Fix result of Farbar Recovery Scan Tool (x64) Version: 14-11-2021 Ran by 19192 (17-11-2021 11:33:12) Run:1 Running from C:\Users\19192\OneDrive\Desktop Loaded Profiles: 19192 Boot Mode: Normal ============================================== fixlist content: ***************** closeprocesses: createrestorepoint: DriverUpdate (HKLM\...\{70A3DB76-E1F1-4D1C-B791-824F1C63238A}) (Version: 5.8.19 - Slimware Utilities Holdings, Inc.) Hidden <==== ATTENTION HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS => ""="Service" HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\McMPFSvc => ""="Service" HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\MCODS => ""="Service" SearchScopes: HKU\S-1-5-21-4005300964-2302935580-1863167367-1001 -> DefaultScope {10ABE9E3-13DA-46DD-B4E9-AA1779861B5A} URL = SearchScopes: HKU\S-1-5-21-4005300964-2302935580-1863167367-1001 -> {10ABE9E3-13DA-46DD-B4E9-AA1779861B5A} URL = FirewallRules: [{E281517D-A7B0-4B35-98C2-15EDAB153D75}] => (Allow) C:\Users\19192\AppData\Local\Temp\HelpDesk\u8\HelpDesk\RPCHelpDeskServiceUAC.exe => No File FirewallRules: [{868BB4AB-5C17-4ED0-A373-2D0A60535557}] => (Allow) C:\Users\19192\AppData\Local\Temp\HelpDesk\u8\HelpDesk\RPCHelpDeskServiceUAC.exe => No File FirewallRules: [{C7F4D455-330B-4ACC-BC29-DF1ACFF695FE}] => (Allow) C:\Users\19192\AppData\Local\Temp\ShowMyPC\-ShowMyPC3606\SMPCSetup.exe => No File FirewallRules: [{5806E64E-1B06-4E0B-B9C2-B4EF9AFB8809}] => (Allow) C:\Users\19192\AppData\Local\Temp\ShowMyPC\-ShowMyPC3606\tvnserver.exe => No File HKLM-x32\...\Run: [tvncontrol] => "C:\Program Files (x86)\ShowMyPCService\tvnserver.exe" -controlservice -slave (No File) Task: {0701D042-9791-4309-AC67-196ABEC83A9E} - \Lenovo\ImController\Lenovo iM Controller Monitor -> No File <==== ATTENTION Task: {24F4E6C9-ACF2-48C9-969B-5A4D116A5E3D} - \Lenovo\ImController\TimeBasedEvents\fce8b35d-f625-4d1c-924d-c555a774b87c -> No File <==== ATTENTION Task: {79185E2D-6052-4A95-9D94-E7BE95E4EE15} - System32\Tasks\Lenovo\BatteryGauge\BatteryGaugeMaintenance => C:\ProgramData\Lenovo\ImController\Plugins\LenovoBatteryGaugePackage\x64\BGHelper.exe (No File) Task: {8CCDCD9E-AE81-4FE0-8458-861B71078265} - \Lenovo\ImController\Lenovo iM Controller Scheduled Maintenance -> No File <==== ATTENTION Task: {9FD42CCE-79DC-4BD4-850F-D1327A7FC731} - \Lenovo\ImController\TimeBasedEvents\5162f36a-538c-448c-adde-aa0d542ef045 -> No File <==== ATTENTION Task: {B2C9009F-58CB-4892-B36E-CA623FA3E35A} - \Lenovo\ImController\TimeBasedEvents\91917b8d-c346-4ebd-b347-373688af688b -> No File <==== ATTENTION Task: {DA622FAA-9F58-4D2A-BF99-030204ACD04C} - \Lenovo\ImController\TimeBasedEvents\4698dca5-e53b-4db6-a01f-2fcfe4af3754 -> No File <==== ATTENTION Task: {F15C1A7A-F903-4445-90BE-34AC99FBA265} - \Lenovo\ImController\Plugins\LenovoSystemUpdatePlugin_WeeklyTask -> No File <==== ATTENTION Task: {FD00D536-B53A-4FBC-852A-5E01E1347A32} - \Lenovo\ImController\TimeBasedEvents\8cca9d46-7384-4f46-8e72-8b54f6bbc9f4 -> No File <==== ATTENTION CHR Notifications: Default -> hxxps://19216801.me CHR DefaultSearchURL: Default -> hxxps://search.yahoo.com/search?fr=mcafee&type=E210US714G0&p={searchTerms} CHR DefaultSearchKeyword: Default -> mcafee CHR DefaultSuggestURL: Default -> hxxps://us.search.yahoo.com/sugg/gossip/gossip-us-partner?output=fxjson&appid=mca&source=yahoo_mcafee_searchassist&command={searchTerms} S2 GamingServices; C:\Program Files\WindowsApps\Microsoft.GamingServices_2.57.20005.0_x64__8wekyb3d8bbwe\GamingServices.exe [X] S2 GamingServicesNet; C:\Program Files\WindowsApps\Microsoft.GamingServices_2.57.20005.0_x64__8wekyb3d8bbwe\GamingServicesNet.exe [X] S2 HelpDeskService; C:\Users\19192\AppData\Local\Temp\HelpDesk\u8\HelpDesk\RPCHelpDeskServiceUAC.exe [X] <==== ATTENTION S2 ImControllerService; %SystemRoot%\Lenovo\ImController\Service\Lenovo.Modern.ImController.exe [X] 2021-11-09 17:48 - 2021-11-09 17:48 - 000000000 ____D C:\Users\defaultuser100001.LAPTOP-6BUIOIQ5.001 2021-11-09 17:38 - 2021-11-09 17:38 - 000000000 ____D C:\Users\19192\AppData\Local\GoToAssist Remote Support Customer 2021-11-09 17:17 - 2021-11-09 17:17 - 002745776 _____ C:\Users\19192\Downloads\ShowMyPC3606.exe 2021-11-09 16:48 - 2021-11-09 17:56 - 000000000 ____D C:\ProgramData\HelpDeskHost 2021-11-09 16:48 - 2021-11-09 16:48 - 000368560 _____ () C:\Users\19192\Downloads\HelpDesk_495711758.exe 2021-11-09 16:48 - 2021-11-09 16:48 - 000003124 _____ C:\Windows\system32\Tasks\KillHelpDeskService 2021-11-09 16:48 - 2021-11-09 16:48 - 000000000 ____D C:\ProgramData\RemotePC 2021-11-09 16:48 - 2021-11-09 16:48 - 000000000 ____D C:\Program Files (x86)\RemotePC 2021-11-09 17:21 - 2021-11-09 17:21 - 000000128 _____ C:\Users\19192\AppData\Local\PUTTY.RND Powershell: wevtutil el | Foreach-Object {wevtutil cl "$_"} emptytemp: ***************** Processes closed successfully. Restore point was successfully created. "HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{70A3DB76-E1F1-4D1C-B791-824F1C63238A}\\SystemComponent" => removed successfully HKLM\System\CurrentControlSet\Control\SafeBoot\Minimal\MCODS => removed successfully HKLM\System\CurrentControlSet\Control\SafeBoot\Network\McMPFSvc => removed successfully HKLM\System\CurrentControlSet\Control\SafeBoot\Network\MCODS => removed successfully "HKU\S-1-5-21-4005300964-2302935580-1863167367-1001\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope" => removed successfully HKU\S-1-5-21-4005300964-2302935580-1863167367-1001\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{10ABE9E3-13DA-46DD-B4E9-AA1779861B5A} => removed successfully "HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{E281517D-A7B0-4B35-98C2-15EDAB153D75}" => removed successfully "HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{868BB4AB-5C17-4ED0-A373-2D0A60535557}" => removed successfully "HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{C7F4D455-330B-4ACC-BC29-DF1ACFF695FE}" => removed successfully "HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{5806E64E-1B06-4E0B-B9C2-B4EF9AFB8809}" => removed successfully "HKLM\Software\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\\tvncontrol" => removed successfully "HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{0701D042-9791-4309-AC67-196ABEC83A9E}" => removed successfully "HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{0701D042-9791-4309-AC67-196ABEC83A9E}" => removed successfully "HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Lenovo\ImController\Lenovo iM Controller Monitor" => removed successfully "HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{24F4E6C9-ACF2-48C9-969B-5A4D116A5E3D}" => removed successfully "HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{24F4E6C9-ACF2-48C9-969B-5A4D116A5E3D}" => removed successfully "HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Lenovo\ImController\TimeBasedEvents\fce8b35d-f625-4d1c-924d-c555a774b87c" => removed successfully "HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{79185E2D-6052-4A95-9D94-E7BE95E4EE15}" => removed successfully "HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{79185E2D-6052-4A95-9D94-E7BE95E4EE15}" => removed successfully C:\Windows\System32\Tasks\Lenovo\BatteryGauge\BatteryGaugeMaintenance => moved successfully "HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Lenovo\BatteryGauge\BatteryGaugeMaintenance" => removed successfully "HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{8CCDCD9E-AE81-4FE0-8458-861B71078265}" => removed successfully "HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{8CCDCD9E-AE81-4FE0-8458-861B71078265}" => removed successfully "HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Lenovo\ImController\Lenovo iM Controller Scheduled Maintenance" => removed successfully "HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{9FD42CCE-79DC-4BD4-850F-D1327A7FC731}" => removed successfully "HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{9FD42CCE-79DC-4BD4-850F-D1327A7FC731}" => removed successfully "HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Lenovo\ImController\TimeBasedEvents\5162f36a-538c-448c-adde-aa0d542ef045" => removed successfully "HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{B2C9009F-58CB-4892-B36E-CA623FA3E35A}" => removed successfully "HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{B2C9009F-58CB-4892-B36E-CA623FA3E35A}" => removed successfully "HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Lenovo\ImController\TimeBasedEvents\91917b8d-c346-4ebd-b347-373688af688b" => removed successfully "HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{DA622FAA-9F58-4D2A-BF99-030204ACD04C}" => removed successfully "HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{DA622FAA-9F58-4D2A-BF99-030204ACD04C}" => removed successfully "HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Lenovo\ImController\TimeBasedEvents\4698dca5-e53b-4db6-a01f-2fcfe4af3754" => removed successfully "HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{F15C1A7A-F903-4445-90BE-34AC99FBA265}" => removed successfully "HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{F15C1A7A-F903-4445-90BE-34AC99FBA265}" => removed successfully "HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Lenovo\ImController\Plugins\LenovoSystemUpdatePlugin_WeeklyTask" => removed successfully "HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{FD00D536-B53A-4FBC-852A-5E01E1347A32}" => removed successfully "HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{FD00D536-B53A-4FBC-852A-5E01E1347A32}" => removed successfully "HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Lenovo\ImController\TimeBasedEvents\8cca9d46-7384-4f46-8e72-8b54f6bbc9f4" => removed successfully "Chrome Notifications" => removed successfully "Chrome DefaultSearchURL" => removed successfully "Chrome DefaultSearchKeyword" => removed successfully "Chrome DefaultSuggestURL" => removed successfully HKLM\System\CurrentControlSet\Services\GamingServices => removed successfully GamingServices => service removed successfully HKLM\System\CurrentControlSet\Services\GamingServicesNet => removed successfully GamingServicesNet => service removed successfully HKLM\System\CurrentControlSet\Services\HelpDeskService => removed successfully HelpDeskService => service removed successfully HKLM\System\CurrentControlSet\Services\ImControllerService => removed successfully ImControllerService => service removed successfully C:\Users\defaultuser100001.LAPTOP-6BUIOIQ5.001 => moved successfully C:\Users\19192\AppData\Local\GoToAssist Remote Support Customer => moved successfully C:\Users\19192\Downloads\ShowMyPC3606.exe => moved successfully C:\ProgramData\HelpDeskHost => moved successfully C:\Users\19192\Downloads\HelpDesk_495711758.exe => moved successfully C:\Windows\system32\Tasks\KillHelpDeskService => moved successfully C:\ProgramData\RemotePC => moved successfully C:\Program Files (x86)\RemotePC => moved successfully C:\Users\19192\AppData\Local\PUTTY.RND => moved successfully ========= wevtutil el | Foreach-Object {wevtutil cl "$_"} ========= wevtutil : Failed to clear log Microsoft-Windows-LiveId/Analytic. At C:\FRST\tmp.ps1:1 char:31 + wevtutil el | Foreach-Object {wevtutil cl "$_"} + ~~~~~~~~~~~~~~~~ + CategoryInfo : NotSpecified: (Failed to clear...iveId/Analytic.:String) [], RemoteException + FullyQualifiedErrorId : NativeCommandError Access is denied. wevtutil : Failed to clear log Microsoft-Windows-LiveId/Operational. At C:\FRST\tmp.ps1:1 char:31 + wevtutil el | Foreach-Object {wevtutil cl "$_"} + ~~~~~~~~~~~~~~~~ + CategoryInfo : NotSpecified: (Failed to clear...Id/Operational.:String) [], RemoteException + FullyQualifiedErrorId : NativeCommandError Access is denied. wevtutil : Failed to clear log Microsoft-Windows-USBVideo/Analytic. At C:\FRST\tmp.ps1:1 char:31 + wevtutil el | Foreach-Object {wevtutil cl "$_"} + ~~~~~~~~~~~~~~~~ + CategoryInfo : NotSpecified: (Failed to clear...Video/Analytic.:String) [], RemoteException + FullyQualifiedErrorId : NativeCommandError The instance name passed was not recognized as valid by a WMI data provider. ========= End of Powershell: ========= =========== EmptyTemp: ========== BITS transfer queue => 0 B DOMStore, IE Recovery, AppCache, Feeds Cache, Thumbcache, IconCache => 24646445 B Java, Flash, Steam htmlcache => 0 B Windows/system/drivers => 337476217 B Edge => 0 B Chrome => 413440325 B Firefox => 0 B Opera => 0 B Temp, IE cache, history, cookies, recent: Default => 0 B ProgramData => 0 B Public => 0 B systemprofile => 0 B systemprofile32 => 0 B LocalService => 34606 B NetworkService => 6553578 B 19192 => 453562593 B defaultuser100001.LAPTOP-6BUIOIQ5.001 => 453562593 B RecycleBin => 39883 B EmptyTemp: => 1.6 GB temporary data Removed. ================================ The system needed a reboot. ==== End of Fixlog 11:34:01 ====