:50:58]
AdwCleaner[S20].txt - [3421 octets] - [24/02/2020 05:06:12]
AdwCleaner[S21].txt - [3482 octets] - [24/02/2020 17:23:21]
AdwCleaner[S22].txt - [3543 octets] - [13/03/2020 19:58:29]
AdwCleaner[C22].txt - [3733 octets] - [13/03/2020 19:58:44]
AdwCleaner[S23].txt - [3665 octets] - [24/03/2020 02:42:27]
AdwCleaner[S24].txt - [3726 octets] - [07/04/2020 03:18:20]
AdwCleaner[C24].txt - [3916 octets] - [07/04/2020 03:21:34]
AdwCleaner[S25].txt - [3848 octets] - [05/05/2020 02:12:43]
AdwCleaner[C25].txt - [4038 octets] - [05/05/2020 02:13:36]
AdwCleaner[S26].txt - [3970 octets] - [08/05/2020 01:32:57]
AdwCleaner[S27].txt - [4031 octets] - [10/05/2020 01:34:37]
AdwCleaner[S28].txt - [4092 octets] - [12/05/2020 01:29:37]
AdwCleaner[S29].txt - [4153 octets] - [22/05/2020 23:00:19]
AdwCleaner[S30].txt - [4214 octets] - [05/06/2020 04:18:07]
AdwCleaner[S31].txt - [4275 octets] - [12/06/2020 00:52:10]
AdwCleaner[S32].txt - [4336 octets] - [15/06/2020 00:38:19]
AdwCleaner[S33].txt - [5188 octets] - [29/06/2020 02:36:13]
AdwCleaner[C33].txt - [5367 octets] - [29/06/2020 16:44:06]
AdwCleaner[S34].txt - [4519 octets] - [09/07/2020 03:35:12]
AdwCleaner[C34].txt - [4709 octets] - [09/07/2020 03:35:26]
AdwCleaner[S35].txt - [4641 octets] - [18/07/2020 14:21:40]
AdwCleaner[C35].txt - [4831 octets] - [18/07/2020 14:21:52]
AdwCleaner[S36].txt - [4763 octets] - [21/07/2020 15:02:31]
AdwCleaner[C36].txt - [4953 octets] - [21/07/2020 15:02:38]
AdwCleaner[S37].txt - [4885 octets] - [28/07/2020 12:43:44]
AdwCleaner[C37].txt - [5075 octets] - [28/07/2020 12:44:33]
AdwCleaner[S38].txt - [5007 octets] - [02/08/2020 04:24:52]
AdwCleaner[C38].txt - [5197 octets] - [02/08/2020 04:25:07]
AdwCleaner[S39].txt - [5352 octets] - [03/08/2020 01:59:14]
AdwCleaner[C39].txt - [5504 octets] - [03/08/2020 01:59:25]
AdwCleaner[S40].txt - [5251 octets] - [03/08/2020 13:31:31]
AdwCleaner[S41].txt - [5312 octets] - [03/08/2020 20:01:07]
AdwCleaner[C41].txt - [5502 octets] - [03/08/2020 20:01:22]
AdwCleaner[S42].txt - [5434 octets] - [04/08/2020 05:20:04]
AdwCleaner[S43].txt - [5950 octets] - [06/10/2020 03:42:13]
AdwCleaner[C43].txt - [6203 octets] - [06/10/2020 03:43:10]
AdwCleaner[S44].txt - [5925 octets] - [11/10/2020 03:57:22]
AdwCleaner[S45].txt - [5986 octets] - [11/10/2020 03:58:07]
AdwCleaner[C45].txt - [6226 octets] - [11/10/2020 03:58:35]
AdwCleaner[S46].txt - [5800 octets] - [17/10/2020 06:02:56]
AdwCleaner[C46].txt - [5990 octets] - [17/10/2020 06:04:44]
AdwCleaner[S47].txt - [5922 octets] - [26/10/2020 05:08:28]
AdwCleaner[C47].txt - [6112 octets] - [26/10/2020 20:47:14]
AdwCleaner[S48].txt - [6044 octets] - [29/10/2020 02:59:58]
AdwCleaner[C48].txt - [6234 octets] - [29/10/2020 12:59:33]
AdwCleaner[S49].txt - [6621 octets] - [03/11/2020 04:50:40]
AdwCleaner[S50].txt - [6682 octets] - [18/11/2020 02:06:54]
AdwCleaner[C50].txt - [6935 octets] - [18/11/2020 19:34:28]
AdwCleaner[S51].txt - [6657 octets] - [26/11/2020 02:29:45]
AdwCleaner[S52].txt - [6718 octets] - [07/12/2020 02:58:05]
AdwCleaner[C52].txt - [6958 octets] - [07/12/2020 02:58:27]
AdwCleaner[S53].txt - [6532 octets] - [07/12/2020 13:02:51]
AdwCleaner[C53].txt - [6722 octets] - [07/12/2020 13:02:58]
AdwCleaner[S54].txt - [6654 octets] - [13/12/2020 04:37:06]
AdwCleaner[C54].txt - [6844 octets] - [13/12/2020 14:47:02]
AdwCleaner[S55].txt - [6777 octets] - [22/12/2020 04:02:12]
AdwCleaner[C55].txt - [6967 octets] - [22/12/2020 04:06:03]
AdwCleaner[S56].txt - [6899 octets] - [07/01/2021 04:59:59]
AdwCleaner[S57].txt - [6960 octets] - [20/01/2021 14:31:13]
AdwCleaner[C57].txt - [7150 octets] - [20/01/2021 14:31:27]
AdwCleaner[S58].txt - [7081 octets] - [22/02/2021 04:56:47]
AdwCleaner[S59].txt - [7597 octets] - [09/03/2021 02:49:15]
AdwCleaner[C59].txt - [8093 octets] - [09/03/2021 02:49:45]
AdwCleaner[S60].txt - [7572 octets] - [17/03/2021 04:55:24]
AdwCleaner[C60].txt - [7813 octets] - [17/03/2021 04:55:52]
AdwCleaner[S61].txt - [7386 octets] - [25/03/2021 04:11:04]
AdwCleaner[C61].txt - [7577 octets] - [25/03/2021 04:11:21]
AdwCleaner[S62].txt - [7688 octets] - [03/04/2021 05:55:02]
AdwCleaner[C62].txt - [7840 octets] - [03/04/2021 05:55:11]
AdwCleaner[S63].txt - [7631 octets] - [10/04/2021 03:17:12]
AdwCleaner[S64].txt - [7692 octets] - [16/04/2021 04:34:30]
AdwCleaner[C64].txt - [7882 octets] - [16/04/2021 20:45:15]
AdwCleaner[S65].txt - [7814 octets] - [19/04/2021 05:00:41]
AdwCleaner[C65].txt - [8004 octets] - [19/04/2021 16:05:11]
AdwCleaner[S66].txt - [8391 octets] - [01/05/2021 05:20:44]
AdwCleaner[C66].txt - [8644 octets] - [01/05/2021 05:21:13]
AdwCleaner[S67].txt - [8058 octets] - [20/05/2021 04:37:53]
AdwCleaner[C67].txt - [8248 octets] - [20/05/2021 04:38:16]
AdwCleaner[S68].txt - [8180 octets] - [03/06/2021 03:48:23]
AdwCleaner[C68].txt - [8370 octets] - [03/06/2021 03:48:33]
AdwCleaner[S69].txt - [8302 octets] - [08/06/2021 04:29:54]
AdwCleaner[C69].txt - [8492 octets] - [08/06/2021 04:30:02]
AdwCleaner[S70].txt - [8424 octets] - [03/07/2021 00:54:42]
AdwCleaner[S71].txt - [8485 octets] - [10/07/2021 02:27:45]
AdwCleaner[C71].txt - [8675 octets] - [10/07/2021 02:27:51]
AdwCleaner[S72].txt - [8607 octets] - [22/07/2021 12:35:11]
AdwCleaner[S73].txt - [8668 octets] - [27/07/2021 02:05:43]
AdwCleaner[S74].txt - [9184 octets] - [25/08/2021 18:34:50]
AdwCleaner[C74].txt - [9679 octets] - [25/08/2021 18:36:04]
AdwCleaner[S75].txt - [9159 octets] - [06/10/2021 16:06:13]
AdwCleaner[C75].txt - [9573 octets] - [06/10/2021 19:25:02]
AdwCleaner[S76].txt - [9187 octets] - [15/10/2021 22:46:37]
AdwCleaner[C76].txt - [9588 octets] - [15/10/2021 22:47:05]
AdwCleaner[S77].txt - [9309 octets] - [20/11/2021 02:42:24]
AdwCleaner[C77].txt - [9710 octets] - [20/11/2021 02:42:43]
AdwCleaner[S78].txt - [9431 octets] - [28/11/2021 03:27:46]
AdwCleaner[C78].txt - [9832 octets] - [28/11/2021 06:28:09]
AdwCleaner[S79].txt - [9553 octets] - [01/12/2021 02:20:59]
AdwCleaner[S80].txt - [9614 octets] - [04/12/2021 04:39:31]
AdwCleaner[C80].txt - [10015 octets] - [04/12/2021 04:39:56]
AdwCleaner[S81].txt - [9646 octets] - [04/12/2021 05:51:42]
AdwCleaner[S82].txt - [9707 octets] - [04/12/2021 07:27:19]
AdwCleaner[S83].txt - [9768 octets] - [04/12/2021 07:30:46]
AdwCleaner[C83].txt - [10156 octets] - [04/12/2021 07:31:28]
AdwCleaner[S84].txt - [9891 octets] - [04/12/2021 07:34:53]

########## EOF - C:\AdwCleaner\Logs\AdwCleaner[C84].txt ##########
 
#15 ·
Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 01-12-2021
Ran by bailey (administrator) on YOGA720-15IKB (LENOVO 80X7) (04-12-2021 07:41:35)
Running from C:\Users\baile\Desktop
Loaded Profiles: bailey
Platform: Microsoft Windows 10 Home Version 20H2 19042.1348 (X64) Language: English (United States)
Default browser: Chrome
Boot Mode: Normal

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(Adobe Inc. -> Adobe Systems, Incorporated) C:\Program Files (x86)\Common Files\Adobe\AdobeGCClient\AGMService.exe
(Adobe Inc. -> Adobe Systems, Incorporated) C:\Program Files (x86)\Common Files\Adobe\AdobeGCClient\AGSService.exe
(Apple Inc. -> Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(Apple Inc. -> Apple Inc.) C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(Apple Inc.) C:\Program Files\WindowsApps\AppleInc.iCloud_12.5.74.0_x86__nzyj5cx40ttqa\iCloud\APSDaemon.exe
(Apple Inc.) C:\Program Files\WindowsApps\AppleInc.iCloud_12.5.74.0_x86__nzyj5cx40ttqa\iCloud\iCloudServices.exe
(Dolby Laboratories, Inc. -> ) C:\Program Files\Dolby\Dolby DAX3\API\DAX3API.exe
(Dolby Laboratories, Inc. -> Dolby Laboratories, Inc.) C:\Program Files\Dolby\Dolby DAX3\APP\DAX3TrayIcon.exe
(Express Vpn LLC -> ExpressVPN) C:\Program Files (x86)\ExpressVPN\bootstrap\amd64\nssm.exe
(Express Vpn LLC -> ExpressVPN) C:\Program Files (x86)\ExpressVPN\expressvpnd\expressvpnd.exe
(Express Vpn LLC -> ExpressVPN) C:\Program Files (x86)\ExpressVPN\expressvpn-ui\ExpressVPN.exe
(Express Vpn LLC -> ExpressVPN) C:\Program Files (x86)\ExpressVPN\expressvpn-ui\ExpressVPNNotificationService.exe
(Fitbit, Inc. -> Fitbit, Inc.) [File not signed] C:\Users\baile\Downloads\FitbitConnectService.exe
(Google LLC -> Google LLC) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe <14>
(Google LLC -> Google LLC) C:\Program Files (x86)\Google\Update\1.3.36.112\GoogleCrashHandler.exe
(Google LLC -> Google LLC) C:\Program Files (x86)\Google\Update\1.3.36.112\GoogleCrashHandler64.exe
(HP Inc. -> HP Inc.) C:\Program Files\HPPrintScanDoctor\HPPrintScanDoctorService.exe
(Intel Corporation -> Intel Corporation) C:\Windows\System32\Intel\DPTF\esif_uf.exe
(Intel Corporation -> Intel Corporation) C:\Windows\Temp\DPTF\esif_assist_64.exe
(Intel(R) pGFX -> Intel Corporation) C:\Windows\System32\DriverStore\FileRepository\igdlh64.inf_amd64_3d757484a892eacf\igfxCUIService.exe
(Intel(R) pGFX -> Intel Corporation) C:\Windows\System32\DriverStore\FileRepository\igdlh64.inf_amd64_3d757484a892eacf\igfxEM.exe
(Intel(R) pGFX -> Intel Corporation) C:\Windows\System32\DriverStore\FileRepository\igdlh64.inf_amd64_3d757484a892eacf\IntelCpHDCPSvc.exe
(Intel(R) pGFX -> Intel Corporation) C:\Windows\System32\DriverStore\FileRepository\igdlh64.inf_amd64_3d757484a892eacf\IntelCpHeciSvc.exe
(Intel(R) Wireless Connectivity Solutions -> Intel Corporation) C:\Windows\System32\ibtsiva.exe
(Lenovo -> Lenovo Group Ltd.) C:\Windows\Lenovo\ImController\Service\Lenovo.Modern.ImController.exe
(Logitech Inc -> Logitech) C:\ProgramData\Logishrd\LogiOptions\Software\Current\LogiOverlay.exe
(Logitech Inc -> Logitech, Inc.) C:\Program Files\Logitech\LogiOptions\LogiOptions.exe
(Logitech Inc -> Logitech, Inc.) C:\ProgramData\Logishrd\LogiOptions\Software\Current\LogiOptionsMgr.exe
(Microsoft Corporation -> Microsoft Corporation) C:\Program Files\Microsoft Office 15\ClientX64\officeclicktorun.exe
(Microsoft Corporation -> Microsoft Corporation) C:\Program Files\Microsoft Office 15\root\office15\ONENOTEM.EXE
(Microsoft Corporation -> Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v3.0\WPF\PresentationFontCache.exe
(Microsoft Corporation) C:\Program Files\WindowsApps\Microsoft.549981C3F5F10_3.2110.13603.0_x64__8wekyb3d8bbwe\Cortana.exe
(Microsoft Corporation) C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_16005.14326.20544.0_x64__8wekyb3d8bbwe\HxOutlook.exe
(Microsoft Corporation) C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_16005.14326.20544.0_x64__8wekyb3d8bbwe\HxTsr.exe
(Microsoft Corporation) C:\Program Files\WindowsApps\Microsoft.YourPhone_1.21102.134.0_x64__8wekyb3d8bbwe\YourPhoneAppProxy\YourPhoneAppProxy.exe
(Microsoft Windows -> Microsoft Corporation) C:\Windows\ImmersiveControlPanel\SystemSettings.exe
(Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\smartscreen.exe
(Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\wlanext.exe
(Microsoft Windows -> Microsoft Corporation) C:\Windows\SysWOW64\wbem\WmiPrvSE.exe
(Microsoft Windows Publisher -> Microsoft Corporation) C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.2110.6-0\MsMpEng.exe
(Microsoft Windows Publisher -> Microsoft Corporation) C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.2110.6-0\NisSrv.exe
(Realtek Semiconductor Corp. -> Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe <3>
(Realtek Semiconductor Corp. -> Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
(Realtek Semiconductor Corp. -> Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RtkAudioService64.exe
(Wacom Technology Corp. -> Wacom Technology) C:\Program Files\Tablet\ISD\WacomHost.exe
(Wacom Technology Corporation -> Wacom Technology, Corp.) C:\Program Files\Tablet\ISD\ISD_Tablet.exe
(Wacom Technology Corporation -> Wacom Technology, Corp.) C:\Program Files\Tablet\ISD\ISD_TabletUser.exe
(Wacom Technology Corporation -> Wacom Technology, Corp.) C:\Program Files\Tablet\ISD\WTabletServiceISD.exe
(Western Digital Technologies, Inc. -> Western Digital Technologies, Inc.) C:\Program Files (x86)\Western Digital\WD App Manager\Plugins\WD Backup\App\WDBackupService.exe
(Western Digital Technologies, Inc. -> Western Digital Technologies, Inc.) C:\Program Files (x86)\Western Digital\WD App Manager\WDAppManager.exe

==================== Registry (Whitelisted) ===================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [AdobeAAMUpdater-1.0] => C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe [509936 2018-04-10] (Adobe Systems Incorporated -> Adobe Systems Incorporated)
HKLM\...\Run: [AdobeGCInvoker-1.0] => C:\Program Files (x86)\Common Files\Adobe\AdobeGCClient\AGCInvokerUtility.exe [3412736 2021-09-07] (Adobe Inc. -> Adobe Systems, Incorporated)
HKLM\...\Run: [RTHDVCPL] => C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [18382824 2017-08-10] (Realtek Semiconductor Corp. -> Realtek Semiconductor)
HKLM\...\Run: [RtHDVBg_Dolby] => C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe [1493992 2017-08-10] (Realtek Semiconductor Corp. -> Realtek Semiconductor)
HKLM\...\Run: [RtHDVBg_LENOVO_DOLBYDRAGON] => C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe [1493992 2017-08-10] (Realtek Semiconductor Corp. -> Realtek Semiconductor)
HKLM\...\Run: [APP] => C:\Program Files\Dolby\Dolby DAX3\APP\DAX3TrayIcon.exe [999216 2017-04-28] (Dolby Laboratories, Inc. -> Dolby Laboratories, Inc.)
HKLM\...\Run: [iTunesHelper] => C:\Users\baile\Downloads\iTunesHelper.exe [340440 2021-04-16] (Apple Inc. -> Apple Inc.)
HKLM\...\Run: [LogiOptions] => C:\Program Files\Logitech\LogiOptions\LogiOptions.exe [1675680 2021-09-24] (Logitech Inc -> Logitech, Inc.)
HKLM-x32\...\Run: [WDAppManager] => C:\Program Files (x86)\Western Digital\WD App Manager\AppManagerLauncher.exe [21888 2018-01-24] (Western Digital Technologies, Inc. -> Western Digital Technologies, Inc.)
HKLM-x32\...\Run: [Polarr] => C:\ProgramData\SquirrelMachineInstalls\Polarr.exe [73300232 2020-06-16] (Polarr, Inc. -> Polarr, Inc.) [File not signed]
HKLM-x32\...\Run: [Fitbit Connect] => C:\Users\baile\Downloads\Fitbit Connect.exe [3414184 2015-09-11] (Fitbit, Inc. -> Fitbit, Inc.) [File not signed]
HKLM-x32\...\Run: [ExpressVPNNotificationService] => C:\Program Files (x86)\ExpressVPN\expressvpn-ui\ExpressVPNNotificationServiceStarter.exe [373600 2021-01-18] (Express Vpn LLC -> ExpressVPN)
HKU\S-1-5-21-260720292-2504253849-2348319339-1001\...\Run: [Fitbit Connect] => C:\Users\baile\Downloads\Fitbit Connect.exe [3414184 2015-09-11] (Fitbit, Inc. -> Fitbit, Inc.) [File not signed]
HKU\S-1-5-21-260720292-2504253849-2348319339-1001\...\Run: [Steam] => C:\Users\baile\New folder\steam.exe [3421984 2020-12-07] (Valve -> Valve Corporation)
HKU\S-1-5-21-260720292-2504253849-2348319339-1001\...\Run: [ExpressVPN4] => C:\Program Files (x86)\ExpressVPN\expressvpn-ui\ExpressVPN.exe [850272 2021-01-18] (Express Vpn LLC -> ExpressVPN)
HKU\S-1-5-21-260720292-2504253849-2348319339-1003\...\RunOnce: [Delete Cached Update Binary] => C:\WINDOWS\system32\cmd.exe /q /c del /q "C:\Users\supportaccount\AppData\Local\Microsoft\OneDrive\Update\OneDriveSetup.exe"
HKU\S-1-5-21-260720292-2504253849-2348319339-1003\...\RunOnce: [Delete Cached Standalone Update Binary] => C:\WINDOWS\system32\cmd.exe /q /c del /q "C:\Users\supportaccount\AppData\Local\Microsoft\OneDrive\StandaloneUpdater\OneDriveSetup.exe"
HKU\S-1-5-21-260720292-2504253849-2348319339-1003\...\RunOnce: [Uninstall 20.114.0607.0002\amd64] => C:\WINDOWS\system32\cmd.exe /q /c rmdir /s /q "C:\Users\supportaccount\AppData\Local\Microsoft\OneDrive\20.114.0607.0002\amd64"
HKU\S-1-5-21-260720292-2504253849-2348319339-1003\...\RunOnce: [Uninstall 20.114.0607.0002] => C:\WINDOWS\system32\cmd.exe /q /c rmdir /s /q "C:\Users\supportaccount\AppData\Local\Microsoft\OneDrive\20.114.0607.0002"
HKLM\...\Print\Monitors\HP 5912 Status Monitor: hpinksts5912LM.dll
HKLM\Software\Microsoft\Active Setup\Installed Components: [{8A69D345-D564-463c-AFF1-A69D9E530F96}] -> C:\Program Files (x86)\Google\Chrome\Application\96.0.4664.45\Installer\chrmstp.exe [2021-11-18] (Google LLC -> Google LLC)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\UltraVPN.lnk [2019-02-01]
ShortcutTarget: UltraVPN.lnk -> C:\Program Files (x86)\UltraVPN\UltraVPN.exe (No File)
Startup: C:\Users\baile\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Send to OneNote.lnk [2021-02-04]
ShortcutTarget: Send to OneNote.lnk -> C:\Program Files\Microsoft Office 15\root\office15\ONENOTEM.EXE (Microsoft Corporation -> Microsoft Corporation)

==================== Scheduled Tasks (Whitelisted) ============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

Task: {0E41EACB-602F-472D-A50B-BAC99EBC6892} - System32\Tasks\AdobeAAMUpdater-1.0-MicrosoftAccount-baileyl032017@outlook.com => C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe [509936 2018-04-10] (Adobe Systems Incorporated -> Adobe Systems Incorporated)
Task: {10D771B3-2D11-4309-B81F-F345B570E2B4} - System32\Tasks\CreateExplorerShellUnelevatedTask => C:\WINDOWS\Explorer.exe /NOUACCHECK
Task: {138C7D27-E8F7-45CF-824E-5382F35FB876} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [153168 2017-12-30] (Google Inc -> Google Inc.)
Task: {1F3D31A8-1D0B-47FF-8300-4DE9302035ED} - System32\Tasks\HPPSDrTelemetryWatch => C:\Program Files (x86)\HP\Diagnostics\TelemetryWatch\PSDrTelemetryWatch.exe [32808 2020-01-14] (HP Inc. -> )
Task: {25B126E2-E129-4B8C-A051-AE8F6C2AC12F} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [153168 2017-12-30] (Google Inc -> Google Inc.)
Task: {2B43315B-9203-4867-B1B8-DDE1FCA2DAB0} - System32\Tasks\Microsoft\Windows\Windows Defender\Windows Defender Verification => C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.2110.6-0\MpCmdRun.exe [901056 2021-11-02] (Microsoft Windows Publisher -> Microsoft Corporation)
Task: {2DFF51F1-CABB-4908-BA77-B2BAB7347C9C} - System32\Tasks\Lenovo\Lenovo Service Bridge\S-1-5-21-260720292-2504253849-2348319339-1001 => C:\Users\baile\AppData\Local\Programs\Lenovo\Lenovo Service Bridge\LSBUpdater.exe (No File)
Task: {5354DF98-3BD6-4CF4-A69D-0760B8DCCED0} - System32\Tasks\AdobeGCInvoker-1.0 => C:\Program Files (x86)\Common Files\Adobe\AdobeGCClient\AGCInvokerUtility.exe [3412736 2021-09-07] (Adobe Inc. -> Adobe Systems, Incorporated)
Task: {62A2E1E1-C65A-45F3-824B-C6065D3A8234} - System32\Tasks\Microsoft\Windows\Windows Defender\Windows Defender Cache Maintenance => C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.2110.6-0\MpCmdRun.exe [901056 2021-11-02] (Microsoft Windows Publisher -> Microsoft Corporation)
Task: {7848135A-8EF5-4AFB-A798-B422DE4CA12A} - \Lenovo\ImController\TimeBasedEvents\d040a9c9-0bfd-4db9-b6f8-17b5843acf3a -> No File <==== ATTENTION
Task: {79A1E239-70EF-4BB7-BA0E-332CA981BE4B} - System32\Tasks\Microsoft\Windows\Windows Defender\Windows Defender Cleanup => C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.2110.6-0\MpCmdRun.exe [901056 2021-11-02] (Microsoft Windows Publisher -> Microsoft Corporation)
Task: {93D579DE-FE95-4CCF-925B-8520B66A1947} - System32\Tasks\Microsoft\Windows\Windows Defender\Windows Defender Scheduled Scan => C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.2110.6-0\MpCmdRun.exe [901056 2021-11-02] (Microsoft Windows Publisher -> Microsoft Corporation)
Task: {A9273BAF-7D29-4FA6-8AD5-DB9A00224729} - System32\Tasks\Microsoft\Office\Office ClickToRun Service Monitor => C:\Program Files\Microsoft Office 15\ClientX64\OfficeC2RClient.exe [972184 2021-03-17] (Microsoft Corporation -> Microsoft Corporation)
Task: {D7E912F0-CD6F-456B-A47A-42DCED783974} - System32\Tasks\AdobeAAMUpdater-1.0-YOGA720-15IKB-bailey => C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe [509936 2018-04-10] (Adobe Systems Incorporated -> Adobe Systems Incorporated)
Task: {D86AA673-AC0D-47E7-ACC6-104447534C96} - \Lenovo\ImController\TimeBasedEvents\37eff6f5-1f0a-44d7-b67e-64146bc110ed -> No File <==== ATTENTION
Task: {DCEBA8D9-EDC4-48AA-97D8-C949C81E62BF} - \Lenovo\ImController\TimeBasedEvents\18be2cdc-ad9c-4df9-9c5c-34438fd4860a -> No File <==== ATTENTION
Task: {E631038B-2CFE-4CA4-9F1F-8732D0DFB9A8} - System32\Tasks\Apple\AppleSoftwareUpdate => C:\Program Files (x86)\Apple Software Update\SoftwareUpdate.exe [616832 2019-09-04] (Apple Inc. -> Apple Inc.)
Task: {EC6B61A4-0F42-49F5-83DA-B1C2D337B005} - System32\Tasks\Microsoft\Office\Office Automatic Updates => C:\Program Files\Microsoft Office 15\ClientX64\OfficeC2RClient.exe [972184 2021-03-17] (Microsoft Corporation -> Microsoft Corporation)
Task: {EE3668F8-BBB2-4DDE-9358-770A17D5080C} - System32\Tasks\Apple Diagnostics => C:\Users\baile\AppData\Local\Microsoft\WindowsApps\eReporter-AppX.exe [0 2021-08-26] () [simlink -> ]

(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

Tcpip\Parameters: [DhcpNameServer] 192.168.1.1
Tcpip\..\Interfaces\{22bdf8f0-d55e-4cab-bdff-f39f79a367ff}: [NameServer] 10.186.0.1
Tcpip\..\Interfaces\{3c4a9f21-8085-4361-98eb-ab3060e81302}: [DhcpNameServer] 192.168.1.1

Edge:
=======
DownloadDir: C:\Users\baile\Downloads
Edge Notifications: HKU\S-1-5-21-260720292-2504253849-2348319339-1001 -> hxxps://gundersenhealthengage.mrcommunities.com
Edge DefaultProfile: Default
Edge Profile: C:\Users\baile\AppData\Local\Microsoft\Edge\User Data\Default [2021-12-04]
Edge HomePage: Default -> hxxp://lenovo17win10.msn.com/?pc=LCTE
Edge StartupUrls: Default -> "hxxps://us.search.yahoo.com/yhs/web?hspart=omr&hsimp=yhs-001&type=88fptxqjxp1acegikmwv4003219&param1=y6bdVFVIsvuYsgEClQfz8Gt8Oby4iBdjLq7%2Fysk4Phe5sV980wpeWqTlm5o9JII7iwwCvodvHVmpLIImL8j7rfbdJPlUwIIjqsZs2SjQQqCJvjS%2FQWY7KMbX%2FIbp9XkODOpZ1gnHRs3GPSypa6phnT6z2I1QoBwvRV%2FZDyyoVAPPPUsCDpVGq%2BpJ8sRZ0c7vOtazvH%2FdN4JThvEz%2B3sI%2BQIXutpSjLkz26%2BjMooTs0HZK%2FprPDR%2FVhBGYy41OTdWRLZ1nxtk9tzcE5AP%2Bso8ZX6rWFU6IgCN2KGbkqMOTzHtLQ6MgRDwf7aT8P66GsUbwrq9Mk7vfQzO8tvlB5sDEg%2F6d6juo%2F7hR5zLtsx3AxbWbHpmwcF7OSyZyPwkQyZejStlfM1yVRFc9JqPkXOpuA%3D%3D"
Edge Extension: (Honey) - C:\Users\baile\AppData\Local\Microsoft\Edge\User Data\Default\Extensions\amnbcmdbanbkjhnfoeceemmmdiepnbpp [2021-08-29]
Edge Extension: (LastPass: Free Password Manager) - C:\Users\baile\AppData\Local\Microsoft\Edge\User Data\Default\Extensions\bbcinlkgjjkejfdpemiealijmmooekmp [2021-11-26]
Edge Extension: (Grammarly for Microsoft Edge) - C:\Users\baile\AppData\Local\Microsoft\Edge\User Data\Default\Extensions\cnlefmmeadmemmdciolhbnfeacpdfbkd [2021-11-23]
Edge Extension: (Fancy & Cool Text Generator) - C:\Users\baile\AppData\Local\Microsoft\Edge\User Data\Default\Extensions\fafnphaopehepcmfnakggljonnhkofpk [2021-12-04]
Edge Extension: (Rakuten: Get Cash Back For Shopping) - C:\Users\baile\AppData\Local\Microsoft\Edge\User Data\Default\Extensions\gmmlpenookphoknnpfilofakghemolmg [2021-11-23]
Edge Extension: (Malwarebytes Browser Guard) - C:\Users\baile\AppData\Local\Microsoft\Edge\User Data\Default\Extensions\ihcjicgdanjaechkgeegckofjjedodee [2021-11-26]
Edge HKLM-x32\...\Edge\Extension: [ihcjicgdanjaechkgeegckofjjedodee]

FireFox:
========
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\Program Files\Microsoft Office 15\root\Office15\NPSPWRAP.DLL [2017-12-20] (Microsoft Corporation -> Microsoft Corporation)
FF Plugin-x32: @parallelgraphics.com/Cortona -> C:\Program Files (x86)\Common Files\ParallelGraphics\Cortona\npcortona.dll [2019-09-12] (Parallel Graphics Limited -> ParallelGraphics)
FF Plugin HKU\S-1-5-21-260720292-2504253849-2348319339-1001: @rocketlife.com/RocketLife Secure Plug-In Layer;version=1.0.5 -> C:\Users\baile\AppData\Roaming\Visan\plugins\npRLSecurePluginLayer.dll [2011-11-15] (RocketLife -> RocketLife, LLP)
FF Plugin HKU\S-1-5-21-260720292-2504253849-2348319339-1001: SkypeForBusinessPlugin-16.2 -> C:\Users\baile\AppData\Local\Microsoft\SkypeForBusinessPlugin\16.2.0.511\npGatewayNpapi.dll [2019-08-03] (Microsoft Corporation -> Microsoft Corporation)
FF Plugin HKU\S-1-5-21-260720292-2504253849-2348319339-1001: SkypeForBusinessPlugin64-16.2 -> C:\Users\baile\AppData\Local\Microsoft\SkypeForBusinessPlugin\16.2.0.511\npGatewayNpapi-x64.dll [2019-08-03] (Microsoft Corporation -> Microsoft Corporation)

Chrome:
=======
CHR DefaultProfile: Default
CHR Profile: C:\Users\baile\AppData\Local\Google\Chrome\User Data\Default [2021-12-04]
CHR Notifications: Default -> hxxps://typiccor.com; hxxps://www.facebook.com; hxxps://www.youtube.com
CHR HomePage: Default -> file:///C:/Users/Owner/Documents/Medical
CHR StartupUrls: Default -> "hxxp://google.com/"
CHR Extension: (Slides) - C:\Users\baile\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2017-12-30]
CHR Extension: (Docs) - C:\Users\baile\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2017-12-30]
CHR Extension: (Google Drive) - C:\Users\baile\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2020-10-20]
CHR Extension: (YouTube) - C:\Users\baile\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2017-12-30]
CHR Extension: (Honey) - C:\Users\baile\AppData\Local\Google\Chrome\User Data\Default\Extensions\bmnlcjabgnpnenekpadlanbbkooimhnj [2021-11-19]
CHR Extension: (Rakuten: Get Cash Back For Shopping) - C:\Users\baile\AppData\Local\Google\Chrome\User Data\Default\Extensions\chhjbpecpncaggjpdakmflnfcopglcmi [2021-11-18]
CHR Extension: (Netflix) - C:\Users\baile\AppData\Local\Google\Chrome\User Data\Default\Extensions\deceagebecbceejblnlcjooeohmmeldh [2017-12-30]
CHR Extension: (Sheets) - C:\Users\baile\AppData\Local\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2017-12-30]
CHR Extension: (Google Docs Offline) - C:\Users\baile\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2021-11-30]
CHR Extension: (LastPass: Free Password Manager) - C:\Users\baile\AppData\Local\Google\Chrome\User Data\Default\Extensions\hdokiejnpimakedhajhdlcegeplioahd [2021-11-25]
CHR Extension: (Malwarebytes Browser Guard) - C:\Users\baile\AppData\Local\Google\Chrome\User Data\Default\Extensions\ihcjicgdanjaechkgeegckofjjedodee [2021-11-24]
CHR Extension: (Grammarly for Chrome) - C:\Users\baile\AppData\Local\Google\Chrome\User Data\Default\Extensions\kbfnbcaeplbcioakkpcpgfkobkghlhen [2021-11-23]
CHR Extension: (Capital One Shopping: Add to Chrome for Free) - C:\Users\baile\AppData\Local\Google\Chrome\User Data\Default\Extensions\nenlahapcbofgnanklpelkaejcehkggg [2021-11-19]
CHR Extension: (Chrome Web Store Payments) - C:\Users\baile\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2021-01-28]
CHR Extension: (Gmail) - C:\Users\baile\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2020-10-22]
CHR Profile: C:\Users\baile\AppData\Local\Google\Chrome\User Data\Guest Profile [2020-08-15]
CHR Profile: C:\Users\baile\AppData\Local\Google\Chrome\User Data\System Profile [2020-08-15]
CHR HKLM-x32\...\Chrome\Extension: [ihcjicgdanjaechkgeegckofjjedodee]

==================== Services (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R2 AGMService; C:\Program Files (x86)\Common Files\Adobe\AdobeGCClient\AGMService.exe [3833088 2021-09-07] (Adobe Inc. -> Adobe Systems, Incorporated)
R2 AGSService; C:\Program Files (x86)\Common Files\Adobe\AdobeGCClient\AGSService.exe [3603200 2021-09-07] (Adobe Inc. -> Adobe Systems, Incorporated)
R2 Apple Mobile Device Service; C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe [99104 2021-03-16] (Apple Inc. -> Apple Inc.)
S3 BEService; C:\Program Files (x86)\Common Files\BattlEye\BEService.exe [8473200 2019-06-09] (BattlEye Innovations e.K. -> )
R2 ClickToRunSvc; C:\Program Files\Microsoft Office 15\ClientX64\OfficeClickToRun.exe [3052952 2021-03-17] (Microsoft Corporation -> Microsoft Corporation)
R2 Dolby DAX API Service; C:\Program Files\Dolby\Dolby DAX3\API\DAX3API.exe [212784 2017-04-28] (Dolby Laboratories, Inc. -> )
S3 EasyAntiCheat; C:\Program Files (x86)\EasyAntiCheat\EasyAntiCheat.exe [803440 2019-06-09] (EasyAntiCheat Oy -> EasyAntiCheat Ltd)
R2 ExpressVPNService; C:\Program Files (x86)\ExpressVPN\bootstrap\amd64\nssm.exe [437088 2021-01-18] (Express Vpn LLC -> ExpressVPN)
R2 Fitbit Connect; C:\Users\baile\Downloads\FitbitConnectService.exe [1435304 2015-09-11] (Fitbit, Inc. -> Fitbit, Inc.) [File not signed]
R2 HPPrintScanDoctorService; C:\Program Files\HPPrintScanDoctor\HPPrintScanDoctorService.exe [299680 2021-11-01] (HP Inc. -> HP Inc.)
R2 ImControllerService; C:\WINDOWS\Lenovo\ImController\Service\Lenovo.Modern.ImController.exe [81896 2021-08-12] (Lenovo -> Lenovo Group Ltd.)
S3 MBAMService; C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe [7848632 2021-11-07] (Malwarebytes Inc -> Malwarebytes)
S3 WD Backup Drive Helper; C:\WINDOWS\SysWOW64\dllhost.exe /Processid:{4AB831D3-8315-414C-8A7A-303105288D0B} [19256 2020-10-15] (Microsoft Windows -> Microsoft Corporation)
S3 WD Backup Snapshot; C:\WINDOWS\SysWOW64\dllhost.exe /Processid:{302480DF-3AC5-4400-BE7B-DD77AF93B6DD} [19256 2020-10-15] (Microsoft Windows -> Microsoft Corporation)
R3 WdNisSvc; C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.2110.6-0\NisSrv.exe [2872024 2021-11-02] (Microsoft Windows Publisher -> Microsoft Corporation)
R2 WinDefend; C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.2110.6-0\MsMpEng.exe [128376 2021-11-02] (Microsoft Windows Publisher -> Microsoft Corporation)

===================== Drivers (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

S3 aftap0901; C:\WINDOWS\System32\drivers\aftap0901.sys [48624 2018-03-06] (AnchorFree Inc -> The OpenVPN Project)
S3 dg_ssudbus; C:\WINDOWS\system32\DRIVERS\ssudbus2.sys [159864 2021-06-29] (Samsung Electronics Co., Ltd. -> Samsung Electronics Co., Ltd.)
S3 expressvpnsplittunnel; C:\Program Files (x86)\ExpressVPN\splittunnel\expressvpnsplittunnel.sys [37024 2021-01-18] (ExprsVPN LLC -> ExpressVPN)
R3 expressvpnwintun; C:\WINDOWS\System32\drivers\expressvpn-wintun.sys [46824 2021-01-18] (Express VPN International Ltd. -> ExpressVPN)
R2 MBAMChameleon; C:\WINDOWS\System32\Drivers\MbamChameleon.sys [210352 2021-12-01] (Microsoft Windows Hardware Compatibility Publisher -> Malwarebytes)
S0 MbamElam; C:\WINDOWS\System32\DRIVERS\MbamElam.sys [19912 2020-12-27] (Microsoft Windows Early Launch Anti-malware Publisher -> Malwarebytes)
S3 MBAMSwissArmy; C:\WINDOWS\System32\Drivers\mbamswissarmy.sys [248992 2021-11-07] (Malwarebytes Inc -> Malwarebytes)
S3 Netaapl; C:\WINDOWS\System32\drivers\netaapl64.sys [23040 2017-11-27] (Microsoft Windows Hardware Compatibility Publisher -> Apple Inc.)
S3 ssudmdm; C:\WINDOWS\system32\DRIVERS\ssudmdm.sys [167280 2020-11-11] (Samsung Electronics Co., Ltd. -> Samsung Electronics Co., Ltd.)
R3 tap0901; C:\WINDOWS\System32\drivers\tap0901.sys [39040 2018-08-15] (GZ Systems Limited -> The OpenVPN Project)
R3 tapexpressvpn; C:\WINDOWS\System32\drivers\tapexpressvpn.sys [52904 2021-01-18] (ExprsVPN LLC -> The OpenVPN Project)
S3 USBAAPL64; C:\WINDOWS\System32\Drivers\usbaapl64.sys [54784 2017-11-27] (Microsoft Windows Hardware Compatibility Publisher -> Apple, Inc.)
R3 WacHidRouterISD; C:\WINDOWS\system32\DRIVERS\wachidrouter_isd.sys [142424 2017-05-24] (Wacom Technology Corporation -> Wacom Technology, Corp.)
S0 WdBoot; C:\WINDOWS\System32\drivers\wd\WdBoot.sys [48520 2021-11-02] (Microsoft Windows Early Launch Anti-malware Publisher -> Microsoft Corporation)
S3 WDC_SAM; C:\WINDOWS\System32\drivers\wdcsam64.sys [26880 2015-11-12] (WDKTestCert wdclab,130885612892544312 -> Western Digital Technologies, Inc.)
R0 WdFilter; C:\WINDOWS\System32\drivers\wd\WdFilter.sys [435424 2021-11-02] (Microsoft Windows -> Microsoft Corporation)
R3 WdNisDrv; C:\WINDOWS\System32\drivers\wd\WdNisDrv.sys [86240 2021-11-02] (Microsoft Windows -> Microsoft Corporation)

==================== NetSvcs (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

==================== One month (created) (Whitelisted) =========

(If an entry is included in the fixlist, the file/folder will be moved.)

2021-12-04 07:41 - 2021-12-04 07:42 - 000026786 _____ C:\Users\baile\Desktop\FRST.txt
2021-12-04 06:46 - 2021-12-04 06:46 - 000001232 _____ C:\Users\baile\Desktop\report.txt
2021-12-04 05:50 - 2021-12-04 05:50 - 008540344 _____ (Malwarebytes) C:\Users\baile\Desktop\AdwCleaner.exe
2021-12-04 05:23 - 2021-12-04 05:42 - 000028973 _____ C:\Users\baile\Desktop\Fixlog.txt
2021-12-03 03:18 - 2021-12-03 03:18 - 000048251 _____ C:\Users\baile\AppData\LocalLow\wbkF666.tmp
2021-12-03 03:17 - 2021-12-03 03:18 - 000000000 ____D C:\Users\baile\Documents\Stem Cells
2021-12-01 22:23 - 2021-12-01 22:23 - 002270936 _____ (Cermak Technologies, Inc.) C:\Users\baile\Desktop\tsginfo.exe
2021-12-01 22:14 - 2021-12-01 22:14 - 002311680 _____ (Farbar) C:\Users\baile\Desktop\FRST64.exe
2021-12-01 22:12 - 2021-12-01 22:12 - 000064513 _____ C:\Users\baile\Desktop\frst.htm
2021-12-01 21:51 - 2021-12-01 21:55 - 002311680 _____ (Farbar) C:\Users\baile\Downloads\FRST64.exe
2021-12-01 02:08 - 2021-12-01 02:08 - 000210352 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\MbamChameleon.sys
2021-11-30 05:32 - 2021-11-30 05:32 - 000001942 _____ C:\Users\baile\Desktop\PC Health Check.lnk
2021-11-30 05:32 - 2021-11-30 05:32 - 000001352 _____ C:\Users\baile\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\PC Health Check.lnk
2021-11-30 05:32 - 2021-11-30 05:32 - 000000000 ___RD C:\Users\baile\AppData\Local\PCHealthCheck
2021-11-30 05:31 - 2021-11-30 05:31 - 014233600 _____ C:\Users\baile\Downloads\WindowsPCHealthCheckSetup.msi
2021-11-29 17:54 - 2021-11-29 17:54 - 000000000 ____D C:\Users\baile\AppData\Local\LogiBolt
2021-11-29 17:53 - 2021-11-29 17:54 - 000000000 ____D C:\ProgramData\Logishrd
2021-11-29 17:53 - 2021-11-29 17:53 - 000000000 ____D C:\Users\baile\AppData\Roaming\Logishrd
2021-11-29 17:53 - 2021-11-29 17:53 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Logitech
2021-11-29 17:53 - 2021-11-29 17:53 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Logi
2021-11-29 17:53 - 2021-11-29 17:53 - 000000000 ____D C:\Program Files\Logitech
2021-11-29 17:53 - 2021-11-29 17:53 - 000000000 ____D C:\Program Files\Logi
2021-11-28 16:23 - 2021-11-28 16:23 - 000000000 ____D C:\WINDOWS\Panther
2021-11-12 14:59 - 2021-11-12 14:59 - 000272384 _____ C:\WINDOWS\system32\TpmTool.exe
2021-11-12 14:59 - 2021-11-12 14:59 - 000223744 _____ C:\WINDOWS\SysWOW64\TpmTool.exe
2021-11-12 14:59 - 2021-11-12 14:59 - 000060928 _____ C:\WINDOWS\system32\runexehelper.exe
2021-11-12 14:59 - 2021-11-12 14:59 - 000011363 _____ C:\WINDOWS\system32\DrtmAuthTxt.wim
2021-11-12 14:53 - 2021-11-12 14:53 - 000000000 ___HD C:\$WinREAgent
2021-11-07 18:27 - 2021-11-07 18:27 - 000248992 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\mbamswissarmy.sys

==================== One month (modified) ==================

(If an entry is included in the fixlist, the file/folder will be moved.)

2021-12-04 07:41 - 2020-08-05 03:17 - 000000000 ____D C:\FRST
2021-12-04 07:39 - 2017-12-30 22:57 - 000000000 ____D C:\Program Files (x86)\Google
2021-12-04 07:37 - 2020-06-17 16:58 - 000000006 ____H C:\WINDOWS\Tasks\SA.DAT
2021-12-04 07:37 - 2020-06-17 16:53 - 000008192 ___SH C:\DumpStack.log.tmp
2021-12-04 07:37 - 2019-12-07 03:14 - 000000000 ____D C:\WINDOWS\ServiceState
2021-12-04 07:37 - 2019-12-07 03:14 - 000000000 ____D C:\ProgramData\regid.1991-06.com.microsoft
2021-12-04 07:37 - 2019-12-07 03:03 - 001310720 _____ C:\WINDOWS\system32\config\BBI
2021-12-04 07:37 - 2017-11-09 18:26 - 000000000 ____D C:\ProgramData\Lenovo
2021-12-04 07:32 - 2017-12-20 15:47 - 000000000 ____D C:\Users\baile\Documents\Outlook Files
2021-12-04 07:17 - 2020-06-26 02:38 - 000002445 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Edge.lnk
2021-12-04 07:17 - 2020-06-26 02:38 - 000002283 _____ C:\Users\Public\Desktop\Microsoft Edge.lnk
2021-12-04 07:17 - 2019-12-07 03:14 - 000000000 ___HD C:\Program Files\WindowsApps
2021-12-04 07:17 - 2019-12-07 03:14 - 000000000 ____D C:\WINDOWS\AppReadiness
2021-12-04 06:44 - 2020-06-17 16:53 - 000000000 ____D C:\WINDOWS\system32\SleepStudy
2021-12-04 05:54 - 2020-06-17 16:59 - 000840602 _____ C:\WINDOWS\system32\PerfStringBackup.INI
2021-12-04 05:54 - 2019-12-07 03:13 - 000000000 ____D C:\WINDOWS\INF
2021-12-04 05:34 - 2020-08-12 21:25 - 000000000 ____D C:\Users\baile\AppData\LocalLow\Temp
2021-12-04 05:26 - 2019-12-07 03:03 - 000000000 ____D C:\WINDOWS\CbsTemp
2021-12-04 05:24 - 2020-06-17 16:58 - 000000000 ____D C:\WINDOWS\system32\Tasks\TVT
2021-12-04 05:24 - 2020-06-17 16:58 - 000000000 ____D C:\WINDOWS\system32\Tasks\AVG
2021-12-04 05:18 - 2020-06-25 13:50 - 000000000 ____D C:\Program Files (x86)\Lenovo
2021-12-04 05:18 - 2020-06-17 16:58 - 000000000 ____D C:\WINDOWS\system32\Tasks\Lenovo
2021-12-04 05:18 - 2019-12-07 03:14 - 000000000 ___RD C:\WINDOWS\ImmersiveControlPanel
2021-12-04 05:18 - 2017-12-19 21:46 - 000000000 ____D C:\Users\baile\AppData\Local\Lenovo
2021-12-04 03:19 - 2020-06-17 16:58 - 000004164 _____ C:\WINDOWS\system32\Tasks\User_Feed_Synchronization-{B393C7FE-B95B-48A2-8819-C5B1623E23B2}
2021-12-04 02:00 - 2017-12-20 00:53 - 000000000 ____D C:\Users\baile\AppData\Local\Adobe
2021-12-03 21:15 - 2019-10-01 20:08 - 000000000 ___HD C:\Users\Public\Documents\AdobeGCData
2021-12-02 01:34 - 2018-05-05 14:45 - 000000000 ____D C:\Users\baile\Documents\Pam
2021-12-01 22:10 - 2019-01-08 18:57 - 000000000 ____D C:\Users\baile\Documents\House
2021-12-01 21:58 - 2020-08-05 03:18 - 000039246 _____ C:\Users\baile\Downloads\Addition.txt
2021-12-01 21:58 - 2020-08-05 03:17 - 000042236 _____ C:\Users\baile\Downloads\FRST.txt
2021-11-30 16:07 - 2018-02-12 23:29 - 000000000 ____D C:\Users\baile\Documents\Recipies
2021-11-28 20:30 - 2020-01-16 21:03 - 000000000 ____D C:\Users\baile\Documents\2020 Calif Trip
2021-11-28 20:30 - 2018-01-05 00:16 - 000000000 ____D C:\Users\baile\Documents\2 Pam Health Savings Account
2021-11-26 23:41 - 2018-04-10 00:41 - 000000000 ____D C:\Users\baile\Documents\Battle Pirates
2021-11-26 23:01 - 2018-06-21 03:36 - 000000000 ____D C:\Users\baile\AppData\Local\CrashDumps
2021-11-26 23:00 - 2021-10-13 22:31 - 000003882 _____ C:\WINDOWS\system32\Tasks\HPPSDrTelemetryWatch
2021-11-26 22:39 - 2020-12-20 18:18 - 000000000 ____D C:\Users\baile\Documents\Christmas
2021-11-25 21:02 - 2018-01-05 00:17 - 000000000 ____D C:\Users\baile\Documents\Verizon
2021-11-19 13:49 - 2018-06-17 15:34 - 000000000 ____D C:\ProgramData\Packages
2021-11-19 03:34 - 2017-12-20 16:49 - 000000000 ____D C:\Program Files\Microsoft Office 15
2021-11-18 14:01 - 2020-07-13 22:29 - 000002267 _____ C:\Users\Public\Desktop\Google Chrome.lnk
2021-11-18 14:01 - 2017-12-30 22:58 - 000002308 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk
2021-11-17 23:50 - 2020-06-17 16:58 - 000003376 _____ C:\WINDOWS\system32\Tasks\OneDrive Standalone Update Task-S-1-5-21-260720292-2504253849-2348319339-1001
2021-11-17 23:50 - 2020-06-17 16:31 - 000002386 _____ C:\Users\baile\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\OneDrive.lnk
2021-11-17 16:36 - 2018-05-27 12:01 - 000000000 ____D C:\Users\baile\Documents\DNR Licenses
2021-11-17 16:11 - 2020-06-26 02:38 - 000003480 _____ C:\WINDOWS\system32\Tasks\MicrosoftEdgeUpdateTaskMachineUA
2021-11-17 16:11 - 2020-06-26 02:38 - 000003356 _____ C:\WINDOWS\system32\Tasks\MicrosoftEdgeUpdateTaskMachineCore
2021-11-13 00:27 - 2020-06-17 16:53 - 000442704 _____ C:\WINDOWS\system32\FNTCACHE.DAT
2021-11-13 00:26 - 2019-12-07 03:14 - 000000000 ___SD C:\WINDOWS\system32\DiagSvcs
2021-11-13 00:26 - 2019-12-07 03:14 - 000000000 ____D C:\WINDOWS\SysWOW64\setup
2021-11-13 00:26 - 2019-12-07 03:14 - 000000000 ____D C:\WINDOWS\SysWOW64\Dism
2021-11-13 00:26 - 2019-12-07 03:14 - 000000000 ____D C:\WINDOWS\SystemResources
2021-11-13 00:26 - 2019-12-07 03:14 - 000000000 ____D C:\WINDOWS\system32\setup
2021-11-13 00:26 - 2019-12-07 03:14 - 000000000 ____D C:\WINDOWS\system32\oobe
2021-11-13 00:26 - 2019-12-07 03:14 - 000000000 ____D C:\WINDOWS\system32\Dism
2021-11-13 00:26 - 2019-12-07 03:14 - 000000000 ____D C:\WINDOWS\ShellExperiences
2021-11-13 00:26 - 2019-12-07 03:14 - 000000000 ____D C:\WINDOWS\bcastdvr
2021-11-13 00:26 - 2019-12-07 03:03 - 000000000 ____D C:\WINDOWS\servicing
2021-11-11 14:32 - 2017-12-20 01:27 - 000000000 ____D C:\WINDOWS\system32\MRT
2021-11-11 14:30 - 2017-12-20 01:26 - 141529560 ____C (Microsoft Corporation) C:\WINDOWS\system32\MRT.exe
2021-11-09 12:59 - 2017-12-19 21:12 - 000000000 ____D C:\Users\baile\AppData\Local\Packages
2021-11-07 22:57 - 2018-10-20 15:40 - 000000000 ____D C:\Users\baile\Documents\Margie
2021-11-07 11:50 - 2018-03-31 18:25 - 000000000 ____D C:\Users\baile\Documents\Margie Birthday
2021-11-05 12:06 - 2017-12-19 19:38 - 000000000 ____D C:\Users\baile\AppData\Local\Comms

==================== Files in the root of some directories ========

2018-09-25 22:03 - 2018-09-25 22:03 - 000000000 _____ () C:\Users\baile\AppData\Local\oobelibMkey.log
2019-08-09 16:03 - 2019-08-09 16:03 - 000000017 _____ () C:\Users\baile\AppData\Local\resmon.resmoncfg

==================== SigCheck ============================

(There is no automatic fix for files that do not pass verification.)

==================== End of FRST.txt ========================
 
#16 ·
Additional scan result of Farbar Recovery Scan Tool (x64) Version: 01-12-2021
Ran by bailey (04-12-2021 07:42:42)
Running from C:\Users\baile\Desktop
Microsoft Windows 10 Home Version 20H2 19042.1348 (X64) (2020-06-17 22:58:59)
Boot Mode: Normal
==========================================================

==================== Accounts: =============================

(If an entry is included in the fixlist, it will be removed.)

Administrator (S-1-5-21-260720292-2504253849-2348319339-500 - Administrator - Disabled)
Baile (S-1-5-21-260720292-2504253849-2348319339-1002 - Limited - Disabled)
bailey (S-1-5-21-260720292-2504253849-2348319339-1001 - Administrator - Enabled) => C:\Users\baile
DefaultAccount (S-1-5-21-260720292-2504253849-2348319339-503 - Limited - Disabled)
Guest (S-1-5-21-260720292-2504253849-2348319339-501 - Limited - Disabled)
supportaccount (S-1-5-21-260720292-2504253849-2348319339-1003 - Administrator - Enabled) => C:\Users\supportaccount
WDAGUtilityAccount (S-1-5-21-260720292-2504253849-2348319339-504 - Limited - Disabled)

==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AV: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AV: Malwarebytes (Enabled - Up to date) {23007AD3-69FE-687C-2629-D584AFFAF72B}
AS: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

==================== Installed Programs ======================

(Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

Adobe Genuine Service (HKLM-x32\...\AdobeGenuineService) (Version: - Adobe)
Amazon Games (HKU\S-1-5-21-260720292-2504253849-2348319339-1001\...\{4DD10B06-78A4-4E6F-AA39-25E9C38FA568}) (Version: 2.1.5699.1 - Amazon.com Services, Inc.)
Amazon Photos (HKU\S-1-5-21-260720292-2504253849-2348319339-1001\...\Amazon Photos) (Version: 6.5.0 - Amazon.com, Inc.)
Apple Application Support (32-bit) (HKLM-x32\...\{C3A282C9-4C8B-4A63-B449-3A064FB378D7}) (Version: 8.2 - Apple Inc.)
Apple Application Support (64-bit) (HKLM\...\{CC046FB9-E84E-4092-B924-DBE33DA2BE75}) (Version: 8.2 - Apple Inc.)
Apple Mobile Device Support (HKLM\...\{74CC99EB-7DC0-4CB0-847A-F8C2FE39690C}) (Version: 14.5.0.7 - Apple Inc.)
Apple Software Update (HKLM-x32\...\{A3985C05-7386-411F-A4BF-32A73F37EB44}) (Version: 2.6.3.1 - Apple Inc.)
Bonjour (HKLM\...\{56DDDFB8-7F79-4480-89D5-25E1F52AB28F}) (Version: 3.1.0.1 - Apple Inc.)
Cortona3D Viewer (HKLM\...\{71C24FD8-9FA4-4727-B1CB-E22B1E6D8403}) (Version: 8.6.212 - ParallelGraphics)
Dolby Atmos Windows API SDK (HKLM\...\{1F4A261B-588C-4A43-B1F0-49365AC430C7}) (Version: 1.1.3.23 - Dolby Laboratories, Inc.)
Dolby Atmos Windows APP (HKLM\...\{3CCE82BF-69CF-4172-8AFE-1DACB991A62B}) (Version: 1.1.3.21 - Dolby Laboratories, Inc.)
Epic Games Launcher Prerequisites (x64) (HKLM\...\{F9C5C994-F6B9-4D75-B3E7-AD01B84073E9}) (Version: 1.0.0.0 - Epic Games, Inc.) Hidden
ExpressVPN (HKLM-x32\...\{57e033a5-c75e-4823-83af-c1b6b3b759ab}) (Version: 10.0.9.2 - ExpressVPN)
ExpressVPN (HKLM-x32\...\{E5B9C3E5-889C-4F22-A959-F4B876CD0833}) (Version: 10.0.9.2 - ExpressVPN) Hidden
Fitbit Connect (HKLM-x32\...\{F76678F2-2FF6-40D7-9B16-A39B0A820ED2}) (Version: 1.0.3.5512 - Fitbit Inc.)
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 96.0.4664.45 - Google LLC)
Grammarly (HKU\S-1-5-21-260720292-2504253849-2348319339-1001\...\GrammarlyForWindows) (Version: 1.5.45 - Grammarly)
Grammarly for Microsoft® Office Suite (HKLM\...\{DE46CC28-5477-4CFB-9AE2-8C7C111E3EE7}) (Version: 6.8.261 - Grammarly) Hidden
Grammarly for Microsoft® Office Suite (HKU\S-1-5-21-260720292-2504253849-2348319339-1001\...\{ee962c45-b827-4262-a720-3a939910ce37}) (Version: 6.8.261 - Grammarly)
I.R.I.S. OCR (HKLM-x32\...\{CA6BCA2F-EDEB-408F-850B-31404BE16A61}) (Version: 12.3.4.0 - HP)
iCloud Outlook (HKLM\...\{969F33A2-7E0F-43FC-8896-6EF0C028CA12}) (Version: 10.9.0.9 - Apple Inc.)
Intel(R) Chipset Device Software (HKLM-x32\...\{bb0592a7-5772-4736-9d55-2402740085db}) (Version: 10.1.1.38 - Intel(R) Corporation) Hidden
Intel(R) Management Engine Components (HKLM\...\{1CEAC85D-2590-4760-800F-8DE5E91F3700}) (Version: 11.6.0.1039 - Intel Corporation)
Intel(R) Processor Graphics (HKLM-x32\...\{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}) (Version: 21.20.16.4627 - Intel Corporation) Hidden
iTunes (HKLM\...\{653C59E1-B78D-4D82-9259-C14DFD9F6EFC}) (Version: 12.11.3.17 - Apple Inc.)
Launcher Prerequisites (x64) (HKLM-x32\...\{43a03b9c-4770-409c-a999-587b60700b63}) (Version: 1.0.0.0 - Epic Games, Inc.) Hidden
Launcher Prerequisites (x64) (HKLM-x32\...\{c6c5a357-c7ca-4a5f-9789-3bb1af579253}) (Version: 1.0.0.0 - Epic Games, Inc.) Hidden
Logi Bolt (HKLM\...\LogiBolt) (Version: 1.01.415.0 - Logi)
Logitech Options (HKLM\...\LogiOptions) (Version: 9.40.86 - Logitech)
Luminar 4 (HKLM\...\Luminar 4) (Version: 4.3.0.7119 - Skylum)
Malwarebytes version 4.4.10.144 (HKLM\...\{35065F43-4BB2-439A-BFF7-0F1014F2E0CD}_is1) (Version: 4.4.10.144 - Malwarebytes)
Microsoft Edge (HKLM-x32\...\Microsoft Edge) (Version: 96.0.1054.43 - Microsoft Corporation)
Microsoft Office Professional 2013 - en-us (HKLM\...\ProfessionalRetail - en-us) (Version: 15.0.5397.1002 - Microsoft Corporation)
Microsoft OneDrive (HKU\S-1-5-21-260720292-2504253849-2348319339-1001\...\OneDriveSetup.exe) (Version: 21.220.1024.0005 - Microsoft Corporation)
Microsoft OneDrive (HKU\S-1-5-21-260720292-2504253849-2348319339-1003\...\OneDriveSetup.exe) (Version: 20.124.0621.0006 - Microsoft Corporation)
Microsoft Update Health Tools (HKLM\...\{29B15818-E79F-4AB0-8938-9410C807AD76}) (Version: 2.84.0.0 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{7299052b-02a4-4627-81f2-1818da5d550d}) (Version: 8.0.56336 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{071c9b48-7c32-4621-a0ac-3f809523288f}) (Version: 8.0.56336 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.61030 (HKLM-x32\...\{ca67548a-5ebe-413a-b50c-4b9ceb6d66c6}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.61030 (HKLM-x32\...\{33d1fd90-4274-48a1-9bc1-97e33d9c2d6f}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x64) - 12.0.30501 (HKLM-x32\...\{050d4fc8-5d48-4b8f-8972-47c82c46020f}) (Version: 12.0.30501.0 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x64) - 12.0.40660 (HKLM-x32\...\{ef6b00ec-13e1-4c25-9064-b2f383cb8412}) (Version: 12.0.40660.0 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.30501 (HKLM-x32\...\{f65db027-aff3-4070-886a-0d87064aabb1}) (Version: 12.0.30501.0 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.40660 (HKLM-x32\...\{61087a79-ac85-455c-934d-1fa22cc64f36}) (Version: 12.0.40660.0 - Microsoft Corporation)
Microsoft Visual C++ 2015-2019 Redistributable (x64) - 14.23.27820 (HKLM-x32\...\{852adda4-4c78-4a38-b583-c0b360a329d6}) (Version: 14.23.27820.0 - Microsoft Corporation)
Microsoft Visual C++ 2017 Redistributable (x86) - 14.15.26706 (HKLM-x32\...\{7e9fae12-5bbf-47fb-b944-09c49e75c061}) (Version: 14.15.26706.0 - Microsoft Corporation)
Office 15 Click-to-Run Extensibility Component (HKLM-x32\...\{90150000-008C-0000-0000-0000000FF1CE}) (Version: 15.0.5397.1002 - Microsoft Corporation) Hidden
Office 15 Click-to-Run Licensing Component (HKLM\...\{90150000-008F-0000-1000-0000000FF1CE}) (Version: 15.0.5397.1002 - Microsoft Corporation) Hidden
Office 15 Click-to-Run Localization Component (HKLM-x32\...\{90150000-008C-0409-0000-0000000FF1CE}) (Version: 15.0.5397.1002 - Microsoft Corporation) Hidden
OverDrive for Windows (HKLM-x32\...\{FF27E73D-C30A-4F32-B2D7-22069F01DDB9}) (Version: 3.6.0 - OverDrive, Inc.)
Polarr (HKU\S-1-5-21-260720292-2504253849-2348319339-1001\...\Polarr) (Version: 1.0.0 - Polarr, Inc.)
Polarr (HKU\S-1-5-21-260720292-2504253849-2348319339-1003\...\Polarr) (Version: 1.0.0 - Polarr, Inc.)
Skype Meetings App (HKLM-x32\...\{BC1D9E47-8927-4AA1-A891-7763BC2475B7}) (Version: 16.2.0.511 - Microsoft Corporation)
Steam (HKLM-x32\...\Steam) (Version: 2.10.91.91 - Valve Corporation)
Update for Windows 10 for x64-based Systems (KB4023057) (HKLM\...\{16AD6161-2E47-4BF1-AA77-0946EFE93E08}) (Version: 2.61.0.0 - Microsoft Corporation)
Vulkan Run Time Libraries 1.0.33.0 (HKLM\...\VulkanRT1.0.33.0) (Version: 1.0.33.0 - LunarG, Inc.)
Vulkan Run Time Libraries 1.0.42.0 (HKLM\...\VulkanRT1.0.42.0) (Version: 1.0.42.0 - LunarG, Inc.) Hidden
Vulkan Run Time Libraries 1.0.42.0 (HKLM\...\VulkanRT1.0.42.0-2) (Version: 1.0.42.0 - LunarG, Inc.) Hidden
Vulkan Run Time Libraries 1.0.42.0 (HKLM\...\VulkanRT1.0.42.0-3) (Version: 1.0.42.0 - LunarG, Inc.) Hidden
Vulkan Run Time Libraries 1.0.42.0 (HKLM\...\VulkanRT1.0.42.0-4) (Version: 1.0.42.0 - LunarG, Inc.) Hidden
Vulkan Run Time Libraries 1.0.42.0 (HKLM\...\VulkanRT1.0.42.0-5) (Version: 1.0.42.0 - LunarG, Inc.)
Wacom Pen (HKLM\...\ISD Tablet Driver) (Version: 7.3.4-38 - Wacom Technology Corp.)
Wacom Tablet (HKLM\...\Wacom Tablet Driver) (Version: 6.3.29-6 - Wacom Technology Corp.)
WD Backup (HKLM-x32\...\{09C422A7-0421-40A5-933A-9177BEDF9B3B}) (Version: 1.9.6598.18388 - Western Digital Technologies, Inc) Hidden
WD Backup (HKLM-x32\...\{61ccf853-a113-4862-9d4a-6dd2b869c9db}) (Version: 1.9.6598.18388 - Western Digital Technologies, Inc.)
Windows 10 Update Assistant (HKLM-x32\...\{D5C69738-B486-402E-85AC-2456D98A64E4}) (Version: 1.4.9200.22589 - Microsoft Corporation)
Windows PC Health Check (HKLM\...\{014B7442-C784-45D3-A152-F7D2C651F28A}) (Version: 3.3.2110.22002 - Microsoft Corporation)
Windows PC Health Check (HKLM\...\{B1E7D0FD-7CFE-4E0C-A5DA-0F676499DB91}) (Version: 3.2.2110.14001 - Microsoft Corporation)
Zoom (HKU\S-1-5-21-260720292-2504253849-2348319339-1001\...\ZoomUMX) (Version: 5.4.3 (58891.1115) - Zoom Video Communications, Inc.)

Packages:
=========
Autodesk SketchBook -> C:\Program Files\WindowsApps\89006A2E.AutodeskSketchBook_5.1.0.0_x64__tf1gferkr813w [2020-09-27] (Autodesk Inc.)
Bamboo Paper -> C:\Program Files\WindowsApps\D91E29CF.BambooPaper_2.0.23.0_x64__38kynpdw5g1aw [2021-11-18] (Wacom Europe GmbH)
Facebook -> C:\Program Files\WindowsApps\FACEBOOK.FACEBOOK_2021.927.1.0_neutral__8xx8rvfyw5nnt [2021-10-01] (Facebook Inc)
Fitbit -> C:\Program Files\WindowsApps\Fitbit.Fitbit_2.44.1997.0_x64__6mqt6hf9g46tw [2020-09-27] (Fitbit)
HP Smart -> C:\Program Files\WindowsApps\AD2F1837.HPPrinterControl_132.4.265.0_x64__v10z8vjag6ke6 [2021-12-02] (HP Inc.)
iCloud -> C:\Program Files\WindowsApps\AppleInc.iCloud_12.5.74.0_x86__nzyj5cx40ttqa [2021-08-26] (Apple Inc.) [Startup Task]
Instagram -> C:\Program Files\WindowsApps\Facebook.InstagramBeta_42.0.19.0_neutral__8xx8rvfyw5nnt [2021-11-04] (Instagram)
Journalist -> C:\Program Files\WindowsApps\49752MichaelS.Scherotter.Journalist_1.1.631.0_x64__9eg5g21zq32qm [2021-07-27] (Michael S. Scherotter)
LastPass: Free Password Manager -> C:\Program Files\WindowsApps\LastPass.LastPassFreePasswordManager_4.69.0.0_neutral__qq0fmhteeht3j [2021-04-15] (LastPass)
Lenovo Account Portal -> C:\Program Files\WindowsApps\LenovoCorporation.LenovoID_2.0.37.0_x86__4642shxvsv8s2 [2020-09-27] (LENOVO INCORPORATED.)
Lenovo Vantage -> C:\Program Files\WindowsApps\E046963F.LenovoCompanion_10.2110.17.0_x64__k1h2ywk1493x8 [2021-11-18] (LENOVO INC.)
Libby, by OverDrive -> C:\Program Files\WindowsApps\2FA138F6.LibbybyOverDrive_1.4.2.0_x64__daecb9042jmvt [2020-09-27] (OverDrive Inc.)
Messenger -> C:\Program Files\WindowsApps\FACEBOOK.317180B0BB486_1300.7.115.0_x64__8xx8rvfyw5nnt [2021-11-10] (Facebook Inc) [Startup Task]
Microsoft Advertising SDK for XAML -> C:\Program Files\WindowsApps\Microsoft.Advertising.Xaml_10.1811.1.0_x64__8wekyb3d8bbwe [2020-09-27] (Microsoft Corporation) [MS Ad]
Microsoft Advertising SDK for XAML -> C:\Program Files\WindowsApps\Microsoft.Advertising.Xaml_10.1811.1.0_x86__8wekyb3d8bbwe [2020-09-27] (Microsoft Corporation) [MS Ad]
Microsoft Solitaire Collection -> C:\Program Files\WindowsApps\Microsoft.MicrosoftSolitaireCollection_4.10.10270.0_x64__8wekyb3d8bbwe [2021-10-31] (Microsoft Studios) [MS Ad]
Microsoft Whiteboard -> C:\Program Files\WindowsApps\Microsoft.Whiteboard_51.10913.5796.0_x64__8wekyb3d8bbwe [2021-12-01] (Microsoft Corporation)
Netflix -> C:\Program Files\WindowsApps\4DF9E0F8.Netflix_6.97.752.0_x64__mcm4njqhnhss8 [2021-04-15] (Netflix, Inc.)
OverDrive - Library eBooks & Audiobooks -> C:\Program Files\WindowsApps\2FA138F6.OverDriveMediaConsole_3.8.0.5_neutral__daecb9042jmvt [2020-09-27] (OverDrive Inc.)
Pandora -> C:\Program Files\WindowsApps\PandoraMediaInc.29680B314EFC2_15.0.3.0_x64__n619g4d5j0fnw [2020-09-27] (Pandora Media Inc) [Startup Task]
Photos Add-on -> C:\Program Files\WindowsApps\Microsoft.Windows.Photos.DLC.Main_2021.39122.10110.0_x64__8wekyb3d8bbwe [2021-04-15] (Microsoft Corporation)
Photos Media Engine Add-on -> C:\Program Files\WindowsApps\Microsoft.Photos.MediaEngineDLC_1.0.0.0_x64__8wekyb3d8bbwe [2020-09-27] (Microsoft Corporation)
Spotify Music -> C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.173.517.0_x86__zpdnekdrzrea0 [2021-11-26] (Spotify AB) [Startup Task]

==================== Custom CLSID (Whitelisted): ==============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

CustomCLSID: HKU\S-1-5-21-260720292-2504253849-2348319339-1001_Classes\CLSID\{018D5C66-4533-4307-9B53-224DE2ED1FE6} -> [OneDrive - Personal] => {a52bba46-e9e1-435f-b3d9-28daa648c0f6}
CustomCLSID: HKU\S-1-5-21-260720292-2504253849-2348319339-1001_Classes\CLSID\{2AD206F1-152C-4F9D-A24E-6F93FE7A4AFC}\InprocServer32 -> C:\Users\baile\AppData\Local\Grammarly\Grammarly for Microsoft Office Suite\6.8.261\D457D793AD\GrammarlyShim64.dll (Grammarly, Inc. -> CompanyName)
CustomCLSID: HKU\S-1-5-21-260720292-2504253849-2348319339-1001_Classes\CLSID\{3E3AD4BD-346A-460A-80E8-90699B75C00B}\InprocServer32 -> C:\Users\baile\AppData\Local\Microsoft\SkypeForBusinessPlugin\16.2.0.511\GatewayActiveX-x64.dll (Microsoft Corporation -> Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-260720292-2504253849-2348319339-1001_Classes\CLSID\{4BE56754-B616-4998-B825-D16983AEE1B2}\InprocServer32 -> C:\Users\baile\AppData\Local\Grammarly\Grammarly for Microsoft Office Suite\6.8.261\D457D793AD\Grammarly.AddIn.Connect.ActiveX.dll (Grammarly, Inc. -> Grammarly)
ContextMenuHandlers3: [MBAMShlExt] -> {57CE581A-0CB6-4266-9CA0-19364C90A0B3} => C:\Program Files\Malwarebytes\Anti-Malware\mbshlext.dll [2020-08-03] (Malwarebytes Corporation -> Malwarebytes)
ContextMenuHandlers5: [igfxDTCM] -> {9B5F5829-A529-4B12-814A-E81BCB8D93FC} => C:\WINDOWS\System32\DriverStore\FileRepository\igdlh64.inf_amd64_3d757484a892eacf\igfxDTCM.dll [2017-09-18] (Microsoft Windows Hardware Compatibility Publisher -> Intel Corporation)
ContextMenuHandlers6: [MBAMShlExt] -> {57CE581A-0CB6-4266-9CA0-19364C90A0B3} => C:\Program Files\Malwarebytes\Anti-Malware\mbshlext.dll [2020-08-03] (Malwarebytes Corporation -> Malwarebytes)

==================== Codecs (Whitelisted) ====================

==================== Shortcuts & WMI ========================

(The entries could be listed to be restored or removed.)

ShortcutWithArgument: C:\Users\baile\Desktop\Hulu.lnk -> C:\Program Files (x86)\Google\Chrome\Application\chrome_proxy.exe (Google LLC) -> --profile-directory=Default --app-id=epffkfffophpagfbbklffindaiconkmc
ShortcutWithArgument: C:\Users\baile\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Hulu.lnk -> C:\Program Files (x86)\Google\Chrome\Application\chrome_proxy.exe (Google LLC) -> --profile-directory=Default --app-id=epffkfffophpagfbbklffindaiconkmc

==================== Loaded Modules (Whitelisted) =============

2015-09-11 14:17 - 2015-09-11 14:17 - 001374208 ____R (The OpenSSL Project, hxxp://www.openssl.org/) [File not signed] C:\Users\baile\Downloads\LIBEAY32.dll

==================== Alternate Data Streams (Whitelisted) ========

==================== Safe Mode (Whitelisted) ==================

(If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)

HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MBAMService => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\MBAMService => ""="Service"

==================== Association (Whitelisted) =================

==================== Internet Explorer (Whitelisted) ==========

HKU\S-1-5-21-260720292-2504253849-2348319339-1001\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://lenovo17win10.msn.com/?pc=LCTE
HKU\S-1-5-21-260720292-2504253849-2348319339-1001\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://lenovo17win10.msn.com/?pc=LCTE
HKU\S-1-5-21-260720292-2504253849-2348319339-1001\Software\Microsoft\Internet Explorer\Main,Secondary Start Pages = hxxp://mystart.lenovo.com/
SearchScopes: HKLM -> DefaultScope {D4DBA3E0-BA8B-43C2-9BDB-2CD84DB0CF9F} URL = hxxp://www.bing.com/search?q={searchTerms}&form=PRLNC1&src=IE11TR&pc=LCTE
SearchScopes: HKLM -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
SearchScopes: HKLM -> {D4DBA3E0-BA8B-43C2-9BDB-2CD84DB0CF9F} URL = hxxp://www.bing.com/search?q={searchTerms}&form=PRLNC1&src=IE11TR&pc=LCTE
SearchScopes: HKLM-x32 -> DefaultScope {D4DBA3E0-BA8B-43C2-9BDB-2CD84DB0CF9F} URL = hxxp://www.bing.com/search?q={searchTerms}&form=PRLNC1&src=IE11TR&pc=LCTE
SearchScopes: HKLM-x32 -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
SearchScopes: HKLM-x32 -> {D4DBA3E0-BA8B-43C2-9BDB-2CD84DB0CF9F} URL = hxxp://www.bing.com/search?q={searchTerms}&form=PRLNC1&src=IE11TR&pc=LCTE
SearchScopes: HKU\S-1-5-21-260720292-2504253849-2348319339-1001 -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxp://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IESR02
BHO: Skype for Business Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX64\Microsoft Office\Office15\OCHelper.dll [2021-03-17] (Microsoft Corporation -> Microsoft Corporation)
BHO: Microsoft SkyDrive Pro Browser Helper -> {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} -> C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX64\Microsoft Office\Office15\GROOVEEX.DLL [2021-10-19] (Microsoft Corporation -> Microsoft Corporation)
Handler-x32: osf - {D924BDC6-C83A-4BD5-90D0-095128A113D1} - C:\Program Files\Microsoft Office 15\root\Office15\MSOSB.DLL [2017-12-20] (Microsoft Corporation -> Microsoft Corporation)

==================== Hosts content: =========================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2017-03-18 15:03 - 2019-07-11 01:06 - 000000830 _____ C:\WINDOWS\system32\drivers\etc\hosts

2018-08-20 13:44 - 2021-04-03 23:13 - 000000443 _____ C:\WINDOWS\system32\drivers\etc\hosts.ics

==================== Other Areas ===========================

(Currently there is no automatic fix for this section.)

HKU\S-1-5-21-260720292-2504253849-2348319339-1001\Control Panel\Desktop\\Wallpaper -> c:\users\baile\pictures\saved pictures\1 my kids and family\brady and ricki\2_devils lake j (8).jpg
HKU\S-1-5-21-260720292-2504253849-2348319339-1003\Control Panel\Desktop\\Wallpaper -> C:\WINDOWS\web\wallpaper\Windows\img0.jpg
DNS Servers: 192.168.1.1
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1)
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer => (SmartScreenEnabled: )
Windows Firewall is enabled.

==================== MSCONFIG/TASK MANAGER disabled items ==

(If an entry is included in the fixlist, it will be removed.)

MSCONFIG\Services: EasyAntiCheat => 3
MSCONFIG\Services: WTabletServiceISD => 2
MSCONFIG\Services: WTabletServicePro => 2
HKLM\...\StartupApproved\Run: => "Logitech Download Assistant"
HKLM\...\StartupApproved\Run: => "iTunesHelper"
HKLM\...\StartupApproved\Run32: => "Adobe Creative Cloud"
HKLM\...\StartupApproved\Run32: => "Fitbit Connect"
HKLM\...\StartupApproved\Run32: => "Polarr"
HKU\S-1-5-21-260720292-2504253849-2348319339-1001\...\StartupApproved\StartupFolder: => "Facebook Gameroom.lnk"
HKU\S-1-5-21-260720292-2504253849-2348319339-1001\...\StartupApproved\Run: => "OneDrive"
HKU\S-1-5-21-260720292-2504253849-2348319339-1001\...\StartupApproved\Run: => "iCloudServices"
HKU\S-1-5-21-260720292-2504253849-2348319339-1001\...\StartupApproved\Run: => "iCloudDrive"
HKU\S-1-5-21-260720292-2504253849-2348319339-1001\...\StartupApproved\Run: => "Fitbit Connect"
HKU\S-1-5-21-260720292-2504253849-2348319339-1001\...\StartupApproved\Run: => "Steam"
HKU\S-1-5-21-260720292-2504253849-2348319339-1001\...\StartupApproved\Run: => "EpicGamesLauncher"

==================== FirewallRules (Whitelisted) ================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

FirewallRules: [UDP Query User{FB915863-E8D0-430A-BAF4-DFE4634B338A}C:\users\baile\appdata\local\microsoft\skypeforbusinessplugin\16.2.0.511\pluginhost.exe] => (Allow) C:\users\baile\appdata\local\microsoft\skypeforbusinessplugin\16.2.0.511\pluginhost.exe (Microsoft Corporation -> Microsoft Corporation)
FirewallRules: [TCP Query User{131D7F90-ACA0-4069-96D0-1F3A00E14292}C:\users\baile\appdata\local\microsoft\skypeforbusinessplugin\16.2.0.511\pluginhost.exe] => (Allow) C:\users\baile\appdata\local\microsoft\skypeforbusinessplugin\16.2.0.511\pluginhost.exe (Microsoft Corporation -> Microsoft Corporation)
FirewallRules: [{F110E177-1997-42B6-AB07-24234331214B}] => (Allow) C:\Program Files\Microsoft Office 15\root\Office15\outlook.exe (Microsoft Corporation -> Microsoft Corporation)
FirewallRules: [{BB9E4FCE-C6D4-4D79-A5B5-6596087E3486}] => (Allow) C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc. -> Apple Inc.)
FirewallRules: [{205AC0AE-3A23-4EFF-9D8D-1407C7350A9B}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe (Apple Inc. -> Apple Inc.)
FirewallRules: [{0FD7C4B0-A458-45A0-A28F-74DD83578761}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe (Apple Inc. -> Apple Inc.)
FirewallRules: [{6733E1F9-EA29-4E45-9CFA-FD25A297EAB6}] => (Allow) C:\Program Files (x86)\Bonjour\mDNSResponder.exe (Apple Inc. -> Apple Inc.)
FirewallRules: [{DB029122-856A-4900-896E-B5F828836049}] => (Allow) C:\Program Files (x86)\Bonjour\mDNSResponder.exe (Apple Inc. -> Apple Inc.)
FirewallRules: [{E54CB9F1-20C0-41D4-8AFC-40C587F5A399}] => (Allow) C:\Users\baile\New folder\Steam.exe (Valve -> Valve Corporation)
FirewallRules: [{AB9F7C8B-357B-4AA5-8551-8FC526F6C262}] => (Allow) C:\Users\baile\New folder\Steam.exe (Valve -> Valve Corporation)
FirewallRules: [{CCCC2654-EEB2-49C0-9DE2-FA07E08758E9}] => (Allow) C:\Users\baile\New folder\steamapps\common\Rebel Forces\RebelForces.exe () [File not signed]
FirewallRules: [{1C84C52E-82C6-4AC8-8B61-CFEEDFDD7ECA}] => (Allow) C:\Users\baile\New folder\steamapps\common\Rebel Forces\RebelForces.exe () [File not signed]
FirewallRules: [{6BF03055-F70E-4244-BA2F-FDDEDF019799}] => (Allow) C:\Users\baile\AppData\Roaming\Zoom\bin\Zoom.exe (Zoom Video Communications, Inc. -> Zoom Video Communications, Inc.)
FirewallRules: [{7BCF03C9-86FC-4BFF-B88D-B2A4FDD51DE7}] => (Allow) C:\Users\baile\AppData\Roaming\Zoom\bin\airhost.exe => No File
FirewallRules: [{4765E7B2-E045-474A-99DF-C6F971C7A6CC}] => (Allow) C:\Users\baile\New folder\bin\cef\cef.win7x64\steamwebhelper.exe (Valve -> Valve Corporation)
FirewallRules: [{E063C019-70C6-42D0-BE28-D7378F0FB7B2}] => (Allow) C:\Users\baile\New folder\bin\cef\cef.win7x64\steamwebhelper.exe (Valve -> Valve Corporation)
FirewallRules: [{5A2E9522-BC99-433F-AE07-12284CC5496A}] => (Allow) C:\Users\baile\Downloads\iTunes.exe (Apple Inc. -> Apple Inc.)
FirewallRules: [{3C50D189-BE36-4E84-9B49-16F1565345D5}] => (Allow) C:\Users\baile\AppData\Local\Temp\7zS7CE5\HPDiagnosticCoreUI.exe => No File
FirewallRules: [{3D1EF359-1690-41E9-9DA7-380660E6D699}] => (Allow) C:\Users\baile\AppData\Local\Temp\7zS7CE5\HPDiagnosticCoreUI.exe => No File
FirewallRules: [{E24BEBF0-7961-4468-8B36-B43B30E892DA}] => (Allow) C:\Program Files\WindowsApps\Microsoft.SkypeApp_15.78.159.0_x86__kzf8qxf38zg5c\Skype\Skype.exe (Skype Software Sarl -> Skype Technologies S.A.)
FirewallRules: [{109682B1-CB8C-4DC1-AA4F-97C5920A01F5}] => (Allow) C:\Program Files\WindowsApps\Microsoft.SkypeApp_15.78.159.0_x86__kzf8qxf38zg5c\Skype\Skype.exe (Skype Software Sarl -> Skype Technologies S.A.)
FirewallRules: [{B01CC7BF-461C-4973-A65D-0DD1B8E89769}] => (Allow) C:\Program Files\WindowsApps\Microsoft.SkypeApp_15.78.159.0_x86__kzf8qxf38zg5c\Skype\Skype.exe (Skype Software Sarl -> Skype Technologies S.A.)
FirewallRules: [{F9164E6F-39EE-4E35-81D9-067E432681A2}] => (Allow) C:\Program Files\WindowsApps\Microsoft.SkypeApp_15.78.159.0_x86__kzf8qxf38zg5c\Skype\Skype.exe (Skype Software Sarl -> Skype Technologies S.A.)
FirewallRules: [{295D0A1D-BF67-4485-8A2C-696C625C6FD5}] => (Allow) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google LLC -> Google LLC)
FirewallRules: [{C8397B83-63B2-454C-A613-5C9FC72F3C3C}] => (Allow) C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.173.517.0_x86__zpdnekdrzrea0\Spotify.exe (Spotify AB -> Spotify Ltd)
FirewallRules: [{BAD8CBE0-42DE-4048-A44E-75645C494D20}] => (Allow) C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.173.517.0_x86__zpdnekdrzrea0\Spotify.exe (Spotify AB -> Spotify Ltd)
FirewallRules: [{22117095-6DD3-4BCD-A7A5-5B915E0F5875}] => (Allow) C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.173.517.0_x86__zpdnekdrzrea0\Spotify.exe (Spotify AB -> Spotify Ltd)
FirewallRules: [{A904CBDE-DB1A-4FDC-B194-16FE6E6785F0}] => (Allow) C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.173.517.0_x86__zpdnekdrzrea0\Spotify.exe (Spotify AB -> Spotify Ltd)
FirewallRules: [{87186114-5705-4BB8-9F4D-22A0BDE5453E}] => (Allow) C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.173.517.0_x86__zpdnekdrzrea0\Spotify.exe (Spotify AB -> Spotify Ltd)
FirewallRules: [{5031472B-E669-4227-A608-1A0D4EFCBDF0}] => (Allow) C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.173.517.0_x86__zpdnekdrzrea0\Spotify.exe (Spotify AB -> Spotify Ltd)
FirewallRules: [{B247D1C0-8D69-4620-9530-BBE6EC14CA12}] => (Allow) C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.173.517.0_x86__zpdnekdrzrea0\Spotify.exe (Spotify AB -> Spotify Ltd)
FirewallRules: [{AF222F92-229C-422A-A80F-64C3E7F87B52}] => (Allow) C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.173.517.0_x86__zpdnekdrzrea0\Spotify.exe (Spotify AB -> Spotify Ltd)
FirewallRules: [{57382B5D-78B2-4D71-A607-7BC55AB1DC39}] => (Allow) C:\ProgramData\Logishrd\LogiOptions\Software\Current\LogiOptionsMgr.EXE (Logitech Inc -> Logitech, Inc.)

==================== Restore Points =========================

19-11-2021 19:00:20 Scheduled Checkpoint
20-11-2021 02:42:31 AdwCleaner_BeforeCleaning_20/11/2021_02:42:31
28-11-2021 19:30:29 Scheduled Checkpoint
29-11-2021 17:45:27 Windows Modules Installer
30-11-2021 05:32:05 Installed Windows PC Health Check
04-12-2021 04:39:41 AdwCleaner_BeforeCleaning_04/12/2021_04:39:40
04-12-2021 05:23:59 Restore Point Created by FRST
04-12-2021 07:31:09 AdwCleaner_BeforeCleaning_04/12/2021_07:31:07
04-12-2021 07:37:07 AdwCleaner_BeforeCleaning_04/12/2021_07:37:07

==================== Faulty Device Manager Devices ============

==================== Event log errors: ========================

Application errors:
==================
Error: (12/04/2021 06:09:01 AM) (Source: SecurityCenter) (EventID: 16) (User: )
Description: Error while updating status to SECURITY_PRODUCT_STATE_ON.

Error: (12/04/2021 06:08:56 AM) (Source: SecurityCenter) (EventID: 16) (User: )
Description: Error while updating status to SECURITY_PRODUCT_STATE_ON.

Error: (12/04/2021 06:08:51 AM) (Source: SecurityCenter) (EventID: 16) (User: )
Description: Error while updating status to SECURITY_PRODUCT_STATE_ON.

Error: (12/04/2021 06:08:46 AM) (Source: SecurityCenter) (EventID: 16) (User: )
Description: Error while updating status to SECURITY_PRODUCT_STATE_ON.

Error: (12/04/2021 06:08:41 AM) (Source: SecurityCenter) (EventID: 16) (User: )
Description: Error while updating status to SECURITY_PRODUCT_STATE_ON.

Error: (12/04/2021 06:08:36 AM) (Source: SecurityCenter) (EventID: 16) (User: )
Description: Error while updating status to SECURITY_PRODUCT_STATE_ON.

Error: (12/04/2021 06:08:31 AM) (Source: SecurityCenter) (EventID: 16) (User: )
Description: Error while updating status to SECURITY_PRODUCT_STATE_ON.

Error: (12/04/2021 06:08:26 AM) (Source: SecurityCenter) (EventID: 16) (User: )
Description: Error while updating status to SECURITY_PRODUCT_STATE_ON.

System errors:
=============
Error: (12/04/2021 07:37:25 AM) (Source: DCOM) (EventID: 10010) (User: YOGA720-15IKB)
Description: The server {2593F8B9-4EAF-457C-B68A-50F6B8EA6B54} did not register with DCOM within the required timeout.

Error: (12/04/2021 07:37:21 AM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: The System Interface Foundation Service service terminated unexpectedly. It has done this 1 time(s).

Error: (12/04/2021 07:37:21 AM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: The Intel(R) Content Protection HECI Service service terminated unexpectedly. It has done this 1 time(s).

Error: (12/04/2021 07:37:21 AM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: The Dolby DAX API Service service terminated unexpectedly. It has done this 1 time(s).

Error: (12/04/2021 07:37:21 AM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: The Microsoft Office ClickToRun Service service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 0 milliseconds: Restart the service.

Error: (12/04/2021 07:37:21 AM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: The HP Print Scan Doctor Service service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 5000 milliseconds: Restart the service.

Error: (12/04/2021 07:37:21 AM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: The Intel Bluetooth Service service terminated unexpectedly. It has done this 1 time(s).

Error: (12/04/2021 07:37:21 AM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: The Adobe Genuine Monitor Service service terminated unexpectedly. It has done this 1 time(s).

Windows Defender:
================
Date: 2021-12-03 23:17:44
Description:
Microsoft Defender Antivirus scan has been stopped before completion.
Scan Type: Antimalware
Scan Parameters: Quick Scan

Date: 2021-12-02 19:11:17
Description:
Microsoft Defender Antivirus scan has been stopped before completion.
Scan Type: Antimalware
Scan Parameters: Quick Scan

Date: 2021-12-01 20:40:23
Description:
Microsoft Defender Antivirus scan has been stopped before completion.
Scan Type: Antimalware
Scan Parameters: Quick Scan

Date: 2021-11-29 19:05:47
Description:
Microsoft Defender Antivirus scan has been stopped before completion.
Scan Type: Antimalware
Scan Parameters: Quick Scan

Date: 2021-11-29 17:45:15
Description:
Microsoft Defender Antivirus scan has been stopped before completion.
Scan Type: Antimalware
Scan Parameters: Quick Scan
Event[0]:

Date: 2021-11-24 00:44:29
Description:
Microsoft Defender Antivirus Real-Time Protection feature has encountered an error and failed.
Feature: Behavior Monitoring
Error Code: 0x80004005
Error description: Unspecified error
Reason: The filter driver requires an up-to-date engine in order to function. You must install the latest security intelligence updates in order to enable real-time protection.

Date: 2021-11-23 13:26:03
Description:
Microsoft Defender Antivirus Real-Time Protection feature has encountered an error and failed.
Feature: Behavior Monitoring
Error Code: 0x80004005
Error description: Unspecified error
Reason: Antimalware security intelligence has stopped functioning for an unknown reason. In some instances, restarting the service may resolve the problem.

Date: 2021-11-23 13:25:58
Description:
Microsoft Defender Antivirus Real-Time Protection feature has encountered an error and failed.
Feature: Behavior Monitoring
Error Code: 0x80004005
Error description: Unspecified error
Reason: Real-time protection has stopped functioning for an unknown reason. Restart the service in order to recover.

CodeIntegrity:
===============
Date: 2021-05-26 02:58:15
Description:
Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume3\Windows\System32\WindowManagementAPI.dll because the set of per-page image hashes could not be found on the system.

Date: 2020-09-27 21:49:42
Description:
Windows is unable to verify the image integrity of the file \Device\HarddiskVolume3\Windows\System32\drivers\afunix.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

Date: 2020-09-27 21:49:41
Description:
Windows is unable to verify the image integrity of the file \Device\HarddiskVolume3\Windows\System32\drivers\WdiWiFi.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

Date: 2020-09-27 21:49:41
Description:
Windows is unable to verify the image integrity of the file \Device\HarddiskVolume3\Windows\System32\drivers\BTHUSB.SYS because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

Date: 2020-09-06 02:43:43
Description:
Code Integrity determined that a process (\Device\HarddiskVolume3\Program Files (x86)\Microsoft\Edge\Application\msedge.exe) attempted to load \Device\HarddiskVolume3\Program Files\Malwarebytes\Anti-Malware\mbae64.dll that did not meet the Microsoft signing level requirements.

==================== Memory info ===========================

BIOS: LENOVO 4MCN33WW(V2.05) 07/19/2018
Motherboard: LENOVO LNVNB161216
Processor: Intel(R) Core(TM) i7-7700HQ CPU @ 2.80GHz
Percentage of memory in use: 57%
Total physical RAM: 8050.39 MB
Available physical RAM: 3413.62 MB
Total Virtual: 11122.39 MB
Available Virtual: 6391.91 MB

==================== Drives ================================

Drive c: (Windows) (Fixed) (Total:212.23 GB) (Free:66.66 GB) NTFS
Drive d: (LENOVO) (Fixed) (Total:25 GB) (Free:12.17 GB) NTFS

\\?\Volume{f502dc90-57ed-4a7b-a2e2-fa55f122b281}\ (WINRE_DRV) (Fixed) (Total:0.98 GB) (Free:0.47 GB) NTFS
\\?\Volume{d43090cd-ee40-4e84-a945-39394c9839b4}\ (SYSTEM_DRV) (Fixed) (Total:0.25 GB) (Free:0.22 GB) FAT32

==================== MBR & Partition Table ====================

==========================================================
Disk: 0 (Size: 238.5 GB) (Disk ID: A3FF1E49)

Partition: GPT.

==================== End of Addition.txt =======================
 
#17 · (Edited)
Hi, sportsmom.

1. Malwarebytes setting

It seems that you didn't change the Malwarebytes settings as instructed here (see step 4 inside the code). Please do that.

2. Account in question

Do you recognize this account?

supportaccount (S-1-5-21-260720292-2504253849-2348319339-1003 - Administrator - Enabled) => C:\Users\supportaccount

3. Uninstall apps

Click on the Start menu, find the following apps, right click on each one and choose Uninstall.

Lenovo Account Portal
Lenovo Vantage

4. Question about Edge

Do you have the Sync option for Edge enabled? If yes, please turn it off.

Click on the 3 horizontal dots at the top right corner and choose Settings. With the Profiles tab selected, turn the Sync option off.

5. FRST fix

Please do the following to run a FRST fix.

NOTICE: This script was written specifically for this user. Running it on another machine may cause damage to your operating system
  • Please select the entire contents of the code box below, from the "Start::" line to "End::", including both lines. Right-click and select "Copy ". No need to paste anything to anywhere.
Code:
Start::
CreateRestorePoint:
CloseProcesses:
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\UltraVPN.lnk [2019-02-01]
ShortcutTarget: UltraVPN.lnk -> C:\Program Files (x86)\UltraVPN\UltraVPN.exe (No File)
Task: {2DFF51F1-CABB-4908-BA77-B2BAB7347C9C} - System32\Tasks\Lenovo\Lenovo Service Bridge\S-1-5-21-260720292-2504253849-2348319339-1001 => C:\Users\baile\AppData\Local\Programs\Lenovo\Lenovo Service Bridge\LSBUpdater.exe (No File)
Task: {7848135A-8EF5-4AFB-A798-B422DE4CA12A} - \Lenovo\ImController\TimeBasedEvents\d040a9c9-0bfd-4db9-b6f8-17b5843acf3a -> No File <==== ATTENTION
Task: {D86AA673-AC0D-47E7-ACC6-104447534C96} - \Lenovo\ImController\TimeBasedEvents\37eff6f5-1f0a-44d7-b67e-64146bc110ed -> No File <==== ATTENTION
Task: {DCEBA8D9-EDC4-48AA-97D8-C949C81E62BF} - \Lenovo\ImController\TimeBasedEvents\18be2cdc-ad9c-4df9-9c5c-34438fd4860a -> No File <==== ATTENTION
Edge StartupUrls: Default -> "hxxps://us.search.yahoo.com/yhs/web?hspart=omr&hsimp=yhs-001&type=88fptxqjxp1acegikmwv4003219&param1=y6bdVFVIsvuYsgEClQfz8Gt8Oby4iBdjLq7%2Fysk4Phe5sV980wpeWqTlm5o9JII7iwwCvodvHVmpLIImL8j7rfbdJPlUwIIjqsZs2SjQQqCJvjS%2FQWY7KMbX%2FIbp9XkODOpZ1gnHRs3GPSypa6phnT6z2I1QoBwvRV%2FZDyyoVAPPPUsCDpVGq%2BpJ8sRZ0c7vOtazvH%2FdN4JThvEz%2B3sI%2BQIXutpSjLkz26%2BjMooTs0HZK%2FprPDR%2FVhBGYy41OTdWRLZ1nxtk9tzcE5AP%2Bso8ZX6rWFU6IgCN2KGbkqMOTzHtLQ6MgRDwf7aT8P66GsUbwrq9Mk7vfQzO8tvlB5sDEg%2F6d6juo%2F7hR5zLtsx3AxbWbHpmwcF7OSyZyPwkQyZejStlfM1yVRFc9JqPkXOpuA%3D%3D"
R2 ImControllerService; C:\WINDOWS\Lenovo\ImController\Service\Lenovo.Modern.ImController.exe [81896 2021-08-12] (Lenovo -> Lenovo Group Ltd.)
2021-12-04 05:24 - 2020-06-17 16:58 - 000000000 ____D C:\WINDOWS\system32\Tasks\TVT
2021-12-04 05:24 - 2020-06-17 16:58 - 000000000 ____D C:\WINDOWS\system32\Tasks\AVG
2021-12-04 05:18 - 2020-06-25 13:50 - 000000000 ____D C:\Program Files (x86)\Lenovo
2021-12-04 05:18 - 2020-06-17 16:58 - 000000000 ____D C:\WINDOWS\system32\Tasks\Lenovo
2021-12-04 05:18 - 2019-12-07 03:14 - 000000000 ___RD C:\WINDOWS\ImmersiveControlPanel
2021-12-04 05:18 - 2017-12-19 21:46 - 000000000 ____D C:\Users\baile\AppData\Local\Lenovo
FirewallRules: [{7BCF03C9-86FC-4BFF-B88D-B2A4FDD51DE7}] => (Allow) C:\Users\baile\AppData\Roaming\Zoom\bin\airhost.exe => No File
FirewallRules: [{3C50D189-BE36-4E84-9B49-16F1565345D5}] => (Allow) C:\Users\baile\AppData\Local\Temp\7zS7CE5\HPDiagnosticCoreUI.exe => No File
FirewallRules: [{3D1EF359-1690-41E9-9DA7-380660E6D699}] => (Allow) C:\Users\baile\AppData\Local\Temp\7zS7CE5\HPDiagnosticCoreUI.exe => No File
EmptyTemp:
End::
  • Please right-click on FRST64 on your Desktop, to run it as administrator. When the tool opens, click "yes" to the disclaimer.
  • Press the Fix button once and wait.
  • FRST will process fixlist.txt
  • When finished, it will produce a log fixlog.txt on your Desktop.
  • Please post the log in your next reply.

In your next reply, please post:
  1. A reply for all my steps above.
  2. How is the computer running now?
 
#18 ·
Account in question

Do you recognize this account?

supportaccount (S-1-5-21-260720292-2504253849-2348319339-1003 - Administrator - Enabled) => C:\Users\supportaccount
I don't know what this is. My account should be the only account. I should be the administrator
 
#19 ·
Run Malwarebytes (Scan mode)
  • Open Malware you have already installed.
  • Click the little gear on the top right (Settings) and when it opens, click the Security tab and make sure about the following:
    Code:
    Under the title Scan Options, ALL the options are checked.
    Under the title Windows Security Center (Premium only) the option is NOT checked.
    Under the title Potentially unwanted items all options are set to Always.

    That is weird because I did do this, in fact double checked . They were little switches that were all blue, correct. Not boxes to check. Under the title Window Security center is not checked, so it was not blue.

  • I will go back and do it again.
 
#20 ·
Is this how you want it to look? Please see attached pic

Edge Sync option for Edge enabled Must not be. Says to sync sign on.

Lenovo Account Portal
Lenovo Vantage
Are uninstalled. I will wait to hear what to do different on the Malwarebytes before I proceed with # 5. thank you
 

Attachments

#22 ·
Yes, Malwarebytes is set correctly. In your Addition log above, it was shown that Malwarebytes was set to be registered in the Windows Center. This prevents Windows Defender to enable its self.

Please go on to step 5.
 
#23 ·
Fix result of Farbar Recovery Scan Tool (x64) Version: 01-12-2021
Ran by bailey (04-12-2021 10:00:45) Run:8
Running from C:\Users\baile\Desktop
Loaded Profiles: bailey & supportaccount
Boot Mode: Normal
==============================================

fixlist content:
*****************
CreateRestorePoint:
CloseProcesses:
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\UltraVPN.lnk [2019-02-01]
ShortcutTarget: UltraVPN.lnk -> C:\Program Files (x86)\UltraVPN\UltraVPN.exe (No File)
Task: {2DFF51F1-CABB-4908-BA77-B2BAB7347C9C} - System32\Tasks\Lenovo\Lenovo Service Bridge\S-1-5-21-260720292-2504253849-2348319339-1001 => C:\Users\baile\AppData\Local\Programs\Lenovo\Lenovo Service Bridge\LSBUpdater.exe (No File)
Task: {7848135A-8EF5-4AFB-A798-B422DE4CA12A} - \Lenovo\ImController\TimeBasedEvents\d040a9c9-0bfd-4db9-b6f8-17b5843acf3a -> No File <==== ATTENTION
Task: {D86AA673-AC0D-47E7-ACC6-104447534C96} - \Lenovo\ImController\TimeBasedEvents\37eff6f5-1f0a-44d7-b67e-64146bc110ed -> No File <==== ATTENTION
Task: {DCEBA8D9-EDC4-48AA-97D8-C949C81E62BF} - \Lenovo\ImController\TimeBasedEvents\18be2cdc-ad9c-4df9-9c5c-34438fd4860a -> No File <==== ATTENTION
Edge StartupUrls: Default -> "hxxps://us.search.yahoo.com/yhs/web?hspart=omr&hsimp=yhs-001&type=88fptxqjxp1acegikmwv4003219&param1=y6bdVFVIsvuYsgEClQfz8Gt8Oby4iBdjLq7%2Fysk4Phe5sV980wpeWqTlm5o9JII7iwwCvodvHVmpLIImL8j7rfbdJPlUwIIjqsZs2SjQQqCJvjS%2FQWY7KMbX%2FIbp9XkODOpZ1gnHRs3GPSypa6phnT6z2I1QoBwvRV%2FZDyyoVAPPPUsCDpVGq%2BpJ8sRZ0c7vOtazvH%2FdN4JThvEz%2B3sI%2BQIXutpSjLkz26%2BjMooTs0HZK%2FprPDR%2FVhBGYy41OTdWRLZ1nxtk9tzcE5AP%2Bso8ZX6rWFU6IgCN2KGbkqMOTzHtLQ6MgRDwf7aT8P66GsUbwrq9Mk7vfQzO8tvlB5sDEg%2F6d6juo%2F7hR5zLtsx3AxbWbHpmwcF7OSyZyPwkQyZejStlfM1yVRFc9JqPkXOpuA%3D%3D"
R2 ImControllerService; C:\WINDOWS\Lenovo\ImController\Service\Lenovo.Modern.ImController.exe [81896 2021-08-12] (Lenovo -> Lenovo Group Ltd.)
2021-12-04 05:24 - 2020-06-17 16:58 - 000000000 ____D C:\WINDOWS\system32\Tasks\TVT
2021-12-04 05:24 - 2020-06-17 16:58 - 000000000 ____D C:\WINDOWS\system32\Tasks\AVG
2021-12-04 05:18 - 2020-06-25 13:50 - 000000000 ____D C:\Program Files (x86)\Lenovo
2021-12-04 05:18 - 2020-06-17 16:58 - 000000000 ____D C:\WINDOWS\system32\Tasks\Lenovo
2021-12-04 05:18 - 2019-12-07 03:14 - 000000000 ___RD C:\WINDOWS\ImmersiveControlPanel
2021-12-04 05:18 - 2017-12-19 21:46 - 000000000 ____D C:\Users\baile\AppData\Local\Lenovo
FirewallRules: [{7BCF03C9-86FC-4BFF-B88D-B2A4FDD51DE7}] => (Allow) C:\Users\baile\AppData\Roaming\Zoom\bin\airhost.exe => No File
FirewallRules: [{3C50D189-BE36-4E84-9B49-16F1565345D5}] => (Allow) C:\Users\baile\AppData\Local\Temp\7zS7CE5\HPDiagnosticCoreUI.exe => No File
FirewallRules: [{3D1EF359-1690-41E9-9DA7-380660E6D699}] => (Allow) C:\Users\baile\AppData\Local\Temp\7zS7CE5\HPDiagnosticCoreUI.exe => No File
EmptyTemp:

*****************

Restore point was successfully created.
Processes closed successfully.
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\UltraVPN.lnk => moved successfully
"C:\Program Files (x86)\UltraVPN\UltraVPN.exe" => not found
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{2DFF51F1-CABB-4908-BA77-B2BAB7347C9C}" => removed successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{2DFF51F1-CABB-4908-BA77-B2BAB7347C9C}" => removed successfully
C:\WINDOWS\System32\Tasks\Lenovo\Lenovo Service Bridge\S-1-5-21-260720292-2504253849-2348319339-1001 => moved successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Lenovo\Lenovo Service Bridge\S-1-5-21-260720292-2504253849-2348319339-1001" => removed successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{7848135A-8EF5-4AFB-A798-B422DE4CA12A}" => removed successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{7848135A-8EF5-4AFB-A798-B422DE4CA12A}" => removed successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Lenovo\ImController\TimeBasedEvents\d040a9c9-0bfd-4db9-b6f8-17b5843acf3a" => removed successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{D86AA673-AC0D-47E7-ACC6-104447534C96}" => removed successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{D86AA673-AC0D-47E7-ACC6-104447534C96}" => removed successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Lenovo\ImController\TimeBasedEvents\37eff6f5-1f0a-44d7-b67e-64146bc110ed" => removed successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{DCEBA8D9-EDC4-48AA-97D8-C949C81E62BF}" => removed successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{DCEBA8D9-EDC4-48AA-97D8-C949C81E62BF}" => removed successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Lenovo\ImController\TimeBasedEvents\18be2cdc-ad9c-4df9-9c5c-34438fd4860a" => removed successfully
"Edge StartupUrls" => removed successfully
HKLM\System\CurrentControlSet\Services\ImControllerService => removed successfully
ImControllerService => service removed successfully
C:\WINDOWS\system32\Tasks\TVT => moved successfully
C:\WINDOWS\system32\Tasks\AVG => moved successfully
C:\Program Files (x86)\Lenovo => moved successfully
C:\WINDOWS\system32\Tasks\Lenovo => moved successfully
C:\WINDOWS\ImmersiveControlPanel => moved successfully
C:\Users\baile\AppData\Local\Lenovo => moved successfully
"HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{7BCF03C9-86FC-4BFF-B88D-B2A4FDD51DE7}" => removed successfully
"HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{3C50D189-BE36-4E84-9B49-16F1565345D5}" => removed successfully
"HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{3D1EF359-1690-41E9-9DA7-380660E6D699}" => removed successfully

=========== EmptyTemp: ==========

BITS transfer queue => 0 B
DOMStore, IE Recovery, AppCache, Feeds Cache, Thumbcache, IconCache => 22077314 B
Java, Flash, Steam htmlcache => 0 B
Windows/system/drivers => 919257 B
Edge => 0 B
Chrome => 316662806 B
Firefox => 0 B
Opera => 0 B

Temp, IE cache, history, cookies, recent:
Default => 0 B
ProgramData => 0 B
Public => 0 B
systemprofile => 0 B
systemprofile32 => 0 B
LocalService => 0 B
NetworkService => 3992 B
baile => 27173816 B
supportaccount => 27173816 B

RecycleBin => 8622059 B
EmptyTemp: => 384 MB temporary data Removed.

================================

The system needed a reboot.

==== End of Fixlog 10:01:19 ====
 
Status
Not open for further replies.
You have insufficient privileges to reply here.
Top