1. Computer problem? Tech Support Guy is completely free -- paid for by advertisers and donations. Click here to join today! If you're new to Tech Support Guy, we highly recommend that you visit our Guide for New Members.

Solved Remote access allowed dumb I know

Discussion in 'Virus & Other Malware Removal' started by sportsmom2x2, Nov 6, 2019.

Advertisement
  1. sportsmom2x2

    sportsmom2x2 Thread Starter

    Joined:
    Sep 3, 2007
    Messages:
    156
    Tech Support Guy System Info Utility version 1.0.0.4
    OS Version: Microsoft Windows 10 Home, 64 bit
    Processor: Intel(R) Core(TM) i7-7700HQ CPU @ 2.80GHz, Intel64 Family 6 Model 158 Stepping 9
    Processor Count: 8
    RAM: 8050 Mb
    Graphics Card: Intel(R) HD Graphics 630, 1024 Mb
    Hard Drives: C: 212 GB (23 GB Free); D: 24 GB (16 GB Free);
    Motherboard: LENOVO, LNVNB161216
    Antivirus: Windows Defender, Enabled and Updated

    Hi is anyone able to help me with this problem? I purchased a new HP printer. I went to what I thought was the HP support as instructed and they asked me to let them do remote service on my computer to hook up the printer. I stupidly let them. I realized my mistake and closed out. But now my computer is really acting goofy. Very slow, not opening programs correctly. I ran Malwarebytes scan, Adwcleaner. I downloaded Kaspersky virus protector and its virus remover program. Nothing was identified as a problem. My computer was almost unusable. Then my audio stopped working. I removed Kaspersky and the computer started running faster. I restored my computer to an earlier date and the audio is working. But now the computer is still running slow and will not let me open some programs.
    Any help would be appreciated. I contacted our local computer repair, but can't get my computer in for quite a while.
    Thank you!
    Pam
     
  2. sportsmom2x2

    sportsmom2x2 Thread Starter

    Joined:
    Sep 3, 2007
    Messages:
    156
    Oh also have new notice that says Managed by your organization on the Chrome more tab. This is a personal computer. Also, my c drive will not recognize the card reader. I really screwed up this time I am afraid.
     
  3. iMacg3

    iMacg3 Malware Specialist

    Joined:
    Nov 3, 2018
    Messages:
    618
    Hi sportsmom2x2, welcome to the Tech Support Guy malware removal forum.

    I am iMacg3 and will be helping you with your computer problems.

    Please keep the following information in mind before we begin:
    • Back up any important data before we continue.
      • Back up any important data on your computer to external media. I will not knowingly suggest any steps that will damage your computer; however, malware infections are often unpredictable and it may be necessary to reformat and reinstall your operating system depending on the infection.
    • Do not install any new software or run any fixes/tools on your system unless I request that you do so.
      • Running additional tools on your system can interfere with the clean-up process, or cause issues such as false positives.
    • Please read all instructions carefully, and complete them in the order listed.
      • Items that are especially important will be highlighted in bold or red.
    • If your computer seems to start working normally, please don't abandon the topic.
      • Even if your system is behaving normally, there may still be some malware remnants left over. Additionally, malware can re-infect the computer if some remnants are left. Therefore, please complete all requested steps to make sure any malware is successfully eradicated from your PC.
    • If you have pirated or illegal software on your computer, uninstall it now before proceeding.
      • Using pirated/cracked software is an easy way to infect your computer - almost as easy as intentionally downloading malware. Therefore, please remove any, if present, before we begin the clean-up.
    • If you have questions at any time during the cleanup, feel free to ask.

    ---------------------------------------------------
    Farbar Recovery Scan Tool (FRST)

    Download Farbar Recovery Scan Tool and save it to your desktop.

    Note: You need to run the version compatible with your system. If you are not sure which version applies to your system, download both of them and try to run them. Only one of them will run on your system, and that will be the right version.
    • Right-click FRST.exe/FRST64.exe then click "Run as administrator"
    • When the tool opens, click Yes to the disclaimer.
    • Press the Scan button.
    • When finished, it will produce logs called FRST.txt and Addition.txt in the same directory the tool was run from.
    • Please copy and paste the logs in your next reply.

    ---------------------------------------------------

    In your next reply, please include:
    • FRST.txt
    • Addition.txt
     
  4. sportsmom2x2

    sportsmom2x2 Thread Starter

    Joined:
    Sep 3, 2007
    Messages:
    156
    Additional scan result of Farbar Recovery Scan Tool (x64) Version: 06-11-2019
    Ran by bailey (07-11-2019 22:00:10)
    Running from C:\Users\baile\Desktop
    Windows 10 Home Version 1809 17763.805 (X64) (2019-08-08 02:30:09)
    Boot Mode: Normal
    ==========================================================
    ==================== Accounts: =============================
    Administrator (S-1-5-21-260720292-2504253849-2348319339-500 - Administrator - Disabled)
    Baile (S-1-5-21-260720292-2504253849-2348319339-1002 - Limited - Disabled)
    bailey (S-1-5-21-260720292-2504253849-2348319339-1001 - Administrator - Enabled) => C:\Users\baile
    DefaultAccount (S-1-5-21-260720292-2504253849-2348319339-503 - Limited - Disabled)
    Guest (S-1-5-21-260720292-2504253849-2348319339-501 - Limited - Disabled)
    WDAGUtilityAccount (S-1-5-21-260720292-2504253849-2348319339-504 - Limited - Disabled)
    ==================== Security Center ========================
    (If an entry is included in the fixlist, it will be removed.)
    AV: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
    AS: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
    ==================== Installed Programs ======================
    (Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)
    Adobe Bridge CC 2018 (HKLM-x32\...\KBRG_8_1) (Version: 8.1 - Adobe Systems Incorporated)
    Adobe Bridge CC 2019 (HKLM-x32\...\KBRG_9_0_1) (Version: 9.0.1 - Adobe Systems Incorporated)
    Adobe Creative Cloud (HKLM-x32\...\Adobe Creative Cloud) (Version: 5.0.0.354 - Adobe Systems Incorporated)
    Adobe Flash Player 32 PPAPI (HKLM-x32\...\Adobe Flash Player PPAPI) (Version: 32.0.0.270 - Adobe)
    Adobe Illustrator CC 2019 (HKLM-x32\...\ILST_23_0_1) (Version: 23.0.1 - Adobe Systems Incorporated)
    Adobe Lightroom CC (HKLM-x32\...\LRCC_2_1_1) (Version: 2.1.1 - Adobe Systems Incorporated)
    Adobe Lightroom Classic CC (HKLM-x32\...\LTRM_8_0) (Version: 8.0 - Adobe Systems Incorporated)
    Adobe Photoshop CC 2018 (HKLM-x32\...\PHSP_19_1_7) (Version: 19.1.7 - Adobe Systems Incorporated)
    Adobe Photoshop CC 2019 (HKLM-x32\...\PHSP_20_0_1) (Version: 20.0.1 - Adobe Systems Incorporated)
    Apple Application Support (32-bit) (HKLM-x32\...\{FD52A2FF-4D16-49C4-A2CD-DAC752C18BA2}) (Version: 8.0 - Apple Inc.)
    Apple Application Support (64-bit) (HKLM\...\{9B061D60-4E2C-4987-BFFD-423E3D477660}) (Version: 8.0 - Apple Inc.)
    Apple Mobile Device Support (HKLM\...\{6CECF0FB-EE71-4FE5-8AE0-FA007408934A}) (Version: 13.0.0.38 - Apple Inc.)
    Apple Software Update (HKLM-x32\...\{A3985C05-7386-411F-A4BF-32A73F37EB44}) (Version: 2.6.3.1 - Apple Inc.)
    Bonjour (HKLM\...\{56DDDFB8-7F79-4480-89D5-25E1F52AB28F}) (Version: 3.1.0.1 - Apple Inc.)
    Dolby Atmos Windows API SDK (HKLM\...\{1F4A261B-588C-4A43-B1F0-49365AC430C7}) (Version: 1.1.3.23 - Dolby Laboratories, Inc.)
    Dolby Atmos Windows APP (HKLM\...\{3FC92273-FEF4-4C0B-9AF4-F38D747EB765}) (Version: 1.0.0.10 - Dolby Laboratories, Inc.)
    Epic Games Launcher Prerequisites (x64) (HKLM\...\{66C5838F-B854-4A55-89E6-A6138747A4DF}) (Version: 1.0.0.0 - Epic Games, Inc.) Hidden
    Fitbit Connect (HKLM-x32\...\{F76678F2-2FF6-40D7-9B16-A39B0A820ED2}) (Version: 1.0.3.5512 - Fitbit Inc.)
    Google Chrome (HKLM-x32\...\Google Chrome) (Version: 78.0.3904.97 - Google LLC)
    Google Update Helper (HKLM-x32\...\{60EC980A-BDA2-4CB6-A427-B07A5498B4CA}) (Version: 1.3.35.341 - Google LLC) Hidden
    Grammarly (HKU\S-1-5-21-260720292-2504253849-2348319339-1001\...\GrammarlyForWindows) (Version: 1.5.45 - Grammarly)
    HP Dropbox Plugin (HKLM-x32\...\{96A402D4-6126-4899-AEA8-AA764304A7B1}) (Version: 49.1.321.0 - HP)
    HP EmailSMTP Plugin (HKLM-x32\...\{39BEAF4B-67DB-4820-9864-BCCD4E6C5987}) (Version: 49.1.321.0 - HP)
    HP FTP Plugin (HKLM-x32\...\{F6E456FC-18B7-4F41-AF13-9EECFF500A46}) (Version: 49.1.321.0 - HP)
    HP Google Drive Plugin (HKLM-x32\...\{9EDF968A-5D0C-4AF3-9669-1369E2921AA1}) (Version: 49.1.321.0 - HP)
    HP OfficeJet Pro 8020 series Basic Device Software (HKLM\...\{7D2A3164-AFBF-4225-9C99-2A2DD82CD4F1}) (Version: 49.3.4475.19206 - HP Inc.)
    HP Officejet Pro 8600 Basic Device Software (HKLM\...\{791A06E2-340F-43B0-8FAB-62D151339362}) (Version: 28.0.1315.0 - Hewlett-Packard Co.)
    HP Officejet Pro 8600 Help (HKLM-x32\...\{46235FF7-2CBE-4A84-BEDA-87348D1F7850}) (Version: 28.0.0 - Hewlett Packard)
    HP SFTP Plugin (HKLM-x32\...\{1A3B3517-5C77-4382-9915-B8F0C2AB691F}) (Version: 49.1.321.0 - HP)
    HP SharePoint Plugin (HKLM-x32\...\{DB2306C6-0DEA-4468-AE0F-9CDEA7BE842E}) (Version: 49.1.321.0 - HP)
    HP Update (HKLM-x32\...\{912D30CF-F39E-4B31-AD9A-123C6B794EE2}) (Version: 5.005.002.002 - Hewlett-Packard)
    I.R.I.S. OCR (HKLM-x32\...\{CA6BCA2F-EDEB-408F-850B-31404BE16A61}) (Version: 12.3.4.0 - HP)
    iCloud (HKLM\...\{E3597C85-5970-4166-BE96-ED1D18CD1088}) (Version: 7.14.0.29 - Apple Inc.)
    Intel(R) Chipset Device Software (HKLM-x32\...\{bb0592a7-5772-4736-9d55-2402740085db}) (Version: 10.1.1.38 - Intel(R) Corporation) Hidden
    Intel(R) Management Engine Components (HKLM\...\{1CEAC85D-2590-4760-800F-8DE5E91F3700}) (Version: 11.6.0.1039 - Intel Corporation)
    Intel(R) Processor Graphics (HKLM-x32\...\{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}) (Version: 21.20.16.4627 - Intel Corporation) Hidden
    iTunes (HKLM\...\{227F49DB-D6E0-4AE2-8348-AA8F5AAB2F1F}) (Version: 12.10.1.4 - Apple Inc.)
    Launcher Prerequisites (x64) (HKLM-x32\...\{c6c5a357-c7ca-4a5f-9789-3bb1af579253}) (Version: 1.0.0.0 - Epic Games, Inc.) Hidden
    Lenovo Migration Assistant (HKLM\...\Lenovo Migration Assistant_is1) (Version: 1.0.1.12 - Lenovo)
    Lenovo Yoga Mode Control (HKLM\...\{3F2E25D6-49D3-45D5-A7BD-13F5D6F64171}_is1) (Version: 2.0.0.9 - Lenovo)
    Malwarebytes version 4.0.4.49 (HKLM\...\{35065F43-4BB2-439A-BFF7-0F1014F2E0CD}_is1) (Version: 4.0.4.49 - Malwarebytes)
    Microsoft Office Professional 2013 - en-us (HKLM\...\ProfessionalRetail - en-us) (Version: 15.0.5179.1000 - Microsoft Corporation)
    Microsoft OneDrive (HKU\S-1-5-21-260720292-2504253849-2348319339-1001\...\OneDriveSetup.exe) (Version: 19.174.0902.0013 - Microsoft Corporation)
    Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{7299052b-02a4-4627-81f2-1818da5d550d}) (Version: 8.0.56336 - Microsoft Corporation)
    Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{071c9b48-7c32-4621-a0ac-3f809523288f}) (Version: 8.0.56336 - Microsoft Corporation)
    Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation)
    Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
    Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
    Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
    Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.61030 (HKLM-x32\...\{ca67548a-5ebe-413a-b50c-4b9ceb6d66c6}) (Version: 11.0.61030.0 - Microsoft Corporation)
    Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.61030 (HKLM-x32\...\{33d1fd90-4274-48a1-9bc1-97e33d9c2d6f}) (Version: 11.0.61030.0 - Microsoft Corporation)
    Microsoft Visual C++ 2013 Redistributable (x64) - 12.0.30501 (HKLM-x32\...\{050d4fc8-5d48-4b8f-8972-47c82c46020f}) (Version: 12.0.30501.0 - Microsoft Corporation)
    Microsoft Visual C++ 2013 Redistributable (x64) - 12.0.40660 (HKLM-x32\...\{ef6b00ec-13e1-4c25-9064-b2f383cb8412}) (Version: 12.0.40660.0 - Microsoft Corporation)
    Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.30501 (HKLM-x32\...\{f65db027-aff3-4070-886a-0d87064aabb1}) (Version: 12.0.30501.0 - Microsoft Corporation)
    Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.40660 (HKLM-x32\...\{61087a79-ac85-455c-934d-1fa22cc64f36}) (Version: 12.0.40660.0 - Microsoft Corporation)
    Microsoft Visual C++ 2017 Redistributable (x64) - 14.15.26706 (HKLM-x32\...\{95ac1cfa-f4fb-4d1b-8912-7f9d5fbb140d}) (Version: 14.15.26706.0 - Microsoft Corporation)
    Microsoft Visual C++ 2017 Redistributable (x86) - 14.15.26706 (HKLM-x32\...\{7e9fae12-5bbf-47fb-b944-09c49e75c061}) (Version: 14.15.26706.0 - Microsoft Corporation)
    Office 15 Click-to-Run Extensibility Component (HKLM-x32\...\{90150000-008C-0000-0000-0000000FF1CE}) (Version: 15.0.5179.1000 - Microsoft Corporation) Hidden
    Office 15 Click-to-Run Licensing Component (HKLM\...\{90150000-008F-0000-1000-0000000FF1CE}) (Version: 15.0.5179.1000 - Microsoft Corporation) Hidden
    Office 15 Click-to-Run Localization Component (HKLM-x32\...\{90150000-008C-0409-0000-0000000FF1CE}) (Version: 15.0.5179.1000 - Microsoft Corporation) Hidden
    OverDrive for Windows (HKLM-x32\...\{FF27E73D-C30A-4F32-B2D7-22069F01DDB9}) (Version: 3.6.0 - OverDrive, Inc.)
    Product Improvement Study for HP OfficeJet Pro 8020 series (HKLM\...\{5F486205-E3D0-40CA-BDD1-92C41A09B153}) (Version: 49.3.4475.19206 - HP Inc.)
    UltraVPN (HKLM-x32\...\UltraVPN) (Version: 0.2.4 - UltraVPN)
    Update for Windows 10 for x64-based Systems (KB4023057) (HKLM\...\{16AD6161-2E47-4BF1-AA77-0946EFE93E08}) (Version: 2.61.0.0 - Microsoft Corporation)
    Vulkan Run Time Libraries 1.0.33.0 (HKLM\...\VulkanRT1.0.33.0) (Version: 1.0.33.0 - LunarG, Inc.)
    Vulkan Run Time Libraries 1.0.42.0 (HKLM\...\VulkanRT1.0.42.0) (Version: 1.0.42.0 - LunarG, Inc.) Hidden
    Vulkan Run Time Libraries 1.0.42.0 (HKLM\...\VulkanRT1.0.42.0-2) (Version: 1.0.42.0 - LunarG, Inc.) Hidden
    Vulkan Run Time Libraries 1.0.42.0 (HKLM\...\VulkanRT1.0.42.0-3) (Version: 1.0.42.0 - LunarG, Inc.)
    Wacom Pen (HKLM\...\ISD Tablet Driver) (Version: 7.3.4-38 - Wacom Technology Corp.)
    Wacom Tablet (HKLM\...\Wacom Tablet Driver) (Version: 6.3.29-6 - Wacom Technology Corp.)
    WD Backup (HKLM-x32\...\{09C422A7-0421-40A5-933A-9177BEDF9B3B}) (Version: 1.9.6598.18388 - Western Digital Technologies, Inc) Hidden
    WD Backup (HKLM-x32\...\{61ccf853-a113-4862-9d4a-6dd2b869c9db}) (Version: 1.9.6598.18388 - Western Digital Technologies, Inc.)
    Windows 10 Update Assistant (HKLM-x32\...\{D5C69738-B486-402E-85AC-2456D98A64E4}) (Version: 1.4.9200.22589 - Microsoft Corporation)
    Packages:
    =========
    Autodesk SketchBook -> C:\Program Files\WindowsApps\89006A2E.AutodeskSketchBook_5.1.0.0_x64__tf1gferkr813w [2019-11-05] (Autodesk Inc.)
    Bamboo Paper -> C:\Program Files\WindowsApps\D91E29CF.BambooPaper_1.7.2.0_x64__38kynpdw5g1aw [2019-11-03] (Wacom Europe GmbH)
    Candy Crush Soda Saga -> C:\Program Files\WindowsApps\king.com.CandyCrushSodaSaga_1.151.300.0_x86__kgqvnymyfvs32 [2019-11-04] (king.com)
    Facebook -> C:\Program Files\WindowsApps\Facebook.Facebook_186.2619.19263.0_x86__8xx8rvfyw5nnt [2019-11-03] (Facebook Inc)
    Fitbit -> C:\Program Files\WindowsApps\Fitbit.Fitbit_2.44.1997.0_x64__6mqt6hf9g46tw [2019-11-03] (Fitbit)
    HP Smart -> C:\Program Files\WindowsApps\AD2F1837.HPPrinterControl_105.1.618.0_x64__v10z8vjag6ke6 [2019-11-03] (HP Inc.)
    Instagram -> C:\Program Files\WindowsApps\Facebook.InstagramBeta_41.1788.50991.0_x86__8xx8rvfyw5nnt [2019-11-03] (Instagram)
    LastPass: Free Password Manager -> C:\Program Files\WindowsApps\LastPass.LastPassFreePasswordManager_4.36.0.0_neutral__qq0fmhteeht3j [2019-11-04] (LastPass)
    Lenovo Account Portal -> C:\Program Files\WindowsApps\LenovoCorporation.LenovoID_2.0.37.0_x86__4642shxvsv8s2 [2019-11-03] (LENOVO INCORPORATED.)
    Lenovo Vantage -> C:\Program Files\WindowsApps\E046963F.LenovoCompanion_10.1909.24.0_x64__k1h2ywk1493x8 [2019-11-03] (LENOVO INC.)
    Libby, by OverDrive -> C:\Program Files\WindowsApps\2FA138F6.LibbybyOverDrive_1.4.2.0_x64__daecb9042jmvt [2019-11-03] (OverDrive Inc.)
    Mail and Calendar -> C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_16005.12026.20368.0_x64__8wekyb3d8bbwe [2019-11-04] (Microsoft Corporation) [MS Ad]
    Messenger -> C:\Program Files\WindowsApps\Facebook.317180B0BB486_196.2292.59195.0_x86__8xx8rvfyw5nnt [2019-11-03] (Facebook Inc)
    Microsoft Advertising SDK for XAML -> C:\Program Files\WindowsApps\Microsoft.Advertising.Xaml_10.1811.1.0_x64__8wekyb3d8bbwe [2019-11-03] (Microsoft Corporation) [MS Ad]
    Microsoft Advertising SDK for XAML -> C:\Program Files\WindowsApps\Microsoft.Advertising.Xaml_10.1811.1.0_x86__8wekyb3d8bbwe [2019-11-03] (Microsoft Corporation) [MS Ad]
    Microsoft News -> C:\Program Files\WindowsApps\Microsoft.BingNews_4.32.12463.0_x64__8wekyb3d8bbwe [2019-11-03] (Microsoft Corporation) [MS Ad]
    Microsoft Solitaire Collection -> C:\Program Files\WindowsApps\Microsoft.MicrosoftSolitaireCollection_4.4.10022.0_x64__8wekyb3d8bbwe [2019-11-03] (Microsoft Studios) [MS Ad]
    MSN Weather -> C:\Program Files\WindowsApps\Microsoft.BingWeather_4.32.12463.0_x64__8wekyb3d8bbwe [2019-11-03] (Microsoft Corporation) [MS Ad]
    Netflix -> C:\Program Files\WindowsApps\4DF9E0F8.Netflix_6.95.602.0_x64__mcm4njqhnhss8 [2019-11-03] (Netflix, Inc.)
    OverDrive - Library eBooks & Audiobooks -> C:\Program Files\WindowsApps\2FA138F6.OverDriveMediaConsole_3.8.0.5_neutral__daecb9042jmvt [2019-11-03] (OverDrive Inc.)
    Pandora -> C:\Program Files\WindowsApps\PandoraMediaInc.29680B314EFC2_15.0.2.0_x64__n619g4d5j0fnw [2019-11-03] (Pandora Media Inc) [Startup Task]
    Photos Add-on -> C:\Program Files\WindowsApps\Microsoft.Windows.Photos.DLC.Main_2017.39121.36610.0_x64__8wekyb3d8bbwe [2019-11-03] (Microsoft Corporation)
    Photos Media Engine Add-on -> C:\Program Files\WindowsApps\Microsoft.Photos.MediaEngineDLC_1.0.0.0_x64__8wekyb3d8bbwe [2019-11-03] (Microsoft Corporation)
    Spotify Music -> C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.118.611.0_x86__zpdnekdrzrea0 [2019-11-04] (Spotify AB) [Startup Task]
    ==================== Custom CLSID (Whitelisted): ==============
    (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
    CustomCLSID: HKU\S-1-5-21-260720292-2504253849-2348319339-1001_Classes\CLSID\{0E270DAA-1BE6-48F2-AC49-321D2822FE4F} -> [Creative Cloud Files] => C:\Users\baile\Creative Cloud Files [2017-12-20 00:57]
    CustomCLSID: HKU\S-1-5-21-260720292-2504253849-2348319339-1001_Classes\CLSID\{e8c77137-e224-5791-b6e9-ff0305797a13}\InprocServer32 -> C:\Program Files (x86)\Adobe\Adobe Creative Cloud\Utils\npAdobeAAMDetect64.dll (Adobe Inc. -> Adobe Systems)
    ShellIconOverlayIdentifiers: [ AccExtIco1] -> {AB9CF9F8-8A96-4F9D-BF21-CE85714C3A47} => C:\Program Files (x86)\Common Files\Adobe\CoreSyncExtension\CoreSync_x64.dll [2018-03-05] (Adobe Systems Incorporated -> )
    ShellIconOverlayIdentifiers: [ AccExtIco2] -> {853B7E05-C47D-4985-909A-D0DC5C6D7303} => C:\Program Files (x86)\Common Files\Adobe\CoreSyncExtension\CoreSync_x64.dll [2018-03-05] (Adobe Systems Incorporated -> )
    ShellIconOverlayIdentifiers: [ AccExtIco3] -> {42D38F2E-98E9-4382-B546-E24E4D6D04BB} => C:\Program Files (x86)\Common Files\Adobe\CoreSyncExtension\CoreSync_x64.dll [2018-03-05] (Adobe Systems Incorporated -> )
    ShellIconOverlayIdentifiers: [00asw] -> {472083B0-C522-11CF-8763-00608CC02F24} => -> No File
    ShellIconOverlayIdentifiers: [00avg] -> {472083B0-C522-11CF-8763-00608CC02F24} => -> No File
    ContextMenuHandlers1: [AccExt] -> {2A118EB5-5797-4F5E-8B3D-F4ECBA3C98E4} => C:\Program Files (x86)\Common Files\Adobe\CoreSyncExtension\CoreSync_x64.dll [2018-03-05] (Adobe Systems Incorporated -> )
    ContextMenuHandlers1: [PhotoStreamsExt] -> {89D984B3-813B-406A-8298-118AFA3A22AE} => C:\Program Files\Common Files\Apple\Internet Services\ShellStreams64.dll [2019-10-01] (Apple Inc. -> Apple Inc.)
    ContextMenuHandlers3: [MBAMShlExt] -> {57CE581A-0CB6-4266-9CA0-19364C90A0B3} => C:\Program Files\Malwarebytes\Anti-Malware\mbshlext.dll [2019-06-26] (Malwarebytes Corporation -> Malwarebytes)
    ContextMenuHandlers5: [igfxDTCM] -> {9B5F5829-A529-4B12-814A-E81BCB8D93FC} => C:\WINDOWS\System32\DriverStore\FileRepository\igdlh64.inf_amd64_3d757484a892eacf\igfxDTCM.dll [2017-09-18] (Microsoft Windows Hardware Compatibility Publisher -> Intel Corporation)
    ContextMenuHandlers6: [AccExt] -> {2A118EB5-5797-4F5E-8B3D-F4ECBA3C98E4} => C:\Program Files (x86)\Common Files\Adobe\CoreSyncExtension\CoreSync_x64.dll [2018-03-05] (Adobe Systems Incorporated -> )
    ContextMenuHandlers6: [MBAMShlExt] -> {57CE581A-0CB6-4266-9CA0-19364C90A0B3} => C:\Program Files\Malwarebytes\Anti-Malware\mbshlext.dll [2019-06-26] (Malwarebytes Corporation -> Malwarebytes)
    ==================== Codecs (Whitelisted) ====================
    ==================== Shortcuts & WMI ========================
    ==================== Loaded Modules (Whitelisted) =============
    2015-09-11 14:17 - 2015-09-11 14:17 - 001374208 ____R (The OpenSSL Project, hxxp://www.openssl.org/) [File not signed] C:\Program Files (x86)\Fitbit Connect\LIBEAY32.dll
    ==================== Alternate Data Streams (Whitelisted) ========
    (If an entry is included in the fixlist, only the ADS will be removed.)
    AlternateDataStreams: C:\Users\baile\OneDrive:${3D0CE612-FDEE-43f7-8ACA-957BEC0CCBA0}.SyncRootIdentity [130]
    AlternateDataStreams: C:\Users\Public\Shared Files:VersionCache [231]
    ==================== Safe Mode (Whitelisted) ==================
    (If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)
    HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MBAMService => ""="Service"
    HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\MBAMService => ""="Service"
    ==================== Association (Whitelisted) =================
    ==================== Internet Explorer trusted/restricted ==========
    ==================== Hosts content: =========================
    (If needed Hosts: directive could be included in the fixlist to reset Hosts.)
    2017-03-18 15:03 - 2019-07-11 01:06 - 000000830 _____ C:\WINDOWS\system32\drivers\etc\hosts
    2018-08-20 13:44 - 2018-08-20 15:07 - 000000442 _____ C:\WINDOWS\system32\drivers\etc\hosts.ics
    ==================== Other Areas ===========================
    (Currently there is no automatic fix for this section.)
    HKU\S-1-5-21-260720292-2504253849-2348319339-1001\Control Panel\Desktop\\Wallpaper -> C:\Users\baile\AppData\Local\Microsoft\Windows\Themes\TranscodedWallpaper
    DNS Servers: 192.168.1.1 - 207.190.94.2
    HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1)
    HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer => (SmartScreenEnabled: )
    Windows Firewall is enabled.
    ==================== MSCONFIG/TASK MANAGER disabled items ==
    (If an entry is included in the fixlist, it will be removed.)
    HKLM\...\StartupApproved\Run: => "Logitech Download Assistant"
    HKLM\...\StartupApproved\Run: => "iTunesHelper"
    HKLM\...\StartupApproved\Run32: => "Adobe Creative Cloud"
    HKLM\...\StartupApproved\Run32: => "Fitbit Connect"
    HKU\S-1-5-21-260720292-2504253849-2348319339-1001\...\StartupApproved\StartupFolder: => "Send to OneNote.lnk"
    HKU\S-1-5-21-260720292-2504253849-2348319339-1001\...\StartupApproved\StartupFolder: => "Facebook Gameroom.lnk"
    HKU\S-1-5-21-260720292-2504253849-2348319339-1001\...\StartupApproved\Run: => "OneDrive"
    HKU\S-1-5-21-260720292-2504253849-2348319339-1001\...\StartupApproved\Run: => "iCloudServices"
    HKU\S-1-5-21-260720292-2504253849-2348319339-1001\...\StartupApproved\Run: => "iCloudDrive"
    HKU\S-1-5-21-260720292-2504253849-2348319339-1001\...\StartupApproved\Run: => "Fitbit Connect"
    HKU\S-1-5-21-260720292-2504253849-2348319339-1001\...\StartupApproved\Run: => "Steam"
    HKU\S-1-5-21-260720292-2504253849-2348319339-1001\...\StartupApproved\Run: => "EpicGamesLauncher"
    ==================== FirewallRules (Whitelisted) ================
    (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
    FirewallRules: [{DEC86BCC-7FC1-4B7A-8983-71F81D058E60}] => (Allow) %systemroot%\system32\alg.exe No File
    FirewallRules: [{7734ADFC-7C1C-44DE-BF5C-257A9A98AF58}] => (Allow) C:\Program Files\HP\HP Officejet Pro 8600\Bin\HPNetworkCommunicatorCom.exe (Hewlett Packard -> Hewlett-Packard Co.)
    FirewallRules: [{E4568B92-1FCC-4061-83C5-437E0EE0D0F3}] => (Allow) C:\Program Files\HP\HP Officejet Pro 8600\Bin\HPNetworkCommunicator.exe (Hewlett Packard -> Hewlett-Packard Co.)
    FirewallRules: [{EC4565FE-47FE-4C96-89F6-EC930E9138CB}] => (Allow) C:\Program Files\HP\HP Officejet Pro 8600\Bin\DeviceSetup.exe (Hewlett Packard -> Hewlett-Packard Co.)
    FirewallRules: [{3DDB871E-AE54-4D06-9CC2-E312CF97D35C}] => (Allow) C:\Program Files\HP\HP Officejet Pro 8600\bin\SendAFax.exe (Hewlett Packard -> Hewlett-Packard Co.)
    FirewallRules: [{2A5EF8C4-4E73-43DA-9C64-B5AF013130E1}] => (Allow) C:\Program Files\HP\HP Officejet Pro 8600\bin\DigitalWizards.exe (Hewlett Packard -> Hewlett-Packard Co.)
    FirewallRules: [{8348AB0B-6BB6-4F6B-80E8-934C66C21791}] => (Allow) C:\Program Files\HP\HP Officejet Pro 8600\bin\FaxApplications.exe (Hewlett Packard -> Hewlett-Packard Co.)
    FirewallRules: [{F110E177-1997-42B6-AB07-24234331214B}] => (Allow) C:\Program Files\Microsoft Office 15\root\Office15\outlook.exe (Microsoft Corporation -> Microsoft Corporation)
    FirewallRules: [{BB9E4FCE-C6D4-4D79-A5B5-6596087E3486}] => (Allow) C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc. -> Apple Inc.)
    FirewallRules: [{205AC0AE-3A23-4EFF-9D8D-1407C7350A9B}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe (Apple Inc. -> Apple Inc.)
    FirewallRules: [{0FD7C4B0-A458-45A0-A28F-74DD83578761}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe (Apple Inc. -> Apple Inc.)
    FirewallRules: [{6733E1F9-EA29-4E45-9CFA-FD25A297EAB6}] => (Allow) C:\Program Files (x86)\Bonjour\mDNSResponder.exe (Apple Inc. -> Apple Inc.)
    FirewallRules: [{DB029122-856A-4900-896E-B5F828836049}] => (Allow) C:\Program Files (x86)\Bonjour\mDNSResponder.exe (Apple Inc. -> Apple Inc.)
    FirewallRules: [{804A7CAC-7F3A-4DBB-891F-7190D303AFB7}] => (Allow) C:\Program Files\Lenovo\Lenovo Migration Assistant\MigrationAssistant.exe (Lenovo -> )
    FirewallRules: [{72732D93-EF99-4D73-BA99-C6A0CE94331C}] => (Allow) C:\Program Files\Lenovo\Lenovo Migration Assistant\MigrationAssistant.exe (Lenovo -> )
    FirewallRules: [{FAF09736-6A4E-4DC2-B805-66E05FDBF34F}] => (Allow) C:\Program Files\Lenovo\Lenovo Migration Assistant\maService.exe (Lenovo -> )
    FirewallRules: [{99585B7F-5666-4DDC-8E2E-1589685D4EA1}] => (Allow) C:\Program Files\Lenovo\Lenovo Migration Assistant\maService.exe (Lenovo -> )
    FirewallRules: [{F28C4457-7D97-4710-BEEC-1BCF418ADA39}] => (Allow) C:\Users\baile\Downloads\iTunes.exe (Apple Inc. -> Apple Inc.)
    FirewallRules: [{8DBDFB17-4E00-4F72-BDC3-91BC178A322D}] => (Allow) C:\Program Files\HP\HP OfficeJet Pro 8020 series\bin\FaxApplications.exe (HP Inc -> HP Inc.)
    FirewallRules: [{4DB55019-A598-4D81-BD89-ABAAA4FC6028}] => (Allow) C:\Program Files\HP\HP OfficeJet Pro 8020 series\bin\DigitalWizards.exe (HP Inc -> HP Inc.)
    FirewallRules: [{8B484D45-BF67-48C9-851D-A74C81505CF9}] => (Allow) C:\Program Files\HP\HP OfficeJet Pro 8020 series\bin\SendAFax.exe (HP Inc -> HP Inc.)
    FirewallRules: [{ECB93F95-3992-4E5F-A4C3-83715CFA1DA9}] => (Allow) C:\Program Files\HP\HP OfficeJet Pro 8020 series\bin\FaxPrinterUtility.exe (HP Inc -> HP Inc.)
    FirewallRules: [{F51D7996-B502-4861-B92A-F542F6FFFAD4}] => (Allow) C:\Program Files\HP\HP OfficeJet Pro 8020 series\Bin\DeviceSetup.exe (HP Inc -> HP Inc.)
    FirewallRules: [{488EAE1E-A1A4-4FCC-B6EE-5E4DE222DAFF}] => (Allow) LPort=5357
    FirewallRules: [{2CD808EA-8086-497D-B665-B3B19F8FFAE3}] => (Allow) C:\Program Files\HP\HP OfficeJet Pro 8020 series\Bin\HPNetworkCommunicatorCom.exe (HP Inc -> HP Inc.)
    FirewallRules: [{F8BD7C21-0643-4DE1-8A7F-6F23634309FD}] => (Allow) C:\Users\baile\AppData\Local\Temp\7zS0B0B\HPDiagnosticCoreUI.exe No File
    FirewallRules: [{F7F65726-1206-4388-8E0E-293C34F56029}] => (Allow) C:\Users\baile\AppData\Local\Temp\7zS0B0B\HPDiagnosticCoreUI.exe No File
    FirewallRules: [{B03D518E-2727-49AF-90F5-8CFC654099FB}] => (Allow) C:\Users\baile\AppData\Local\Temp\7zS621E\HPDiagnosticCoreUI.exe No File
    FirewallRules: [{B46221E6-A78D-4DA6-A8B0-114C15C11205}] => (Allow) C:\Users\baile\AppData\Local\Temp\7zS621E\HPDiagnosticCoreUI.exe No File
    FirewallRules: [TCP Query User{D81F5BC7-EBFD-4BE6-BF59-FEA1CA323F60}C:\users\baile\appdata\local\temp\7zs621e\devicemanager\devicemanager.exe] => (Allow) C:\users\baile\appdata\local\temp\7zs621e\devicemanager\devicemanager.exe No File
    FirewallRules: [UDP Query User{DFB5C2C7-782B-4C3A-A1D7-679004ADA982}C:\users\baile\appdata\local\temp\7zs621e\devicemanager\devicemanager.exe] => (Allow) C:\users\baile\appdata\local\temp\7zs621e\devicemanager\devicemanager.exe No File
    FirewallRules: [{B2073E64-8313-4425-A121-9CCFB622819B}] => (Allow) C:\Users\baile\AppData\Local\Temp\7zS08E9\HPDiagnosticCoreUI.exe No File
    FirewallRules: [{9F8A7177-7502-4BE6-91F2-5D4EFBDBEC19}] => (Allow) C:\Users\baile\AppData\Local\Temp\7zS08E9\HPDiagnosticCoreUI.exe No File
    FirewallRules: [{844005BA-38EC-416B-B18D-9CFAEAC09569}] => (Allow) C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.118.611.0_x86__zpdnekdrzrea0\Spotify.exe (Spotify AB -> Spotify Ltd)
    FirewallRules: [{DE4C90DC-BC53-4139-827D-B9CBDA579C52}] => (Allow) C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.118.611.0_x86__zpdnekdrzrea0\Spotify.exe (Spotify AB -> Spotify Ltd)
    FirewallRules: [{A105883B-96F7-423A-8C20-506380A509E5}] => (Allow) C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.118.611.0_x86__zpdnekdrzrea0\Spotify.exe (Spotify AB -> Spotify Ltd)
    FirewallRules: [{16FF5671-92BC-4180-95A9-4EAEA3320DA4}] => (Allow) C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.118.611.0_x86__zpdnekdrzrea0\Spotify.exe (Spotify AB -> Spotify Ltd)
    FirewallRules: [{CCA606C4-7859-4BD4-9E90-435CD9CE0CE9}] => (Allow) C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.118.611.0_x86__zpdnekdrzrea0\Spotify.exe (Spotify AB -> Spotify Ltd)
    FirewallRules: [{A3F64B59-443C-47D8-91E6-9C77A2A0704E}] => (Allow) C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.118.611.0_x86__zpdnekdrzrea0\Spotify.exe (Spotify AB -> Spotify Ltd)
    FirewallRules: [{5A850F60-EBD5-4C40-B4AE-4C484127A373}] => (Allow) C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.118.611.0_x86__zpdnekdrzrea0\Spotify.exe (Spotify AB -> Spotify Ltd)
    FirewallRules: [{B83C2E6D-6565-4396-9145-CA18658E1F77}] => (Allow) C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.118.611.0_x86__zpdnekdrzrea0\Spotify.exe (Spotify AB -> Spotify Ltd)
    FirewallRules: [{8653C202-C107-4816-97B4-CB3F9850235B}] => (Allow) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google LLC -> Google LLC)
    ==================== Restore Points =========================
    26-10-2019 17:01:07 Scheduled Checkpoint
    31-10-2019 23:12:28 Removed Kaspersky Password Manager
    03-11-2019 16:03:05 Intel® Driver & Support Assistant
    03-11-2019 18:18:29 Restore Operation
    03-11-2019 18:57:36 Removed Kaspersky Password Manager
    07-11-2019 01:45:44 Windows Update
    ==================== Faulty Device Manager Devices ============
    ==================== Event log errors: ========================
    Application errors:
    ==================
    Error: (11/07/2019 12:51:26 AM) (Source: Application Error) (EventID: 1000) (User: )
    Description: Faulting application name: adwcleaner_7.4.1.exe, version: 7.4.1.0, time stamp: 0x5d715fba
    Faulting module name: adwcleaner_7.4.1.exe, version: 7.4.1.0, time stamp: 0x5d715fba
    Exception code: 0xc0000005
    Fault offset: 0x00420a46
    Faulting process id: 0x1a0c
    Faulting application start time: 0x01d59537ba2ae03e
    Faulting application path: C:\Users\baile\Desktop\adwcleaner_7.4.1.exe
    Faulting module path: C:\Users\baile\Desktop\adwcleaner_7.4.1.exe
    Report Id: 1469d0cb-2f83-49a8-8300-4b534dfbc38e
    Faulting package full name:
    Faulting package-relative application ID:
    Error: (11/06/2019 06:59:59 PM) (Source: Application Hang) (EventID: 1002) (User: )
    Description: The program FRST64.exe version 6.11.2019.0 stopped interacting with Windows and was closed. To see if more information about the problem is available, check the problem history in the Security and Maintenance control panel.
    Process ID: 1d0c
    Start Time: 01d59504da7e013b
    Termination Time: 4
    Application Path: C:\Users\baile\Desktop\FRST64.exe
    Report Id: a059c78f-1bcd-40f9-8933-baa8c57c2d8a
    Faulting package full name:
    Faulting package-relative application ID:
    Hang type: Cross-process
    Error: (11/06/2019 06:46:29 PM) (Source: Application Hang) (EventID: 1002) (User: )
    Description: The program FRST64.exe version 6.11.2019.0 stopped interacting with Windows and was closed. To see if more information about the problem is available, check the problem history in the Security and Maintenance control panel.
    Process ID: 4378
    Start Time: 01d595036c824d3b
    Termination Time: 3
    Application Path: C:\Users\baile\Desktop\FRST64.exe
    Report Id: bdfbfe04-191b-4a74-b5a6-7389c57b92e7
    Faulting package full name:
    Faulting package-relative application ID:
    Hang type: Cross-process
    Error: (11/06/2019 02:57:25 PM) (Source: Application Error) (EventID: 1000) (User: )
    Description: Faulting application name: SkypeApp.exe, version: 8.53.0.85, time stamp: 0x5d966ef7
    Faulting module name: Windows.UI.Xaml.dll, version: 10.0.17763.802, time stamp: 0x322dae8f
    Exception code: 0xc000027b
    Fault offset: 0x0000000000701a52
    Faulting process id: 0x2afc
    Faulting application start time: 0x01d594c855a51250
    Faulting application path: C:\Program Files\WindowsApps\Microsoft.SkypeApp_14.53.85.0_x64__kzf8qxf38zg5c\SkypeApp.exe
    Faulting module path: C:\Windows\System32\Windows.UI.Xaml.dll
    Report Id: 41d5e7ac-58af-4bf7-9ba4-d916e777c8e0
    Faulting package full name: Microsoft.SkypeApp_14.53.85.0_x64__kzf8qxf38zg5c
    Faulting package-relative application ID: App
    Error: (11/06/2019 02:40:05 PM) (Source: Application Error) (EventID: 1000) (User: )
    Description: Faulting application name: adwcleaner_7.4.2.exe, version: 7.4.2.0, time stamp: 0x5dadf380
    Faulting module name: ISD_Tablet.dll, version: 7.3.4.38, time stamp: 0x59216f3c
    Exception code: 0xc0000005
    Fault offset: 0x000dc6ae
    Faulting process id: 0x192c
    Faulting application start time: 0x01d594e2302d7e19
    Faulting application path: C:\Users\baile\Desktop\adwcleaner_7.4.2.exe
    Faulting module path: C:\WINDOWS\SYSTEM32\ISD_Tablet.dll
    Report Id: 9e6c23fd-9153-4441-849b-bb165100f7b8
    Faulting package full name:
    Faulting package-relative application ID:
    Error: (11/06/2019 02:40:00 PM) (Source: Application Error) (EventID: 1000) (User: )
    Description: Faulting application name: explorer.exe, version: 10.0.17763.771, time stamp: 0xe9df2906
    Faulting module name: combase.dll, version: 10.0.17763.737, time stamp: 0xc366780e
    Exception code: 0xc0000005
    Fault offset: 0x000000000004aaa4
    Faulting process id: 0x2f3c
    Faulting application start time: 0x01d594cd1495ae06
    Faulting application path: C:\WINDOWS\explorer.exe
    Faulting module path: C:\WINDOWS\System32\combase.dll
    Report Id: a75cbd13-572f-400b-83c9-6a18d0fc006d
    Faulting package full name:
    Faulting package-relative application ID:
    Error: (11/06/2019 02:40:00 PM) (Source: .NET Runtime) (EventID: 1026) (User: )
    Description: Application: explorer.exe
    Framework Version: v4.0.30319
    Description: The process was terminated due to an unhandled exception.
    Exception Info: exception code c0000005, exception address 00007FFA01F8AAA4
    Error: (11/06/2019 03:09:53 AM) (Source: Bonjour Service) (EventID: 100) (User: )
    Description: Task Scheduling Error: m->NextScheduledSPRetry 10800032
    System errors:
    =============
    Error: (11/07/2019 09:57:24 PM) (Source: DCOM) (EventID: 10016) (User: YOGA720-15IKB)
    Description: The application-specific permission settings do not grant Local Activation permission for the COM Server application with CLSID
    {2593F8B9-4EAF-457C-B68A-50F6B8EA6B54}
    and APPID
    {15C20B67-12E7-4BB6-92BB-7AFF07997402}
    to the user YOGA720-15IKB\bailey SID (S-1-5-21-260720292-2504253849-2348319339-1001) from address LocalHost (Using LRPC) running in the application container Unavailable SID (Unavailable). This security permission can be modified using the Component Services administrative tool.
    Error: (11/07/2019 09:03:31 PM) (Source: DCOM) (EventID: 10016) (User: YOGA720-15IKB)
    Description: The application-specific permission settings do not grant Local Activation permission for the COM Server application with CLSID
    {2593F8B9-4EAF-457C-B68A-50F6B8EA6B54}
    and APPID
    {15C20B67-12E7-4BB6-92BB-7AFF07997402}
    to the user YOGA720-15IKB\bailey SID (S-1-5-21-260720292-2504253849-2348319339-1001) from address LocalHost (Using LRPC) running in the application container Unavailable SID (Unavailable). This security permission can be modified using the Component Services administrative tool.
    Error: (11/07/2019 09:03:24 PM) (Source: DCOM) (EventID: 10016) (User: YOGA720-15IKB)
    Description: The application-specific permission settings do not grant Local Activation permission for the COM Server application with CLSID
    {2593F8B9-4EAF-457C-B68A-50F6B8EA6B54}
    and APPID
    {15C20B67-12E7-4BB6-92BB-7AFF07997402}
    to the user YOGA720-15IKB\bailey SID (S-1-5-21-260720292-2504253849-2348319339-1001) from address LocalHost (Using LRPC) running in the application container Unavailable SID (Unavailable). This security permission can be modified using the Component Services administrative tool.
    Error: (11/07/2019 08:26:19 PM) (Source: DCOM) (EventID: 10016) (User: YOGA720-15IKB)
    Description: The application-specific permission settings do not grant Local Activation permission for the COM Server application with CLSID
    {2593F8B9-4EAF-457C-B68A-50F6B8EA6B54}
    and APPID
    {15C20B67-12E7-4BB6-92BB-7AFF07997402}
    to the user YOGA720-15IKB\bailey SID (S-1-5-21-260720292-2504253849-2348319339-1001) from address LocalHost (Using LRPC) running in the application container Unavailable SID (Unavailable). This security permission can be modified using the Component Services administrative tool.
    Error: (11/07/2019 08:25:35 PM) (Source: DCOM) (EventID: 10016) (User: YOGA720-15IKB)
    Description: The application-specific permission settings do not grant Local Activation permission for the COM Server application with CLSID
    {2593F8B9-4EAF-457C-B68A-50F6B8EA6B54}
    and APPID
    {15C20B67-12E7-4BB6-92BB-7AFF07997402}
    to the user YOGA720-15IKB\bailey SID (S-1-5-21-260720292-2504253849-2348319339-1001) from address LocalHost (Using LRPC) running in the application container Unavailable SID (Unavailable). This security permission can be modified using the Component Services administrative tool.
    Error: (11/07/2019 08:25:22 PM) (Source: DCOM) (EventID: 10016) (User: YOGA720-15IKB)
    Description: The application-specific permission settings do not grant Local Activation permission for the COM Server application with CLSID
    {2593F8B9-4EAF-457C-B68A-50F6B8EA6B54}
    and APPID
    {15C20B67-12E7-4BB6-92BB-7AFF07997402}
    to the user YOGA720-15IKB\bailey SID (S-1-5-21-260720292-2504253849-2348319339-1001) from address LocalHost (Using LRPC) running in the application container Unavailable SID (Unavailable). This security permission can be modified using the Component Services administrative tool.
    Error: (11/07/2019 08:16:54 PM) (Source: DCOM) (EventID: 10016) (User: YOGA720-15IKB)
    Description: The application-specific permission settings do not grant Local Activation permission for the COM Server application with CLSID
    {2593F8B9-4EAF-457C-B68A-50F6B8EA6B54}
    and APPID
    {15C20B67-12E7-4BB6-92BB-7AFF07997402}
    to the user YOGA720-15IKB\bailey SID (S-1-5-21-260720292-2504253849-2348319339-1001) from address LocalHost (Using LRPC) running in the application container Unavailable SID (Unavailable). This security permission can be modified using the Component Services administrative tool.
    Error: (11/07/2019 07:40:57 PM) (Source: DCOM) (EventID: 10016) (User: YOGA720-15IKB)
    Description: The application-specific permission settings do not grant Local Activation permission for the COM Server application with CLSID
    {2593F8B9-4EAF-457C-B68A-50F6B8EA6B54}
    and APPID
    {15C20B67-12E7-4BB6-92BB-7AFF07997402}
    to the user YOGA720-15IKB\bailey SID (S-1-5-21-260720292-2504253849-2348319339-1001) from address LocalHost (Using LRPC) running in the application container Unavailable SID (Unavailable). This security permission can be modified using the Component Services administrative tool.
    Windows Defender:
    ===================================
    Date: 2019-11-05 23:14:29.618
    Description:
    Windows Defender Antivirus scan has been stopped before completion.
    Scan ID: {9BD470F9-86C4-40CE-A9FA-7F6F24C7859F}
    Scan Type: Antimalware
    Scan Parameters: Quick Scan
    Date: 2019-10-20 17:45:48.825
    Description:
    Windows Defender Antivirus scan has been stopped before completion.
    Scan ID: {E3E3B27C-5DCB-4D6E-8FD1-7CA8B0AF7DC1}
    Scan Type: Antimalware
    Scan Parameters: Quick Scan
    Date: 2019-10-17 00:36:47.818
    Description:
    Windows Defender Antivirus scan has been stopped before completion.
    Scan ID: {ED4FDAAD-A3C7-4B4B-8EFD-FF1FCF1B06C0}
    Scan Type: Antimalware
    Scan Parameters: Quick Scan
    Date: 2019-10-13 14:40:45.986
    Description:
    Windows Defender Antivirus scan has been stopped before completion.
    Scan ID: {8B05BCA6-3FDD-4DC4-9829-94D742A38185}
    Scan Type: Antimalware
    Scan Parameters: Quick Scan
    Date: 2019-10-10 20:07:00.331
    Description:
    Windows Defender Antivirus scan has been stopped before completion.
    Scan ID: {2FDB2CF4-351C-4F3F-9A39-CE1ECDCF2E9A}
    Scan Type: Antimalware
    Scan Parameters: Quick Scan
    Date: 2019-11-03 18:49:57.311
    Description:
    Windows Defender Antivirus has encountered an error trying to load signatures and will attempt reverting back to a known-good set of signatures.
    Signatures Attempted: Current
    Error Code: 0x80070003
    Error description: The system cannot find the path specified.
    Signature version: 0.0.0.0;0.0.0.0
    Engine version: 0.0.0.0
    CodeIntegrity:
    ===================================
    Date: 2019-11-07 21:52:12.798
    Description:
    Code Integrity determined that a process (\Device\HarddiskVolume3\Windows\System32\MicrosoftEdgeCP.exe) attempted to load \Device\HarddiskVolume3\Program Files\Malwarebytes\Anti-Malware\mbae64.dll that did not meet the Store signing level requirements.
    Date: 2019-11-07 21:50:12.962
    Description:
    Code Integrity determined that a process (\Device\HarddiskVolume3\Windows\System32\MicrosoftEdgeCP.exe) attempted to load \Device\HarddiskVolume3\Program Files\Malwarebytes\Anti-Malware\mbae64.dll that did not meet the Store signing level requirements.
    Date: 2019-11-07 21:50:02.980
    Description:
    Code Integrity determined that a process (\Device\HarddiskVolume3\Windows\System32\MicrosoftEdgeCP.exe) attempted to load \Device\HarddiskVolume3\Program Files\Malwarebytes\Anti-Malware\mbae64.dll that did not meet the Store signing level requirements.
    Date: 2019-11-07 21:49:53.328
    Description:
    Code Integrity determined that a process (\Device\HarddiskVolume3\Windows\System32\MicrosoftEdgeCP.exe) attempted to load \Device\HarddiskVolume3\Program Files\Malwarebytes\Anti-Malware\mbae64.dll that did not meet the Store signing level requirements.
    Date: 2019-11-07 21:49:52.967
    Description:
    Code Integrity determined that a process (\Device\HarddiskVolume3\Windows\System32\MicrosoftEdgeCP.exe) attempted to load \Device\HarddiskVolume3\Program Files\Malwarebytes\Anti-Malware\mbae64.dll that did not meet the Store signing level requirements.
    Date: 2019-11-07 21:49:42.041
    Description:
    Code Integrity determined that a process (\Device\HarddiskVolume3\Windows\System32\MicrosoftEdgeCP.exe) attempted to load \Device\HarddiskVolume3\Program Files\Malwarebytes\Anti-Malware\mbae64.dll that did not meet the Store signing level requirements.
    Date: 2019-11-07 21:49:27.804
    Description:
    Code Integrity determined that a process (\Device\HarddiskVolume3\Windows\System32\MicrosoftEdgeCP.exe) attempted to load \Device\HarddiskVolume3\Program Files\Malwarebytes\Anti-Malware\mbae64.dll that did not meet the Store signing level requirements.
    Date: 2019-11-07 21:49:15.389
    Description:
    Code Integrity determined that a process (\Device\HarddiskVolume3\Windows\System32\MicrosoftEdgeCP.exe) attempted to load \Device\HarddiskVolume3\Program Files\Malwarebytes\Anti-Malware\mbae64.dll that did not meet the Store signing level requirements.
    ==================== Memory info ===========================
    BIOS: LENOVO 4MCN33WW(V2.05) 07/19/2018
    Motherboard: LENOVO LNVNB161216
    Processor: Intel(R) Core(TM) i7-7700HQ CPU @ 2.80GHz
    Percentage of memory in use: 46%
    Total physical RAM: 8050.39 MB
    Available physical RAM: 4307.85 MB
    Total Virtual: 10994.39 MB
    Available Virtual: 6566.58 MB
    ==================== Drives ================================
    Drive c: (Windows) (Fixed) (Total:212.23 GB) (Free:60.56 GB) NTFS
    Drive d: (LENOVO) (Fixed) (Total:25 GB) (Free:16.94 GB) NTFS
    Drive e: (My Passport) (Fixed) (Total:931.48 GB) (Free:759.2 GB) NTFS
    \\?\Volume{f502dc90-57ed-4a7b-a2e2-fa55f122b281}\ (WINRE_DRV) (Fixed) (Total:0.98 GB) (Free:0.43 GB) NTFS
    \\?\Volume{d43090cd-ee40-4e84-a945-39394c9839b4}\ (SYSTEM_DRV) (Fixed) (Total:0.25 GB) (Free:0.22 GB) FAT32
    ==================== MBR & Partition Table ====================
    ==========================================================
    Disk: 0 (Size: 238.5 GB) (Disk ID: A3FF1E49)
    Partition: GPT.
    ==========================================================
    Disk: 1 (Size: 931.5 GB) (Disk ID: 16F2A91F)
    Partition: GPT.
    ==================== End of Addition.txt =======================
     
  5. sportsmom2x2

    sportsmom2x2 Thread Starter

    Joined:
    Sep 3, 2007
    Messages:
    156
    Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 06-11-2019
    Ran by bailey (administrator) on YOGA720-15IKB (LENOVO 80X7) (07-11-2019 21:58:51)
    Running from C:\Users\baile\Desktop
    Loaded Profiles: bailey (Available Profiles: bailey)
    Platform: Windows 10 Home Version 1809 17763.805 (X64) Language: English (United States)
    Default browser: Chrome
    Boot Mode: Normal
    Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/
    ==================== Processes (Whitelisted) =================
    (If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
    (Adobe Inc. -> Adobe Inc.) C:\Program Files (x86)\Common Files\Adobe\Adobe Desktop Common\ElevationManager\AdobeUpdateService.exe
    (Adobe Inc. -> Adobe Systems, Incorporated) C:\Program Files (x86)\Common Files\Adobe\AdobeGCClient\AGMService.exe
    (Adobe Inc. -> Adobe Systems, Incorporated) C:\Program Files (x86)\Common Files\Adobe\AdobeGCClient\AGSService.exe
    (Apple Inc. -> Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
    (Apple Inc. -> Apple Inc.) C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
    (Dolby Laboratories, Inc. -> ) C:\Program Files\Dolby\Dolby DAX3\API\DAX3API.exe
    (Dolby Laboratories, Inc. -> ) C:\Program Files\Dolby\Dolby DAX3\APP\DAX3TrayIcon.exe
    (Fitbit, Inc. -> Fitbit, Inc.) [File not signed] C:\Program Files (x86)\Fitbit Connect\FitbitConnectService.exe
    (Google Inc -> Google LLC) C:\Program Files (x86)\Google\Update\1.3.35.342\GoogleCrashHandler.exe
    (Google Inc -> Google LLC) C:\Program Files (x86)\Google\Update\1.3.35.342\GoogleCrashHandler64.exe
    (Hewlett Packard -> Hewlett-Packard Co.) C:\Program Files\HP\HP Officejet Pro 8600\Bin\HPNetworkCommunicator.exe
    (Hewlett Packard -> Hewlett-Packard Co.) C:\Program Files\HP\HP Officejet Pro 8600\Bin\ScanToPCActivationApp.exe
    (Hewlett-Packard Company -> Hewlett-Packard) C:\Program Files (x86)\HP\HP Software Update\hpwuschd2.exe
    (HP Inc -> HP Inc.) C:\Program Files\HP\HP OfficeJet Pro 8020 series\Bin\HPNetworkCommunicatorCom.exe
    (HP Inc -> HP Inc.) C:\Program Files\HP\HP OfficeJet Pro 8020 series\Bin\ScanToPCActivationApp.exe
    (Intel Corporation - pGFX -> Intel Corporation) C:\Windows\System32\Intel\DPTF\esif_uf.exe
    (Intel Corporation -> Intel Corporation) C:\Windows\Temp\DPTF\esif_assist_64.exe
    (Intel(R) pGFX -> Intel Corporation) C:\Windows\System32\DriverStore\FileRepository\igdlh64.inf_amd64_3d757484a892eacf\igfxCUIService.exe
    (Intel(R) pGFX -> Intel Corporation) C:\Windows\System32\DriverStore\FileRepository\igdlh64.inf_amd64_3d757484a892eacf\igfxEM.exe
    (Intel(R) pGFX -> Intel Corporation) C:\Windows\System32\DriverStore\FileRepository\igdlh64.inf_amd64_3d757484a892eacf\IntelCpHDCPSvc.exe
    (Intel(R) pGFX -> Intel Corporation) C:\Windows\System32\DriverStore\FileRepository\igdlh64.inf_amd64_3d757484a892eacf\IntelCpHeciSvc.exe
    (Intel(R) Wireless Connectivity Solutions -> Intel Corporation) C:\Windows\System32\ibtsiva.exe
    (Lenovo -> ) C:\Program Files\Lenovo\Lenovo Migration Assistant\maService.exe
    (LENOVO -> Lenovo) C:\Program Files\Lenovo\YMC\ymc.exe
    (Malwarebytes Inc -> Malwarebytes) C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe
    (Malwarebytes Inc -> Malwarebytes) C:\Program Files\Malwarebytes\Anti-Malware\mbamtray.exe
    (Microsoft Corporation -> Microsoft Corporation) C:\Program Files\Microsoft Office 15\ClientX64\officeclicktorun.exe
    (Microsoft Corporation -> Microsoft Corporation) C:\Program Files\Microsoft Office 15\root\office15\OUTLOOK.EXE
    (Microsoft Corporation -> Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v3.0\WPF\PresentationFontCache.exe
    (Microsoft Corporation -> Microsoft Corporation) C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe
    (Microsoft Corporation) C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_16005.12026.20368.0_x64__8wekyb3d8bbwe\HxOutlook.exe
    (Microsoft Corporation) C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_16005.12026.20368.0_x64__8wekyb3d8bbwe\HxTsr.exe
    (Microsoft Corporation) C:\Program Files\WindowsApps\Microsoft.WindowsStore_11911.1001.8.0_x64__8wekyb3d8bbwe\WinStore.App.exe
    (Microsoft Corporation) C:\Program Files\WindowsApps\Microsoft.ZuneMusic_10.19101.10711.0_x64__8wekyb3d8bbwe\Music.UI.exe
    (Microsoft Corporation) C:\Program Files\WindowsApps\Microsoft.ZuneVideo_10.19101.10711.0_x64__8wekyb3d8bbwe\Video.UI.exe
    (Microsoft Windows -> Microsoft Corporation) C:\Windows\ImmersiveControlPanel\SystemSettings.exe
    (Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\browser_broker.exe
    (Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\dllhost.exe
    (Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\dllhost.exe
    (Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\dllhost.exe
    (Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\MicrosoftEdgeCP.exe
    (Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\MicrosoftEdgeSH.exe
    (Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\smartscreen.exe
    (Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\wlanext.exe
    (Microsoft Windows Publisher -> Microsoft Corporation) C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.1910.4-0\MsMpEng.exe
    (Microsoft Windows Publisher -> Microsoft Corporation) C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.1910.4-0\NisSrv.exe
    (Network Protect Ltd -> UltraVPN) C:\Program Files (x86)\UltraVPN\UltraVPN.exe
    (Network Protect Ltd -> UltraVPN) C:\Program Files (x86)\UltraVPN\UltraVPNSvc.exe
    (Realtek Semiconductor Corp. -> Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe
    (Realtek Semiconductor Corp. -> Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe
    (Realtek Semiconductor Corp. -> Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe
    (Realtek Semiconductor Corp. -> Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
    (Wacom Technology Corp. -> Wacom Technology) C:\Program Files\Tablet\ISD\WacomHost.exe
    (Wacom Technology Corp. -> Wacom Technology) C:\Program Files\Tablet\Wacom\WacomHost.exe
    (Wacom Technology Corporation -> Wacom Technology, Corp.) C:\Program Files\Tablet\ISD\ISD_Tablet.exe
    (Wacom Technology Corporation -> Wacom Technology, Corp.) C:\Program Files\Tablet\ISD\ISD_TabletUser.exe
    (Wacom Technology Corporation -> Wacom Technology, Corp.) C:\Program Files\Tablet\ISD\WTabletServiceISD.exe
    (Wacom Technology Corporation -> Wacom Technology, Corp.) C:\Program Files\Tablet\Wacom\Wacom_Tablet.exe
    (Wacom Technology Corporation -> Wacom Technology, Corp.) C:\Program Files\Tablet\Wacom\Wacom_TabletUser.exe
    (Wacom Technology Corporation -> Wacom Technology, Corp.) C:\Program Files\Tablet\Wacom\Wacom_TouchUser.exe
    (Wacom Technology Corporation -> Wacom Technology, Corp.) C:\Program Files\Tablet\Wacom\WTabletServicePro.exe
    (Western Digital Technologies, Inc. -> Western Digital Technologies, Inc.) C:\Program Files (x86)\Western Digital\WD App Manager\Plugins\WD Backup\App\WDBackupService.exe
    (Western Digital Technologies, Inc. -> Western Digital Technologies, Inc.) C:\Program Files (x86)\Western Digital\WD App Manager\WDAppManager.exe
    ==================== Registry (Whitelisted) ===================
    (If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
    HKLM\...\Run: [AdobeAAMUpdater-1.0] => C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe [509936 2018-04-10] (Adobe Systems Incorporated -> Adobe Systems Incorporated)
    HKLM\...\Run: [AdobeGCInvoker-1.0] => C:\Program Files (x86)\Common Files\Adobe\AdobeGCClient\AGCInvokerUtility.exe [2872400 2019-10-08] (Adobe Inc. -> Adobe Systems, Incorporated)
    HKLM\...\Run: [Logitech Download Assistant] => C:\Windows\System32\LogiLDA.dll [3942864 2016-10-13] (Logitech -> Logitech, Inc.)
    HKLM\...\Run: [RTHDVCPL] => C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [18376680 2017-06-08] (Realtek Semiconductor Corp. -> Realtek Semiconductor)
    HKLM\...\Run: [RtHDVBg_Dolby] => C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe [1489888 2017-06-08] (Realtek Semiconductor Corp. -> Realtek Semiconductor)
    HKLM\...\Run: [RtHDVBg_LENOVO_DOLBYDRAGON] => C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe [1489888 2017-06-08] (Realtek Semiconductor Corp. -> Realtek Semiconductor)
    HKLM\...\Run: [RtHDVBg_LENOVO_MICPKEY] => C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe [1489888 2017-06-08] (Realtek Semiconductor Corp. -> Realtek Semiconductor)
    HKLM\...\Run: [APP] => C:\Program Files\Dolby\Dolby DAX3\APP\DAX3TrayIcon.exe [963376 2016-10-27] (Dolby Laboratories, Inc. -> )
    HKLM\...\Run: [iTunesHelper] => C:\Users\baile\Downloads\iTunesHelper.exe [302904 2019-10-03] (Apple Inc. -> Apple Inc.)
    HKLM-x32\...\Run: [Adobe Creative Cloud] => C:\Program Files (x86)\Adobe\Adobe Creative Cloud\ACC\Creative Cloud.exe [401464 2019-09-27] (Adobe Inc. -> Adobe Inc.)
    HKLM-x32\...\Run: [HP Software Update] => C:\Program Files (x86)\Hp\HP Software Update\HPWuSchd2.exe [96056 2013-05-30] (Hewlett-Packard Company -> Hewlett-Packard)
    HKLM-x32\...\Run: [Fitbit Connect] => C:\Program Files (x86)\Fitbit Connect\Fitbit Connect.exe [3414184 2015-09-11] (Fitbit, Inc. -> Fitbit, Inc.) [File not signed]
    HKLM-x32\...\Run: [WDAppManager] => C:\Program Files (x86)\Western Digital\WD App Manager\AppManagerLauncher.exe [21888 2018-01-24] (Western Digital Technologies, Inc. -> Western Digital Technologies, Inc.)
    HKU\S-1-5-21-260720292-2504253849-2348319339-1001\...\Run: [iCloudServices] => C:\Program Files (x86)\Common Files\Apple\Internet Services\iCloudServices.exe [67384 2019-10-01] (Apple Inc. -> Apple Inc.)
    HKU\S-1-5-21-260720292-2504253849-2348319339-1001\...\Run: [iCloudDrive] => C:\Program Files (x86)\Common Files\Apple\Internet Services\iCloudDrive.exe [110392 2019-10-01] (Apple Inc. -> Apple Inc.)
    HKU\S-1-5-21-260720292-2504253849-2348319339-1001\...\Run: [HP Officejet Pro 8600 (NET)] => C:\Program Files\HP\HP Officejet Pro 8600\Bin\ScanToPCActivationApp.exe [2573416 2012-10-17] (Hewlett Packard -> Hewlett-Packard Co.)
    HKU\S-1-5-21-260720292-2504253849-2348319339-1001\...\Run: [Fitbit Connect] => C:\Program Files (x86)\Fitbit Connect\Fitbit Connect.exe [3414184 2015-09-11] (Fitbit, Inc. -> Fitbit, Inc.) [File not signed]
    HKU\S-1-5-21-260720292-2504253849-2348319339-1001\...\Run: [HP OfficeJet Pro 8020 series (NET)] => C:\Program Files\HP\HP OfficeJet Pro 8020 series\Bin\ScanToPCActivationApp.exe [4071840 2018-12-10] (HP Inc -> HP Inc.)
    HKU\S-1-5-21-260720292-2504253849-2348319339-1001\...\MountPoints2: {1285eeda-e8c4-11e9-82dd-a87f714249d0} - "E:\VZW_Software_upgrade_assistant.exe"
    HKLM\Software\Microsoft\Active Setup\Installed Components: [{8A69D345-D564-463c-AFF1-A69D9E530F96}] -> C:\Program Files (x86)\Google\Chrome\Application\78.0.3904.97\Installer\chrmstp.exe [2019-11-07] (Google LLC -> Google LLC)
    Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\UltraVPN.lnk [2019-02-01]
    ShortcutTarget: UltraVPN.lnk -> C:\Program Files (x86)\UltraVPN\UltraVPN.exe (Network Protect Ltd -> UltraVPN)
    Startup: C:\Users\baile\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Monitor Ink Alerts - .lnk [2019-08-22]
    ShortcutAndArgument: Monitor Ink Alerts - .lnk -> C:\WINDOWS\system32\RunDll32.exe => "C:\Program Files\HP\HP Officejet Pro 8600\bin\HPStatusBL.dll",RunDLLEntry SERIALNUMBER=CN3AOEWGF505KC;CONNECTION=NW;MONITOR=1;
    Startup: C:\Users\baile\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Monitor Ink Alerts - HP Officejet Pro 8600 (Network).lnk [2019-10-16]
    ShortcutAndArgument: Monitor Ink Alerts - HP Officejet Pro 8600 (Network).lnk -> C:\WINDOWS\system32\RunDll32.exe => "C:\Program Files\HP\HP Officejet Pro 8600\bin\HPStatusBL.dll",RunDLLEntry SERIALNUMBER=CN3AOEWGF505KC;CONNECTION=NW;MONITOR=1;
    Startup: C:\Users\baile\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Send to OneNote.lnk [2019-10-22]
    ShortcutTarget: Send to OneNote.lnk -> C:\Program Files\Microsoft Office 15\root\office15\ONENOTEM.EXE (Microsoft Corporation -> Microsoft Corporation)
    FF HKLM\SOFTWARE\Policies\Mozilla\Firefox: Restriction <==== ATTENTION
    CHR HKLM\SOFTWARE\Policies\Google: Restriction <==== ATTENTION
    ==================== Scheduled Tasks (Whitelisted) ============
    (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
    Task: {0E41EACB-602F-472D-A50B-BAC99EBC6892} - System32\Tasks\[email protected] => C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe [509936 2018-04-10] (Adobe Systems Incorporated -> Adobe Systems Incorporated)
    Task: {10A2D8F3-B81B-4C19-AA59-BED341E8F286} - System32\Tasks\Adobe Flash Player PPAPI Notifier => C:\WINDOWS\SysWOW64\Macromed\Flash\FlashUtil32_32_0_0_270_pepper.exe [1453112 2019-10-09] (Adobe Inc. -> Adobe)
    Task: {138C7D27-E8F7-45CF-824E-5382F35FB876} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [153168 2017-12-30] (Google Inc -> Google Inc.)
    Task: {25B126E2-E129-4B8C-A051-AE8F6C2AC12F} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [153168 2017-12-30] (Google Inc -> Google Inc.)
    Task: {280D02D9-6D81-45CC-B7FA-7DFB7C4EDA71} - System32\Tasks\Adobe Uninstaller => C:\Program Files (x86)\Adobe\Adobe Creative Cloud\ACC\Creative Cloud.exe [401464 2019-09-27] (Adobe Inc. -> Adobe Inc.)
    Task: {3E154EAE-7138-4F19-9F37-D9157CEBB0E1} - System32\Tasks\Kaspersky_Upgrade_{E7FE8BD6-07C8-4138-AB61-92AA886397EA} => C:\Program Files\Common Files\AV\Kaspersky Anti-Virus\upgrade.exe [595904 2019-10-21] (Kaspersky Lab -> AO Kaspersky Lab)
    Task: {53FA9348-5DED-47C7-AC6F-4F0F7A0836D9} - System32\Tasks\Microsoft\Office\Office ClickToRun Service Monitor => C:\Program Files\Microsoft Office 15\ClientX64\OfficeC2RClient.exe [979024 2019-02-13] (Microsoft Corporation -> Microsoft Corporation)
    Task: {80649F8B-3557-47EF-AE0C-E42DA7305790} - System32\Tasks\HPCustParticipation HP OfficeJet Pro 8020 series => C:\Program Files\HP\HP OfficeJet Pro 8020 series\Bin\HPCustPartic.exe [6692256 2019-07-25] (HP Inc -> HP Inc.)
    Task: {854037A7-409A-4E7E-8839-B64D9DD70321} - System32\Tasks\Antivirus Emergency Update => C:\Program Files (x86)\AVG\Antivirus\AvEmUpdate.exe
    Task: {86498FD1-0AB2-4547-9638-10E5FD662851} - System32\Tasks\Adobe Flash Player Updater => C:\WINDOWS\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [335416 2019-10-09] (Adobe Inc. -> Adobe)
    Task: {9893ED56-95D5-4BC0-811C-C7FD7240F18F} - System32\Tasks\Microsoft\Windows\Windows Defender\Windows Defender Cache Maintenance => C:\ProgramData\Microsoft\Windows Defender\platform\4.18.1910.4-0\MpCmdRun.exe [469928 2019-11-03] (Microsoft Windows Publisher -> Microsoft Corporation)
    Task: {ABCD284A-8C24-49C7-8EAC-395A6E913A97} - System32\Tasks\Microsoft\Office\Office Automatic Updates => C:\Program Files\Microsoft Office 15\ClientX64\OfficeC2RClient.exe [979024 2019-02-13] (Microsoft Corporation -> Microsoft Corporation)
    Task: {B8E1E233-B0BD-4527-9C18-8A9E74A99A8D} - System32\Tasks\Microsoft\Windows\Windows Defender\Windows Defender Scheduled Scan => C:\ProgramData\Microsoft\Windows Defender\platform\4.18.1910.4-0\MpCmdRun.exe [469928 2019-11-03] (Microsoft Windows Publisher -> Microsoft Corporation)
    Task: {D7E912F0-CD6F-456B-A47A-42DCED783974} - System32\Tasks\AdobeAAMUpdater-1.0-YOGA720-15IKB-bailey => C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe [509936 2018-04-10] (Adobe Systems Incorporated -> Adobe Systems Incorporated)
    Task: {E631038B-2CFE-4CA4-9F1F-8732D0DFB9A8} - System32\Tasks\Apple\AppleSoftwareUpdate => C:\Program Files (x86)\Apple Software Update\SoftwareUpdate.exe [616832 2019-09-04] (Apple Inc. -> Apple Inc.)
    Task: {E6B19B21-5958-4DF3-8199-D0E8A3CD31F8} - System32\Tasks\Microsoft\Windows\Windows Defender\Windows Defender Verification => C:\ProgramData\Microsoft\Windows Defender\platform\4.18.1910.4-0\MpCmdRun.exe [469928 2019-11-03] (Microsoft Windows Publisher -> Microsoft Corporation)
    Task: {E78A56F7-58D9-4451-BB2B-B9FF5AE1BD63} - System32\Tasks\Microsoft\Windows\Windows Defender\Windows Defender Cleanup => C:\ProgramData\Microsoft\Windows Defender\platform\4.18.1910.4-0\MpCmdRun.exe [469928 2019-11-03] (Microsoft Windows Publisher -> Microsoft Corporation)
    Task: {EE3668F8-BBB2-4DDE-9358-770A17D5080C} - System32\Tasks\Apple Diagnostics => C:\Program Files (x86)\Common Files\Apple\Internet Services\EReporter.exe [67896 2019-10-01] (Apple Inc. -> Apple Inc.)
    Task: {F9330818-1ABC-4A7E-83C5-454D9B18F8AA} - System32\Tasks\Lenovo\Lenovo MigrationAssistant logon task => C:\Program Files\Lenovo\Lenovo Migration Assistant\maService.exe [151920 2017-12-06] (Lenovo -> )
    Task: {FD2632BD-314B-4274-8CCD-5DBBB8FB4359} - System32\Tasks\AdobeGCInvoker-1.0 => C:\Program Files (x86)\Common Files\Adobe\AdobeGCClient\AGCInvokerUtility.exe [2872400 2019-10-08] (Adobe Inc. -> Adobe Systems, Incorporated)
    Task: {FD7E4D41-F141-40D9-AAB5-790B1C8CF50E} - System32\Tasks\AVG\Overseer => C:\Program Files\Common Files\AVG\Overseer\overseer.exe
    (If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)
    Task: C:\WINDOWS\Tasks\CreateExplorerShellUnelevatedTask.job => C:\WINDOWS\explorer.exe
    ==================== Internet (Whitelisted) ====================
    (If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
    Tcpip\Parameters: [DhcpNameServer] 192.168.1.1 207.190.94.2 207.190.94.129
    Tcpip\..\Interfaces\{3c4a9f21-8085-4361-98eb-ab3060e81302}: [DhcpNameServer] 192.168.1.1 207.190.94.2 207.190.94.129
    Internet Explorer:
    ==================
    HKU\S-1-5-21-260720292-2504253849-2348319339-1001\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://lenovo17win10.msn.com/?pc=LCTE
    HKU\S-1-5-21-260720292-2504253849-2348319339-1001\Software\Microsoft\Internet Explorer\Main,Secondary Start Pages = hxxp://mystart.lenovo.com
    SearchScopes: HKU\S-1-5-21-260720292-2504253849-2348319339-1001 -> DefaultScope {D4DBA3E0-BA8B-43C2-9BDB-2CD84DB0CF9F} URL =
    SearchScopes: HKU\S-1-5-21-260720292-2504253849-2348319339-1001 -> {D4DBA3E0-BA8B-43C2-9BDB-2CD84DB0CF9F} URL =
    BHO: Skype for Business Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX64\Microsoft Office\Office15\OCHelper.dll [2019-08-27] (Microsoft Corporation -> Microsoft Corporation)
    BHO: Microsoft SkyDrive Pro Browser Helper -> {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} -> C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX64\Microsoft Office\Office15\GROOVEEX.DLL [2019-10-14] (Microsoft Corporation -> Microsoft Corporation)
    Toolbar: HKU\S-1-5-21-260720292-2504253849-2348319339-1001 -> No Name - {EF293C5A-9F37-49FD-91C4-2B867063FC54} - No File
    Handler-x32: osf - {D924BDC6-C83A-4BD5-90D0-095128A113D1} - C:\Program Files\Microsoft Office 15\root\Office15\MSOSB.DLL [2017-12-20] (Microsoft Corporation -> Microsoft Corporation)
    Edge:
    ======
    DownloadDir: C:\Users\baile\Downloads
    Edge Extension: (LastPass: Free Password Manager) -> hdokiejnpimakedhajhdlcegeplioahd_LastPassLastPassFreePasswordManager_qq0fmhteeht3j => C:\Program Files\WindowsApps\LastPass.LastPassFreePasswordManager_4.36.0.0_neutral__qq0fmhteeht3j [2019-11-04]
    FireFox:
    ========
    FF Plugin: adobe.com/AdobeAAMDetect -> C:\Program Files (x86)\Adobe\Adobe Creative Cloud\Utils\npAdobeAAMDetect64.dll [2019-09-27] (Adobe Inc. -> Adobe Systems)
    FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\Program Files\Microsoft Office 15\root\Office15\NPSPWRAP.DLL [2017-12-20] (Microsoft Corporation -> Microsoft Corporation)
    FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.35.342\npGoogleUpdate3.dll [2019-11-05] (Google Inc -> Google LLC)
    FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.35.342\npGoogleUpdate3.dll [2019-11-05] (Google Inc -> Google LLC)
    FF Plugin-x32: adobe.com/AdobeAAMDetect -> C:\Program Files (x86)\Adobe\Adobe Creative Cloud\Utils\npAdobeAAMDetect32.dll [2019-09-27] (Adobe Inc. -> Adobe Systems)
    FF Plugin HKU\S-1-5-21-260720292-2504253849-2348319339-1001: @rocketlife.com/RocketLife Secure Plug-In Layer;version=1.0.5 -> C:\Users\baile\AppData\Roaming\Visan\plugins\npRLSecurePluginLayer.dll [2011-11-15] (RocketLife -> RocketLife, LLP)
    Chrome:
    =======
    CHR DefaultProfile: Default
    CHR HomePage: Default -> file:///C:/Users/Owner/Documents/Medical
    CHR StartupUrls: Default -> "hxxp://google.com/"
    CHR DefaultSearchKeyword: Default -> lp
    CHR Profile: C:\Users\baile\AppData\Local\Google\Chrome\User Data\Default [2019-11-07]
    CHR Extension: (Slides) - C:\Users\baile\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2017-12-30]
    CHR Extension: (Docs) - C:\Users\baile\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2017-12-30]
    CHR Extension: (Google Drive) - C:\Users\baile\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2018-10-16]
    CHR Extension: (YouTube) - C:\Users\baile\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2017-12-30]
    CHR Extension: (Honey) - C:\Users\baile\AppData\Local\Google\Chrome\User Data\Default\Extensions\bmnlcjabgnpnenekpadlanbbkooimhnj [2019-10-19]
    CHR Extension: (Rakuten Ebates: Get Cash Back For Shopping) - C:\Users\baile\AppData\Local\Google\Chrome\User Data\Default\Extensions\chhjbpecpncaggjpdakmflnfcopglcmi [2019-11-03]
    CHR Extension: (Netflix) - C:\Users\baile\AppData\Local\Google\Chrome\User Data\Default\Extensions\deceagebecbceejblnlcjooeohmmeldh [2017-12-30]
    CHR Extension: (Sheets) - C:\Users\baile\AppData\Local\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2017-12-30]
    CHR Extension: (Google Docs Offline) - C:\Users\baile\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2018-08-15]
    CHR Extension: (LastPass: Free Password Manager) - C:\Users\baile\AppData\Local\Google\Chrome\User Data\Default\Extensions\hdokiejnpimakedhajhdlcegeplioahd [2019-11-03]
    CHR Extension: (Grammarly for Chrome) - C:\Users\baile\AppData\Local\Google\Chrome\User Data\Default\Extensions\kbfnbcaeplbcioakkpcpgfkobkghlhen [2019-11-03]
    CHR Extension: (No Name) - C:\Users\baile\AppData\Local\Google\Chrome\User Data\Default\Extensions\nenlahapcbofgnanklpelkaejcehkggg [2018-11-15]
    CHR Extension: (Chrome Web Store Payments) - C:\Users\baile\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2019-10-03]
    CHR Extension: (Gmail) - C:\Users\baile\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2019-04-23]
    CHR Extension: (Chrome Media Router) - C:\Users\baile\AppData\Local\Google\Chrome\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm [2019-11-03]
    CHR Profile: C:\Users\baile\AppData\Local\Google\Chrome\User Data\Guest Profile [2019-08-28]
    CHR Profile: C:\Users\baile\AppData\Local\Google\Chrome\User Data\System Profile [2019-08-28]
    CHR HKLM-x32\...\Chrome\Extension: [mbckjcfnjmoiinpgddefodcighgikkgn] - hxxps://clients2.google.com/service/update2/crx
    ==================== Services (Whitelisted) ===================
    (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
    R2 AdobeUpdateService; C:\Program Files (x86)\Common Files\Adobe\Adobe Desktop Common\ElevationManager\AdobeUpdateService.exe [823352 2019-09-27] (Adobe Inc. -> Adobe Inc.)
    R2 AGMService; C:\Program Files (x86)\Common Files\Adobe\AdobeGCClient\AGMService.exe [3147344 2019-10-08] (Adobe Inc. -> Adobe Systems, Incorporated)
    R2 AGSService; C:\Program Files (x86)\Common Files\Adobe\AdobeGCClient\AGSService.exe [2914896 2019-10-08] (Adobe Inc. -> Adobe Systems, Incorporated)
    R2 Apple Mobile Device Service; C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe [96056 2019-08-26] (Apple Inc. -> Apple Inc.)
    S3 BEService; C:\Program Files (x86)\Common Files\BattlEye\BEService.exe [8473200 2019-06-09] (BattlEye Innovations e.K. -> )
    R2 ClickToRunSvc; C:\Program Files\Microsoft Office 15\ClientX64\OfficeClickToRun.exe [3058256 2019-02-13] (Microsoft Corporation -> Microsoft Corporation)
    R2 Dolby DAX API Service; C:\Program Files\Dolby\Dolby DAX3\API\DAX3API.exe [212784 2017-04-28] (Dolby Laboratories, Inc. -> )
    S3 EasyAntiCheat; C:\Program Files (x86)\EasyAntiCheat\EasyAntiCheat.exe [803440 2019-06-09] (EasyAntiCheat Oy -> EasyAntiCheat Ltd)
    R2 esifsvc; C:\WINDOWS\system32\Intel\DPTF\esif_uf.exe [2211448 2016-11-08] (Intel Corporation - pGFX -> Intel Corporation)
    R2 Fitbit Connect; C:\Program Files (x86)\Fitbit Connect\FitbitConnectService.exe [1435304 2015-09-11] (Fitbit, Inc. -> Fitbit, Inc.) [File not signed]
    R2 ibtsiva; C:\WINDOWS\system32\ibtsiva.exe [515232 2017-06-22] (Intel(R) Wireless Connectivity Solutions -> Intel Corporation)
    R2 MBAMService; C:\Program Files\Malwarebytes\Anti-Malware\mbamservice.exe [6960640 2019-11-05] (Malwarebytes Inc -> Malwarebytes)
    R2 UltraVPNSvc; C:\Program Files (x86)\UltraVPN\UltraVPNSvc.exe [3226440 2019-02-01] (Network Protect Ltd -> UltraVPN)
    S3 WD Backup Drive Helper; C:\WINDOWS\SysWOW64\dllhost.exe /Processid:{4AB831D3-8315-414C-8A7A-303105288D0B} [19256 2018-09-15] (Microsoft Windows -> Microsoft Corporation)
    S3 WD Backup Drive Helper; C:\WINDOWS\SysWOW64\dllhost.exe /Processid:{4AB831D3-8315-414C-8A7A-303105288D0B} [19256 2018-09-15] (Microsoft Windows -> Microsoft Corporation)
    S3 WD Backup Snapshot; C:\WINDOWS\SysWOW64\dllhost.exe /Processid:{302480DF-3AC5-4400-BE7B-DD77AF93B6DD} [19256 2018-09-15] (Microsoft Windows -> Microsoft Corporation)
    S3 WD Backup Snapshot; C:\WINDOWS\SysWOW64\dllhost.exe /Processid:{302480DF-3AC5-4400-BE7B-DD77AF93B6DD} [19256 2018-09-15] (Microsoft Windows -> Microsoft Corporation)
    R3 WdNisSvc; C:\ProgramData\Microsoft\Windows Defender\platform\4.18.1910.4-0\NisSrv.exe [3201616 2019-11-03] (Microsoft Windows Publisher -> Microsoft Corporation)
    R2 WinDefend; C:\ProgramData\Microsoft\Windows Defender\platform\4.18.1910.4-0\MsMpEng.exe [103168 2019-11-03] (Microsoft Windows Publisher -> Microsoft Corporation)
    R2 WTabletServiceISD; C:\Program Files\Tablet\ISD\WTabletServiceISD.exe [1645656 2017-05-24] (Wacom Technology Corporation -> Wacom Technology, Corp.)
    R2 WTabletServicePro; C:\Program Files\Tablet\Wacom\WTabletServicePro.exe [1816520 2018-04-03] (Wacom Technology Corporation -> Wacom Technology, Corp.)
    R2 ymc; C:\Program Files\Lenovo\YMC\ymc.exe [49032 2016-12-23] (LENOVO -> Lenovo)
    ===================== Drivers (Whitelisted) ===================
    (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
    S3 aftap0901; C:\WINDOWS\System32\drivers\aftap0901.sys [48624 2018-03-06] (AnchorFree Inc -> The OpenVPN Project)
    S3 dg_ssudbus; C:\WINDOWS\system32\DRIVERS\ssudbus.sys [131984 2017-05-18] (Samsung Electronics Co., Ltd. -> Samsung Electronics Co., Ltd.)
    R3 dptf_acpi; C:\WINDOWS\System32\drivers\dptf_acpi.sys [72592 2016-10-24] (Intel Corporation -> Intel Corporation)
    R3 dptf_cpu; C:\WINDOWS\System32\drivers\dptf_cpu.sys [67984 2016-10-24] (Intel Corporation -> Intel Corporation)
    R3 esif_lf; C:\WINDOWS\system32\DRIVERS\esif_lf.sys [355216 2016-10-24] (Intel Corporation -> Intel Corporation)
    R1 ESProtectionDriver; C:\WINDOWS\system32\drivers\mbae64.sys [153312 2019-11-07] (Malwarebytes Corporation -> Malwarebytes)
    R3 ibtusb; C:\WINDOWS\system32\DRIVERS\ibtusb.sys [129008 2017-06-22] (Intel(R) Wireless Connectivity Solutions -> Intel Corporation)
    R2 MBAMChameleon; C:\WINDOWS\System32\Drivers\MbamChameleon.sys [248480 2019-11-07] (Malwarebytes Inc -> Malwarebytes)
    S0 MbamElam; C:\WINDOWS\System32\DRIVERS\MbamElam.sys [20936 2019-11-05] (Microsoft Windows Early Launch Anti-malware Publisher -> Malwarebytes)
    R3 MBAMFarflt; C:\WINDOWS\System32\DRIVERS\farflt.sys [224408 2019-11-07] (Malwarebytes Corporation -> Malwarebytes)
    R3 MBAMProtection; C:\WINDOWS\system32\DRIVERS\mbam.sys [73584 2019-11-07] (Malwarebytes Corporation -> Malwarebytes)
    R3 MBAMSwissArmy; C:\WINDOWS\System32\Drivers\mbamswissarmy.sys [278344 2019-11-07] (Malwarebytes Inc -> Malwarebytes)
    R3 MBAMWebProtection; C:\WINDOWS\system32\DRIVERS\mwac.sys [116832 2019-11-07] (Malwarebytes Corporation -> Malwarebytes)
    S3 Netaapl; C:\WINDOWS\System32\drivers\netaapl64.sys [23040 2017-11-27] (Microsoft Windows Hardware Compatibility Publisher -> Apple Inc.)
    R3 Netwtw06; C:\WINDOWS\System32\drivers\Netwtw06.sys [8723968 2018-09-15] (Microsoft Windows -> Intel Corporation)
    R3 rtsuvc; C:\WINDOWS\system32\DRIVERS\rtsuvc.sys [3227648 2017-03-02] (Realtek Semiconductor Corp. -> Realtek Semiconductor Corp.)
    S3 ssudmdm; C:\WINDOWS\system32\DRIVERS\ssudmdm.sys [166288 2017-05-18] (Samsung Electronics Co., Ltd. -> Samsung Electronics Co., Ltd.)
    R3 tap0901; C:\WINDOWS\System32\drivers\tap0901.sys [39040 2018-08-15] (GZ Systems Limited -> The OpenVPN Project)
    S3 USBAAPL64; C:\WINDOWS\System32\Drivers\usbaapl64.sys [54784 2017-11-27] (Microsoft Windows Hardware Compatibility Publisher -> Apple, Inc.)
    R3 WacHidRouterISD; C:\WINDOWS\system32\DRIVERS\wachidrouter_isd.sys [142424 2017-05-24] (Wacom Technology Corporation -> Wacom Technology, Corp.)
    S0 WdBoot; C:\WINDOWS\System32\drivers\wd\WdBoot.sys [46472 2019-11-03] (Microsoft Windows Early Launch Anti-malware Publisher -> Microsoft Corporation)
    R3 WDC_SAM; C:\WINDOWS\System32\drivers\wdcsam64.sys [26880 2015-11-12] (WDKTestCert wdclab,130885612892544312 -> Western Digital Technologies, Inc.)
    R0 WdFilter; C:\WINDOWS\System32\drivers\wd\WdFilter.sys [351968 2019-11-03] (Microsoft Windows -> Microsoft Corporation)
    R3 WdNisDrv; C:\WINDOWS\System32\drivers\wd\WdNisDrv.sys [53984 2019-11-03] (Microsoft Windows -> Microsoft Corporation)
    ==================== NetSvcs (Whitelisted) ===================
    (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
    ==================== One month (created) ===================
    (If an entry is included in the fixlist, the file/folder will be moved.)
    2019-11-07 21:58 - 2019-11-07 21:59 - 000030779 _____ C:\Users\baile\Desktop\FRST.txt
    2019-11-07 21:57 - 2019-11-07 21:57 - 002259968 _____ (Farbar) C:\Users\baile\Desktop\FRST64.exe
    2019-11-07 21:53 - 2019-11-07 21:53 - 000000000 ____D C:\Users\baile\AppData\Roaming\Western Digital
    2019-11-07 21:52 - 2019-11-07 21:52 - 000002233 _____ C:\Users\Public\Desktop\WD Backup.lnk
    2019-11-07 21:52 - 2019-11-07 21:52 - 000002233 _____ C:\ProgramData\Desktop\WD Backup.lnk
    2019-11-07 21:52 - 2019-11-07 21:52 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\WD Discovery
    2019-11-07 21:52 - 2019-11-07 21:52 - 000000000 ____D C:\Program Files (x86)\Western Digital
    2019-11-07 02:25 - 2019-11-07 02:25 - 000278344 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\mbamswissarmy.sys
    2019-11-07 02:25 - 2019-11-07 02:25 - 000224408 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\farflt.sys
    2019-11-07 02:25 - 2019-11-07 02:25 - 000116832 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\mwac.sys
    2019-11-07 02:25 - 2019-11-07 02:25 - 000073584 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\mbam.sys
    2019-11-07 02:24 - 2019-11-07 02:24 - 000248480 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\MbamChameleon.sys
    2019-11-07 00:51 - 2019-11-07 00:51 - 007622344 _____ (Malwarebytes) C:\Users\baile\Desktop\adwcleaner_7.4.2.exe
    2019-11-06 19:42 - 2019-11-06 19:42 - 000000000 ____D C:\Users\baile\AppData\Local\EpicGamesLauncher
    2019-11-06 19:42 - 2019-11-06 19:42 - 000000000 ____D C:\Users\baile\AppData\Local\CrashReportClient
    2019-11-06 15:01 - 2019-11-06 15:01 - 000291606 _____ C:\Users\baile\Downloads\TCPView.zip
    2019-11-05 15:34 - 2019-11-05 15:34 - 001883976 _____ (Malwarebytes) C:\Users\baile\Downloads\MBSetup.exe
    2019-11-05 14:28 - 2019-11-07 02:49 - 000003274 _____ C:\WINDOWS\system32\Tasks\Adobe Uninstaller
    2019-11-04 01:26 - 2019-11-07 19:35 - 000003712 _____ C:\WINDOWS\system32\Tasks\Kaspersky_Upgrade_{E7FE8BD6-07C8-4138-AB61-92AA886397EA}
    2019-11-04 01:26 - 2019-11-07 19:34 - 000000000 ____D C:\Users\baile\AppData\Roaming\KasperskyUpgradeLogs
    2019-11-03 19:21 - 2019-11-03 19:21 - 000001652 _____ C:\Users\baile\Desktop\Nov2019 - Shortcut.lnk
    2019-11-03 18:57 - 2019-11-03 18:57 - 000000000 ____D C:\Users\baile\AppData\Local\Kaspersky Lab
    2019-11-03 18:13 - 2019-11-03 18:42 - 000000000 ____D C:\$SysReset
    2019-11-03 15:05 - 2019-11-03 15:05 - 000000000 ____D C:\Users\baile\AppData\Roaming\AVAST Software
    2019-11-03 14:24 - 2019-11-03 14:24 - 000000000 ____D C:\ProgramData\Kaspersky Lab Setup Files
    2019-11-02 18:28 - 2019-11-02 18:28 - 000000000 ____D C:\Users\baile\AppData\Local\TempTaskUpdateDetectionB4D7477D-46BC-4F33-A858-0E5D9DE22D7F
    2019-10-29 17:29 - 2019-11-04 13:51 - 000000000 ____D C:\Users\baile\Documents\Kohls
    2019-10-21 21:14 - 2019-11-07 02:24 - 000153312 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\mbae64.sys
    2019-10-21 21:14 - 2019-11-05 15:35 - 000020936 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\MbamElam.sys
    2019-10-21 21:14 - 2019-11-05 15:35 - 000002028 _____ C:\Users\Public\Desktop\Malwarebytes.lnk
    2019-10-21 21:14 - 2019-11-05 15:35 - 000002028 _____ C:\ProgramData\Desktop\Malwarebytes.lnk
    2019-10-21 21:14 - 2019-11-03 18:42 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes
    2019-10-21 21:13 - 2019-10-21 21:13 - 066367928 _____ (Malwarebytes ) C:\Users\baile\Downloads\mb3-setup-37469.37469-3.8.3.2965-1.0.627-1.0.12633.exe
    2019-10-21 20:02 - 2019-11-05 14:29 - 000000000 ____D C:\Program Files\Common Files\AV
    2019-10-21 19:58 - 2019-10-21 19:58 - 003003104 _____ (Kaspersky) C:\Users\baile\Downloads\kav20.0.14.1085abcen_es_fr_19078.exe
    2019-10-17 23:35 - 2019-10-17 23:36 - 000000000 ____D C:\Users\baile\Documents\HP Printer
    2019-10-17 21:17 - 2019-10-18 11:38 - 000000000 ___RD C:\Users\baile\Documents\RocketLifeNetwork
    2019-10-17 21:17 - 2019-10-17 21:17 - 000000000 ____D C:\Users\baile\AppData\Roaming\Visan
    2019-10-17 21:17 - 2019-10-17 21:17 - 000000000 ____D C:\Users\baile\AppData\Local\RLPlatform
    2019-10-17 18:49 - 2019-10-17 18:50 - 000000000 ____D C:\Users\baile\Documents\Walgreens
    2019-10-17 16:35 - 2019-10-17 16:35 - 000000000 ____D C:\Users\baile\Documents\HpReg_Backup
    2019-10-17 16:34 - 2019-10-17 19:22 - 000002088 _____ C:\Users\Public\Desktop\HP Print and Scan Doctor.lnk
    2019-10-17 16:34 - 2019-10-17 19:22 - 000002088 _____ C:\ProgramData\Desktop\HP Print and Scan Doctor.lnk
    2019-10-17 16:34 - 2019-10-17 16:34 - 000000000 ____D C:\Users\baile\AppData\Roaming\HPPSDr
    2019-10-17 15:56 - 2019-10-17 15:56 - 000000000 ____D C:\ProgramData\Visan
    2019-10-17 15:55 - 2019-10-17 15:55 - 000003746 _____ C:\WINDOWS\system32\Tasks\HPCustParticipation HP OfficeJet Pro 8020 series
    2019-10-17 15:55 - 2019-10-17 15:55 - 000001332 _____ C:\Users\Public\Desktop\HP Print Scan Doctor Downloader - HP OfficeJet Pro 8020 series.lnk
    2019-10-17 15:55 - 2019-10-17 15:55 - 000001332 _____ C:\ProgramData\Desktop\HP Print Scan Doctor Downloader - HP OfficeJet Pro 8020 series.lnk
    2019-10-17 15:55 - 2019-10-17 15:55 - 000001322 _____ C:\Users\Public\Desktop\HP OfficeJet Pro 8020 series-HP Scan.lnk
    2019-10-17 15:55 - 2019-10-17 15:55 - 000001322 _____ C:\ProgramData\Desktop\HP OfficeJet Pro 8020 series-HP Scan.lnk
    2019-10-17 15:55 - 2019-10-17 15:55 - 000001285 _____ C:\Users\Public\Desktop\Shop for Supplies - HP OfficeJet Pro 8020 series.lnk
    2019-10-17 15:55 - 2019-10-17 15:55 - 000001285 _____ C:\ProgramData\Desktop\Shop for Supplies - HP OfficeJet Pro 8020 series.lnk
    2019-10-17 15:53 - 2019-10-17 15:54 - 138462472 _____ C:\Users\baile\Downloads\OJP8020_Full_WebPack_49.3.4475.exe
    2019-10-17 15:51 - 2019-10-17 15:51 - 000000000 ____D C:\Users\baile\AppData\Local\GoToAssist Remote Support Customer
    2019-10-16 20:03 - 2019-10-16 20:03 - 000000000 ____D C:\Users\baile\Downloads\WebKit.resources
    2019-10-16 20:03 - 2019-10-16 20:03 - 000000000 ____D C:\Users\baile\Downloads\MediaAccessibility.resources
    2019-10-16 20:03 - 2019-10-16 20:03 - 000000000 ____D C:\Users\baile\Downloads\iTunes.Resources
    2019-10-16 20:03 - 2019-10-16 20:03 - 000000000 ____D C:\Users\baile\Downloads\Foundation.resources
    2019-10-16 20:03 - 2019-10-16 20:03 - 000000000 ____D C:\Users\baile\Downloads\CoreText.resources
    2019-10-16 20:03 - 2019-10-16 20:03 - 000000000 ____D C:\Users\baile\Downloads\CoreMedia.resources
    2019-10-16 20:03 - 2019-10-16 20:03 - 000000000 ____D C:\Users\baile\Downloads\CoreFoundation.resources
    2019-10-16 20:03 - 2019-10-16 20:03 - 000000000 ____D C:\Users\baile\Downloads\ColorSync.resources
    2019-10-16 20:03 - 2019-10-16 20:03 - 000000000 ____D C:\Users\baile\Downloads\CFNetwork.resources
    2019-10-16 20:03 - 2019-10-16 20:03 - 000000000 ____D C:\Users\baile\Downloads\AVFoundationCF.resources
    2019-10-16 20:03 - 2019-10-16 20:03 - 000000000 ____D C:\Users\baile\Downloads\AuthKitWin.resources
    2019-10-16 20:03 - 2019-10-16 20:03 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\iTunes
    2019-10-16 20:03 - 2019-10-16 20:03 - 000000000 ____D C:\Program Files\iPod
    2019-10-16 20:01 - 2019-10-16 20:01 - 000000000 ____D C:\WINDOWS\system32\Tasks\Apple
    2019-10-16 20:01 - 2019-10-16 20:01 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\iCloud
    2019-10-16 20:01 - 2019-10-16 20:01 - 000000000 ____D C:\Program Files (x86)\Apple Software Update
    2019-10-15 21:06 - 2019-11-06 14:50 - 000000000 ____D C:\Users\baile\Documents\Medicare
    2019-10-12 18:30 - 2019-10-12 18:30 - 000002441 _____ C:\Users\baile\Desktop\Outlook 2013.lnk
    2019-10-09 23:17 - 2019-11-05 22:17 - 000000127 _____ C:\Users\baile\Desktop\Facebook.url
    2019-10-08 19:52 - 2019-10-08 19:52 - 026806784 _____ (Microsoft Corporation) C:\WINDOWS\system32\edgehtml.dll
    2019-10-08 19:52 - 2019-10-08 19:52 - 024616960 _____ (Microsoft Corporation) C:\WINDOWS\system32\Hydrogen.dll
    2019-10-08 19:52 - 2019-10-08 19:52 - 023455744 _____ (Microsoft Corporation) C:\WINDOWS\system32\mshtml.dll
    2019-10-08 19:52 - 2019-10-08 19:52 - 020816384 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\edgehtml.dll
    2019-10-08 19:52 - 2019-10-08 19:52 - 019284992 _____ (Microsoft Corporation) C:\WINDOWS\system32\HologramWorld.dll
    2019-10-08 19:52 - 2019-10-08 19:52 - 019014144 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mshtml.dll
    2019-10-08 19:52 - 2019-10-08 19:52 - 017485312 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.UI.Xaml.dll
    2019-10-08 19:52 - 2019-10-08 19:52 - 015220224 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.UI.Xaml.dll
    2019-10-08 19:52 - 2019-10-08 19:52 - 012960768 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieframe.dll
    2019-10-08 19:52 - 2019-10-08 19:52 - 012259840 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ieframe.dll
    2019-10-08 19:52 - 2019-10-08 19:52 - 009680400 _____ (Microsoft Corporation) C:\WINDOWS\system32\ntoskrnl.exe
    2019-10-08 19:52 - 2019-10-08 19:52 - 008903168 _____ (Microsoft Corporation) C:\WINDOWS\system32\mstscax.dll
    2019-10-08 19:52 - 2019-10-08 19:52 - 007921664 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mstscax.dll
    2019-10-08 19:52 - 2019-10-08 19:52 - 007872000 _____ (Microsoft Corporation) C:\WINDOWS\system32\Chakra.dll
    2019-10-08 19:52 - 2019-10-08 19:52 - 007645392 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Media.Protection.PlayReady.dll
    2019-10-08 19:52 - 2019-10-08 19:52 - 006542464 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Media.Protection.PlayReady.dll
    2019-10-08 19:52 - 2019-10-08 19:52 - 006065152 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Chakra.dll
    2019-10-08 19:52 - 2019-10-08 19:52 - 005436696 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfcore.dll
    2019-10-08 19:52 - 2019-10-08 19:52 - 005086208 _____ (Microsoft Corporation) C:\WINDOWS\system32\wininet.dll
    2019-10-08 19:52 - 2019-10-08 19:52 - 004873728 _____ (Microsoft Corporation) C:\WINDOWS\system32\jscript9.dll
    2019-10-08 19:52 - 2019-10-08 19:52 - 004628992 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wininet.dll
    2019-10-08 19:52 - 2019-10-08 19:52 - 004588544 _____ (Microsoft Corporation) C:\WINDOWS\system32\sppsvc.exe
    2019-10-08 19:52 - 2019-10-08 19:52 - 004057088 _____ (Microsoft Corporation) C:\WINDOWS\system32\EdgeContent.dll
    2019-10-08 19:52 - 2019-10-08 19:52 - 003702784 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\jscript9.dll
    2019-10-08 19:52 - 2019-10-08 19:52 - 003567104 _____ (Microsoft Corporation) C:\WINDOWS\system32\diagtrack.dll
    2019-10-08 19:52 - 2019-10-08 19:52 - 003550384 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mfcore.dll
    2019-10-08 19:52 - 2019-10-08 19:52 - 003387392 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppXDeploymentServer.dll
    2019-10-08 19:52 - 2019-10-08 19:52 - 002699768 _____ (Microsoft Corporation) C:\WINDOWS\system32\KernelBase.dll
    2019-10-08 19:52 - 2019-10-08 19:52 - 002699264 _____ (Microsoft Corporation) C:\WINDOWS\system32\WebRuntimeManager.dll
    2019-10-08 19:52 - 2019-10-08 19:52 - 002469440 _____ (Microsoft Corporation) C:\WINDOWS\system32\msmpeg2vdec.dll
    2019-10-08 19:52 - 2019-10-08 19:52 - 002437344 _____ (Microsoft Corporation) C:\WINDOWS\system32\msxml6.dll
    2019-10-08 19:52 - 2019-10-08 19:52 - 002429768 _____ (Microsoft Corporation) C:\WINDOWS\system32\WMVCORE.DLL
    2019-10-08 19:52 - 2019-10-08 19:52 - 002421760 _____ (Microsoft Corporation) C:\WINDOWS\system32\win32kbase.sys
    2019-10-08 19:52 - 2019-10-08 19:52 - 002323696 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msmpeg2vdec.dll
    2019-10-08 19:52 - 2019-10-08 19:52 - 002298880 _____ (Microsoft Corporation) C:\WINDOWS\system32\ResetEngine.dll
    2019-10-08 19:52 - 2019-10-08 19:52 - 002278240 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfasfsrcsnk.dll
    2019-10-08 19:52 - 2019-10-08 19:52 - 002192384 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppXDeploymentExtensions.onecore.dll
    2019-10-08 19:52 - 2019-10-08 19:52 - 002160160 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\WMVCORE.DLL
    2019-10-08 19:52 - 2019-10-08 19:52 - 002110472 _____ (Microsoft Corporation) C:\WINDOWS\system32\AudioEng.dll
    2019-10-08 19:52 - 2019-10-08 19:52 - 002072176 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\KernelBase.dll
    2019-10-08 19:52 - 2019-10-08 19:52 - 002050560 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.CloudStore.dll
    2019-10-08 19:52 - 2019-10-08 19:52 - 002015400 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msxml6.dll
    2019-10-08 19:52 - 2019-10-08 19:52 - 001994976 _____ (Microsoft Corporation) C:\WINDOWS\system32\ntdll.dll
    2019-10-08 19:52 - 2019-10-08 19:52 - 001929728 _____ (Microsoft Corporation) C:\WINDOWS\system32\audiosrv.dll
    2019-10-08 19:52 - 2019-10-08 19:52 - 001918792 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\AudioEng.dll
    2019-10-08 19:52 - 2019-10-08 19:52 - 001904128 _____ (Microsoft Corporation) C:\WINDOWS\system32\FntCache.dll
    2019-10-08 19:52 - 2019-10-08 19:52 - 001830200 _____ (Microsoft Corporation) C:\WINDOWS\system32\rdpserverbase.dll
    2019-10-08 19:52 - 2019-10-08 19:52 - 001751432 _____ (Microsoft Corporation) C:\WINDOWS\system32\sppobjs.dll
    2019-10-08 19:52 - 2019-10-08 19:52 - 001701880 _____ (Microsoft Corporation) C:\WINDOWS\system32\winload.efi
    2019-10-08 19:52 - 2019-10-08 19:52 - 001677816 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\user32.dll
    2019-10-08 19:52 - 2019-10-08 19:52 - 001674480 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ntdll.dll
    2019-10-08 19:52 - 2019-10-08 19:52 - 001666232 _____ (Microsoft Corporation) C:\WINDOWS\system32\user32.dll
    2019-10-08 19:52 - 2019-10-08 19:52 - 001608192 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppXDeploymentExtensions.desktop.dll
    2019-10-08 19:52 - 2019-10-08 19:52 - 001590072 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\rdpserverbase.dll
    2019-10-08 19:52 - 2019-10-08 19:52 - 001472576 _____ (Microsoft Corporation) C:\WINDOWS\system32\winload.exe
    2019-10-08 19:52 - 2019-10-08 19:52 - 001388032 _____ (Microsoft Corporation) C:\WINDOWS\system32\bcastdvruserservice.dll
    2019-10-08 19:52 - 2019-10-08 19:52 - 001344960 _____ (Microsoft Corporation) C:\WINDOWS\system32\winresume.efi
    2019-10-08 19:52 - 2019-10-08 19:52 - 001331536 _____ (Microsoft Corporation) C:\WINDOWS\system32\AudioSes.dll
    2019-10-08 19:52 - 2019-10-08 19:52 - 001309696 _____ (Microsoft Corporation) C:\WINDOWS\system32\webplatstorageserver.dll
    2019-10-08 19:52 - 2019-10-08 19:52 - 001291264 _____ (Microsoft Corporation) C:\WINDOWS\system32\werconcpl.dll
    2019-10-08 19:52 - 2019-10-08 19:52 - 001289192 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mfasfsrcsnk.dll
    2019-10-08 19:52 - 2019-10-08 19:52 - 001253688 _____ (Microsoft Corporation) C:\WINDOWS\system32\hvix64.exe
    2019-10-08 19:52 - 2019-10-08 19:52 - 001247560 _____ (Microsoft Corporation) C:\WINDOWS\system32\ClipUp.exe
    2019-10-08 19:52 - 2019-10-08 19:52 - 001224704 _____ (Microsoft Corporation) C:\WINDOWS\system32\reseteng.dll
    2019-10-08 19:52 - 2019-10-08 19:52 - 001201136 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfmpeg2srcsnk.dll
    2019-10-08 19:52 - 2019-10-08 19:52 - 001182448 _____ (Microsoft Corporation) C:\WINDOWS\system32\winresume.exe
    2019-10-08 19:52 - 2019-10-08 19:52 - 001098136 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\AudioSes.dll
    2019-10-08 19:52 - 2019-10-08 19:52 - 001087800 _____ (Microsoft Corporation) C:\WINDOWS\system32\ReAgent.dll
    2019-10-08 19:52 - 2019-10-08 19:52 - 001056056 _____ (Microsoft Corporation) C:\WINDOWS\system32\pidgenx.dll
    2019-10-08 19:52 - 2019-10-08 19:52 - 001054928 _____ (Microsoft Corporation) C:\WINDOWS\system32\ApplyTrustOffline.exe
    2019-10-08 19:52 - 2019-10-08 19:52 - 001048888 _____ (Microsoft Corporation) C:\WINDOWS\system32\hvax64.exe
    2019-10-08 19:52 - 2019-10-08 19:52 - 001024712 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mfmpeg2srcsnk.dll
    2019-10-08 19:52 - 2019-10-08 19:52 - 000981504 _____ (Microsoft Corporation) C:\WINDOWS\system32\MusUpdateHandlers.dll
    2019-10-08 19:52 - 2019-10-08 19:52 - 000917816 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ReAgent.dll
    2019-10-08 19:52 - 2019-10-08 19:52 - 000912384 _____ (Microsoft Corporation) C:\WINDOWS\system32\EdgeManager.dll
    2019-10-08 19:52 - 2019-10-08 19:52 - 000901120 _____ (Microsoft Corporation) C:\WINDOWS\system32\usocore.dll
    2019-10-08 19:52 - 2019-10-08 19:52 - 000895560 _____ (Microsoft Corporation) C:\WINDOWS\system32\wer.dll
    2019-10-08 19:52 - 2019-10-08 19:52 - 000883200 _____ (Microsoft Corporation) C:\WINDOWS\system32\CPFilters.dll
    2019-10-08 19:52 - 2019-10-08 19:52 - 000860160 _____ C:\WINDOWS\system32\MBR2GPT.EXE
    2019-10-08 19:52 - 2019-10-08 19:52 - 000851272 _____ (Microsoft Corporation) C:\WINDOWS\system32\ci.dll
    2019-10-08 19:52 - 2019-10-08 19:52 - 000848896 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MSMPEG2ENC.DLL
    2019-10-08 19:52 - 2019-10-08 19:52 - 000843264 _____ (Microsoft Corporation) C:\WINDOWS\system32\jscript.dll
    2019-10-08 19:52 - 2019-10-08 19:52 - 000833024 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\webplatstorageserver.dll
    2019-10-08 19:52 - 2019-10-08 19:52 - 000829440 _____ (Microsoft Corporation) C:\WINDOWS\system32\HologramCompositor.dll
    2019-10-08 19:52 - 2019-10-08 19:52 - 000805296 _____ (Microsoft Corporation) C:\WINDOWS\system32\BioIso.exe
    2019-10-08 19:52 - 2019-10-08 19:52 - 000794112 _____ (Microsoft Corporation) C:\WINDOWS\system32\LogonController.dll
    2019-10-08 19:52 - 2019-10-08 19:52 - 000782336 _____ (Microsoft Corporation) C:\WINDOWS\system32\winlogon.exe
    2019-10-08 19:52 - 2019-10-08 19:52 - 000764928 _____ (Microsoft Corporation) C:\WINDOWS\system32\updatehandlers.dll
    2019-10-08 19:52 - 2019-10-08 19:52 - 000764216 _____ (Microsoft Corporation) C:\WINDOWS\system32\wimgapi.dll
    2019-10-08 19:52 - 2019-10-08 19:52 - 000750592 _____ (Microsoft Corporation) C:\WINDOWS\system32\AudioEndpointBuilder.dll
    2019-10-08 19:52 - 2019-10-08 19:52 - 000690688 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\CPFilters.dll
    2019-10-08 19:52 - 2019-10-08 19:52 - 000687104 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\jscript.dll
    2019-10-08 19:52 - 2019-10-08 19:52 - 000681720 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wer.dll
    2019-10-08 19:52 - 2019-10-08 19:52 - 000670208 _____ (Microsoft Corporation) C:\WINDOWS\system32\SettingsHandlers_Devices.dll
    2019-10-08 19:52 - 2019-10-08 19:52 - 000663040 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\EdgeManager.dll
    2019-10-08 19:52 - 2019-10-08 19:52 - 000662024 _____ (Microsoft Corporation) C:\WINDOWS\system32\computecore.dll
    2019-10-08 19:52 - 2019-10-08 19:52 - 000657408 _____ (Microsoft Corporation) C:\WINDOWS\system32\BootMenuUX.dll
    2019-10-08 19:52 - 2019-10-08 19:52 - 000652088 _____ (Microsoft Corporation) C:\WINDOWS\system32\securekernel.exe
    2019-10-08 19:52 - 2019-10-08 19:52 - 000605496 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wimgapi.dll
    2019-10-08 19:52 - 2019-10-08 19:52 - 000604336 _____ (Microsoft Corporation) C:\WINDOWS\system32\audiodg.exe
    2019-10-08 19:52 - 2019-10-08 19:52 - 000595456 _____ (Microsoft Corporation) C:\WINDOWS\system32\vbscript.dll
    2019-10-08 19:52 - 2019-10-08 19:52 - 000578560 _____ (Microsoft Corporation) C:\WINDOWS\system32\SppExtComObj.Exe
    2019-10-08 19:52 - 2019-10-08 19:52 - 000575488 _____ (Microsoft Corporation) C:\WINDOWS\system32\MusNotification.exe
    2019-10-08 19:52 - 2019-10-08 19:52 - 000532992 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\vbscript.dll
    2019-10-08 19:52 - 2019-10-08 19:52 - 000531976 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mf.dll
    2019-10-08 19:52 - 2019-10-08 19:52 - 000522104 _____ (Microsoft Corporation) C:\WINDOWS\system32\systemreset.exe
    2019-10-08 19:52 - 2019-10-08 19:52 - 000519992 _____ (Microsoft Corporation) C:\WINDOWS\system32\wimserv.exe
    2019-10-08 19:52 - 2019-10-08 19:52 - 000519168 _____ (Microsoft Corporation) C:\WINDOWS\system32\sppcext.dll
    2019-10-08 19:52 - 2019-10-08 19:52 - 000518144 _____ (Microsoft Corporation) C:\WINDOWS\system32\schannel.dll
    2019-10-08 19:52 - 2019-10-08 19:52 - 000508728 _____ (Microsoft Corporation) C:\WINDOWS\system32\WerFault.exe
    2019-10-08 19:52 - 2019-10-08 19:52 - 000506200 _____ (Microsoft Corporation) C:\WINDOWS\system32\mf.dll
    2019-10-08 19:52 - 2019-10-08 19:52 - 000495616 _____ (Microsoft Corporation) C:\WINDOWS\system32\werui.dll
    2019-10-08 19:52 - 2019-10-08 19:52 - 000462136 _____ (Microsoft Corporation) C:\WINDOWS\system32\msv1_0.dll
    2019-10-08 19:52 - 2019-10-08 19:52 - 000453432 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\rdbss.sys
    2019-10-08 19:52 - 2019-10-08 19:52 - 000449368 _____ (Microsoft Corporation) C:\WINDOWS\system32\Faultrep.dll
    2019-10-08 19:52 - 2019-10-08 19:52 - 000444728 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\WerFault.exe
    2019-10-08 19:52 - 2019-10-08 19:52 - 000444416 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\schannel.dll
    2019-10-08 19:52 - 2019-10-08 19:52 - 000430592 _____ (Microsoft Corporation) C:\WINDOWS\system32\MusNotificationUx.exe
    2019-10-08 19:52 - 2019-10-08 19:52 - 000428032 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\werui.dll
    2019-10-08 19:52 - 2019-10-08 19:52 - 000421176 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\pci.sys
    2019-10-08 19:52 - 2019-10-08 19:52 - 000387832 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Faultrep.dll
    2019-10-08 19:52 - 2019-10-08 19:52 - 000385336 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msv1_0.dll
    2019-10-08 19:52 - 2019-10-08 19:52 - 000376568 _____ (Microsoft Corporation) C:\WINDOWS\system32\MusNotifyIcon.exe
    2019-10-08 19:52 - 2019-10-08 19:52 - 000357888 _____ (Microsoft Corporation) C:\WINDOWS\system32\WaaSMedicSvc.dll
    2019-10-08 19:52 - 2019-10-08 19:52 - 000353792 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msrd3x40.dll
    2019-10-08 19:52 - 2019-10-08 19:52 - 000294512 _____ (Microsoft Corporation) C:\WINDOWS\system32\skci.dll
    2019-10-08 19:52 - 2019-10-08 19:52 - 000282424 _____ (Microsoft Corporation) C:\WINDOWS\system32\browserbroker.dll
    2019-10-08 19:52 - 2019-10-08 19:52 - 000257024 _____ (Microsoft Corporation) C:\WINDOWS\system32\WaaSMedicCapsule.dll
    2019-10-08 19:52 - 2019-10-08 19:52 - 000250880 _____ (Microsoft Corporation) C:\WINDOWS\system32\FileHistory.exe
    2019-10-08 19:52 - 2019-10-08 19:52 - 000241152 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msltus40.dll
    2019-10-08 19:52 - 2019-10-08 19:52 - 000224568 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\wof.sys
    2019-10-08 19:52 - 2019-10-08 19:52 - 000217088 _____ (Microsoft Corporation) C:\WINDOWS\system32\DWWIN.EXE
    2019-10-08 19:52 - 2019-10-08 19:52 - 000213504 _____ (Microsoft Corporation) C:\WINDOWS\system32\wersvc.dll
    2019-10-08 19:52 - 2019-10-08 19:52 - 000213304 _____ (Microsoft Corporation) C:\WINDOWS\system32\wermgr.exe
    2019-10-08 19:52 - 2019-10-08 19:52 - 000201736 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\appid.sys
    2019-10-08 19:52 - 2019-10-08 19:52 - 000193336 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wermgr.exe
    2019-10-08 19:52 - 2019-10-08 19:52 - 000180736 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\DWWIN.EXE
    2019-10-08 19:52 - 2019-10-08 19:52 - 000163232 _____ (Microsoft Corporation) C:\WINDOWS\system32\WerFaultSecure.exe
    2019-10-08 19:52 - 2019-10-08 19:52 - 000160768 _____ (Microsoft Corporation) C:\WINDOWS\system32\umpo.dll
    2019-10-08 19:52 - 2019-10-08 19:52 - 000147944 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\WerFaultSecure.exe
    2019-10-08 19:52 - 2019-10-08 19:52 - 000134656 _____ (Microsoft Corporation) C:\WINDOWS\system32\dnscmmc.dll
    2019-10-08 19:52 - 2019-10-08 19:52 - 000122368 _____ (Microsoft Corporation) C:\WINDOWS\system32\wercplsupport.dll
    2019-10-08 19:52 - 2019-10-08 19:52 - 000120832 _____ (Microsoft Corporation) C:\WINDOWS\system32\updatecsp.dll
    2019-10-08 19:52 - 2019-10-08 19:52 - 000104464 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\bindflt.sys
    2019-10-08 19:52 - 2019-10-08 19:52 - 000092160 _____ (Microsoft Corporation) C:\WINDOWS\system32\wsqmcons.exe
    2019-10-08 19:52 - 2019-10-08 19:52 - 000088576 _____ (Microsoft Corporation) C:\WINDOWS\system32\WaaSMedicAgent.exe
    2019-10-08 19:52 - 2019-10-08 19:52 - 000078336 _____ (Microsoft Corporation) C:\WINDOWS\system32\fhuxgraphics.dll
    2019-10-08 19:52 - 2019-10-08 19:52 - 000060416 _____ (Microsoft Corporation) C:\WINDOWS\system32\TpmTasks.dll
    2019-10-08 19:52 - 2019-10-08 19:52 - 000050688 _____ (Microsoft Corporation) C:\WINDOWS\system32\NAPCRYPT.DLL
    2019-10-08 19:52 - 2019-10-08 19:52 - 000041984 _____ (Microsoft Corporation) C:\WINDOWS\system32\werdiagcontroller.dll
    2019-10-08 19:52 - 2019-10-08 19:52 - 000039304 _____ (Microsoft Corporation) C:\WINDOWS\system32\NtlmShared.dll
    2019-10-08 19:52 - 2019-10-08 19:52 - 000035840 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\werdiagcontroller.dll
    2019-10-08 19:52 - 2019-10-08 19:52 - 000033056 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\NtlmShared.dll
    2019-10-08 19:52 - 2019-10-08 19:52 - 000000315 _____ C:\WINDOWS\system32\DrtmAuth8.bin
    2019-10-08 19:52 - 2019-10-08 19:52 - 000000315 _____ C:\WINDOWS\system32\DrtmAuth7.bin
    2019-10-08 19:52 - 2019-10-08 19:52 - 000000315 _____ C:\WINDOWS\system32\DrtmAuth6.bin
    2019-10-08 19:52 - 2019-10-08 19:52 - 000000315 _____ C:\WINDOWS\system32\DrtmAuth5.bin
    2019-10-08 19:52 - 2019-10-08 19:52 - 000000315 _____ C:\WINDOWS\system32\DrtmAuth4.bin
    2019-10-08 19:52 - 2019-10-08 19:52 - 000000315 _____ C:\WINDOWS\system32\DrtmAuth3.bin
    2019-10-08 19:52 - 2019-10-08 19:52 - 000000315 _____ C:\WINDOWS\system32\DrtmAuth2.bin
    2019-10-08 19:52 - 2019-10-08 19:52 - 000000315 _____ C:\WINDOWS\system32\DrtmAuth1.bin
    ==================== One month (modified) ==================
    (If an entry is included in the fixlist, the file/folder will be moved.)
    2019-11-07 21:59 - 2018-04-12 15:34 - 000000000 ____D C:\FRST
    2019-11-07 21:58 - 2018-09-15 01:33 - 000000000 ____D C:\WINDOWS\registration
    2019-11-07 21:52 - 2017-11-09 18:41 - 000000000 ____D C:\ProgramData\Package Cache
    2019-11-07 20:16 - 2017-12-20 15:47 - 000000000 ____D C:\Users\baile\Documents\Outlook Files
    2019-11-07 19:42 - 2019-08-07 19:58 - 000000000 ___DC C:\WINDOWS\Panther
    2019-11-07 19:37 - 2019-10-01 20:08 - 000000000 ___HD C:\Users\Public\Documents\AdobeGCData
    2019-11-07 19:37 - 2019-10-01 20:08 - 000000000 ___HD C:\ProgramData\Documents\AdobeGCData
    2019-11-07 19:35 - 2019-08-07 20:30 - 000004164 _____ C:\WINDOWS\system32\Tasks\User_Feed_Synchronization-{B393C7FE-B95B-48A2-8819-C5B1623E23B2}
    2019-11-07 19:35 - 2019-08-07 20:29 - 000011433 _____ C:\WINDOWS\diagwrn.xml
    2019-11-07 19:35 - 2019-08-07 20:29 - 000011433 _____ C:\WINDOWS\diagerr.xml
    2019-11-07 19:35 - 2019-03-19 01:02 - 000000000 ___HD C:\$WINDOWS.~BT
    2019-11-07 19:32 - 2017-12-19 19:36 - 000000000 ____D C:\Users\baile\AppData\Roaming\WTablet
    2019-11-07 19:31 - 2018-09-15 01:33 - 000000000 ____D C:\ProgramData\regid.1991-06.com.microsoft
    2019-11-07 02:37 - 2019-08-07 20:34 - 000005768 _____ C:\WINDOWS\system32\PerfStringBackup.INI
    2019-11-07 02:24 - 2019-08-07 20:30 - 000000006 ____H C:\WINDOWS\Tasks\SA.DAT
    2019-11-07 02:24 - 2018-09-15 01:31 - 000000000 ____D C:\WINDOWS\INF
    2019-11-07 02:24 - 2018-09-15 00:09 - 001048576 _____ C:\WINDOWS\system32\config\BBI
    2019-11-07 02:23 - 2018-09-15 00:09 - 000032768 _____ C:\WINDOWS\system32\config\ELAM
    2019-11-07 01:55 - 2018-09-15 01:23 - 000000000 ____D C:\WINDOWS\CbsTemp
    2019-11-07 01:12 - 2017-12-30 22:58 - 000002380 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk
    2019-11-07 00:52 - 2018-06-21 03:36 - 000000000 ____D C:\Users\baile\AppData\Local\CrashDumps
    2019-11-06 20:30 - 2017-12-20 00:53 - 000000000 ____D C:\Users\baile\AppData\Local\Adobe
    2019-11-06 20:17 - 2019-08-07 20:24 - 000453088 _____ C:\WINDOWS\system32\FNTCACHE.DAT
    2019-11-06 19:51 - 2019-08-07 20:25 - 000000000 ____D C:\Users\baile
    2019-11-06 19:51 - 2018-04-13 03:46 - 000000000 ____D C:\Users\baile\AppData\Local\Facebook
    2019-11-06 19:48 - 2018-09-15 01:33 - 000000000 ___HD C:\Program Files\WindowsApps
    2019-11-06 19:48 - 2018-09-15 01:33 - 000000000 ____D C:\WINDOWS\AppReadiness
    2019-11-06 19:45 - 2018-03-22 21:52 - 000000000 ____D C:\Users\baile\AppData\Roaming\Millisecond Software
    2019-11-06 19:42 - 2019-06-09 22:32 - 000000000 ____D C:\Users\baile\Downloads\Epic Games
    2019-11-06 15:02 - 2011-07-25 12:40 - 000300832 _____ (Sysinternals - www.sysinternals.com) C:\Users\baile\Downloads\Tcpview.exe
    2019-11-06 15:02 - 2010-07-28 15:47 - 000199544 _____ (Sysinternals - www.sysinternals.com) C:\Users\baile\Downloads\Tcpvcon.exe
    2019-11-06 15:02 - 2010-07-02 16:03 - 000041074 _____ C:\Users\baile\Downloads\tcpview.chm
    2019-11-06 15:02 - 2006-07-28 09:32 - 000007005 _____ C:\Users\baile\Downloads\Eula.txt
    2019-11-06 15:02 - 2002-09-02 13:13 - 000007983 _____ C:\Users\baile\Downloads\TCPVIEW.HLP
    2019-11-06 14:14 - 2019-08-07 20:24 - 000000000 ____D C:\WINDOWS\system32\SleepStudy
    2019-11-06 13:45 - 2017-12-19 21:12 - 000000000 ____D C:\Users\baile\AppData\Local\Packages
    2019-11-06 13:44 - 2018-04-24 19:10 - 000000000 ____D C:\Users\baile\Documents\Amazon
    2019-11-06 12:13 - 2017-12-20 00:54 - 000000000 ____D C:\Program Files (x86)\Adobe
    2019-11-06 12:09 - 2017-12-19 19:36 - 000000000 ____D C:\Users\baile\AppData\Local\VirtualStore
    2019-11-05 14:01 - 2019-08-07 20:30 - 000003420 _____ C:\WINDOWS\system32\Tasks\GoogleUpdateTaskMachineUA
    2019-11-05 14:01 - 2019-08-07 20:30 - 000003296 _____ C:\WINDOWS\system32\Tasks\GoogleUpdateTaskMachineCore
    2019-11-05 14:01 - 2017-12-30 22:57 - 000000000 ____D C:\Program Files (x86)\Google
    2019-11-03 20:09 - 2017-12-19 19:38 - 000000000 ___RD C:\Users\baile\OneDrive
    2019-11-03 19:57 - 2018-01-12 21:58 - 000000000 ___RD C:\Users\baile\iCloudDrive
    2019-11-03 19:37 - 2018-09-15 01:33 - 000000000 ____D C:\WINDOWS\system32\NDF
    2019-11-03 18:53 - 2019-08-07 20:30 - 000003376 _____ C:\WINDOWS\system32\Tasks\OneDrive Standalone Update Task-S-1-5-21-260720292-2504253849-2348319339-1001
    2019-11-03 18:53 - 2019-08-07 20:25 - 000002370 _____ C:\Users\baile\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\OneDrive.lnk
    2019-11-03 18:53 - 2018-09-15 01:33 - 000000000 ___HD C:\WINDOWS\ELAMBKUP
    2019-11-03 18:45 - 2018-09-15 01:33 - 000000000 ___RD C:\WINDOWS\ImmersiveControlPanel
    2019-11-03 18:45 - 2018-09-15 01:33 - 000000000 ____D C:\WINDOWS\SysWOW64\Dism
    2019-11-03 18:45 - 2018-09-15 01:33 - 000000000 ____D C:\WINDOWS\system32\WinBioPlugIns
    2019-11-03 18:45 - 2018-09-15 01:33 - 000000000 ____D C:\WINDOWS\system32\SystemResetPlatform
    2019-11-03 18:45 - 2018-09-15 01:33 - 000000000 ____D C:\WINDOWS\system32\oobe
    2019-11-03 18:45 - 2018-09-15 01:33 - 000000000 ____D C:\WINDOWS\system32\migwiz
    2019-11-03 18:45 - 2018-09-15 01:33 - 000000000 ____D C:\WINDOWS\system32\lv-LV
    2019-11-03 18:45 - 2018-09-15 01:33 - 000000000 ____D C:\WINDOWS\system32\lt-LT
    2019-11-03 18:45 - 2018-09-15 01:33 - 000000000 ____D C:\WINDOWS\system32\et-EE
    2019-11-03 18:45 - 2018-09-15 01:33 - 000000000 ____D C:\WINDOWS\system32\es-MX
    2019-11-03 18:45 - 2018-09-15 01:33 - 000000000 ____D C:\WINDOWS\ShellExperiences
    2019-11-03 18:45 - 2018-09-15 01:33 - 000000000 ____D C:\WINDOWS\Provisioning
    2019-11-03 18:45 - 2018-09-15 01:33 - 000000000 ____D C:\WINDOWS\PolicyDefinitions
    2019-11-03 18:45 - 2018-09-15 01:33 - 000000000 ____D C:\WINDOWS\L2Schemas
    2019-11-03 18:45 - 2018-09-15 00:09 - 000000000 ____D C:\WINDOWS\system32\Sysprep
    2019-11-03 18:43 - 2017-12-26 15:51 - 000000000 ____D C:\Users\baile\AppData\Local\Microsoft Help
    2019-11-03 18:43 - 2017-12-20 00:57 - 000000000 ___RD C:\Users\baile\Creative Cloud Files
    2019-11-03 18:42 - 2018-01-05 00:16 - 000000000 ____D C:\Users\baile\Documents\2 Pam Health Savings Account
    2019-11-03 18:42 - 2017-12-19 19:36 - 000000000 ____D C:\Users\baile\AppData\Local\ConnectedDevicesPlatform
    2019-11-03 18:42 - 2017-11-09 18:42 - 000000000 ____D C:\Program Files (x86)\Intel
    2019-11-03 18:20 - 2018-05-05 14:45 - 000000000 ____D C:\Users\baile\Documents\Pam
    2019-11-03 18:20 - 2018-04-12 15:41 - 000000000 ____D C:\ProgramData\Malwarebytes
    2019-11-03 18:20 - 2017-12-26 22:55 - 000000000 __RHD C:\MSOCache
    2019-11-03 18:20 - 2017-11-09 18:42 - 000000000 ___HD C:\Intel
    2019-11-03 18:20 - 2017-11-09 18:41 - 000000000 ____D C:\Program Files\Intel
    2019-11-03 16:27 - 2018-01-29 00:21 - 000000000 ____D C:\Users\baile\AppData\Local\AVAST Software
    2019-11-03 15:36 - 2017-12-20 01:27 - 000000000 ____D C:\WINDOWS\system32\MRT
    2019-11-03 15:25 - 2017-12-19 22:35 - 000000000 ____D C:\Users\baile\AppData\Local\ElevatedDiagnostics
    2019-11-03 14:35 - 2018-04-13 04:22 - 000000000 ____D C:\WINDOWS\system32\Drivers\wd
    2019-11-03 01:30 - 2017-12-20 00:58 - 000000000 ____D C:\Program Files\Common Files\Adobe
    2019-11-03 01:28 - 2018-06-17 15:34 - 000000000 ____D C:\ProgramData\Packages
    2019-11-03 01:28 - 2017-12-20 00:54 - 000000000 ____D C:\ProgramData\Adobe
    2019-11-03 01:27 - 2018-05-19 00:49 - 000000000 ____D C:\Users\baile\AppData\Local\D3DSCache
    2019-11-02 14:01 - 2017-12-19 19:38 - 000000000 ____D C:\Users\baile\AppData\Local\Comms
    2019-11-02 01:38 - 2018-01-13 01:27 - 000000000 ____D C:\Users\baile\Documents\Microsoft data
    2019-11-01 12:00 - 2018-11-28 18:21 - 000000000 ____D C:\Users\baile\AppData\Roaming\Grammarly
    2019-10-31 23:48 - 2018-09-15 01:33 - 000000000 ____D C:\WINDOWS\LiveKernelReports
    2019-10-22 00:03 - 2018-01-13 01:36 - 000000000 ____D C:\Users\baile\Documents\Travel
    2019-10-21 20:32 - 2018-01-05 00:16 - 000000000 ____D C:\Users\baile\Documents\Cross Bow
    2019-10-21 17:09 - 2018-01-05 00:16 - 000000000 ____D C:\Users\baile\Documents\1 Greg Health Savings Account
    2019-10-21 01:22 - 2018-02-10 13:14 - 000000000 ____D C:\Users\baile\Documents\American Family
    2019-10-17 21:17 - 2018-06-17 21:14 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\HP
    2019-10-17 18:50 - 2017-12-20 00:25 - 000000000 ____D C:\Users\baile\AppData\Local\PlaceholderTileLogoFolder
    2019-10-17 18:29 - 2018-06-17 21:14 - 000000000 ____D C:\ProgramData\HP
    2019-10-17 17:37 - 2019-10-01 20:08 - 000003518 _____ C:\WINDOWS\system32\Tasks\AdobeGCInvoker-1.0
    2019-10-17 16:34 - 2018-06-17 21:14 - 000000000 ____D C:\Program Files (x86)\HP
    2019-10-17 15:57 - 2018-06-17 21:13 - 000000000 ____D C:\Users\baile\AppData\Local\HP
    2019-10-17 15:55 - 2018-06-17 21:14 - 000000000 ____D C:\Program Files\HP
    2019-10-16 20:03 - 2019-06-12 16:45 - 000000000 ____D C:\Users\baile\Downloads\JavaScriptCore.resources
    2019-10-16 20:01 - 2017-12-22 22:38 - 000002535 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Apple Software Update.lnk
    2019-10-15 18:19 - 2017-12-20 16:49 - 000000000 ____D C:\Program Files\Microsoft Office 15
    2019-10-09 20:48 - 2019-08-07 20:30 - 000004598 _____ C:\WINDOWS\system32\Tasks\Adobe Flash Player PPAPI Notifier
    2019-10-09 20:48 - 2019-08-07 20:30 - 000004422 _____ C:\WINDOWS\system32\Tasks\Adobe Flash Player Updater
    2019-10-09 20:48 - 2018-09-15 01:33 - 000000000 ____D C:\WINDOWS\SysWOW64\Macromed
    2019-10-09 20:48 - 2018-09-15 01:33 - 000000000 ____D C:\WINDOWS\system32\Macromed
    2019-10-08 21:56 - 2018-09-15 01:33 - 000000000 ____D C:\WINDOWS\SysWOW64\oobe
    2019-10-08 21:56 - 2018-09-15 01:33 - 000000000 ____D C:\WINDOWS\bcastdvr
    2019-10-08 21:56 - 2018-09-15 00:09 - 000000000 ____D C:\WINDOWS\system32\Dism
    2019-10-08 19:53 - 2017-12-20 01:26 - 127230528 ____C (Microsoft Corporation) C:\WINDOWS\system32\MRT.exe
    ==================== Files in the root of some directories ========
    2019-08-16 18:02 - 2019-08-16 18:02 - 000000000 _____ () C:\Users\baile\AppData\Local\BITCC06.tmp
    2019-08-16 18:02 - 2019-08-16 18:02 - 000000000 _____ () C:\Users\baile\AppData\Local\BITCC36.tmp
    2018-09-25 22:03 - 2018-09-25 22:03 - 000000000 _____ () C:\Users\baile\AppData\Local\oobelibMkey.log
    2019-08-09 16:03 - 2019-08-09 16:03 - 000000017 _____ () C:\Users\baile\AppData\Local\resmon.resmoncfg
    ==================== SigCheck ============================
    (There is no automatic fix for files that do not pass verification.)
    ==================== End of FRST.txt ========================
     
  6. sportsmom2x2

    sportsmom2x2 Thread Starter

    Joined:
    Sep 3, 2007
    Messages:
    156
    Thank you for your help!!
     
  7. iMacg3

    iMacg3 Malware Specialist

    Joined:
    Nov 3, 2018
    Messages:
    618
    Hi sportsmom2x2,

    ---------------------------------------------------
    Farbar Recovery Scan Tool - Fix

    • Highlight the contents of the below code box and press Ctrl + C on your keyboard:
      Code:
      Start::
      CreateRestorePoint:
      ShellIconOverlayIdentifiers: [00asw] -> {472083B0-C522-11CF-8763-00608CC02F24} => -> No File
      ShellIconOverlayIdentifiers: [00avg] -> {472083B0-C522-11CF-8763-00608CC02F24} => -> No File
      AlternateDataStreams: C:\Users\baile\OneDrive:${3D0CE612-FDEE-43f7-8ACA-957BEC0CCBA0}.SyncRootIdentity [130]
      AlternateDataStreams: C:\Users\Public\Shared Files:VersionCache [231]
      FirewallRules: [{DEC86BCC-7FC1-4B7A-8983-71F81D058E60}] => (Allow) %systemroot%\system32\alg.exe No File
      FirewallRules: [{F8BD7C21-0643-4DE1-8A7F-6F23634309FD}] => (Allow) C:\Users\baile\AppData\Local\Temp\7zS0B0B\HPDiagnosticCoreUI.exe No File
      FirewallRules: [{F7F65726-1206-4388-8E0E-293C34F56029}] => (Allow) C:\Users\baile\AppData\Local\Temp\7zS0B0B\HPDiagnosticCoreUI.exe No File
      FirewallRules: [{B03D518E-2727-49AF-90F5-8CFC654099FB}] => (Allow) C:\Users\baile\AppData\Local\Temp\7zS621E\HPDiagnosticCoreUI.exe No File
      FirewallRules: [{B46221E6-A78D-4DA6-A8B0-114C15C11205}] => (Allow) C:\Users\baile\AppData\Local\Temp\7zS621E\HPDiagnosticCoreUI.exe No File
      FirewallRules: [TCP Query User{D81F5BC7-EBFD-4BE6-BF59-FEA1CA323F60}C:\users\baile\appdata\local\temp\7zs621e\devicemanager\devicemanager.exe] => (Allow) C:\users\baile\appdata\local\temp\7zs621e\devicemanager\devicemanager.exe No File
      FirewallRules: [UDP Query User{DFB5C2C7-782B-4C3A-A1D7-679004ADA982}C:\users\baile\appdata\local\temp\7zs621e\devicemanager\devicemanager.exe] => (Allow) C:\users\baile\appdata\local\temp\7zs621e\devicemanager\devicemanager.exe No File
      FirewallRules: [{B2073E64-8313-4425-A121-9CCFB622819B}] => (Allow) C:\Users\baile\AppData\Local\Temp\7zS08E9\HPDiagnosticCoreUI.exe No File
      FirewallRules: [{9F8A7177-7502-4BE6-91F2-5D4EFBDBEC19}] => (Allow) C:\Users\baile\AppData\Local\Temp\7zS08E9\HPDiagnosticCoreUI.exe No File
      HKU\S-1-5-21-260720292-2504253849-2348319339-1001\...\MountPoints2: {1285eeda-e8c4-11e9-82dd-a87f714249d0} - "E:\VZW_Software_upgrade_assistant.exe" 
      FF HKLM\SOFTWARE\Policies\Mozilla\Firefox: Restriction <==== ATTENTION
      CHR HKLM\SOFTWARE\Policies\Google: Restriction <==== ATTENTION
      SearchScopes: HKU\S-1-5-21-260720292-2504253849-2348319339-1001 -> DefaultScope {D4DBA3E0-BA8B-43C2-9BDB-2CD84DB0CF9F} URL =
      SearchScopes: HKU\S-1-5-21-260720292-2504253849-2348319339-1001 -> {D4DBA3E0-BA8B-43C2-9BDB-2CD84DB0CF9F} URL = 
      Toolbar: HKU\S-1-5-21-260720292-2504253849-2348319339-1001 -> No Name - {EF293C5A-9F37-49FD-91C4-2B867063FC54} - No File
      2019-10-17 15:51 - 2019-10-17 15:51 - 000000000 ____D C:\Users\baile\AppData\Local\GoToAssist Remote Support Customer
      folder: C:\ProgramData\Visan
      Emptytemp:
      End::
    NOTICE: This script was written specifically for this user, for use on that particular machine. Running this on another machine may cause damage to your operating system
    • Double-click FRST.exe/FRST64.exe to run it.
    • Press the Fix button just once and wait.
      Note: No need to paste the script into FRST.
    • Restart the computer if prompted.
    • When the fix is complete FRST will generate a log in the same location it was run from (Fixlog.txt)
    • Please copy and paste its contents into your reply.

    ---------------------------------------------------

    In your next reply, please include:
    • Fixlog.txt
     
  8. sportsmom2x2

    sportsmom2x2 Thread Starter

    Joined:
    Sep 3, 2007
    Messages:
    156
    Fix result of Farbar Recovery Scan Tool (x64) Version: 09-11-2019 01
    Ran by bailey (10-11-2019 00:03:04) Run:2
    Running from C:\Users\baile\Desktop
    Loaded Profiles: bailey (Available Profiles: bailey)
    Boot Mode: Normal
    ==============================================
    fixlist content:
    *****************
    CreateRestorePoint:
    ShellIconOverlayIdentifiers: [00asw] -> {472083B0-C522-11CF-8763-00608CC02F24} => -> No File
    ShellIconOverlayIdentifiers: [00avg] -> {472083B0-C522-11CF-8763-00608CC02F24} => -> No File
    AlternateDataStreams: C:\Users\baile\OneDrive:${3D0CE612-FDEE-43f7-8ACA-957BEC0CCBA0}.SyncRootIdentity [130]
    AlternateDataStreams: C:\Users\Public\Shared Files:VersionCache [231]
    FirewallRules: [{DEC86BCC-7FC1-4B7A-8983-71F81D058E60}] => (Allow) %systemroot%\system32\alg.exe No File
    FirewallRules: [{F8BD7C21-0643-4DE1-8A7F-6F23634309FD}] => (Allow) C:\Users\baile\AppData\Local\Temp\7zS0B0B\HPDiagnosticCoreUI.exe No File
    FirewallRules: [{F7F65726-1206-4388-8E0E-293C34F56029}] => (Allow) C:\Users\baile\AppData\Local\Temp\7zS0B0B\HPDiagnosticCoreUI.exe No File
    FirewallRules: [{B03D518E-2727-49AF-90F5-8CFC654099FB}] => (Allow) C:\Users\baile\AppData\Local\Temp\7zS621E\HPDiagnosticCoreUI.exe No File
    FirewallRules: [{B46221E6-A78D-4DA6-A8B0-114C15C11205}] => (Allow) C:\Users\baile\AppData\Local\Temp\7zS621E\HPDiagnosticCoreUI.exe No File
    FirewallRules: [TCP Query User{D81F5BC7-EBFD-4BE6-BF59-FEA1CA323F60}C:\users\baile\appdata\local\temp\7zs621e\devicemanager\devicemanager.exe] => (Allow) C:\users\baile\appdata\local\temp\7zs621e\devicemanager\devicemanager.exe No File
    FirewallRules: [UDP Query User{DFB5C2C7-782B-4C3A-A1D7-679004ADA982}C:\users\baile\appdata\local\temp\7zs621e\devicemanager\devicemanager.exe] => (Allow) C:\users\baile\appdata\local\temp\7zs621e\devicemanager\devicemanager.exe No File
    FirewallRules: [{B2073E64-8313-4425-A121-9CCFB622819B}] => (Allow) C:\Users\baile\AppData\Local\Temp\7zS08E9\HPDiagnosticCoreUI.exe No File
    FirewallRules: [{9F8A7177-7502-4BE6-91F2-5D4EFBDBEC19}] => (Allow) C:\Users\baile\AppData\Local\Temp\7zS08E9\HPDiagnosticCoreUI.exe No File
    HKU\S-1-5-21-260720292-2504253849-2348319339-1001\...\MountPoints2: {1285eeda-e8c4-11e9-82dd-a87f714249d0} - "E:\VZW_Software_upgrade_assistant.exe"
    FF HKLM\SOFTWARE\Policies\Mozilla\Firefox: Restriction <==== ATTENTION
    CHR HKLM\SOFTWARE\Policies\Google: Restriction <==== ATTENTION
    SearchScopes: HKU\S-1-5-21-260720292-2504253849-2348319339-1001 -> DefaultScope {D4DBA3E0-BA8B-43C2-9BDB-2CD84DB0CF9F} URL =
    SearchScopes: HKU\S-1-5-21-260720292-2504253849-2348319339-1001 -> {D4DBA3E0-BA8B-43C2-9BDB-2CD84DB0CF9F} URL =
    Toolbar: HKU\S-1-5-21-260720292-2504253849-2348319339-1001 -> No Name - {EF293C5A-9F37-49FD-91C4-2B867063FC54} - No File
    2019-10-17 15:51 - 2019-10-17 15:51 - 000000000 ____D C:\Users\baile\AppData\Local\GoToAssist Remote Support Customer
    folder: C:\ProgramData\Visan
    Emptytemp:
    *****************
    Restore point was successfully created.
    HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\00asw => removed successfully
    HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\00avg => removed successfully
    C:\Users\baile\OneDrive => ":${3D0CE612-FDEE-43f7-8ACA-957BEC0CCBA0}.SyncRootIdentity" ADS could not remove.
    C:\Users\Public\Shared Files => ":VersionCache" ADS removed successfully
    "HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{DEC86BCC-7FC1-4B7A-8983-71F81D058E60}" => removed successfully
    "HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{F8BD7C21-0643-4DE1-8A7F-6F23634309FD}" => removed successfully
    "HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{F7F65726-1206-4388-8E0E-293C34F56029}" => removed successfully
    "HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{B03D518E-2727-49AF-90F5-8CFC654099FB}" => removed successfully
    "HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{B46221E6-A78D-4DA6-A8B0-114C15C11205}" => removed successfully
    "HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\TCP Query User{D81F5BC7-EBFD-4BE6-BF59-FEA1CA323F60}C:\users\baile\appdata\local\temp\7zs621e\devicemanager\devicemanager.exe" => removed successfully
    "HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\UDP Query User{DFB5C2C7-782B-4C3A-A1D7-679004ADA982}C:\users\baile\appdata\local\temp\7zs621e\devicemanager\devicemanager.exe" => removed successfully
    "HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{B2073E64-8313-4425-A121-9CCFB622819B}" => removed successfully
    "HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{9F8A7177-7502-4BE6-91F2-5D4EFBDBEC19}" => removed successfully
    HKU\S-1-5-21-260720292-2504253849-2348319339-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{1285eeda-e8c4-11e9-82dd-a87f714249d0} => not found
    HKLM\SOFTWARE\Policies\Mozilla => removed successfully
    HKLM\SOFTWARE\Policies\Google => removed successfully
    "HKU\S-1-5-21-260720292-2504253849-2348319339-1001\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope" => removed successfully
    HKU\S-1-5-21-260720292-2504253849-2348319339-1001\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{D4DBA3E0-BA8B-43C2-9BDB-2CD84DB0CF9F} => removed successfully
    "HKU\S-1-5-21-260720292-2504253849-2348319339-1001\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{EF293C5A-9F37-49FD-91C4-2B867063FC54}" => removed successfully
    C:\Users\baile\AppData\Local\GoToAssist Remote Support Customer => moved successfully
    ========================= folder: C:\ProgramData\Visan ========================
    2019-10-17 15:56 - 2019-10-17 15:56 - 000000000 ____D [00000000000000000000000000000000] () C:\ProgramData\Visan\AppIcons
    2015-01-22 15:32 - 2015-01-22 15:32 - 000044887 ____A [C027A70F9ABAAAEC16DB5925CC7577DD] () C:\ProgramData\Visan\AppIcons\HP Photo Creations.ico
    ====== End of Folder: ======
    =========== EmptyTemp: ==========
    BITS transfer queue => 11034624 B
    DOMStore, IE Recovery, AppCache, Feeds Cache, Thumbcache, IconCache => 620273603 B
    Java, Flash, Steam htmlcache => 1839 B
    Windows/system/drivers => 1504409 B
    Edge => 1873140 B
    Chrome => 559136556 B
    Firefox => 0 B
    Opera => 0 B
    Temp, IE cache, history, cookies, recent:
    Default => 0 B
    Users => 0 B
    ProgramData => 0 B
    Public => 0 B
    systemprofile => 0 B
    systemprofile32 => 0 B
    LocalService => 7624 B
    NetworkService => 12050 B
    baile => 9449011 B
    RecycleBin => 7188771769 B
    EmptyTemp: => 7.8 GB temporary data Removed.
    ================================
    The system needed a reboot.
    ==== End of Fixlog 00:04:30 ====
     
  9. iMacg3

    iMacg3 Malware Specialist

    Joined:
    Nov 3, 2018
    Messages:
    618
    Hi sportsmom2x2,

    ---------------------------------------------------
    ESET Online Scanner

    Download ESET Online Scanner and save it to your desktop.
    • Right-click on esetonlinescanner_enu.exe and select Run as Administrator.
    • When the tool opens, click Get Started.
    • Read and accept the license agreement.
    • At the Welcome to ESET Online Scanner window, click Get Started.
    • Select whether you would like to send anonymous data to ESET.
    • Note: if you see the "Welcome Back to ESET Online Scanner" screen, click Computer Scan > Full Scan.
    • Click on the Full Scan option.
    • Select Enable ESET to detect and remove potentially unwanted applications, then click Start scan.
    • ESET will now begin scanning your computer. This may take some time.
    • When the scan is finished and if threats have been detected, select Save scan log. Save it to your desktop as eset.txt. Click on Continue.
    • ESET Online Scanner may ask if you'd like to turn on the Periodic Scan feature. Click on Continue.
    • On the next screen, you can leave feedback about the program if you wish. Check the box for Delete application data on closing. If you left feedback, click Submit and continue. If not, Close without feedback.
    • Open the scan log on your desktop (eset.txt) and copy and paste its contents into your next reply.

    ---------------------------------------------------

    In your next reply, please include:
    • eset.txt
     
  10. sportsmom2x2

    sportsmom2x2 Thread Starter

    Joined:
    Sep 3, 2007
    Messages:
    156
    it would not let me save anything
     
  11. sportsmom2x2

    sportsmom2x2 Thread Starter

    Joined:
    Sep 3, 2007
    Messages:
    156
    upload_2019-11-11_9-57-23.png
     

    Attached Files:

  12. iMacg3

    iMacg3 Malware Specialist

    Joined:
    Nov 3, 2018
    Messages:
    618
    Hi sportsmom2x2,

    Let me know of any remaining issues with this computer.
     
  13. sportsmom2x2

    sportsmom2x2 Thread Starter

    Joined:
    Sep 3, 2007
    Messages:
    156
    Thank you very much. I am so happy you were able to help me. I will be more careful next time.
     
  14. iMacg3

    iMacg3 Malware Specialist

    Joined:
    Nov 3, 2018
    Messages:
    618
    If all is well:

    The following will remove the tools we used as well as reset system restore points:

    ---------------------------------------------------
    KpRm

    Download KpRm by kernel-panik and save it to your desktop.
    • Right-click kprm_(version).exe and select Run as Administrator.
    • When the tool opens, ensure all boxes are checked, and select Run.
    • Once complete, click OK.
    • A log will open in Notepad titled kprm-(date).txt.
    • Please copy and paste its contents in your next reply.
    ----------------------------------------------------
    Some tips to keep your computer safe on the Internet

    Make sure to use strong passwords. There are password managers (for example, Bitwarden) that can help you use secure passwords, and keep track of them.

    How to create a strong password
    ----------------------------------------------------
    Keeping software up-to-date is important as well. Programs such as UCheck, Heimdal Free, or PatchMyPC can help keep software on your computer up-to-date.

    To keep your operating system up-to-date, make sure that Windows Update is enabled on your computer.
    ----------------------------------------------------
    I recommend backing up your PC regularly. There are several ways to back up your computer, such as using a cloud-based service online, external hard drive, or CD/DVD.

    The following articles have more information about methods to back up your computer:

    What's the Best Way to Back Up My Computer?

    5 Ways to Back up Your Data
    ----------------------------------------------------
    Here are some articles about how to keep your computer safe on the Internet -

    Simple and easy ways to keep your computer safe and secure on the Internet - by Lawrence Abrams

    Answers to common security questions - Best Practices - by quietman7

    COMPUTER SECURITY - a short guide to staying safer online - Malware Removal

    PC Safety and Security - What Do I Need? - Tech Support Forum
    ----------------------------------------------------

    Safe surfing :)
     
  15. sportsmom2x2

    sportsmom2x2 Thread Starter

    Joined:
    Sep 3, 2007
    Messages:
    156
    # Run at 11/12/2019 11:40:42 PM
    # KpRm (Kernel-panik) version 1.22
    # Website https://kernel-panik.me/tool/kprm/
    # Run by bailey from C:\Users\baile\Desktop
    # Computer Name: YOGA720-15IKB
    # OS: Windows 10 X64 (18362)
    # Number of passes: 2
    - Checked options -
    ~ Registry Backup
    ~ Delete Tools
    ~ Restore System Settings
    ~ UAC Restore
    ~ Delete Restore Points
    ~ Create Restore Point
    - Create Registry Backup -
    ~ [OK] Hive C:\WINDOWS\System32\config\SOFTWARE backed up
    ~ [OK] Hive C:\Users\baile\NTUSER.dat backed up
    [OK] Registry Backup: C:\KPRM\backup\2019-11-12-23-40-34
    - Remove Tools -
    No tools found
    - Restore System Settings -
    [OK] Flush DNS
    [OK] Reset WinSock
    [OK] Hide Hidden file.
    [OK] Show Extensions for known file types
    [OK] Hide protected operating system files
    - Restore UAC -
    [OK] Set ConsentPromptBehaviorAdmin with default (5) value
    [OK] Set ConsentPromptBehaviorUser with default (3) value
    [OK] Set EnableInstallerDetection with default (0) value
    [OK] Set EnableLUA with default (1) value
    [OK] Set EnableSecureUIAPaths with default (1) value
    [OK] Set EnableUIADesktopToggle with default (0) value
    [OK] Set EnableVirtualization with default (1) value
    [OK] Set FilterAdministratorToken with default (0) value
    [OK] Set PromptOnSecureDesktop with default (1) value
    [OK] Set ValidateAdminCodeSignatures with default (0) value
    - Clear Restore Points -
    ~ [OK] RP named Windows Update created at 11/08/2019 07:54:47 deleted
    ~ [OK] RP named Removed HP Officejet Pro 8600 Basic Device Software created at 11/11/2019 17:03:26 deleted
    [OK] All system restore points have been successfully deleted
    - Create Restore Point -
    [OK] System Restore Point created
    - Display System Restore Point -
    ~ RP named KpRm created at 11/13/2019 05:40:59 found
    -- KPRM finished in 40.91s --
    Thank you again for your help
     
  16. Sponsor

As Seen On
As Seen On...

Welcome to Tech Support Guy!

Are you looking for the solution to your computer problem? Join our site today to ask your question. This site is completely free -- paid for by advertisers and donations.

If you're not already familiar with forums, watch our Welcome Guide to get started.

Join over 733,556 other people just like you!

Loading...

Short URL to this thread: https://techguy.org/1235326

  1. This site uses cookies to help personalise content, tailor your experience and to keep you logged in if you register.
    By continuing to use this site, you are consenting to our use of cookies.
    Dismiss Notice