Jump to content

Welcome to Geeks to Go - Register now for FREE

Need help with your computer or device? Want to learn new tech skills? You're in the right place!
Geeks to Go is a friendly community of tech experts who can solve any problem you have. Just create a free account and post your question. Our volunteers will reply quickly and guide you through the steps. Don't let tech troubles stop you. Join Geeks to Go now and get the support you need!

How it Works Create Account
Photo

email infected by Torpig? [Solved]

Started by karolion , Nov 10 2021 03:10 PM

  • This topic is locked This topic is locked

#1
karolion
Posted 10 November 2021 - 03:10 PM

karolion

    Member

  • Member
  • PipPip
  • 38 posts

I got a Lenovo Ideapad Gaming 3 a few months ago.  I paid for a year subscription to Microsoft 365 to be included with the computer for a discounted price.  Since I first received the computer I have not been able to sign into Microsoft on it, though I can sign in to Microsoft in my browser.  Yesterday was the first time I needed to use Microsoft 365 to create a word document.  I got a message saying the 180 day sign up period had expired and I'd have to purchase a new subscription, but it hasn't been 180 days since I got the computer.  I couldn't resolve the issue using the Microsoft website so I looked for a phone number.  I called and spoke to a man with an Indian accent whom I allowed to remotely log in to my computer to explain to me why I was receiving the erroneous message that the 180 day period had expired.  When he accessed my computer a message showed up in the bottom right corner that Sam Smith had accessed my computer.  I don't know if that was his real name or not as I had no reason to use during the conversation but the discrepancy between his name and his accent made me a bit suspicious once the call was over.  He told me I had a Torpig Mebroot infection.  I remember seeing on the c:// prompt screen file infected which he brought to my attention.  He opened a browser page to show me the Wikipedia entry on Torpig.  He then told me my email addresses, one Yahoo and one Gmail, were infected which is why Microsoft wouldn't allow me to sign in through the app and I would have to have a professional work on my computer.  He offered to find someone to do this and connect me to them on a conference call.  He told me it would cost $250 for the service plus year subscription and $100 for something else, maybe diagnostics, but he told me if he connected me to this company through Microsoft the $100 would be waived.  He had opened the notepad and typed in what my problem was, the Torpig Mebroot infection and said to leave that on the screen.  The person at the company he transferred me to asked me to enter my name, address and phone number and payment details in the notepad.  He then told me someone would work on my computer and call me back in 30 minutes to an hour. 

 

My foster mother had a similar experience a year or so ago and I started wondering if this was a legitimate service.  I called my best friend who knows much more about computers than me, though she wasn't familiar with the term Torpig Mebroot infection.  She told me that it could be a scam and that I should never let anyone else remotely access my computer.  She had me disable the wi-fi connection and said she would look into the problem for me.  I received 4 calls from the "company" that was supposedly fixing my computer and one from Sam Smith.  In the messages left during the first 3 calls the caller said he was from Cyber Expert Pro. I told Sam Smith I'd call him back but have not and I explained to the man at Cyber Exper Pro that I thought this was a scam and had called my credit card company to block the charge.  When I searched the internet for the company today I found a help question in Google where several responders told the OP that it was a scam and not to pay for their services.  My friend was worried they might install ransomware on my computer and said not to reconnect to the internet and she'd try to help me when we get together this week but I don't want to burden her with that task so I have been researching the topic today which led me to this forum.  I have run Malwarebytes and quarantined the 6 PUPs it found.  I found a different phone number for Microsoft when I searched using DuckDuckGo today than I did using Google last night.

 

I have 3 questions.

 

1) Would Malwarebytes not be able to identify this infection?

2) If I truly have a Torpig infection would it not be the computer that is infected rather than my email addresses as he stated?

3) If I do have this infection can someone help me fix this problem?

 

Thanks in advance for any help.

 

Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 09-11-2021
Ran by 19192 (administrator) on LAPTOP-6BUIOIQ5 (LENOVO 81Y4) (10-11-2021 15:08:51)
Running from C:\Users\19192\Desktop
Loaded Profiles: 19192
Platform: Microsoft Windows 10 Home Version 20H2 19042.1110 (X64) Language: English (United States)
Default browser: Chrome
Boot Mode: Normal
 
==================== Processes (Whitelisted) =================
 
(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
 
(Apple Inc. -> Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(Apple Inc. -> Apple Inc.) C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(Dolby Laboratories, Inc. -> Dolby Laboratories) C:\Windows\System32\DriverStore\FileRepository\DAX3_S~1.INF\DAX3API.exe
(Dolby Laboratories, Inc. -> Dolby Laboratories) C:\Windows\System32\DriverStore\FileRepository\dax3_swc_aposvc.inf_amd64_fe9531bca29258f3\DAX3API.exe
(Google LLC -> Google LLC) C:\Program Files (x86)\Google\Update\1.3.36.112\GoogleCrashHandler.exe
(Google LLC -> Google LLC) C:\Program Files (x86)\Google\Update\1.3.36.112\GoogleCrashHandler64.exe
(Google LLC -> Google LLC) C:\Program Files\Google\Chrome\Application\chrome.exe <20>
(Intel® Embedded Subsystems and IP Blocks Group -> Intel Corporation) C:\Windows\System32\DriverStore\FileRepository\dal.inf_amd64_0b214be229a13e84\jhi_service.exe
(Intel® pGFX -> Intel Corporation) C:\Windows\System32\DriverStore\FileRepository\iaahcic.inf_amd64_c98d5e0dfc88ac2f\RstMwService.exe
(Intel® pGFX 2020 -> Intel Corporation) C:\Windows\System32\DriverStore\FileRepository\cui_dch.inf_amd64_0d8dab4470c5524b\igfxCUIService.exe
(Intel® pGFX 2020 -> Intel Corporation) C:\Windows\System32\DriverStore\FileRepository\cui_dch.inf_amd64_0d8dab4470c5524b\igfxEM.exe
(Intel® pGFX 2020 -> Intel Corporation) C:\Windows\System32\DriverStore\FileRepository\dptf_cpu.inf_amd64_82b77f8c4618e2d0\esif_uf.exe
(Intel® pGFX 2020 -> Intel Corporation) C:\Windows\System32\DriverStore\FileRepository\igcc_dch.inf_amd64_a9a2dde7124f013f\OneApp.IGCC.WinService.exe
(Intel® pGFX 2020 -> Intel Corporation) C:\Windows\System32\DriverStore\FileRepository\iigd_dch.inf_amd64_657d56a89b3d77d6\IntelCpHDCPSvc.exe
(Intel® pGFX 2020 -> Intel Corporation) C:\Windows\System32\DriverStore\FileRepository\iigd_dch.inf_amd64_657d56a89b3d77d6\IntelCpHeciSvc.exe
(Lenovo -> Lenovo Group Ltd.) C:\Program Files (x86)\Lenovo\VantageService\3.9.23.0\Lenovo.Vantage.AddinHost.exe <3>
(Lenovo -> Lenovo Group Ltd.) C:\Program Files (x86)\Lenovo\VantageService\3.9.23.0\LenovoVantageService.exe
(Lenovo -> Lenovo Group Ltd.) C:\Windows\Lenovo\ImController\PluginHost\Lenovo.Modern.ImController.PluginHost.Device.exe
(Lenovo -> Lenovo Group Ltd.) C:\Windows\Lenovo\ImController\PluginHost\Lenovo.Modern.ImController.PluginHost.SettingsApp.exe <2>
(Lenovo -> Lenovo Group Ltd.) C:\Windows\Lenovo\ImController\PluginHost86\Lenovo.Modern.ImController.PluginHost.CompanionApp.exe
(Lenovo -> Lenovo Group Ltd.) C:\Windows\Lenovo\ImController\PluginHost86\Lenovo.Modern.ImController.PluginHost.Device.exe <2>
(Lenovo -> Lenovo Group Ltd.) C:\Windows\Lenovo\ImController\Service\Lenovo.Modern.ImController.exe
(Lenovo -> Lenovo Group Ltd.) C:\Windows\System32\drivers\Lenovo\udc\Service\UDClientService.exe
(Lenovo -> Lenovo(beijing) Limited) C:\Windows\System32\DriverStore\FileRepository\lenovofnandfunctionkeys.inf_amd64_b9fd1528982e300f\LenovoUtilityService.exe
(LENOVO INC) C:\Program Files\WindowsApps\E0469640.LenovoUtility_4.1.32.0_x64__5grkq8ppsgwt4\LaunchUtility\utility.exe
(Logitech Inc -> Logitech) C:\ProgramData\Logishrd\LogiOptions\Software\Current\LogiOverlay.exe
(Logitech Inc -> Logitech, Inc.) C:\Program Files\Logitech\LogiOptions\LogiOptions.exe
(Logitech Inc -> Logitech, Inc.) C:\ProgramData\Logishrd\LogiOptions\Software\Current\laclient\laclient.exe
(Logitech Inc -> Logitech, Inc.) C:\ProgramData\Logishrd\LogiOptions\Software\Current\LogiOptionsMgr.exe
(Malwarebytes Inc -> Malwarebytes) C:\Program Files\Malwarebytes\Anti-Malware\mbam.exe
(Malwarebytes Inc -> Malwarebytes) C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe
(Malwarebytes Inc -> Malwarebytes) C:\Program Files\Malwarebytes\Anti-Malware\mbamtray.exe
(McAfee, LLC -> McAfee, LLC) C:\Program Files\McAfee\WebAdvisor\servicehost.exe
(McAfee, LLC -> McAfee, LLC) C:\Program Files\McAfee\WebAdvisor\uihost.exe
(Microsoft Corporation -> Microsoft Corporation) C:\Program Files\Common Files\microsoft shared\ClickToRun\OfficeClickToRun.exe
(Microsoft Corporation) C:\Program Files\WindowsApps\Microsoft.549981C3F5F10_3.2109.6305.0_x64__8wekyb3d8bbwe\Cortana.exe
(Microsoft Corporation) C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_16005.14326.20544.0_x64__8wekyb3d8bbwe\HxOutlook.exe
(Microsoft Corporation) C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_16005.14326.20544.0_x64__8wekyb3d8bbwe\HxTsr.exe
(Microsoft Corporation) C:\Program Files\WindowsApps\Microsoft.WindowsStore_12107.1001.15.0_x64__8wekyb3d8bbwe\WinStore.App.exe
(Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\CredentialEnrollmentManager.exe
(Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\dllhost.exe <3>
(Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\MoUsoCoreWorker.exe
(Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\rundll32.exe
(Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\smartscreen.exe
(Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\wlanext.exe
(Microsoft Windows Hardware Compatibility Publisher -> Fortemedia) C:\Windows\System32\FMService64.exe
(NVIDIA Corporation -> NVIDIA Corporation) C:\Windows\System32\DriverStore\FileRepository\nvlt.inf_amd64_5adc6075318430cf\Display.NvContainer\NVDisplay.Container.exe <2>
(Realtek Semiconductor Corp. -> Realtek Semiconductor) C:\Windows\System32\RtkAudUService64.exe <2>
(ShowMyPC -> GlavSoft LLC.) C:\Program Files (x86)\ShowMyPCService\tvnserver.exe <2>
 
==================== Registry (Whitelisted) ===================
 
(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
 
HKLM\...\Run: [RtkAudUService] => C:\Windows\System32\RtkAudUService64.exe [1085224 2020-06-03] (Realtek Semiconductor Corp. -> Realtek Semiconductor)
HKLM\...\Run: [Logitech Download Assistant] => C:\Windows\System32\LogiLDA.dll [3951024 2019-10-11] (Microsoft Windows Hardware Compatibility Publisher -> Logitech, Inc.)
HKLM\...\Run: [LogiOptions] => C:\Program Files\Logitech\LogiOptions\LogiOptions.exe [2109064 2019-11-27] (Logitech Inc -> Logitech, Inc.)
HKLM\...\Run: [iTunesHelper] => C:\Program Files\iTunes\iTunesHelper.exe [339000 2021-10-26] (Apple Inc. -> Apple Inc.)
HKLM-x32\...\Run: [tvncontrol] => C:\Program Files (x86)\ShowMyPCService\tvnserver.exe [1424088 2020-01-21] (ShowMyPC -> GlavSoft LLC.)
HKLM\...\Windows x64\Print Processors\Canon MP830 Print Processor: C:\Windows\System32\spool\prtprocs\x64\CNMPD7Q.DLL [27136 2006-09-13] (Microsoft Windows Hardware Compatibility Publisher -> CANON INC.)
HKLM\...\Print\Monitors\Canon BJ Language Monitor MP830: C:\Windows\system32\CNMLM7Q.DLL [234496 2006-09-13] (Microsoft Windows Hardware Compatibility Publisher -> CANON INC.)
HKLM\...\Print\Monitors\Canon MP FAX Language Monitor MP830: C:\Windows\system32\CNCF2Lb.DLL [188928 2006-09-13] (Microsoft Windows Hardware Compatibility Publisher -> Canon Inc.)
HKLM\Software\Microsoft\Active Setup\Installed Components: [{8A69D345-D564-463c-AFF1-A69D9E530F96}] -> C:\Program Files\Google\Chrome\Application\95.0.4638.69\Installer\chrmstp.exe [2021-10-29] (Google LLC -> Google LLC)
 
==================== Scheduled Tasks (Whitelisted) ============
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
Task: {00D2B972-FA12-4E58-A952-BEB9AD45BC4F} - System32\Tasks\Lenovo\ImController\TimeBasedEvents\5de69f31-f736-4890-8dd5-721a98ea41db => C:\Windows\Lenovo\ImController\Service\Lenovo.Modern.ImController.exe [81896 2021-08-12] (Lenovo -> Lenovo Group Ltd.)
Task: {04D3FBF3-3CCD-4BB3-8A09-3F402FBAF841} - System32\Tasks\NvProfileUpdaterOnLogon_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files\NVIDIA Corporation\Update Core\NvProfileUpdater64.exe [907240 2020-06-23] (NVIDIA Corporation -> NVIDIA Corporation)
Task: {0701D042-9791-4309-AC67-196ABEC83A9E} - System32\Tasks\Lenovo\ImController\Lenovo iM Controller Monitor => C:\Windows\system32\ImController.InfInstaller.exe [62440 2021-08-12] (Lenovo -> Lenovo Group Ltd.)
Task: {1CCF7835-0F31-4679-8B5E-ECD0F3A3466C} - System32\Tasks\Lenovo\Vantage\Schedule\DailyTelemetryTransmission => C:\Program Files (x86)\Lenovo\VantageService\3.9.23.0\ScheduleEventAction.exe [26656 2021-09-16] (Lenovo -> Lenovo Group Ltd.)
Task: {26F17EF2-56D4-4F1D-B730-834E8B375DC2} - System32\Tasks\NvTmRep_CrashReport3_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files\NVIDIA Corporation\NvBackend\NvTmRep.exe [1126888 2020-06-23] (NVIDIA Corporation -> NVIDIA Corporation)
Task: {2F39C152-53BC-45FF-A1F7-088B7821CB81} - System32\Tasks\NvDriverUpdateCheckDaily_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe [874472 2020-05-07] (NVIDIA Corporation -> NVIDIA Corporation) -> -d "C:\Program Files\NVIDIA Corporation\NvDriverUpdateCheck" -l 3 -f C:\ProgramData\NVIDIA\NvContainerDriverUpdateCheck.log
Task: {327FA5EE-3829-45C2-AB44-5E0093BD6ACB} - System32\Tasks\Lenovo\ImController\TimeBasedEvents\5bea9451-f442-4ce6-b4f5-fa9535e3dab7 => C:\Windows\Lenovo\ImController\Service\Lenovo.Modern.ImController.exe [81896 2021-08-12] (Lenovo -> Lenovo Group Ltd.)
Task: {368392EC-06F2-4824-99EF-186F5129F43F} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [154440 2021-04-14] (Google LLC -> Google LLC)
Task: {3950868B-DD14-4A29-BD10-874C3DBAD454} - System32\Tasks\Microsoft\Office\Office Feature Updates => C:\Program Files\Microsoft Office\root\Office16\sdxhelper.exe [138600 2021-10-29] (Microsoft Corporation -> Microsoft Corporation)
Task: {54BFEC5B-779A-4060-88C1-F822AD15A989} - System32\Tasks\NvNodeLauncher_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files (x86)\NVIDIA Corporation\NvNode\nvnodejslauncher.exe [647656 2020-06-23] (NVIDIA Corporation -> NVIDIA Corporation)
Task: {73F46A70-9630-4059-B911-C5423206F6AD} - System32\Tasks\Lenovo\UDC\Lenovo UDC Monitor => C:\Windows\system32\drivers\lenovo\udc\data\InfBackup\UdcInfInstaller.exe [201584 2021-07-21] (Lenovo -> Lenovo Group Ltd.)
Task: {789F5FB3-7BC3-4633-B21C-4E6B52E1D61D} - System32\Tasks\Microsoft\Office\Office Feature Updates Logon => C:\Program Files\Microsoft Office\root\Office16\sdxhelper.exe [138600 2021-10-29] (Microsoft Corporation -> Microsoft Corporation)
Task: {79185E2D-6052-4A95-9D94-E7BE95E4EE15} - System32\Tasks\Lenovo\BatteryGauge\BatteryGaugeMaintenance => C:\ProgramData\Lenovo\ImController\Plugins\LenovoBatteryGaugePackage\x64\BGHelper.exe [145480 2021-09-09] (Lenovo -> Lenovo Group Ltd.)
Task: {82A84753-F65F-4D77-A547-E09194FE39B8} - System32\Tasks\Lenovo\ImController\TimeBasedEvents\d44a7a40-5a38-4899-8379-d86faaeb9928 => C:\Windows\Lenovo\ImController\Service\Lenovo.Modern.ImController.exe [81896 2021-08-12] (Lenovo -> Lenovo Group Ltd.)
Task: {8478F36E-B1BA-4F6E-96E1-2C690989C3B0} - System32\Tasks\NVIDIA GeForce Experience SelfUpdate_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files\NVIDIA Corporation\NVIDIA GeForce Experience\NVIDIA GeForce Experience.exe [3292984 2020-06-25] (NVIDIA Corporation -> NVIDIA Corporation)
Task: {8B0A2421-24B8-456A-9FF9-9B990F3C3E77} - System32\Tasks\Apple\AppleSoftwareUpdate => C:\Program Files (x86)\Apple Software Update\SoftwareUpdate.exe [616832 2019-09-04] (Apple Inc. -> Apple Inc.)
Task: {8CCDCD9E-AE81-4FE0-8458-861B71078265} - System32\Tasks\Lenovo\ImController\Lenovo iM Controller Scheduled Maintenance => "%windir%\system32\sc.exe" START ImControllerService
Task: {A6D33B72-85DF-45D9-9B95-CED37B7AF63F} - System32\Tasks\NvBatteryBoostCheckOnLogon_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe [874472 2020-05-07] (NVIDIA Corporation -> NVIDIA Corporation) -> -d "C:\Program Files\NVIDIA Corporation\NvBackend\NvBatteryBoostCheck" -l 3 -f C:\ProgramData\NVIDIA\NvContainerBatteryBoostCheck.log
Task: {A9B1FB1E-2DE8-4794-B6A2-621E60ED6195} - System32\Tasks\NvTmRep_CrashReport4_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files\NVIDIA Corporation\NvBackend\NvTmRep.exe [1126888 2020-06-23] (NVIDIA Corporation -> NVIDIA Corporation)
Task: {B024A077-6F2B-4EAD-98F9-581B4CE611FA} - System32\Tasks\Lenovo\ImController\TimeBasedEvents\b72d3ed2-e515-42d2-88a8-467f229b732c => C:\Windows\Lenovo\ImController\Service\Lenovo.Modern.ImController.exe [81896 2021-08-12] (Lenovo -> Lenovo Group Ltd.)
Task: {B294B2A2-1FB4-4F06-A4D6-BA349C3CF4F4} - System32\Tasks\Microsoft\Office\Office ClickToRun Service Monitor => C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeC2RClient.exe [22655904 2021-10-25] (Microsoft Corporation -> Microsoft Corporation)
Task: {B66638EA-88E1-4C44-8194-313C7CD8EC7A} - System32\Tasks\KillHelpDeskService => C:\ProgramData\HelpDeskHost\RPCHDKillService.exe [14768 2021-08-27] (Pro Softnet Corporation -> )
Task: {C6D217D9-74BC-4886-9B35-C57F3C6DBE81} - System32\Tasks\Lenovo\ImController\TimeBasedEvents\f07e9c5f-8791-4099-8743-3093762fc37f => C:\Windows\Lenovo\ImController\Service\Lenovo.Modern.ImController.exe [81896 2021-08-12] (Lenovo -> Lenovo Group Ltd.)
Task: {D0FAFD93-351B-47CD-9DC5-09079FFB2273} - System32\Tasks\Lenovo\UDC\Lenovo UDC Idle Monitor => C:\windows\system32\drivers\Lenovo\udc\Service\UDCUserAgent.exe [443248 2021-07-21] (Lenovo -> Lenovo Group Ltd.)
Task: {E4A2CA68-F06D-4D06-94BA-574DF78F1F7D} - System32\Tasks\NvProfileUpdaterDaily_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files\NVIDIA Corporation\Update Core\NvProfileUpdater64.exe [907240 2020-06-23] (NVIDIA Corporation -> NVIDIA Corporation)
Task: {ECFB2727-3442-4A4D-9C9C-97ED100E7ECE} - System32\Tasks\Microsoft\Office\Office Automatic Updates 2.0 => C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeC2RClient.exe [22655904 2021-10-25] (Microsoft Corporation -> Microsoft Corporation)
Task: {ED69C074-9E68-44E2-AD91-5DBD2515E764} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [154440 2021-04-14] (Google LLC -> Google LLC)
Task: {F15C1A7A-F903-4445-90BE-34AC99FBA265} - System32\Tasks\Lenovo\ImController\Plugins\LenovoSystemUpdatePlugin_WeeklyTask => %windir%\System32\reg.exe add hklm\SOFTWARE\Lenovo\SystemUpdatePlugin\scheduler /v start /t reg_dword /d 1 /f /reg:32
Task: {F3165CBA-70ED-4503-965B-170558708E63} - System32\Tasks\Lenovo\Vantage\Lenovo.Vantage.ServiceMaintainance => %systemroot%\system32\sc.exe start LenovoVantageService
Task: {F695EF1F-3E13-4EC5-95D7-21AA49D58E03} - System32\Tasks\NvTmRep_CrashReport1_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files\NVIDIA Corporation\NvBackend\NvTmRep.exe [1126888 2020-06-23] (NVIDIA Corporation -> NVIDIA Corporation)
Task: {FFF2C6B8-88BD-4DF4-9244-212E552EB500} - System32\Tasks\NvTmRep_CrashReport2_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files\NVIDIA Corporation\NvBackend\NvTmRep.exe [1126888 2020-06-23] (NVIDIA Corporation -> NVIDIA Corporation)
 
(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)
 
 
==================== Internet (Whitelisted) ====================
 
(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
 
Winsock: Catalog5 08 C:\Program Files (x86)\Bonjour\mdnsNSP.dll [122128 2015-08-12] (Apple Inc. -> Apple Inc.)
Winsock: Catalog5-x64 08 C:\Program Files\Bonjour\mdnsNSP.dll [133392 2015-08-12] (Apple Inc. -> Apple Inc.)
Tcpip\Parameters: [DhcpNameServer] 192.168.0.1
Tcpip\..\Interfaces\{8e97fbc1-15cf-494a-82de-a590dbc646ae}: [DhcpNameServer] 152.206.1.3
Tcpip\..\Interfaces\{dde9b86d-16b9-4b9a-8585-74a0260b6f50}: [DhcpNameServer] 192.168.0.1
 
Edge: 
=======
Edge Profile: C:\Users\19192\AppData\Local\Microsoft\Edge\User Data\Default [2021-11-10]
Edge HKLM-x32\...\Edge\Extension: [ihcjicgdanjaechkgeegckofjjedodee]
 
FireFox:
========
FF Plugin: @microsoft.com/SharePoint,version=14.0 -> C:\Program Files\Microsoft Office\root\Office16\NPSPWRAP.DLL [2021-10-29] (Microsoft Corporation -> Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\Program Files\Microsoft Office\root\VFS\ProgramFilesX86\Microsoft Office\Office16\NPSPWRAP.DLL [2021-10-29] (Microsoft Corporation -> Microsoft Corporation)
 
Chrome: 
=======
CHR Profile: C:\Users\19192\AppData\Local\Google\Chrome\User Data\Default [2021-11-10]
CHR DownloadDir: C:\Users\19192\Desktop
CHR Notifications: Default -> hxxps://19216801.me
CHR DefaultSearchURL: Default -> hxxps://search.yahoo.com/search?fr=mcafee&type=E210US714G0&p={searchTerms}
CHR DefaultSearchKeyword: Default -> mcafee
CHR DefaultSuggestURL: Default -> hxxps://us.search.yahoo.com/sugg/gossip/gossip-us-partner?output=fxjson&appid=mca&source=yahoo_mcafee_searchassist&command={searchTerms}
CHR Session Restore: Default -> is enabled.
CHR Extension: (Slides) - C:\Users\19192\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2021-04-14]
CHR Extension: (Docs) - C:\Users\19192\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2021-04-14]
CHR Extension: (Google Drive) - C:\Users\19192\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2021-04-14]
CHR Extension: (Bitmoji) - C:\Users\19192\AppData\Local\Google\Chrome\User Data\Default\Extensions\bfgdeiadkckfbkeigkoncpdieiiefpig [2021-11-09]
CHR Extension: (YouTube) - C:\Users\19192\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2021-04-14]
CHR Extension: (Sheets) - C:\Users\19192\AppData\Local\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2021-04-14]
CHR Extension: (McAfee® WebAdvisor) - C:\Users\19192\AppData\Local\Google\Chrome\User Data\Default\Extensions\fheoggkfdfchfphceeifdbepaooicaho [2021-11-09]
CHR Extension: (Google Docs Offline) - C:\Users\19192\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2021-11-09]
CHR Extension: (Chrome Web Store Payments) - C:\Users\19192\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2021-04-14]
CHR Extension: (Gmail) - C:\Users\19192\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2021-04-14]
CHR HKLM\...\Chrome\Extension: [fheoggkfdfchfphceeifdbepaooicaho]
CHR HKLM-x32\...\Chrome\Extension: [fheoggkfdfchfphceeifdbepaooicaho]
CHR HKLM-x32\...\Chrome\Extension: [ihcjicgdanjaechkgeegckofjjedodee]
 
==================== Services (Whitelisted) ===================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
R2 Apple Mobile Device Service; C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe [99104 2021-08-20] (Apple Inc. -> Apple Inc.)
R2 ClickToRunSvc; C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exe [12034464 2021-10-12] (Microsoft Corporation -> Microsoft Corporation)
R2 DolbyDAXAPI; C:\Windows\System32\DriverStore\FileRepository\dax3_swc_aposvc.inf_amd64_fe9531bca29258f3\DAX3API.exe [1928648 2020-05-19] (Dolby Laboratories, Inc. -> Dolby Laboratories)
R2 FMAPOService; C:\Windows\System32\FMService64.exe [390400 2020-05-21] (Microsoft Windows Hardware Compatibility Publisher -> Fortemedia)
R2 ImControllerService; C:\Windows\Lenovo\ImController\Service\Lenovo.Modern.ImController.exe [81896 2021-08-12] (Lenovo -> Lenovo Group Ltd.)
R2 LenovoFnAndFunctionKeys; C:\Windows\System32\DriverStore\FileRepository\lenovofnandfunctionkeys.inf_amd64_b9fd1528982e300f\LenovoUtilityService.exe [539128 2021-08-26] (Lenovo -> Lenovo(beijing) Limited)
R2 LenovoVantageService; C:\Program Files (x86)\Lenovo\VantageService\3.9.23.0\LenovoVantageService.exe [31248 2021-09-16] (Lenovo -> Lenovo Group Ltd.)
R2 MBAMService; C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe [7848632 2021-11-09] (Malwarebytes Inc -> Malwarebytes)
R2 McAfee WebAdvisor; C:\Program Files\McAfee\WebAdvisor\ServiceHost.exe [971504 2021-11-09] (McAfee, LLC -> McAfee, LLC)
R2 tvnserver; C:\Program Files (x86)\ShowMyPCService\tvnserver.exe [1424088 2020-01-21] (ShowMyPC -> GlavSoft LLC.)
R2 UDCService; C:\Windows\System32\drivers\Lenovo\udc\Service\UDClientService.exe [116592 2021-07-21] (Lenovo -> Lenovo Group Ltd.)
S3 WdNisSvc; C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.2110.6-0\NisSrv.exe [2872024 2021-11-02] (Microsoft Windows Publisher -> Microsoft Corporation)
S3 WinDefend; C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.2110.6-0\MsMpEng.exe [128376 2021-11-02] (Microsoft Windows Publisher -> Microsoft Corporation)
S2 GamingServices; C:\Program Files\WindowsApps\Microsoft.GamingServices_2.57.20005.0_x64__8wekyb3d8bbwe\GamingServices.exe [X]
S2 GamingServicesNet; C:\Program Files\WindowsApps\Microsoft.GamingServices_2.57.20005.0_x64__8wekyb3d8bbwe\GamingServicesNet.exe [X]
S2 HelpDeskService; C:\Users\19192\AppData\Local\Temp\HelpDesk\u8\HelpDesk\RPCHelpDeskServiceUAC.exe [X] <==== ATTENTION
R2 NVDisplay.ContainerLocalSystem; C:\Windows\System32\DriverStore\FileRepository\nvlt.inf_amd64_5adc6075318430cf\Display.NvContainer\NVDisplay.Container.exe -s NVDisplay.ContainerLocalSystem -f %ProgramData%\NVIDIA\NVDisplay.ContainerLocalSystem.log -l 3 -d C:\Windows\System32\DriverStore\FileRepository\nvlt.inf_amd64_5adc6075318430cf\Display.NvContainer\plugins\LocalSystem -r -p 30000 -cfg NVDisplay.ContainerLocalSystem\LocalSystem
 
===================== Drivers (Whitelisted) ===================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
R1 ESProtectionDriver; C:\Windows\system32\drivers\mbae64.sys [160176 2021-09-05] (Microsoft Windows Hardware Compatibility Publisher -> Malwarebytes)
S3 FBNetFilter; C:\Windows\System32\drivers\FBNetFlt.sys [52688 2020-05-21] (LENOVO (UNITED STATES) INC. -> Lenovo Group Ltd.)
R2 MBAMChameleon; C:\Windows\System32\Drivers\MbamChameleon.sys [210352 2021-11-09] (Microsoft Windows Hardware Compatibility Publisher -> Malwarebytes)
S0 MbamElam; C:\Windows\System32\DRIVERS\MbamElam.sys [19912 2021-04-22] (Microsoft Windows Early Launch Anti-malware Publisher -> Malwarebytes)
R3 MBAMFarflt; C:\Windows\System32\DRIVERS\farflt.sys [193448 2021-11-09] (Microsoft Windows Hardware Compatibility Publisher -> Malwarebytes)
R3 MBAMProtection; C:\Windows\system32\DRIVERS\mbam.sys [69040 2021-11-09] (Microsoft Windows Hardware Compatibility Publisher -> Malwarebytes)
R3 MBAMSwissArmy; C:\Windows\System32\Drivers\mbamswissarmy.sys [248992 2021-10-03] (Malwarebytes Inc -> Malwarebytes)
R3 MBAMWebProtection; C:\Windows\system32\DRIVERS\mwac.sys [149424 2021-11-09] (Microsoft Windows Hardware Compatibility Publisher -> Malwarebytes)
S3 WdBoot; C:\Windows\system32\drivers\wd\WdBoot.sys [48520 2021-11-02] (Microsoft Windows Early Launch Anti-malware Publisher -> Microsoft Corporation)
S3 WdFilter; C:\Windows\system32\drivers\wd\WdFilter.sys [435424 2021-11-02] (Microsoft Windows -> Microsoft Corporation)
S3 WdNisDrv; C:\Windows\System32\drivers\wd\WdNisDrv.sys [86240 2021-11-02] (Microsoft Windows -> Microsoft Corporation)
 
==================== NetSvcs (Whitelisted) ===================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
 
==================== One month (created) (Whitelisted) =========
 
(If an entry is included in the fixlist, the file/folder will be moved.)
 
2021-11-10 15:08 - 2021-11-10 15:09 - 000024333 _____ C:\Users\19192\Desktop\FRST.txt
2021-11-10 15:07 - 2021-11-10 15:09 - 000000000 ____D C:\FRST
2021-11-10 15:07 - 2021-11-10 15:07 - 000000000 ____D C:\Users\19192\Desktop\FRST-OlderVersion
2021-11-10 15:06 - 2021-11-10 15:07 - 002312192 _____ (Farbar) C:\Users\19192\Desktop\FRST64.exe
2021-11-10 12:14 - 2021-11-10 12:14 - 000000000 ____D C:\Users\19192\AppData\Local\CrashDumps
2021-11-09 22:49 - 2021-11-09 22:49 - 000210352 _____ (Malwarebytes) C:\Windows\system32\Drivers\MbamChameleon.sys
2021-11-09 22:49 - 2021-11-09 22:49 - 000193448 _____ (Malwarebytes) C:\Windows\system32\Drivers\farflt.sys
2021-11-09 22:49 - 2021-11-09 22:49 - 000149424 _____ (Malwarebytes) C:\Windows\system32\Drivers\mwac.sys
2021-11-09 22:49 - 2021-11-09 22:49 - 000069040 _____ (Malwarebytes) C:\Windows\system32\Drivers\mbam.sys
2021-11-09 22:48 - 2021-11-09 22:48 - 002101944 _____ (Malwarebytes) C:\Users\19192\Downloads\MBSetup-119967.119967-consumer.exe
2021-11-09 17:52 - 2021-11-09 17:52 - 000000000 ____D C:\Users\19192\AppData\Local\AAR
2021-11-09 17:48 - 2021-11-09 17:48 - 000000000 ____D C:\Users\defaultuser100001.LAPTOP-6BUIOIQ5.001\AppData\Local\Lenovo
2021-11-09 17:46 - 2021-11-09 17:48 - 000000000 ____D C:\Users\defaultuser100001.LAPTOP-6BUIOIQ5.001\AppData\Local\Packages
2021-11-09 17:46 - 2021-11-09 17:47 - 000000000 ____D C:\Users\defaultuser100001.LAPTOP-6BUIOIQ5.001\AppData\Local\Intel
2021-11-09 17:46 - 2021-11-09 17:46 - 000000020 ___SH C:\Users\defaultuser100001.LAPTOP-6BUIOIQ5.001\ntuser.ini
2021-11-09 17:46 - 2021-11-09 17:46 - 000000000 ____D C:\Users\defaultuser100001.LAPTOP-6BUIOIQ5.001\AppData\LocalLow\Intel
2021-11-09 17:46 - 2021-11-09 17:46 - 000000000 ____D C:\Users\defaultuser100001.LAPTOP-6BUIOIQ5.001\AppData\Local\VirtualStore
2021-11-09 17:46 - 2021-11-09 17:46 - 000000000 ____D C:\Users\defaultuser100001.LAPTOP-6BUIOIQ5.001\AppData\Local\NVIDIA Corporation
2021-11-09 17:46 - 2021-11-09 17:46 - 000000000 ____D C:\Users\defaultuser100001.LAPTOP-6BUIOIQ5.001\AppData\Local\ConnectedDevicesPlatform
2021-11-09 17:46 - 2021-11-09 17:46 - 000000000 ____D C:\Users\defaultuser100001.LAPTOP-6BUIOIQ5.001
2021-11-09 17:46 - 2019-12-07 01:10 - 000001105 _____ C:\Users\defaultuser100001.LAPTOP-6BUIOIQ5.001\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\OneDrive.lnk
2021-11-09 17:38 - 2021-11-09 17:38 - 000000000 ____D C:\Users\19192\AppData\Local\GoToAssist Remote Support Customer
2021-11-09 17:38 - 2021-11-09 17:38 - 000000000 ____D C:\Users\19192\AppData\Local\GoTo Opener
2021-11-09 17:21 - 2021-11-09 17:21 - 000000128 _____ C:\Users\19192\AppData\Local\PUTTY.RND
2021-11-09 17:17 - 2021-11-09 17:21 - 000000000 ____D C:\Program Files (x86)\ShowMyPCService
2021-11-09 17:17 - 2021-11-09 17:19 - 000001418 _____ C:\Users\19192\Desktop\ShowMyPC.lnk
2021-11-09 17:17 - 2021-11-09 17:17 - 002745776 _____ C:\Users\19192\Downloads\ShowMyPC3606.exe
2021-11-09 17:17 - 2021-11-09 17:17 - 000000000 ____D C:\Users\19192\AppData\Local\ShowMyPC
2021-11-09 16:48 - 2021-11-09 17:56 - 000000000 ____D C:\ProgramData\HelpDeskHost
2021-11-09 16:48 - 2021-11-09 16:48 - 000368560 _____ () C:\Users\19192\Downloads\HelpDesk_495711758.exe
2021-11-09 16:48 - 2021-11-09 16:48 - 000003124 _____ C:\Windows\system32\Tasks\KillHelpDeskService
2021-11-09 16:48 - 2021-11-09 16:48 - 000000000 ____D C:\ProgramData\RemotePC
2021-11-09 16:48 - 2021-11-09 16:48 - 000000000 ____D C:\Program Files (x86)\RemotePC
2021-11-08 14:21 - 2021-11-08 14:21 - 000000000 ___HD C:\Windows\system32\CanonIJ Uninstaller Information
2021-11-08 14:21 - 2021-11-08 14:21 - 000000000 ___HD C:\ProgramData\CanonBJ
2021-11-08 14:21 - 2021-11-08 14:21 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Canon MP830
2021-11-08 14:21 - 2006-10-03 09:37 - 000003072 _____ C:\Windows\system32\CNCFLbNL.DLL
2021-11-08 14:21 - 2006-09-21 11:49 - 000003584 _____ (Canon Inc.) C:\Windows\system32\CNCFLbPT.DLL
2021-11-08 14:21 - 2006-09-21 11:49 - 000003584 _____ (Canon Inc.) C:\Windows\system32\CNCFLbES.DLL
2021-11-08 14:21 - 2006-09-21 11:49 - 000003584 _____ (Canon Inc.) C:\Windows\system32\CNCFLbDE.DLL
2021-11-08 14:21 - 2006-09-21 11:49 - 000003072 _____ (Canon Inc.) C:\Windows\system32\CNCFLbRU.DLL
2021-11-08 14:21 - 2006-09-21 11:49 - 000003072 _____ (Canon Inc.) C:\Windows\system32\CNCFLbPL.DLL
2021-11-08 14:21 - 2006-09-21 11:49 - 000003072 _____ (Canon Inc.) C:\Windows\system32\CNCFLbIT.DLL
2021-11-08 14:21 - 2006-09-21 11:49 - 000003072 _____ (Canon Inc.) C:\Windows\system32\CNCFLbFR.DLL
2021-11-08 14:21 - 2006-09-20 15:15 - 000003072 _____ (Canon Inc.) C:\Windows\system32\CNCFLbCN.DLL
2021-11-08 14:21 - 2006-09-20 11:37 - 000003072 _____ (Canon Inc.) C:\Windows\system32\CNCFLbKR.DLL
2021-11-08 14:21 - 2006-09-20 09:18 - 000003072 _____ (Canon Inc.) C:\Windows\system32\CNCFLbTW.DLL
2021-11-08 14:21 - 2006-09-13 11:32 - 000188928 _____ (Canon Inc.) C:\Windows\system32\CNCF2Lb.DLL
2021-11-08 14:21 - 2006-09-13 11:31 - 000093696 _____ (Canon Inc.) C:\Windows\system32\CNCFMSb.EXE
2021-11-08 14:21 - 2006-09-13 11:30 - 000003072 _____ (Canon Inc.) C:\Windows\system32\CNCFLbUS.DLL
2021-11-08 14:21 - 2006-09-13 11:28 - 000270336 _____ (CANON INC.) C:\Windows\system32\CNCC830.DLL
2021-11-08 14:21 - 2006-09-13 11:28 - 000049664 _____ (CANON INC.) C:\Windows\system32\CNCI830.DLL
2021-11-08 14:21 - 2006-09-13 05:00 - 000234496 _____ (CANON INC.) C:\Windows\system32\CNMLM7Q.DLL
2021-11-08 14:21 - 2006-06-29 14:30 - 000017408 _____ (Canon Inc.) C:\Windows\system32\cncisco.x64.dll
2021-11-08 14:21 - 2005-11-07 09:58 - 000122368 _____ (Canon Inc.) C:\Windows\system32\CNCL830.DLL
2021-11-08 14:20 - 2021-11-08 14:20 - 000000000 ___HD C:\Program Files\CanonBJ
2021-11-08 14:17 - 2021-11-08 14:17 - 016555152 _____ C:\Users\19192\Downloads\md64-win-mp830-1_12-ea12.exe
2021-11-08 14:09 - 2021-11-08 14:09 - 000266205 _____ C:\Users\19192\Downloads\Ming's lychee martini.pdf
2021-11-08 14:09 - 2021-11-08 14:09 - 000000000 ____D C:\Users\19192\AppData\LocalLow\Temp
2021-11-08 14:06 - 2021-11-08 14:06 - 000000000 ____H C:\Windows\system32\Drivers\Msft_User_WpdFs_01_11_00.Wdf
2021-11-08 13:22 - 2021-11-08 13:22 - 000138905 _____ C:\Users\19192\Downloads\2020_TaxReturn.pdf
2021-11-03 17:03 - 2021-11-03 17:03 - 000000000 ____D C:\Users\19192\AppData\Local\ElevatedDiagnostics
2021-11-03 16:47 - 2021-11-03 16:47 - 000001827 _____ C:\Users\Public\Desktop\iTunes.lnk
2021-11-03 16:47 - 2021-11-03 16:47 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\iTunes
2021-11-03 16:47 - 2021-11-03 16:47 - 000000000 ____D C:\Program Files\iTunes
2021-11-02 20:10 - 2021-11-02 20:10 - 000001157 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\PC Health Check.lnk
2021-11-02 20:10 - 2021-11-02 20:10 - 000000000 ____D C:\Program Files\PCHealthCheck
2021-10-25 15:01 - 2021-10-25 15:01 - 000000000 ___HD C:\$WinREAgent
 
==================== One month (modified) ==================
 
(If an entry is included in the fixlist, the file/folder will be moved.)
 
2021-11-10 14:38 - 2021-04-14 04:56 - 000000000 ____D C:\Program Files (x86)\Google
2021-11-10 14:35 - 2020-05-06 10:33 - 000000000 ____D C:\Windows\system32\SleepStudy
2021-11-10 12:33 - 2021-04-14 10:43 - 000004168 _____ C:\Windows\system32\Tasks\User_Feed_Synchronization-{008B1671-6ABD-46AE-ABF7-73DFDE00F4AA}
2021-11-10 12:25 - 2021-03-10 07:02 - 000000000 ____D C:\ProgramData\NVIDIA
2021-11-10 12:14 - 2019-12-07 01:13 - 000000000 ____D C:\Windows\INF
2021-11-09 22:49 - 2021-04-22 13:36 - 000002044 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes.lnk
2021-11-09 22:49 - 2021-04-22 13:36 - 000002032 _____ C:\Users\Public\Desktop\Malwarebytes.lnk
2021-11-09 22:48 - 2021-04-22 13:36 - 000000000 ____D C:\ProgramData\Malwarebytes
2021-11-09 22:48 - 2021-04-22 13:35 - 000000000 ____D C:\Program Files\Malwarebytes
2021-11-09 22:46 - 2019-12-07 01:14 - 000000000 ____D C:\Windows\system32\NDF
2021-11-09 22:45 - 2019-12-07 01:14 - 000000000 ____D C:\ProgramData\regid.1991-06.com.microsoft
2021-11-09 17:55 - 2021-04-22 13:29 - 000000000 ____D C:\Users\19192\AppData\Local\D3DSCache
2021-11-09 17:52 - 2021-07-25 12:34 - 000696106 _____ C:\Windows\system32\perfh00E.dat
2021-11-09 17:52 - 2021-07-25 12:34 - 000155082 _____ C:\Windows\system32\perfc00E.dat
2021-11-09 17:52 - 2020-05-06 10:41 - 001634274 _____ C:\Windows\system32\PerfStringBackup.INI
2021-11-09 17:48 - 2021-04-14 04:49 - 000000000 __SHD C:\Users\19192\IntelGraphicsProfiles
2021-11-09 17:48 - 2021-04-14 04:26 - 000000000 ____D C:\Users\19192
2021-11-09 17:48 - 2019-12-07 01:14 - 000000000 ____D C:\Windows\AppReadiness
2021-11-09 17:46 - 2021-03-10 06:59 - 000000000 ___HD C:\Intel
2021-11-09 17:46 - 2020-05-06 10:33 - 000439016 _____ C:\Windows\system32\FNTCACHE.DAT
2021-11-09 17:46 - 2020-05-06 10:33 - 000008192 ___SH C:\DumpStack.log.tmp
2021-11-09 17:46 - 2020-05-06 10:33 - 000000006 ____H C:\Windows\Tasks\SA.DAT
2021-11-09 17:46 - 2019-12-07 01:14 - 000000000 ___HD C:\Program Files\WindowsApps
2021-11-09 17:46 - 2019-12-07 01:14 - 000000000 ____D C:\Windows\ServiceState
2021-11-09 17:45 - 2019-12-07 01:14 - 000000000 ___RD C:\Windows\ImmersiveControlPanel
2021-11-09 17:45 - 2019-12-07 01:14 - 000000000 ____D C:\Windows\SysWOW64\setup
2021-11-09 17:45 - 2019-12-07 01:14 - 000000000 ____D C:\Windows\SysWOW64\oobe
2021-11-09 17:45 - 2019-12-07 01:14 - 000000000 ____D C:\Windows\SysWOW64\Dism
2021-11-09 17:45 - 2019-12-07 01:14 - 000000000 ____D C:\Windows\SystemResources
2021-11-09 17:45 - 2019-12-07 01:14 - 000000000 ____D C:\Windows\system32\WinBioPlugIns
2021-11-09 17:45 - 2019-12-07 01:14 - 000000000 ____D C:\Windows\system32\setup
2021-11-09 17:45 - 2019-12-07 01:14 - 000000000 ____D C:\Windows\system32\oobe
2021-11-09 17:45 - 2019-12-07 01:14 - 000000000 ____D C:\Windows\system32\Dism
2021-11-09 17:45 - 2019-12-07 01:14 - 000000000 ____D C:\Windows\Provisioning
2021-11-09 17:45 - 2019-12-07 01:14 - 000000000 ____D C:\Windows\bcastdvr
2021-11-09 17:45 - 2019-12-07 01:14 - 000000000 ____D C:\Program Files\Common Files\System
2021-11-09 17:45 - 2019-12-07 01:03 - 001572864 _____ C:\Windows\system32\config\BBI
2021-11-08 14:21 - 2019-12-07 01:14 - 000000000 __RSD C:\Windows\Media
2021-11-07 14:04 - 2021-04-14 04:50 - 000003380 _____ C:\Windows\system32\Tasks\OneDrive Standalone Update Task-S-1-5-21-4005300964-2302935580-1863167367-1001
2021-11-07 14:04 - 2021-04-14 04:26 - 000002394 _____ C:\Users\19192\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\OneDrive.lnk
2021-11-07 14:03 - 2021-03-10 06:48 - 000002449 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Edge.lnk
2021-11-02 21:03 - 2021-04-14 04:49 - 000004321 _____ C:\Windows\system32\InstallUtil.InstallLog
2021-11-02 20:10 - 2020-05-06 10:33 - 000000000 ____D C:\Windows\system32\Drivers\wd
2021-10-29 16:37 - 2021-04-14 04:49 - 000000000 ____D C:\Users\19192\AppData\Local\Packages
2021-10-29 16:28 - 2021-03-10 06:52 - 000000000 ____D C:\Program Files\Microsoft Office
2021-10-29 16:20 - 2021-04-14 04:56 - 000002258 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk
2021-10-29 16:20 - 2021-04-14 04:56 - 000002217 _____ C:\Users\Public\Desktop\Google Chrome.lnk
2021-10-25 15:01 - 2019-12-07 01:03 - 000000000 ____D C:\Windows\CbsTemp
2021-10-25 15:00 - 2021-04-19 07:35 - 000000000 ____D C:\Windows\system32\MRT
2021-10-24 21:57 - 2021-04-19 07:35 - 139806512 ____C (Microsoft Corporation) C:\Windows\system32\MRT.exe
2021-10-19 14:44 - 2021-03-10 06:48 - 000003480 _____ C:\Windows\system32\Tasks\MicrosoftEdgeUpdateTaskMachineUA
2021-10-19 14:44 - 2021-03-10 06:48 - 000003356 _____ C:\Windows\system32\Tasks\MicrosoftEdgeUpdateTaskMachineCore
 
==================== Files in the root of some directories ========
 
2021-11-09 17:21 - 2021-11-09 17:21 - 000000128 _____ () C:\Users\19192\AppData\Local\PUTTY.RND
 
==================== SigCheck ============================
 
(There is no automatic fix for files that do not pass verification.)
 
==================== End of FRST.txt ========================
 
 
Additional scan result of Farbar Recovery Scan Tool (x64) Version: 09-11-2021
Ran by 19192 (10-11-2021 15:09:44)
Running from C:\Users\19192\Desktop
Microsoft Windows 10 Home Version 20H2 19042.1110 (X64) (2021-04-14 12:23:10)
Boot Mode: Normal
==========================================================
 
 
==================== Accounts: =============================
 
 
(If an entry is included in the fixlist, it will be removed.)
 
19192 (S-1-5-21-4005300964-2302935580-1863167367-1001 - Administrator - Enabled) => C:\Users\19192
Administrator (S-1-5-21-4005300964-2302935580-1863167367-500 - Administrator - Disabled)
DefaultAccount (S-1-5-21-4005300964-2302935580-1863167367-503 - Limited - Disabled)
defaultuser100000 (S-1-5-21-4005300964-2302935580-1863167367-1018 - Limited - Enabled)
Guest (S-1-5-21-4005300964-2302935580-1863167367-501 - Limited - Disabled)
WDAGUtilityAccount (S-1-5-21-4005300964-2302935580-1863167367-504 - Limited - Disabled)
 
==================== Security Center ========================
 
(If an entry is included in the fixlist, it will be removed.)
 
AV: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AV: Malwarebytes (Enabled - Up to date) {23007AD3-69FE-687C-2629-D584AFFAF72B}
 
==================== Installed Programs ======================
 
(Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)
 
Apple Mobile Device Support (HKLM\...\{527DD209-8A66-482F-8779-C7B3BACCA8F1}) (Version: 15.0.0.16 - Apple Inc.)
Apple Software Update (HKLM-x32\...\{A3985C05-7386-411F-A4BF-32A73F37EB44}) (Version: 2.6.3.1 - Apple Inc.)
Bonjour (HKLM\...\{56DDDFB8-7F79-4480-89D5-25E1F52AB28F}) (Version: 3.1.0.1 - Apple Inc.)
Canon MP830 MP Drivers (HKLM\...\{0D25F7CC-B99C-44ee-9945-B14532B2BB7B}) (Version:  - Canon Inc.)
DriverUpdate (HKLM\...\{70A3DB76-E1F1-4D1C-B791-824F1C63238A}) (Version: 5.8.19 - Slimware Utilities Holdings, Inc.) Hidden <==== ATTENTION
DriverUpdate (HKLM\...\DriverUpdate) (Version: 5.8.19 - Slimware Utilities Holdings, Inc.) <==== ATTENTION
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 95.0.4638.69 - Google LLC)
GoTo Opener (HKLM-x32\...\{C0F33C38-345C-4C02-B161-11389350C2A5}) (Version: 1.0.533 - LogMeIn, Inc.)
Intel® Chipset Device Software (HKLM-x32\...\{afad3740-3061-4b48-a9ab-6f1435cb3dd6}) (Version: 10.1.18383.8213 - Intel® Corporation)
iTunes (HKLM\...\{0B3CC856-3A62-443A-B6CE-DED2D4495D56}) (Version: 12.12.2.2 - Apple Inc.)
Lenovo Vantage Service (HKLM-x32\...\VantageSRV_is1) (Version: 3.9.23.0 - Lenovo Group Ltd.)
Logitech Options (HKLM\...\LogiOptions) (Version: 8.10.84 - Logitech)
Malwarebytes version 4.4.10.144 (HKLM\...\{35065F43-4BB2-439A-BFF7-0F1014F2E0CD}_is1) (Version: 4.4.10.144 - Malwarebytes)
Microsoft 365 - en-us (HKLM\...\O365HomePremRetail - en-us) (Version: 16.0.14527.20234 - Microsoft Corporation)
Microsoft Edge (HKLM-x32\...\Microsoft Edge) (Version: 95.0.1020.44 - Microsoft Corporation)
Microsoft Edge WebView2 Runtime (HKLM-x32\...\Microsoft EdgeWebView) (Version: 95.0.1020.44 - Microsoft Corporation)
Microsoft OneDrive (HKU\S-1-5-21-4005300964-2302935580-1863167367-1001\...\OneDriveSetup.exe) (Version: 21.205.1003.0005 - Microsoft Corporation)
Microsoft Update Health Tools (HKLM\...\{29B15818-E79F-4AB0-8938-9410C807AD76}) (Version: 2.84.0.0 - Microsoft Corporation)
Microsoft Visual C++ 2015-2019 Redistributable (x64) - 14.26.28720 (HKLM-x32\...\{7d607fb4-7e28-4c7a-a92f-3fcdaf555faf}) (Version: 14.26.28720.3 - Microsoft Corporation)
NVIDIA GeForce Experience 3.20.4.14 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.GFExperience) (Version: 3.20.4.14 - NVIDIA Corporation)
NVIDIA Graphics Driver 462.30 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver) (Version: 462.30 - NVIDIA Corporation)
NVIDIA PhysX System Software 9.20.0221 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.PhysX) (Version: 9.20.0221 - NVIDIA Corporation)
Office 16 Click-to-Run Extensibility Component (HKLM\...\{90160000-008C-0000-1000-0000000FF1CE}) (Version: 16.0.14527.20234 - Microsoft Corporation) Hidden
Office 16 Click-to-Run Licensing Component (HKLM\...\{90160000-007E-0000-1000-0000000FF1CE}) (Version: 16.0.14527.20234 - Microsoft Corporation) Hidden
Office 16 Click-to-Run Localization Component (HKLM\...\{90160000-008C-0409-1000-0000000FF1CE}) (Version: 16.0.14131.20278 - Microsoft Corporation) Hidden
ShowMyPC (HKLM-x32\...\ShowMyPC) (Version: "6.2.3" - "ShowMyPC")
WebAdvisor by McAfee (HKLM-x32\...\{35ED3F83-4BDC-4c44-8EC6-6A8301C7413A}) (Version: 4.1.1.648 - McAfee, LLC)
Windows PC Health Check (HKLM\...\{B1E7D0FD-7CFE-4E0C-A5DA-0F676499DB91}) (Version: 3.2.2110.14001 - Microsoft Corporation)
 
Packages:
=========
AV1 Video Extension -> C:\Program Files\WindowsApps\Microsoft.AV1VideoExtension_1.1.41601.0_x64__8wekyb3d8bbwe [2021-07-24] (Microsoft Corporation)
Dolby Audio -> C:\Program Files\WindowsApps\DolbyLaboratories.DolbyAudio_3.20602.609.0_x64__rz1tebttyb220 [2021-03-10] (Dolby Laboratories)
Intel® Graphics Command Center -> C:\Program Files\WindowsApps\AppUp.IntelGraphicsExperience_1.100.3370.0_x64__8j3eq9eme6ctt [2021-10-05] (INTEL CORP) [Startup Task]
Lenovo Hotkeys -> C:\Program Files\WindowsApps\E0469640.LenovoUtility_4.1.32.0_x64__5grkq8ppsgwt4 [2021-10-29] (LENOVO INC) [Startup Task]
Lenovo Vantage -> C:\Program Files\WindowsApps\E046963F.LenovoCompanion_10.2110.15.0_x64__k1h2ywk1493x8 [2021-10-29] (LENOVO INC.)
Microsoft Solitaire Collection -> C:\Program Files\WindowsApps\Microsoft.MicrosoftSolitaireCollection_4.10.10270.0_x64__8wekyb3d8bbwe [2021-11-02] (Microsoft Studios) [MS Ad]
MPEG-2 Video Extension -> C:\Program Files\WindowsApps\Microsoft.MPEG2VideoExtension_1.0.42152.0_x64__8wekyb3d8bbwe [2021-09-10] (Microsoft Corporation)
NVIDIA Control Panel -> C:\Program Files\WindowsApps\NVIDIACorp.NVIDIAControlPanel_8.1.961.0_x64__56jybvy8sckqj [2021-06-11] (NVIDIA Corp.)
Photos Media Engine Add-on -> C:\Program Files\WindowsApps\Microsoft.Photos.MediaEngineDLC_1.0.0.0_x64__8wekyb3d8bbwe [2021-07-25] (Microsoft Corporation)
Realtek Audio Control -> C:\Program Files\WindowsApps\RealtekSemiconductorCorp.RealtekAudioControl_1.14.221.0_x64__dt26b99r8h8gj [2021-03-10] (Realtek Semiconductor Corp)
Spotify Music -> C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.171.560.0_x86__zpdnekdrzrea0 [2021-10-29] (Spotify AB) [Startup Task]
 
==================== Custom CLSID (Whitelisted): ==============
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
ContextMenuHandlers3: [MBAMShlExt] -> {57CE581A-0CB6-4266-9CA0-19364C90A0B3} => C:\Program Files\Malwarebytes\Anti-Malware\mbshlext.dll [2021-04-22] (Malwarebytes Corporation -> Malwarebytes)
ContextMenuHandlers5: [NvCplDesktopContext] -> {3D1975AF-48C6-4f8e-A182-BE0E08FA86A9} => C:\Windows\System32\DriverStore\FileRepository\nvlt.inf_amd64_5adc6075318430cf\nvshext.dll [2021-08-31] (NVIDIA Corporation -> NVIDIA Corporation)
ContextMenuHandlers6: [MBAMShlExt] -> {57CE581A-0CB6-4266-9CA0-19364C90A0B3} => C:\Program Files\Malwarebytes\Anti-Malware\mbshlext.dll [2021-04-22] (Malwarebytes Corporation -> Malwarebytes)
 
==================== Codecs (Whitelisted) ====================
 
==================== Shortcuts & WMI ========================
 
==================== Loaded Modules (Whitelisted) =============
 
2019-10-21 04:56 - 2019-10-21 04:56 - 000144896 _____ () [File not signed] C:\ProgramData\Logishrd\LogiOptions\Software\Current\laclient\libssh2.dll
2019-10-21 04:56 - 2019-10-21 04:56 - 000077824 _____ () [File not signed] C:\ProgramData\Logishrd\LogiOptions\Software\Current\laclient\zlib.dll
2021-10-29 16:36 - 2021-10-29 16:36 - 000093184 _____ (Lenovo(beijing) Limited) [File not signed] C:\Program Files\WindowsApps\E0469640.LenovoUtility_4.1.32.0_x64__5grkq8ppsgwt4\LaunchUtility\kbdhook.dll
2021-06-11 06:57 - 2020-11-03 04:08 - 000954864 _____ (SQLite Development Team) [File not signed] C:\ProgramData\Lenovo\iMController\Plugins\LenovoWiFiSecurityPlugin\x86\x86\e_sqlite3.dll
2019-10-21 04:56 - 2019-10-21 04:56 - 000355840 _____ (The cURL library, hxxp://curl.haxx.se/) [File not signed] C:\ProgramData\Logishrd\LogiOptions\Software\Current\laclient\LIBCURL.dll
2019-10-21 04:56 - 2019-10-21 04:56 - 002286747 _____ (The OpenSSL Project, hxxp://www.openssl.org/) [File not signed] C:\ProgramData\Logishrd\LogiOptions\Software\Current\laclient\LIBEAY32.dll
2019-10-21 04:56 - 2019-10-21 04:56 - 000416627 _____ (The OpenSSL Project, hxxp://www.openssl.org/) [File not signed] C:\ProgramData\Logishrd\LogiOptions\Software\Current\laclient\SSLEAY32.dll
 
==================== Alternate Data Streams (Whitelisted) ========
 
==================== Safe Mode (Whitelisted) ==================
 
(If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)
 
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MBAMService => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\MBAMService => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\McMPFSvc => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\MCODS => ""="Service"
 
==================== Association (Whitelisted) =================
 
==================== Internet Explorer (Whitelisted) ==========
 
HKU\S-1-5-21-4005300964-2302935580-1863167367-1001\Software\Microsoft\Internet Explorer\Main,Secondary Start Pages = hxxp://mystart.lenovo.com/
SearchScopes: HKU\S-1-5-21-4005300964-2302935580-1863167367-1001 -> DefaultScope {10ABE9E3-13DA-46DD-B4E9-AA1779861B5A} URL = 
SearchScopes: HKU\S-1-5-21-4005300964-2302935580-1863167367-1001 -> {10ABE9E3-13DA-46DD-B4E9-AA1779861B5A} URL = 
BHO: McAfee WebAdvisor -> {B164E929-A1B6-4A06-B104-2CD0E90A88FF} -> C:\Program Files\McAfee\WebAdvisor\x64\IEPlugin.dll [2021-11-09] (McAfee, LLC -> McAfee, LLC)
BHO-x32: Skype for Business Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files\Microsoft Office\root\VFS\ProgramFilesX86\Microsoft Office\Office16\OCHelper.dll [2021-10-29] (Microsoft Corporation -> Microsoft Corporation)
BHO-x32: McAfee WebAdvisor -> {B164E929-A1B6-4A06-B104-2CD0E90A88FF} -> C:\Program Files\McAfee\WebAdvisor\win32\IEPlugin.dll [2021-11-09] (McAfee, LLC -> McAfee, LLC)
Handler: mso-minsb-roaming.16 - {83C25742-A9F7-49FB-9138-434302C88D07} - C:\Program Files\Microsoft Office\root\Office16\MSOSB.DLL [2021-10-29] (Microsoft Corporation -> Microsoft Corporation)
Handler-x32: mso-minsb-roaming.16 - {83C25742-A9F7-49FB-9138-434302C88D07} - C:\Program Files\Microsoft Office\root\VFS\ProgramFilesX86\Microsoft Office\Office16\MSOSB.DLL [2021-10-29] (Microsoft Corporation -> Microsoft Corporation)
Handler: mso-minsb.16 - {42089D2D-912D-4018-9087-2B87803E93FB} - C:\Program Files\Microsoft Office\root\Office16\MSOSB.DLL [2021-10-29] (Microsoft Corporation -> Microsoft Corporation)
Handler-x32: mso-minsb.16 - {42089D2D-912D-4018-9087-2B87803E93FB} - C:\Program Files\Microsoft Office\root\VFS\ProgramFilesX86\Microsoft Office\Office16\MSOSB.DLL [2021-10-29] (Microsoft Corporation -> Microsoft Corporation)
Handler: osf-roaming.16 - {42089D2D-912D-4018-9087-2B87803E93FB} - C:\Program Files\Microsoft Office\root\Office16\MSOSB.DLL [2021-10-29] (Microsoft Corporation -> Microsoft Corporation)
Handler-x32: osf-roaming.16 - {42089D2D-912D-4018-9087-2B87803E93FB} - C:\Program Files\Microsoft Office\root\VFS\ProgramFilesX86\Microsoft Office\Office16\MSOSB.DLL [2021-10-29] (Microsoft Corporation -> Microsoft Corporation)
Handler: osf.16 - {5504BE45-A83B-4808-900A-3A5C36E7F77A} - C:\Program Files\Microsoft Office\root\Office16\MSOSB.DLL [2021-10-29] (Microsoft Corporation -> Microsoft Corporation)
Handler-x32: osf.16 - {5504BE45-A83B-4808-900A-3A5C36E7F77A} - C:\Program Files\Microsoft Office\root\VFS\ProgramFilesX86\Microsoft Office\Office16\MSOSB.DLL [2021-10-29] (Microsoft Corporation -> Microsoft Corporation)
 
==================== Hosts content: =========================
 
(If needed Hosts: directive could be included in the fixlist to reset Hosts.)
 
2019-12-07 01:14 - 2019-12-07 01:12 - 000000824 _____ C:\Windows\system32\drivers\etc\hosts
 
==================== Other Areas ===========================
 
(Currently there is no automatic fix for this section.)
 
HKU\S-1-5-21-4005300964-2302935580-1863167367-1001\Control Panel\Desktop\\Wallpaper -> C:\Users\19192\Downloads\DaveGrohlnme.jpg
DNS Servers: 192.168.0.1
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1)
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer => (SmartScreenEnabled: )
Windows Firewall is enabled.
 
==================== MSCONFIG/TASK MANAGER disabled items ==
 
(If an entry is included in the fixlist, it will be removed.)
 
HKLM\...\StartupApproved\Run: => "SecurityHealth"
HKU\S-1-5-21-4005300964-2302935580-1863167367-1001\...\StartupApproved\Run: => "DriverUpdate"
 
==================== FirewallRules (Whitelisted) ================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
FirewallRules: [{D5C3E1EA-BD09-48CB-A3DF-30592CE419BE}] => (Allow) C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe (NVIDIA Corporation -> NVIDIA Corporation)
FirewallRules: [{7D0B604C-038B-4FC1-8930-8B3126440FEE}] => (Allow) C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe (NVIDIA Corporation -> NVIDIA Corporation)
FirewallRules: [{64AE00D8-D5BF-4F49-915E-B3CD49991C10}] => (Allow) C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe (NVIDIA Corporation -> NVIDIA Corporation)
FirewallRules: [{9F51071C-07F0-4F8D-B0DD-911B5778B273}] => (Allow) C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe (NVIDIA Corporation -> NVIDIA Corporation)
FirewallRules: [{2E6FD9BC-4929-4D79-95F3-D2819EFD8469}] => (Allow) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamer.exe (NVIDIA Corporation -> NVIDIA Corporation)
FirewallRules: [{8F5F7D55-AE49-4AA7-8ED5-1E5382FBB307}] => (Allow) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamer.exe (NVIDIA Corporation -> NVIDIA Corporation)
FirewallRules: [{7B96223D-344F-49E8-BB86-B099582965B2}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe (Apple Inc. -> Apple Inc.)
FirewallRules: [{9383BB08-115F-46DC-B831-A85457068B9B}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe (Apple Inc. -> Apple Inc.)
FirewallRules: [{BFC9211C-A41A-4B30-8C01-FA8734904EBE}] => (Allow) C:\Program Files (x86)\Bonjour\mDNSResponder.exe (Apple Inc. -> Apple Inc.)
FirewallRules: [{7518B9C5-4A36-4D2B-A28C-A99A57CAE376}] => (Allow) C:\Program Files (x86)\Bonjour\mDNSResponder.exe (Apple Inc. -> Apple Inc.)
FirewallRules: [{6871DEBF-FBD1-4584-9C5E-1C209E52B0C8}] => (Allow) C:\ProgramData\Logishrd\LogiOptions\Software\Current\LogiOptionsMgr.EXE (Logitech Inc -> Logitech, Inc.)
FirewallRules: [{E616003B-1FCD-492F-904C-741D360C791D}] => (Allow) C:\Program Files\Microsoft Office\root\Office16\outlook.exe (Microsoft Corporation -> Microsoft Corporation)
FirewallRules: [{BC52CFF5-BB26-4FDE-B744-4B82C17B32B7}] => (Allow) C:\Program Files\Google\Chrome\Application\chrome.exe (Google LLC -> Google LLC)
FirewallRules: [{2E3302FF-9737-45EF-923C-48933A0682E7}] => (Allow) C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.171.560.0_x86__zpdnekdrzrea0\Spotify.exe (Spotify AB -> Spotify Ltd)
FirewallRules: [{36EA7284-5836-4755-B0BE-874FD460D219}] => (Allow) C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.171.560.0_x86__zpdnekdrzrea0\Spotify.exe (Spotify AB -> Spotify Ltd)
FirewallRules: [{FFF39564-68A0-4063-BC1A-EF0345381973}] => (Allow) C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.171.560.0_x86__zpdnekdrzrea0\Spotify.exe (Spotify AB -> Spotify Ltd)
FirewallRules: [{68015765-2115-4DEA-A373-0ED86371EFF4}] => (Allow) C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.171.560.0_x86__zpdnekdrzrea0\Spotify.exe (Spotify AB -> Spotify Ltd)
FirewallRules: [{9D3387BD-9344-4740-AB60-EE7EB23F1C06}] => (Allow) C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.171.560.0_x86__zpdnekdrzrea0\Spotify.exe (Spotify AB -> Spotify Ltd)
FirewallRules: [{CEE6B857-2ED4-4E3C-A77A-68D137D9AA8E}] => (Allow) C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.171.560.0_x86__zpdnekdrzrea0\Spotify.exe (Spotify AB -> Spotify Ltd)
FirewallRules: [{368C36B7-AEEB-41DD-8F74-F39E7A23C21F}] => (Allow) C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.171.560.0_x86__zpdnekdrzrea0\Spotify.exe (Spotify AB -> Spotify Ltd)
FirewallRules: [{D26C6265-6C5F-483A-85DE-B0496234DD0E}] => (Allow) C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.171.560.0_x86__zpdnekdrzrea0\Spotify.exe (Spotify AB -> Spotify Ltd)
FirewallRules: [{6627577B-64FB-4315-97B9-C34E3C125B52}] => (Allow) C:\Program Files\iTunes\iTunes.exe (Apple Inc. -> Apple Inc.)
FirewallRules: [{0F9DDFED-B021-45F3-9C9B-9CA21B14E8F9}] => (Allow) C:\Program Files (x86)\Microsoft\EdgeWebView\Application\95.0.1020.44\msedgewebview2.exe (Microsoft Corporation -> Microsoft Corporation)
FirewallRules: [{BCEDF912-EBF8-4D18-9963-02964EFCA403}] => (Allow) C:\Program Files\WindowsApps\Microsoft.SkypeApp_15.78.159.0_x86__kzf8qxf38zg5c\Skype\Skype.exe (Skype Software Sarl -> Skype Technologies S.A.)
FirewallRules: [{3E9EEA9D-7126-41F6-BB63-4B7392F2ABAB}] => (Allow) C:\Program Files\WindowsApps\Microsoft.SkypeApp_15.78.159.0_x86__kzf8qxf38zg5c\Skype\Skype.exe (Skype Software Sarl -> Skype Technologies S.A.)
FirewallRules: [{F2139E85-C9BC-4E88-AB7E-C822C2957553}] => (Allow) C:\Program Files\WindowsApps\Microsoft.SkypeApp_15.78.159.0_x86__kzf8qxf38zg5c\Skype\Skype.exe (Skype Software Sarl -> Skype Technologies S.A.)
FirewallRules: [{93B3FA20-4261-4EC3-9A8E-33FEFA400597}] => (Allow) C:\Program Files\WindowsApps\Microsoft.SkypeApp_15.78.159.0_x86__kzf8qxf38zg5c\Skype\Skype.exe (Skype Software Sarl -> Skype Technologies S.A.)
FirewallRules: [{E281517D-A7B0-4B35-98C2-15EDAB153D75}] => (Allow) C:\Users\19192\AppData\Local\Temp\HelpDesk\u8\HelpDesk\RPCHelpDeskServiceUAC.exe => No File
FirewallRules: [{868BB4AB-5C17-4ED0-A373-2D0A60535557}] => (Allow) C:\Users\19192\AppData\Local\Temp\HelpDesk\u8\HelpDesk\RPCHelpDeskServiceUAC.exe => No File
FirewallRules: [{C7F4D455-330B-4ACC-BC29-DF1ACFF695FE}] => (Allow) C:\Users\19192\AppData\Local\Temp\ShowMyPC\-ShowMyPC3606\SMPCSetup.exe (ShowMyPC INC -> ShowMyPC)
FirewallRules: [{5806E64E-1B06-4E0B-B9C2-B4EF9AFB8809}] => (Allow) C:\Users\19192\AppData\Local\Temp\ShowMyPC\-ShowMyPC3606\tvnserver.exe (ShowMyPC -> GlavSoft LLC.)
 
==================== Restore Points =========================
 
10-09-2021 11:04:37 Scheduled Checkpoint
02-11-2021 21:56:09 Scheduled Checkpoint
08-11-2021 14:06:52 Windows Update
 
==================== Faulty Device Manager Devices ============
 
 
==================== Event log errors: ========================
 
Application errors:
==================
Error: (11/10/2021 12:14:40 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: Lenovo.Modern.ImController.PluginHost.Device.exe, version: 1.1.20.2, time stamp: 0x6108c676
Faulting module name: SLSCore.dll_unloaded, version: 1.0.0.871, time stamp: 0x60d64b5d
Exception code: 0xc0000005
Fault offset: 0x00169f20
Faulting process id: 0x547c
Faulting application start time: 0x01d7d66f944c2fdd
Faulting application path: C:\Windows\Lenovo\iMController\PluginHost86\Lenovo.Modern.ImController.PluginHost.Device.exe
Faulting module path: SLSCore.dll
Report Id: fd0b36d3-9bff-49f4-8972-19c7ecd6f1f6
Faulting package full name: 
Faulting package-relative application ID:
 
Error: (11/10/2021 12:14:40 PM) (Source: .NET Runtime) (EventID: 1026) (User: )
Description: Application: Lenovo.Modern.ImController.PluginHost.Device.exe
Framework Version: v4.0.30319
Description: The process was terminated due to an unhandled exception.
Exception Info: exception code c0000005, exception address 654C9F20
 
Error: (11/09/2021 10:49:26 PM) (Source: SecurityCenter) (EventID: 17) (User: )
Description: Security Center failed to validate caller with error %1.
 
Error: (11/09/2021 06:48:35 PM) (Source: Microsoft Office 16) (EventID: 2011) (User: )
Description: Office Subscription licensing exception: Error Code: 0x307; CorrelationId: {FE86DB48-12F5-4774-B4ED-00C69AF0A6AE}
 
Error: (11/09/2021 06:02:56 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Local Hostname LAPTOP-6BUIOIQ5.local already in use; will try LAPTOP-6BUIOIQ5-2.local instead
 
Error: (11/09/2021 06:02:56 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: mDNSCoreReceiveResponse: ProbeCount 2; will deregister    4 LAPTOP-6BUIOIQ5.local. Addr 192.168.1.65
 
Error: (11/09/2021 06:02:56 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: mDNSCoreReceiveResponse: Received from 192.168.1.65:5353   16 LAPTOP-6BUIOIQ5.local. AAAA 2600:1700:EB40:34D0:9597:0D46:0048:BBD5
 
Error: (11/09/2021 06:02:56 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: mDNSCoreReceiveResponse: Resetting to Probing:   16 LAPTOP-6BUIOIQ5.local. AAAA FE80:0000:0000:0000:9597:0D46:0048:BBD5
 
 
System errors:
=============
Error: (11/09/2021 05:57:36 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The HelpDeskService service failed to start due to the following error: 
The system cannot find the file specified.
 
Error: (11/09/2021 05:56:36 PM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: The HelpDeskService service terminated unexpectedly.  It has done this 1 time(s).  The following corrective action will be taken in 60000 milliseconds: Restart the service.
 
Error: (11/09/2021 05:51:28 PM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: The LenovoVantageService service terminated unexpectedly.  It has done this 1 time(s).
 
Error: (11/09/2021 05:45:54 PM) (Source: Service Control Manager) (EventID: 7001) (User: )
Description: The AppXSvc service depends on the StateRepository service which failed to start because of the following error: 
The operation completed successfully.
 
Error: (11/09/2021 05:45:54 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The Audiosrv service failed to start due to the following error: 
The service did not start due to a logon failure.
 
Error: (11/09/2021 05:45:54 PM) (Source: Service Control Manager) (EventID: 7038) (User: )
Description: The Audiosrv service was unable to log on as NT AUTHORITY\LocalService with the currently configured password due to the following error: 
The request is not supported.
 
 
To ensure that the service is configured properly, use the Services snap-in in Microsoft Management Console (MMC).
 
Error: (11/09/2021 05:45:47 PM) (Source: EventLog) (EventID: 6008) (User: )
Description: The previous system shutdown at 5:18:45 PM on ‎11/‎9/‎2021 was unexpected.
 
Error: (11/09/2021 02:57:23 PM) (Source: Microsoft-Windows-WindowsUpdateClient) (EventID: 20) (User: NT AUTHORITY)
Description: Installation Failure: Windows failed to install the following update with error 0x8007139f: 9MWPM2CQNLHN-Microsoft.GamingServices.
 
 
Windows Defender:
================
Date: 2021-11-02 22:38:45
Description: 
Microsoft Defender Antivirus scan has been stopped before completion.
Scan Type: Antimalware
Scan Parameters: Quick Scan
 
Date: 2021-07-24 15:58:10
Description: 
Microsoft Defender Antivirus scan has been stopped before completion.
Scan Type: Antimalware
Scan Parameters: Quick Scan
 
Date: 2021-07-23 19:11:43
Description: 
Microsoft Defender Antivirus scan has been stopped before completion.
Scan Type: Antimalware
Scan Parameters: Quick Scan
 
Date: 2021-06-11 17:24:39
Description: 
Microsoft Defender Antivirus scan has been stopped before completion.
Scan Type: Antimalware
Scan Parameters: Quick Scan
 
Date: 2021-05-12 14:31:54
Description: 
Microsoft Defender Antivirus scan has been stopped before completion.
Scan Type: Antimalware
Scan Parameters: Quick Scan

CodeIntegrity:
===============
Date: 2021-11-10 14:37:25
Description: 
Code Integrity determined that a process (\Device\HarddiskVolume5\Windows\System32\svchost.exe) attempted to load \Device\HarddiskVolume5\Program Files\Bonjour\mdnsNSP.dll that did not meet the Windows signing level requirements.
 
Date: 2021-11-10 14:37:25
Description: 
Code Integrity determined that a process (\Device\HarddiskVolume5\Windows\System32\svchost.exe) attempted to load \Device\HarddiskVolume5\Program Files\Bonjour\mdnsNSP.dll that did not meet the Microsoft signing level requirements.
 
 
==================== Memory info =========================== 
 
BIOS: LENOVO EGCN33WW 12/24/2020
Motherboard: LENOVO LNVNB161216
Processor: Intel® Core™ i7-10750H CPU @ 2.60GHz
Percentage of memory in use: 66%
Total physical RAM: 8059.8 MB
Available physical RAM: 2721.77 MB
Total Virtual: 19323.8 MB
Available Virtual: 12010.58 MB
 
==================== Drives ================================
 
Drive c: (Windows-SSD) (Fixed) (Total:237.23 GB) (Free:163.81 GB) NTFS
Drive d: (Data) (Fixed) (Total:931.5 GB) (Free:928.08 GB) NTFS
 
\\?\Volume{4c930333-03c7-4bda-89cb-1ab278503d60}\ (WINRE_DRV) (Fixed) (Total:0.98 GB) (Free:0.49 GB) NTFS
\\?\Volume{19bbc73d-d8a9-45aa-aa09-3899456ca382}\ (SYSTEM_DRV) (Fixed) (Total:0.25 GB) (Free:0.22 GB) FAT32
 
==================== MBR & Partition Table ====================
 
==========================================================
Disk: 0 (Size: 238.5 GB) (Disk ID: 17FC6791)
 
Partition: GPT.
 
==========================================================
Disk: 1 (Size: 931.5 GB) (Disk ID: 583D7DAE)
 
Partition: GPT.
 
==================== End of Addition.txt =======================
 

  • 0

Advertisements

#2
DR M
Posted 11 November 2021 - 05:07 AM

DR M

    The Grecian Geek

  • Malware Removal
  • 4,096 posts

Hi, Karolion.
 
Welcome to Geeks to Go Forums.   EPFGbk7.gif
 
Since everything indicating an attempt to steal your personal data, please do the following as soon as possible:
 
1. From another device change any passwords you use: for emails, bank accounts, sites.
 
2. Contact the Police, giving information about the guys who tried to steal you.
 
 
After that:


Please, adhere to the guidelines below, and then carefully follow, with the same order, all the instructions after:

1. Always ask before acting. Do not continue if you are not sure, or if something unexpected happens!

2. Do not run any tools unless instructed to do so. Also, do not uninstall or install any software during the procedure, unless I ask you to do so.

3. If your computer seems to start working normally, don't abandon the topic. Even if your system is behaving normally, there may still be some malware remnants left over. Additionally, malware can re-infect the computer if some remnants are left. Therefore, please complete all requested steps to make sure any malware is successfully eradicated from your PC.

4. You have to reply to my posts within 3 days. If you need some additional time, just let me know. Otherwise, I will leave the topic due to lack of feedback. If you are able, I would request you to check this thread at least once per day so that we can resolve your issues effectively and efficiently.

5. Logs from malware diagnostic or removal programs can take some time to get analyzed. Also, have in mind that all the experts here are volunteers and may not be available to assist when you post. Please, be patient, while I analyze your logs.

 
===================================================
 
Here are my first comments/instructions regarding your logs:
 
 
1. Uninstall programs

  • Press the Windows Key + R.
  • Type appwiz.cpl in the Run box and click OK.
  • The Add/Remove Programs list will open. Locate the following programs in the list:
DriverUpdate 
ShowMyPC 
Lenovo Vantage Service 
WebAdvisor by McAfee 
  • Select the above programs, one by one, and click Uninstall.
  • Restart the computer.

 

2. Uninstall apps
 
Click on the Start icon, find the following apps, right click on them and choose Uninstall. Restart.
 
Lenovo Hotkeys 
Lenovo Vantage 
 
 
3. Uninstall a Chrome extension

  • Open Chrome.
  • At the top right choose More (the three vertical dots) > More Tools > Extensions
  • Find McAfee® WebAdvisor, and remove it, clicking on Remove.
  • Confirm the action by clicking Remove once again.

 

4. Account in question
 
Are you aware of this account which is enabled with limited privileges?
 
defaultuser100000 (S-1-5-21-4005300964-2302935580-1863167367-1018 - Limited - Enabled)
 
 
5. Fresh FRST logs

  • Double-click on the FRST icon to run it, as you did before. When the tool opens click Yes to disclaimer.
  • Press Scan button and wait for a while.
  • The scanner will produced two logs on your Desktop: FRST.txt and Addition.txt.
  • Please copy and paste the content of these two logs in your next reply.

  • 0

#3
DR M
Posted 12 November 2021 - 05:54 AM

DR M

    The Grecian Geek

  • Malware Removal
  • 4,096 posts

Hi, Karolion.

 

Do you need any help regarding the above? 


  • 0

#4
karolion
Posted 12 November 2021 - 05:10 PM

karolion

    Member

  • Topic Starter
  • Member
  • PipPip
  • 38 posts

Thank you for your response.  I had to work a 12 hour day yesterday and 6 hours today.  Sorry I haven't replied sooner.  Yes, I do need help.  When I tried to do #1 on your list I got an error message and I did try more than once to be sure I hadn't typed anything wrong.  I tried to copy and paste the image here but I can't paste a screenshot here without getting an error message saying "You are not allowed to use that image extension on this community."  I'll type what was in the error box.

 

::{26E0668-A00A-44D&-9371-BEB064C98683}\8\::{7B81BE6A-CE2B-4676-A29E-EB907A5126C5}

System call failed

 

I must tell you I already had used the app feature to uninstall ShowMyPC after I posted my question but before I received your answer.  I noticed it on my desktop and remembered that's what "Sam" was using to remotely access my computer, and I was afraid he may still be able to access it if the program was still on here.  I can see all the apps you want me to uninstall in the Apps settings. 

should I uninstall them that way?


  • 0

#5
DR M
Posted 13 November 2021 - 08:21 AM

DR M

    The Grecian Geek

  • Malware Removal
  • 4,096 posts

Karolion,

 

Yes, please. Uninstall all those programs in Step 1.

 

Then, go through all the other steps.

 

If you have difficulties to attach a file/screenshot here, you can upload it to a cloud service (e.g. Dropbox, Google Drove, OneDrive) and provide a link to it. 


  • 0

#6
karolion
Posted 13 November 2021 - 12:59 PM

karolion

    Member

  • Topic Starter
  • Member
  • PipPip
  • 38 posts

I can't uninstall DriverUpdate.  I tried to load the screen shot to both Google Drive and OneDrive and I cannot open either application on my computer.  When I try to open OneDrive the error message is "We can't display this folder.  Make sure you have permission to view it and try again.  The error message for Google Drive is GoogleDriveFS.exe System call failed.  I have Google Drive on my phone and it's working fine there.  I was able to get Dropbox to work.  https://www.dropbox....lerror.png?dl=0

 

Should I continue without resolving this issue?


Edited by karolion, 13 November 2021 - 01:03 PM.

  • 0

#7
DR M
Posted 13 November 2021 - 01:03 PM

DR M

    The Grecian Geek

  • Malware Removal
  • 4,096 posts

OK.

 

Go on to the next steps. We will take care of that later if needed. 


  • 0

#8
karolion
Posted 14 November 2021 - 07:11 PM

karolion

    Member

  • Topic Starter
  • Member
  • PipPip
  • 38 posts

I did the next steps before I saw your message.  I didn't receive an email that you'd replied so I decided to proceed.  McAfee WebAdvisor wasn't listed in Chrome extensions, perhaps because I had already uninstalled it?  Here is a screen shot of what I saw... https://www.dropbox....kstogo.png?dl=0

 

I was not aware of default user 100000.

 

 

Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 09-11-2021
Ran by 19192 (administrator) on LAPTOP-6BUIOIQ5 (LENOVO 81Y4) (14-11-2021 20:11:17)
Running from C:\Users\19192\Desktop
Loaded Profiles: 19192
Platform: Microsoft Windows 10 Home Version 20H2 19042.1110 (X64) Language: English (United States)
Default browser: Chrome
Boot Mode: Normal
 
==================== Processes (Whitelisted) =================
 
(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
 
(Apple Inc. -> Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(Apple Inc. -> Apple Inc.) C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(Dolby Laboratories, Inc. -> Dolby Laboratories) C:\Windows\System32\DriverStore\FileRepository\DAX3_S~1.INF\DAX3API.exe
(Dolby Laboratories, Inc. -> Dolby Laboratories) C:\Windows\System32\DriverStore\FileRepository\dax3_swc_aposvc.inf_amd64_fe9531bca29258f3\DAX3API.exe
(Google LLC -> ) C:\Program Files\Google\Drive File Stream\52.0.6.0\crashpad_handler.exe
(Google LLC -> Google LLC) C:\Program Files (x86)\Google\Update\1.3.36.112\GoogleCrashHandler.exe
(Google LLC -> Google LLC) C:\Program Files (x86)\Google\Update\1.3.36.112\GoogleCrashHandler64.exe
(Google LLC -> Google LLC) C:\Program Files\Google\Chrome\Application\chrome.exe <33>
(Google LLC -> Google, Inc.) C:\Program Files\Google\Drive File Stream\52.0.6.0\GoogleDriveFS.exe <7>
(Intel® Embedded Subsystems and IP Blocks Group -> Intel Corporation) C:\Windows\System32\DriverStore\FileRepository\dal.inf_amd64_0b214be229a13e84\jhi_service.exe
(Intel® pGFX -> Intel Corporation) C:\Windows\System32\DriverStore\FileRepository\iaahcic.inf_amd64_c98d5e0dfc88ac2f\RstMwService.exe
(Intel® pGFX 2020 -> Intel Corporation) C:\Windows\System32\DriverStore\FileRepository\cui_dch.inf_amd64_0d8dab4470c5524b\igfxCUIService.exe
(Intel® pGFX 2020 -> Intel Corporation) C:\Windows\System32\DriverStore\FileRepository\cui_dch.inf_amd64_0d8dab4470c5524b\igfxEM.exe
(Intel® pGFX 2020 -> Intel Corporation) C:\Windows\System32\DriverStore\FileRepository\dptf_cpu.inf_amd64_82b77f8c4618e2d0\esif_uf.exe
(Intel® pGFX 2020 -> Intel Corporation) C:\Windows\System32\DriverStore\FileRepository\igcc_dch.inf_amd64_a9a2dde7124f013f\OneApp.IGCC.WinService.exe
(Intel® pGFX 2020 -> Intel Corporation) C:\Windows\System32\DriverStore\FileRepository\iigd_dch.inf_amd64_657d56a89b3d77d6\IntelCpHDCPSvc.exe
(Intel® pGFX 2020 -> Intel Corporation) C:\Windows\System32\DriverStore\FileRepository\iigd_dch.inf_amd64_657d56a89b3d77d6\IntelCpHeciSvc.exe
(Lenovo -> Lenovo Group Ltd.) C:\Windows\Lenovo\ImController\PluginHost\Lenovo.Modern.ImController.PluginHost.Device.exe <3>
(Lenovo -> Lenovo Group Ltd.) C:\Windows\Lenovo\ImController\PluginHost\Lenovo.Modern.ImController.PluginHost.SettingsApp.exe <2>
(Lenovo -> Lenovo Group Ltd.) C:\Windows\Lenovo\ImController\PluginHost86\Lenovo.Modern.ImController.PluginHost.CompanionApp.exe
(Lenovo -> Lenovo Group Ltd.) C:\Windows\Lenovo\ImController\PluginHost86\Lenovo.Modern.ImController.PluginHost.Device.exe <3>
(Lenovo -> Lenovo Group Ltd.) C:\Windows\Lenovo\ImController\PluginHost86\Lenovo.Modern.ImController.PluginHost.SettingsApp.exe
(Lenovo -> Lenovo Group Ltd.) C:\Windows\Lenovo\ImController\Service\Lenovo.Modern.ImController.exe
(Lenovo -> Lenovo Group Ltd.) C:\Windows\System32\drivers\Lenovo\udc\Service\UDClientService.exe
(Lenovo -> Lenovo(beijing) Limited) C:\Windows\System32\DriverStore\FileRepository\lenovofnandfunctionkeys.inf_amd64_b9fd1528982e300f\LenovoUtilityService.exe
(Logitech Inc -> Logitech) C:\ProgramData\Logishrd\LogiOptions\Software\Current\LogiOverlay.exe
(Logitech Inc -> Logitech, Inc.) C:\Program Files\Logitech\LogiOptions\LogiOptions.exe
(Logitech Inc -> Logitech, Inc.) C:\ProgramData\Logishrd\LogiOptions\Software\Current\laclient\laclient.exe
(Logitech Inc -> Logitech, Inc.) C:\ProgramData\Logishrd\LogiOptions\Software\Current\LogiOptionsMgr.exe
(Malwarebytes Inc -> Malwarebytes) C:\Program Files\Malwarebytes\Anti-Malware\mbam.exe
(Malwarebytes Inc -> Malwarebytes) C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe
(Malwarebytes Inc -> Malwarebytes) C:\Program Files\Malwarebytes\Anti-Malware\mbamtray.exe
(Microsoft Corporation -> Microsoft Corporation) C:\Program Files\Common Files\microsoft shared\ClickToRun\AppVShNotify.exe <2>
(Microsoft Corporation -> Microsoft Corporation) C:\Program Files\Common Files\microsoft shared\ClickToRun\OfficeClickToRun.exe
(Microsoft Corporation -> Microsoft Corporation) C:\Program Files\Microsoft Office\root\Office16\SDXHelper.exe
(Microsoft Corporation) C:\Program Files\WindowsApps\Microsoft.549981C3F5F10_3.2109.6305.0_x64__8wekyb3d8bbwe\Cortana.exe
(Microsoft Corporation) C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_16005.14326.20544.0_x64__8wekyb3d8bbwe\HxOutlook.exe
(Microsoft Corporation) C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_16005.14326.20544.0_x64__8wekyb3d8bbwe\HxTsr.exe
(Microsoft Corporation) C:\Program Files\WindowsApps\Microsoft.WindowsStore_12107.1001.15.0_x64__8wekyb3d8bbwe\WinStore.App.exe
(Microsoft Windows -> Microsoft Corporation) C:\Windows\ImmersiveControlPanel\SystemSettings.exe
(Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\CredentialEnrollmentManager.exe
(Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\dllhost.exe <3>
(Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\MoUsoCoreWorker.exe
(Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\MusNotifyIcon.exe
(Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\rundll32.exe
(Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\smartscreen.exe
(Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\wlanext.exe
(Microsoft Windows -> Microsoft Corporation) C:\Windows\WinSxS\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_10.0.19041.1220_none_7e21bc567c7ed16b\TiWorker.exe
(Microsoft Windows Hardware Compatibility Publisher -> Fortemedia) C:\Windows\System32\FMService64.exe
(NVIDIA Corporation -> NVIDIA Corporation) C:\Windows\System32\DriverStore\FileRepository\nvlt.inf_amd64_5adc6075318430cf\Display.NvContainer\NVDisplay.Container.exe <2>
(Realtek Semiconductor Corp. -> Realtek Semiconductor) C:\Windows\System32\RtkAudUService64.exe <2>
 
==================== Registry (Whitelisted) ===================
 
(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
 
HKLM\...\Run: [RtkAudUService] => C:\Windows\System32\RtkAudUService64.exe [1085224 2020-06-03] (Realtek Semiconductor Corp. -> Realtek Semiconductor)
HKLM\...\Run: [Logitech Download Assistant] => C:\Windows\System32\LogiLDA.dll [3951024 2019-10-11] (Microsoft Windows Hardware Compatibility Publisher -> Logitech, Inc.)
HKLM\...\Run: [LogiOptions] => C:\Program Files\Logitech\LogiOptions\LogiOptions.exe [2109064 2019-11-27] (Logitech Inc -> Logitech, Inc.)
HKLM\...\Run: [iTunesHelper] => C:\Program Files\iTunes\iTunesHelper.exe [339000 2021-10-26] (Apple Inc. -> Apple Inc.)
HKLM-x32\...\Run: [tvncontrol] => "C:\Program Files (x86)\ShowMyPCService\tvnserver.exe" -controlservice -slave (No File)
HKLM-x32\...\RunOnce: [GrpConv] => grpconv -o (No File)
HKU\S-1-5-19\...\Run: [GoogleDriveFS] => C:\Program Files\Google\Drive File Stream\52.0.6.0\GoogleDriveFS.exe [54107992 2021-10-18] (Google LLC -> Google, Inc.)
HKU\S-1-5-20\...\Run: [GoogleDriveFS] => C:\Program Files\Google\Drive File Stream\52.0.6.0\GoogleDriveFS.exe [54107992 2021-10-18] (Google LLC -> Google, Inc.)
HKU\S-1-5-21-4005300964-2302935580-1863167367-1001\...\Run: [GoogleDriveFS] => C:\Program Files\Google\Drive File Stream\52.0.6.0\GoogleDriveFS.exe [54107992 2021-10-18] (Google LLC -> Google, Inc.)
HKU\S-1-5-18\...\Run: [GoogleDriveFS] => C:\Program Files\Google\Drive File Stream\52.0.6.0\GoogleDriveFS.exe [54107992 2021-10-18] (Google LLC -> Google, Inc.)
HKLM\...\Windows x64\Print Processors\Canon MP830 Print Processor: C:\Windows\System32\spool\prtprocs\x64\CNMPD7Q.DLL [27136 2006-09-13] (Microsoft Windows Hardware Compatibility Publisher -> CANON INC.)
HKLM\...\Print\Monitors\Canon BJ Language Monitor MP830: C:\Windows\system32\CNMLM7Q.DLL [234496 2006-09-13] (Microsoft Windows Hardware Compatibility Publisher -> CANON INC.)
HKLM\...\Print\Monitors\Canon MP FAX Language Monitor MP830: C:\Windows\system32\CNCF2Lb.DLL [188928 2006-09-13] (Microsoft Windows Hardware Compatibility Publisher -> Canon Inc.)
HKLM\Software\Microsoft\Active Setup\Installed Components: [{8A69D345-D564-463c-AFF1-A69D9E530F96}] -> C:\Program Files\Google\Chrome\Application\95.0.4638.69\Installer\chrmstp.exe [2021-10-29] (Google LLC -> Google LLC)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\$McRebootA5E6DEAA56$.lnk [2021-11-13]
ShortcutTarget: $McRebootA5E6DEAA56$.lnk ->  (No File)
 
==================== Scheduled Tasks (Whitelisted) ============
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
Task: {01B10BEE-CEC8-4B67-9D40-0F1B616CB656} - System32\Tasks\Microsoft\Office\Office ClickToRun Service Monitor => C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeC2RClient.exe [22654872 2021-11-04] (Microsoft Corporation -> Microsoft Corporation)
Task: {045E4C8F-E096-4C5F-AA86-8441F3475142} - System32\Tasks\Microsoft\Office\Office Feature Updates => C:\Program Files\Microsoft Office\root\Office16\sdxhelper.exe [138600 2021-11-12] (Microsoft Corporation -> Microsoft Corporation)
Task: {04D3FBF3-3CCD-4BB3-8A09-3F402FBAF841} - System32\Tasks\NvProfileUpdaterOnLogon_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files\NVIDIA Corporation\Update Core\NvProfileUpdater64.exe [907240 2020-06-23] (NVIDIA Corporation -> NVIDIA Corporation)
Task: {0701D042-9791-4309-AC67-196ABEC83A9E} - System32\Tasks\Lenovo\ImController\Lenovo iM Controller Monitor => C:\Windows\system32\ImController.InfInstaller.exe [62440 2021-08-12] (Lenovo -> Lenovo Group Ltd.)
Task: {24F4E6C9-ACF2-48C9-969B-5A4D116A5E3D} - System32\Tasks\Lenovo\ImController\TimeBasedEvents\fce8b35d-f625-4d1c-924d-c555a774b87c => C:\Windows\Lenovo\ImController\Service\Lenovo.Modern.ImController.exe [81896 2021-08-12] (Lenovo -> Lenovo Group Ltd.)
Task: {26F17EF2-56D4-4F1D-B730-834E8B375DC2} - System32\Tasks\NvTmRep_CrashReport3_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files\NVIDIA Corporation\NvBackend\NvTmRep.exe [1126888 2020-06-23] (NVIDIA Corporation -> NVIDIA Corporation)
Task: {2F39C152-53BC-45FF-A1F7-088B7821CB81} - System32\Tasks\NvDriverUpdateCheckDaily_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe [874472 2020-05-07] (NVIDIA Corporation -> NVIDIA Corporation) -> -d "C:\Program Files\NVIDIA Corporation\NvDriverUpdateCheck" -l 3 -f C:\ProgramData\NVIDIA\NvContainerDriverUpdateCheck.log
Task: {368392EC-06F2-4824-99EF-186F5129F43F} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [154440 2021-04-14] (Google LLC -> Google LLC)
Task: {54BFEC5B-779A-4060-88C1-F822AD15A989} - System32\Tasks\NvNodeLauncher_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files (x86)\NVIDIA Corporation\NvNode\nvnodejslauncher.exe [647656 2020-06-23] (NVIDIA Corporation -> NVIDIA Corporation)
Task: {73F46A70-9630-4059-B911-C5423206F6AD} - System32\Tasks\Lenovo\UDC\Lenovo UDC Monitor => C:\Windows\system32\drivers\lenovo\udc\data\InfBackup\UdcInfInstaller.exe [201584 2021-07-21] (Lenovo -> Lenovo Group Ltd.)
Task: {79185E2D-6052-4A95-9D94-E7BE95E4EE15} - System32\Tasks\Lenovo\BatteryGauge\BatteryGaugeMaintenance => C:\ProgramData\Lenovo\ImController\Plugins\LenovoBatteryGaugePackage\x64\BGHelper.exe [145480 2021-09-09] (Lenovo -> Lenovo Group Ltd.)
Task: {7B853215-31F4-482F-AD03-3F4AEB9487D3} - System32\Tasks\Microsoft\Office\Office Feature Updates Logon => C:\Program Files\Microsoft Office\root\Office16\sdxhelper.exe [138600 2021-11-12] (Microsoft Corporation -> Microsoft Corporation)
Task: {8478F36E-B1BA-4F6E-96E1-2C690989C3B0} - System32\Tasks\NVIDIA GeForce Experience SelfUpdate_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files\NVIDIA Corporation\NVIDIA GeForce Experience\NVIDIA GeForce Experience.exe [3292984 2020-06-25] (NVIDIA Corporation -> NVIDIA Corporation)
Task: {8B0A2421-24B8-456A-9FF9-9B990F3C3E77} - System32\Tasks\Apple\AppleSoftwareUpdate => C:\Program Files (x86)\Apple Software Update\SoftwareUpdate.exe [616832 2019-09-04] (Apple Inc. -> Apple Inc.)
Task: {8CCDCD9E-AE81-4FE0-8458-861B71078265} - System32\Tasks\Lenovo\ImController\Lenovo iM Controller Scheduled Maintenance => "%windir%\system32\sc.exe" START ImControllerService
Task: {9FD42CCE-79DC-4BD4-850F-D1327A7FC731} - System32\Tasks\Lenovo\ImController\TimeBasedEvents\5162f36a-538c-448c-adde-aa0d542ef045 => C:\Windows\Lenovo\ImController\Service\Lenovo.Modern.ImController.exe [81896 2021-08-12] (Lenovo -> Lenovo Group Ltd.)
Task: {A6D33B72-85DF-45D9-9B95-CED37B7AF63F} - System32\Tasks\NvBatteryBoostCheckOnLogon_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe [874472 2020-05-07] (NVIDIA Corporation -> NVIDIA Corporation) -> -d "C:\Program Files\NVIDIA Corporation\NvBackend\NvBatteryBoostCheck" -l 3 -f C:\ProgramData\NVIDIA\NvContainerBatteryBoostCheck.log
Task: {A9B1FB1E-2DE8-4794-B6A2-621E60ED6195} - System32\Tasks\NvTmRep_CrashReport4_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files\NVIDIA Corporation\NvBackend\NvTmRep.exe [1126888 2020-06-23] (NVIDIA Corporation -> NVIDIA Corporation)
Task: {B2C9009F-58CB-4892-B36E-CA623FA3E35A} - System32\Tasks\Lenovo\ImController\TimeBasedEvents\91917b8d-c346-4ebd-b347-373688af688b => C:\Windows\Lenovo\ImController\Service\Lenovo.Modern.ImController.exe [81896 2021-08-12] (Lenovo -> Lenovo Group Ltd.)
Task: {B66638EA-88E1-4C44-8194-313C7CD8EC7A} - System32\Tasks\KillHelpDeskService => C:\ProgramData\HelpDeskHost\RPCHDKillService.exe [14768 2021-08-27] (Pro Softnet Corporation -> )
Task: {D0FAFD93-351B-47CD-9DC5-09079FFB2273} - System32\Tasks\Lenovo\UDC\Lenovo UDC Idle Monitor => C:\windows\system32\drivers\Lenovo\udc\Service\UDCUserAgent.exe [443248 2021-07-21] (Lenovo -> Lenovo Group Ltd.)
Task: {DA622FAA-9F58-4D2A-BF99-030204ACD04C} - System32\Tasks\Lenovo\ImController\TimeBasedEvents\4698dca5-e53b-4db6-a01f-2fcfe4af3754 => C:\Windows\Lenovo\ImController\Service\Lenovo.Modern.ImController.exe [81896 2021-08-12] (Lenovo -> Lenovo Group Ltd.)
Task: {E4A2CA68-F06D-4D06-94BA-574DF78F1F7D} - System32\Tasks\NvProfileUpdaterDaily_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files\NVIDIA Corporation\Update Core\NvProfileUpdater64.exe [907240 2020-06-23] (NVIDIA Corporation -> NVIDIA Corporation)
Task: {E56B4006-2F6A-4E46-8852-CEA43C985289} - System32\Tasks\Microsoft\Office\Office Automatic Updates 2.0 => C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeC2RClient.exe [22654872 2021-11-04] (Microsoft Corporation -> Microsoft Corporation)
Task: {ED69C074-9E68-44E2-AD91-5DBD2515E764} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [154440 2021-04-14] (Google LLC -> Google LLC)
Task: {F15C1A7A-F903-4445-90BE-34AC99FBA265} - System32\Tasks\Lenovo\ImController\Plugins\LenovoSystemUpdatePlugin_WeeklyTask => %windir%\System32\reg.exe add hklm\SOFTWARE\Lenovo\SystemUpdatePlugin\scheduler /v start /t reg_dword /d 1 /f /reg:32
Task: {F695EF1F-3E13-4EC5-95D7-21AA49D58E03} - System32\Tasks\NvTmRep_CrashReport1_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files\NVIDIA Corporation\NvBackend\NvTmRep.exe [1126888 2020-06-23] (NVIDIA Corporation -> NVIDIA Corporation)
Task: {FD00D536-B53A-4FBC-852A-5E01E1347A32} - System32\Tasks\Lenovo\ImController\TimeBasedEvents\8cca9d46-7384-4f46-8e72-8b54f6bbc9f4 => C:\Windows\Lenovo\ImController\Service\Lenovo.Modern.ImController.exe [81896 2021-08-12] (Lenovo -> Lenovo Group Ltd.)
Task: {FFF2C6B8-88BD-4DF4-9244-212E552EB500} - System32\Tasks\NvTmRep_CrashReport2_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files\NVIDIA Corporation\NvBackend\NvTmRep.exe [1126888 2020-06-23] (NVIDIA Corporation -> NVIDIA Corporation)
 
(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)
 
 
==================== Internet (Whitelisted) ====================
 
(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
 
Winsock: Catalog5 08 C:\Program Files (x86)\Bonjour\mdnsNSP.dll [122128 2015-08-12] (Apple Inc. -> Apple Inc.)
Winsock: Catalog5-x64 08 C:\Program Files\Bonjour\mdnsNSP.dll [133392 2015-08-12] (Apple Inc. -> Apple Inc.)
Tcpip\Parameters: [DhcpNameServer] 192.168.0.1
Tcpip\..\Interfaces\{8e97fbc1-15cf-494a-82de-a590dbc646ae}: [DhcpNameServer] 152.206.1.3
Tcpip\..\Interfaces\{dde9b86d-16b9-4b9a-8585-74a0260b6f50}: [DhcpNameServer] 192.168.0.1
 
Edge: 
=======
Edge Profile: C:\Users\19192\AppData\Local\Microsoft\Edge\User Data\Default [2021-11-10]
Edge HKLM-x32\...\Edge\Extension: [ihcjicgdanjaechkgeegckofjjedodee]
 
FireFox:
========
FF Plugin: @microsoft.com/SharePoint,version=14.0 -> C:\Program Files\Microsoft Office\root\Office16\NPSPWRAP.DLL [2021-10-29] (Microsoft Corporation -> Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\Program Files\Microsoft Office\root\VFS\ProgramFilesX86\Microsoft Office\Office16\NPSPWRAP.DLL [2021-10-29] (Microsoft Corporation -> Microsoft Corporation)
 
Chrome: 
=======
CHR Profile: C:\Users\19192\AppData\Local\Google\Chrome\User Data\Default [2021-11-14]
CHR DownloadDir: C:\Users\19192\Desktop
CHR Notifications: Default -> hxxps://19216801.me
CHR DefaultSearchURL: Default -> hxxps://search.yahoo.com/search?fr=mcafee&type=E210US714G0&p={searchTerms}
CHR DefaultSearchKeyword: Default -> mcafee
CHR DefaultSuggestURL: Default -> hxxps://us.search.yahoo.com/sugg/gossip/gossip-us-partner?output=fxjson&appid=mca&source=yahoo_mcafee_searchassist&command={searchTerms}
CHR Session Restore: Default -> is enabled.
CHR Extension: (Slides) - C:\Users\19192\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2021-04-14]
CHR Extension: (Docs) - C:\Users\19192\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2021-04-14]
CHR Extension: (Google Drive) - C:\Users\19192\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2021-04-14]
CHR Extension: (Bitmoji) - C:\Users\19192\AppData\Local\Google\Chrome\User Data\Default\Extensions\bfgdeiadkckfbkeigkoncpdieiiefpig [2021-11-09]
CHR Extension: (YouTube) - C:\Users\19192\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2021-04-14]
CHR Extension: (Sheets) - C:\Users\19192\AppData\Local\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2021-04-14]
CHR Extension: (Google Docs Offline) - C:\Users\19192\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2021-11-09]
CHR Extension: (Application Launcher For Drive (by Google)) - C:\Users\19192\AppData\Local\Google\Chrome\User Data\Default\Extensions\lmjegmlicamnimmfhcmpkclmigmmcbeh [2021-11-13]
CHR Extension: (Chrome Web Store Payments) - C:\Users\19192\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2021-04-14]
CHR Extension: (Gmail) - C:\Users\19192\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2021-04-14]
CHR HKU\S-1-5-21-4005300964-2302935580-1863167367-1001\SOFTWARE\Google\Chrome\Extensions\...\Chrome\Extension: [lmjegmlicamnimmfhcmpkclmigmmcbeh]
CHR HKLM-x32\...\Chrome\Extension: [ihcjicgdanjaechkgeegckofjjedodee]
 
==================== Services (Whitelisted) ===================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
R2 Apple Mobile Device Service; C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe [99104 2021-08-20] (Apple Inc. -> Apple Inc.)
R2 ClickToRunSvc; C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exe [12034464 2021-11-04] (Microsoft Corporation -> Microsoft Corporation)
R2 DolbyDAXAPI; C:\Windows\System32\DriverStore\FileRepository\dax3_swc_aposvc.inf_amd64_fe9531bca29258f3\DAX3API.exe [1928648 2020-05-19] (Dolby Laboratories, Inc. -> Dolby Laboratories)
R2 FMAPOService; C:\Windows\System32\FMService64.exe [390400 2020-05-21] (Microsoft Windows Hardware Compatibility Publisher -> Fortemedia)
R2 ImControllerService; C:\Windows\Lenovo\ImController\Service\Lenovo.Modern.ImController.exe [81896 2021-08-12] (Lenovo -> Lenovo Group Ltd.)
R2 LenovoFnAndFunctionKeys; C:\Windows\System32\DriverStore\FileRepository\lenovofnandfunctionkeys.inf_amd64_b9fd1528982e300f\LenovoUtilityService.exe [539128 2021-08-26] (Lenovo -> Lenovo(beijing) Limited)
R2 MBAMService; C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe [7848632 2021-11-09] (Malwarebytes Inc -> Malwarebytes)
R2 UDCService; C:\Windows\System32\drivers\Lenovo\udc\Service\UDClientService.exe [116592 2021-07-21] (Lenovo -> Lenovo Group Ltd.)
S3 WdNisSvc; C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.2110.6-0\NisSrv.exe [2872024 2021-11-02] (Microsoft Windows Publisher -> Microsoft Corporation)
S3 WinDefend; C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.2110.6-0\MsMpEng.exe [128376 2021-11-02] (Microsoft Windows Publisher -> Microsoft Corporation)
S2 GamingServices; C:\Program Files\WindowsApps\Microsoft.GamingServices_2.57.20005.0_x64__8wekyb3d8bbwe\GamingServices.exe [X]
S2 GamingServicesNet; C:\Program Files\WindowsApps\Microsoft.GamingServices_2.57.20005.0_x64__8wekyb3d8bbwe\GamingServicesNet.exe [X]
S2 HelpDeskService; C:\Users\19192\AppData\Local\Temp\HelpDesk\u8\HelpDesk\RPCHelpDeskServiceUAC.exe [X] <==== ATTENTION
R2 NVDisplay.ContainerLocalSystem; C:\Windows\System32\DriverStore\FileRepository\nvlt.inf_amd64_5adc6075318430cf\Display.NvContainer\NVDisplay.Container.exe -s NVDisplay.ContainerLocalSystem -f %ProgramData%\NVIDIA\NVDisplay.ContainerLocalSystem.log -l 3 -d C:\Windows\System32\DriverStore\FileRepository\nvlt.inf_amd64_5adc6075318430cf\Display.NvContainer\plugins\LocalSystem -r -p 30000 -cfg NVDisplay.ContainerLocalSystem\LocalSystem
 
===================== Drivers (Whitelisted) ===================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
R1 ESProtectionDriver; C:\Windows\system32\drivers\mbae64.sys [160176 2021-09-05] (Microsoft Windows Hardware Compatibility Publisher -> Malwarebytes)
S3 FBNetFilter; C:\Windows\System32\drivers\FBNetFlt.sys [52688 2020-05-21] (LENOVO (UNITED STATES) INC. -> Lenovo Group Ltd.)
R1 googledrivefs3525; C:\Windows\System32\DRIVERS\googledrivefs3525.sys [389640 2021-10-18] (Google LLC -> Google, Inc.)
R2 MBAMChameleon; C:\Windows\System32\Drivers\MbamChameleon.sys [210352 2021-11-09] (Microsoft Windows Hardware Compatibility Publisher -> Malwarebytes)
S0 MbamElam; C:\Windows\System32\DRIVERS\MbamElam.sys [19912 2021-04-22] (Microsoft Windows Early Launch Anti-malware Publisher -> Malwarebytes)
R3 MBAMFarflt; C:\Windows\System32\DRIVERS\farflt.sys [193448 2021-11-09] (Microsoft Windows Hardware Compatibility Publisher -> Malwarebytes)
R3 MBAMProtection; C:\Windows\system32\DRIVERS\mbam.sys [69040 2021-11-09] (Microsoft Windows Hardware Compatibility Publisher -> Malwarebytes)
R3 MBAMSwissArmy; C:\Windows\System32\Drivers\mbamswissarmy.sys [248992 2021-10-03] (Malwarebytes Inc -> Malwarebytes)
R3 MBAMWebProtection; C:\Windows\system32\DRIVERS\mwac.sys [149424 2021-11-09] (Microsoft Windows Hardware Compatibility Publisher -> Malwarebytes)
S3 WdBoot; C:\Windows\system32\drivers\wd\WdBoot.sys [48520 2021-11-02] (Microsoft Windows Early Launch Anti-malware Publisher -> Microsoft Corporation)
S3 WdFilter; C:\Windows\system32\drivers\wd\WdFilter.sys [435424 2021-11-02] (Microsoft Windows -> Microsoft Corporation)
S3 WdNisDrv; C:\Windows\System32\drivers\wd\WdNisDrv.sys [86240 2021-11-02] (Microsoft Windows -> Microsoft Corporation)
 
==================== NetSvcs (Whitelisted) ===================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
 
==================== One month (created) (Whitelisted) =========
 
(If an entry is included in the fixlist, the file/folder will be moved.)
 
2021-11-14 20:11 - 2021-11-14 20:11 - 000024900 _____ C:\Users\19192\Desktop\FRST.txt
2021-11-14 19:53 - 2021-11-14 19:53 - 000000000 ___HD C:\$WinREAgent
2021-11-13 13:36 - 2021-11-13 13:36 - 000002068 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Drive.lnk
2021-11-13 13:36 - 2021-10-18 11:17 - 000389640 _____ (Google, Inc.) C:\Windows\system32\Drivers\googledrivefs3525.sys
2021-11-13 13:35 - 2021-11-13 13:36 - 261628248 _____ (Google, Inc.) C:\Users\19192\Desktop\GoogleDriveSetup.exe
2021-11-13 13:19 - 2021-11-13 13:19 - 000000000 ___HD C:\OneDriveTemp
2021-11-13 13:19 - 2021-04-03 14:53 - 000000172 ____R C:\Users\19192\OneDrive\Documents\Caroline's Notebook.url
2021-11-13 13:14 - 2021-11-13 13:14 - 000000000 ____D C:\Users\19192\AppData\Local\OneDrive
2021-11-10 15:07 - 2021-11-14 20:11 - 000000000 ____D C:\FRST
2021-11-10 12:14 - 2021-11-13 13:49 - 000000000 ____D C:\Users\19192\AppData\Local\CrashDumps
2021-11-09 22:49 - 2021-11-09 22:49 - 000210352 _____ (Malwarebytes) C:\Windows\system32\Drivers\MbamChameleon.sys
2021-11-09 22:49 - 2021-11-09 22:49 - 000193448 _____ (Malwarebytes) C:\Windows\system32\Drivers\farflt.sys
2021-11-09 22:49 - 2021-11-09 22:49 - 000149424 _____ (Malwarebytes) C:\Windows\system32\Drivers\mwac.sys
2021-11-09 22:49 - 2021-11-09 22:49 - 000069040 _____ (Malwarebytes) C:\Windows\system32\Drivers\mbam.sys
2021-11-09 22:48 - 2021-11-09 22:48 - 002101944 _____ (Malwarebytes) C:\Users\19192\Downloads\MBSetup-119967.119967-consumer.exe
2021-11-09 17:52 - 2021-11-09 17:52 - 000000000 ____D C:\Users\19192\AppData\Local\AAR
2021-11-09 17:48 - 2021-11-09 17:48 - 000000000 ____D C:\Users\defaultuser100001.LAPTOP-6BUIOIQ5.001\AppData\Local\Lenovo
2021-11-09 17:46 - 2021-11-09 17:48 - 000000000 ____D C:\Users\defaultuser100001.LAPTOP-6BUIOIQ5.001\AppData\Local\Packages
2021-11-09 17:46 - 2021-11-09 17:47 - 000000000 ____D C:\Users\defaultuser100001.LAPTOP-6BUIOIQ5.001\AppData\Local\Intel
2021-11-09 17:46 - 2021-11-09 17:46 - 000000020 ___SH C:\Users\defaultuser100001.LAPTOP-6BUIOIQ5.001\ntuser.ini
2021-11-09 17:46 - 2021-11-09 17:46 - 000000000 ____D C:\Users\defaultuser100001.LAPTOP-6BUIOIQ5.001\AppData\LocalLow\Intel
2021-11-09 17:46 - 2021-11-09 17:46 - 000000000 ____D C:\Users\defaultuser100001.LAPTOP-6BUIOIQ5.001\AppData\Local\VirtualStore
2021-11-09 17:46 - 2021-11-09 17:46 - 000000000 ____D C:\Users\defaultuser100001.LAPTOP-6BUIOIQ5.001\AppData\Local\NVIDIA Corporation
2021-11-09 17:46 - 2021-11-09 17:46 - 000000000 ____D C:\Users\defaultuser100001.LAPTOP-6BUIOIQ5.001\AppData\Local\ConnectedDevicesPlatform
2021-11-09 17:46 - 2021-11-09 17:46 - 000000000 ____D C:\Users\defaultuser100001.LAPTOP-6BUIOIQ5.001
2021-11-09 17:46 - 2019-12-07 01:10 - 000001105 _____ C:\Users\defaultuser100001.LAPTOP-6BUIOIQ5.001\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\OneDrive.lnk
2021-11-09 17:38 - 2021-11-09 17:38 - 000000000 ____D C:\Users\19192\AppData\Local\GoToAssist Remote Support Customer
2021-11-09 17:38 - 2021-11-09 17:38 - 000000000 ____D C:\Users\19192\AppData\Local\GoTo Opener
2021-11-09 17:21 - 2021-11-09 17:21 - 000000128 _____ C:\Users\19192\AppData\Local\PUTTY.RND
2021-11-09 17:17 - 2021-11-09 17:17 - 002745776 _____ C:\Users\19192\Downloads\ShowMyPC3606.exe
2021-11-09 16:48 - 2021-11-09 17:56 - 000000000 ____D C:\ProgramData\HelpDeskHost
2021-11-09 16:48 - 2021-11-09 16:48 - 000368560 _____ () C:\Users\19192\Downloads\HelpDesk_495711758.exe
2021-11-09 16:48 - 2021-11-09 16:48 - 000003124 _____ C:\Windows\system32\Tasks\KillHelpDeskService
2021-11-09 16:48 - 2021-11-09 16:48 - 000000000 ____D C:\ProgramData\RemotePC
2021-11-09 16:48 - 2021-11-09 16:48 - 000000000 ____D C:\Program Files (x86)\RemotePC
2021-11-08 14:21 - 2021-11-08 14:21 - 000000000 ___HD C:\Windows\system32\CanonIJ Uninstaller Information
2021-11-08 14:21 - 2021-11-08 14:21 - 000000000 ___HD C:\ProgramData\CanonBJ
2021-11-08 14:21 - 2021-11-08 14:21 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Canon MP830
2021-11-08 14:21 - 2006-10-03 09:37 - 000003072 _____ C:\Windows\system32\CNCFLbNL.DLL
2021-11-08 14:21 - 2006-09-21 11:49 - 000003584 _____ (Canon Inc.) C:\Windows\system32\CNCFLbPT.DLL
2021-11-08 14:21 - 2006-09-21 11:49 - 000003584 _____ (Canon Inc.) C:\Windows\system32\CNCFLbES.DLL
2021-11-08 14:21 - 2006-09-21 11:49 - 000003584 _____ (Canon Inc.) C:\Windows\system32\CNCFLbDE.DLL
2021-11-08 14:21 - 2006-09-21 11:49 - 000003072 _____ (Canon Inc.) C:\Windows\system32\CNCFLbRU.DLL
2021-11-08 14:21 - 2006-09-21 11:49 - 000003072 _____ (Canon Inc.) C:\Windows\system32\CNCFLbPL.DLL
2021-11-08 14:21 - 2006-09-21 11:49 - 000003072 _____ (Canon Inc.) C:\Windows\system32\CNCFLbIT.DLL
2021-11-08 14:21 - 2006-09-21 11:49 - 000003072 _____ (Canon Inc.) C:\Windows\system32\CNCFLbFR.DLL
2021-11-08 14:21 - 2006-09-20 15:15 - 000003072 _____ (Canon Inc.) C:\Windows\system32\CNCFLbCN.DLL
2021-11-08 14:21 - 2006-09-20 11:37 - 000003072 _____ (Canon Inc.) C:\Windows\system32\CNCFLbKR.DLL
2021-11-08 14:21 - 2006-09-20 09:18 - 000003072 _____ (Canon Inc.) C:\Windows\system32\CNCFLbTW.DLL
2021-11-08 14:21 - 2006-09-13 11:32 - 000188928 _____ (Canon Inc.) C:\Windows\system32\CNCF2Lb.DLL
2021-11-08 14:21 - 2006-09-13 11:31 - 000093696 _____ (Canon Inc.) C:\Windows\system32\CNCFMSb.EXE
2021-11-08 14:21 - 2006-09-13 11:30 - 000003072 _____ (Canon Inc.) C:\Windows\system32\CNCFLbUS.DLL
2021-11-08 14:21 - 2006-09-13 11:28 - 000270336 _____ (CANON INC.) C:\Windows\system32\CNCC830.DLL
2021-11-08 14:21 - 2006-09-13 11:28 - 000049664 _____ (CANON INC.) C:\Windows\system32\CNCI830.DLL
2021-11-08 14:21 - 2006-09-13 05:00 - 000234496 _____ (CANON INC.) C:\Windows\system32\CNMLM7Q.DLL
2021-11-08 14:21 - 2006-06-29 14:30 - 000017408 _____ (Canon Inc.) C:\Windows\system32\cncisco.x64.dll
2021-11-08 14:21 - 2005-11-07 09:58 - 000122368 _____ (Canon Inc.) C:\Windows\system32\CNCL830.DLL
2021-11-08 14:20 - 2021-11-08 14:20 - 000000000 ___HD C:\Program Files\CanonBJ
2021-11-08 14:17 - 2021-11-08 14:17 - 016555152 _____ C:\Users\19192\Downloads\md64-win-mp830-1_12-ea12.exe
2021-11-08 14:09 - 2021-11-08 14:09 - 000266205 _____ C:\Users\19192\Downloads\Ming's lychee martini.pdf
2021-11-08 14:09 - 2021-11-08 14:09 - 000000000 ____D C:\Users\19192\AppData\LocalLow\Temp
2021-11-08 14:06 - 2021-11-08 14:06 - 000000000 ____H C:\Windows\system32\Drivers\Msft_User_WpdFs_01_11_00.Wdf
2021-11-08 13:22 - 2021-11-08 13:22 - 000138905 _____ C:\Users\19192\Downloads\2020_TaxReturn.pdf
2021-11-03 17:03 - 2021-11-03 17:03 - 000000000 ____D C:\Users\19192\AppData\Local\ElevatedDiagnostics
2021-11-03 16:47 - 2021-11-03 16:47 - 000001827 _____ C:\Users\Public\Desktop\iTunes.lnk
2021-11-03 16:47 - 2021-11-03 16:47 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\iTunes
2021-11-03 16:47 - 2021-11-03 16:47 - 000000000 ____D C:\Program Files\iTunes
2021-11-02 20:10 - 2021-11-02 20:10 - 000001157 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\PC Health Check.lnk
2021-11-02 20:10 - 2021-11-02 20:10 - 000000000 ____D C:\Program Files\PCHealthCheck
 
==================== One month (modified) ==================
 
(If an entry is included in the fixlist, the file/folder will be moved.)
 
2021-11-14 19:54 - 2021-04-14 10:43 - 000004168 _____ C:\Windows\system32\Tasks\User_Feed_Synchronization-{008B1671-6ABD-46AE-ABF7-73DFDE00F4AA}
2021-11-14 19:54 - 2021-04-14 04:56 - 000000000 ____D C:\Program Files (x86)\Google
2021-11-14 19:54 - 2021-04-14 04:49 - 000000000 ____D C:\Users\19192\AppData\Local\Packages
2021-11-14 19:54 - 2021-03-10 07:02 - 000000000 ____D C:\ProgramData\NVIDIA
2021-11-14 19:54 - 2019-12-07 01:14 - 000000000 ____D C:\Windows\AppReadiness
2021-11-14 19:53 - 2019-12-07 01:14 - 000000000 ___HD C:\Program Files\WindowsApps
2021-11-14 19:52 - 2021-03-10 06:48 - 000002449 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Edge.lnk
2021-11-14 19:51 - 2020-05-06 10:33 - 000000000 ____D C:\Windows\system32\SleepStudy
2021-11-14 19:51 - 2019-12-07 01:14 - 000000000 ____D C:\ProgramData\regid.1991-06.com.microsoft
2021-11-13 13:49 - 2021-04-14 04:50 - 000000000 ___RD C:\Users\19192\OneDrive
2021-11-13 13:36 - 2021-04-14 04:56 - 000000000 ____D C:\Users\19192\AppData\Local\Google
2021-11-13 13:36 - 2021-04-14 04:56 - 000000000 ____D C:\Program Files\Google
2021-11-13 13:19 - 2021-04-14 04:26 - 000000000 ____D C:\Users\19192
2021-11-13 13:04 - 2021-04-14 04:50 - 000000000 ____D C:\Users\19192\AppData\Local\Lenovo
2021-11-13 13:04 - 2021-03-10 07:03 - 000000000 ____D C:\Program Files (x86)\Lenovo
2021-11-13 13:04 - 2021-03-10 06:51 - 000000000 ____D C:\Windows\system32\Tasks\Lenovo
2021-11-13 13:04 - 2021-03-10 06:51 - 000000000 ____D C:\ProgramData\Lenovo
2021-11-13 13:04 - 2019-12-07 01:14 - 000000000 ___RD C:\Windows\ImmersiveControlPanel
2021-11-12 17:31 - 2019-12-07 01:03 - 000000000 ____D C:\Windows\CbsTemp
2021-11-12 17:30 - 2021-04-19 07:35 - 000000000 ____D C:\Windows\system32\MRT
2021-11-12 17:28 - 2021-03-10 06:52 - 000000000 ____D C:\Program Files\Microsoft Office
2021-11-12 17:21 - 2021-04-19 07:35 - 141529560 ____C (Microsoft Corporation) C:\Windows\system32\MRT.exe
2021-11-10 15:10 - 2019-12-07 01:13 - 000000000 ____D C:\Windows\INF
2021-11-09 22:49 - 2021-04-22 13:36 - 000002044 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes.lnk
2021-11-09 22:49 - 2021-04-22 13:36 - 000002032 _____ C:\Users\Public\Desktop\Malwarebytes.lnk
2021-11-09 22:48 - 2021-04-22 13:36 - 000000000 ____D C:\ProgramData\Malwarebytes
2021-11-09 22:48 - 2021-04-22 13:35 - 000000000 ____D C:\Program Files\Malwarebytes
2021-11-09 22:46 - 2019-12-07 01:14 - 000000000 ____D C:\Windows\system32\NDF
2021-11-09 17:55 - 2021-04-22 13:29 - 000000000 ____D C:\Users\19192\AppData\Local\D3DSCache
2021-11-09 17:52 - 2021-07-25 12:34 - 000696106 _____ C:\Windows\system32\perfh00E.dat
2021-11-09 17:52 - 2021-07-25 12:34 - 000155082 _____ C:\Windows\system32\perfc00E.dat
2021-11-09 17:52 - 2020-05-06 10:41 - 001634274 _____ C:\Windows\system32\PerfStringBackup.INI
2021-11-09 17:48 - 2021-04-14 04:49 - 000000000 __SHD C:\Users\19192\IntelGraphicsProfiles
2021-11-09 17:46 - 2021-03-10 06:59 - 000000000 ___HD C:\Intel
2021-11-09 17:46 - 2020-05-06 10:33 - 000439016 _____ C:\Windows\system32\FNTCACHE.DAT
2021-11-09 17:46 - 2020-05-06 10:33 - 000008192 ___SH C:\DumpStack.log.tmp
2021-11-09 17:46 - 2020-05-06 10:33 - 000000006 ____H C:\Windows\Tasks\SA.DAT
2021-11-09 17:46 - 2019-12-07 01:14 - 000000000 ____D C:\Windows\ServiceState
2021-11-09 17:45 - 2019-12-07 01:14 - 000000000 ____D C:\Windows\SysWOW64\setup
2021-11-09 17:45 - 2019-12-07 01:14 - 000000000 ____D C:\Windows\SysWOW64\oobe
2021-11-09 17:45 - 2019-12-07 01:14 - 000000000 ____D C:\Windows\SysWOW64\Dism
2021-11-09 17:45 - 2019-12-07 01:14 - 000000000 ____D C:\Windows\SystemResources
2021-11-09 17:45 - 2019-12-07 01:14 - 000000000 ____D C:\Windows\system32\WinBioPlugIns
2021-11-09 17:45 - 2019-12-07 01:14 - 000000000 ____D C:\Windows\system32\setup
2021-11-09 17:45 - 2019-12-07 01:14 - 000000000 ____D C:\Windows\system32\oobe
2021-11-09 17:45 - 2019-12-07 01:14 - 000000000 ____D C:\Windows\system32\Dism
2021-11-09 17:45 - 2019-12-07 01:14 - 000000000 ____D C:\Windows\Provisioning
2021-11-09 17:45 - 2019-12-07 01:14 - 000000000 ____D C:\Windows\bcastdvr
2021-11-09 17:45 - 2019-12-07 01:14 - 000000000 ____D C:\Program Files\Common Files\System
2021-11-09 17:45 - 2019-12-07 01:03 - 001572864 _____ C:\Windows\system32\config\BBI
2021-11-08 14:21 - 2019-12-07 01:14 - 000000000 __RSD C:\Windows\Media
2021-11-07 14:04 - 2021-04-14 04:50 - 000003380 _____ C:\Windows\system32\Tasks\OneDrive Standalone Update Task-S-1-5-21-4005300964-2302935580-1863167367-1001
2021-11-07 14:04 - 2021-04-14 04:26 - 000002394 _____ C:\Users\19192\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\OneDrive.lnk
2021-11-02 21:03 - 2021-04-14 04:49 - 000004321 _____ C:\Windows\system32\InstallUtil.InstallLog
2021-11-02 20:10 - 2020-05-06 10:33 - 000000000 ____D C:\Windows\system32\Drivers\wd
2021-10-29 16:20 - 2021-04-14 04:56 - 000002258 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk
2021-10-29 16:20 - 2021-04-14 04:56 - 000002217 _____ C:\Users\Public\Desktop\Google Chrome.lnk
2021-10-19 14:44 - 2021-03-10 06:48 - 000003480 _____ C:\Windows\system32\Tasks\MicrosoftEdgeUpdateTaskMachineUA
2021-10-19 14:44 - 2021-03-10 06:48 - 000003356 _____ C:\Windows\system32\Tasks\MicrosoftEdgeUpdateTaskMachineCore
 
==================== Files in the root of some directories ========
 
2021-11-09 17:21 - 2021-11-09 17:21 - 000000128 _____ () C:\Users\19192\AppData\Local\PUTTY.RND
 
==================== SigCheck ============================
 
(There is no automatic fix for files that do not pass verification.)
 
==================== End of FRST.txt ========================
 
 
 
 
Additional scan result of Farbar Recovery Scan Tool (x64) Version: 09-11-2021
Ran by 19192 (14-11-2021 20:11:55)
Running from C:\Users\19192\Desktop
Microsoft Windows 10 Home Version 20H2 19042.1110 (X64) (2021-04-14 12:23:10)
Boot Mode: Normal
==========================================================
 
 
==================== Accounts: =============================
 
 
(If an entry is included in the fixlist, it will be removed.)
 
19192 (S-1-5-21-4005300964-2302935580-1863167367-1001 - Administrator - Enabled) => C:\Users\19192
Administrator (S-1-5-21-4005300964-2302935580-1863167367-500 - Administrator - Disabled)
DefaultAccount (S-1-5-21-4005300964-2302935580-1863167367-503 - Limited - Disabled)
defaultuser100000 (S-1-5-21-4005300964-2302935580-1863167367-1018 - Limited - Enabled)
Guest (S-1-5-21-4005300964-2302935580-1863167367-501 - Limited - Disabled)
WDAGUtilityAccount (S-1-5-21-4005300964-2302935580-1863167367-504 - Limited - Disabled)
 
==================== Security Center ========================
 
(If an entry is included in the fixlist, it will be removed.)
 
AV: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AV: Malwarebytes (Enabled - Up to date) {23007AD3-69FE-687C-2629-D584AFFAF72B}
 
==================== Installed Programs ======================
 
(Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)
 
Apple Mobile Device Support (HKLM\...\{527DD209-8A66-482F-8779-C7B3BACCA8F1}) (Version: 15.0.0.16 - Apple Inc.)
Apple Software Update (HKLM-x32\...\{A3985C05-7386-411F-A4BF-32A73F37EB44}) (Version: 2.6.3.1 - Apple Inc.)
Bonjour (HKLM\...\{56DDDFB8-7F79-4480-89D5-25E1F52AB28F}) (Version: 3.1.0.1 - Apple Inc.)
Canon MP830 MP Drivers (HKLM\...\{0D25F7CC-B99C-44ee-9945-B14532B2BB7B}) (Version:  - Canon Inc.)
DriverUpdate (HKLM\...\{70A3DB76-E1F1-4D1C-B791-824F1C63238A}) (Version: 5.8.19 - Slimware Utilities Holdings, Inc.) Hidden <==== ATTENTION
DriverUpdate (HKLM\...\DriverUpdate) (Version: 5.8.19 - Slimware Utilities Holdings, Inc.) <==== ATTENTION
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 95.0.4638.69 - Google LLC)
Google Drive (HKLM\...\{6BBAE539-2232-434A-A4E5-9A33560C6283}) (Version: 52.0.6.0 - Google LLC)
GoTo Opener (HKLM-x32\...\{C0F33C38-345C-4C02-B161-11389350C2A5}) (Version: 1.0.533 - LogMeIn, Inc.)
Intel® Chipset Device Software (HKLM-x32\...\{afad3740-3061-4b48-a9ab-6f1435cb3dd6}) (Version: 10.1.18383.8213 - Intel® Corporation)
iTunes (HKLM\...\{0B3CC856-3A62-443A-B6CE-DED2D4495D56}) (Version: 12.12.2.2 - Apple Inc.)
Logitech Options (HKLM\...\LogiOptions) (Version: 8.10.84 - Logitech)
Malwarebytes version 4.4.10.144 (HKLM\...\{35065F43-4BB2-439A-BFF7-0F1014F2E0CD}_is1) (Version: 4.4.10.144 - Malwarebytes)
Microsoft 365 - en-us (HKLM\...\O365HomePremRetail - en-us) (Version: 16.0.14527.20276 - Microsoft Corporation)
Microsoft Edge (HKLM-x32\...\Microsoft Edge) (Version: 95.0.1020.53 - Microsoft Corporation)
Microsoft Edge WebView2 Runtime (HKLM-x32\...\Microsoft EdgeWebView) (Version: 95.0.1020.53 - Microsoft Corporation)
Microsoft OneDrive (HKU\S-1-5-21-4005300964-2302935580-1863167367-1001\...\OneDriveSetup.exe) (Version: 21.205.1003.0005 - Microsoft Corporation)
Microsoft Update Health Tools (HKLM\...\{29B15818-E79F-4AB0-8938-9410C807AD76}) (Version: 2.84.0.0 - Microsoft Corporation)
Microsoft Visual C++ 2015-2019 Redistributable (x64) - 14.26.28720 (HKLM-x32\...\{7d607fb4-7e28-4c7a-a92f-3fcdaf555faf}) (Version: 14.26.28720.3 - Microsoft Corporation)
NVIDIA GeForce Experience 3.20.4.14 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.GFExperience) (Version: 3.20.4.14 - NVIDIA Corporation)
NVIDIA Graphics Driver 462.30 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver) (Version: 462.30 - NVIDIA Corporation)
NVIDIA PhysX System Software 9.20.0221 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.PhysX) (Version: 9.20.0221 - NVIDIA Corporation)
Office 16 Click-to-Run Extensibility Component (HKLM\...\{90160000-008C-0000-1000-0000000FF1CE}) (Version: 16.0.14527.20276 - Microsoft Corporation) Hidden
Office 16 Click-to-Run Licensing Component (HKLM\...\{90160000-007E-0000-1000-0000000FF1CE}) (Version: 16.0.14527.20276 - Microsoft Corporation) Hidden
Office 16 Click-to-Run Localization Component (HKLM\...\{90160000-008C-0409-1000-0000000FF1CE}) (Version: 16.0.14131.20278 - Microsoft Corporation) Hidden
Windows PC Health Check (HKLM\...\{B1E7D0FD-7CFE-4E0C-A5DA-0F676499DB91}) (Version: 3.2.2110.14001 - Microsoft Corporation)
 
Packages:
=========
AV1 Video Extension -> C:\Program Files\WindowsApps\Microsoft.AV1VideoExtension_1.1.41601.0_x64__8wekyb3d8bbwe [2021-07-24] (Microsoft Corporation)
Dolby Audio -> C:\Program Files\WindowsApps\DolbyLaboratories.DolbyAudio_3.20602.609.0_x64__rz1tebttyb220 [2021-03-10] (Dolby Laboratories)
Intel® Graphics Command Center -> C:\Program Files\WindowsApps\AppUp.IntelGraphicsExperience_1.100.3370.0_x64__8j3eq9eme6ctt [2021-10-05] (INTEL CORP) [Startup Task]
Microsoft Solitaire Collection -> C:\Program Files\WindowsApps\Microsoft.MicrosoftSolitaireCollection_4.10.10270.0_x64__8wekyb3d8bbwe [2021-11-02] (Microsoft Studios) [MS Ad]
MPEG-2 Video Extension -> C:\Program Files\WindowsApps\Microsoft.MPEG2VideoExtension_1.0.42152.0_x64__8wekyb3d8bbwe [2021-09-10] (Microsoft Corporation)
NVIDIA Control Panel -> C:\Program Files\WindowsApps\NVIDIACorp.NVIDIAControlPanel_8.1.961.0_x64__56jybvy8sckqj [2021-06-11] (NVIDIA Corp.)
Photos Media Engine Add-on -> C:\Program Files\WindowsApps\Microsoft.Photos.MediaEngineDLC_1.0.0.0_x64__8wekyb3d8bbwe [2021-07-25] (Microsoft Corporation)
Realtek Audio Control -> C:\Program Files\WindowsApps\RealtekSemiconductorCorp.RealtekAudioControl_1.14.221.0_x64__dt26b99r8h8gj [2021-03-10] (Realtek Semiconductor Corp)
Spotify Music -> C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.172.439.0_x86__zpdnekdrzrea0 [2021-11-14] (Spotify AB) [Startup Task]
 
==================== Custom CLSID (Whitelisted): ==============
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
CustomCLSID: HKU\S-1-5-21-4005300964-2302935580-1863167367-1001_Classes\CLSID\{018D5C66-4533-4307-9B53-224DE2ED1FE6} -> [OneDrive - Personal] => {a52bba46-e9e1-435f-b3d9-28daa648c0f6}
ShellIconOverlayIdentifiers: [    GoogleDriveCloudOverlayIconHandler] -> {A8E52322-8734-481D-A7E2-27B309EF8D56} => C:\Program Files\Google\Drive File Stream\52.0.6.0\drivefsext.dll [2021-10-18] (Google LLC -> Google, Inc.)
ShellIconOverlayIdentifiers: [    GoogleDriveMirrorBlacklistedOverlayIconHandler] -> {51EF1569-67EE-4AD6-9646-E726C3FFC8A2} => C:\Program Files\Google\Drive File Stream\52.0.6.0\drivefsext.dll [2021-10-18] (Google LLC -> Google, Inc.)
ShellIconOverlayIdentifiers: [    GoogleDrivePinnedOverlayIconHandler] -> {CFE8B367-77A7-41D7-9C90-75D16D7DC6B6} => C:\Program Files\Google\Drive File Stream\52.0.6.0\drivefsext.dll [2021-10-18] (Google LLC -> Google, Inc.)
ShellIconOverlayIdentifiers: [    GoogleDriveProgressOverlayIconHandler] -> {C973DA94-CBDF-4E77-81D1-E5B794FBD146} => C:\Program Files\Google\Drive File Stream\52.0.6.0\drivefsext.dll [2021-10-18] (Google LLC -> Google, Inc.)
ContextMenuHandlers1: [DriveFS 28 or later] -> {EE15C2BD-CECB-49F8-A113-CA1BFC528F5B} => C:\Program Files\Google\Drive File Stream\52.0.6.0\drivefsext.dll [2021-10-18] (Google LLC -> Google, Inc.)
ContextMenuHandlers3: [MBAMShlExt] -> {57CE581A-0CB6-4266-9CA0-19364C90A0B3} => C:\Program Files\Malwarebytes\Anti-Malware\mbshlext.dll [2021-04-22] (Malwarebytes Corporation -> Malwarebytes)
ContextMenuHandlers4: [DriveFS 28 or later] -> {EE15C2BD-CECB-49F8-A113-CA1BFC528F5B} => C:\Program Files\Google\Drive File Stream\52.0.6.0\drivefsext.dll [2021-10-18] (Google LLC -> Google, Inc.)
ContextMenuHandlers5: [DriveFS 28 or later] -> {EE15C2BD-CECB-49F8-A113-CA1BFC528F5B} => C:\Program Files\Google\Drive File Stream\52.0.6.0\drivefsext.dll [2021-10-18] (Google LLC -> Google, Inc.)
ContextMenuHandlers5: [NvCplDesktopContext] -> {3D1975AF-48C6-4f8e-A182-BE0E08FA86A9} => C:\Windows\System32\DriverStore\FileRepository\nvlt.inf_amd64_5adc6075318430cf\nvshext.dll [2021-08-31] (NVIDIA Corporation -> NVIDIA Corporation)
ContextMenuHandlers6: [MBAMShlExt] -> {57CE581A-0CB6-4266-9CA0-19364C90A0B3} => C:\Program Files\Malwarebytes\Anti-Malware\mbshlext.dll [2021-04-22] (Malwarebytes Corporation -> Malwarebytes)
 
==================== Codecs (Whitelisted) ====================
 
==================== Shortcuts & WMI ========================
 
==================== Loaded Modules (Whitelisted) =============
 
2019-10-21 04:56 - 2019-10-21 04:56 - 000144896 _____ () [File not signed] C:\ProgramData\Logishrd\LogiOptions\Software\Current\laclient\libssh2.dll
2019-10-21 04:56 - 2019-10-21 04:56 - 000077824 _____ () [File not signed] C:\ProgramData\Logishrd\LogiOptions\Software\Current\laclient\zlib.dll
2021-03-10 06:53 - 2021-03-10 06:53 - 000000000 ____L (Microsoft Corporation) [simlink -> C:\Program Files\Common Files\Microsoft Shared\ClickToRun\AppvIsvSubsystems64.dll] C:\Program Files\Microsoft Office\Root\Office16\AppVIsvSubsystems64.dll
2021-03-10 06:53 - 2021-03-10 06:53 - 000000000 ____L (Microsoft Corporation) [simlink -> C:\Program Files\Common Files\Microsoft Shared\ClickToRun\C2R64.dll] C:\Program Files\Microsoft Office\Root\Office16\c2r64.dll
2021-06-11 06:57 - 2020-11-03 04:08 - 000954864 _____ (SQLite Development Team) [File not signed] C:\ProgramData\Lenovo\iMController\Plugins\LenovoWiFiSecurityPlugin\x86\x86\e_sqlite3.dll
2019-10-21 04:56 - 2019-10-21 04:56 - 000355840 _____ (The cURL library, hxxp://curl.haxx.se/) [File not signed] C:\ProgramData\Logishrd\LogiOptions\Software\Current\laclient\LIBCURL.dll
2019-10-21 04:56 - 2019-10-21 04:56 - 002286747 _____ (The OpenSSL Project, hxxp://www.openssl.org/) [File not signed] C:\ProgramData\Logishrd\LogiOptions\Software\Current\laclient\LIBEAY32.dll
2019-10-21 04:56 - 2019-10-21 04:56 - 000416627 _____ (The OpenSSL Project, hxxp://www.openssl.org/) [File not signed] C:\ProgramData\Logishrd\LogiOptions\Software\Current\laclient\SSLEAY32.dll
 
==================== Alternate Data Streams (Whitelisted) ========
 
==================== Safe Mode (Whitelisted) ==================
 
(If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)
 
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MBAMService => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\MBAMService => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\McMPFSvc => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\MCODS => ""="Service"
 
==================== Association (Whitelisted) =================
 
==================== Internet Explorer (Whitelisted) ==========
 
HKU\S-1-5-21-4005300964-2302935580-1863167367-1001\Software\Microsoft\Internet Explorer\Main,Secondary Start Pages = hxxp://mystart.lenovo.com/
SearchScopes: HKU\S-1-5-21-4005300964-2302935580-1863167367-1001 -> DefaultScope {10ABE9E3-13DA-46DD-B4E9-AA1779861B5A} URL = 
SearchScopes: HKU\S-1-5-21-4005300964-2302935580-1863167367-1001 -> {10ABE9E3-13DA-46DD-B4E9-AA1779861B5A} URL = 
BHO-x32: Skype for Business Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files\Microsoft Office\root\VFS\ProgramFilesX86\Microsoft Office\Office16\OCHelper.dll [2021-10-29] (Microsoft Corporation -> Microsoft Corporation)
Handler: mso-minsb-roaming.16 - {83C25742-A9F7-49FB-9138-434302C88D07} - C:\Program Files\Microsoft Office\root\Office16\MSOSB.DLL [2021-10-29] (Microsoft Corporation -> Microsoft Corporation)
Handler-x32: mso-minsb-roaming.16 - {83C25742-A9F7-49FB-9138-434302C88D07} - C:\Program Files\Microsoft Office\root\VFS\ProgramFilesX86\Microsoft Office\Office16\MSOSB.DLL [2021-10-29] (Microsoft Corporation -> Microsoft Corporation)
Handler: mso-minsb.16 - {42089D2D-912D-4018-9087-2B87803E93FB} - C:\Program Files\Microsoft Office\root\Office16\MSOSB.DLL [2021-10-29] (Microsoft Corporation -> Microsoft Corporation)
Handler-x32: mso-minsb.16 - {42089D2D-912D-4018-9087-2B87803E93FB} - C:\Program Files\Microsoft Office\root\VFS\ProgramFilesX86\Microsoft Office\Office16\MSOSB.DLL [2021-10-29] (Microsoft Corporation -> Microsoft Corporation)
Handler: osf-roaming.16 - {42089D2D-912D-4018-9087-2B87803E93FB} - C:\Program Files\Microsoft Office\root\Office16\MSOSB.DLL [2021-10-29] (Microsoft Corporation -> Microsoft Corporation)
Handler-x32: osf-roaming.16 - {42089D2D-912D-4018-9087-2B87803E93FB} - C:\Program Files\Microsoft Office\root\VFS\ProgramFilesX86\Microsoft Office\Office16\MSOSB.DLL [2021-10-29] (Microsoft Corporation -> Microsoft Corporation)
Handler: osf.16 - {5504BE45-A83B-4808-900A-3A5C36E7F77A} - C:\Program Files\Microsoft Office\root\Office16\MSOSB.DLL [2021-10-29] (Microsoft Corporation -> Microsoft Corporation)
Handler-x32: osf.16 - {5504BE45-A83B-4808-900A-3A5C36E7F77A} - C:\Program Files\Microsoft Office\root\VFS\ProgramFilesX86\Microsoft Office\Office16\MSOSB.DLL [2021-10-29] (Microsoft Corporation -> Microsoft Corporation)
 
==================== Hosts content: =========================
 
(If needed Hosts: directive could be included in the fixlist to reset Hosts.)
 
2019-12-07 01:14 - 2019-12-07 01:12 - 000000824 _____ C:\Windows\system32\drivers\etc\hosts
 
==================== Other Areas ===========================
 
(Currently there is no automatic fix for this section.)
 
HKU\S-1-5-21-4005300964-2302935580-1863167367-1001\Control Panel\Desktop\\Wallpaper -> C:\Users\19192\Downloads\DaveGrohlnme.jpg
DNS Servers: 192.168.0.1
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1)
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer => (SmartScreenEnabled: )
Windows Firewall is enabled.
 
==================== MSCONFIG/TASK MANAGER disabled items ==
 
(If an entry is included in the fixlist, it will be removed.)
 
HKLM\...\StartupApproved\Run: => "SecurityHealth"
HKU\S-1-5-21-4005300964-2302935580-1863167367-1001\...\StartupApproved\Run: => "DriverUpdate"
 
==================== FirewallRules (Whitelisted) ================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
FirewallRules: [{D5C3E1EA-BD09-48CB-A3DF-30592CE419BE}] => (Allow) C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe (NVIDIA Corporation -> NVIDIA Corporation)
FirewallRules: [{7D0B604C-038B-4FC1-8930-8B3126440FEE}] => (Allow) C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe (NVIDIA Corporation -> NVIDIA Corporation)
FirewallRules: [{64AE00D8-D5BF-4F49-915E-B3CD49991C10}] => (Allow) C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe (NVIDIA Corporation -> NVIDIA Corporation)
FirewallRules: [{9F51071C-07F0-4F8D-B0DD-911B5778B273}] => (Allow) C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe (NVIDIA Corporation -> NVIDIA Corporation)
FirewallRules: [{2E6FD9BC-4929-4D79-95F3-D2819EFD8469}] => (Allow) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamer.exe (NVIDIA Corporation -> NVIDIA Corporation)
FirewallRules: [{8F5F7D55-AE49-4AA7-8ED5-1E5382FBB307}] => (Allow) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamer.exe (NVIDIA Corporation -> NVIDIA Corporation)
FirewallRules: [{7B96223D-344F-49E8-BB86-B099582965B2}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe (Apple Inc. -> Apple Inc.)
FirewallRules: [{9383BB08-115F-46DC-B831-A85457068B9B}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe (Apple Inc. -> Apple Inc.)
FirewallRules: [{BFC9211C-A41A-4B30-8C01-FA8734904EBE}] => (Allow) C:\Program Files (x86)\Bonjour\mDNSResponder.exe (Apple Inc. -> Apple Inc.)
FirewallRules: [{7518B9C5-4A36-4D2B-A28C-A99A57CAE376}] => (Allow) C:\Program Files (x86)\Bonjour\mDNSResponder.exe (Apple Inc. -> Apple Inc.)
FirewallRules: [{6871DEBF-FBD1-4584-9C5E-1C209E52B0C8}] => (Allow) C:\ProgramData\Logishrd\LogiOptions\Software\Current\LogiOptionsMgr.EXE (Logitech Inc -> Logitech, Inc.)
FirewallRules: [{E616003B-1FCD-492F-904C-741D360C791D}] => (Allow) C:\Program Files\Microsoft Office\root\Office16\outlook.exe (Microsoft Corporation -> Microsoft Corporation)
FirewallRules: [{BC52CFF5-BB26-4FDE-B744-4B82C17B32B7}] => (Allow) C:\Program Files\Google\Chrome\Application\chrome.exe (Google LLC -> Google LLC)
FirewallRules: [{6627577B-64FB-4315-97B9-C34E3C125B52}] => (Allow) C:\Program Files\iTunes\iTunes.exe (Apple Inc. -> Apple Inc.)
FirewallRules: [{BCEDF912-EBF8-4D18-9963-02964EFCA403}] => (Allow) C:\Program Files\WindowsApps\Microsoft.SkypeApp_15.78.159.0_x86__kzf8qxf38zg5c\Skype\Skype.exe (Skype Software Sarl -> Skype Technologies S.A.)
FirewallRules: [{3E9EEA9D-7126-41F6-BB63-4B7392F2ABAB}] => (Allow) C:\Program Files\WindowsApps\Microsoft.SkypeApp_15.78.159.0_x86__kzf8qxf38zg5c\Skype\Skype.exe (Skype Software Sarl -> Skype Technologies S.A.)
FirewallRules: [{F2139E85-C9BC-4E88-AB7E-C822C2957553}] => (Allow) C:\Program Files\WindowsApps\Microsoft.SkypeApp_15.78.159.0_x86__kzf8qxf38zg5c\Skype\Skype.exe (Skype Software Sarl -> Skype Technologies S.A.)
FirewallRules: [{93B3FA20-4261-4EC3-9A8E-33FEFA400597}] => (Allow) C:\Program Files\WindowsApps\Microsoft.SkypeApp_15.78.159.0_x86__kzf8qxf38zg5c\Skype\Skype.exe (Skype Software Sarl -> Skype Technologies S.A.)
FirewallRules: [{E281517D-A7B0-4B35-98C2-15EDAB153D75}] => (Allow) C:\Users\19192\AppData\Local\Temp\HelpDesk\u8\HelpDesk\RPCHelpDeskServiceUAC.exe => No File
FirewallRules: [{868BB4AB-5C17-4ED0-A373-2D0A60535557}] => (Allow) C:\Users\19192\AppData\Local\Temp\HelpDesk\u8\HelpDesk\RPCHelpDeskServiceUAC.exe => No File
FirewallRules: [{C7F4D455-330B-4ACC-BC29-DF1ACFF695FE}] => (Allow) C:\Users\19192\AppData\Local\Temp\ShowMyPC\-ShowMyPC3606\SMPCSetup.exe => No File
FirewallRules: [{5806E64E-1B06-4E0B-B9C2-B4EF9AFB8809}] => (Allow) C:\Users\19192\AppData\Local\Temp\ShowMyPC\-ShowMyPC3606\tvnserver.exe => No File
FirewallRules: [{45671AFA-8FBD-4F27-8BE0-35BDC1A7C406}] => (Allow) C:\Program Files (x86)\Microsoft\EdgeWebView\Application\95.0.1020.53\msedgewebview2.exe (Microsoft Corporation -> Microsoft Corporation)
FirewallRules: [{3EFDD2F4-2367-4881-9600-7F4CDCA30DCF}] => (Allow) C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.172.439.0_x86__zpdnekdrzrea0\Spotify.exe (Spotify AB -> Spotify Ltd)
FirewallRules: [{03646D20-6E5C-4CD5-A316-E57F5B2BF8D3}] => (Allow) C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.172.439.0_x86__zpdnekdrzrea0\Spotify.exe (Spotify AB -> Spotify Ltd)
FirewallRules: [{A188224B-E5AD-4802-BD1C-C73937185DD4}] => (Allow) C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.172.439.0_x86__zpdnekdrzrea0\Spotify.exe (Spotify AB -> Spotify Ltd)
FirewallRules: [{E6D8527E-99AD-4C2F-9BDD-B781EAE28F53}] => (Allow) C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.172.439.0_x86__zpdnekdrzrea0\Spotify.exe (Spotify AB -> Spotify Ltd)
FirewallRules: [{973868AC-5DF0-49FB-A3C6-7C40E1193B28}] => (Allow) C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.172.439.0_x86__zpdnekdrzrea0\Spotify.exe (Spotify AB -> Spotify Ltd)
FirewallRules: [{F090496E-3A0E-46C3-8ABA-076456BB1161}] => (Allow) C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.172.439.0_x86__zpdnekdrzrea0\Spotify.exe (Spotify AB -> Spotify Ltd)
FirewallRules: [{EC124086-E00B-41F1-BADB-F453C4459743}] => (Allow) C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.172.439.0_x86__zpdnekdrzrea0\Spotify.exe (Spotify AB -> Spotify Ltd)
FirewallRules: [{7CCF74D1-0C30-4D2E-903A-03C178B19976}] => (Allow) C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.172.439.0_x86__zpdnekdrzrea0\Spotify.exe (Spotify AB -> Spotify Ltd)
 
==================== Restore Points =========================
 
10-09-2021 11:04:37 Scheduled Checkpoint
02-11-2021 21:56:09 Scheduled Checkpoint
08-11-2021 14:06:52 Windows Update
12-11-2021 17:30:52 Windows Modules Installer
 
==================== Faulty Device Manager Devices ============
 
 
==================== Event log errors: ========================
 
Application errors:
==================
Error: (11/14/2021 07:54:31 PM) (Source: Application Hang) (EventID: 1002) (User: )
Description: The program utility.exe version 4.1.32.0 stopped interacting with Windows and was closed. To see if more information about the problem is available, check the problem history in the Security and Maintenance control panel.
 
Process ID: 3d00
 
Start Time: 01d7d5d52c3da835
 
Termination Time: 4294967295
 
Application Path: C:\Program Files\WindowsApps\E0469640.LenovoUtility_4.1.32.0_x64__5grkq8ppsgwt4\LaunchUtility\utility.exe
 
Report Id: 1b7c558f-a633-487b-acbb-5797ea0e66ab
 
Faulting package full name: E0469640.LenovoUtility_4.1.32.0_x64__5grkq8ppsgwt4
 
Faulting package-relative application ID: LenovoUtility
 
Hang type: Quiesce
 
Error: (11/13/2021 01:49:18 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: OneDrive.exe, version: 21.205.1003.5, time stamp: 0x099752be
Faulting module name: KERNELBASE.dll, version: 10.0.19041.1110, time stamp: 0x4809adf2
Exception code: 0x80000003
Fault offset: 0x00000000000c9a92
Faulting process id: 0x5600
Faulting application start time: 0x01d7d8d84be90685
Faulting application path: C:\Users\19192\AppData\Local\Microsoft\OneDrive\OneDrive.exe
Faulting module path: C:\Windows\System32\KERNELBASE.dll
Report Id: e624b516-6054-4f86-8237-a60d22d4dc5d
Faulting package full name: 
Faulting package-relative application ID:
 
Error: (11/13/2021 01:48:39 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: OneDrive.exe, version: 21.205.1003.5, time stamp: 0x099752be
Faulting module name: KERNELBASE.dll, version: 10.0.19041.1110, time stamp: 0x4809adf2
Exception code: 0x80000003
Fault offset: 0x00000000000c9a92
Faulting process id: 0x1734
Faulting application start time: 0x01d7d8d82fae0eaa
Faulting application path: C:\Users\19192\AppData\Local\Microsoft\OneDrive\OneDrive.exe
Faulting module path: C:\Windows\System32\KERNELBASE.dll
Report Id: 3bc65d4e-a157-4aeb-8dba-db1667e94b67
Faulting package full name: 
Faulting package-relative application ID:
 
Error: (11/13/2021 01:48:18 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: OneDrive.exe, version: 21.205.1003.5, time stamp: 0x099752be
Faulting module name: KERNELBASE.dll, version: 10.0.19041.1110, time stamp: 0x4809adf2
Exception code: 0x80000003
Fault offset: 0x00000000000c9a92
Faulting process id: 0x25bc
Faulting application start time: 0x01d7d8d8264cf40f
Faulting application path: C:\Users\19192\AppData\Local\Microsoft\OneDrive\OneDrive.exe
Faulting module path: C:\Windows\System32\KERNELBASE.dll
Report Id: ec1b3075-c76a-4ba1-bf94-cdc8dfbf482d
Faulting package full name: 
Faulting package-relative application ID:
 
Error: (11/13/2021 01:47:40 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: OneDrive.exe, version: 21.205.1003.5, time stamp: 0x099752be
Faulting module name: KERNELBASE.dll, version: 10.0.19041.1110, time stamp: 0x4809adf2
Exception code: 0x80000003
Fault offset: 0x00000000000c9a92
Faulting process id: 0x13b0
Faulting application start time: 0x01d7d8d80f0b81ee
Faulting application path: C:\Users\19192\AppData\Local\Microsoft\OneDrive\OneDrive.exe
Faulting module path: C:\Windows\System32\KERNELBASE.dll
Report Id: ece6b4a0-d10a-4ee2-98cc-57d115cdde00
Faulting package full name: 
Faulting package-relative application ID:
 
Error: (11/13/2021 01:32:27 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: OneDrive.exe, version: 21.205.1003.5, time stamp: 0x099752be
Faulting module name: KERNELBASE.dll, version: 10.0.19041.1110, time stamp: 0x4809adf2
Exception code: 0x80000003
Fault offset: 0x00000000000c9a92
Faulting process id: 0x39bc
Faulting application start time: 0x01d7d8d5d54ffe86
Faulting application path: C:\Users\19192\AppData\Local\Microsoft\OneDrive\OneDrive.exe
Faulting module path: C:\Windows\System32\KERNELBASE.dll
Report Id: 446de0ff-0b82-4a3b-8e3d-99630554d491
Faulting package full name: 
Faulting package-relative application ID:
 
Error: (11/13/2021 01:31:30 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: OneDrive.exe, version: 21.205.1003.5, time stamp: 0x099752be
Faulting module name: KERNELBASE.dll, version: 10.0.19041.1110, time stamp: 0x4809adf2
Exception code: 0x80000003
Fault offset: 0x00000000000c9a92
Faulting process id: 0x3c24
Faulting application start time: 0x01d7d8d5aa82d09d
Faulting application path: C:\Users\19192\AppData\Local\Microsoft\OneDrive\OneDrive.exe
Faulting module path: C:\Windows\System32\KERNELBASE.dll
Report Id: 519ef8b2-354e-48f3-9386-6f132a010d4e
Faulting package full name: 
Faulting package-relative application ID:
 
Error: (11/13/2021 01:30:18 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: OneDrive.exe, version: 21.205.1003.5, time stamp: 0x099752be
Faulting module name: KERNELBASE.dll, version: 10.0.19041.1110, time stamp: 0x4809adf2
Exception code: 0x80000003
Fault offset: 0x00000000000c9a92
Faulting process id: 0x2880
Faulting application start time: 0x01d7d8d555c682f7
Faulting application path: C:\Users\19192\AppData\Local\Microsoft\OneDrive\OneDrive.exe
Faulting module path: C:\Windows\System32\KERNELBASE.dll
Report Id: a6677b19-0b7f-4673-953b-257763b8b155
Faulting package full name: 
Faulting package-relative application ID:
 
 
System errors:
=============
Error: (11/14/2021 07:53:37 PM) (Source: Microsoft-Windows-WindowsUpdateClient) (EventID: 20) (User: NT AUTHORITY)
Description: Installation Failure: Windows failed to install the following update with error 0x8007139f: 9MWPM2CQNLHN-Microsoft.GamingServices.
 
Error: (11/09/2021 05:57:36 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The HelpDeskService service failed to start due to the following error: 
The system cannot find the file specified.
 
Error: (11/09/2021 05:56:36 PM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: The HelpDeskService service terminated unexpectedly.  It has done this 1 time(s).  The following corrective action will be taken in 60000 milliseconds: Restart the service.
 
Error: (11/09/2021 05:51:28 PM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: The LenovoVantageService service terminated unexpectedly.  It has done this 1 time(s).
 
Error: (11/09/2021 05:45:54 PM) (Source: Service Control Manager) (EventID: 7001) (User: )
Description: The AppXSvc service depends on the StateRepository service which failed to start because of the following error: 
The operation completed successfully.
 
Error: (11/09/2021 05:45:54 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The Audiosrv service failed to start due to the following error: 
The service did not start due to a logon failure.
 
Error: (11/09/2021 05:45:54 PM) (Source: Service Control Manager) (EventID: 7038) (User: )
Description: The Audiosrv service was unable to log on as NT AUTHORITY\LocalService with the currently configured password due to the following error: 
The request is not supported.
 
 
To ensure that the service is configured properly, use the Services snap-in in Microsoft Management Console (MMC).
 
Error: (11/09/2021 05:45:47 PM) (Source: EventLog) (EventID: 6008) (User: )
Description: The previous system shutdown at 5:18:45 PM on ‎11/‎9/‎2021 was unexpected.
 
 
Windows Defender:
================
Date: 2021-11-02 22:38:45
Description: 
Microsoft Defender Antivirus scan has been stopped before completion.
Scan Type: Antimalware
Scan Parameters: Quick Scan
 
Date: 2021-07-24 15:58:10
Description: 
Microsoft Defender Antivirus scan has been stopped before completion.
Scan Type: Antimalware
Scan Parameters: Quick Scan
 
Date: 2021-07-23 19:11:43
Description: 
Microsoft Defender Antivirus scan has been stopped before completion.
Scan Type: Antimalware
Scan Parameters: Quick Scan
 
Date: 2021-06-11 17:24:39
Description: 
Microsoft Defender Antivirus scan has been stopped before completion.
Scan Type: Antimalware
Scan Parameters: Quick Scan
 
Date: 2021-05-12 14:31:54
Description: 
Microsoft Defender Antivirus scan has been stopped before completion.
Scan Type: Antimalware
Scan Parameters: Quick Scan

CodeIntegrity:
===============
Date: 2021-11-14 20:08:46
Description: 
Code Integrity determined that a process (\Device\HarddiskVolume5\Windows\System32\svchost.exe) attempted to load \Device\HarddiskVolume5\Program Files\Bonjour\mdnsNSP.dll that did not meet the Windows signing level requirements.
 
Date: 2021-11-14 20:06:28
Description: 
Code Integrity determined that a process (\Device\HarddiskVolume5\Windows\System32\svchost.exe) attempted to load \Device\HarddiskVolume5\Program Files\Bonjour\mdnsNSP.dll that did not meet the Microsoft signing level requirements.
 
 
==================== Memory info =========================== 
 
BIOS: LENOVO EGCN33WW 12/24/2020
Motherboard: LENOVO LNVNB161216
Processor: Intel® Core™ i7-10750H CPU @ 2.60GHz
Percentage of memory in use: 78%
Total physical RAM: 8059.8 MB
Available physical RAM: 1708.93 MB
Total Virtual: 19323.8 MB
Available Virtual: 9814.08 MB
 
==================== Drives ================================
 
Drive c: (Windows-SSD) (Fixed) (Total:237.23 GB) (Free:160.15 GB) NTFS
Drive d: (Data) (Fixed) (Total:931.5 GB) (Free:928.08 GB) NTFS
Drive g: (Google Drive) (Fixed) (Total:15 GB) (Free:12.68 GB) FAT32
 
\\?\Volume{4c930333-03c7-4bda-89cb-1ab278503d60}\ (WINRE_DRV) (Fixed) (Total:0.98 GB) (Free:0.49 GB) NTFS
\\?\Volume{19bbc73d-d8a9-45aa-aa09-3899456ca382}\ (SYSTEM_DRV) (Fixed) (Total:0.25 GB) (Free:0.22 GB) FAT32
 
==================== MBR & Partition Table ====================
 
==========================================================
Disk: 0 (Size: 238.5 GB) (Disk ID: 17FC6791)
 
Partition: GPT.
 
==========================================================
Disk: 1 (Size: 931.5 GB) (Disk ID: 583D7DAE)
 
Partition: GPT.
 
==================== End of Addition.txt =======================

  • 0

#9
DR M
Posted 15 November 2021 - 11:02 AM

DR M

    The Grecian Geek

  • Malware Removal
  • 4,096 posts

Hi, Karolion.

 

I didn't ask before: Did you intentionally installed GoTo Opener? If not, please uninstall that also.

 

Then, carefully follow these steps:


1. Run AdwCleaner (Scan mode)

Download AdwCleaner and save it to your desktop.

  • Double click AdwCleaner.exe to run it.
  • Click Scan Now.
    • When the scan has finished, a Scan Results window will open.
    • Click Cancel (at this point do not attempt to Quarantine anything that is found)
  • Now click the Log Files tab.
    • Double click on the latest scan log (Scan logs have a [S0*] suffix, where * is replaced by a number. The latest scan will have the largest number)
    • A Notepad file will open containing the results of the scan.
    • Please post the contents of the file in your next reply.

 

2. Run Malwarebytes (Scan mode)

  • Open Malwarebytes you already have installed.
  • Click the little gear on the top right (Settings) and when it opens, click the Security tab and make sure about the following:
    Under the title Scan Options, ALL the options are checked.
Under the title Windows Security Center (Premium only) the option is NOT checked.
Under the title Potentially unwanted items ALL options are set to Always.
  • Click on the little gear to return to the main menu and select Scan. The program will start scanning your computer. This may take about 10 minutes, but in some cases it may be take longer.
  • When finished, you will see the Threat Scan Summary window open.

If threats are not found, click View Report and proceed to the two last steps below.

If threats are found, make sure that all threats are not selected, close the program and proceed to the next steps below.

  • Open Malwarebytes again, click on the Scanner, and then on the Reports tab.
  • Find the report with the most recent date and double click on it.
  • Click on Export and then Copy to Clipboard.
  • Paste its content here, in your next reply.

 

 

In your next reply, please post:

  • The AdwCleaner[S0*].txt
  • The Malwarebytes report

  • 0

#10
karolion
Posted 15 November 2021 - 12:08 PM

karolion

    Member

  • Topic Starter
  • Member
  • PipPip
  • 38 posts
No, I did not install GoTo Opener.
 
 
# ------------------------------- 
# Malwarebytes AdwCleaner 8.3.0.0
# -------------------------------
# Build:    06-29-2021
# Database: 2021-10-26.1 (Cloud)
#
# -------------------------------
# Mode: Scan
# -------------------------------
# Start:    11-15-2021
# Duration: 00:00:09
# OS:       Windows 10 Home
# Scanned:  31993
# Detected: 19
 
 
***** [ Services ] *****
 
No malicious services found.
 
***** [ Folders ] *****
 
PUP.Optional.SlimCleanerPlus    C:\Program Files\SlimWare Utilities
PUP.Optional.SlimCleanerPlus    C:\Users\19192\AppData\Local\slimware utilities inc
 
***** [ Files ] *****
 
No malicious files found.
 
***** [ DLL ] *****
 
No malicious DLLs found.
 
***** [ WMI ] *****
 
No malicious WMI found.
 
***** [ Shortcuts ] *****
 
No malicious shortcuts found.
 
***** [ Tasks ] *****
 
No malicious tasks found.
 
***** [ Registry ] *****
 
PUP.Optional.DriverUpdate       HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\StartupApproved\Run|DriverUpdate
PUP.Optional.DriverUpdate       HKLM\Software\Microsoft\Windows\CurrentVersion\Uninstall\DriverUpdate
PUP.Optional.Legacy             HKLM\Software\Classes\Installer\UpgradeCodes\50D2BAFD096C90345A82B25A790BDF69
PUP.Optional.Legacy             HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UpgradeCodes\50D2BAFD096C90345A82B25A790BDF69
PUP.Optional.SlimCleanerPlus    HKCU\Software\SlimWare Utilities Inc
PUP.Optional.SlimCleanerPlus    HKLM\Software\SlimWare Utilities Inc
PUP.Optional.SlimCleanerPlus    HKLM\Software\Wow6432Node\SlimWare Utilities Inc
PUP.Optional.Slimware           HKCU\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage\slimware.com
 
***** [ Chromium (and derivatives) ] *****
 
PUP.Optional.Legacy             ndibdjnfmopecpmkdieinmbadjfpblof
 
***** [ Chromium URLs ] *****
 
PUP.Optional.Legacy             search.mysearch.com
PUP.Optional.Legacy             search.mysearch.com
PUP.Optional.MySearch           search.mysearch.com
 
***** [ Firefox (and derivatives) ] *****
 
No malicious Firefox entries found.
 
***** [ Firefox URLs ] *****
 
No malicious Firefox URLs found.
 
***** [ Hosts File Entries ] *****
 
No malicious hosts file entries found.
 
***** [ Preinstalled Software ] *****
 
Preinstalled.LenovoIMController   Folder   C:\ProgramData\LENOVO\IMCONTROLLER 
Preinstalled.LenovoIMController   Folder   C:\Users\19192\AppData\Local\LENOVO\IMCONTROLLER 
Preinstalled.LenovoIMController   Folder   C:\Windows\LENOVO\IMCONTROLLER 
Preinstalled.LenovoIMController   Folder   C:\Windows\System32\Tasks\LENOVO\IMCONTROLLER 
Preinstalled.LenovoIMController   Registry   HKLM\Software\Wow6432Node\\Microsoft\Windows\CurrentVersion\Uninstall\Lenovo Dependency Package_is1
 
 
 
 
Malwarebytes
www.malwarebytes.com
 
-Log Details-
Scan Date: 11/15/21
Scan Time: 1:08 PM
Log File: 20a3bfa4-4658-11ec-b6b7-8c8caafff90d.json
 
-Software Information-
Version: 4.4.10.144
Components Version: 1.0.1499
Update Package Version: 1.0.47226
License: Trial
 
-System Information-
OS: Windows 10 (Build 19042.1110)
CPU: x64
File System: NTFS
User: LAPTOP-6BUIOIQ5\19192
 
-Scan Summary-
Scan Type: Threat Scan
Scan Initiated By: Manual
Result: Completed
Objects Scanned: 353498
Threats Detected: 0
Threats Quarantined: 0
Time Elapsed: 3 min, 22 sec
 
-Scan Options-
Memory: Enabled
Startup: Enabled
Filesystem: Enabled
Archives: Enabled
Rootkits: Enabled
Heuristics: Enabled
PUP: Detect
PUM: Detect
 
-Scan Details-
Process: 0
(No malicious items detected)
 
Module: 0
(No malicious items detected)
 
Registry Key: 0
(No malicious items detected)
 
Registry Value: 0
(No malicious items detected)
 
Registry Data: 0
(No malicious items detected)
 
Data Stream: 0
(No malicious items detected)
 
Folder: 0
(No malicious items detected)
 
File: 0
(No malicious items detected)
 
Physical Sector: 0
(No malicious items detected)
 
WMI: 0
(No malicious items detected)
 
 
(end)
 
 
 
########## EOF - C:\AdwCleaner\Logs\AdwCleaner[S00].txt ##########

  • 0

Advertisements

#11
DR M
Posted 15 November 2021 - 12:28 PM

DR M

    The Grecian Geek

  • Malware Removal
  • 4,096 posts

Moving on.
 
 
1. AdwCleaner (Clean mode)

  • Double click AdwCleaner.exe on your Desktop, to run it as you did before.
  • Click Scan Now.
  • When the scan has finished a Scan Results window will open.
  • Please check all the boxes and then click Quarantine.
  • Click Next.
    • If any pre-installed software was found on your machine, a prompt window will open. Click OK to close it.
    • Check any pre-installed software items to be removed. 
    • Click Quarantine.
  • A prompt to save your work will appear.
    • Click Continue when you're ready to proceed.
  • A prompt to restart your computer will appear.
    • Click Restart Now.
  • Once your computer has restarted:
    • If it doesn't open automatically, please start AdwCleaner.
    • Click the Log Files tab.
    • Double click on the latest Clean log (Clean logs have a [C0*] suffix, where * is replaced by a number, the latest scan will have the largest number)
    • A Notepad file will open containing the results of the removal.
    • Please post the contents of the file in your next reply.

 

2. Fresh FRST logs

  • Double-click on the FRST icon to run it, as you did before. When the tool opens click Yes to disclaimer.
  • Press Scan button and wait for a while.
  • The scanner will produced two logs on your Desktop: FRST.txt and Addition.txt.
  • Please copy and paste the content of these two logs in your next reply.

 

In your next reply please post:

  1. The AdwCleaner[C0*].txt
  2. The fresh FRST logs, Addition and FRST

  • 0

#12
karolion
Posted 15 November 2021 - 01:05 PM

karolion

    Member

  • Topic Starter
  • Member
  • PipPip
  • 38 posts

When I restarted after the AdwCleaner scan, which I had to do manually because I did not get a prompt, this box opened when I signed in to the computer...  https://www.dropbox....kstogo.png?dl=0

 

I'm not sure how to respond to that since I did not try to delete it in the first place.  I've never tried to use the Microsoft OneDrive.

 

 

 

# -------------------------------
# Malwarebytes AdwCleaner 8.3.0.0
# -------------------------------
# Build:    06-29-2021
# Database: 2021-10-26.1 (Cloud)
#
# -------------------------------
# Mode: Clean
# -------------------------------
# Start:    11-15-2021
# Duration: 00:00:06
# OS:       Windows 10 Home
# Cleaned:  18
# Failed:   1
 
 
***** [ Services ] *****
 
No malicious services cleaned.
 
***** [ Folders ] *****
 
Deleted       C:\Program Files\SlimWare Utilities
Deleted       C:\Users\19192\AppData\Local\slimware utilities inc
 
***** [ Files ] *****
 
No malicious files cleaned.
 
***** [ DLL ] *****
 
No malicious DLLs cleaned.
 
***** [ WMI ] *****
 
No malicious WMI cleaned.
 
***** [ Shortcuts ] *****
 
No malicious shortcuts cleaned.
 
***** [ Tasks ] *****
 
No malicious tasks cleaned.
 
***** [ Registry ] *****
 
Deleted       HKCU\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage\slimware.com
Deleted       HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\StartupApproved\Run|DriverUpdate
Deleted       HKCU\Software\SlimWare Utilities Inc
Deleted       HKLM\Software\Classes\Installer\UpgradeCodes\50D2BAFD096C90345A82B25A790BDF69
Deleted       HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UpgradeCodes\50D2BAFD096C90345A82B25A790BDF69
Deleted       HKLM\Software\Microsoft\Windows\CurrentVersion\Uninstall\DriverUpdate
Deleted       HKLM\Software\SlimWare Utilities Inc
Deleted       HKLM\Software\Wow6432Node\SlimWare Utilities Inc
 
***** [ Chromium (and derivatives) ] *****
 
Deleted       ndibdjnfmopecpmkdieinmbadjfpblof
 
***** [ Chromium URLs ] *****
 
Deleted       search.mysearch.com
Deleted       search.mysearch.com
Not Deleted   search.mysearch.com
 
***** [ Firefox (and derivatives) ] *****
 
No malicious Firefox entries cleaned.
 
***** [ Firefox URLs ] *****
 
No malicious Firefox URLs cleaned.
 
***** [ Hosts File Entries ] *****
 
No malicious hosts file entries cleaned.
 
***** [ Preinstalled Software ] *****
 
Deleted       Preinstalled.LenovoIMController   Folder   C:\ProgramData\LENOVO\IMCONTROLLER
Deleted       Preinstalled.LenovoIMController   Folder   C:\Users\19192\AppData\Local\LENOVO\IMCONTROLLER
Deleted       Preinstalled.LenovoIMController   Folder   C:\Windows\LENOVO\IMCONTROLLER
Deleted       Preinstalled.LenovoIMController   Folder   C:\Windows\System32\Tasks\LENOVO\IMCONTROLLER
Deleted       Preinstalled.LenovoIMController   Registry   HKLM\Software\Wow6432Node\\Microsoft\Windows\CurrentVersion\Uninstall\Lenovo Dependency Package_is1
 
 
*************************
 
[+] Delete Tracing Keys
[+] Reset Winsock
 
*************************
 
AdwCleaner[S00].txt - [2906 octets] - [15/11/2021 13:01:39]
AdwCleaner[S01].txt - [2967 octets] - [15/11/2021 13:44:09]
 
########## EOF - C:\AdwCleaner\Logs\AdwCleaner[C01].txt ##########
 
 
Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 14-11-2021
Ran by 19192 (administrator) on LAPTOP-6BUIOIQ5 (LENOVO 81Y4) (15-11-2021 14:03:39)
Running from C:\Users\19192\OneDrive\Desktop
Loaded Profiles: 19192
Platform: Microsoft Windows 10 Home Version 20H2 19042.1110 (X64) Language: English (United States)
Default browser: Chrome
Boot Mode: Normal
 
==================== Processes (Whitelisted) =================
 
(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
 
(Apple Inc. -> Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(Apple Inc. -> Apple Inc.) C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(Dolby Laboratories, Inc. -> Dolby Laboratories) C:\Windows\System32\DriverStore\FileRepository\DAX3_S~1.INF\DAX3API.exe
(Dolby Laboratories, Inc. -> Dolby Laboratories) C:\Windows\System32\DriverStore\FileRepository\dax3_swc_aposvc.inf_amd64_fe9531bca29258f3\DAX3API.exe
(Google LLC -> ) C:\Program Files\Google\Drive File Stream\52.0.6.0\crashpad_handler.exe <2>
(Google LLC -> Google LLC) C:\Program Files (x86)\Google\Update\1.3.36.112\GoogleCrashHandler.exe
(Google LLC -> Google LLC) C:\Program Files (x86)\Google\Update\1.3.36.112\GoogleCrashHandler64.exe
(Google LLC -> Google LLC) C:\Program Files\Google\Chrome\Application\chrome.exe <29>
(Google LLC -> Google, Inc.) C:\Program Files\Google\Drive File Stream\52.0.6.0\GoogleDriveFS.exe <7>
(Intel® Embedded Subsystems and IP Blocks Group -> Intel Corporation) C:\Windows\System32\DriverStore\FileRepository\dal.inf_amd64_0b214be229a13e84\jhi_service.exe
(Intel® pGFX -> Intel Corporation) C:\Windows\System32\DriverStore\FileRepository\iaahcic.inf_amd64_c98d5e0dfc88ac2f\RstMwService.exe
(Intel® pGFX 2020 -> Intel Corporation) C:\Windows\System32\DriverStore\FileRepository\cui_dch.inf_amd64_0d8dab4470c5524b\igfxCUIService.exe
(Intel® pGFX 2020 -> Intel Corporation) C:\Windows\System32\DriverStore\FileRepository\cui_dch.inf_amd64_0d8dab4470c5524b\igfxEM.exe
(Intel® pGFX 2020 -> Intel Corporation) C:\Windows\System32\DriverStore\FileRepository\dptf_cpu.inf_amd64_82b77f8c4618e2d0\esif_uf.exe
(Intel® pGFX 2020 -> Intel Corporation) C:\Windows\System32\DriverStore\FileRepository\igcc_dch.inf_amd64_a9a2dde7124f013f\OneApp.IGCC.WinService.exe
(Intel® pGFX 2020 -> Intel Corporation) C:\Windows\System32\DriverStore\FileRepository\iigd_dch.inf_amd64_657d56a89b3d77d6\IntelCpHDCPSvc.exe
(Intel® pGFX 2020 -> Intel Corporation) C:\Windows\System32\DriverStore\FileRepository\iigd_dch.inf_amd64_657d56a89b3d77d6\IntelCpHeciSvc.exe
(Lenovo -> Lenovo Group Ltd.) C:\Windows\System32\drivers\Lenovo\udc\Service\UDClientService.exe
(Lenovo -> Lenovo(beijing) Limited) C:\Windows\System32\DriverStore\FileRepository\lenovofnandfunctionkeys.inf_amd64_b9fd1528982e300f\LenovoUtilityService.exe
(Logitech Inc -> Logitech) C:\ProgramData\Logishrd\LogiOptions\Software\Current\LogiOverlay.exe
(Logitech Inc -> Logitech, Inc.) C:\Program Files\Logitech\LogiOptions\LogiOptions.exe
(Logitech Inc -> Logitech, Inc.) C:\ProgramData\Logishrd\LogiOptions\Software\Current\laclient\laclient.exe
(Logitech Inc -> Logitech, Inc.) C:\ProgramData\Logishrd\LogiOptions\Software\Current\LogiOptionsMgr.exe
(Malwarebytes Inc -> Malwarebytes) C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe
(Malwarebytes Inc -> Malwarebytes) C:\Program Files\Malwarebytes\Anti-Malware\mbamtray.exe
(Malwarebytes Inc -> Malwarebytes) C:\Users\19192\OneDrive\Desktop\AdwCleaner.exe
(Microsoft Corporation -> Microsoft Corporation) C:\Program Files\Common Files\microsoft shared\ClickToRun\OfficeClickToRun.exe
(Microsoft Corporation) C:\Program Files\WindowsApps\Microsoft.549981C3F5F10_3.2109.6305.0_x64__8wekyb3d8bbwe\Cortana.exe
(Microsoft Corporation) C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_16005.14326.20544.0_x64__8wekyb3d8bbwe\HxOutlook.exe
(Microsoft Corporation) C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_16005.14326.20544.0_x64__8wekyb3d8bbwe\HxTsr.exe
(Microsoft Windows -> Microsoft Corporation) C:\Windows\ImmersiveControlPanel\SystemSettings.exe
(Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\dllhost.exe <2>
(Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\MoUsoCoreWorker.exe
(Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\smartscreen.exe
(Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\wlanext.exe
(Microsoft Windows -> Microsoft Corporation) C:\Windows\SysWOW64\dllhost.exe
(Microsoft Windows -> Microsoft Corporation) C:\Windows\SysWOW64\notepad.exe
(Microsoft Windows -> Microsoft Corporation) C:\Windows\WinSxS\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_10.0.19041.1310_none_7e15ec207c87d405\TiWorker.exe
(Microsoft Windows Hardware Compatibility Publisher -> Fortemedia) C:\Windows\System32\FMService64.exe
(Microsoft Windows Publisher -> Microsoft Corporation) C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.2110.6-0\MsMpEng.exe
(Microsoft Windows Publisher -> Microsoft Corporation) C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.2110.6-0\NisSrv.exe
(NVIDIA Corporation -> NVIDIA Corporation) C:\Windows\System32\DriverStore\FileRepository\nvlt.inf_amd64_5adc6075318430cf\Display.NvContainer\NVDisplay.Container.exe <2>
(Realtek Semiconductor Corp. -> Realtek Semiconductor) C:\Windows\System32\RtkAudUService64.exe <2>
 
==================== Registry (Whitelisted) ===================
 
(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
 
HKLM\...\Run: [RtkAudUService] => C:\Windows\System32\RtkAudUService64.exe [1085224 2020-06-03] (Realtek Semiconductor Corp. -> Realtek Semiconductor)
HKLM\...\Run: [Logitech Download Assistant] => C:\Windows\System32\LogiLDA.dll [3951024 2019-10-11] (Microsoft Windows Hardware Compatibility Publisher -> Logitech, Inc.)
HKLM\...\Run: [LogiOptions] => C:\Program Files\Logitech\LogiOptions\LogiOptions.exe [2109064 2019-11-27] (Logitech Inc -> Logitech, Inc.)
HKLM\...\Run: [iTunesHelper] => C:\Program Files\iTunes\iTunesHelper.exe [339000 2021-10-26] (Apple Inc. -> Apple Inc.)
HKLM-x32\...\Run: [tvncontrol] => "C:\Program Files (x86)\ShowMyPCService\tvnserver.exe" -controlservice -slave (No File)
HKU\S-1-5-19\...\Run: [GoogleDriveFS] => C:\Program Files\Google\Drive File Stream\52.0.6.0\GoogleDriveFS.exe [54107992 2021-10-18] (Google LLC -> Google, Inc.)
HKU\S-1-5-20\...\Run: [GoogleDriveFS] => C:\Program Files\Google\Drive File Stream\52.0.6.0\GoogleDriveFS.exe [54107992 2021-10-18] (Google LLC -> Google, Inc.)
HKU\S-1-5-21-4005300964-2302935580-1863167367-1001\...\Run: [GoogleDriveFS] => C:\Program Files\Google\Drive File Stream\52.0.6.0\GoogleDriveFS.exe [54107992 2021-10-18] (Google LLC -> Google, Inc.)
HKU\S-1-5-18\...\Run: [GoogleDriveFS] => C:\Program Files\Google\Drive File Stream\52.0.6.0\GoogleDriveFS.exe [54107992 2021-10-18] (Google LLC -> Google, Inc.)
HKLM\...\Windows x64\Print Processors\Canon MP830 Print Processor: C:\Windows\System32\spool\prtprocs\x64\CNMPD7Q.DLL [27136 2006-09-13] (Microsoft Windows Hardware Compatibility Publisher -> CANON INC.)
HKLM\...\Print\Monitors\Canon BJ Language Monitor MP830: C:\Windows\system32\CNMLM7Q.DLL [234496 2006-09-13] (Microsoft Windows Hardware Compatibility Publisher -> CANON INC.)
HKLM\...\Print\Monitors\Canon MP FAX Language Monitor MP830: C:\Windows\system32\CNCF2Lb.DLL [188928 2006-09-13] (Microsoft Windows Hardware Compatibility Publisher -> Canon Inc.)
HKLM\Software\Microsoft\Active Setup\Installed Components: [{8A69D345-D564-463c-AFF1-A69D9E530F96}] -> C:\Program Files\Google\Chrome\Application\95.0.4638.69\Installer\chrmstp.exe [2021-10-29] (Google LLC -> Google LLC)
 
==================== Scheduled Tasks (Whitelisted) ============
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
Task: {01B10BEE-CEC8-4B67-9D40-0F1B616CB656} - System32\Tasks\Microsoft\Office\Office ClickToRun Service Monitor => C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeC2RClient.exe [22654872 2021-11-04] (Microsoft Corporation -> Microsoft Corporation)
Task: {045E4C8F-E096-4C5F-AA86-8441F3475142} - System32\Tasks\Microsoft\Office\Office Feature Updates => C:\Program Files\Microsoft Office\root\Office16\sdxhelper.exe [138600 2021-11-12] (Microsoft Corporation -> Microsoft Corporation)
Task: {04D3FBF3-3CCD-4BB3-8A09-3F402FBAF841} - System32\Tasks\NvProfileUpdaterOnLogon_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files\NVIDIA Corporation\Update Core\NvProfileUpdater64.exe [907240 2020-06-23] (NVIDIA Corporation -> NVIDIA Corporation)
Task: {06B7131C-B150-4F28-9334-81EE2569904F} - System32\Tasks\Microsoft\Windows\Windows Defender\Windows Defender Scheduled Scan => C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.2110.6-0\MpCmdRun.exe [901056 2021-11-02] (Microsoft Windows Publisher -> Microsoft Corporation)
Task: {0701D042-9791-4309-AC67-196ABEC83A9E} - \Lenovo\ImController\Lenovo iM Controller Monitor -> No File <==== ATTENTION
Task: {231F8B91-FC9E-4AC6-A254-F5D489C59F37} - System32\Tasks\Microsoft\Windows\Windows Defender\Windows Defender Cleanup => C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.2110.6-0\MpCmdRun.exe [901056 2021-11-02] (Microsoft Windows Publisher -> Microsoft Corporation)
Task: {24F4E6C9-ACF2-48C9-969B-5A4D116A5E3D} - \Lenovo\ImController\TimeBasedEvents\fce8b35d-f625-4d1c-924d-c555a774b87c -> No File <==== ATTENTION
Task: {26F17EF2-56D4-4F1D-B730-834E8B375DC2} - System32\Tasks\NvTmRep_CrashReport3_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files\NVIDIA Corporation\NvBackend\NvTmRep.exe [1126888 2020-06-23] (NVIDIA Corporation -> NVIDIA Corporation)
Task: {2F39C152-53BC-45FF-A1F7-088B7821CB81} - System32\Tasks\NvDriverUpdateCheckDaily_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe [874472 2020-05-07] (NVIDIA Corporation -> NVIDIA Corporation) -> -d "C:\Program Files\NVIDIA Corporation\NvDriverUpdateCheck" -l 3 -f C:\ProgramData\NVIDIA\NvContainerDriverUpdateCheck.log
Task: {368392EC-06F2-4824-99EF-186F5129F43F} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [154440 2021-04-14] (Google LLC -> Google LLC)
Task: {54BFEC5B-779A-4060-88C1-F822AD15A989} - System32\Tasks\NvNodeLauncher_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files (x86)\NVIDIA Corporation\NvNode\nvnodejslauncher.exe [647656 2020-06-23] (NVIDIA Corporation -> NVIDIA Corporation)
Task: {73F46A70-9630-4059-B911-C5423206F6AD} - System32\Tasks\Lenovo\UDC\Lenovo UDC Monitor => C:\Windows\system32\drivers\lenovo\udc\data\InfBackup\UdcInfInstaller.exe [201584 2021-07-21] (Lenovo -> Lenovo Group Ltd.)
Task: {79185E2D-6052-4A95-9D94-E7BE95E4EE15} - System32\Tasks\Lenovo\BatteryGauge\BatteryGaugeMaintenance => C:\ProgramData\Lenovo\ImController\Plugins\LenovoBatteryGaugePackage\x64\BGHelper.exe (No File)
Task: {7B853215-31F4-482F-AD03-3F4AEB9487D3} - System32\Tasks\Microsoft\Office\Office Feature Updates Logon => C:\Program Files\Microsoft Office\root\Office16\sdxhelper.exe [138600 2021-11-12] (Microsoft Corporation -> Microsoft Corporation)
Task: {8478F36E-B1BA-4F6E-96E1-2C690989C3B0} - System32\Tasks\NVIDIA GeForce Experience SelfUpdate_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files\NVIDIA Corporation\NVIDIA GeForce Experience\NVIDIA GeForce Experience.exe [3292984 2020-06-25] (NVIDIA Corporation -> NVIDIA Corporation)
Task: {8B0A2421-24B8-456A-9FF9-9B990F3C3E77} - System32\Tasks\Apple\AppleSoftwareUpdate => C:\Program Files (x86)\Apple Software Update\SoftwareUpdate.exe [616832 2019-09-04] (Apple Inc. -> Apple Inc.)
Task: {8CCDCD9E-AE81-4FE0-8458-861B71078265} - \Lenovo\ImController\Lenovo iM Controller Scheduled Maintenance -> No File <==== ATTENTION
Task: {9FD42CCE-79DC-4BD4-850F-D1327A7FC731} - \Lenovo\ImController\TimeBasedEvents\5162f36a-538c-448c-adde-aa0d542ef045 -> No File <==== ATTENTION
Task: {A6D33B72-85DF-45D9-9B95-CED37B7AF63F} - System32\Tasks\NvBatteryBoostCheckOnLogon_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe [874472 2020-05-07] (NVIDIA Corporation -> NVIDIA Corporation) -> -d "C:\Program Files\NVIDIA Corporation\NvBackend\NvBatteryBoostCheck" -l 3 -f C:\ProgramData\NVIDIA\NvContainerBatteryBoostCheck.log
Task: {A9B1FB1E-2DE8-4794-B6A2-621E60ED6195} - System32\Tasks\NvTmRep_CrashReport4_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files\NVIDIA Corporation\NvBackend\NvTmRep.exe [1126888 2020-06-23] (NVIDIA Corporation -> NVIDIA Corporation)
Task: {B2C9009F-58CB-4892-B36E-CA623FA3E35A} - \Lenovo\ImController\TimeBasedEvents\91917b8d-c346-4ebd-b347-373688af688b -> No File <==== ATTENTION
Task: {B66638EA-88E1-4C44-8194-313C7CD8EC7A} - System32\Tasks\KillHelpDeskService => C:\ProgramData\HelpDeskHost\RPCHDKillService.exe [14768 2021-08-27] (Pro Softnet Corporation -> )
Task: {C1CED367-854F-475D-82AE-648D5C0A110A} - System32\Tasks\Microsoft\Windows\Windows Defender\Windows Defender Verification => C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.2110.6-0\MpCmdRun.exe [901056 2021-11-02] (Microsoft Windows Publisher -> Microsoft Corporation)
Task: {D0FAFD93-351B-47CD-9DC5-09079FFB2273} - System32\Tasks\Lenovo\UDC\Lenovo UDC Idle Monitor => C:\windows\system32\drivers\Lenovo\udc\Service\UDCUserAgent.exe [443248 2021-07-21] (Lenovo -> Lenovo Group Ltd.)
Task: {DA622FAA-9F58-4D2A-BF99-030204ACD04C} - \Lenovo\ImController\TimeBasedEvents\4698dca5-e53b-4db6-a01f-2fcfe4af3754 -> No File <==== ATTENTION
Task: {E4A2CA68-F06D-4D06-94BA-574DF78F1F7D} - System32\Tasks\NvProfileUpdaterDaily_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files\NVIDIA Corporation\Update Core\NvProfileUpdater64.exe [907240 2020-06-23] (NVIDIA Corporation -> NVIDIA Corporation)
Task: {E56B4006-2F6A-4E46-8852-CEA43C985289} - System32\Tasks\Microsoft\Office\Office Automatic Updates 2.0 => C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeC2RClient.exe [22654872 2021-11-04] (Microsoft Corporation -> Microsoft Corporation)
Task: {ED69C074-9E68-44E2-AD91-5DBD2515E764} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [154440 2021-04-14] (Google LLC -> Google LLC)
 
 
Additional scan result of Farbar Recovery Scan Tool (x64) Version: 14-11-2021
Ran by 19192 (15-11-2021 14:07:31)
Running from C:\Users\19192\OneDrive\Desktop
Microsoft Windows 10 Home Version 20H2 19042.1110 (X64) (2021-04-14 12:23:10)
Boot Mode: Normal
==========================================================
 
 
==================== Accounts: =============================
 
 
(If an entry is included in the fixlist, it will be removed.)
 
19192 (S-1-5-21-4005300964-2302935580-1863167367-1001 - Administrator - Enabled) => C:\Users\19192
Administrator (S-1-5-21-4005300964-2302935580-1863167367-500 - Administrator - Disabled)
DefaultAccount (S-1-5-21-4005300964-2302935580-1863167367-503 - Limited - Disabled)
defaultuser100001 (S-1-5-21-4005300964-2302935580-1863167367-1019 - Limited - Enabled)
Guest (S-1-5-21-4005300964-2302935580-1863167367-501 - Limited - Disabled)
WDAGUtilityAccount (S-1-5-21-4005300964-2302935580-1863167367-504 - Limited - Disabled)
 
==================== Security Center ========================
 
(If an entry is included in the fixlist, it will be removed.)
 
AV: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
 
==================== Installed Programs ======================
 
(Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)
 
Apple Mobile Device Support (HKLM\...\{527DD209-8A66-482F-8779-C7B3BACCA8F1}) (Version: 15.0.0.16 - Apple Inc.)
Apple Software Update (HKLM-x32\...\{A3985C05-7386-411F-A4BF-32A73F37EB44}) (Version: 2.6.3.1 - Apple Inc.)
Bonjour (HKLM\...\{56DDDFB8-7F79-4480-89D5-25E1F52AB28F}) (Version: 3.1.0.1 - Apple Inc.)
Canon MP830 MP Drivers (HKLM\...\{0D25F7CC-B99C-44ee-9945-B14532B2BB7B}) (Version:  - Canon Inc.)
DriverUpdate (HKLM\...\{70A3DB76-E1F1-4D1C-B791-824F1C63238A}) (Version: 5.8.19 - Slimware Utilities Holdings, Inc.) Hidden <==== ATTENTION
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 95.0.4638.69 - Google LLC)
Google Drive (HKLM\...\{6BBAE539-2232-434A-A4E5-9A33560C6283}) (Version: 52.0.6.0 - Google LLC)
Intel® Chipset Device Software (HKLM-x32\...\{afad3740-3061-4b48-a9ab-6f1435cb3dd6}) (Version: 10.1.18383.8213 - Intel® Corporation)
iTunes (HKLM\...\{0B3CC856-3A62-443A-B6CE-DED2D4495D56}) (Version: 12.12.2.2 - Apple Inc.)
Logitech Options (HKLM\...\LogiOptions) (Version: 8.10.84 - Logitech)
Malwarebytes version 4.4.10.144 (HKLM\...\{35065F43-4BB2-439A-BFF7-0F1014F2E0CD}_is1) (Version: 4.4.10.144 - Malwarebytes)
Microsoft 365 - en-us (HKLM\...\O365HomePremRetail - en-us) (Version: 16.0.14527.20276 - Microsoft Corporation)
Microsoft Edge (HKLM-x32\...\Microsoft Edge) (Version: 95.0.1020.53 - Microsoft Corporation)
Microsoft Edge WebView2 Runtime (HKLM-x32\...\Microsoft EdgeWebView) (Version: 95.0.1020.53 - Microsoft Corporation)
Microsoft OneDrive (HKU\S-1-5-21-4005300964-2302935580-1863167367-1001\...\OneDriveSetup.exe) (Version: 21.205.1003.0005 - Microsoft Corporation)
Microsoft Update Health Tools (HKLM\...\{29B15818-E79F-4AB0-8938-9410C807AD76}) (Version: 2.84.0.0 - Microsoft Corporation)
Microsoft Visual C++ 2015-2019 Redistributable (x64) - 14.26.28720 (HKLM-x32\...\{7d607fb4-7e28-4c7a-a92f-3fcdaf555faf}) (Version: 14.26.28720.3 - Microsoft Corporation)
NVIDIA GeForce Experience 3.20.4.14 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.GFExperience) (Version: 3.20.4.14 - NVIDIA Corporation)
NVIDIA Graphics Driver 462.30 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver) (Version: 462.30 - NVIDIA Corporation)
NVIDIA PhysX System Software 9.20.0221 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.PhysX) (Version: 9.20.0221 - NVIDIA Corporation)
Office 16 Click-to-Run Extensibility Component (HKLM\...\{90160000-008C-0000-1000-0000000FF1CE}) (Version: 16.0.14527.20276 - Microsoft Corporation) Hidden
Office 16 Click-to-Run Licensing Component (HKLM\...\{90160000-007E-0000-1000-0000000FF1CE}) (Version: 16.0.14527.20276 - Microsoft Corporation) Hidden
Office 16 Click-to-Run Localization Component (HKLM\...\{90160000-008C-0409-1000-0000000FF1CE}) (Version: 16.0.14131.20278 - Microsoft Corporation) Hidden
Windows PC Health Check (HKLM\...\{B1E7D0FD-7CFE-4E0C-A5DA-0F676499DB91}) (Version: 3.2.2110.14001 - Microsoft Corporation)
 
Packages:
=========
AV1 Video Extension -> C:\Program Files\WindowsApps\Microsoft.AV1VideoExtension_1.1.41601.0_x64__8wekyb3d8bbwe [2021-07-24] (Microsoft Corporation)
Dolby Audio -> C:\Program Files\WindowsApps\DolbyLaboratories.DolbyAudio_3.20602.609.0_x64__rz1tebttyb220 [2021-03-10] (Dolby Laboratories)
Intel® Graphics Command Center -> C:\Program Files\WindowsApps\AppUp.IntelGraphicsExperience_1.100.3370.0_x64__8j3eq9eme6ctt [2021-10-05] (INTEL CORP) [Startup Task]
Microsoft Solitaire Collection -> C:\Program Files\WindowsApps\Microsoft.MicrosoftSolitaireCollection_4.10.10270.0_x64__8wekyb3d8bbwe [2021-11-02] (Microsoft Studios) [MS Ad]
MPEG-2 Video Extension -> C:\Program Files\WindowsApps\Microsoft.MPEG2VideoExtension_1.0.42152.0_x64__8wekyb3d8bbwe [2021-09-10] (Microsoft Corporation)
NVIDIA Control Panel -> C:\Program Files\WindowsApps\NVIDIACorp.NVIDIAControlPanel_8.1.961.0_x64__56jybvy8sckqj [2021-06-11] (NVIDIA Corp.)
Photos Media Engine Add-on -> C:\Program Files\WindowsApps\Microsoft.Photos.MediaEngineDLC_1.0.0.0_x64__8wekyb3d8bbwe [2021-07-25] (Microsoft Corporation)
Realtek Audio Control -> C:\Program Files\WindowsApps\RealtekSemiconductorCorp.RealtekAudioControl_1.14.221.0_x64__dt26b99r8h8gj [2021-03-10] (Realtek Semiconductor Corp)
Spotify Music -> C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.172.439.0_x86__zpdnekdrzrea0 [2021-11-14] (Spotify AB) [Startup Task]
 
==================== Custom CLSID (Whitelisted): ==============
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
CustomCLSID: HKU\S-1-5-21-4005300964-2302935580-1863167367-1001_Classes\CLSID\{018D5C66-4533-4307-9B53-224DE2ED1FE6} -> [OneDrive - Personal] => {a52bba46-e9e1-435f-b3d9-28daa648c0f6}
ShellIconOverlayIdentifiers: [    GoogleDriveCloudOverlayIconHandler] -> {A8E52322-8734-481D-A7E2-27B309EF8D56} => C:\Program Files\Google\Drive File Stream\52.0.6.0\drivefsext.dll [2021-10-18] (Google LLC -> Google, Inc.)
ShellIconOverlayIdentifiers: [    GoogleDriveMirrorBlacklistedOverlayIconHandler] -> {51EF1569-67EE-4AD6-9646-E726C3FFC8A2} => C:\Program Files\Google\Drive File Stream\52.0.6.0\drivefsext.dll [2021-10-18] (Google LLC -> Google, Inc.)
ShellIconOverlayIdentifiers: [    GoogleDrivePinnedOverlayIconHandler] -> {CFE8B367-77A7-41D7-9C90-75D16D7DC6B6} => C:\Program Files\Google\Drive File Stream\52.0.6.0\drivefsext.dll [2021-10-18] (Google LLC -> Google, Inc.)
ShellIconOverlayIdentifiers: [    GoogleDriveProgressOverlayIconHandler] -> {C973DA94-CBDF-4E77-81D1-E5B794FBD146} => C:\Program Files\Google\Drive File Stream\52.0.6.0\drivefsext.dll [2021-10-18] (Google LLC -> Google, Inc.)
ContextMenuHandlers1: [DriveFS 28 or later] -> {EE15C2BD-CECB-49F8-A113-CA1BFC528F5B} => C:\Program Files\Google\Drive File Stream\52.0.6.0\drivefsext.dll [2021-10-18] (Google LLC -> Google, Inc.)
ContextMenuHandlers3: [MBAMShlExt] -> {57CE581A-0CB6-4266-9CA0-19364C90A0B3} => C:\Program Files\Malwarebytes\Anti-Malware\mbshlext.dll [2021-04-22] (Malwarebytes Corporation -> Malwarebytes)
ContextMenuHandlers4: [DriveFS 28 or later] -> {EE15C2BD-CECB-49F8-A113-CA1BFC528F5B} => C:\Program Files\Google\Drive File Stream\52.0.6.0\drivefsext.dll [2021-10-18] (Google LLC -> Google, Inc.)
ContextMenuHandlers5: [DriveFS 28 or later] -> {EE15C2BD-CECB-49F8-A113-CA1BFC528F5B} => C:\Program Files\Google\Drive File Stream\52.0.6.0\drivefsext.dll [2021-10-18] (Google LLC -> Google, Inc.)
ContextMenuHandlers5: [NvCplDesktopContext] -> {3D1975AF-48C6-4f8e-A182-BE0E08FA86A9} => C:\Windows\System32\DriverStore\FileRepository\nvlt.inf_amd64_5adc6075318430cf\nvshext.dll [2021-08-31] (NVIDIA Corporation -> NVIDIA Corporation)
ContextMenuHandlers6: [MBAMShlExt] -> {57CE581A-0CB6-4266-9CA0-19364C90A0B3} => C:\Program Files\Malwarebytes\Anti-Malware\mbshlext.dll [2021-04-22] (Malwarebytes Corporation -> Malwarebytes)
 
==================== Codecs (Whitelisted) ====================
 
==================== Shortcuts & WMI ========================
 
==================== Loaded Modules (Whitelisted) =============
 
2019-10-21 04:56 - 2019-10-21 04:56 - 000144896 _____ () [File not signed] C:\ProgramData\Logishrd\LogiOptions\Software\Current\laclient\libssh2.dll
2019-10-21 04:56 - 2019-10-21 04:56 - 000077824 _____ () [File not signed] C:\ProgramData\Logishrd\LogiOptions\Software\Current\laclient\zlib.dll
2019-10-21 04:56 - 2019-10-21 04:56 - 000355840 _____ (The cURL library, hxxp://curl.haxx.se/) [File not signed] C:\ProgramData\Logishrd\LogiOptions\Software\Current\laclient\LIBCURL.dll
2019-10-21 04:56 - 2019-10-21 04:56 - 002286747 _____ (The OpenSSL Project, hxxp://www.openssl.org/) [File not signed] C:\ProgramData\Logishrd\LogiOptions\Software\Current\laclient\LIBEAY32.dll
2019-10-21 04:56 - 2019-10-21 04:56 - 000416627 _____ (The OpenSSL Project, hxxp://www.openssl.org/) [File not signed] C:\ProgramData\Logishrd\LogiOptions\Software\Current\laclient\SSLEAY32.dll
 
==================== Alternate Data Streams (Whitelisted) ========
 
==================== Safe Mode (Whitelisted) ==================
 
(If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)
 
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MBAMService => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\MBAMService => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\McMPFSvc => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\MCODS => ""="Service"
 
==================== Association (Whitelisted) =================
 
==================== Internet Explorer (Whitelisted) ==========
 
HKU\S-1-5-21-4005300964-2302935580-1863167367-1001\Software\Microsoft\Internet Explorer\Main,Secondary Start Pages = hxxp://mystart.lenovo.com/
SearchScopes: HKLM -> DefaultScope {10ABE9E3-13DA-46DD-B4E9-AA1779861B5A} URL = hxxp://www.bing.com/search?q={SearchTerms}&form=PRLNC1&src=IE11TR&pc=LCTE
SearchScopes: HKLM -> {10ABE9E3-13DA-46DD-B4E9-AA1779861B5A} URL = hxxp://www.bing.com/search?q={SearchTerms}&form=PRLNC1&src=IE11TR&pc=LCTE
SearchScopes: HKLM-x32 -> DefaultScope {10ABE9E3-13DA-46DD-B4E9-AA1779861B5A} URL = hxxp://www.bing.com/search?q={SearchTerms}&form=PRLNC1&src=IE11TR&pc=LCTE
SearchScopes: HKLM-x32 -> {10ABE9E3-13DA-46DD-B4E9-AA1779861B5A} URL = hxxp://www.bing.com/search?q={SearchTerms}&form=PRLNC1&src=IE11TR&pc=LCTE
SearchScopes: HKU\S-1-5-21-4005300964-2302935580-1863167367-1001 -> DefaultScope {10ABE9E3-13DA-46DD-B4E9-AA1779861B5A} URL = 
SearchScopes: HKU\S-1-5-21-4005300964-2302935580-1863167367-1001 -> {10ABE9E3-13DA-46DD-B4E9-AA1779861B5A} URL = 
BHO-x32: Skype for Business Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files\Microsoft Office\root\VFS\ProgramFilesX86\Microsoft Office\Office16\OCHelper.dll [2021-10-29] (Microsoft Corporation -> Microsoft Corporation)
Handler: mso-minsb-roaming.16 - {83C25742-A9F7-49FB-9138-434302C88D07} - C:\Program Files\Microsoft Office\root\Office16\MSOSB.DLL [2021-10-29] (Microsoft Corporation -> Microsoft Corporation)
Handler-x32: mso-minsb-roaming.16 - {83C25742-A9F7-49FB-9138-434302C88D07} - C:\Program Files\Microsoft Office\root\VFS\ProgramFilesX86\Microsoft Office\Office16\MSOSB.DLL [2021-10-29] (Microsoft Corporation -> Microsoft Corporation)
Handler: mso-minsb.16 - {42089D2D-912D-4018-9087-2B87803E93FB} - C:\Program Files\Microsoft Office\root\Office16\MSOSB.DLL [2021-10-29] (Microsoft Corporation -> Microsoft Corporation)
Handler-x32: mso-minsb.16 - {42089D2D-912D-4018-9087-2B87803E93FB} - C:\Program Files\Microsoft Office\root\VFS\ProgramFilesX86\Microsoft Office\Office16\MSOSB.DLL [2021-10-29] (Microsoft Corporation -> Microsoft Corporation)
Handler: osf-roaming.16 - {42089D2D-912D-4018-9087-2B87803E93FB} - C:\Program Files\Microsoft Office\root\Office16\MSOSB.DLL [2021-10-29] (Microsoft Corporation -> Microsoft Corporation)
Handler-x32: osf-roaming.16 - {42089D2D-912D-4018-9087-2B87803E93FB} - C:\Program Files\Microsoft Office\root\VFS\ProgramFilesX86\Microsoft Office\Office16\MSOSB.DLL [2021-10-29] (Microsoft Corporation -> Microsoft Corporation)
Handler: osf.16 - {5504BE45-A83B-4808-900A-3A5C36E7F77A} - C:\Program Files\Microsoft Office\root\Office16\MSOSB.DLL [2021-10-29] (Microsoft Corporation -> Microsoft Corporation)
Handler-x32: osf.16 - {5504BE45-A83B-4808-900A-3A5C36E7F77A} - C:\Program Files\Microsoft Office\root\VFS\ProgramFilesX86\Microsoft Office\Office16\MSOSB.DLL [2021-10-29] (Microsoft Corporation -> Microsoft Corporation)
 
==================== Hosts content: =========================
 
(If needed Hosts: directive could be included in the fixlist to reset Hosts.)
 
2019-12-07 01:14 - 2019-12-07 01:12 - 000000824 _____ C:\Windows\system32\drivers\etc\hosts
 
==================== Other Areas ===========================
 
(Currently there is no automatic fix for this section.)
 
HKU\S-1-5-21-4005300964-2302935580-1863167367-1001\Control Panel\Desktop\\Wallpaper -> C:\Users\19192\Downloads\DaveGrohlnme.jpg
DNS Servers: 192.168.0.1
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1)
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer => (SmartScreenEnabled: )
Windows Firewall is enabled.
 
==================== MSCONFIG/TASK MANAGER disabled items ==
 
(If an entry is included in the fixlist, it will be removed.)
 
HKLM\...\StartupApproved\Run: => "SecurityHealth"
 
==================== FirewallRules (Whitelisted) ================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
FirewallRules: [{D5C3E1EA-BD09-48CB-A3DF-30592CE419BE}] => (Allow) C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe (NVIDIA Corporation -> NVIDIA Corporation)
FirewallRules: [{7D0B604C-038B-4FC1-8930-8B3126440FEE}] => (Allow) C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe (NVIDIA Corporation -> NVIDIA Corporation)
FirewallRules: [{64AE00D8-D5BF-4F49-915E-B3CD49991C10}] => (Allow) C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe (NVIDIA Corporation -> NVIDIA Corporation)
FirewallRules: [{9F51071C-07F0-4F8D-B0DD-911B5778B273}] => (Allow) C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe (NVIDIA Corporation -> NVIDIA Corporation)
FirewallRules: [{2E6FD9BC-4929-4D79-95F3-D2819EFD8469}] => (Allow) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamer.exe (NVIDIA Corporation -> NVIDIA Corporation)
FirewallRules: [{8F5F7D55-AE49-4AA7-8ED5-1E5382FBB307}] => (Allow) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamer.exe (NVIDIA Corporation -> NVIDIA Corporation)
FirewallRules: [{7B96223D-344F-49E8-BB86-B099582965B2}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe (Apple Inc. -> Apple Inc.)
FirewallRules: [{9383BB08-115F-46DC-B831-A85457068B9B}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe (Apple Inc. -> Apple Inc.)
FirewallRules: [{BFC9211C-A41A-4B30-8C01-FA8734904EBE}] => (Allow) C:\Program Files (x86)\Bonjour\mDNSResponder.exe (Apple Inc. -> Apple Inc.)
FirewallRules: [{7518B9C5-4A36-4D2B-A28C-A99A57CAE376}] => (Allow) C:\Program Files (x86)\Bonjour\mDNSResponder.exe (Apple Inc. -> Apple Inc.)
FirewallRules: [{6871DEBF-FBD1-4584-9C5E-1C209E52B0C8}] => (Allow) C:\ProgramData\Logishrd\LogiOptions\Software\Current\LogiOptionsMgr.EXE (Logitech Inc -> Logitech, Inc.)
FirewallRules: [{E616003B-1FCD-492F-904C-741D360C791D}] => (Allow) C:\Program Files\Microsoft Office\root\Office16\outlook.exe (Microsoft Corporation -> Microsoft Corporation)
FirewallRules: [{BC52CFF5-BB26-4FDE-B744-4B82C17B32B7}] => (Allow) C:\Program Files\Google\Chrome\Application\chrome.exe (Google LLC -> Google LLC)
FirewallRules: [{6627577B-64FB-4315-97B9-C34E3C125B52}] => (Allow) C:\Program Files\iTunes\iTunes.exe (Apple Inc. -> Apple Inc.)
FirewallRules: [{BCEDF912-EBF8-4D18-9963-02964EFCA403}] => (Allow) C:\Program Files\WindowsApps\Microsoft.SkypeApp_15.78.159.0_x86__kzf8qxf38zg5c\Skype\Skype.exe (Skype Software Sarl -> Skype Technologies S.A.)
FirewallRules: [{3E9EEA9D-7126-41F6-BB63-4B7392F2ABAB}] => (Allow) C:\Program Files\WindowsApps\Microsoft.SkypeApp_15.78.159.0_x86__kzf8qxf38zg5c\Skype\Skype.exe (Skype Software Sarl -> Skype Technologies S.A.)
FirewallRules: [{F2139E85-C9BC-4E88-AB7E-C822C2957553}] => (Allow) C:\Program Files\WindowsApps\Microsoft.SkypeApp_15.78.159.0_x86__kzf8qxf38zg5c\Skype\Skype.exe (Skype Software Sarl -> Skype Technologies S.A.)
FirewallRules: [{93B3FA20-4261-4EC3-9A8E-33FEFA400597}] => (Allow) C:\Program Files\WindowsApps\Microsoft.SkypeApp_15.78.159.0_x86__kzf8qxf38zg5c\Skype\Skype.exe (Skype Software Sarl -> Skype Technologies S.A.)
FirewallRules: [{E281517D-A7B0-4B35-98C2-15EDAB153D75}] => (Allow) C:\Users\19192\AppData\Local\Temp\HelpDesk\u8\HelpDesk\RPCHelpDeskServiceUAC.exe => No File
FirewallRules: [{868BB4AB-5C17-4ED0-A373-2D0A60535557}] => (Allow) C:\Users\19192\AppData\Local\Temp\HelpDesk\u8\HelpDesk\RPCHelpDeskServiceUAC.exe => No File
FirewallRules: [{C7F4D455-330B-4ACC-BC29-DF1ACFF695FE}] => (Allow) C:\Users\19192\AppData\Local\Temp\ShowMyPC\-ShowMyPC3606\SMPCSetup.exe => No File
FirewallRules: [{5806E64E-1B06-4E0B-B9C2-B4EF9AFB8809}] => (Allow) C:\Users\19192\AppData\Local\Temp\ShowMyPC\-ShowMyPC3606\tvnserver.exe => No File
FirewallRules: [{45671AFA-8FBD-4F27-8BE0-35BDC1A7C406}] => (Allow) C:\Program Files (x86)\Microsoft\EdgeWebView\Application\95.0.1020.53\msedgewebview2.exe (Microsoft Corporation -> Microsoft Corporation)
FirewallRules: [{3EFDD2F4-2367-4881-9600-7F4CDCA30DCF}] => (Allow) C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.172.439.0_x86__zpdnekdrzrea0\Spotify.exe (Spotify AB -> Spotify Ltd)
FirewallRules: [{03646D20-6E5C-4CD5-A316-E57F5B2BF8D3}] => (Allow) C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.172.439.0_x86__zpdnekdrzrea0\Spotify.exe (Spotify AB -> Spotify Ltd)
FirewallRules: [{A188224B-E5AD-4802-BD1C-C73937185DD4}] => (Allow) C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.172.439.0_x86__zpdnekdrzrea0\Spotify.exe (Spotify AB -> Spotify Ltd)
FirewallRules: [{E6D8527E-99AD-4C2F-9BDD-B781EAE28F53}] => (Allow) C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.172.439.0_x86__zpdnekdrzrea0\Spotify.exe (Spotify AB -> Spotify Ltd)
FirewallRules: [{973868AC-5DF0-49FB-A3C6-7C40E1193B28}] => (Allow) C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.172.439.0_x86__zpdnekdrzrea0\Spotify.exe (Spotify AB -> Spotify Ltd)
FirewallRules: [{F090496E-3A0E-46C3-8ABA-076456BB1161}] => (Allow) C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.172.439.0_x86__zpdnekdrzrea0\Spotify.exe (Spotify AB -> Spotify Ltd)
FirewallRules: [{EC124086-E00B-41F1-BADB-F453C4459743}] => (Allow) C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.172.439.0_x86__zpdnekdrzrea0\Spotify.exe (Spotify AB -> Spotify Ltd)
FirewallRules: [{7CCF74D1-0C30-4D2E-903A-03C178B19976}] => (Allow) C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.172.439.0_x86__zpdnekdrzrea0\Spotify.exe (Spotify AB -> Spotify Ltd)
 
==================== Restore Points =========================
 
10-09-2021 11:04:37 Scheduled Checkpoint
02-11-2021 21:56:09 Scheduled Checkpoint
08-11-2021 14:06:52 Windows Update
12-11-2021 17:30:52 Windows Modules Installer
15-11-2021 13:06:11 Windows Modules Installer
15-11-2021 13:45:22 AdwCleaner_BeforeCleaning_15/11/2021_13:45:21
 
==================== Faulty Device Manager Devices ============
 
 
==================== Event log errors: ========================
 
Application errors:
==================
Error: (11/15/2021 01:47:38 PM) (Source: VSS) (EventID: 8193) (User: )
Description: Volume Shadow Copy Service error: Unexpected error calling routine CoCreateInstance.  hr = 0x8007045b, A system shutdown is in progress.
.
 
Error: (11/15/2021 01:47:38 PM) (Source: VSS) (EventID: 13) (User: )
Description: Volume Shadow Copy Service information: The COM Server with CLSID {4e14fba2-2e22-11d1-9964-00c04fbbb345} and name CEventSystem cannot be started. [0x8007045b, A system shutdown is in progress.
]
 
Error: (11/15/2021 01:47:38 PM) (Source: VSS) (EventID: 8193) (User: )
Description: Volume Shadow Copy Service error: Unexpected error calling routine CoCreateInstance.  hr = 0x8007045b, A system shutdown is in progress.
.
 
Error: (11/15/2021 01:47:38 PM) (Source: VSS) (EventID: 13) (User: )
Description: Volume Shadow Copy Service information: The COM Server with CLSID {4e14fba2-2e22-11d1-9964-00c04fbbb345} and name CEventSystem cannot be started. [0x8007045b, A system shutdown is in progress.
]
 
Error: (11/15/2021 01:45:39 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: wuauclt.exe, version: 10.0.19041.906, time stamp: 0x01b4b287
Faulting module name: wuuhosdeployment.dll_unloaded, version: 10.0.19041.867, time stamp: 0x14e58421
Exception code: 0xc0000005
Fault offset: 0x000000000001a3f3
Faulting process id: 0x37f0
Faulting application start time: 0x01d7da649cb60506
Faulting application path: C:\Windows\system32\wuauclt.exe
Faulting module path: wuuhosdeployment.dll
Report Id: a800ac61-8a42-4cea-a66c-f2db78628b39
Faulting package full name: 
Faulting package-relative application ID:
 
Error: (11/15/2021 01:07:26 PM) (Source: SecurityCenter) (EventID: 17) (User: )
Description: Security Center failed to validate caller with error %1.
 
Error: (11/14/2021 07:54:31 PM) (Source: Application Hang) (EventID: 1002) (User: )
Description: The program utility.exe version 4.1.32.0 stopped interacting with Windows and was closed. To see if more information about the problem is available, check the problem history in the Security and Maintenance control panel.
 
Process ID: 3d00
 
Start Time: 01d7d5d52c3da835
 
Termination Time: 4294967295
 
Application Path: C:\Program Files\WindowsApps\E0469640.LenovoUtility_4.1.32.0_x64__5grkq8ppsgwt4\LaunchUtility\utility.exe
 
Report Id: 1b7c558f-a633-487b-acbb-5797ea0e66ab
 
Faulting package full name: E0469640.LenovoUtility_4.1.32.0_x64__5grkq8ppsgwt4
 
Faulting package-relative application ID: LenovoUtility
 
Hang type: Quiesce
 
Error: (11/13/2021 01:49:18 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: OneDrive.exe, version: 21.205.1003.5, time stamp: 0x099752be
Faulting module name: KERNELBASE.dll, version: 10.0.19041.1110, time stamp: 0x4809adf2
Exception code: 0x80000003
Fault offset: 0x00000000000c9a92
Faulting process id: 0x5600
Faulting application start time: 0x01d7d8d84be90685
Faulting application path: C:\Users\19192\AppData\Local\Microsoft\OneDrive\OneDrive.exe
Faulting module path: C:\Windows\System32\KERNELBASE.dll
Report Id: e624b516-6054-4f86-8237-a60d22d4dc5d
Faulting package full name: 
Faulting package-relative application ID:
 
 
System errors:
=============
Error: (11/15/2021 02:04:16 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The System Interface Foundation Service service failed to start due to the following error: 
The system cannot find the file specified.
 
Error: (11/15/2021 02:03:06 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The System Interface Foundation Service service failed to start due to the following error: 
The system cannot find the file specified.
 
Error: (11/15/2021 02:02:00 PM) (Source: Microsoft-Windows-WindowsUpdateClient) (EventID: 20) (User: NT AUTHORITY)
Description: Installation Failure: Windows failed to install the following update with error 0x8007139f: 9MWPM2CQNLHN-Microsoft.GamingServices.
 
Error: (11/15/2021 01:50:16 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The System Interface Foundation Service service failed to start due to the following error: 
The system cannot find the file specified.
 
Error: (11/15/2021 01:49:46 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The System Interface Foundation Service service failed to start due to the following error: 
The system cannot find the file specified.
 
Error: (11/15/2021 01:49:16 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The System Interface Foundation Service service failed to start due to the following error: 
The system cannot find the file specified.
 
Error: (11/15/2021 01:49:06 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The System Interface Foundation Service service failed to start due to the following error: 
The system cannot find the file specified.
 
Error: (11/15/2021 01:48:36 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The System Interface Foundation Service service failed to start due to the following error: 
The system cannot find the file specified.
 
 
Windows Defender:
================
Date: 2021-11-02 22:38:45
Description: 
Microsoft Defender Antivirus scan has been stopped before completion.
Scan Type: Antimalware
Scan Parameters: Quick Scan
 
Date: 2021-07-24 15:58:10
Description: 
Microsoft Defender Antivirus scan has been stopped before completion.
Scan Type: Antimalware
Scan Parameters: Quick Scan
 
Date: 2021-07-23 19:11:43
Description: 
Microsoft Defender Antivirus scan has been stopped before completion.
Scan Type: Antimalware
Scan Parameters: Quick Scan
 
Date: 2021-06-11 17:24:39
Description: 
Microsoft Defender Antivirus scan has been stopped before completion.
Scan Type: Antimalware
Scan Parameters: Quick Scan
 
Date: 2021-05-12 14:31:54
Description: 
Microsoft Defender Antivirus scan has been stopped before completion.
Scan Type: Antimalware
Scan Parameters: Quick Scan

CodeIntegrity:
===============
Date: 2021-11-15 14:08:19
Description: 
Code Integrity determined that a process (\Device\HarddiskVolume5\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe) attempted to load \Device\HarddiskVolume5\Program Files\Bonjour\mdnsNSP.dll that did not meet the Custom 3 / Antimalware signing level requirements.
 
Date: 2021-11-15 14:04:17
Description: 
Code Integrity determined that a process (\Device\HarddiskVolume5\Windows\System32\svchost.exe) attempted to load \Device\HarddiskVolume5\Program Files\Bonjour\mdnsNSP.dll that did not meet the Microsoft signing level requirements.
 
 
==================== Memory info =========================== 
 
BIOS: LENOVO EGCN33WW 12/24/2020
Motherboard: LENOVO LNVNB161216
Processor: Intel® Core™ i7-10750H CPU @ 2.60GHz
Percentage of memory in use: 70%
Total physical RAM: 8059.8 MB
Available physical RAM: 2342.26 MB
Total Virtual: 19323.8 MB
Available Virtual: 11802.48 MB
 
==================== Drives ================================
 
Drive c: (Windows-SSD) (Fixed) (Total:237.23 GB) (Free:155.7 GB) NTFS
Drive d: (Data) (Fixed) (Total:931.5 GB) (Free:928.08 GB) NTFS
Drive g: (Google Drive) (Fixed) (Total:15 GB) (Free:12.68 GB) FAT32
 
\\?\Volume{4c930333-03c7-4bda-89cb-1ab278503d60}\ (WINRE_DRV) (Fixed) (Total:0.98 GB) (Free:0.48 GB) NTFS
\\?\Volume{19bbc73d-d8a9-45aa-aa09-3899456ca382}\ (SYSTEM_DRV) (Fixed) (Total:0.25 GB) (Free:0.22 GB) FAT32
 
==================== MBR & Partition Table ====================
 
==========================================================
Disk: 0 (Size: 238.5 GB) (Disk ID: 17FC6791)
 
Partition: GPT.
 
==========================================================
Disk: 1 (Size: 931.5 GB) (Disk ID: 583D7DAE)
 
Partition: GPT.
 
==================== End of Addition.txt =======================
 
 

  • 0

#13
DR M
Posted 15 November 2021 - 01:50 PM

DR M

    The Grecian Geek

  • Malware Removal
  • 4,096 posts

Hi, Karolion.

 

The FRST log is cut. 

 

Please make sure to select all of its content, copy and paste it here. Another option is to attach it. To do that, click on the More Reply Options at the bottom right of the reply area, and then choose Attach File.

 

I will be waiting for that log before I reply.

 

Since here it is late (almost 10 p.m.) I will reply to you tomorrow.


  • 0

#14
karolion
Posted 15 November 2021 - 02:34 PM

karolion

    Member

  • Topic Starter
  • Member
  • PipPip
  • 38 posts

I'm sorry about that.  I did select all and copied and pasted it.  I've attached the files.

 

Should I select "Got it" or "Open One Drive Recycle Bin" regarding the notification I got when I restarted the computer?  How can it give me an alert that FRST64.exe has been deleted when I'm still able to use the program?

Attached Files


  • 0

#15
karolion
Posted 15 November 2021 - 03:07 PM

karolion

    Member

  • Topic Starter
  • Member
  • PipPip
  • 38 posts

You asked earlier if I installed GoTo Opener.  I did not do that, but the one thing I did do on the computer between that message and the previous one was watch an episode of Absolutely Fabulous that isn't available on Amazon Prime on Daily Motion.  I don't like watching videos on Daily Motion because of all the pop-up ads.  Should I avoid Daily Motion altogether?


  • 0
Back to Virus, Spyware, Malware Removal · Next Unread Topic →




Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

  1. Geeks to Go Community
  2. Security
  3. Virus, Spyware, Malware Removal

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP