Tech Support Guy banner
Cancel
Create thread New Forums

Could I have a virus?

Solved
1 reading
Jump to Latest
  • IMPORTANT: Only authorized members may reply to threads in this forum due to the complexity of the malware removal process. Authorized members include Malware Specialists and Trainees, Administrators, Moderators, and Trusted Advisors. Regular members are not permitted to reply, and any such posts will be deleted without notice or further explanation. Notice
Status
Not open for further replies.
41 - 60 of 70 Posts
Discussion starter · #41 ·
Additional scan result of Farbar Recovery Scan Tool (x64) Version: 06-12-2021
Ran by bailey (06-12-2021 12:45:10)
Running from C:\Users\baile\Desktop
Microsoft Windows 10 Home Version 21H2 19044.1348 (X64) (2021-12-06 17:41:42)
Boot Mode: Normal
==========================================================

==================== Accounts: =============================

(If an entry is included in the fixlist, it will be removed.)

Administrator (S-1-5-21-260720292-2504253849-2348319339-500 - Administrator - Disabled)
Baile (S-1-5-21-260720292-2504253849-2348319339-1002 - Limited - Disabled)
bailey (S-1-5-21-260720292-2504253849-2348319339-1001 - Administrator - Enabled) => C:\Users\baile
DefaultAccount (S-1-5-21-260720292-2504253849-2348319339-503 - Limited - Disabled)
Guest (S-1-5-21-260720292-2504253849-2348319339-501 - Limited - Disabled)
supportaccount (S-1-5-21-260720292-2504253849-2348319339-1003 - Administrator - Enabled)
WDAGUtilityAccount (S-1-5-21-260720292-2504253849-2348319339-504 - Limited - Disabled)

==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AV: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AV: Malwarebytes (Enabled - Up to date) {23007AD3-69FE-687C-2629-D584AFFAF72B}
AS: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

==================== Installed Programs ======================

(Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

Adobe Genuine Service (HKLM-x32\...\AdobeGenuineService) (Version: - Adobe)
Amazon Games (HKU\S-1-5-21-260720292-2504253849-2348319339-1001\...\{4DD10B06-78A4-4E6F-AA39-25E9C38FA568}) (Version: 2.1.5699.1 - Amazon.com Services, Inc.)
Amazon Photos (HKU\S-1-5-21-260720292-2504253849-2348319339-1001\...\Amazon Photos) (Version: 6.5.0 - Amazon.com, Inc.)
Apple Application Support (32-bit) (HKLM-x32\...\{C3A282C9-4C8B-4A63-B449-3A064FB378D7}) (Version: 8.2 - Apple Inc.)
Apple Application Support (64-bit) (HKLM\...\{CC046FB9-E84E-4092-B924-DBE33DA2BE75}) (Version: 8.2 - Apple Inc.)
Apple Mobile Device Support (HKLM\...\{74CC99EB-7DC0-4CB0-847A-F8C2FE39690C}) (Version: 14.5.0.7 - Apple Inc.)
Apple Software Update (HKLM-x32\...\{A3985C05-7386-411F-A4BF-32A73F37EB44}) (Version: 2.6.3.1 - Apple Inc.)
Bonjour (HKLM\...\{56DDDFB8-7F79-4480-89D5-25E1F52AB28F}) (Version: 3.1.0.1 - Apple Inc.)
Cortona3D Viewer (HKLM\...\{71C24FD8-9FA4-4727-B1CB-E22B1E6D8403}) (Version: 8.6.212 - ParallelGraphics)
Dolby Atmos Windows API SDK (HKLM\...\{1F4A261B-588C-4A43-B1F0-49365AC430C7}) (Version: 1.1.3.23 - Dolby Laboratories, Inc.)
Dolby Atmos Windows APP (HKLM\...\{3CCE82BF-69CF-4172-8AFE-1DACB991A62B}) (Version: 1.1.3.21 - Dolby Laboratories, Inc.)
Epic Games Launcher Prerequisites (x64) (HKLM\...\{F9C5C994-F6B9-4D75-B3E7-AD01B84073E9}) (Version: 1.0.0.0 - Epic Games, Inc.) Hidden
ExpressVPN (HKLM-x32\...\{57e033a5-c75e-4823-83af-c1b6b3b759ab}) (Version: 10.0.9.2 - ExpressVPN)
ExpressVPN (HKLM-x32\...\{E5B9C3E5-889C-4F22-A959-F4B876CD0833}) (Version: 10.0.9.2 - ExpressVPN) Hidden
Fitbit Connect (HKLM-x32\...\{F76678F2-2FF6-40D7-9B16-A39B0A820ED2}) (Version: 1.0.3.5512 - Fitbit Inc.)
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 96.0.4664.45 - Google LLC)
Grammarly (HKU\S-1-5-21-260720292-2504253849-2348319339-1001\...\GrammarlyForWindows) (Version: 1.5.45 - Grammarly)
Grammarly for Microsoft® Office Suite (HKLM\...\{DE46CC28-5477-4CFB-9AE2-8C7C111E3EE7}) (Version: 6.8.261 - Grammarly) Hidden
Grammarly for Microsoft® Office Suite (HKU\S-1-5-21-260720292-2504253849-2348319339-1001\...\{ee962c45-b827-4262-a720-3a939910ce37}) (Version: 6.8.261 - Grammarly)
I.R.I.S. OCR (HKLM-x32\...\{CA6BCA2F-EDEB-408F-850B-31404BE16A61}) (Version: 12.3.4.0 - HP)
iCloud Outlook (HKLM\...\{969F33A2-7E0F-43FC-8896-6EF0C028CA12}) (Version: 10.9.0.9 - Apple Inc.)
Intel(R) Chipset Device Software (HKLM-x32\...\{bb0592a7-5772-4736-9d55-2402740085db}) (Version: 10.1.1.38 - Intel(R) Corporation) Hidden
Intel(R) Management Engine Components (HKLM\...\{1CEAC85D-2590-4760-800F-8DE5E91F3700}) (Version: 11.6.0.1039 - Intel Corporation)
Intel(R) Processor Graphics (HKLM-x32\...\{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}) (Version: 21.20.16.4627 - Intel Corporation) Hidden
iTunes (HKLM\...\{653C59E1-B78D-4D82-9259-C14DFD9F6EFC}) (Version: 12.11.3.17 - Apple Inc.)
Launcher Prerequisites (x64) (HKLM-x32\...\{43a03b9c-4770-409c-a999-587b60700b63}) (Version: 1.0.0.0 - Epic Games, Inc.) Hidden
Launcher Prerequisites (x64) (HKLM-x32\...\{c6c5a357-c7ca-4a5f-9789-3bb1af579253}) (Version: 1.0.0.0 - Epic Games, Inc.) Hidden
Lenovo App Explorer (HKU\S-1-5-19\...\Host App Service) (Version: 0.272.1.560 - SweetLabs for Lenovo) <==== ATTENTION
Lenovo App Explorer (HKU\S-1-5-20\...\Host App Service) (Version: 0.272.1.560 - SweetLabs for Lenovo) <==== ATTENTION
Logi Bolt (HKLM\...\LogiBolt) (Version: 1.01.415.0 - Logi)
Logitech Options (HKLM\...\LogiOptions) (Version: 9.40.86 - Logitech)
Malwarebytes version 4.4.10.144 (HKLM\...\{35065F43-4BB2-439A-BFF7-0F1014F2E0CD}_is1) (Version: 4.4.10.144 - Malwarebytes)
Microsoft Edge (HKLM-x32\...\Microsoft Edge) (Version: 96.0.1054.43 - Microsoft Corporation)
Microsoft Office Professional 2013 - en-us (HKLM\...\ProfessionalRetail - en-us) (Version: 15.0.5397.1002 - Microsoft Corporation)
Microsoft OneDrive (HKU\S-1-5-21-260720292-2504253849-2348319339-1001\...\OneDriveSetup.exe) (Version: 21.220.1024.0005 - Microsoft Corporation)
Microsoft Update Health Tools (HKLM\...\{29B15818-E79F-4AB0-8938-9410C807AD76}) (Version: 2.84.0.0 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{7299052b-02a4-4627-81f2-1818da5d550d}) (Version: 8.0.56336 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{071c9b48-7c32-4621-a0ac-3f809523288f}) (Version: 8.0.56336 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.61030 (HKLM-x32\...\{ca67548a-5ebe-413a-b50c-4b9ceb6d66c6}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.61030 (HKLM-x32\...\{33d1fd90-4274-48a1-9bc1-97e33d9c2d6f}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x64) - 12.0.30501 (HKLM-x32\...\{050d4fc8-5d48-4b8f-8972-47c82c46020f}) (Version: 12.0.30501.0 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x64) - 12.0.40660 (HKLM-x32\...\{ef6b00ec-13e1-4c25-9064-b2f383cb8412}) (Version: 12.0.40660.0 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.30501 (HKLM-x32\...\{f65db027-aff3-4070-886a-0d87064aabb1}) (Version: 12.0.30501.0 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.40660 (HKLM-x32\...\{61087a79-ac85-455c-934d-1fa22cc64f36}) (Version: 12.0.40660.0 - Microsoft Corporation)
Microsoft Visual C++ 2015-2019 Redistributable (x64) - 14.23.27820 (HKLM-x32\...\{852adda4-4c78-4a38-b583-c0b360a329d6}) (Version: 14.23.27820.0 - Microsoft Corporation)
Microsoft Visual C++ 2017 Redistributable (x86) - 14.15.26706 (HKLM-x32\...\{7e9fae12-5bbf-47fb-b944-09c49e75c061}) (Version: 14.15.26706.0 - Microsoft Corporation)
Office 15 Click-to-Run Extensibility Component (HKLM-x32\...\{90150000-008C-0000-0000-0000000FF1CE}) (Version: 15.0.5397.1002 - Microsoft Corporation) Hidden
Office 15 Click-to-Run Licensing Component (HKLM\...\{90150000-008F-0000-1000-0000000FF1CE}) (Version: 15.0.5397.1002 - Microsoft Corporation) Hidden
Office 15 Click-to-Run Localization Component (HKLM-x32\...\{90150000-008C-0409-0000-0000000FF1CE}) (Version: 15.0.5397.1002 - Microsoft Corporation) Hidden
OverDrive for Windows (HKLM-x32\...\{FF27E73D-C30A-4F32-B2D7-22069F01DDB9}) (Version: 3.6.0 - OverDrive, Inc.)
Polarr (HKU\S-1-5-21-260720292-2504253849-2348319339-1001\...\Polarr) (Version: 1.0.0 - Polarr, Inc.)
Skype Meetings App (HKLM-x32\...\{BC1D9E47-8927-4AA1-A891-7763BC2475B7}) (Version: 16.2.0.511 - Microsoft Corporation)
Steam (HKLM-x32\...\Steam) (Version: 2.10.91.91 - Valve Corporation)
Update for Windows 10 for x64-based Systems (KB4023057) (HKLM\...\{16AD6161-2E47-4BF1-AA77-0946EFE93E08}) (Version: 2.61.0.0 - Microsoft Corporation)
Vulkan Run Time Libraries 1.0.33.0 (HKLM\...\VulkanRT1.0.33.0) (Version: 1.0.33.0 - LunarG, Inc.)
Vulkan Run Time Libraries 1.0.42.0 (HKLM\...\VulkanRT1.0.42.0) (Version: 1.0.42.0 - LunarG, Inc.) Hidden
Vulkan Run Time Libraries 1.0.42.0 (HKLM\...\VulkanRT1.0.42.0-2) (Version: 1.0.42.0 - LunarG, Inc.) Hidden
Vulkan Run Time Libraries 1.0.42.0 (HKLM\...\VulkanRT1.0.42.0-3) (Version: 1.0.42.0 - LunarG, Inc.) Hidden
Vulkan Run Time Libraries 1.0.42.0 (HKLM\...\VulkanRT1.0.42.0-4) (Version: 1.0.42.0 - LunarG, Inc.) Hidden
Vulkan Run Time Libraries 1.0.42.0 (HKLM\...\VulkanRT1.0.42.0-5) (Version: 1.0.42.0 - LunarG, Inc.) Hidden
Vulkan Run Time Libraries 1.0.42.0 (HKLM\...\VulkanRT1.0.42.0-6) (Version: 1.0.42.0 - LunarG, Inc.)
Wacom Pen (HKLM\...\ISD Tablet Driver) (Version: 7.3.4-38 - Wacom Technology Corp.)
Wacom Tablet (HKLM\...\Wacom Tablet Driver) (Version: 6.3.29-6 - Wacom Technology Corp.)
WD Backup (HKLM-x32\...\{09C422A7-0421-40A5-933A-9177BEDF9B3B}) (Version: 1.9.6598.18388 - Western Digital Technologies, Inc) Hidden
WD Backup (HKLM-x32\...\{61ccf853-a113-4862-9d4a-6dd2b869c9db}) (Version: 1.9.6598.18388 - Western Digital Technologies, Inc.)
Windows 10 Update Assistant (HKLM-x32\...\{D5C69738-B486-402E-85AC-2456D98A64E4}) (Version: 1.4.9200.22589 - Microsoft Corporation)
Windows PC Health Check (HKLM\...\{014B7442-C784-45D3-A152-F7D2C651F28A}) (Version: 3.3.2110.22002 - Microsoft Corporation)
Windows PC Health Check (HKLM\...\{B1E7D0FD-7CFE-4E0C-A5DA-0F676499DB91}) (Version: 3.2.2110.14001 - Microsoft Corporation)
Zoom (HKU\S-1-5-21-260720292-2504253849-2348319339-1001\...\ZoomUMX) (Version: 5.4.3 (58891.1115) - Zoom Video Communications, Inc.)

Packages:
=========
Autodesk SketchBook -> C:\Program Files\WindowsApps\89006A2E.AutodeskSketchBook_5.1.0.0_x64__tf1gferkr813w [2020-09-27] (Autodesk Inc.)
Bamboo Paper -> C:\Program Files\WindowsApps\D91E29CF.BambooPaper_2.0.23.0_x64__38kynpdw5g1aw [2021-11-18] (Wacom Europe GmbH)
Facebook -> C:\Program Files\WindowsApps\FACEBOOK.FACEBOOK_2021.927.1.0_neutral__8xx8rvfyw5nnt [2021-12-06] (Facebook Inc)
Fitbit -> C:\Program Files\WindowsApps\Fitbit.Fitbit_2.44.1997.0_x64__6mqt6hf9g46tw [2020-09-27] (Fitbit)
HP Smart -> C:\Program Files\WindowsApps\AD2F1837.HPPrinterControl_132.4.265.0_x64__v10z8vjag6ke6 [2021-12-02] (HP Inc.)
iCloud -> C:\Program Files\WindowsApps\AppleInc.iCloud_12.5.74.0_x86__nzyj5cx40ttqa [2021-08-26] (Apple Inc.) [Startup Task]
Instagram -> C:\Program Files\WindowsApps\Facebook.InstagramBeta_42.0.19.0_neutral__8xx8rvfyw5nnt [2021-11-04] (Instagram)
Journalist -> C:\Program Files\WindowsApps\49752MichaelS.Scherotter.Journalist_1.1.631.0_x64__9eg5g21zq32qm [2021-07-27] (Michael S. Scherotter)
LastPass: Free Password Manager -> C:\Program Files\WindowsApps\LastPass.LastPassFreePasswordManager_4.69.0.0_neutral__qq0fmhteeht3j [2021-12-06] (LastPass)
Libby, by OverDrive -> C:\Program Files\WindowsApps\2FA138F6.LibbybyOverDrive_1.4.2.0_x64__daecb9042jmvt [2020-09-27] (OverDrive Inc.)
Messenger -> C:\Program Files\WindowsApps\FACEBOOK.317180B0BB486_1300.7.115.0_x64__8xx8rvfyw5nnt [2021-11-10] (Facebook Inc) [Startup Task]
Microsoft Advertising SDK for XAML -> C:\Program Files\WindowsApps\Microsoft.Advertising.Xaml_10.1811.1.0_x64__8wekyb3d8bbwe [2021-12-06] (Microsoft Corporation) [MS Ad]
Microsoft Advertising SDK for XAML -> C:\Program Files\WindowsApps\Microsoft.Advertising.Xaml_10.1811.1.0_x86__8wekyb3d8bbwe [2021-12-06] (Microsoft Corporation) [MS Ad]
Microsoft Solitaire Collection -> C:\Program Files\WindowsApps\Microsoft.MicrosoftSolitaireCollection_4.10.10270.0_x64__8wekyb3d8bbwe [2021-10-31] (Microsoft Studios) [MS Ad]
Microsoft Whiteboard -> C:\Program Files\WindowsApps\Microsoft.Whiteboard_51.10913.5796.0_x64__8wekyb3d8bbwe [2021-12-01] (Microsoft Corporation)
Netflix -> C:\Program Files\WindowsApps\4DF9E0F8.Netflix_6.97.752.0_x64__mcm4njqhnhss8 [2021-04-15] (Netflix, Inc.)
OverDrive - Library eBooks & Audiobooks -> C:\Program Files\WindowsApps\2FA138F6.OverDriveMediaConsole_3.8.0.5_neutral__daecb9042jmvt [2020-09-27] (OverDrive Inc.)
Pandora -> C:\Program Files\WindowsApps\PandoraMediaInc.29680B314EFC2_15.0.3.0_x64__n619g4d5j0fnw [2020-09-27] (Pandora Media Inc) [Startup Task]
Photos Add-on -> C:\Program Files\WindowsApps\Microsoft.Windows.Photos.DLC.Main_2021.39122.10110.0_x64__8wekyb3d8bbwe [2021-04-15] (Microsoft Corporation)
Photos Media Engine Add-on -> C:\Program Files\WindowsApps\Microsoft.Photos.MediaEngineDLC_1.0.0.0_x64__8wekyb3d8bbwe [2020-09-27] (Microsoft Corporation)
Spotify Music -> C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.173.517.0_x86__zpdnekdrzrea0 [2021-11-26] (Spotify AB) [Startup Task]

==================== Custom CLSID (Whitelisted): ==============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

CustomCLSID: HKU\S-1-5-21-260720292-2504253849-2348319339-1001_Classes\CLSID\{2AD206F1-152C-4F9D-A24E-6F93FE7A4AFC}\InprocServer32 -> C:\Users\baile\AppData\Local\Grammarly\Grammarly for Microsoft Office Suite\6.8.261\D457D793AD\GrammarlyShim64.dll (Grammarly, Inc. -> CompanyName)
CustomCLSID: HKU\S-1-5-21-260720292-2504253849-2348319339-1001_Classes\CLSID\{3E3AD4BD-346A-460A-80E8-90699B75C00B}\InprocServer32 -> C:\Users\baile\AppData\Local\Microsoft\SkypeForBusinessPlugin\16.2.0.511\GatewayActiveX-x64.dll (Microsoft Corporation -> Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-260720292-2504253849-2348319339-1001_Classes\CLSID\{4BE56754-B616-4998-B825-D16983AEE1B2}\InprocServer32 -> C:\Users\baile\AppData\Local\Grammarly\Grammarly for Microsoft Office Suite\6.8.261\D457D793AD\Grammarly.AddIn.Connect.ActiveX.dll (Grammarly, Inc. -> Grammarly)
ContextMenuHandlers3: [MBAMShlExt] -> {57CE581A-0CB6-4266-9CA0-19364C90A0B3} => C:\Program Files\Malwarebytes\Anti-Malware\mbshlext.dll [2020-08-03] (Malwarebytes Corporation -> Malwarebytes)
ContextMenuHandlers5: [igfxcui] -> {3AB1675A-CCFF-11D2-8B20-00A0C93CB1F4} => -> No File
ContextMenuHandlers5: [igfxDTCM] -> {9B5F5829-A529-4B12-814A-E81BCB8D93FC} => C:\WINDOWS\System32\DriverStore\FileRepository\igdlh64.inf_amd64_3d757484a892eacf\igfxDTCM.dll [2017-09-18] (Microsoft Windows Hardware Compatibility Publisher -> Intel Corporation)
ContextMenuHandlers6: [MBAMShlExt] -> {57CE581A-0CB6-4266-9CA0-19364C90A0B3} => C:\Program Files\Malwarebytes\Anti-Malware\mbshlext.dll [2020-08-03] (Malwarebytes Corporation -> Malwarebytes)

==================== Codecs (Whitelisted) ====================

==================== Shortcuts & WMI ========================

(The entries could be listed to be restored or removed.)

ShortcutWithArgument: C:\Users\baile\Desktop\Hulu.lnk -> C:\Program Files (x86)\Google\Chrome\Application\chrome_proxy.exe (Google LLC) -> --profile-directory=Default --app-id=epffkfffophpagfbbklffindaiconkmc
ShortcutWithArgument: C:\Users\baile\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Hulu.lnk -> C:\Program Files (x86)\Google\Chrome\Application\chrome_proxy.exe (Google LLC) -> --profile-directory=Default --app-id=epffkfffophpagfbbklffindaiconkmc

==================== Loaded Modules (Whitelisted) =============

==================== Alternate Data Streams (Whitelisted) ========

==================== Safe Mode (Whitelisted) ==================

==================== Association (Whitelisted) =================

==================== Internet Explorer (Whitelisted) ==========

HKU\S-1-5-21-260720292-2504253849-2348319339-1001\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://lenovo17win10.msn.com/?pc=LCTE
HKU\S-1-5-21-260720292-2504253849-2348319339-1001\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://lenovo17win10.msn.com/?pc=LCTE
HKU\S-1-5-21-260720292-2504253849-2348319339-1001\Software\Microsoft\Internet Explorer\Main,Secondary Start Pages = hxxp://mystart.lenovo.com/
BHO: Skype for Business Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX64\Microsoft Office\Office15\OCHelper.dll [2021-03-17] (Microsoft Corporation -> Microsoft Corporation)
BHO: Microsoft SkyDrive Pro Browser Helper -> {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} -> C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX64\Microsoft Office\Office15\GROOVEEX.DLL [2021-10-19] (Microsoft Corporation -> Microsoft Corporation)
Handler-x32: osf - {D924BDC6-C83A-4BD5-90D0-095128A113D1} - C:\Program Files\Microsoft Office 15\root\Office15\MSOSB.DLL [2017-12-20] (Microsoft Corporation -> Microsoft Corporation)

==================== Hosts content: =========================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2017-03-18 15:03 - 2019-07-11 01:06 - 000000830 _____ C:\WINDOWS\system32\drivers\etc\hosts

2018-08-20 13:44 - 2021-04-03 23:13 - 000000443 _____ C:\WINDOWS\system32\drivers\etc\hosts.ics

==================== Other Areas ===========================

(Currently there is no automatic fix for this section.)

HKU\S-1-5-21-260720292-2504253849-2348319339-1001\Control Panel\Desktop\\Wallpaper -> C:\Users\baile\Pictures\Saved Pictures\1 My Kids and Family\Brady and Ricki\2_devils lake j (8).jpg
DNS Servers: 192.168.1.1
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1)
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer => (SmartScreenEnabled: )
Windows Firewall is enabled.

==================== MSCONFIG/TASK MANAGER disabled items ==

(If an entry is included in the fixlist, it will be removed.)

MSCONFIG\Services: EasyAntiCheat => 3
MSCONFIG\Services: WTabletServiceISD => 2
MSCONFIG\Services: WTabletServicePro => 2
HKLM\...\StartupApproved\Run: => "Logitech Download Assistant"
HKLM\...\StartupApproved\Run: => "iTunesHelper"
HKLM\...\StartupApproved\Run32: => "Adobe Creative Cloud"
HKLM\...\StartupApproved\Run32: => "Fitbit Connect"
HKLM\...\StartupApproved\Run32: => "Polarr"
HKU\S-1-5-21-260720292-2504253849-2348319339-1001\...\StartupApproved\StartupFolder: => "Facebook Gameroom.lnk"
HKU\S-1-5-21-260720292-2504253849-2348319339-1001\...\StartupApproved\Run: => "OneDrive"
HKU\S-1-5-21-260720292-2504253849-2348319339-1001\...\StartupApproved\Run: => "iCloudServices"
HKU\S-1-5-21-260720292-2504253849-2348319339-1001\...\StartupApproved\Run: => "iCloudDrive"
HKU\S-1-5-21-260720292-2504253849-2348319339-1001\...\StartupApproved\Run: => "Fitbit Connect"
HKU\S-1-5-21-260720292-2504253849-2348319339-1001\...\StartupApproved\Run: => "Steam"
HKU\S-1-5-21-260720292-2504253849-2348319339-1001\...\StartupApproved\Run: => "EpicGamesLauncher"

==================== FirewallRules (Whitelisted) ================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

FirewallRules: [{57382B5D-78B2-4D71-A607-7BC55AB1DC39}] => (Allow) C:\ProgramData\Logishrd\LogiOptions\Software\Current\LogiOptionsMgr.EXE (Logitech Inc -> Logitech, Inc.)
FirewallRules: [{AF222F92-229C-422A-A80F-64C3E7F87B52}] => (Allow) C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.173.517.0_x86__zpdnekdrzrea0\Spotify.exe (Spotify AB -> Spotify Ltd)
FirewallRules: [{B247D1C0-8D69-4620-9530-BBE6EC14CA12}] => (Allow) C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.173.517.0_x86__zpdnekdrzrea0\Spotify.exe (Spotify AB -> Spotify Ltd)
FirewallRules: [{5031472B-E669-4227-A608-1A0D4EFCBDF0}] => (Allow) C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.173.517.0_x86__zpdnekdrzrea0\Spotify.exe (Spotify AB -> Spotify Ltd)
FirewallRules: [{87186114-5705-4BB8-9F4D-22A0BDE5453E}] => (Allow) C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.173.517.0_x86__zpdnekdrzrea0\Spotify.exe (Spotify AB -> Spotify Ltd)
FirewallRules: [{A904CBDE-DB1A-4FDC-B194-16FE6E6785F0}] => (Allow) C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.173.517.0_x86__zpdnekdrzrea0\Spotify.exe (Spotify AB -> Spotify Ltd)
FirewallRules: [{22117095-6DD3-4BCD-A7A5-5B915E0F5875}] => (Allow) C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.173.517.0_x86__zpdnekdrzrea0\Spotify.exe (Spotify AB -> Spotify Ltd)
FirewallRules: [{BAD8CBE0-42DE-4048-A44E-75645C494D20}] => (Allow) C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.173.517.0_x86__zpdnekdrzrea0\Spotify.exe (Spotify AB -> Spotify Ltd)
FirewallRules: [{C8397B83-63B2-454C-A613-5C9FC72F3C3C}] => (Allow) C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.173.517.0_x86__zpdnekdrzrea0\Spotify.exe (Spotify AB -> Spotify Ltd)
FirewallRules: [{295D0A1D-BF67-4485-8A2C-696C625C6FD5}] => (Allow) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google LLC -> Google LLC)
FirewallRules: [{F9164E6F-39EE-4E35-81D9-067E432681A2}] => (Allow) C:\Program Files\WindowsApps\Microsoft.SkypeApp_15.78.159.0_x86__kzf8qxf38zg5c\Skype\Skype.exe (Skype Software Sarl -> Skype Technologies S.A.)
FirewallRules: [{B01CC7BF-461C-4973-A65D-0DD1B8E89769}] => (Allow) C:\Program Files\WindowsApps\Microsoft.SkypeApp_15.78.159.0_x86__kzf8qxf38zg5c\Skype\Skype.exe (Skype Software Sarl -> Skype Technologies S.A.)
FirewallRules: [{109682B1-CB8C-4DC1-AA4F-97C5920A01F5}] => (Allow) C:\Program Files\WindowsApps\Microsoft.SkypeApp_15.78.159.0_x86__kzf8qxf38zg5c\Skype\Skype.exe (Skype Software Sarl -> Skype Technologies S.A.)
FirewallRules: [{E24BEBF0-7961-4468-8B36-B43B30E892DA}] => (Allow) C:\Program Files\WindowsApps\Microsoft.SkypeApp_15.78.159.0_x86__kzf8qxf38zg5c\Skype\Skype.exe (Skype Software Sarl -> Skype Technologies S.A.)
FirewallRules: [{5A2E9522-BC99-433F-AE07-12284CC5496A}] => (Allow) C:\Users\baile\Downloads\iTunes.exe (Apple Inc. -> Apple Inc.)
FirewallRules: [{E063C019-70C6-42D0-BE28-D7378F0FB7B2}] => (Allow) C:\Users\baile\New folder\bin\cef\cef.win7x64\steamwebhelper.exe (Valve -> Valve Corporation)
FirewallRules: [{4765E7B2-E045-474A-99DF-C6F971C7A6CC}] => (Allow) C:\Users\baile\New folder\bin\cef\cef.win7x64\steamwebhelper.exe (Valve -> Valve Corporation)
FirewallRules: [{6BF03055-F70E-4244-BA2F-FDDEDF019799}] => (Allow) C:\Users\baile\AppData\Roaming\Zoom\bin\Zoom.exe (Zoom Video Communications, Inc. -> Zoom Video Communications, Inc.)
FirewallRules: [{1C84C52E-82C6-4AC8-8B61-CFEEDFDD7ECA}] => (Allow) C:\Users\baile\New folder\steamapps\common\Rebel Forces\RebelForces.exe () [File not signed]
FirewallRules: [{CCCC2654-EEB2-49C0-9DE2-FA07E08758E9}] => (Allow) C:\Users\baile\New folder\steamapps\common\Rebel Forces\RebelForces.exe () [File not signed]
FirewallRules: [{AB9F7C8B-357B-4AA5-8551-8FC526F6C262}] => (Allow) C:\Users\baile\New folder\Steam.exe (Valve -> Valve Corporation)
FirewallRules: [{E54CB9F1-20C0-41D4-8AFC-40C587F5A399}] => (Allow) C:\Users\baile\New folder\Steam.exe (Valve -> Valve Corporation)
FirewallRules: [{DB029122-856A-4900-896E-B5F828836049}] => (Allow) C:\Program Files (x86)\Bonjour\mDNSResponder.exe (Apple Inc. -> Apple Inc.)
FirewallRules: [{6733E1F9-EA29-4E45-9CFA-FD25A297EAB6}] => (Allow) C:\Program Files (x86)\Bonjour\mDNSResponder.exe (Apple Inc. -> Apple Inc.)
FirewallRules: [{0FD7C4B0-A458-45A0-A28F-74DD83578761}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe (Apple Inc. -> Apple Inc.)
FirewallRules: [{205AC0AE-3A23-4EFF-9D8D-1407C7350A9B}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe (Apple Inc. -> Apple Inc.)
FirewallRules: [{BB9E4FCE-C6D4-4D79-A5B5-6596087E3486}] => (Allow) C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc. -> Apple Inc.)
FirewallRules: [{F110E177-1997-42B6-AB07-24234331214B}] => (Allow) C:\Program Files\Microsoft Office 15\root\Office15\outlook.exe (Microsoft Corporation -> Microsoft Corporation)
FirewallRules: [TCP Query User{131D7F90-ACA0-4069-96D0-1F3A00E14292}C:\users\baile\appdata\local\microsoft\skypeforbusinessplugin\16.2.0.511\pluginhost.exe] => (Allow) C:\users\baile\appdata\local\microsoft\skypeforbusinessplugin\16.2.0.511\pluginhost.exe (Microsoft Corporation -> Microsoft Corporation)
FirewallRules: [UDP Query User{FB915863-E8D0-430A-BAF4-DFE4634B338A}C:\users\baile\appdata\local\microsoft\skypeforbusinessplugin\16.2.0.511\pluginhost.exe] => (Allow) C:\users\baile\appdata\local\microsoft\skypeforbusinessplugin\16.2.0.511\pluginhost.exe (Microsoft Corporation -> Microsoft Corporation)

==================== Restore Points =========================

ATTENTION: System Restore is disabled (Total:212.23 GB) (Free:67.3 GB) (32%)

==================== Faulty Device Manager Devices ============

==================== Event log errors: ========================

Application errors:
==================
Error: (12/06/2021 12:00:07 PM) (Source: Microsoft-Windows-Perflib) (EventID: 1023) (User: YOGA720-15IKB)
Description: Windows cannot load the extensible counter DLL "C:\WINDOWS\system32\sysmain.dll" (Win32 error code 126).

Error: (12/06/2021 12:00:07 PM) (Source: Microsoft-Windows-PerfNet) (EventID: 2004) (User: YOGA720-15IKB)
Description: Unable to open the Server service performance object. The first four bytes (DWORD) of the Data section contains the status code.

Error: (12/06/2021 11:38:09 AM) (Source: MSDTC Client 2) (EventID: 4104) (User: )
Description: Failed trying to get the state of the cluster node: .The error code returned: 0x8007085A

Error: (12/06/2021 11:38:08 AM) (Source: MSDTC Client 2) (EventID: 4104) (User: )
Description: Failed trying to get the state of the cluster node: .The error code returned: 0x8007085A

Error: (12/06/2021 11:38:08 AM) (Source: MSDTC 2) (EventID: 4104) (User: )
Description: Failed trying to get the state of the cluster node: .The error code returned: 0x8007085A

Error: (12/06/2021 11:38:08 AM) (Source: MSDTC Client 2) (EventID: 4104) (User: )
Description: Failed trying to get the state of the cluster node: .The error code returned: 0x8007085A

Error: (12/06/2021 11:35:10 AM) (Source: Microsoft-Windows-CAPI2) (EventID: 257) (User: )
Description: The Cryptographic Services service failed to initialize the Catalog Database. The ESENT error was: -1409.

System errors:
=============
Error: (12/06/2021 12:39:44 PM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: The System Interface Foundation Service service terminated unexpectedly. It has done this 1 time(s).

Error: (12/06/2021 11:37:43 AM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The iaStorAfsService service failed to start due to the following error:
The service did not respond to the start or control request in a timely fashion.

Error: (12/06/2021 11:37:43 AM) (Source: Service Control Manager) (EventID: 7009) (User: )
Description: A timeout was reached (45000 milliseconds) while waiting for the iaStorAfsService service to connect.

Error: (12/06/2021 11:35:33 AM) (Source: Service Control Manager) (EventID: 7030) (User: )
Description: The Printer Extensions and Notifications service is marked as an interactive service. However, the system is configured to not allow interactive services. This service may not function properly.

Error: (12/06/2021 11:35:15 AM) (Source: Microsoft-Windows-NDIS) (EventID: 10317) (User: NT AUTHORITY)
Description: Miniport TAP-Windows Adapter V9, {2b64121d-76fa-4b23-a3ac-33b8ca4df9ed}, had event 76

Error: (12/06/2021 11:35:09 AM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The iaStorAfsService service failed to start due to the following error:
The service did not respond to the start or control request in a timely fashion.

Error: (12/06/2021 11:35:09 AM) (Source: Service Control Manager) (EventID: 7009) (User: )
Description: A timeout was reached (45000 milliseconds) while waiting for the iaStorAfsService service to connect.

Error: (12/06/2021 11:34:24 AM) (Source: Service Control Manager) (EventID: 7023) (User: )
Description: The netprofm service terminated with the following error:
The device is not ready.

==================== Memory info ===========================

BIOS: LENOVO 4MCN33WW(V2.05) 07/19/2018
Motherboard: LENOVO LNVNB161216
Processor: Intel(R) Core(TM) i7-7700HQ CPU @ 2.80GHz
Percentage of memory in use: 63%
Total physical RAM: 8050.39 MB
Available physical RAM: 2962.99 MB
Total Virtual: 11122.39 MB
Available Virtual: 6180.21 MB

==================== Drives ================================

Drive c: (Windows) (Fixed) (Total:212.23 GB) (Free:67.3 GB) NTFS
Drive d: (LENOVO) (Fixed) (Total:25 GB) (Free:12.17 GB) NTFS

\\?\Volume{f502dc90-57ed-4a7b-a2e2-fa55f122b281}\ (WINRE_DRV) (Fixed) (Total:0.98 GB) (Free:0.44 GB) NTFS
\\?\Volume{d43090cd-ee40-4e84-a945-39394c9839b4}\ (SYSTEM_DRV) (Fixed) (Total:0.25 GB) (Free:0.22 GB) FAT32

==================== MBR & Partition Table ====================

==========================================================
Disk: 0 (Size: 238.5 GB) (Disk ID: A3FF1E49)

Partition: GPT.

==================== End of Addition.txt =======================
 
#42 ·
Hi.

It seems that you have now the version 21H2 which is the latest one.

I took a quick look in the logs but I will be able to check them more carefully tomorrow, since now it's late here.

Something to remind you of: please, do not download/install anything during this procedure. McAfee remnants were not there in your previous logs.

Also, I can see supportaccount again.

I will be back to you tomorrow.
 
Save
Like Like
Discussion starter · #43 ·
Interesting. I have not downloaded anything since we started this procedure.
Another question I see that Foxfire was included in the report. I don't use Foxfire. Should it be removed? Thank you for all your help! Appreciate it greatly!
 
#44 ·
Hi, sportsmom.

I didn't forget you. I just have so much work these days, I don't find the time to review your logs.

Since the computer is clean, you can continue using it, but please, if it's not necessary do not download/install anything.

I will be back to you during the weekend.

I appreciate your patience and I send my apologies... :(
 
Discussion starter · #45 ·
Thank you. I appreciate your help. No worries. It is working better so I will wait until you have time!
 
Discussion starter · #46 ·
Interesting Periodically the background of my screen goes black. What ever is in front that I am working on stays as it should. That is new since we started. It just seems to last a second or 2.
 
#47 ·
Hi, sportsmom!

I'm back for the weekend and I hope you are there too. :)

Since several days have passed since the last FRST scan, let's see fresh logs.
  • Double-click on the FRST icon to run it, as you did before. When the tool opens click Yes to disclaimer.
  • Press Scan button and wait for a while.
  • The scanner will produced two logs on your Desktop: FRST.txt and Addition.txt.
  • Please attach the content of these two logs in your next reply.
(To attach the files, click on the More Reply Options at the bottom right of the reply area, and then choose Attach File)
 
Save
Like Like
Discussion starter · #48 ·
Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 11-12-2021
Ran by bailey (administrator) on YOGA720-15IKB (LENOVO 80X7) (12-12-2021 01:04:54)
Running from C:\Users\baile\Desktop
Loaded Profiles: bailey
Platform: Microsoft Windows 10 Home Version 21H2 19044.1348 (X64) Language: English (United States)
Default browser: Chrome
Boot Mode: Normal

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(Adobe Inc. -> Adobe Systems, Incorporated) C:\Program Files (x86)\Common Files\Adobe\AdobeGCClient\AGMService.exe
(Adobe Inc. -> Adobe Systems, Incorporated) C:\Program Files (x86)\Common Files\Adobe\AdobeGCClient\AGSService.exe
(Apple Inc. -> Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(Apple Inc. -> Apple Inc.) C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(Dolby Laboratories, Inc. -> ) C:\Program Files\Dolby\Dolby DAX3\API\DAX3API.exe
(Express Vpn LLC -> ExpressVPN) C:\Program Files (x86)\ExpressVPN\bootstrap\amd64\nssm.exe
(Express Vpn LLC -> ExpressVPN) C:\Program Files (x86)\ExpressVPN\expressvpnd\expressvpnd.exe
(Google LLC -> Google LLC) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe <12>
(Google LLC -> Google LLC) C:\Program Files (x86)\Google\Update\1.3.36.112\GoogleCrashHandler.exe
(Google LLC -> Google LLC) C:\Program Files (x86)\Google\Update\1.3.36.112\GoogleCrashHandler64.exe
(HP Inc. -> HP Inc.) C:\Program Files\HPPrintScanDoctor\HPPrintScanDoctorService.exe
(Intel Corporation -> Intel Corporation) C:\Windows\System32\Intel\DPTF\esif_uf.exe
(Intel Corporation -> Intel Corporation) C:\Windows\Temp\DPTF\esif_assist_64.exe
(Intel(R) pGFX -> Intel Corporation) C:\Windows\System32\DriverStore\FileRepository\igdlh64.inf_amd64_3d757484a892eacf\igfxCUIService.exe
(Intel(R) pGFX -> Intel Corporation) C:\Windows\System32\DriverStore\FileRepository\igdlh64.inf_amd64_3d757484a892eacf\IntelCpHDCPSvc.exe
(Intel(R) pGFX -> Intel Corporation) C:\Windows\System32\DriverStore\FileRepository\igdlh64.inf_amd64_3d757484a892eacf\IntelCpHeciSvc.exe
(Intel(R) Wireless Connectivity Solutions -> Intel Corporation) C:\Windows\System32\ibtsiva.exe
(Lenovo -> Lenovo Group Ltd.) C:\Windows\Lenovo\ImController\Service\Lenovo.Modern.ImController.exe
(Microsoft Corporation -> Microsoft Corporation) C:\Program Files\Microsoft Office 15\ClientX64\officeclicktorun.exe
(Microsoft Corporation -> Microsoft Corporation) C:\Program Files\Microsoft Office 15\root\office15\winword.exe
(Microsoft Corporation -> Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v3.0\WPF\PresentationFontCache.exe
(Microsoft Corporation) C:\Program Files\WindowsApps\Microsoft.549981C3F5F10_3.2110.13603.0_x64__8wekyb3d8bbwe\Cortana.exe
(Microsoft Corporation) C:\Program Files\WindowsApps\Microsoft.XboxGamingOverlay_5.721.12013.0_x64__8wekyb3d8bbwe\GameBar.exe
(Microsoft Corporation) C:\Program Files\WindowsApps\Microsoft.YourPhone_1.21111.123.0_x64__8wekyb3d8bbwe\YourPhoneAppProxy\YourPhoneAppProxy.exe
(Microsoft Corporation) C:\Program Files\WindowsApps\Microsoft.ZuneMusic_10.21102.11411.0_x64__8wekyb3d8bbwe\Music.UI.exe
(Microsoft Windows -> Microsoft Corporation) C:\Windows\ImmersiveControlPanel\SystemSettings.exe
(Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\dllhost.exe <2>
(Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\smartscreen.exe
(Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\wlanext.exe
(Microsoft Windows -> Microsoft Corporation) C:\Windows\SysWOW64\SearchProtocolHost.exe
(Microsoft Windows Publisher -> Microsoft Corporation) C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.2110.6-0\MsMpEng.exe
(Microsoft Windows Publisher -> Microsoft Corporation) C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.2110.6-0\NisSrv.exe
(Realtek Semiconductor Corp. -> Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RtkAudioService64.exe
(Wacom Technology Corporation -> Wacom Technology, Corp.) C:\Program Files\Tablet\ISD\ISD_Tablet.exe
(Wacom Technology Corporation -> Wacom Technology, Corp.) C:\Program Files\Tablet\ISD\WTabletServiceISD.exe

==================== Registry (Whitelisted) ===================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [AdobeAAMUpdater-1.0] => C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe [509936 2018-04-10] (Adobe Systems Incorporated -> Adobe Systems Incorporated)
HKLM\...\Run: [AdobeGCInvoker-1.0] => C:\Program Files (x86)\Common Files\Adobe\AdobeGCClient\AGCInvokerUtility.exe [3426560 2021-11-23] (Adobe Inc. -> Adobe Systems, Incorporated)
HKLM\...\Run: [RTHDVCPL] => C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [18382824 2017-08-10] (Realtek Semiconductor Corp. -> Realtek Semiconductor)
HKLM\...\Run: [RtHDVBg_Dolby] => C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe [1493992 2017-08-10] (Realtek Semiconductor Corp. -> Realtek Semiconductor)
HKLM\...\Run: [RtHDVBg_LENOVO_DOLBYDRAGON] => C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe [1493992 2017-08-10] (Realtek Semiconductor Corp. -> Realtek Semiconductor)
HKLM\...\Run: [iTunesHelper] => C:\Users\baile\Downloads\iTunesHelper.exe [340440 2021-04-16] (Apple Inc. -> Apple Inc.)
HKLM\...\Run: [LogiOptions] => C:\Program Files\Logitech\LogiOptions\LogiOptions.exe [1675680 2021-09-24] (Logitech Inc -> Logitech, Inc.)
HKLM\...\Run: [APP] => C:\Program Files\Dolby\Dolby DAX3\APP\DAX3TrayIcon.exe [999216 2017-04-28] (Dolby Laboratories, Inc. -> Dolby Laboratories, Inc.)
HKLM\...\Run: [Logitech Download Assistant] => C:\Windows\System32\LogiLDA.dll [3831808 2021-08-30] (Microsoft Windows Hardware Compatibility Publisher -> Logitech)
HKLM-x32\...\Run: [WDAppManager] => C:\Program Files (x86)\Western Digital\WD App Manager\AppManagerLauncher.exe [21888 2018-01-24] (Western Digital Technologies, Inc. -> Western Digital Technologies, Inc.)
HKLM-x32\...\Run: [Polarr] => C:\ProgramData\SquirrelMachineInstalls\Polarr.exe [73300232 2020-06-16] (Polarr, Inc. -> Polarr, Inc.) [File not signed]
HKLM-x32\...\Run: [Fitbit Connect] => C:\Users\baile\Downloads\Fitbit Connect.exe [3414184 2015-09-11] (Fitbit, Inc. -> Fitbit, Inc.) [File not signed]
HKLM-x32\...\Run: [ExpressVPNNotificationService] => C:\Program Files (x86)\ExpressVPN\expressvpn-ui\ExpressVPNNotificationServiceStarter.exe [373600 2021-01-18] (Express Vpn LLC -> ExpressVPN)
HKU\S-1-5-21-260720292-2504253849-2348319339-1001\...\Run: [Fitbit Connect] => C:\Users\baile\Downloads\Fitbit Connect.exe [3414184 2015-09-11] (Fitbit, Inc. -> Fitbit, Inc.) [File not signed]
HKU\S-1-5-21-260720292-2504253849-2348319339-1001\...\Run: [Steam] => C:\Users\baile\New folder\steam.exe [3421984 2020-12-07] (Valve -> Valve Corporation)
HKU\S-1-5-21-260720292-2504253849-2348319339-1001\...\Run: [ExpressVPN4] => C:\Program Files (x86)\ExpressVPN\expressvpn-ui\ExpressVPN.exe [850272 2021-01-18] (Express Vpn LLC -> ExpressVPN)
HKLM\...\Print\Monitors\HP 5912 Status Monitor: hpinksts5912LM.dll
HKLM\Software\Microsoft\Active Setup\Installed Components: [{8A69D345-D564-463c-AFF1-A69D9E530F96}] -> C:\Program Files (x86)\Google\Chrome\Application\96.0.4664.93\Installer\chrmstp.exe [2021-12-08] (Google LLC -> Google LLC)
Startup: C:\Users\baile\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Send to OneNote.lnk [2021-12-09]
ShortcutTarget: Send to OneNote.lnk -> C:\Program Files\Microsoft Office 15\root\office15\ONENOTEM.EXE (Microsoft Corporation -> Microsoft Corporation)

==================== Scheduled Tasks (Whitelisted) ============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

Task: {0C68E377-4230-4022-A8A5-D900B8A42B48} - System32\Tasks\Lenovo\ImController\TimeBasedEvents\9be1c45d-442d-4031-87d9-781acf873704 => C:\WINDOWS\Lenovo\ImController\Service\Lenovo.Modern.ImController.exe [83200 2021-11-07] (Lenovo -> Lenovo Group Ltd.)
Task: {0E41EACB-602F-472D-A50B-BAC99EBC6892} - System32\Tasks\AdobeAAMUpdater-1.0-MicrosoftAccount-baileyl032017@outlook.com => C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe [509936 2018-04-10] (Adobe Systems Incorporated -> Adobe Systems Incorporated)
Task: {10D771B3-2D11-4309-B81F-F345B570E2B4} - System32\Tasks\CreateExplorerShellUnelevatedTask => C:\WINDOWS\Explorer.exe /NOUACCHECK
Task: {138C7D27-E8F7-45CF-824E-5382F35FB876} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [153168 2017-12-30] (Google Inc -> Google Inc.)
Task: {1F3D31A8-1D0B-47FF-8300-4DE9302035ED} - System32\Tasks\HPPSDrTelemetryWatch => C:\Program Files (x86)\HP\Diagnostics\TelemetryWatch\PSDrTelemetryWatch.exe [32808 2020-01-14] (HP Inc. -> )
Task: {20FDF483-B4A8-4CEF-A0DD-BFD065B5ED91} - System32\Tasks\Microsoft\Windows\Windows Defender\Windows Defender Verification => C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.2110.6-0\MpCmdRun.exe [901056 2021-11-02] (Microsoft Windows Publisher -> Microsoft Corporation)
Task: {2152845E-7E73-43B0-A41C-3BAC4B4F917F} - System32\Tasks\Lenovo\ImController\Lenovo iM Controller Monitor => C:\WINDOWS\system32\ImController.InfInstaller.exe [63728 2021-11-07] (Lenovo -> Lenovo Group Ltd.)
Task: {25B126E2-E129-4B8C-A051-AE8F6C2AC12F} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [153168 2017-12-30] (Google Inc -> Google Inc.)
Task: {33C5F5B1-EBB6-4AAE-BBE9-16865B58DEA4} - System32\Tasks\Lenovo\ImController\TimeBasedEvents\21fc5194-9e46-4cab-8172-f517c74f35dc => C:\WINDOWS\Lenovo\ImController\Service\Lenovo.Modern.ImController.exe [83200 2021-11-07] (Lenovo -> Lenovo Group Ltd.)
Task: {56234CCD-D517-4D55-A10A-B3B57BCA2011} - System32\Tasks\Lenovo\ImController\TimeBasedEvents\0e123aa9-1f20-4aee-ab3e-b38f69163d6a => C:\WINDOWS\Lenovo\ImController\Service\Lenovo.Modern.ImController.exe [83200 2021-11-07] (Lenovo -> Lenovo Group Ltd.)
Task: {59866E19-5E2E-4586-9F79-52A3BD86C3B6} - System32\Tasks\Microsoft\Windows\Windows Defender\Windows Defender Cache Maintenance => C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.2110.6-0\MpCmdRun.exe [901056 2021-11-02] (Microsoft Windows Publisher -> Microsoft Corporation)
Task: {75101032-CD10-4D65-928B-35A3A80C5829} - System32\Tasks\Microsoft\Windows\Windows Defender\Windows Defender Cleanup => C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.2110.6-0\MpCmdRun.exe [901056 2021-11-02] (Microsoft Windows Publisher -> Microsoft Corporation)
Task: {8B327BA8-3DBC-4577-9BDE-54D6397032E2} - System32\Tasks\Lenovo\BatteryGauge\BatteryGaugeMaintenance => C:\ProgramData\Lenovo\ImController\Plugins\LenovoBatteryGaugePackage\x64\BGHelper.exe [145480 2021-09-09] (Lenovo -> Lenovo Group Ltd.)
Task: {8B91E542-FE4C-432F-BF64-0EC991CA49A9} - System32\Tasks\Microsoft\Windows\Windows Defender\Windows Defender Scheduled Scan => C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.2110.6-0\MpCmdRun.exe [901056 2021-11-02] (Microsoft Windows Publisher -> Microsoft Corporation)
Task: {90484D13-C697-40E3-9114-7AF344EA07BB} - System32\Tasks\AdobeGCInvoker-1.0 => C:\Program Files (x86)\Common Files\Adobe\AdobeGCClient\AGCInvokerUtility.exe [3426560 2021-11-23] (Adobe Inc. -> Adobe Systems, Incorporated)
Task: {A9273BAF-7D29-4FA6-8AD5-DB9A00224729} - System32\Tasks\Microsoft\Office\Office ClickToRun Service Monitor => C:\Program Files\Microsoft Office 15\ClientX64\OfficeC2RClient.exe [972184 2021-03-17] (Microsoft Corporation -> Microsoft Corporation)
Task: {ABD1E5B4-ABB5-4E88-8C51-D1C1A5D0C00E} - System32\Tasks\Lenovo\ImController\Lenovo iM Controller Scheduled Maintenance => "%windir%\system32\sc.exe" START ImControllerService
Task: {D5900B3D-7367-4F08-BCB6-84F1B06493F7} - System32\Tasks\Lenovo\ImController\TimeBasedEvents\d521a18c-cc28-42c4-9391-dd3860052e99 => C:\WINDOWS\Lenovo\ImController\Service\Lenovo.Modern.ImController.exe [83200 2021-11-07] (Lenovo -> Lenovo Group Ltd.)
Task: {D7E912F0-CD6F-456B-A47A-42DCED783974} - System32\Tasks\AdobeAAMUpdater-1.0-YOGA720-15IKB-bailey => C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe [509936 2018-04-10] (Adobe Systems Incorporated -> Adobe Systems Incorporated)
Task: {DB6254B9-EAC9-467E-B6C6-E63CDDC7C705} - System32\Tasks\Lenovo\ImController\Plugins\LenovoSystemUpdatePlugin_WeeklyTask => %windir%\System32\reg.exe add hklm\SOFTWARE\Lenovo\SystemUpdatePlugin\scheduler /v start /t reg_dword /d 1 /f /reg:32
Task: {E631038B-2CFE-4CA4-9F1F-8732D0DFB9A8} - System32\Tasks\Apple\AppleSoftwareUpdate => C:\Program Files (x86)\Apple Software Update\SoftwareUpdate.exe [616832 2019-09-04] (Apple Inc. -> Apple Inc.)
Task: {E6682B64-5E82-4A95-BE86-C9DB69ADC2E0} - System32\Tasks\Lenovo\ImController\TimeBasedEvents\2207ba55-1cd0-4395-91a0-482a8397b941 => C:\WINDOWS\Lenovo\ImController\Service\Lenovo.Modern.ImController.exe [83200 2021-11-07] (Lenovo -> Lenovo Group Ltd.)
Task: {EC6B61A4-0F42-49F5-83DA-B1C2D337B005} - System32\Tasks\Microsoft\Office\Office Automatic Updates => C:\Program Files\Microsoft Office 15\ClientX64\OfficeC2RClient.exe [972184 2021-03-17] (Microsoft Corporation -> Microsoft Corporation)
Task: {EE3668F8-BBB2-4DDE-9358-770A17D5080C} - System32\Tasks\Apple Diagnostics => C:\Users\baile\AppData\Local\Microsoft\WindowsApps\eReporter-AppX.exe [0 2021-12-07] () [simlink -> ]

(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

Tcpip\Parameters: [DhcpNameServer] 192.168.1.1
Tcpip\..\Interfaces\{22bdf8f0-d55e-4cab-bdff-f39f79a367ff}: [NameServer] 10.186.0.1
Tcpip\..\Interfaces\{3c4a9f21-8085-4361-98eb-ab3060e81302}: [DhcpNameServer] 192.168.1.1

Edge:
=======
DownloadDir: C:\Users\baile\Downloads
Edge Notifications: HKU\S-1-5-21-260720292-2504253849-2348319339-1001 -> hxxps://gundersenhealthengage.mrcommunities.com
Edge DefaultProfile: Default
Edge Profile: C:\Users\baile\AppData\Local\Microsoft\Edge\User Data\Default [2021-12-11]
Edge HomePage: Default -> hxxp://www.google.com/
Edge StartupUrls: Default -> "hxxp://www.google.com/"
Edge Extension: (Honey) - C:\Users\baile\AppData\Local\Microsoft\Edge\User Data\Default\Extensions\amnbcmdbanbkjhnfoeceemmmdiepnbpp [2021-12-04]
Edge Extension: (LastPass: Free Password Manager) - C:\Users\baile\AppData\Local\Microsoft\Edge\User Data\Default\Extensions\bbcinlkgjjkejfdpemiealijmmooekmp [2021-12-04]
Edge Extension: (Grammarly for Microsoft Edge) - C:\Users\baile\AppData\Local\Microsoft\Edge\User Data\Default\Extensions\cnlefmmeadmemmdciolhbnfeacpdfbkd [2021-12-10]
Edge Extension: (Fancy & Cool Text Generator) - C:\Users\baile\AppData\Local\Microsoft\Edge\User Data\Default\Extensions\fafnphaopehepcmfnakggljonnhkofpk [2021-12-04]
Edge Extension: (Rakuten: Get Cash Back For Shopping) - C:\Users\baile\AppData\Local\Microsoft\Edge\User Data\Default\Extensions\gmmlpenookphoknnpfilofakghemolmg [2021-12-04]
Edge HKLM-x32\...\Edge\Extension: [ihcjicgdanjaechkgeegckofjjedodee]

FireFox:
========
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\Program Files\Microsoft Office 15\root\Office15\NPSPWRAP.DLL [2017-12-20] (Microsoft Corporation -> Microsoft Corporation)
FF Plugin-x32: @parallelgraphics.com/Cortona -> C:\Program Files (x86)\Common Files\ParallelGraphics\Cortona\npcortona.dll [2019-09-12] (Parallel Graphics Limited -> ParallelGraphics)
FF Plugin HKU\S-1-5-21-260720292-2504253849-2348319339-1001: @rocketlife.com/RocketLife Secure Plug-In Layer;version=1.0.5 -> C:\Users\baile\AppData\Roaming\Visan\plugins\npRLSecurePluginLayer.dll [2011-11-15] (RocketLife -> RocketLife, LLP)
FF Plugin HKU\S-1-5-21-260720292-2504253849-2348319339-1001: SkypeForBusinessPlugin-16.2 -> C:\Users\baile\AppData\Local\Microsoft\SkypeForBusinessPlugin\16.2.0.511\npGatewayNpapi.dll [2019-08-03] (Microsoft Corporation -> Microsoft Corporation)
FF Plugin HKU\S-1-5-21-260720292-2504253849-2348319339-1001: SkypeForBusinessPlugin64-16.2 -> C:\Users\baile\AppData\Local\Microsoft\SkypeForBusinessPlugin\16.2.0.511\npGatewayNpapi-x64.dll [2019-08-03] (Microsoft Corporation -> Microsoft Corporation)

Chrome:
=======
CHR DefaultProfile: Default
CHR Profile: C:\Users\baile\AppData\Local\Google\Chrome\User Data\Default [2021-12-12]
CHR Notifications: Default -> hxxps://typiccor.com; hxxps://www.facebook.com; hxxps://www.youtube.com
CHR HomePage: Default -> file:///C:/Users/Owner/Documents/Medical
CHR StartupUrls: Default -> "hxxp://google.com/"
CHR Extension: (Slides) - C:\Users\baile\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2017-12-30]
CHR Extension: (Docs) - C:\Users\baile\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2017-12-30]
CHR Extension: (Google Drive) - C:\Users\baile\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2020-10-20]
CHR Extension: (YouTube) - C:\Users\baile\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2017-12-30]
CHR Extension: (Honey) - C:\Users\baile\AppData\Local\Google\Chrome\User Data\Default\Extensions\bmnlcjabgnpnenekpadlanbbkooimhnj [2021-11-19]
CHR Extension: (Rakuten: Get Cash Back For Shopping) - C:\Users\baile\AppData\Local\Google\Chrome\User Data\Default\Extensions\chhjbpecpncaggjpdakmflnfcopglcmi [2021-11-18]
CHR Extension: (Netflix) - C:\Users\baile\AppData\Local\Google\Chrome\User Data\Default\Extensions\deceagebecbceejblnlcjooeohmmeldh [2017-12-30]
CHR Extension: (Sheets) - C:\Users\baile\AppData\Local\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2017-12-30]
CHR Extension: (Google Docs Offline) - C:\Users\baile\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2021-11-30]
CHR Extension: (LastPass: Free Password Manager) - C:\Users\baile\AppData\Local\Google\Chrome\User Data\Default\Extensions\hdokiejnpimakedhajhdlcegeplioahd [2021-11-25]
CHR Extension: (Malwarebytes Browser Guard) - C:\Users\baile\AppData\Local\Google\Chrome\User Data\Default\Extensions\ihcjicgdanjaechkgeegckofjjedodee [2021-11-24]
CHR Extension: (Grammarly for Chrome) - C:\Users\baile\AppData\Local\Google\Chrome\User Data\Default\Extensions\kbfnbcaeplbcioakkpcpgfkobkghlhen [2021-12-05]
CHR Extension: (Capital One Shopping: Add to Chrome for Free) - C:\Users\baile\AppData\Local\Google\Chrome\User Data\Default\Extensions\nenlahapcbofgnanklpelkaejcehkggg [2021-12-07]
CHR Extension: (Chrome Web Store Payments) - C:\Users\baile\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2021-01-28]
CHR Extension: (Gmail) - C:\Users\baile\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2020-10-22]
CHR Profile: C:\Users\baile\AppData\Local\Google\Chrome\User Data\Guest Profile [2020-08-15]
CHR Profile: C:\Users\baile\AppData\Local\Google\Chrome\User Data\System Profile [2020-08-15]
CHR HKLM-x32\...\Chrome\Extension: [ihcjicgdanjaechkgeegckofjjedodee]

==================== Services (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R2 AGMService; C:\Program Files (x86)\Common Files\Adobe\AdobeGCClient\AGMService.exe [3849472 2021-11-23] (Adobe Inc. -> Adobe Systems, Incorporated)
R2 AGSService; C:\Program Files (x86)\Common Files\Adobe\AdobeGCClient\AGSService.exe [3617024 2021-11-23] (Adobe Inc. -> Adobe Systems, Incorporated)
R2 Apple Mobile Device Service; C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe [99104 2021-03-16] (Apple Inc. -> Apple Inc.)
S3 BEService; C:\Program Files (x86)\Common Files\BattlEye\BEService.exe [8473200 2019-06-09] (BattlEye Innovations e.K. -> )
R2 ClickToRunSvc; C:\Program Files\Microsoft Office 15\ClientX64\OfficeClickToRun.exe [3052952 2021-03-17] (Microsoft Corporation -> Microsoft Corporation)
R2 Dolby DAX API Service; C:\Program Files\Dolby\Dolby DAX3\API\DAX3API.exe [212784 2017-04-28] (Dolby Laboratories, Inc. -> )
S3 EasyAntiCheat; C:\Program Files (x86)\EasyAntiCheat\EasyAntiCheat.exe [803440 2019-06-09] (EasyAntiCheat Oy -> EasyAntiCheat Ltd)
R2 ExpressVPNService; C:\Program Files (x86)\ExpressVPN\bootstrap\amd64\nssm.exe [437088 2021-01-18] (Express Vpn LLC -> ExpressVPN)
R2 HPPrintScanDoctorService; C:\Program Files\HPPrintScanDoctor\HPPrintScanDoctorService.exe [299680 2021-11-01] (HP Inc. -> HP Inc.)
R2 ImControllerService; C:\WINDOWS\Lenovo\ImController\Service\Lenovo.Modern.ImController.exe [83200 2021-11-07] (Lenovo -> Lenovo Group Ltd.)
S3 MBAMService; C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe [7848632 2021-11-07] (Malwarebytes Inc -> Malwarebytes)
S3 WD Backup Drive Helper; C:\WINDOWS\SysWOW64\dllhost.exe /Processid:{4AB831D3-8315-414C-8A7A-303105288D0B} [19256 2021-10-06] (Microsoft Windows -> Microsoft Corporation)
S3 WD Backup Snapshot; C:\WINDOWS\SysWOW64\dllhost.exe /Processid:{302480DF-3AC5-4400-BE7B-DD77AF93B6DD} [19256 2021-10-06] (Microsoft Windows -> Microsoft Corporation)
R3 WdNisSvc; C:\ProgramData\Microsoft\Windows Defender\platform\4.18.2110.6-0\NisSrv.exe [2872024 2021-11-02] (Microsoft Windows Publisher -> Microsoft Corporation)
R2 WinDefend; C:\ProgramData\Microsoft\Windows Defender\platform\4.18.2110.6-0\MsMpEng.exe [128376 2021-11-02] (Microsoft Windows Publisher -> Microsoft Corporation)

===================== Drivers (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

S3 aftap0901; C:\WINDOWS\System32\drivers\aftap0901.sys [48624 2018-03-06] (AnchorFree Inc -> The OpenVPN Project)
S3 expressvpnsplittunnel; C:\Program Files (x86)\ExpressVPN\splittunnel\expressvpnsplittunnel.sys [37024 2021-01-18] (ExprsVPN LLC -> ExpressVPN)
R3 expressvpnwintun; C:\WINDOWS\System32\drivers\expressvpn-wintun.sys [46824 2021-01-18] (Express VPN International Ltd. -> ExpressVPN)
R2 MBAMChameleon; C:\WINDOWS\System32\Drivers\MbamChameleon.sys [210352 2021-12-01] (Microsoft Windows Hardware Compatibility Publisher -> Malwarebytes)
S0 MbamElam; C:\WINDOWS\System32\DRIVERS\MbamElam.sys [19912 2020-12-27] (Microsoft Windows Early Launch Anti-malware Publisher -> Malwarebytes)
S3 MBAMSwissArmy; C:\WINDOWS\System32\Drivers\mbamswissarmy.sys [248992 2021-11-07] (Malwarebytes Inc -> Malwarebytes)
S3 Netaapl; C:\WINDOWS\System32\drivers\netaapl64.sys [23040 2017-11-27] (Microsoft Windows Hardware Compatibility Publisher -> Apple Inc.)
R3 tap0901; C:\WINDOWS\System32\drivers\tap0901.sys [39040 2018-08-15] (GZ Systems Limited -> The OpenVPN Project)
R3 tapexpressvpn; C:\WINDOWS\System32\drivers\tapexpressvpn.sys [52904 2021-01-18] (ExprsVPN LLC -> The OpenVPN Project)
S3 USBAAPL64; C:\WINDOWS\System32\Drivers\usbaapl64.sys [54784 2017-11-27] (Microsoft Windows Hardware Compatibility Publisher -> Apple, Inc.)
R3 WacHidRouterISD; C:\WINDOWS\system32\DRIVERS\wachidrouter_isd.sys [142424 2017-05-24] (Wacom Technology Corporation -> Wacom Technology, Corp.)
S0 WdBoot; C:\WINDOWS\System32\drivers\wd\WdBoot.sys [48520 2021-11-02] (Microsoft Windows Early Launch Anti-malware Publisher -> Microsoft Corporation)
S3 WDC_SAM; C:\WINDOWS\System32\drivers\wdcsam64.sys [26880 2015-11-12] (WDKTestCert wdclab,130885612892544312 -> Western Digital Technologies, Inc.)
R0 WdFilter; C:\WINDOWS\System32\drivers\wd\WdFilter.sys [435424 2021-11-02] (Microsoft Windows -> Microsoft Corporation)
R3 WdNisDrv; C:\WINDOWS\System32\drivers\wd\WdNisDrv.sys [86240 2021-11-02] (Microsoft Windows -> Microsoft Corporation)

==================== NetSvcs (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

==================== One month (created) (Whitelisted) =========

(If an entry is included in the fixlist, the file/folder will be moved.)

2021-12-11 23:14 - 2021-12-11 23:14 - 000000000 ____D C:\Users\baile\Documents\My Media
2021-12-11 00:13 - 2021-12-11 00:13 - 000003386 _____ C:\WINDOWS\system32\Tasks\MicrosoftEdgeUpdateTaskMachineCore1d7eac7dfec1a48
2021-12-10 22:03 - 2021-12-10 22:03 - 000000000 ____D C:\Users\baile\Documents\New folder
2021-12-07 09:55 - 2021-12-07 09:55 - 000000000 ____D C:\Users\baile\AppData\Local\TempTaskUpdateDetection571071D5-D41E-4820-80EE-1A7417AC8614
2021-12-06 13:33 - 2021-12-06 11:41 - 000000000 ____D C:\Windows.old
2021-12-06 12:45 - 2021-12-06 12:46 - 000030189 _____ C:\Users\baile\Desktop\Addition.txt
2021-12-06 12:43 - 2021-12-12 01:05 - 000024495 _____ C:\Users\baile\Desktop\FRST.txt
2021-12-06 12:40 - 2021-12-12 01:04 - 000000000 ____D C:\Users\baile\Desktop\FRST-OlderVersion
2021-12-06 11:47 - 2021-12-06 12:43 - 000000000 ____D C:\WINDOWS\system32\Tasks\Lenovo
2021-12-06 11:44 - 2021-12-11 21:16 - 000840598 _____ C:\WINDOWS\system32\PerfStringBackup.INI
2021-12-06 11:43 - 2021-12-06 11:43 - 000000000 ____D C:\Users\baile\AppData\Local\Lenovo
2021-12-06 11:43 - 2021-12-06 11:43 - 000000000 ____D C:\ProgramData\Microsoft OneDrive
2021-12-06 11:41 - 2021-12-11 21:09 - 000000006 ____H C:\WINDOWS\Tasks\SA.DAT
2021-12-06 11:41 - 2021-12-11 19:53 - 000004164 _____ C:\WINDOWS\system32\Tasks\User_Feed_Synchronization-{B393C7FE-B95B-48A2-8819-C5B1623E23B2}
2021-12-06 11:41 - 2021-12-11 00:13 - 000003480 _____ C:\WINDOWS\system32\Tasks\MicrosoftEdgeUpdateTaskMachineUA
2021-12-06 11:41 - 2021-12-10 14:45 - 000003522 _____ C:\WINDOWS\system32\Tasks\AdobeGCInvoker-1.0
2021-12-06 11:41 - 2021-12-07 09:56 - 000000000 ____D C:\WINDOWS\system32\Tasks\Intel
2021-12-06 11:41 - 2021-12-06 11:41 - 000003348 _____ C:\WINDOWS\system32\Tasks\GoogleUpdateTaskMachineUA
2021-12-06 11:41 - 2021-12-06 11:41 - 000003184 _____ C:\WINDOWS\system32\Tasks\MicrosoftEdgeUpdateTaskMachineCore
2021-12-06 11:41 - 2021-12-06 11:41 - 000003124 _____ C:\WINDOWS\system32\Tasks\GoogleUpdateTaskMachineCore
2021-12-06 11:41 - 2021-12-06 11:41 - 000002858 _____ C:\WINDOWS\system32\Tasks\OneDrive Standalone Update Task-S-1-5-21-260720292-2504253849-2348319339-1003
2021-12-06 11:41 - 2021-12-06 11:41 - 000002858 _____ C:\WINDOWS\system32\Tasks\OneDrive Standalone Update Task-S-1-5-21-260720292-2504253849-2348319339-1001
2021-12-06 11:41 - 2021-12-06 11:41 - 000002848 _____ C:\WINDOWS\system32\Tasks\HPPSDrTelemetryWatch
2021-12-06 11:41 - 2021-12-06 11:41 - 000002826 _____ C:\WINDOWS\system32\Tasks\Apple Diagnostics
2021-12-06 11:41 - 2021-12-06 11:41 - 000002814 _____ C:\WINDOWS\system32\Tasks\AdobeAAMUpdater-1.0-MicrosoftAccount-baileyl032017@outlook.com
2021-12-06 11:41 - 2021-12-06 11:41 - 000002770 _____ C:\WINDOWS\system32\Tasks\AdobeAAMUpdater-1.0-YOGA720-15IKB-bailey
2021-12-06 11:41 - 2021-12-06 11:41 - 000002768 _____ C:\WINDOWS\system32\Tasks\OneDrive Standalone Update Task v2
2021-12-06 11:41 - 2021-12-06 11:41 - 000002588 _____ C:\WINDOWS\system32\Tasks\CreateExplorerShellUnelevatedTask
2021-12-06 11:41 - 2021-12-06 11:41 - 000000020 ___SH C:\Users\baile\ntuser.ini
2021-12-06 11:41 - 2021-12-06 11:41 - 000000000 ____D C:\WINDOWS\system32\Tasks\S-1-5-21-260720292-2504253849-2348319339-1001
2021-12-06 11:41 - 2021-12-06 11:41 - 000000000 ____D C:\WINDOWS\system32\Tasks\McAfee
2021-12-06 11:41 - 2021-12-06 11:41 - 000000000 ____D C:\WINDOWS\system32\Tasks\HP
2021-12-06 11:41 - 2021-12-06 11:41 - 000000000 ____D C:\WINDOWS\system32\Tasks\Apple
2021-12-06 11:41 - 2021-12-06 11:41 - 000000000 ____D C:\WINDOWS\system32\Tasks\Agent Activation Runtime
2021-12-06 11:40 - 2021-12-06 11:41 - 000007623 _____ C:\WINDOWS\diagwrn.xml
2021-12-06 11:40 - 2021-12-06 11:41 - 000007623 _____ C:\WINDOWS\diagerr.xml
2021-12-06 11:35 - 2021-12-06 11:35 - 000001087 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Wacom Pen.lnk
2021-12-06 11:35 - 2021-12-06 11:35 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Dolby
2021-12-06 11:35 - 2021-12-06 11:35 - 000000000 ____D C:\Program Files\Dolby
2021-12-06 11:35 - 2021-12-06 11:35 - 000000000 ____D C:\Program Files\Common Files\Dolby
2021-12-06 11:35 - 2017-09-18 05:22 - 000140312 _____ (Khronos Group) C:\WINDOWS\system32\OpenCL.DLL
2021-12-06 11:35 - 2017-09-18 05:22 - 000116760 _____ (Khronos Group) C:\WINDOWS\SysWOW64\OpenCL.DLL
2021-12-06 11:34 - 2021-12-11 23:10 - 000000000 ____D C:\WINDOWS\system32\SleepStudy
2021-12-06 11:34 - 2021-12-06 11:34 - 000442704 _____ C:\WINDOWS\system32\FNTCACHE.DAT
2021-12-06 11:19 - 2021-12-06 13:33 - 000000000 ____D C:\WINDOWS\system32\config\bbimigrate
2021-12-06 11:18 - 2021-12-06 11:41 - 000000000 ____D C:\Users\baile
2021-12-06 11:18 - 2019-12-07 03:10 - 000001105 _____ C:\Users\baile\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\OneDrive.lnk
2021-12-06 11:16 - 2021-12-06 11:19 - 000000000 ____D C:\WINDOWS\ServiceProfiles
2021-12-06 11:11 - 2021-12-06 11:11 - 000272384 _____ C:\WINDOWS\system32\TpmTool.exe
2021-12-06 11:11 - 2021-12-06 11:11 - 000223744 _____ C:\WINDOWS\SysWOW64\TpmTool.exe
2021-12-06 11:11 - 2021-12-06 11:11 - 000060928 _____ C:\WINDOWS\system32\runexehelper.exe
2021-12-06 11:11 - 2021-12-06 11:11 - 000011363 _____ C:\WINDOWS\system32\DrtmAuthTxt.wim
2021-12-06 11:05 - 2019-10-15 13:53 - 000076060 _____ C:\WINDOWS\system32\xpsrchvw.xml
2021-12-06 11:05 - 2019-04-18 18:49 - 000076060 _____ C:\WINDOWS\SysWOW64\xpsrchvw.xml
2021-12-06 11:04 - 2021-12-06 13:33 - 000000000 ____D C:\WINDOWS\IAStorAfsService
2021-12-06 11:04 - 2021-12-06 11:04 - 000000000 ____D C:\Program Files\Reference Assemblies
2021-12-06 11:04 - 2021-12-06 11:04 - 000000000 ____D C:\Program Files\MSBuild
2021-12-06 11:04 - 2021-12-06 11:04 - 000000000 ____D C:\Program Files (x86)\Reference Assemblies
2021-12-06 11:04 - 2021-12-06 11:04 - 000000000 ____D C:\Program Files (x86)\MSBuild
2021-12-06 10:59 - 2021-12-06 10:59 - 000008192 _____ C:\WINDOWS\system32\config\userdiff
2021-12-06 03:09 - 2021-12-06 11:41 - 000000000 ___DC C:\WINDOWS\Panther
2021-12-06 03:04 - 2021-12-06 03:08 - 000000000 ____D C:\ESD
2021-12-06 03:03 - 2021-12-06 03:03 - 000000000 ___HD C:\$Windows.~WS
2021-12-04 06:46 - 2021-12-04 06:46 - 000001232 _____ C:\Users\baile\Desktop\report.txt
2021-12-04 05:50 - 2021-12-04 05:50 - 008540344 _____ (Malwarebytes) C:\Users\baile\Desktop\AdwCleaner.exe
2021-12-04 05:23 - 2021-12-04 10:01 - 000006766 _____ C:\Users\baile\Desktop\Fixlog.txt
2021-12-03 03:18 - 2021-12-03 03:18 - 000048251 _____ C:\Users\baile\AppData\LocalLow\wbkF666.tmp
2021-12-03 03:17 - 2021-12-08 02:14 - 000000000 ____D C:\Users\baile\Documents\Stem Cells
2021-12-01 22:14 - 2021-12-12 01:04 - 002311168 _____ (Farbar) C:\Users\baile\Desktop\FRST64.exe
2021-12-01 22:12 - 2021-12-01 22:12 - 000064513 _____ C:\Users\baile\Desktop\frst.htm
2021-12-01 21:51 - 2021-12-01 21:55 - 002311680 _____ (Farbar) C:\Users\baile\Downloads\FRST64.exe
2021-12-01 02:08 - 2021-12-01 02:08 - 000210352 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\MbamChameleon.sys
2021-11-30 05:32 - 2021-11-30 05:32 - 000001942 _____ C:\Users\baile\Desktop\PC Health Check.lnk
2021-11-30 05:32 - 2021-11-30 05:32 - 000001352 _____ C:\Users\baile\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\PC Health Check.lnk
2021-11-30 05:32 - 2021-11-30 05:32 - 000000000 ___RD C:\Users\baile\AppData\Local\PCHealthCheck
2021-11-30 05:31 - 2021-11-30 05:31 - 014233600 _____ C:\Users\baile\Downloads\WindowsPCHealthCheckSetup.msi
2021-11-29 17:54 - 2021-11-29 17:54 - 000000000 ____D C:\Users\baile\AppData\Local\LogiBolt
2021-11-29 17:53 - 2021-12-06 13:33 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Logitech
2021-11-29 17:53 - 2021-12-06 13:33 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Logi
2021-11-29 17:53 - 2021-11-29 17:54 - 000000000 ____D C:\ProgramData\Logishrd
2021-11-29 17:53 - 2021-11-29 17:53 - 000000000 ____D C:\Users\baile\AppData\Roaming\Logishrd
2021-11-29 17:53 - 2021-11-29 17:53 - 000000000 ____D C:\Program Files\Logitech
2021-11-29 17:53 - 2021-11-29 17:53 - 000000000 ____D C:\Program Files\Logi
2021-11-12 14:53 - 2021-11-12 14:53 - 000000000 ___HD C:\$WinREAgent

==================== One month (modified) ==================

(If an entry is included in the fixlist, the file/folder will be moved.)

2021-12-12 01:05 - 2020-08-05 03:17 - 000000000 ____D C:\FRST
2021-12-12 01:04 - 2017-12-20 15:47 - 000000000 ____D C:\Users\baile\Documents\Outlook Files
2021-12-12 00:26 - 2017-12-30 22:57 - 000000000 ____D C:\Program Files (x86)\Google
2021-12-11 23:34 - 2019-12-07 03:14 - 000000000 ____D C:\WINDOWS\AppReadiness
2021-12-11 23:23 - 2019-12-07 03:14 - 000000000 ____D C:\ProgramData\regid.1991-06.com.microsoft
2021-12-11 21:16 - 2019-12-07 03:13 - 000000000 ____D C:\WINDOWS\INF
2021-12-11 21:14 - 2019-10-01 20:08 - 000000000 ___HD C:\Users\Public\Documents\AdobeGCData
2021-12-11 21:09 - 2020-06-17 16:53 - 000008192 ___SH C:\DumpStack.log.tmp
2021-12-11 21:09 - 2019-12-07 03:14 - 000000000 ____D C:\WINDOWS\ServiceState
2021-12-11 21:08 - 2019-12-07 03:03 - 001048576 _____ C:\WINDOWS\system32\config\BBI
2021-12-11 02:20 - 2017-12-20 00:53 - 000000000 ____D C:\Users\baile\AppData\Local\Adobe
2021-12-11 00:42 - 2019-12-07 03:14 - 000000000 ___HD C:\Program Files\WindowsApps
2021-12-11 00:13 - 2021-01-23 13:37 - 000000000 ____D C:\Program Files\Microsoft Update Health Tools
2021-12-10 19:34 - 2019-12-07 03:03 - 000000000 ____D C:\WINDOWS\CbsTemp
2021-12-10 01:31 - 2018-02-12 23:29 - 000000000 ____D C:\Users\baile\Documents\Recipies
2021-12-08 21:04 - 2020-07-13 22:29 - 000002267 _____ C:\Users\Public\Desktop\Google Chrome.lnk
2021-12-08 21:04 - 2017-12-30 22:58 - 000002308 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk
2021-12-08 04:08 - 2019-12-07 03:14 - 000000000 ____D C:\WINDOWS\appcompat
2021-12-07 09:59 - 2019-12-07 03:14 - 000000000 ____D C:\WINDOWS\system32\NDF
2021-12-06 14:04 - 2017-12-19 21:12 - 000000000 ____D C:\Users\baile\AppData\Local\Packages
2021-12-06 13:52 - 2019-06-21 12:20 - 000000000 ____D C:\Users\baile\Documents\Social Security
2021-12-06 13:33 - 2021-04-26 13:56 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\iTunes
2021-12-06 13:33 - 2020-11-26 14:07 - 000000000 ____D C:\Users\baile\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Zoom
2021-12-06 13:33 - 2020-11-24 15:24 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Steam
2021-12-06 13:33 - 2020-08-01 00:51 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Fitbit Connect
2021-12-06 13:33 - 2020-07-05 21:02 - 000000000 ____D C:\Users\baile\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\GitHub, Inc
2021-12-06 13:33 - 2020-03-28 21:56 - 000000000 ____D C:\Users\baile\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps
2021-12-06 13:33 - 2019-12-07 03:14 - 000028672 _____ C:\WINDOWS\system32\config\BCD-Template
2021-12-06 13:33 - 2019-12-07 03:14 - 000000000 __RHD C:\Users\Public\Libraries
2021-12-06 13:33 - 2019-12-07 03:14 - 000000000 ____D C:\WINDOWS\SysWOW64\Macromed
2021-12-06 13:33 - 2019-12-07 03:14 - 000000000 ____D C:\WINDOWS\system32\WinBioDatabase
2021-12-06 13:33 - 2019-12-07 03:14 - 000000000 ____D C:\WINDOWS\system32\Tasks_Migrated
2021-12-06 13:33 - 2019-12-07 03:14 - 000000000 ____D C:\WINDOWS\system32\spool
2021-12-06 13:33 - 2019-12-07 03:14 - 000000000 ____D C:\WINDOWS\system32\Macromed
2021-12-06 13:33 - 2019-12-07 03:14 - 000000000 ____D C:\WINDOWS\LiveKernelReports
2021-12-06 13:33 - 2019-12-07 03:14 - 000000000 ____D C:\Program Files\Common Files\microsoft shared
2021-12-06 13:33 - 2019-06-18 10:29 - 000000000 ____D C:\Program Files\UNP
2021-12-06 13:33 - 2018-12-29 22:02 - 000000000 ____D C:\Users\baile\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Steam
2021-12-06 13:33 - 2018-11-28 18:21 - 000000000 ____D C:\Users\baile\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Grammarly
2021-12-06 13:33 - 2018-09-15 01:33 - 000000000 ____D C:\WINDOWS\system32\MsDtc
2021-12-06 13:33 - 2018-05-18 20:26 - 000000000 ___RD C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Wacom Tablet
2021-12-06 13:33 - 2018-04-12 03:19 - 000000000 ____D C:\WINDOWS\SysWOW64\gd-GB
2021-12-06 13:33 - 2018-01-13 00:06 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\OverDrive for Windows
2021-12-06 13:33 - 2017-12-20 16:49 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Office 2013
2021-12-06 13:33 - 2017-12-20 01:08 - 000000000 ____D C:\ProgramData\regid.1986-12.com.adobe
2021-12-06 13:33 - 2017-11-09 18:43 - 000000000 ____D C:\Program Files\Tablet
2021-12-06 13:33 - 2017-11-09 18:41 - 000000000 ____D C:\Program Files\Intel
2021-12-06 12:39 - 2017-12-20 00:25 - 000000000 ____D C:\Users\baile\AppData\Local\PlaceholderTileLogoFolder
2021-12-06 11:57 - 2019-12-07 03:14 - 000000000 ___RD C:\WINDOWS\PrintDialog
2021-12-06 11:41 - 2019-12-07 03:14 - 000000000 ___RD C:\WINDOWS\ImmersiveControlPanel
2021-12-06 11:41 - 2019-12-07 03:14 - 000000000 ____D C:\WINDOWS\system32\oobe
2021-12-06 11:41 - 2019-12-07 03:14 - 000000000 ____D C:\Program Files\Windows Defender
2021-12-06 11:41 - 2019-12-07 03:03 - 000032768 _____ C:\WINDOWS\system32\config\ELAM
2021-12-06 11:41 - 2017-12-19 21:41 - 000000000 ___RD C:\Users\baile\3D Objects
2021-12-06 11:41 - 2017-03-23 11:27 - 000000000 __RHD C:\Users\Public\AccountPictures
2021-12-06 11:38 - 2019-12-07 03:14 - 000000000 __RSD C:\WINDOWS\Media
2021-12-06 11:38 - 2019-12-07 03:14 - 000000000 ____D C:\WINDOWS\Registration
2021-12-06 11:38 - 2017-12-19 21:14 - 000027280 _____ C:\WINDOWS\system32\emptyregdb.dat
2021-12-06 11:35 - 2019-12-07 03:14 - 000000000 ____D C:\WINDOWS\system32\WinBioPlugIns
2021-12-06 11:35 - 2017-11-09 18:43 - 000312687 _____ C:\WINDOWS\system32\Drivers\rtkhdasetting.zip
2021-12-06 11:35 - 2017-11-09 18:43 - 000000000 ____D C:\WINDOWS\system32\DAX3
2021-12-06 11:35 - 2017-11-09 18:43 - 000000000 ____D C:\WINDOWS\system32\DAX2
2021-12-06 11:35 - 2017-11-09 18:42 - 000000000 ____D C:\WINDOWS\SysWOW64\RTCOM
2021-12-06 11:34 - 2020-06-26 02:38 - 000002445 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Edge.lnk
2021-12-06 11:34 - 2020-06-26 02:38 - 000002283 _____ C:\Users\Public\Desktop\Microsoft Edge.lnk
2021-12-06 11:33 - 2019-12-07 03:18 - 000000000 ____D C:\WINDOWS\Setup
2021-12-06 11:30 - 2019-12-07 03:14 - 000000000 ____D C:\ProgramData\USOPrivate
2021-12-06 11:19 - 2020-06-18 10:02 - 000000000 ____D C:\WINDOWS\Lenovo
2021-12-06 11:19 - 2020-01-12 00:04 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\WD Discovery
2021-12-06 11:19 - 2019-12-07 03:14 - 000000000 ____D C:\WINDOWS\Resources
2021-12-06 11:19 - 2017-11-09 18:43 - 000000000 ____D C:\WINDOWS\system32\Intel
2021-12-06 11:19 - 2017-11-09 18:42 - 000000000 ____D C:\Program Files\Realtek
2021-12-06 11:14 - 2019-12-07 03:14 - 000000000 ___SD C:\WINDOWS\system32\DiagSvcs
2021-12-06 11:14 - 2019-12-07 03:14 - 000000000 ____D C:\WINDOWS\SysWOW64\setup
2021-12-06 11:14 - 2019-12-07 03:14 - 000000000 ____D C:\WINDOWS\SysWOW64\lv-LV
2021-12-06 11:14 - 2019-12-07 03:14 - 000000000 ____D C:\WINDOWS\SysWOW64\lt-LT
2021-12-06 11:14 - 2019-12-07 03:14 - 000000000 ____D C:\WINDOWS\SysWOW64\et-EE
2021-12-06 11:14 - 2019-12-07 03:14 - 000000000 ____D C:\WINDOWS\SysWOW64\es-MX
2021-12-06 11:14 - 2019-12-07 03:14 - 000000000 ____D C:\WINDOWS\SysWOW64\Dism
2021-12-06 11:14 - 2019-12-07 03:14 - 000000000 ____D C:\WINDOWS\SystemResources
2021-12-06 11:14 - 2019-12-07 03:14 - 000000000 ____D C:\WINDOWS\system32\setup
2021-12-06 11:14 - 2019-12-07 03:14 - 000000000 ____D C:\WINDOWS\system32\lv-LV
2021-12-06 11:14 - 2019-12-07 03:14 - 000000000 ____D C:\WINDOWS\system32\lt-LT
2021-12-06 11:14 - 2019-12-07 03:14 - 000000000 ____D C:\WINDOWS\system32\et-EE
2021-12-06 11:14 - 2019-12-07 03:14 - 000000000 ____D C:\WINDOWS\system32\es-MX
2021-12-06 11:14 - 2019-12-07 03:14 - 000000000 ____D C:\WINDOWS\system32\Dism
2021-12-06 11:14 - 2019-12-07 03:14 - 000000000 ____D C:\WINDOWS\ShellExperiences
2021-12-06 11:14 - 2019-12-07 03:14 - 000000000 ____D C:\WINDOWS\bcastdvr
2021-12-06 11:14 - 2019-12-07 03:03 - 000000000 ____D C:\WINDOWS\servicing
2021-12-04 18:50 - 2018-04-09 19:37 - 000000000 ____D C:\Users\baile\Documents\Purchases off Internet
2021-12-04 18:49 - 2019-03-11 01:04 - 000000000 ____D C:\Users\baile\Documents\Kitchen
2021-12-04 18:47 - 2018-04-29 19:25 - 000000000 ____D C:\Users\baile\Documents\Mom and Dad
2021-12-04 18:45 - 2018-10-16 22:39 - 000000000 ____D C:\Users\baile\Documents\Ricki Lowe
2021-12-04 18:43 - 2018-08-10 22:37 - 000000000 ____D C:\Users\baile\Documents\Politics
2021-12-04 18:42 - 2018-01-30 22:07 - 000000000 ____D C:\Users\baile\Documents\Insurance
2021-12-04 18:41 - 2018-10-20 15:40 - 000000000 ____D C:\Users\baile\Documents\Margie
2021-12-04 18:40 - 2018-03-31 18:25 - 000000000 ____D C:\Users\baile\Documents\Margie Birthday
2021-12-04 18:37 - 2019-10-15 21:06 - 000000000 ____D C:\Users\baile\Documents\Medicare
2021-12-04 18:36 - 2021-06-02 20:30 - 000000000 ____D C:\Users\baile\Documents\Fax
2021-12-04 18:34 - 2018-01-05 00:16 - 000000000 ____D C:\Users\baile\Documents\Crafts
2021-12-04 18:33 - 2018-01-05 00:16 - 000000000 ____D C:\Users\baile\Documents\Computer
2021-12-04 18:30 - 2018-01-07 19:34 - 000000000 ____D C:\Users\baile\Documents\Camping
2021-12-04 18:27 - 2018-01-05 00:16 - 000000000 ____D C:\Users\baile\Documents\Cabin Oct 2017
2021-12-04 18:24 - 2018-01-13 01:01 - 000000000 ____D C:\Users\baile\Documents\Boat
2021-12-04 18:23 - 2021-01-17 14:59 - 000000000 ____D C:\Users\baile\Documents\Barrett Cook Book
2021-12-04 18:23 - 2018-02-12 18:35 - 000000000 ____D C:\Users\baile\Documents\Bank of America
2021-12-04 18:22 - 2018-04-24 19:10 - 000000000 ____D C:\Users\baile\Documents\Amazon
2021-12-04 18:13 - 2020-12-04 00:11 - 000000000 ____D C:\ProgramData\Luminar 4
2021-12-04 07:37 - 2017-11-09 18:26 - 000000000 ____D C:\ProgramData\Lenovo
2021-12-04 05:34 - 2020-08-12 21:25 - 000000000 ____D C:\Users\baile\AppData\LocalLow\Temp
2021-12-02 01:34 - 2018-05-05 14:45 - 000000000 ____D C:\Users\baile\Documents\Pam
2021-12-01 21:58 - 2020-08-05 03:18 - 000039246 _____ C:\Users\baile\Downloads\Addition.txt
2021-12-01 21:58 - 2020-08-05 03:17 - 000042236 _____ C:\Users\baile\Downloads\FRST.txt
2021-11-28 20:30 - 2020-01-16 21:03 - 000000000 ____D C:\Users\baile\Documents\2020 Calif Trip
2021-11-28 20:30 - 2018-01-05 00:16 - 000000000 ____D C:\Users\baile\Documents\2 Pam Health Savings Account
2021-11-26 23:41 - 2018-04-10 00:41 - 000000000 ____D C:\Users\baile\Documents\Battle Pirates
2021-11-26 23:01 - 2018-06-21 03:36 - 000000000 ____D C:\Users\baile\AppData\Local\CrashDumps
2021-11-26 22:39 - 2020-12-20 18:18 - 000000000 ____D C:\Users\baile\Documents\Christmas
2021-11-25 21:02 - 2018-01-05 00:17 - 000000000 ____D C:\Users\baile\Documents\Verizon
2021-11-19 13:49 - 2018-06-17 15:34 - 000000000 ____D C:\ProgramData\Packages
2021-11-19 03:34 - 2017-12-20 16:49 - 000000000 ____D C:\Program Files\Microsoft Office 15
2021-11-17 16:36 - 2018-05-27 12:01 - 000000000 ____D C:\Users\baile\Documents\DNR Licenses

==================== Files in the root of some directories ========

2018-09-25 22:03 - 2018-09-25 22:03 - 000000000 _____ () C:\Users\baile\AppData\Local\oobelibMkey.log
2019-08-09 16:03 - 2019-08-09 16:03 - 000000017 _____ () C:\Users\baile\AppData\Local\resmon.resmoncfg

==================== SigCheck ============================

(There is no automatic fix for files that do not pass verification.)

==================== End of FRST.txt ========================
 
Discussion starter · #49 ·
Additional scan result of Farbar Recovery Scan Tool (x64) Version: 11-12-2021
Ran by bailey (12-12-2021 01:05:58)
Running from C:\Users\baile\Desktop
Microsoft Windows 10 Home Version 21H2 19044.1348 (X64) (2021-12-06 17:41:42)
Boot Mode: Normal
==========================================================

==================== Accounts: =============================

(If an entry is included in the fixlist, it will be removed.)

Administrator (S-1-5-21-260720292-2504253849-2348319339-500 - Administrator - Disabled)
Baile (S-1-5-21-260720292-2504253849-2348319339-1002 - Limited - Disabled)
bailey (S-1-5-21-260720292-2504253849-2348319339-1001 - Administrator - Enabled) => C:\Users\baile
DefaultAccount (S-1-5-21-260720292-2504253849-2348319339-503 - Limited - Disabled)
Guest (S-1-5-21-260720292-2504253849-2348319339-501 - Limited - Disabled)
supportaccount (S-1-5-21-260720292-2504253849-2348319339-1003 - Administrator - Enabled)
WDAGUtilityAccount (S-1-5-21-260720292-2504253849-2348319339-504 - Limited - Disabled)

==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AV: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AV: Malwarebytes (Enabled - Up to date) {23007AD3-69FE-687C-2629-D584AFFAF72B}
AS: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

==================== Installed Programs ======================

(Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

Adobe Genuine Service (HKLM-x32\...\AdobeGenuineService) (Version: 7.6.0.52 - Adobe Inc.)
Amazon Games (HKU\S-1-5-21-260720292-2504253849-2348319339-1001\...\{4DD10B06-78A4-4E6F-AA39-25E9C38FA568}) (Version: 2.1.5699.1 - Amazon.com Services, Inc.)
Amazon Photos (HKU\S-1-5-21-260720292-2504253849-2348319339-1001\...\Amazon Photos) (Version: 6.5.0 - Amazon.com, Inc.)
Apple Application Support (32-bit) (HKLM-x32\...\{C3A282C9-4C8B-4A63-B449-3A064FB378D7}) (Version: 8.2 - Apple Inc.)
Apple Application Support (64-bit) (HKLM\...\{CC046FB9-E84E-4092-B924-DBE33DA2BE75}) (Version: 8.2 - Apple Inc.)
Apple Mobile Device Support (HKLM\...\{74CC99EB-7DC0-4CB0-847A-F8C2FE39690C}) (Version: 14.5.0.7 - Apple Inc.)
Apple Software Update (HKLM-x32\...\{A3985C05-7386-411F-A4BF-32A73F37EB44}) (Version: 2.6.3.1 - Apple Inc.)
Bonjour (HKLM\...\{56DDDFB8-7F79-4480-89D5-25E1F52AB28F}) (Version: 3.1.0.1 - Apple Inc.)
Cortona3D Viewer (HKLM\...\{71C24FD8-9FA4-4727-B1CB-E22B1E6D8403}) (Version: 8.6.212 - ParallelGraphics)
Dolby Atmos Windows API SDK (HKLM\...\{1F4A261B-588C-4A43-B1F0-49365AC430C7}) (Version: 1.1.3.23 - Dolby Laboratories, Inc.)
Dolby Atmos Windows APP (HKLM\...\{3CCE82BF-69CF-4172-8AFE-1DACB991A62B}) (Version: 1.1.3.21 - Dolby Laboratories, Inc.)
Epic Games Launcher Prerequisites (x64) (HKLM\...\{F9C5C994-F6B9-4D75-B3E7-AD01B84073E9}) (Version: 1.0.0.0 - Epic Games, Inc.) Hidden
ExpressVPN (HKLM-x32\...\{57e033a5-c75e-4823-83af-c1b6b3b759ab}) (Version: 10.0.9.2 - ExpressVPN)
ExpressVPN (HKLM-x32\...\{E5B9C3E5-889C-4F22-A959-F4B876CD0833}) (Version: 10.0.9.2 - ExpressVPN) Hidden
Fitbit Connect (HKLM-x32\...\{F76678F2-2FF6-40D7-9B16-A39B0A820ED2}) (Version: 1.0.3.5512 - Fitbit Inc.)
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 96.0.4664.93 - Google LLC)
Grammarly (HKU\S-1-5-21-260720292-2504253849-2348319339-1001\...\GrammarlyForWindows) (Version: 1.5.45 - Grammarly)
Grammarly for Microsoft® Office Suite (HKLM\...\{DE46CC28-5477-4CFB-9AE2-8C7C111E3EE7}) (Version: 6.8.261 - Grammarly) Hidden
Grammarly for Microsoft® Office Suite (HKU\S-1-5-21-260720292-2504253849-2348319339-1001\...\{ee962c45-b827-4262-a720-3a939910ce37}) (Version: 6.8.261 - Grammarly)
I.R.I.S. OCR (HKLM-x32\...\{CA6BCA2F-EDEB-408F-850B-31404BE16A61}) (Version: 12.3.4.0 - HP)
iCloud Outlook (HKLM\...\{969F33A2-7E0F-43FC-8896-6EF0C028CA12}) (Version: 10.9.0.9 - Apple Inc.)
Intel(R) Chipset Device Software (HKLM-x32\...\{bb0592a7-5772-4736-9d55-2402740085db}) (Version: 10.1.1.38 - Intel(R) Corporation) Hidden
Intel(R) Management Engine Components (HKLM\...\{1CEAC85D-2590-4760-800F-8DE5E91F3700}) (Version: 11.6.0.1039 - Intel Corporation)
Intel(R) Processor Graphics (HKLM-x32\...\{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}) (Version: 21.20.16.4627 - Intel Corporation) Hidden
iTunes (HKLM\...\{653C59E1-B78D-4D82-9259-C14DFD9F6EFC}) (Version: 12.11.3.17 - Apple Inc.)
Launcher Prerequisites (x64) (HKLM-x32\...\{43a03b9c-4770-409c-a999-587b60700b63}) (Version: 1.0.0.0 - Epic Games, Inc.) Hidden
Launcher Prerequisites (x64) (HKLM-x32\...\{c6c5a357-c7ca-4a5f-9789-3bb1af579253}) (Version: 1.0.0.0 - Epic Games, Inc.) Hidden
Lenovo App Explorer (HKU\S-1-5-19\...\Host App Service) (Version: 0.272.1.560 - SweetLabs for Lenovo) <==== ATTENTION
Lenovo App Explorer (HKU\S-1-5-20\...\Host App Service) (Version: 0.272.1.560 - SweetLabs for Lenovo) <==== ATTENTION
Logi Bolt (HKLM\...\LogiBolt) (Version: 1.01.415.0 - Logi)
Logitech Options (HKLM\...\LogiOptions) (Version: 9.40.86 - Logitech)
Malwarebytes version 4.4.10.144 (HKLM\...\{35065F43-4BB2-439A-BFF7-0F1014F2E0CD}_is1) (Version: 4.4.10.144 - Malwarebytes)
Microsoft Edge (HKLM-x32\...\Microsoft Edge) (Version: 96.0.1054.43 - Microsoft Corporation)
Microsoft Office Professional 2013 - en-us (HKLM\...\ProfessionalRetail - en-us) (Version: 15.0.5397.1002 - Microsoft Corporation)
Microsoft OneDrive (HKU\S-1-5-21-260720292-2504253849-2348319339-1001\...\OneDriveSetup.exe) (Version: 21.220.1024.0005 - Microsoft Corporation)
Microsoft Update Health Tools (HKLM\...\{E876418F-BE59-4D8C-B9A5-74B056B676FA}) (Version: 2.93.0.0 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{7299052b-02a4-4627-81f2-1818da5d550d}) (Version: 8.0.56336 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{071c9b48-7c32-4621-a0ac-3f809523288f}) (Version: 8.0.56336 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.61030 (HKLM-x32\...\{ca67548a-5ebe-413a-b50c-4b9ceb6d66c6}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.61030 (HKLM-x32\...\{33d1fd90-4274-48a1-9bc1-97e33d9c2d6f}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x64) - 12.0.30501 (HKLM-x32\...\{050d4fc8-5d48-4b8f-8972-47c82c46020f}) (Version: 12.0.30501.0 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x64) - 12.0.40660 (HKLM-x32\...\{ef6b00ec-13e1-4c25-9064-b2f383cb8412}) (Version: 12.0.40660.0 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.30501 (HKLM-x32\...\{f65db027-aff3-4070-886a-0d87064aabb1}) (Version: 12.0.30501.0 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.40660 (HKLM-x32\...\{61087a79-ac85-455c-934d-1fa22cc64f36}) (Version: 12.0.40660.0 - Microsoft Corporation)
Microsoft Visual C++ 2015-2019 Redistributable (x64) - 14.23.27820 (HKLM-x32\...\{852adda4-4c78-4a38-b583-c0b360a329d6}) (Version: 14.23.27820.0 - Microsoft Corporation)
Microsoft Visual C++ 2017 Redistributable (x86) - 14.15.26706 (HKLM-x32\...\{7e9fae12-5bbf-47fb-b944-09c49e75c061}) (Version: 14.15.26706.0 - Microsoft Corporation)
Office 15 Click-to-Run Extensibility Component (HKLM-x32\...\{90150000-008C-0000-0000-0000000FF1CE}) (Version: 15.0.5397.1002 - Microsoft Corporation) Hidden
Office 15 Click-to-Run Licensing Component (HKLM\...\{90150000-008F-0000-1000-0000000FF1CE}) (Version: 15.0.5397.1002 - Microsoft Corporation) Hidden
Office 15 Click-to-Run Localization Component (HKLM-x32\...\{90150000-008C-0409-0000-0000000FF1CE}) (Version: 15.0.5397.1002 - Microsoft Corporation) Hidden
OverDrive for Windows (HKLM-x32\...\{FF27E73D-C30A-4F32-B2D7-22069F01DDB9}) (Version: 3.6.0 - OverDrive, Inc.)
Polarr (HKU\S-1-5-21-260720292-2504253849-2348319339-1001\...\Polarr) (Version: 1.0.0 - Polarr, Inc.)
Skype Meetings App (HKLM-x32\...\{BC1D9E47-8927-4AA1-A891-7763BC2475B7}) (Version: 16.2.0.511 - Microsoft Corporation)
Steam (HKLM-x32\...\Steam) (Version: 2.10.91.91 - Valve Corporation)
Update for Windows 10 for x64-based Systems (KB4023057) (HKLM\...\{16AD6161-2E47-4BF1-AA77-0946EFE93E08}) (Version: 2.61.0.0 - Microsoft Corporation)
Vulkan Run Time Libraries 1.0.33.0 (HKLM\...\VulkanRT1.0.33.0) (Version: 1.0.33.0 - LunarG, Inc.)
Vulkan Run Time Libraries 1.0.42.0 (HKLM\...\VulkanRT1.0.42.0) (Version: 1.0.42.0 - LunarG, Inc.) Hidden
Vulkan Run Time Libraries 1.0.42.0 (HKLM\...\VulkanRT1.0.42.0-2) (Version: 1.0.42.0 - LunarG, Inc.) Hidden
Vulkan Run Time Libraries 1.0.42.0 (HKLM\...\VulkanRT1.0.42.0-3) (Version: 1.0.42.0 - LunarG, Inc.) Hidden
Vulkan Run Time Libraries 1.0.42.0 (HKLM\...\VulkanRT1.0.42.0-4) (Version: 1.0.42.0 - LunarG, Inc.) Hidden
Vulkan Run Time Libraries 1.0.42.0 (HKLM\...\VulkanRT1.0.42.0-5) (Version: 1.0.42.0 - LunarG, Inc.) Hidden
Vulkan Run Time Libraries 1.0.42.0 (HKLM\...\VulkanRT1.0.42.0-6) (Version: 1.0.42.0 - LunarG, Inc.)
Wacom Pen (HKLM\...\ISD Tablet Driver) (Version: 7.3.4-38 - Wacom Technology Corp.)
Wacom Tablet (HKLM\...\Wacom Tablet Driver) (Version: 6.3.29-6 - Wacom Technology Corp.)
WD Backup (HKLM-x32\...\{09C422A7-0421-40A5-933A-9177BEDF9B3B}) (Version: 1.9.6598.18388 - Western Digital Technologies, Inc) Hidden
WD Backup (HKLM-x32\...\{61ccf853-a113-4862-9d4a-6dd2b869c9db}) (Version: 1.9.6598.18388 - Western Digital Technologies, Inc.)
Windows 10 Update Assistant (HKLM-x32\...\{D5C69738-B486-402E-85AC-2456D98A64E4}) (Version: 1.4.9200.22589 - Microsoft Corporation)
Windows PC Health Check (HKLM\...\{014B7442-C784-45D3-A152-F7D2C651F28A}) (Version: 3.3.2110.22002 - Microsoft Corporation)
Windows PC Health Check (HKLM\...\{B1E7D0FD-7CFE-4E0C-A5DA-0F676499DB91}) (Version: 3.2.2110.14001 - Microsoft Corporation)
Zoom (HKU\S-1-5-21-260720292-2504253849-2348319339-1001\...\ZoomUMX) (Version: 5.4.3 (58891.1115) - Zoom Video Communications, Inc.)

Packages:
=========
Autodesk SketchBook -> C:\Program Files\WindowsApps\89006A2E.AutodeskSketchBook_5.1.0.0_x64__tf1gferkr813w [2020-09-27] (Autodesk Inc.)
Bamboo Paper -> C:\Program Files\WindowsApps\D91E29CF.BambooPaper_2.0.23.0_x64__38kynpdw5g1aw [2021-11-18] (Wacom Europe GmbH)
Facebook -> C:\Program Files\WindowsApps\FACEBOOK.FACEBOOK_2021.927.1.0_neutral__8xx8rvfyw5nnt [2021-12-06] (Facebook Inc)
Fitbit -> C:\Program Files\WindowsApps\Fitbit.Fitbit_2.44.1997.0_x64__6mqt6hf9g46tw [2020-09-27] (Fitbit)
HP Smart -> C:\Program Files\WindowsApps\AD2F1837.HPPrinterControl_132.5.268.0_x64__v10z8vjag6ke6 [2021-12-10] (HP Inc.)
iCloud -> C:\Program Files\WindowsApps\AppleInc.iCloud_13.0.201.0_x86__nzyj5cx40ttqa [2021-12-07] (Apple Inc.) [Startup Task]
Instagram -> C:\Program Files\WindowsApps\Facebook.InstagramBeta_42.0.19.0_neutral__8xx8rvfyw5nnt [2021-11-04] (Instagram)
Journalist -> C:\Program Files\WindowsApps\49752MichaelS.Scherotter.Journalist_1.1.631.0_x64__9eg5g21zq32qm [2021-07-27] (Michael S. Scherotter)
LastPass: Free Password Manager -> C:\Program Files\WindowsApps\LastPass.LastPassFreePasswordManager_4.69.0.0_neutral__qq0fmhteeht3j [2021-12-06] (LastPass)
Libby, by OverDrive -> C:\Program Files\WindowsApps\2FA138F6.LibbybyOverDrive_1.4.2.0_x64__daecb9042jmvt [2020-09-27] (OverDrive Inc.)
Messenger -> C:\Program Files\WindowsApps\FACEBOOK.317180B0BB486_1320.12.119.0_x64__8xx8rvfyw5nnt [2021-12-11] (Facebook Inc) [Startup Task]
Microsoft Advertising SDK for XAML -> C:\Program Files\WindowsApps\Microsoft.Advertising.Xaml_10.1811.1.0_x64__8wekyb3d8bbwe [2021-12-06] (Microsoft Corporation) [MS Ad]
Microsoft Advertising SDK for XAML -> C:\Program Files\WindowsApps\Microsoft.Advertising.Xaml_10.1811.1.0_x86__8wekyb3d8bbwe [2021-12-06] (Microsoft Corporation) [MS Ad]
Microsoft Solitaire Collection -> C:\Program Files\WindowsApps\Microsoft.MicrosoftSolitaireCollection_4.11.12030.0_x64__8wekyb3d8bbwe [2021-12-10] (Microsoft Studios) [MS Ad]
Microsoft Whiteboard -> C:\Program Files\WindowsApps\Microsoft.Whiteboard_51.10913.5796.0_x64__8wekyb3d8bbwe [2021-12-01] (Microsoft Corporation)
Netflix -> C:\Program Files\WindowsApps\4DF9E0F8.Netflix_6.97.752.0_x64__mcm4njqhnhss8 [2021-04-15] (Netflix, Inc.)
OverDrive - Library eBooks & Audiobooks -> C:\Program Files\WindowsApps\2FA138F6.OverDriveMediaConsole_3.8.0.5_neutral__daecb9042jmvt [2020-09-27] (OverDrive Inc.)
Pandora -> C:\Program Files\WindowsApps\PandoraMediaInc.29680B314EFC2_15.0.3.0_x64__n619g4d5j0fnw [2020-09-27] (Pandora Media Inc) [Startup Task]
Photos Add-on -> C:\Program Files\WindowsApps\Microsoft.Windows.Photos.DLC.Main_2021.39122.10110.0_x64__8wekyb3d8bbwe [2021-04-15] (Microsoft Corporation)
Photos Media Engine Add-on -> C:\Program Files\WindowsApps\Microsoft.Photos.MediaEngineDLC_1.0.0.0_x64__8wekyb3d8bbwe [2020-09-27] (Microsoft Corporation)
Spotify Music -> C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.174.631.0_x86__zpdnekdrzrea0 [2021-12-11] (Spotify AB) [Startup Task]

==================== Custom CLSID (Whitelisted): ==============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

CustomCLSID: HKU\S-1-5-21-260720292-2504253849-2348319339-1001_Classes\CLSID\{2AD206F1-152C-4F9D-A24E-6F93FE7A4AFC}\InprocServer32 -> C:\Users\baile\AppData\Local\Grammarly\Grammarly for Microsoft Office Suite\6.8.261\D457D793AD\GrammarlyShim64.dll (Grammarly, Inc. -> CompanyName)
CustomCLSID: HKU\S-1-5-21-260720292-2504253849-2348319339-1001_Classes\CLSID\{3E3AD4BD-346A-460A-80E8-90699B75C00B}\InprocServer32 -> C:\Users\baile\AppData\Local\Microsoft\SkypeForBusinessPlugin\16.2.0.511\GatewayActiveX-x64.dll (Microsoft Corporation -> Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-260720292-2504253849-2348319339-1001_Classes\CLSID\{4BE56754-B616-4998-B825-D16983AEE1B2}\InprocServer32 -> C:\Users\baile\AppData\Local\Grammarly\Grammarly for Microsoft Office Suite\6.8.261\D457D793AD\Grammarly.AddIn.Connect.ActiveX.dll (Grammarly, Inc. -> Grammarly)
ContextMenuHandlers3: [MBAMShlExt] -> {57CE581A-0CB6-4266-9CA0-19364C90A0B3} => C:\Program Files\Malwarebytes\Anti-Malware\mbshlext.dll [2020-08-03] (Malwarebytes Corporation -> Malwarebytes)
ContextMenuHandlers5: [igfxcui] -> {3AB1675A-CCFF-11D2-8B20-00A0C93CB1F4} => -> No File
ContextMenuHandlers5: [igfxDTCM] -> {9B5F5829-A529-4B12-814A-E81BCB8D93FC} => C:\WINDOWS\System32\DriverStore\FileRepository\igdlh64.inf_amd64_3d757484a892eacf\igfxDTCM.dll [2017-09-18] (Microsoft Windows Hardware Compatibility Publisher -> Intel Corporation)
ContextMenuHandlers6: [MBAMShlExt] -> {57CE581A-0CB6-4266-9CA0-19364C90A0B3} => C:\Program Files\Malwarebytes\Anti-Malware\mbshlext.dll [2020-08-03] (Malwarebytes Corporation -> Malwarebytes)

==================== Codecs (Whitelisted) ====================

==================== Shortcuts & WMI ========================

(The entries could be listed to be restored or removed.)

ShortcutWithArgument: C:\Users\baile\Desktop\Hulu.lnk -> C:\Program Files (x86)\Google\Chrome\Application\chrome_proxy.exe (Google LLC) -> --profile-directory=Default --app-id=epffkfffophpagfbbklffindaiconkmc
ShortcutWithArgument: C:\Users\baile\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Hulu.lnk -> C:\Program Files (x86)\Google\Chrome\Application\chrome_proxy.exe (Google LLC) -> --profile-directory=Default --app-id=epffkfffophpagfbbklffindaiconkmc

==================== Loaded Modules (Whitelisted) =============

==================== Alternate Data Streams (Whitelisted) ========

==================== Safe Mode (Whitelisted) ==================

==================== Association (Whitelisted) =================

==================== Internet Explorer (Whitelisted) ==========

HKU\S-1-5-21-260720292-2504253849-2348319339-1001\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://lenovo17win10.msn.com/?pc=LCTE
HKU\S-1-5-21-260720292-2504253849-2348319339-1001\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://lenovo17win10.msn.com/?pc=LCTE
HKU\S-1-5-21-260720292-2504253849-2348319339-1001\Software\Microsoft\Internet Explorer\Main,Secondary Start Pages = hxxp://mystart.lenovo.com/
SearchScopes: HKU\S-1-5-21-260720292-2504253849-2348319339-1001 -> DefaultScope {D4DBA3E0-BA8B-43C2-9BDB-2CD84DB0CF9F} URL =
SearchScopes: HKU\S-1-5-21-260720292-2504253849-2348319339-1001 -> {D4DBA3E0-BA8B-43C2-9BDB-2CD84DB0CF9F} URL =
BHO: Skype for Business Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX64\Microsoft Office\Office15\OCHelper.dll [2021-03-17] (Microsoft Corporation -> Microsoft Corporation)
BHO: Microsoft SkyDrive Pro Browser Helper -> {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} -> C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX64\Microsoft Office\Office15\GROOVEEX.DLL [2021-10-19] (Microsoft Corporation -> Microsoft Corporation)
Handler-x32: osf - {D924BDC6-C83A-4BD5-90D0-095128A113D1} - C:\Program Files\Microsoft Office 15\root\Office15\MSOSB.DLL [2017-12-20] (Microsoft Corporation -> Microsoft Corporation)

==================== Hosts content: =========================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2017-03-18 15:03 - 2019-07-11 01:06 - 000000830 _____ C:\WINDOWS\system32\drivers\etc\hosts

2018-08-20 13:44 - 2021-04-03 23:13 - 000000443 _____ C:\WINDOWS\system32\drivers\etc\hosts.ics

==================== Other Areas ===========================

(Currently there is no automatic fix for this section.)

HKU\S-1-5-21-260720292-2504253849-2348319339-1001\Control Panel\Desktop\\Wallpaper -> C:\Users\baile\Pictures\Saved Pictures\1 My Kids and Family\Brady and Ricki\2_devils lake j (8).jpg
DNS Servers: 192.168.1.1
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1)
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer => (SmartScreenEnabled: )
Windows Firewall is enabled.

==================== MSCONFIG/TASK MANAGER disabled items ==

(If an entry is included in the fixlist, it will be removed.)

MSCONFIG\Services: EasyAntiCheat => 3
MSCONFIG\Services: WTabletServiceISD => 2
MSCONFIG\Services: WTabletServicePro => 2
HKLM\...\StartupApproved\Run: => "Logitech Download Assistant"
HKLM\...\StartupApproved\Run: => "iTunesHelper"
HKLM\...\StartupApproved\Run32: => "Adobe Creative Cloud"
HKLM\...\StartupApproved\Run32: => "Fitbit Connect"
HKLM\...\StartupApproved\Run32: => "Polarr"
HKU\S-1-5-21-260720292-2504253849-2348319339-1001\...\StartupApproved\StartupFolder: => "Facebook Gameroom.lnk"
HKU\S-1-5-21-260720292-2504253849-2348319339-1001\...\StartupApproved\Run: => "OneDrive"
HKU\S-1-5-21-260720292-2504253849-2348319339-1001\...\StartupApproved\Run: => "iCloudServices"
HKU\S-1-5-21-260720292-2504253849-2348319339-1001\...\StartupApproved\Run: => "iCloudDrive"
HKU\S-1-5-21-260720292-2504253849-2348319339-1001\...\StartupApproved\Run: => "Fitbit Connect"
HKU\S-1-5-21-260720292-2504253849-2348319339-1001\...\StartupApproved\Run: => "Steam"
HKU\S-1-5-21-260720292-2504253849-2348319339-1001\...\StartupApproved\Run: => "EpicGamesLauncher"

==================== FirewallRules (Whitelisted) ================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

FirewallRules: [{57382B5D-78B2-4D71-A607-7BC55AB1DC39}] => (Allow) C:\ProgramData\Logishrd\LogiOptions\Software\Current\LogiOptionsMgr.EXE (Logitech Inc -> Logitech, Inc.)
FirewallRules: [{F9164E6F-39EE-4E35-81D9-067E432681A2}] => (Allow) C:\Program Files\WindowsApps\Microsoft.SkypeApp_15.78.159.0_x86__kzf8qxf38zg5c\Skype\Skype.exe (Skype Software Sarl -> Skype Technologies S.A.)
FirewallRules: [{B01CC7BF-461C-4973-A65D-0DD1B8E89769}] => (Allow) C:\Program Files\WindowsApps\Microsoft.SkypeApp_15.78.159.0_x86__kzf8qxf38zg5c\Skype\Skype.exe (Skype Software Sarl -> Skype Technologies S.A.)
FirewallRules: [{109682B1-CB8C-4DC1-AA4F-97C5920A01F5}] => (Allow) C:\Program Files\WindowsApps\Microsoft.SkypeApp_15.78.159.0_x86__kzf8qxf38zg5c\Skype\Skype.exe (Skype Software Sarl -> Skype Technologies S.A.)
FirewallRules: [{E24BEBF0-7961-4468-8B36-B43B30E892DA}] => (Allow) C:\Program Files\WindowsApps\Microsoft.SkypeApp_15.78.159.0_x86__kzf8qxf38zg5c\Skype\Skype.exe (Skype Software Sarl -> Skype Technologies S.A.)
FirewallRules: [{5A2E9522-BC99-433F-AE07-12284CC5496A}] => (Allow) C:\Users\baile\Downloads\iTunes.exe (Apple Inc. -> Apple Inc.)
FirewallRules: [{E063C019-70C6-42D0-BE28-D7378F0FB7B2}] => (Allow) C:\Users\baile\New folder\bin\cef\cef.win7x64\steamwebhelper.exe (Valve -> Valve Corporation)
FirewallRules: [{4765E7B2-E045-474A-99DF-C6F971C7A6CC}] => (Allow) C:\Users\baile\New folder\bin\cef\cef.win7x64\steamwebhelper.exe (Valve -> Valve Corporation)
FirewallRules: [{6BF03055-F70E-4244-BA2F-FDDEDF019799}] => (Allow) C:\Users\baile\AppData\Roaming\Zoom\bin\Zoom.exe (Zoom Video Communications, Inc. -> Zoom Video Communications, Inc.)
FirewallRules: [{1C84C52E-82C6-4AC8-8B61-CFEEDFDD7ECA}] => (Allow) C:\Users\baile\New folder\steamapps\common\Rebel Forces\RebelForces.exe () [File not signed]
FirewallRules: [{CCCC2654-EEB2-49C0-9DE2-FA07E08758E9}] => (Allow) C:\Users\baile\New folder\steamapps\common\Rebel Forces\RebelForces.exe () [File not signed]
FirewallRules: [{AB9F7C8B-357B-4AA5-8551-8FC526F6C262}] => (Allow) C:\Users\baile\New folder\Steam.exe (Valve -> Valve Corporation)
FirewallRules: [{E54CB9F1-20C0-41D4-8AFC-40C587F5A399}] => (Allow) C:\Users\baile\New folder\Steam.exe (Valve -> Valve Corporation)
FirewallRules: [{DB029122-856A-4900-896E-B5F828836049}] => (Allow) C:\Program Files (x86)\Bonjour\mDNSResponder.exe (Apple Inc. -> Apple Inc.)
FirewallRules: [{6733E1F9-EA29-4E45-9CFA-FD25A297EAB6}] => (Allow) C:\Program Files (x86)\Bonjour\mDNSResponder.exe (Apple Inc. -> Apple Inc.)
FirewallRules: [{0FD7C4B0-A458-45A0-A28F-74DD83578761}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe (Apple Inc. -> Apple Inc.)
FirewallRules: [{205AC0AE-3A23-4EFF-9D8D-1407C7350A9B}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe (Apple Inc. -> Apple Inc.)
FirewallRules: [{BB9E4FCE-C6D4-4D79-A5B5-6596087E3486}] => (Allow) C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc. -> Apple Inc.)
FirewallRules: [{F110E177-1997-42B6-AB07-24234331214B}] => (Allow) C:\Program Files\Microsoft Office 15\root\Office15\outlook.exe (Microsoft Corporation -> Microsoft Corporation)
FirewallRules: [TCP Query User{131D7F90-ACA0-4069-96D0-1F3A00E14292}C:\users\baile\appdata\local\microsoft\skypeforbusinessplugin\16.2.0.511\pluginhost.exe] => (Allow) C:\users\baile\appdata\local\microsoft\skypeforbusinessplugin\16.2.0.511\pluginhost.exe (Microsoft Corporation -> Microsoft Corporation)
FirewallRules: [UDP Query User{FB915863-E8D0-430A-BAF4-DFE4634B338A}C:\users\baile\appdata\local\microsoft\skypeforbusinessplugin\16.2.0.511\pluginhost.exe] => (Allow) C:\users\baile\appdata\local\microsoft\skypeforbusinessplugin\16.2.0.511\pluginhost.exe (Microsoft Corporation -> Microsoft Corporation)
FirewallRules: [{33CE38FA-6092-4F6D-AC37-434A6AEE9C72}] => (Allow) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google LLC -> Google LLC)
FirewallRules: [{460F3311-31E3-4CE0-9814-B3366E99FB88}] => (Allow) C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.174.631.0_x86__zpdnekdrzrea0\Spotify.exe (Spotify AB -> Spotify Ltd)
FirewallRules: [{401546A9-991F-42F7-9CAD-89470B6EACB0}] => (Allow) C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.174.631.0_x86__zpdnekdrzrea0\Spotify.exe (Spotify AB -> Spotify Ltd)
FirewallRules: [{0DBC0934-F40A-4BFC-A432-0FCCC3861A7D}] => (Allow) C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.174.631.0_x86__zpdnekdrzrea0\Spotify.exe (Spotify AB -> Spotify Ltd)
FirewallRules: [{F986C698-5240-47D9-B669-9001FE055540}] => (Allow) C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.174.631.0_x86__zpdnekdrzrea0\Spotify.exe (Spotify AB -> Spotify Ltd)
FirewallRules: [{DEFB7CC9-7B47-4B5C-AFF6-F290EFAD1A98}] => (Allow) C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.174.631.0_x86__zpdnekdrzrea0\Spotify.exe (Spotify AB -> Spotify Ltd)
FirewallRules: [{84CAD95E-4FD0-493C-B4ED-FB8C6DCFE238}] => (Allow) C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.174.631.0_x86__zpdnekdrzrea0\Spotify.exe (Spotify AB -> Spotify Ltd)
FirewallRules: [{BDAB208D-46FC-4CD4-853E-F64AEF642D0C}] => (Allow) C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.174.631.0_x86__zpdnekdrzrea0\Spotify.exe (Spotify AB -> Spotify Ltd)
FirewallRules: [{A4AC18B0-9235-4B63-B700-258CA269AA70}] => (Allow) C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.174.631.0_x86__zpdnekdrzrea0\Spotify.exe (Spotify AB -> Spotify Ltd)

==================== Restore Points =========================

10-12-2021 19:34:05 Windows Modules Installer

==================== Faulty Device Manager Devices ============

==================== Event log errors: ========================

Application errors:
==================
Error: (12/09/2021 01:47:29 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: svchost.exe_FrameServer, version: 10.0.19041.546, time stamp: 0x058e175a
Faulting module name: combase.dll, version: 10.0.19041.1348, time stamp: 0xbaf10630
Exception code: 0xc0000005
Fault offset: 0x00000000000d1898
Faulting process id: 0x774
Faulting application start time: 0x01d7ecd0f213728b
Faulting application path: C:\WINDOWS\System32\svchost.exe
Faulting module path: C:\WINDOWS\System32\combase.dll
Report Id: 741cac91-c031-46d6-ae11-e99ec49c118a
Faulting package full name:
Faulting package-relative application ID:

Error: (12/09/2021 12:48:05 AM) (Source: VSS) (EventID: 8193) (User: )
Description: Volume Shadow Copy Service error: Unexpected error calling routine CoCreateInstance. hr = 0x8007045b, A system shutdown is in progress.
.

Error: (12/09/2021 12:48:05 AM) (Source: VSS) (EventID: 13) (User: )
Description: Volume Shadow Copy Service information: The COM Server with CLSID {4e14fba2-2e22-11d1-9964-00c04fbbb345} and name CEventSystem cannot be started. [0x8007045b, A system shutdown is in progress.
]

Error: (12/09/2021 12:48:05 AM) (Source: VSS) (EventID: 8193) (User: )
Description: Volume Shadow Copy Service error: Unexpected error calling routine CoCreateInstance. hr = 0x8007045b, A system shutdown is in progress.
.

Error: (12/09/2021 12:48:05 AM) (Source: VSS) (EventID: 13) (User: )
Description: Volume Shadow Copy Service information: The COM Server with CLSID {4e14fba2-2e22-11d1-9964-00c04fbbb345} and name CEventSystem cannot be started. [0x8007045b, A system shutdown is in progress.
]

Error: (12/06/2021 12:00:07 PM) (Source: Microsoft-Windows-Perflib) (EventID: 1023) (User: YOGA720-15IKB)
Description: Windows cannot load the extensible counter DLL "C:\WINDOWS\system32\sysmain.dll" (Win32 error code 126).

Error: (12/06/2021 12:00:07 PM) (Source: Microsoft-Windows-PerfNet) (EventID: 2004) (User: YOGA720-15IKB)
Description: Unable to open the Server service performance object. The first four bytes (DWORD) of the Data section contains the status code.

Error: (12/06/2021 11:38:09 AM) (Source: MSDTC Client 2) (EventID: 4104) (User: )
Description: Failed trying to get the state of the cluster node: .The error code returned: 0x8007085A

System errors:
=============
Error: (12/11/2021 10:28:14 PM) (Source: DCOM) (EventID: 10010) (User: YOGA720-15IKB)
Description: The server {2593F8B9-4EAF-457C-B68A-50F6B8EA6B54} did not register with DCOM within the required timeout.

Error: (12/11/2021 09:08:44 PM) (Source: DCOM) (EventID: 10010) (User: YOGA720-15IKB)
Description: The server {2593F8B9-4EAF-457C-B68A-50F6B8EA6B54} did not register with DCOM within the required timeout.

Error: (12/11/2021 11:18:37 AM) (Source: DCOM) (EventID: 10010) (User: YOGA720-15IKB)
Description: The server {2593F8B9-4EAF-457C-B68A-50F6B8EA6B54} did not register with DCOM within the required timeout.

Error: (12/11/2021 04:23:39 AM) (Source: DCOM) (EventID: 10010) (User: YOGA720-15IKB)
Description: The server {2593F8B9-4EAF-457C-B68A-50F6B8EA6B54} did not register with DCOM within the required timeout.

Error: (12/11/2021 12:37:02 AM) (Source: DCOM) (EventID: 10010) (User: YOGA720-15IKB)
Description: The server {776DBC8D-7347-478C-8D71-791E12EF49D8} did not register with DCOM within the required timeout.

Error: (12/11/2021 12:37:02 AM) (Source: DCOM) (EventID: 10010) (User: YOGA720-15IKB)
Description: The server {776DBC8D-7347-478C-8D71-791E12EF49D8} did not register with DCOM within the required timeout.

Error: (12/11/2021 12:37:01 AM) (Source: DCOM) (EventID: 10010) (User: YOGA720-15IKB)
Description: The server {2593F8B9-4EAF-457C-B68A-50F6B8EA6B54} did not register with DCOM within the required timeout.

Error: (12/10/2021 01:31:15 AM) (Source: DCOM) (EventID: 10010) (User: YOGA720-15IKB)
Description: The server {9AA46009-3CE0-458A-A354-715610A075E6} did not register with DCOM within the required timeout.

Windows Defender:
================
Date: 2021-12-10 14:44:11
Description:
Microsoft Defender Antivirus scan has been stopped before completion.
Scan Type: Antimalware
Scan Parameters: Quick Scan

Date: 2021-12-09 20:10:55
Description:
Microsoft Defender Antivirus scan has been stopped before completion.
Scan Type: Antimalware
Scan Parameters: Quick Scan

Date: 2021-12-08 12:12:38
Description:
Microsoft Defender Antivirus scan has been stopped before completion.
Scan Type: Antimalware
Scan Parameters: Quick Scan

Date: 2021-12-07 11:58:00
Description:
Microsoft Defender Antivirus scan has been stopped before completion.
Scan Type: Antimalware
Scan Parameters: Quick Scan
Event[0]:

Date: 2021-12-07 10:07:32
Description:
Microsoft Defender Antivirus has encountered an error trying to update security intelligence.
New security intelligence Version:
Previous security intelligence Version: 1.353.2180.0
Update Source: Microsoft Update Server
Security intelligence Type: AntiVirus
Update Type: Full
Current Engine Version:
Previous Engine Version: 1.1.18700.4
Error code: 0x80240438
Error description: An unexpected problem occurred while checking for updates. For information on installing or troubleshooting updates, see Help and Support.

==================== Memory info ===========================

BIOS: LENOVO 4MCN33WW(V2.05) 07/19/2018
Motherboard: LENOVO LNVNB161216
Processor: Intel(R) Core(TM) i7-7700HQ CPU @ 2.80GHz
Percentage of memory in use: 54%
Total physical RAM: 8050.39 MB
Available physical RAM: 3633.56 MB
Total Virtual: 11122.39 MB
Available Virtual: 5817.9 MB

==================== Drives ================================

Drive c: (Windows) (Fixed) (Total:212.23 GB) (Free:63.11 GB) NTFS
Drive d: (LENOVO) (Fixed) (Total:25 GB) (Free:12.17 GB) NTFS

\\?\Volume{f502dc90-57ed-4a7b-a2e2-fa55f122b281}\ (WINRE_DRV) (Fixed) (Total:0.98 GB) (Free:0.44 GB) NTFS
\\?\Volume{d43090cd-ee40-4e84-a945-39394c9839b4}\ (SYSTEM_DRV) (Fixed) (Total:0.25 GB) (Free:0.22 GB) FAT32

==================== MBR & Partition Table ====================

==========================================================
Disk: 0 (Size: 238.5 GB) (Disk ID: A3FF1E49)

Partition: GPT.

==================== End of Addition.txt =======================
 
#50 ·
Hi, sportsmom.

1. Deactivate Malwarebytes Premium Trial

Follow the steps here: Deactivate Premium Trial in Malwarebytes for Windows - Malwarebytes Support

2. Delete supportaccount
  • Copy the contents of the code below to Notepad (To open Notepad, type Notepad in the Search area and select it when the specific item appears).
  • Make sure to leave an empty line at the end of the script.
  • Name the file as fix.reg
  • Change the Save as Type to All Files and Save it on the desktop.
  • Once saved, double click on the fix.reg file and merge it into the Registry.
Code: 
Windows Registry Editor Version 5.00

[-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\ProfileList\S-1-5-21-260720292-2504253849-2348319339-1003]
3. FRST fix

NOTICE: This script was written specifically for this user. Running it on another machine may cause damage to your operating system
  • Please select the entire contents of the code box below, from the "Start::" line to "End::", including both lines. Right-click and select "Copy ". No need to paste anything to anywhere.
Code: 
Start::
CreateRestorePoint:
CloseProcesses:
ContextMenuHandlers5: [igfxcui] -> {3AB1675A-CCFF-11D2-8B20-00A0C93CB1F4} => -> No File
SearchScopes: HKU\S-1-5-21-260720292-2504253849-2348319339-1001 -> DefaultScope {D4DBA3E0-BA8B-43C2-9BDB-2CD84DB0CF9F} URL =
SearchScopes: HKU\S-1-5-21-260720292-2504253849-2348319339-1001 -> {D4DBA3E0-BA8B-43C2-9BDB-2CD84DB0CF9F} URL =
Task: {0C68E377-4230-4022-A8A5-D900B8A42B48} - System32\Tasks\Lenovo\ImController\TimeBasedEvents\9be1c45d-442d-4031-87d9-781acf873704 => C:\WINDOWS\Lenovo\ImController\Service\Lenovo.Modern.ImController.exe [83200 2021-11-07] (Lenovo -> Lenovo Group Ltd.)
Task: {2152845E-7E73-43B0-A41C-3BAC4B4F917F} - System32\Tasks\Lenovo\ImController\Lenovo iM Controller Monitor => C:\WINDOWS\system32\ImController.InfInstaller.exe [63728 2021-11-07] (Lenovo -> Lenovo Group Ltd.)
Task: {33C5F5B1-EBB6-4AAE-BBE9-16865B58DEA4} - System32\Tasks\Lenovo\ImController\TimeBasedEvents\21fc5194-9e46-4cab-8172-f517c74f35dc => C:\WINDOWS\Lenovo\ImController\Service\Lenovo.Modern.ImController.exe [83200 2021-11-07] (Lenovo -> Lenovo Group Ltd.)
Task: {56234CCD-D517-4D55-A10A-B3B57BCA2011} - System32\Tasks\Lenovo\ImController\TimeBasedEvents\0e123aa9-1f20-4aee-ab3e-b38f69163d6a => C:\WINDOWS\Lenovo\ImController\Service\Lenovo.Modern.ImController.exe [83200 2021-11-07] (Lenovo -> Lenovo Group Ltd.)
Task: {8B327BA8-3DBC-4577-9BDE-54D6397032E2} - System32\Tasks\Lenovo\BatteryGauge\BatteryGaugeMaintenance => C:\ProgramData\Lenovo\ImController\Plugins\LenovoBatteryGaugePackage\x64\BGHelper.exe [145480 2021-09-09] (Lenovo -> Lenovo Group Ltd.)
Task: {ABD1E5B4-ABB5-4E88-8C51-D1C1A5D0C00E} - System32\Tasks\Lenovo\ImController\Lenovo iM Controller Scheduled Maintenance => "%windir%\system32\sc.exe" START ImControllerService
Task: {D5900B3D-7367-4F08-BCB6-84F1B06493F7} - System32\Tasks\Lenovo\ImController\TimeBasedEvents\d521a18c-cc28-42c4-9391-dd3860052e99 => C:\WINDOWS\Lenovo\ImController\Service\Lenovo.Modern.ImController.exe [83200 2021-11-07] (Lenovo -> Lenovo Group Ltd.)
Task: {DB6254B9-EAC9-467E-B6C6-E63CDDC7C705} - System32\Tasks\Lenovo\ImController\Plugins\LenovoSystemUpdatePlugin_WeeklyTask => %windir%\System32\reg.exe add hklm\SOFTWARE\Lenovo\SystemUpdatePlugin\scheduler /v start /t reg_dword /d 1 /f /reg:32
Task: {E6682B64-5E82-4A95-BE86-C9DB69ADC2E0} - System32\Tasks\Lenovo\ImController\TimeBasedEvents\2207ba55-1cd0-4395-91a0-482a8397b941 => C:\WINDOWS\Lenovo\ImController\Service\Lenovo.Modern.ImController.exe [83200 2021-11-07] (Lenovo -> Lenovo Group Ltd.)
Task: {EE3668F8-BBB2-4DDE-9358-770A17D5080C} - System32\Tasks\Apple Diagnostics => C:\Users\baile\AppData\Local\Microsoft\WindowsApps\eReporter-AppX.exe [0 2021-12-07] () [simlink -> ]
R2 ImControllerService; C:\WINDOWS\Lenovo\ImController\Service\Lenovo.Modern.ImController.exe [83200 2021-11-07] (Lenovo -> Lenovo Group Ltd.)
2021-12-06 11:47 - 2021-12-06 12:43 - 000000000 ____D C:\WINDOWS\system32\Tasks\Lenovo
2021-12-06 11:43 - 2021-12-06 11:43 - 000000000 ____D C:\Users\baile\AppData\Local\Lenovo
2021-12-06 11:41 - 2021-12-06 11:41 - 000000000 ____D C:\WINDOWS\system32\Tasks\McAfee
2021-12-06 11:41 - 2021-12-06 11:41 - 000000000 ____D C:\WINDOWS\system32\Tasks\HP
2021-12-06 11:41 - 2021-12-06 11:41 - 000000000 ____D C:\WINDOWS\system32\Tasks\Apple
2021-12-06 11:41 - 2021-12-06 11:41 - 000000000 ____D C:\WINDOWS\system32\Tasks\Agent Activation Runtime
C:\WINDOWS\Lenovo\ImController
C:\WINDOWS\system32\ImController.InfInstaller.exe
C:\ProgramData\Lenovo\ImController
DeleteKey: HKU\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Host App Service
DeleteKey: HKU\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Host App Service
EmptyTemp:
End::
  • Please right-click on FRST64 on your Desktop, to run it as administrator. When the tool opens, click "yes" to the disclaimer.
  • Press the Fix button once and wait.
  • FRST will process fixlist.txt
  • When finished, it will produce a log fixlog.txt on your Desktop.
  • Please post the log in your next reply.

4. Fresh FRST logs

Let's see the result with fresh logs, FRST and Addition
 
Save
Like Like
Discussion starter · #52 ·
Fix result of Farbar Recovery Scan Tool (x64) Version: 11-12-2021
Ran by bailey (12-12-2021 11:05:30) Run:9
Running from C:\Users\baile\Desktop
Loaded Profiles: bailey
Boot Mode: Normal
==============================================

fixlist content:
*****************
CreateRestorePoint:
CloseProcesses:
ContextMenuHandlers5: [igfxcui] -> {3AB1675A-CCFF-11D2-8B20-00A0C93CB1F4} => -> No File
SearchScopes: HKU\S-1-5-21-260720292-2504253849-2348319339-1001 -> DefaultScope {D4DBA3E0-BA8B-43C2-9BDB-2CD84DB0CF9F} URL =
SearchScopes: HKU\S-1-5-21-260720292-2504253849-2348319339-1001 -> {D4DBA3E0-BA8B-43C2-9BDB-2CD84DB0CF9F} URL =
Task: {0C68E377-4230-4022-A8A5-D900B8A42B48} - System32\Tasks\Lenovo\ImController\TimeBasedEvents\9be1c45d-442d-4031-87d9-781acf873704 => C:\WINDOWS\Lenovo\ImController\Service\Lenovo.Modern.ImController.exe [83200 2021-11-07] (Lenovo -> Lenovo Group Ltd.)
Task: {2152845E-7E73-43B0-A41C-3BAC4B4F917F} - System32\Tasks\Lenovo\ImController\Lenovo iM Controller Monitor => C:\WINDOWS\system32\ImController.InfInstaller.exe [63728 2021-11-07] (Lenovo -> Lenovo Group Ltd.)
Task: {33C5F5B1-EBB6-4AAE-BBE9-16865B58DEA4} - System32\Tasks\Lenovo\ImController\TimeBasedEvents\21fc5194-9e46-4cab-8172-f517c74f35dc => C:\WINDOWS\Lenovo\ImController\Service\Lenovo.Modern.ImController.exe [83200 2021-11-07] (Lenovo -> Lenovo Group Ltd.)
Task: {56234CCD-D517-4D55-A10A-B3B57BCA2011} - System32\Tasks\Lenovo\ImController\TimeBasedEvents\0e123aa9-1f20-4aee-ab3e-b38f69163d6a => C:\WINDOWS\Lenovo\ImController\Service\Lenovo.Modern.ImController.exe [83200 2021-11-07] (Lenovo -> Lenovo Group Ltd.)
Task: {8B327BA8-3DBC-4577-9BDE-54D6397032E2} - System32\Tasks\Lenovo\BatteryGauge\BatteryGaugeMaintenance => C:\ProgramData\Lenovo\ImController\Plugins\LenovoBatteryGaugePackage\x64\BGHelper.exe [145480 2021-09-09] (Lenovo -> Lenovo Group Ltd.)
Task: {ABD1E5B4-ABB5-4E88-8C51-D1C1A5D0C00E} - System32\Tasks\Lenovo\ImController\Lenovo iM Controller Scheduled Maintenance => "%windir%\system32\sc.exe" START ImControllerService
Task: {D5900B3D-7367-4F08-BCB6-84F1B06493F7} - System32\Tasks\Lenovo\ImController\TimeBasedEvents\d521a18c-cc28-42c4-9391-dd3860052e99 => C:\WINDOWS\Lenovo\ImController\Service\Lenovo.Modern.ImController.exe [83200 2021-11-07] (Lenovo -> Lenovo Group Ltd.)
Task: {DB6254B9-EAC9-467E-B6C6-E63CDDC7C705} - System32\Tasks\Lenovo\ImController\Plugins\LenovoSystemUpdatePlugin_WeeklyTask => %windir%\System32\reg.exe add hklm\SOFTWARE\Lenovo\SystemUpdatePlugin\scheduler /v start /t reg_dword /d 1 /f /reg:32
Task: {E6682B64-5E82-4A95-BE86-C9DB69ADC2E0} - System32\Tasks\Lenovo\ImController\TimeBasedEvents\2207ba55-1cd0-4395-91a0-482a8397b941 => C:\WINDOWS\Lenovo\ImController\Service\Lenovo.Modern.ImController.exe [83200 2021-11-07] (Lenovo -> Lenovo Group Ltd.)
Task: {EE3668F8-BBB2-4DDE-9358-770A17D5080C} - System32\Tasks\Apple Diagnostics => C:\Users\baile\AppData\Local\Microsoft\WindowsApps\eReporter-AppX.exe [0 2021-12-07] () [simlink -> ]
R2 ImControllerService; C:\WINDOWS\Lenovo\ImController\Service\Lenovo.Modern.ImController.exe [83200 2021-11-07] (Lenovo -> Lenovo Group Ltd.)
2021-12-06 11:47 - 2021-12-06 12:43 - 000000000 ____D C:\WINDOWS\system32\Tasks\Lenovo
2021-12-06 11:43 - 2021-12-06 11:43 - 000000000 ____D C:\Users\baile\AppData\Local\Lenovo
2021-12-06 11:41 - 2021-12-06 11:41 - 000000000 ____D C:\WINDOWS\system32\Tasks\McAfee
2021-12-06 11:41 - 2021-12-06 11:41 - 000000000 ____D C:\WINDOWS\system32\Tasks\HP
2021-12-06 11:41 - 2021-12-06 11:41 - 000000000 ____D C:\WINDOWS\system32\Tasks\Apple
2021-12-06 11:41 - 2021-12-06 11:41 - 000000000 ____D C:\WINDOWS\system32\Tasks\Agent Activation Runtime
C:\WINDOWS\Lenovo\ImController
C:\WINDOWS\system32\ImController.InfInstaller.exe
C:\ProgramData\Lenovo\ImController
DeleteKey: HKU\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Host App Service
DeleteKey: HKU\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Host App Service
EmptyTemp:

*****************

Restore point was successfully created.
Processes closed successfully.
HKLM\Software\Classes\Directory\Background\ShellEx\ContextMenuHandlers\igfxcui => removed successfully
"HKU\S-1-5-21-260720292-2504253849-2348319339-1001\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope" => removed successfully
HKU\S-1-5-21-260720292-2504253849-2348319339-1001\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{D4DBA3E0-BA8B-43C2-9BDB-2CD84DB0CF9F} => removed successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{0C68E377-4230-4022-A8A5-D900B8A42B48}" => removed successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{0C68E377-4230-4022-A8A5-D900B8A42B48}" => removed successfully
C:\WINDOWS\System32\Tasks\Lenovo\ImController\TimeBasedEvents\9be1c45d-442d-4031-87d9-781acf873704 => moved successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Lenovo\ImController\TimeBasedEvents\9be1c45d-442d-4031-87d9-781acf873704" => removed successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{2152845E-7E73-43B0-A41C-3BAC4B4F917F}" => removed successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{2152845E-7E73-43B0-A41C-3BAC4B4F917F}" => removed successfully
C:\WINDOWS\System32\Tasks\Lenovo\ImController\Lenovo iM Controller Monitor => moved successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Lenovo\ImController\Lenovo iM Controller Monitor" => removed successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{33C5F5B1-EBB6-4AAE-BBE9-16865B58DEA4}" => removed successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{33C5F5B1-EBB6-4AAE-BBE9-16865B58DEA4}" => removed successfully
C:\WINDOWS\System32\Tasks\Lenovo\ImController\TimeBasedEvents\21fc5194-9e46-4cab-8172-f517c74f35dc => moved successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Lenovo\ImController\TimeBasedEvents\21fc5194-9e46-4cab-8172-f517c74f35dc" => removed successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{56234CCD-D517-4D55-A10A-B3B57BCA2011}" => removed successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{56234CCD-D517-4D55-A10A-B3B57BCA2011}" => removed successfully
C:\WINDOWS\System32\Tasks\Lenovo\ImController\TimeBasedEvents\0e123aa9-1f20-4aee-ab3e-b38f69163d6a => moved successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Lenovo\ImController\TimeBasedEvents\0e123aa9-1f20-4aee-ab3e-b38f69163d6a" => removed successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{8B327BA8-3DBC-4577-9BDE-54D6397032E2}" => removed successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{8B327BA8-3DBC-4577-9BDE-54D6397032E2}" => removed successfully
C:\WINDOWS\System32\Tasks\Lenovo\BatteryGauge\BatteryGaugeMaintenance => moved successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Lenovo\BatteryGauge\BatteryGaugeMaintenance" => removed successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{ABD1E5B4-ABB5-4E88-8C51-D1C1A5D0C00E}" => removed successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{ABD1E5B4-ABB5-4E88-8C51-D1C1A5D0C00E}" => removed successfully
C:\WINDOWS\System32\Tasks\Lenovo\ImController\Lenovo iM Controller Scheduled Maintenance => moved successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Lenovo\ImController\Lenovo iM Controller Scheduled Maintenance" => removed successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{D5900B3D-7367-4F08-BCB6-84F1B06493F7}" => removed successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{D5900B3D-7367-4F08-BCB6-84F1B06493F7}" => removed successfully
C:\WINDOWS\System32\Tasks\Lenovo\ImController\TimeBasedEvents\d521a18c-cc28-42c4-9391-dd3860052e99 => moved successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Lenovo\ImController\TimeBasedEvents\d521a18c-cc28-42c4-9391-dd3860052e99" => removed successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{DB6254B9-EAC9-467E-B6C6-E63CDDC7C705}" => removed successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{DB6254B9-EAC9-467E-B6C6-E63CDDC7C705}" => removed successfully
C:\WINDOWS\System32\Tasks\Lenovo\ImController\Plugins\LenovoSystemUpdatePlugin_WeeklyTask => moved successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Lenovo\ImController\Plugins\LenovoSystemUpdatePlugin_WeeklyTask" => removed successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{E6682B64-5E82-4A95-BE86-C9DB69ADC2E0}" => removed successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{E6682B64-5E82-4A95-BE86-C9DB69ADC2E0}" => removed successfully
C:\WINDOWS\System32\Tasks\Lenovo\ImController\TimeBasedEvents\2207ba55-1cd0-4395-91a0-482a8397b941 => moved successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Lenovo\ImController\TimeBasedEvents\2207ba55-1cd0-4395-91a0-482a8397b941" => removed successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{EE3668F8-BBB2-4DDE-9358-770A17D5080C}" => removed successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{EE3668F8-BBB2-4DDE-9358-770A17D5080C}" => removed successfully
C:\WINDOWS\System32\Tasks\Apple Diagnostics => moved successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Apple Diagnostics" => removed successfully
HKLM\System\CurrentControlSet\Services\ImControllerService => removed successfully
ImControllerService => service removed successfully
C:\WINDOWS\system32\Tasks\Lenovo => moved successfully
C:\Users\baile\AppData\Local\Lenovo => moved successfully
C:\WINDOWS\system32\Tasks\McAfee => moved successfully
C:\WINDOWS\system32\Tasks\HP => moved successfully
C:\WINDOWS\system32\Tasks\Apple => moved successfully
C:\WINDOWS\system32\Tasks\Agent Activation Runtime => moved successfully
C:\WINDOWS\Lenovo\ImController => moved successfully
C:\WINDOWS\system32\ImController.InfInstaller.exe => moved successfully
C:\ProgramData\Lenovo\ImController => moved successfully
HKU\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Host App Service => removed successfully
HKU\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Host App Service => removed successfully

=========== EmptyTemp: ==========

BITS transfer queue => 1572864 B
DOMStore, IE Recovery, AppCache, Feeds Cache, Thumbcache, IconCache => 30578222 B
Java, Flash, Steam htmlcache => 0 B
Windows/system/drivers => 7483235 B
Edge => 0 B
Chrome => 514002917 B
Firefox => 0 B
Opera => 0 B

Temp, IE cache, history, cookies, recent:
Default => 0 B
ProgramData => 0 B
Public => 0 B
systemprofile => 0 B
systemprofile32 => 0 B
LocalService => 0 B
NetworkService => 21806 B
baile => 11264444 B

RecycleBin => 785341623 B
EmptyTemp: => 1.3 GB temporary data Removed.

================================

The system needed a reboot.

==== End of Fixlog 11:06:16 ====
 
Discussion starter · #53 ·
Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 11-12-2021
Ran by bailey (administrator) on YOGA720-15IKB (LENOVO 80X7) (12-12-2021 11:11:29)
Running from C:\Users\baile\Desktop
Loaded Profiles: bailey
Platform: Microsoft Windows 10 Home Version 21H2 19044.1348 (X64) Language: English (United States)
Default browser: Chrome
Boot Mode: Normal

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(Adobe Inc. -> Adobe Systems, Incorporated) C:\Program Files (x86)\Common Files\Adobe\AdobeGCClient\AGMService.exe
(Adobe Inc. -> Adobe Systems, Incorporated) C:\Program Files (x86)\Common Files\Adobe\AdobeGCClient\AGSService.exe
(Apple Inc. -> Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(Apple Inc. -> Apple Inc.) C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(Apple Inc.) C:\Program Files\WindowsApps\AppleInc.iCloud_13.0.201.0_x86__nzyj5cx40ttqa\iCloud\APSDaemon.exe
(Apple Inc.) C:\Program Files\WindowsApps\AppleInc.iCloud_13.0.201.0_x86__nzyj5cx40ttqa\iCloud\iCloudServices.exe
(Dolby Laboratories, Inc. -> ) C:\Program Files\Dolby\Dolby DAX3\API\DAX3API.exe
(Dolby Laboratories, Inc. -> Dolby Laboratories, Inc.) C:\Program Files\Dolby\Dolby DAX3\APP\DAX3TrayIcon.exe
(Express Vpn LLC -> ExpressVPN) C:\Program Files (x86)\ExpressVPN\bootstrap\amd64\nssm.exe
(Express Vpn LLC -> ExpressVPN) C:\Program Files (x86)\ExpressVPN\expressvpnd\expressvpnd.exe
(Express Vpn LLC -> ExpressVPN) C:\Program Files (x86)\ExpressVPN\expressvpn-ui\ExpressVPN.exe
(Express Vpn LLC -> ExpressVPN) C:\Program Files (x86)\ExpressVPN\expressvpn-ui\ExpressVPNNotificationService.exe
(Google LLC -> Google LLC) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe <15>
(Google LLC -> Google LLC) C:\Program Files (x86)\Google\Update\1.3.36.112\GoogleCrashHandler.exe
(Google LLC -> Google LLC) C:\Program Files (x86)\Google\Update\1.3.36.112\GoogleCrashHandler64.exe
(HP Inc. -> HP Inc.) C:\Program Files\HPPrintScanDoctor\HPPrintScanDoctorService.exe
(Intel Corporation -> Intel Corporation) C:\Windows\System32\Intel\DPTF\esif_uf.exe
(Intel Corporation -> Intel Corporation) C:\Windows\Temp\DPTF\esif_assist_64.exe
(Intel(R) pGFX -> Intel Corporation) C:\Windows\System32\DriverStore\FileRepository\igdlh64.inf_amd64_3d757484a892eacf\igfxCUIService.exe
(Intel(R) pGFX -> Intel Corporation) C:\Windows\System32\DriverStore\FileRepository\igdlh64.inf_amd64_3d757484a892eacf\igfxEM.exe
(Intel(R) pGFX -> Intel Corporation) C:\Windows\System32\DriverStore\FileRepository\igdlh64.inf_amd64_3d757484a892eacf\IntelCpHDCPSvc.exe
(Intel(R) pGFX -> Intel Corporation) C:\Windows\System32\DriverStore\FileRepository\igdlh64.inf_amd64_3d757484a892eacf\IntelCpHeciSvc.exe
(Intel(R) Wireless Connectivity Solutions -> Intel Corporation) C:\Windows\System32\ibtsiva.exe
(Logitech Inc -> Logitech) C:\ProgramData\Logishrd\LogiOptions\Software\Current\LogiOverlay.exe
(Logitech Inc -> Logitech, Inc.) C:\Program Files\Logitech\LogiOptions\LogiOptions.exe
(Logitech Inc -> Logitech, Inc.) C:\ProgramData\Logishrd\LogiOptions\Software\Current\LogiOptionsMgr.exe
(Microsoft Corporation -> Microsoft Corporation) C:\Program Files\Microsoft Office 15\ClientX64\officeclicktorun.exe
(Microsoft Corporation -> Microsoft Corporation) C:\Program Files\Microsoft Office 15\root\office15\ONENOTEM.EXE
(Microsoft Corporation -> Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v3.0\WPF\PresentationFontCache.exe
(Microsoft Corporation) C:\Program Files\WindowsApps\Microsoft.549981C3F5F10_3.2110.13603.0_x64__8wekyb3d8bbwe\Cortana.exe
(Microsoft Corporation) C:\Program Files\WindowsApps\Microsoft.YourPhone_1.21111.123.0_x64__8wekyb3d8bbwe\YourPhoneAppProxy\YourPhoneAppProxy.exe
(Microsoft Corporation) C:\Program Files\WindowsApps\Microsoft.ZuneMusic_10.21102.11411.0_x64__8wekyb3d8bbwe\Music.UI.exe
(Microsoft Windows -> Microsoft Corporation) C:\Windows\ImmersiveControlPanel\SystemSettings.exe
(Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\smartscreen.exe
(Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\wbem\WMIADAP.exe
(Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\wlanext.exe
(Microsoft Windows -> Microsoft Corporation) C:\Windows\SysWOW64\dllhost.exe
(Microsoft Windows Publisher -> Microsoft Corporation) C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.2110.6-0\MsMpEng.exe
(Microsoft Windows Publisher -> Microsoft Corporation) C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.2110.6-0\NisSrv.exe
(Realtek Semiconductor Corp. -> Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe <3>
(Realtek Semiconductor Corp. -> Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
(Realtek Semiconductor Corp. -> Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RtkAudioService64.exe
(Wacom Technology Corp. -> Wacom Technology) C:\Program Files\Tablet\ISD\WacomHost.exe
(Wacom Technology Corporation -> Wacom Technology, Corp.) C:\Program Files\Tablet\ISD\ISD_Tablet.exe
(Wacom Technology Corporation -> Wacom Technology, Corp.) C:\Program Files\Tablet\ISD\ISD_TabletUser.exe
(Wacom Technology Corporation -> Wacom Technology, Corp.) C:\Program Files\Tablet\ISD\WTabletServiceISD.exe
(Western Digital Technologies, Inc. -> Western Digital Technologies, Inc.) C:\Program Files (x86)\Western Digital\WD App Manager\Plugins\WD Backup\App\WDBackupService.exe
(Western Digital Technologies, Inc. -> Western Digital Technologies, Inc.) C:\Program Files (x86)\Western Digital\WD App Manager\WDAppManager.exe

==================== Registry (Whitelisted) ===================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [AdobeAAMUpdater-1.0] => C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe [509936 2018-04-10] (Adobe Systems Incorporated -> Adobe Systems Incorporated)
HKLM\...\Run: [AdobeGCInvoker-1.0] => C:\Program Files (x86)\Common Files\Adobe\AdobeGCClient\AGCInvokerUtility.exe [3426560 2021-11-23] (Adobe Inc. -> Adobe Systems, Incorporated)
HKLM\...\Run: [RTHDVCPL] => C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [18382824 2017-08-10] (Realtek Semiconductor Corp. -> Realtek Semiconductor)
HKLM\...\Run: [RtHDVBg_Dolby] => C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe [1493992 2017-08-10] (Realtek Semiconductor Corp. -> Realtek Semiconductor)
HKLM\...\Run: [RtHDVBg_LENOVO_DOLBYDRAGON] => C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe [1493992 2017-08-10] (Realtek Semiconductor Corp. -> Realtek Semiconductor)
HKLM\...\Run: [iTunesHelper] => C:\Users\baile\Downloads\iTunesHelper.exe [340440 2021-04-16] (Apple Inc. -> Apple Inc.)
HKLM\...\Run: [LogiOptions] => C:\Program Files\Logitech\LogiOptions\LogiOptions.exe [1675680 2021-09-24] (Logitech Inc -> Logitech, Inc.)
HKLM\...\Run: [APP] => C:\Program Files\Dolby\Dolby DAX3\APP\DAX3TrayIcon.exe [999216 2017-04-28] (Dolby Laboratories, Inc. -> Dolby Laboratories, Inc.)
HKLM\...\Run: [Logitech Download Assistant] => C:\Windows\System32\LogiLDA.dll [3831808 2021-08-30] (Microsoft Windows Hardware Compatibility Publisher -> Logitech)
HKLM-x32\...\Run: [WDAppManager] => C:\Program Files (x86)\Western Digital\WD App Manager\AppManagerLauncher.exe [21888 2018-01-24] (Western Digital Technologies, Inc. -> Western Digital Technologies, Inc.)
HKLM-x32\...\Run: [Polarr] => C:\ProgramData\SquirrelMachineInstalls\Polarr.exe [73300232 2020-06-16] (Polarr, Inc. -> Polarr, Inc.) [File not signed]
HKLM-x32\...\Run: [Fitbit Connect] => C:\Users\baile\Downloads\Fitbit Connect.exe [3414184 2015-09-11] (Fitbit, Inc. -> Fitbit, Inc.) [File not signed]
HKLM-x32\...\Run: [ExpressVPNNotificationService] => C:\Program Files (x86)\ExpressVPN\expressvpn-ui\ExpressVPNNotificationServiceStarter.exe [373600 2021-01-18] (Express Vpn LLC -> ExpressVPN)
HKU\S-1-5-21-260720292-2504253849-2348319339-1001\...\Run: [Fitbit Connect] => C:\Users\baile\Downloads\Fitbit Connect.exe [3414184 2015-09-11] (Fitbit, Inc. -> Fitbit, Inc.) [File not signed]
HKU\S-1-5-21-260720292-2504253849-2348319339-1001\...\Run: [Steam] => C:\Users\baile\New folder\steam.exe [3421984 2020-12-07] (Valve -> Valve Corporation)
HKU\S-1-5-21-260720292-2504253849-2348319339-1001\...\Run: [ExpressVPN4] => C:\Program Files (x86)\ExpressVPN\expressvpn-ui\ExpressVPN.exe [850272 2021-01-18] (Express Vpn LLC -> ExpressVPN)
HKLM\...\Print\Monitors\HP 5912 Status Monitor: hpinksts5912LM.dll
HKLM\Software\Microsoft\Active Setup\Installed Components: [{8A69D345-D564-463c-AFF1-A69D9E530F96}] -> C:\Program Files (x86)\Google\Chrome\Application\96.0.4664.93\Installer\chrmstp.exe [2021-12-08] (Google LLC -> Google LLC)
Startup: C:\Users\baile\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Send to OneNote.lnk [2021-12-09]
ShortcutTarget: Send to OneNote.lnk -> C:\Program Files\Microsoft Office 15\root\office15\ONENOTEM.EXE (Microsoft Corporation -> Microsoft Corporation)

==================== Scheduled Tasks (Whitelisted) ============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

Task: {0E41EACB-602F-472D-A50B-BAC99EBC6892} - System32\Tasks\AdobeAAMUpdater-1.0-MicrosoftAccount-baileyl032017@outlook.com => C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe [509936 2018-04-10] (Adobe Systems Incorporated -> Adobe Systems Incorporated)
Task: {10D771B3-2D11-4309-B81F-F345B570E2B4} - System32\Tasks\CreateExplorerShellUnelevatedTask => C:\WINDOWS\Explorer.exe /NOUACCHECK
Task: {138C7D27-E8F7-45CF-824E-5382F35FB876} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [153168 2017-12-30] (Google Inc -> Google Inc.)
Task: {1F3D31A8-1D0B-47FF-8300-4DE9302035ED} - System32\Tasks\HPPSDrTelemetryWatch => C:\Program Files (x86)\HP\Diagnostics\TelemetryWatch\PSDrTelemetryWatch.exe [32808 2020-01-14] (HP Inc. -> )
Task: {20FDF483-B4A8-4CEF-A0DD-BFD065B5ED91} - System32\Tasks\Microsoft\Windows\Windows Defender\Windows Defender Verification => C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.2110.6-0\MpCmdRun.exe [901056 2021-11-02] (Microsoft Windows Publisher -> Microsoft Corporation)
Task: {25B126E2-E129-4B8C-A051-AE8F6C2AC12F} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [153168 2017-12-30] (Google Inc -> Google Inc.)
Task: {59866E19-5E2E-4586-9F79-52A3BD86C3B6} - System32\Tasks\Microsoft\Windows\Windows Defender\Windows Defender Cache Maintenance => C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.2110.6-0\MpCmdRun.exe [901056 2021-11-02] (Microsoft Windows Publisher -> Microsoft Corporation)
Task: {75101032-CD10-4D65-928B-35A3A80C5829} - System32\Tasks\Microsoft\Windows\Windows Defender\Windows Defender Cleanup => C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.2110.6-0\MpCmdRun.exe [901056 2021-11-02] (Microsoft Windows Publisher -> Microsoft Corporation)
Task: {8B91E542-FE4C-432F-BF64-0EC991CA49A9} - System32\Tasks\Microsoft\Windows\Windows Defender\Windows Defender Scheduled Scan => C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.2110.6-0\MpCmdRun.exe [901056 2021-11-02] (Microsoft Windows Publisher -> Microsoft Corporation)
Task: {90484D13-C697-40E3-9114-7AF344EA07BB} - System32\Tasks\AdobeGCInvoker-1.0 => C:\Program Files (x86)\Common Files\Adobe\AdobeGCClient\AGCInvokerUtility.exe [3426560 2021-11-23] (Adobe Inc. -> Adobe Systems, Incorporated)
Task: {A9273BAF-7D29-4FA6-8AD5-DB9A00224729} - System32\Tasks\Microsoft\Office\Office ClickToRun Service Monitor => C:\Program Files\Microsoft Office 15\ClientX64\OfficeC2RClient.exe [972184 2021-03-17] (Microsoft Corporation -> Microsoft Corporation)
Task: {BBEF7351-1502-4175-AC87-4BAB29443B41} - \Agent Activation Runtime\S-1-5-21-260720292-2504253849-2348319339-1001 -> No File <==== ATTENTION
Task: {D7E912F0-CD6F-456B-A47A-42DCED783974} - System32\Tasks\AdobeAAMUpdater-1.0-YOGA720-15IKB-bailey => C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe [509936 2018-04-10] (Adobe Systems Incorporated -> Adobe Systems Incorporated)
Task: {E631038B-2CFE-4CA4-9F1F-8732D0DFB9A8} - \Apple\AppleSoftwareUpdate -> No File <==== ATTENTION
Task: {EC6B61A4-0F42-49F5-83DA-B1C2D337B005} - System32\Tasks\Microsoft\Office\Office Automatic Updates => C:\Program Files\Microsoft Office 15\ClientX64\OfficeC2RClient.exe [972184 2021-03-17] (Microsoft Corporation -> Microsoft Corporation)

(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

Tcpip\Parameters: [DhcpNameServer] 192.168.1.1
Tcpip\..\Interfaces\{22bdf8f0-d55e-4cab-bdff-f39f79a367ff}: [NameServer] 10.186.0.1
Tcpip\..\Interfaces\{3c4a9f21-8085-4361-98eb-ab3060e81302}: [DhcpNameServer] 192.168.1.1

Edge:
=======
DownloadDir: C:\Users\baile\Downloads
Edge Notifications: HKU\S-1-5-21-260720292-2504253849-2348319339-1001 -> hxxps://gundersenhealthengage.mrcommunities.com
Edge DefaultProfile: Default
Edge Profile: C:\Users\baile\AppData\Local\Microsoft\Edge\User Data\Default [2021-12-12]
Edge HomePage: Default -> hxxp://www.google.com/
Edge StartupUrls: Default -> "hxxp://www.google.com/"
Edge Extension: (Honey) - C:\Users\baile\AppData\Local\Microsoft\Edge\User Data\Default\Extensions\amnbcmdbanbkjhnfoeceemmmdiepnbpp [2021-12-04]
Edge Extension: (LastPass: Free Password Manager) - C:\Users\baile\AppData\Local\Microsoft\Edge\User Data\Default\Extensions\bbcinlkgjjkejfdpemiealijmmooekmp [2021-12-04]
Edge Extension: (Grammarly for Microsoft Edge) - C:\Users\baile\AppData\Local\Microsoft\Edge\User Data\Default\Extensions\cnlefmmeadmemmdciolhbnfeacpdfbkd [2021-12-10]
Edge Extension: (Fancy & Cool Text Generator) - C:\Users\baile\AppData\Local\Microsoft\Edge\User Data\Default\Extensions\fafnphaopehepcmfnakggljonnhkofpk [2021-12-04]
Edge Extension: (Rakuten: Get Cash Back For Shopping) - C:\Users\baile\AppData\Local\Microsoft\Edge\User Data\Default\Extensions\gmmlpenookphoknnpfilofakghemolmg [2021-12-04]
Edge HKLM-x32\...\Edge\Extension: [ihcjicgdanjaechkgeegckofjjedodee]

FireFox:
========
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\Program Files\Microsoft Office 15\root\Office15\NPSPWRAP.DLL [2017-12-20] (Microsoft Corporation -> Microsoft Corporation)
FF Plugin-x32: @parallelgraphics.com/Cortona -> C:\Program Files (x86)\Common Files\ParallelGraphics\Cortona\npcortona.dll [2019-09-12] (Parallel Graphics Limited -> ParallelGraphics)
FF Plugin HKU\S-1-5-21-260720292-2504253849-2348319339-1001: @rocketlife.com/RocketLife Secure Plug-In Layer;version=1.0.5 -> C:\Users\baile\AppData\Roaming\Visan\plugins\npRLSecurePluginLayer.dll [2011-11-15] (RocketLife -> RocketLife, LLP)
FF Plugin HKU\S-1-5-21-260720292-2504253849-2348319339-1001: SkypeForBusinessPlugin-16.2 -> C:\Users\baile\AppData\Local\Microsoft\SkypeForBusinessPlugin\16.2.0.511\npGatewayNpapi.dll [2019-08-03] (Microsoft Corporation -> Microsoft Corporation)
FF Plugin HKU\S-1-5-21-260720292-2504253849-2348319339-1001: SkypeForBusinessPlugin64-16.2 -> C:\Users\baile\AppData\Local\Microsoft\SkypeForBusinessPlugin\16.2.0.511\npGatewayNpapi-x64.dll [2019-08-03] (Microsoft Corporation -> Microsoft Corporation)

Chrome:
=======
CHR DefaultProfile: Default
CHR Profile: C:\Users\baile\AppData\Local\Google\Chrome\User Data\Default [2021-12-12]
CHR Notifications: Default -> hxxps://typiccor.com; hxxps://www.facebook.com; hxxps://www.youtube.com
CHR HomePage: Default -> file:///C:/Users/Owner/Documents/Medical
CHR StartupUrls: Default -> "hxxp://google.com/"
CHR Extension: (Slides) - C:\Users\baile\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2017-12-30]
CHR Extension: (Docs) - C:\Users\baile\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2017-12-30]
CHR Extension: (Google Drive) - C:\Users\baile\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2020-10-20]
CHR Extension: (YouTube) - C:\Users\baile\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2017-12-30]
CHR Extension: (Honey) - C:\Users\baile\AppData\Local\Google\Chrome\User Data\Default\Extensions\bmnlcjabgnpnenekpadlanbbkooimhnj [2021-11-19]
CHR Extension: (Rakuten: Get Cash Back For Shopping) - C:\Users\baile\AppData\Local\Google\Chrome\User Data\Default\Extensions\chhjbpecpncaggjpdakmflnfcopglcmi [2021-11-18]
CHR Extension: (Netflix) - C:\Users\baile\AppData\Local\Google\Chrome\User Data\Default\Extensions\deceagebecbceejblnlcjooeohmmeldh [2017-12-30]
CHR Extension: (Sheets) - C:\Users\baile\AppData\Local\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2017-12-30]
CHR Extension: (Google Docs Offline) - C:\Users\baile\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2021-11-30]
CHR Extension: (LastPass: Free Password Manager) - C:\Users\baile\AppData\Local\Google\Chrome\User Data\Default\Extensions\hdokiejnpimakedhajhdlcegeplioahd [2021-11-25]
CHR Extension: (Malwarebytes Browser Guard) - C:\Users\baile\AppData\Local\Google\Chrome\User Data\Default\Extensions\ihcjicgdanjaechkgeegckofjjedodee [2021-11-24]
CHR Extension: (Grammarly for Chrome) - C:\Users\baile\AppData\Local\Google\Chrome\User Data\Default\Extensions\kbfnbcaeplbcioakkpcpgfkobkghlhen [2021-12-05]
CHR Extension: (Capital One Shopping: Add to Chrome for Free) - C:\Users\baile\AppData\Local\Google\Chrome\User Data\Default\Extensions\nenlahapcbofgnanklpelkaejcehkggg [2021-12-07]
CHR Extension: (Chrome Web Store Payments) - C:\Users\baile\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2021-01-28]
CHR Extension: (Gmail) - C:\Users\baile\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2020-10-22]
CHR Profile: C:\Users\baile\AppData\Local\Google\Chrome\User Data\Guest Profile [2020-08-15]
CHR Profile: C:\Users\baile\AppData\Local\Google\Chrome\User Data\System Profile [2020-08-15]
CHR HKLM-x32\...\Chrome\Extension: [ihcjicgdanjaechkgeegckofjjedodee]

==================== Services (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R2 AGMService; C:\Program Files (x86)\Common Files\Adobe\AdobeGCClient\AGMService.exe [3849472 2021-11-23] (Adobe Inc. -> Adobe Systems, Incorporated)
R2 AGSService; C:\Program Files (x86)\Common Files\Adobe\AdobeGCClient\AGSService.exe [3617024 2021-11-23] (Adobe Inc. -> Adobe Systems, Incorporated)
R2 Apple Mobile Device Service; C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe [99104 2021-03-16] (Apple Inc. -> Apple Inc.)
S3 BEService; C:\Program Files (x86)\Common Files\BattlEye\BEService.exe [8473200 2019-06-09] (BattlEye Innovations e.K. -> )
R2 ClickToRunSvc; C:\Program Files\Microsoft Office 15\ClientX64\OfficeClickToRun.exe [3052952 2021-03-17] (Microsoft Corporation -> Microsoft Corporation)
R2 Dolby DAX API Service; C:\Program Files\Dolby\Dolby DAX3\API\DAX3API.exe [212784 2017-04-28] (Dolby Laboratories, Inc. -> )
S3 EasyAntiCheat; C:\Program Files (x86)\EasyAntiCheat\EasyAntiCheat.exe [803440 2019-06-09] (EasyAntiCheat Oy -> EasyAntiCheat Ltd)
R2 ExpressVPNService; C:\Program Files (x86)\ExpressVPN\bootstrap\amd64\nssm.exe [437088 2021-01-18] (Express Vpn LLC -> ExpressVPN)
R2 HPPrintScanDoctorService; C:\Program Files\HPPrintScanDoctor\HPPrintScanDoctorService.exe [299680 2021-11-01] (HP Inc. -> HP Inc.)
S3 MBAMService; C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe [7848632 2021-11-07] (Malwarebytes Inc -> Malwarebytes)
S3 WD Backup Drive Helper; C:\WINDOWS\SysWOW64\dllhost.exe /Processid:{4AB831D3-8315-414C-8A7A-303105288D0B} [19256 2021-10-06] (Microsoft Windows -> Microsoft Corporation)
S3 WD Backup Snapshot; C:\WINDOWS\SysWOW64\dllhost.exe /Processid:{302480DF-3AC5-4400-BE7B-DD77AF93B6DD} [19256 2021-10-06] (Microsoft Windows -> Microsoft Corporation)
R3 WdNisSvc; C:\ProgramData\Microsoft\Windows Defender\platform\4.18.2110.6-0\NisSrv.exe [2872024 2021-11-02] (Microsoft Windows Publisher -> Microsoft Corporation)
R2 WinDefend; C:\ProgramData\Microsoft\Windows Defender\platform\4.18.2110.6-0\MsMpEng.exe [128376 2021-11-02] (Microsoft Windows Publisher -> Microsoft Corporation)

===================== Drivers (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

S3 aftap0901; C:\WINDOWS\System32\drivers\aftap0901.sys [48624 2018-03-06] (AnchorFree Inc -> The OpenVPN Project)
S3 expressvpnsplittunnel; C:\Program Files (x86)\ExpressVPN\splittunnel\expressvpnsplittunnel.sys [37024 2021-01-18] (ExprsVPN LLC -> ExpressVPN)
R3 expressvpnwintun; C:\WINDOWS\System32\drivers\expressvpn-wintun.sys [46824 2021-01-18] (Express VPN International Ltd. -> ExpressVPN)
S0 MbamElam; C:\WINDOWS\System32\DRIVERS\MbamElam.sys [19912 2020-12-27] (Microsoft Windows Early Launch Anti-malware Publisher -> Malwarebytes)
S3 MBAMSwissArmy; C:\WINDOWS\System32\Drivers\mbamswissarmy.sys [248992 2021-11-07] (Malwarebytes Inc -> Malwarebytes)
S3 Netaapl; C:\WINDOWS\System32\drivers\netaapl64.sys [23040 2017-11-27] (Microsoft Windows Hardware Compatibility Publisher -> Apple Inc.)
R3 tap0901; C:\WINDOWS\System32\drivers\tap0901.sys [39040 2018-08-15] (GZ Systems Limited -> The OpenVPN Project)
R3 tapexpressvpn; C:\WINDOWS\System32\drivers\tapexpressvpn.sys [52904 2021-01-18] (ExprsVPN LLC -> The OpenVPN Project)
S3 USBAAPL64; C:\WINDOWS\System32\Drivers\usbaapl64.sys [54784 2017-11-27] (Microsoft Windows Hardware Compatibility Publisher -> Apple, Inc.)
R3 WacHidRouterISD; C:\WINDOWS\system32\DRIVERS\wachidrouter_isd.sys [142424 2017-05-24] (Wacom Technology Corporation -> Wacom Technology, Corp.)
S0 WdBoot; C:\WINDOWS\System32\drivers\wd\WdBoot.sys [48520 2021-11-02] (Microsoft Windows Early Launch Anti-malware Publisher -> Microsoft Corporation)
S3 WDC_SAM; C:\WINDOWS\System32\drivers\wdcsam64.sys [26880 2015-11-12] (WDKTestCert wdclab,130885612892544312 -> Western Digital Technologies, Inc.)
R0 WdFilter; C:\WINDOWS\System32\drivers\wd\WdFilter.sys [435424 2021-11-02] (Microsoft Windows -> Microsoft Corporation)
R3 WdNisDrv; C:\WINDOWS\System32\drivers\wd\WdNisDrv.sys [86240 2021-11-02] (Microsoft Windows -> Microsoft Corporation)

==================== NetSvcs (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

==================== One month (created) (Whitelisted) =========

(If an entry is included in the fixlist, the file/folder will be moved.)

2021-12-12 11:11 - 2021-12-12 11:11 - 000023411 _____ C:\Users\baile\Desktop\FRST.txt
2021-12-12 11:05 - 2021-12-12 11:06 - 000011621 _____ C:\Users\baile\Desktop\Fixlog.txt
2021-12-12 11:01 - 2021-12-12 11:01 - 000000166 _____ C:\Users\baile\Desktop\fix.reg
2021-12-11 23:14 - 2021-12-11 23:14 - 000000000 ____D C:\Users\baile\Documents\My Media
2021-12-11 00:13 - 2021-12-11 00:13 - 000003386 _____ C:\WINDOWS\system32\Tasks\MicrosoftEdgeUpdateTaskMachineCore1d7eac7dfec1a48
2021-12-10 22:03 - 2021-12-10 22:03 - 000000000 ____D C:\Users\baile\Documents\New folder
2021-12-07 09:55 - 2021-12-07 09:55 - 000000000 ____D C:\Users\baile\AppData\Local\TempTaskUpdateDetection571071D5-D41E-4820-80EE-1A7417AC8614
2021-12-06 13:33 - 2021-12-06 11:41 - 000000000 ____D C:\Windows.old
2021-12-06 12:40 - 2021-12-12 01:04 - 000000000 ____D C:\Users\baile\Desktop\FRST-OlderVersion
2021-12-06 11:44 - 2021-12-11 21:16 - 000840598 _____ C:\WINDOWS\system32\PerfStringBackup.INI
2021-12-06 11:43 - 2021-12-06 11:43 - 000000000 ____D C:\ProgramData\Microsoft OneDrive
2021-12-06 11:41 - 2021-12-12 11:06 - 000000006 ____H C:\WINDOWS\Tasks\SA.DAT
2021-12-06 11:41 - 2021-12-12 09:58 - 000004164 _____ C:\WINDOWS\system32\Tasks\User_Feed_Synchronization-{B393C7FE-B95B-48A2-8819-C5B1623E23B2}
2021-12-06 11:41 - 2021-12-11 00:13 - 000003480 _____ C:\WINDOWS\system32\Tasks\MicrosoftEdgeUpdateTaskMachineUA
2021-12-06 11:41 - 2021-12-10 14:45 - 000003522 _____ C:\WINDOWS\system32\Tasks\AdobeGCInvoker-1.0
2021-12-06 11:41 - 2021-12-07 09:56 - 000000000 ____D C:\WINDOWS\system32\Tasks\Intel
2021-12-06 11:41 - 2021-12-06 11:41 - 000003348 _____ C:\WINDOWS\system32\Tasks\GoogleUpdateTaskMachineUA
2021-12-06 11:41 - 2021-12-06 11:41 - 000003184 _____ C:\WINDOWS\system32\Tasks\MicrosoftEdgeUpdateTaskMachineCore
2021-12-06 11:41 - 2021-12-06 11:41 - 000003124 _____ C:\WINDOWS\system32\Tasks\GoogleUpdateTaskMachineCore
2021-12-06 11:41 - 2021-12-06 11:41 - 000002858 _____ C:\WINDOWS\system32\Tasks\OneDrive Standalone Update Task-S-1-5-21-260720292-2504253849-2348319339-1003
2021-12-06 11:41 - 2021-12-06 11:41 - 000002858 _____ C:\WINDOWS\system32\Tasks\OneDrive Standalone Update Task-S-1-5-21-260720292-2504253849-2348319339-1001
2021-12-06 11:41 - 2021-12-06 11:41 - 000002848 _____ C:\WINDOWS\system32\Tasks\HPPSDrTelemetryWatch
2021-12-06 11:41 - 2021-12-06 11:41 - 000002814 _____ C:\WINDOWS\system32\Tasks\AdobeAAMUpdater-1.0-MicrosoftAccount-baileyl032017@outlook.com
2021-12-06 11:41 - 2021-12-06 11:41 - 000002770 _____ C:\WINDOWS\system32\Tasks\AdobeAAMUpdater-1.0-YOGA720-15IKB-bailey
2021-12-06 11:41 - 2021-12-06 11:41 - 000002768 _____ C:\WINDOWS\system32\Tasks\OneDrive Standalone Update Task v2
2021-12-06 11:41 - 2021-12-06 11:41 - 000002588 _____ C:\WINDOWS\system32\Tasks\CreateExplorerShellUnelevatedTask
2021-12-06 11:41 - 2021-12-06 11:41 - 000000020 ___SH C:\Users\baile\ntuser.ini
2021-12-06 11:41 - 2021-12-06 11:41 - 000000000 ____D C:\WINDOWS\system32\Tasks\S-1-5-21-260720292-2504253849-2348319339-1001
2021-12-06 11:40 - 2021-12-06 11:41 - 000007623 _____ C:\WINDOWS\diagwrn.xml
2021-12-06 11:40 - 2021-12-06 11:41 - 000007623 _____ C:\WINDOWS\diagerr.xml
2021-12-06 11:35 - 2021-12-06 11:35 - 000001087 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Wacom Pen.lnk
2021-12-06 11:35 - 2021-12-06 11:35 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Dolby
2021-12-06 11:35 - 2021-12-06 11:35 - 000000000 ____D C:\Program Files\Dolby
2021-12-06 11:35 - 2021-12-06 11:35 - 000000000 ____D C:\Program Files\Common Files\Dolby
2021-12-06 11:35 - 2017-09-18 05:22 - 000140312 _____ (Khronos Group) C:\WINDOWS\system32\OpenCL.DLL
2021-12-06 11:35 - 2017-09-18 05:22 - 000116760 _____ (Khronos Group) C:\WINDOWS\SysWOW64\OpenCL.DLL
2021-12-06 11:34 - 2021-12-11 23:10 - 000000000 ____D C:\WINDOWS\system32\SleepStudy
2021-12-06 11:34 - 2021-12-06 11:34 - 000442704 _____ C:\WINDOWS\system32\FNTCACHE.DAT
2021-12-06 11:19 - 2021-12-06 13:33 - 000000000 ____D C:\WINDOWS\system32\config\bbimigrate
2021-12-06 11:18 - 2021-12-06 11:41 - 000000000 ____D C:\Users\baile
2021-12-06 11:18 - 2019-12-07 03:10 - 000001105 _____ C:\Users\baile\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\OneDrive.lnk
2021-12-06 11:16 - 2021-12-06 11:19 - 000000000 ____D C:\WINDOWS\ServiceProfiles
2021-12-06 11:11 - 2021-12-06 11:11 - 000272384 _____ C:\WINDOWS\system32\TpmTool.exe
2021-12-06 11:11 - 2021-12-06 11:11 - 000223744 _____ C:\WINDOWS\SysWOW64\TpmTool.exe
2021-12-06 11:11 - 2021-12-06 11:11 - 000060928 _____ C:\WINDOWS\system32\runexehelper.exe
2021-12-06 11:11 - 2021-12-06 11:11 - 000011363 _____ C:\WINDOWS\system32\DrtmAuthTxt.wim
2021-12-06 11:05 - 2019-10-15 13:53 - 000076060 _____ C:\WINDOWS\system32\xpsrchvw.xml
2021-12-06 11:05 - 2019-04-18 18:49 - 000076060 _____ C:\WINDOWS\SysWOW64\xpsrchvw.xml
2021-12-06 11:04 - 2021-12-06 13:33 - 000000000 ____D C:\WINDOWS\IAStorAfsService
2021-12-06 11:04 - 2021-12-06 11:04 - 000000000 ____D C:\Program Files\Reference Assemblies
2021-12-06 11:04 - 2021-12-06 11:04 - 000000000 ____D C:\Program Files\MSBuild
2021-12-06 11:04 - 2021-12-06 11:04 - 000000000 ____D C:\Program Files (x86)\Reference Assemblies
2021-12-06 11:04 - 2021-12-06 11:04 - 000000000 ____D C:\Program Files (x86)\MSBuild
2021-12-06 10:59 - 2021-12-06 10:59 - 000008192 _____ C:\WINDOWS\system32\config\userdiff
2021-12-06 03:09 - 2021-12-06 11:41 - 000000000 ___DC C:\WINDOWS\Panther
2021-12-06 03:04 - 2021-12-06 03:08 - 000000000 ____D C:\ESD
2021-12-06 03:03 - 2021-12-06 03:03 - 000000000 ___HD C:\$Windows.~WS
2021-12-04 05:50 - 2021-12-04 05:50 - 008540344 _____ (Malwarebytes) C:\Users\baile\Desktop\AdwCleaner.exe
2021-12-03 03:18 - 2021-12-03 03:18 - 000048251 _____ C:\Users\baile\AppData\LocalLow\wbkF666.tmp
2021-12-03 03:17 - 2021-12-08 02:14 - 000000000 ____D C:\Users\baile\Documents\Stem Cells
2021-12-01 22:14 - 2021-12-12 01:04 - 002311168 _____ (Farbar) C:\Users\baile\Desktop\FRST64.exe
2021-12-01 22:12 - 2021-12-01 22:12 - 000064513 _____ C:\Users\baile\Desktop\frst.htm
2021-12-01 21:51 - 2021-12-01 21:55 - 002311680 _____ (Farbar) C:\Users\baile\Downloads\FRST64.exe
2021-11-30 05:32 - 2021-11-30 05:32 - 000001942 _____ C:\Users\baile\Desktop\PC Health Check.lnk
2021-11-30 05:32 - 2021-11-30 05:32 - 000001352 _____ C:\Users\baile\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\PC Health Check.lnk
2021-11-30 05:32 - 2021-11-30 05:32 - 000000000 ___RD C:\Users\baile\AppData\Local\PCHealthCheck
2021-11-30 05:31 - 2021-11-30 05:31 - 014233600 _____ C:\Users\baile\Downloads\WindowsPCHealthCheckSetup.msi
2021-11-29 17:54 - 2021-11-29 17:54 - 000000000 ____D C:\Users\baile\AppData\Local\LogiBolt
2021-11-29 17:53 - 2021-12-06 13:33 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Logitech
2021-11-29 17:53 - 2021-12-06 13:33 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Logi
2021-11-29 17:53 - 2021-11-29 17:54 - 000000000 ____D C:\ProgramData\Logishrd
2021-11-29 17:53 - 2021-11-29 17:53 - 000000000 ____D C:\Users\baile\AppData\Roaming\Logishrd
2021-11-29 17:53 - 2021-11-29 17:53 - 000000000 ____D C:\Program Files\Logitech
2021-11-29 17:53 - 2021-11-29 17:53 - 000000000 ____D C:\Program Files\Logi
2021-11-12 14:53 - 2021-11-12 14:53 - 000000000 ___HD C:\$WinREAgent

==================== One month (modified) ==================

(If an entry is included in the fixlist, the file/folder will be moved.)

2021-12-12 11:11 - 2020-08-05 03:17 - 000000000 ____D C:\FRST
2021-12-12 11:08 - 2017-12-30 22:57 - 000000000 ____D C:\Program Files (x86)\Google
2021-12-12 11:06 - 2020-06-17 16:53 - 000008192 ___SH C:\DumpStack.log.tmp
2021-12-12 11:06 - 2019-12-07 03:14 - 000000000 ____D C:\WINDOWS\ServiceState
2021-12-12 11:06 - 2019-12-07 03:14 - 000000000 ____D C:\ProgramData\regid.1991-06.com.microsoft
2021-12-12 11:06 - 2019-12-07 03:03 - 001048576 _____ C:\WINDOWS\system32\config\BBI
2021-12-12 11:05 - 2020-06-18 10:02 - 000000000 ____D C:\WINDOWS\Lenovo
2021-12-12 11:05 - 2017-11-09 18:26 - 000000000 ____D C:\ProgramData\Lenovo
2021-12-12 10:48 - 2017-12-20 15:47 - 000000000 ____D C:\Users\baile\Documents\Outlook Files
2021-12-12 09:58 - 2017-12-20 00:53 - 000000000 ____D C:\Users\baile\AppData\Local\Adobe
2021-12-12 09:56 - 2020-06-26 02:38 - 000002445 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Edge.lnk
2021-12-12 09:56 - 2020-06-26 02:38 - 000002283 _____ C:\Users\Public\Desktop\Microsoft Edge.lnk
2021-12-12 09:56 - 2019-12-07 03:14 - 000000000 ___HD C:\Program Files\WindowsApps
2021-12-12 09:56 - 2019-12-07 03:14 - 000000000 ____D C:\WINDOWS\AppReadiness
2021-12-11 21:16 - 2019-12-07 03:13 - 000000000 ____D C:\WINDOWS\INF
2021-12-11 21:14 - 2019-10-01 20:08 - 000000000 ___HD C:\Users\Public\Documents\AdobeGCData
2021-12-11 00:13 - 2021-01-23 13:37 - 000000000 ____D C:\Program Files\Microsoft Update Health Tools
2021-12-10 19:34 - 2019-12-07 03:03 - 000000000 ____D C:\WINDOWS\CbsTemp
2021-12-10 01:31 - 2018-02-12 23:29 - 000000000 ____D C:\Users\baile\Documents\Recipies
2021-12-08 21:04 - 2020-07-13 22:29 - 000002267 _____ C:\Users\Public\Desktop\Google Chrome.lnk
2021-12-08 21:04 - 2017-12-30 22:58 - 000002308 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk
2021-12-08 04:08 - 2019-12-07 03:14 - 000000000 ____D C:\WINDOWS\appcompat
2021-12-07 09:59 - 2019-12-07 03:14 - 000000000 ____D C:\WINDOWS\system32\NDF
2021-12-06 14:04 - 2017-12-19 21:12 - 000000000 ____D C:\Users\baile\AppData\Local\Packages
2021-12-06 13:52 - 2019-06-21 12:20 - 000000000 ____D C:\Users\baile\Documents\Social Security
2021-12-06 13:33 - 2021-04-26 13:56 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\iTunes
2021-12-06 13:33 - 2020-11-26 14:07 - 000000000 ____D C:\Users\baile\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Zoom
2021-12-06 13:33 - 2020-11-24 15:24 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Steam
2021-12-06 13:33 - 2020-08-01 00:51 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Fitbit Connect
2021-12-06 13:33 - 2020-07-05 21:02 - 000000000 ____D C:\Users\baile\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\GitHub, Inc
2021-12-06 13:33 - 2020-03-28 21:56 - 000000000 ____D C:\Users\baile\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps
2021-12-06 13:33 - 2019-12-07 03:14 - 000028672 _____ C:\WINDOWS\system32\config\BCD-Template
2021-12-06 13:33 - 2019-12-07 03:14 - 000000000 __RHD C:\Users\Public\Libraries
2021-12-06 13:33 - 2019-12-07 03:14 - 000000000 ____D C:\WINDOWS\SysWOW64\Macromed
2021-12-06 13:33 - 2019-12-07 03:14 - 000000000 ____D C:\WINDOWS\system32\WinBioDatabase
2021-12-06 13:33 - 2019-12-07 03:14 - 000000000 ____D C:\WINDOWS\system32\Tasks_Migrated
2021-12-06 13:33 - 2019-12-07 03:14 - 000000000 ____D C:\WINDOWS\system32\spool
2021-12-06 13:33 - 2019-12-07 03:14 - 000000000 ____D C:\WINDOWS\system32\Macromed
2021-12-06 13:33 - 2019-12-07 03:14 - 000000000 ____D C:\WINDOWS\LiveKernelReports
2021-12-06 13:33 - 2019-12-07 03:14 - 000000000 ____D C:\Program Files\Common Files\microsoft shared
2021-12-06 13:33 - 2019-06-18 10:29 - 000000000 ____D C:\Program Files\UNP
2021-12-06 13:33 - 2018-12-29 22:02 - 000000000 ____D C:\Users\baile\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Steam
2021-12-06 13:33 - 2018-11-28 18:21 - 000000000 ____D C:\Users\baile\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Grammarly
2021-12-06 13:33 - 2018-09-15 01:33 - 000000000 ____D C:\WINDOWS\system32\MsDtc
2021-12-06 13:33 - 2018-05-18 20:26 - 000000000 ___RD C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Wacom Tablet
2021-12-06 13:33 - 2018-04-12 03:19 - 000000000 ____D C:\WINDOWS\SysWOW64\gd-GB
2021-12-06 13:33 - 2018-01-13 00:06 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\OverDrive for Windows
2021-12-06 13:33 - 2017-12-20 16:49 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Office 2013
2021-12-06 13:33 - 2017-12-20 01:08 - 000000000 ____D C:\ProgramData\regid.1986-12.com.adobe
2021-12-06 13:33 - 2017-11-09 18:43 - 000000000 ____D C:\Program Files\Tablet
2021-12-06 13:33 - 2017-11-09 18:41 - 000000000 ____D C:\Program Files\Intel
2021-12-06 12:39 - 2017-12-20 00:25 - 000000000 ____D C:\Users\baile\AppData\Local\PlaceholderTileLogoFolder
2021-12-06 11:57 - 2019-12-07 03:14 - 000000000 ___RD C:\WINDOWS\PrintDialog
2021-12-06 11:41 - 2019-12-07 03:14 - 000000000 ___RD C:\WINDOWS\ImmersiveControlPanel
2021-12-06 11:41 - 2019-12-07 03:14 - 000000000 ____D C:\WINDOWS\system32\oobe
2021-12-06 11:41 - 2019-12-07 03:14 - 000000000 ____D C:\Program Files\Windows Defender
2021-12-06 11:41 - 2019-12-07 03:03 - 000032768 _____ C:\WINDOWS\system32\config\ELAM
2021-12-06 11:41 - 2017-12-19 21:41 - 000000000 ___RD C:\Users\baile\3D Objects
2021-12-06 11:41 - 2017-03-23 11:27 - 000000000 __RHD C:\Users\Public\AccountPictures
2021-12-06 11:38 - 2019-12-07 03:14 - 000000000 __RSD C:\WINDOWS\Media
2021-12-06 11:38 - 2019-12-07 03:14 - 000000000 ____D C:\WINDOWS\Registration
2021-12-06 11:38 - 2017-12-19 21:14 - 000027280 _____ C:\WINDOWS\system32\emptyregdb.dat
2021-12-06 11:35 - 2019-12-07 03:14 - 000000000 ____D C:\WINDOWS\system32\WinBioPlugIns
2021-12-06 11:35 - 2017-11-09 18:43 - 000312687 _____ C:\WINDOWS\system32\Drivers\rtkhdasetting.zip
2021-12-06 11:35 - 2017-11-09 18:43 - 000000000 ____D C:\WINDOWS\system32\DAX3
2021-12-06 11:35 - 2017-11-09 18:43 - 000000000 ____D C:\WINDOWS\system32\DAX2
2021-12-06 11:35 - 2017-11-09 18:42 - 000000000 ____D C:\WINDOWS\SysWOW64\RTCOM
2021-12-06 11:33 - 2019-12-07 03:18 - 000000000 ____D C:\WINDOWS\Setup
2021-12-06 11:30 - 2019-12-07 03:14 - 000000000 ____D C:\ProgramData\USOPrivate
2021-12-06 11:19 - 2020-01-12 00:04 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\WD Discovery
2021-12-06 11:19 - 2019-12-07 03:14 - 000000000 ____D C:\WINDOWS\Resources
2021-12-06 11:19 - 2017-11-09 18:43 - 000000000 ____D C:\WINDOWS\system32\Intel
2021-12-06 11:19 - 2017-11-09 18:42 - 000000000 ____D C:\Program Files\Realtek
2021-12-06 11:14 - 2019-12-07 03:14 - 000000000 ___SD C:\WINDOWS\system32\DiagSvcs
2021-12-06 11:14 - 2019-12-07 03:14 - 000000000 ____D C:\WINDOWS\SysWOW64\setup
2021-12-06 11:14 - 2019-12-07 03:14 - 000000000 ____D C:\WINDOWS\SysWOW64\lv-LV
2021-12-06 11:14 - 2019-12-07 03:14 - 000000000 ____D C:\WINDOWS\SysWOW64\lt-LT
2021-12-06 11:14 - 2019-12-07 03:14 - 000000000 ____D C:\WINDOWS\SysWOW64\et-EE
2021-12-06 11:14 - 2019-12-07 03:14 - 000000000 ____D C:\WINDOWS\SysWOW64\es-MX
2021-12-06 11:14 - 2019-12-07 03:14 - 000000000 ____D C:\WINDOWS\SysWOW64\Dism
2021-12-06 11:14 - 2019-12-07 03:14 - 000000000 ____D C:\WINDOWS\SystemResources
2021-12-06 11:14 - 2019-12-07 03:14 - 000000000 ____D C:\WINDOWS\system32\setup
2021-12-06 11:14 - 2019-12-07 03:14 - 000000000 ____D C:\WINDOWS\system32\lv-LV
2021-12-06 11:14 - 2019-12-07 03:14 - 000000000 ____D C:\WINDOWS\system32\lt-LT
2021-12-06 11:14 - 2019-12-07 03:14 - 000000000 ____D C:\WINDOWS\system32\et-EE
2021-12-06 11:14 - 2019-12-07 03:14 - 000000000 ____D C:\WINDOWS\system32\es-MX
2021-12-06 11:14 - 2019-12-07 03:14 - 000000000 ____D C:\WINDOWS\system32\Dism
2021-12-06 11:14 - 2019-12-07 03:14 - 000000000 ____D C:\WINDOWS\ShellExperiences
2021-12-06 11:14 - 2019-12-07 03:14 - 000000000 ____D C:\WINDOWS\bcastdvr
2021-12-06 11:14 - 2019-12-07 03:03 - 000000000 ____D C:\WINDOWS\servicing
2021-12-04 18:50 - 2018-04-09 19:37 - 000000000 ____D C:\Users\baile\Documents\Purchases off Internet
2021-12-04 18:49 - 2019-03-11 01:04 - 000000000 ____D C:\Users\baile\Documents\Kitchen
2021-12-04 18:47 - 2018-04-29 19:25 - 000000000 ____D C:\Users\baile\Documents\Mom and Dad
2021-12-04 18:45 - 2018-10-16 22:39 - 000000000 ____D C:\Users\baile\Documents\Ricki Lowe
2021-12-04 18:43 - 2018-08-10 22:37 - 000000000 ____D C:\Users\baile\Documents\Politics
2021-12-04 18:42 - 2018-01-30 22:07 - 000000000 ____D C:\Users\baile\Documents\Insurance
2021-12-04 18:41 - 2018-10-20 15:40 - 000000000 ____D C:\Users\baile\Documents\Margie
2021-12-04 18:40 - 2018-03-31 18:25 - 000000000 ____D C:\Users\baile\Documents\Margie Birthday
2021-12-04 18:37 - 2019-10-15 21:06 - 000000000 ____D C:\Users\baile\Documents\Medicare
2021-12-04 18:36 - 2021-06-02 20:30 - 000000000 ____D C:\Users\baile\Documents\Fax
2021-12-04 18:34 - 2018-01-05 00:16 - 000000000 ____D C:\Users\baile\Documents\Crafts
2021-12-04 18:33 - 2018-01-05 00:16 - 000000000 ____D C:\Users\baile\Documents\Computer
2021-12-04 18:30 - 2018-01-07 19:34 - 000000000 ____D C:\Users\baile\Documents\Camping
2021-12-04 18:27 - 2018-01-05 00:16 - 000000000 ____D C:\Users\baile\Documents\Cabin Oct 2017
2021-12-04 18:24 - 2018-01-13 01:01 - 000000000 ____D C:\Users\baile\Documents\Boat
2021-12-04 18:23 - 2021-01-17 14:59 - 000000000 ____D C:\Users\baile\Documents\Barrett Cook Book
2021-12-04 18:23 - 2018-02-12 18:35 - 000000000 ____D C:\Users\baile\Documents\Bank of America
2021-12-04 18:22 - 2018-04-24 19:10 - 000000000 ____D C:\Users\baile\Documents\Amazon
2021-12-04 18:13 - 2020-12-04 00:11 - 000000000 ____D C:\ProgramData\Luminar 4
2021-12-04 05:34 - 2020-08-12 21:25 - 000000000 ____D C:\Users\baile\AppData\LocalLow\Temp
2021-12-02 01:34 - 2018-05-05 14:45 - 000000000 ____D C:\Users\baile\Documents\Pam
2021-12-01 21:58 - 2020-08-05 03:18 - 000039246 _____ C:\Users\baile\Downloads\Addition.txt
2021-12-01 21:58 - 2020-08-05 03:17 - 000042236 _____ C:\Users\baile\Downloads\FRST.txt
2021-11-28 20:30 - 2020-01-16 21:03 - 000000000 ____D C:\Users\baile\Documents\2020 Calif Trip
2021-11-28 20:30 - 2018-01-05 00:16 - 000000000 ____D C:\Users\baile\Documents\2 Pam Health Savings Account
2021-11-26 23:41 - 2018-04-10 00:41 - 000000000 ____D C:\Users\baile\Documents\Battle Pirates
2021-11-26 23:01 - 2018-06-21 03:36 - 000000000 ____D C:\Users\baile\AppData\Local\CrashDumps
2021-11-26 22:39 - 2020-12-20 18:18 - 000000000 ____D C:\Users\baile\Documents\Christmas
2021-11-25 21:02 - 2018-01-05 00:17 - 000000000 ____D C:\Users\baile\Documents\Verizon
2021-11-19 13:49 - 2018-06-17 15:34 - 000000000 ____D C:\ProgramData\Packages
2021-11-19 03:34 - 2017-12-20 16:49 - 000000000 ____D C:\Program Files\Microsoft Office 15
2021-11-17 16:36 - 2018-05-27 12:01 - 000000000 ____D C:\Users\baile\Documents\DNR Licenses

==================== Files in the root of some directories ========

2018-09-25 22:03 - 2018-09-25 22:03 - 000000000 _____ () C:\Users\baile\AppData\Local\oobelibMkey.log
2019-08-09 16:03 - 2019-08-09 16:03 - 000000017 _____ () C:\Users\baile\AppData\Local\resmon.resmoncfg

==================== SigCheck ============================

(There is no automatic fix for files that do not pass verification.)

==================== End of FRST.txt ========================
 
Discussion starter · #54 ·
Additional scan result of Farbar Recovery Scan Tool (x64) Version: 11-12-2021
Ran by bailey (12-12-2021 11:12:32)
Running from C:\Users\baile\Desktop
Microsoft Windows 10 Home Version 21H2 19044.1348 (X64) (2021-12-06 17:41:42)
Boot Mode: Normal
==========================================================

==================== Accounts: =============================

(If an entry is included in the fixlist, it will be removed.)

Administrator (S-1-5-21-260720292-2504253849-2348319339-500 - Administrator - Disabled)
Baile (S-1-5-21-260720292-2504253849-2348319339-1002 - Limited - Disabled)
bailey (S-1-5-21-260720292-2504253849-2348319339-1001 - Administrator - Enabled) => C:\Users\baile
DefaultAccount (S-1-5-21-260720292-2504253849-2348319339-503 - Limited - Disabled)
Guest (S-1-5-21-260720292-2504253849-2348319339-501 - Limited - Disabled)
supportaccount (S-1-5-21-260720292-2504253849-2348319339-1003 - Administrator - Enabled)
WDAGUtilityAccount (S-1-5-21-260720292-2504253849-2348319339-504 - Limited - Disabled)

==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AV: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AV: Malwarebytes (Enabled - Up to date) {23007AD3-69FE-687C-2629-D584AFFAF72B}
AS: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

==================== Installed Programs ======================

(Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

Adobe Genuine Service (HKLM-x32\...\AdobeGenuineService) (Version: 7.6.0.52 - Adobe Inc.)
Amazon Games (HKU\S-1-5-21-260720292-2504253849-2348319339-1001\...\{4DD10B06-78A4-4E6F-AA39-25E9C38FA568}) (Version: 2.1.5699.1 - Amazon.com Services, Inc.)
Amazon Photos (HKU\S-1-5-21-260720292-2504253849-2348319339-1001\...\Amazon Photos) (Version: 6.5.0 - Amazon.com, Inc.)
Apple Application Support (32-bit) (HKLM-x32\...\{C3A282C9-4C8B-4A63-B449-3A064FB378D7}) (Version: 8.2 - Apple Inc.)
Apple Application Support (64-bit) (HKLM\...\{CC046FB9-E84E-4092-B924-DBE33DA2BE75}) (Version: 8.2 - Apple Inc.)
Apple Mobile Device Support (HKLM\...\{74CC99EB-7DC0-4CB0-847A-F8C2FE39690C}) (Version: 14.5.0.7 - Apple Inc.)
Apple Software Update (HKLM-x32\...\{A3985C05-7386-411F-A4BF-32A73F37EB44}) (Version: 2.6.3.1 - Apple Inc.)
Bonjour (HKLM\...\{56DDDFB8-7F79-4480-89D5-25E1F52AB28F}) (Version: 3.1.0.1 - Apple Inc.)
Cortona3D Viewer (HKLM\...\{71C24FD8-9FA4-4727-B1CB-E22B1E6D8403}) (Version: 8.6.212 - ParallelGraphics)
Dolby Atmos Windows API SDK (HKLM\...\{1F4A261B-588C-4A43-B1F0-49365AC430C7}) (Version: 1.1.3.23 - Dolby Laboratories, Inc.)
Dolby Atmos Windows APP (HKLM\...\{3CCE82BF-69CF-4172-8AFE-1DACB991A62B}) (Version: 1.1.3.21 - Dolby Laboratories, Inc.)
Epic Games Launcher Prerequisites (x64) (HKLM\...\{F9C5C994-F6B9-4D75-B3E7-AD01B84073E9}) (Version: 1.0.0.0 - Epic Games, Inc.) Hidden
ExpressVPN (HKLM-x32\...\{57e033a5-c75e-4823-83af-c1b6b3b759ab}) (Version: 10.0.9.2 - ExpressVPN)
ExpressVPN (HKLM-x32\...\{E5B9C3E5-889C-4F22-A959-F4B876CD0833}) (Version: 10.0.9.2 - ExpressVPN) Hidden
Fitbit Connect (HKLM-x32\...\{F76678F2-2FF6-40D7-9B16-A39B0A820ED2}) (Version: 1.0.3.5512 - Fitbit Inc.)
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 96.0.4664.93 - Google LLC)
Grammarly (HKU\S-1-5-21-260720292-2504253849-2348319339-1001\...\GrammarlyForWindows) (Version: 1.5.45 - Grammarly)
Grammarly for Microsoft® Office Suite (HKLM\...\{DE46CC28-5477-4CFB-9AE2-8C7C111E3EE7}) (Version: 6.8.261 - Grammarly) Hidden
Grammarly for Microsoft® Office Suite (HKU\S-1-5-21-260720292-2504253849-2348319339-1001\...\{ee962c45-b827-4262-a720-3a939910ce37}) (Version: 6.8.261 - Grammarly)
I.R.I.S. OCR (HKLM-x32\...\{CA6BCA2F-EDEB-408F-850B-31404BE16A61}) (Version: 12.3.4.0 - HP)
iCloud Outlook (HKLM\...\{969F33A2-7E0F-43FC-8896-6EF0C028CA12}) (Version: 10.9.0.9 - Apple Inc.)
Intel(R) Chipset Device Software (HKLM-x32\...\{bb0592a7-5772-4736-9d55-2402740085db}) (Version: 10.1.1.38 - Intel(R) Corporation) Hidden
Intel(R) Management Engine Components (HKLM\...\{1CEAC85D-2590-4760-800F-8DE5E91F3700}) (Version: 11.6.0.1039 - Intel Corporation)
Intel(R) Processor Graphics (HKLM-x32\...\{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}) (Version: 21.20.16.4627 - Intel Corporation) Hidden
iTunes (HKLM\...\{653C59E1-B78D-4D82-9259-C14DFD9F6EFC}) (Version: 12.11.3.17 - Apple Inc.)
Launcher Prerequisites (x64) (HKLM-x32\...\{43a03b9c-4770-409c-a999-587b60700b63}) (Version: 1.0.0.0 - Epic Games, Inc.) Hidden
Launcher Prerequisites (x64) (HKLM-x32\...\{c6c5a357-c7ca-4a5f-9789-3bb1af579253}) (Version: 1.0.0.0 - Epic Games, Inc.) Hidden
Logi Bolt (HKLM\...\LogiBolt) (Version: 1.01.415.0 - Logi)
Logitech Options (HKLM\...\LogiOptions) (Version: 9.40.86 - Logitech)
Malwarebytes version 4.4.10.144 (HKLM\...\{35065F43-4BB2-439A-BFF7-0F1014F2E0CD}_is1) (Version: 4.4.10.144 - Malwarebytes)
Microsoft Edge (HKLM-x32\...\Microsoft Edge) (Version: 96.0.1054.53 - Microsoft Corporation)
Microsoft Office Professional 2013 - en-us (HKLM\...\ProfessionalRetail - en-us) (Version: 15.0.5397.1002 - Microsoft Corporation)
Microsoft OneDrive (HKU\S-1-5-21-260720292-2504253849-2348319339-1001\...\OneDriveSetup.exe) (Version: 21.220.1024.0005 - Microsoft Corporation)
Microsoft Update Health Tools (HKLM\...\{E876418F-BE59-4D8C-B9A5-74B056B676FA}) (Version: 2.93.0.0 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{7299052b-02a4-4627-81f2-1818da5d550d}) (Version: 8.0.56336 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{071c9b48-7c32-4621-a0ac-3f809523288f}) (Version: 8.0.56336 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.61030 (HKLM-x32\...\{ca67548a-5ebe-413a-b50c-4b9ceb6d66c6}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.61030 (HKLM-x32\...\{33d1fd90-4274-48a1-9bc1-97e33d9c2d6f}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x64) - 12.0.30501 (HKLM-x32\...\{050d4fc8-5d48-4b8f-8972-47c82c46020f}) (Version: 12.0.30501.0 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x64) - 12.0.40660 (HKLM-x32\...\{ef6b00ec-13e1-4c25-9064-b2f383cb8412}) (Version: 12.0.40660.0 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.30501 (HKLM-x32\...\{f65db027-aff3-4070-886a-0d87064aabb1}) (Version: 12.0.30501.0 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.40660 (HKLM-x32\...\{61087a79-ac85-455c-934d-1fa22cc64f36}) (Version: 12.0.40660.0 - Microsoft Corporation)
Microsoft Visual C++ 2015-2019 Redistributable (x64) - 14.23.27820 (HKLM-x32\...\{852adda4-4c78-4a38-b583-c0b360a329d6}) (Version: 14.23.27820.0 - Microsoft Corporation)
Microsoft Visual C++ 2017 Redistributable (x86) - 14.15.26706 (HKLM-x32\...\{7e9fae12-5bbf-47fb-b944-09c49e75c061}) (Version: 14.15.26706.0 - Microsoft Corporation)
Office 15 Click-to-Run Extensibility Component (HKLM-x32\...\{90150000-008C-0000-0000-0000000FF1CE}) (Version: 15.0.5397.1002 - Microsoft Corporation) Hidden
Office 15 Click-to-Run Licensing Component (HKLM\...\{90150000-008F-0000-1000-0000000FF1CE}) (Version: 15.0.5397.1002 - Microsoft Corporation) Hidden
Office 15 Click-to-Run Localization Component (HKLM-x32\...\{90150000-008C-0409-0000-0000000FF1CE}) (Version: 15.0.5397.1002 - Microsoft Corporation) Hidden
OverDrive for Windows (HKLM-x32\...\{FF27E73D-C30A-4F32-B2D7-22069F01DDB9}) (Version: 3.6.0 - OverDrive, Inc.)
Polarr (HKU\S-1-5-21-260720292-2504253849-2348319339-1001\...\Polarr) (Version: 1.0.0 - Polarr, Inc.)
Skype Meetings App (HKLM-x32\...\{BC1D9E47-8927-4AA1-A891-7763BC2475B7}) (Version: 16.2.0.511 - Microsoft Corporation)
Steam (HKLM-x32\...\Steam) (Version: 2.10.91.91 - Valve Corporation)
Update for Windows 10 for x64-based Systems (KB4023057) (HKLM\...\{16AD6161-2E47-4BF1-AA77-0946EFE93E08}) (Version: 2.61.0.0 - Microsoft Corporation)
Vulkan Run Time Libraries 1.0.33.0 (HKLM\...\VulkanRT1.0.33.0) (Version: 1.0.33.0 - LunarG, Inc.)
Vulkan Run Time Libraries 1.0.42.0 (HKLM\...\VulkanRT1.0.42.0) (Version: 1.0.42.0 - LunarG, Inc.) Hidden
Vulkan Run Time Libraries 1.0.42.0 (HKLM\...\VulkanRT1.0.42.0-2) (Version: 1.0.42.0 - LunarG, Inc.) Hidden
Vulkan Run Time Libraries 1.0.42.0 (HKLM\...\VulkanRT1.0.42.0-3) (Version: 1.0.42.0 - LunarG, Inc.) Hidden
Vulkan Run Time Libraries 1.0.42.0 (HKLM\...\VulkanRT1.0.42.0-4) (Version: 1.0.42.0 - LunarG, Inc.) Hidden
Vulkan Run Time Libraries 1.0.42.0 (HKLM\...\VulkanRT1.0.42.0-5) (Version: 1.0.42.0 - LunarG, Inc.) Hidden
Vulkan Run Time Libraries 1.0.42.0 (HKLM\...\VulkanRT1.0.42.0-6) (Version: 1.0.42.0 - LunarG, Inc.)
Wacom Pen (HKLM\...\ISD Tablet Driver) (Version: 7.3.4-38 - Wacom Technology Corp.)
Wacom Tablet (HKLM\...\Wacom Tablet Driver) (Version: 6.3.29-6 - Wacom Technology Corp.)
WD Backup (HKLM-x32\...\{09C422A7-0421-40A5-933A-9177BEDF9B3B}) (Version: 1.9.6598.18388 - Western Digital Technologies, Inc) Hidden
WD Backup (HKLM-x32\...\{61ccf853-a113-4862-9d4a-6dd2b869c9db}) (Version: 1.9.6598.18388 - Western Digital Technologies, Inc.)
Windows 10 Update Assistant (HKLM-x32\...\{D5C69738-B486-402E-85AC-2456D98A64E4}) (Version: 1.4.9200.22589 - Microsoft Corporation)
Windows PC Health Check (HKLM\...\{014B7442-C784-45D3-A152-F7D2C651F28A}) (Version: 3.3.2110.22002 - Microsoft Corporation)
Windows PC Health Check (HKLM\...\{B1E7D0FD-7CFE-4E0C-A5DA-0F676499DB91}) (Version: 3.2.2110.14001 - Microsoft Corporation)
Zoom (HKU\S-1-5-21-260720292-2504253849-2348319339-1001\...\ZoomUMX) (Version: 5.4.3 (58891.1115) - Zoom Video Communications, Inc.)

Packages:
=========
Autodesk SketchBook -> C:\Program Files\WindowsApps\89006A2E.AutodeskSketchBook_5.1.0.0_x64__tf1gferkr813w [2020-09-27] (Autodesk Inc.)
Bamboo Paper -> C:\Program Files\WindowsApps\D91E29CF.BambooPaper_2.0.23.0_x64__38kynpdw5g1aw [2021-11-18] (Wacom Europe GmbH)
Facebook -> C:\Program Files\WindowsApps\FACEBOOK.FACEBOOK_2021.927.1.0_neutral__8xx8rvfyw5nnt [2021-12-06] (Facebook Inc)
Fitbit -> C:\Program Files\WindowsApps\Fitbit.Fitbit_2.44.1997.0_x64__6mqt6hf9g46tw [2020-09-27] (Fitbit)
HP Smart -> C:\Program Files\WindowsApps\AD2F1837.HPPrinterControl_132.5.268.0_x64__v10z8vjag6ke6 [2021-12-10] (HP Inc.)
iCloud -> C:\Program Files\WindowsApps\AppleInc.iCloud_13.0.201.0_x86__nzyj5cx40ttqa [2021-12-07] (Apple Inc.) [Startup Task]
Instagram -> C:\Program Files\WindowsApps\Facebook.InstagramBeta_42.0.19.0_neutral__8xx8rvfyw5nnt [2021-11-04] (Instagram)
Journalist -> C:\Program Files\WindowsApps\49752MichaelS.Scherotter.Journalist_1.1.631.0_x64__9eg5g21zq32qm [2021-07-27] (Michael S. Scherotter)
LastPass: Free Password Manager -> C:\Program Files\WindowsApps\LastPass.LastPassFreePasswordManager_4.69.0.0_neutral__qq0fmhteeht3j [2021-12-06] (LastPass)
Libby, by OverDrive -> C:\Program Files\WindowsApps\2FA138F6.LibbybyOverDrive_1.4.2.0_x64__daecb9042jmvt [2020-09-27] (OverDrive Inc.)
Messenger -> C:\Program Files\WindowsApps\FACEBOOK.317180B0BB486_1320.12.119.0_x64__8xx8rvfyw5nnt [2021-12-11] (Facebook Inc) [Startup Task]
Microsoft Advertising SDK for XAML -> C:\Program Files\WindowsApps\Microsoft.Advertising.Xaml_10.1811.1.0_x64__8wekyb3d8bbwe [2021-12-06] (Microsoft Corporation) [MS Ad]
Microsoft Advertising SDK for XAML -> C:\Program Files\WindowsApps\Microsoft.Advertising.Xaml_10.1811.1.0_x86__8wekyb3d8bbwe [2021-12-06] (Microsoft Corporation) [MS Ad]
Microsoft Solitaire Collection -> C:\Program Files\WindowsApps\Microsoft.MicrosoftSolitaireCollection_4.11.12030.0_x64__8wekyb3d8bbwe [2021-12-10] (Microsoft Studios) [MS Ad]
Microsoft Whiteboard -> C:\Program Files\WindowsApps\Microsoft.Whiteboard_51.10913.5796.0_x64__8wekyb3d8bbwe [2021-12-01] (Microsoft Corporation)
Netflix -> C:\Program Files\WindowsApps\4DF9E0F8.Netflix_6.97.752.0_x64__mcm4njqhnhss8 [2021-04-15] (Netflix, Inc.)
OverDrive - Library eBooks & Audiobooks -> C:\Program Files\WindowsApps\2FA138F6.OverDriveMediaConsole_3.8.0.5_neutral__daecb9042jmvt [2020-09-27] (OverDrive Inc.)
Pandora -> C:\Program Files\WindowsApps\PandoraMediaInc.29680B314EFC2_15.0.3.0_x64__n619g4d5j0fnw [2020-09-27] (Pandora Media Inc) [Startup Task]
Photos Add-on -> C:\Program Files\WindowsApps\Microsoft.Windows.Photos.DLC.Main_2021.39122.10110.0_x64__8wekyb3d8bbwe [2021-04-15] (Microsoft Corporation)
Photos Media Engine Add-on -> C:\Program Files\WindowsApps\Microsoft.Photos.MediaEngineDLC_1.0.0.0_x64__8wekyb3d8bbwe [2020-09-27] (Microsoft Corporation)
Spotify Music -> C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.174.631.0_x86__zpdnekdrzrea0 [2021-12-11] (Spotify AB) [Startup Task]

==================== Custom CLSID (Whitelisted): ==============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

CustomCLSID: HKU\S-1-5-21-260720292-2504253849-2348319339-1001_Classes\CLSID\{2AD206F1-152C-4F9D-A24E-6F93FE7A4AFC}\InprocServer32 -> C:\Users\baile\AppData\Local\Grammarly\Grammarly for Microsoft Office Suite\6.8.261\D457D793AD\GrammarlyShim64.dll (Grammarly, Inc. -> CompanyName)
CustomCLSID: HKU\S-1-5-21-260720292-2504253849-2348319339-1001_Classes\CLSID\{3E3AD4BD-346A-460A-80E8-90699B75C00B}\InprocServer32 -> C:\Users\baile\AppData\Local\Microsoft\SkypeForBusinessPlugin\16.2.0.511\GatewayActiveX-x64.dll (Microsoft Corporation -> Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-260720292-2504253849-2348319339-1001_Classes\CLSID\{4BE56754-B616-4998-B825-D16983AEE1B2}\InprocServer32 -> C:\Users\baile\AppData\Local\Grammarly\Grammarly for Microsoft Office Suite\6.8.261\D457D793AD\Grammarly.AddIn.Connect.ActiveX.dll (Grammarly, Inc. -> Grammarly)
ContextMenuHandlers3: [MBAMShlExt] -> {57CE581A-0CB6-4266-9CA0-19364C90A0B3} => C:\Program Files\Malwarebytes\Anti-Malware\mbshlext.dll [2020-08-03] (Malwarebytes Corporation -> Malwarebytes)
ContextMenuHandlers5: [igfxDTCM] -> {9B5F5829-A529-4B12-814A-E81BCB8D93FC} => C:\WINDOWS\System32\DriverStore\FileRepository\igdlh64.inf_amd64_3d757484a892eacf\igfxDTCM.dll [2017-09-18] (Microsoft Windows Hardware Compatibility Publisher -> Intel Corporation)
ContextMenuHandlers6: [MBAMShlExt] -> {57CE581A-0CB6-4266-9CA0-19364C90A0B3} => C:\Program Files\Malwarebytes\Anti-Malware\mbshlext.dll [2020-08-03] (Malwarebytes Corporation -> Malwarebytes)

==================== Codecs (Whitelisted) ====================

==================== Shortcuts & WMI ========================

(The entries could be listed to be restored or removed.)

ShortcutWithArgument: C:\Users\baile\Desktop\Hulu.lnk -> C:\Program Files (x86)\Google\Chrome\Application\chrome_proxy.exe (Google LLC) -> --profile-directory=Default --app-id=epffkfffophpagfbbklffindaiconkmc
ShortcutWithArgument: C:\Users\baile\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Hulu.lnk -> C:\Program Files (x86)\Google\Chrome\Application\chrome_proxy.exe (Google LLC) -> --profile-directory=Default --app-id=epffkfffophpagfbbklffindaiconkmc

==================== Loaded Modules (Whitelisted) =============

==================== Alternate Data Streams (Whitelisted) ========

==================== Safe Mode (Whitelisted) ==================

==================== Association (Whitelisted) =================

==================== Internet Explorer (Whitelisted) ==========

HKU\S-1-5-21-260720292-2504253849-2348319339-1001\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://lenovo17win10.msn.com/?pc=LCTE
HKU\S-1-5-21-260720292-2504253849-2348319339-1001\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://lenovo17win10.msn.com/?pc=LCTE
HKU\S-1-5-21-260720292-2504253849-2348319339-1001\Software\Microsoft\Internet Explorer\Main,Secondary Start Pages = hxxp://mystart.lenovo.com/
BHO: Skype for Business Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX64\Microsoft Office\Office15\OCHelper.dll [2021-03-17] (Microsoft Corporation -> Microsoft Corporation)
BHO: Microsoft SkyDrive Pro Browser Helper -> {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} -> C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX64\Microsoft Office\Office15\GROOVEEX.DLL [2021-10-19] (Microsoft Corporation -> Microsoft Corporation)
Handler-x32: osf - {D924BDC6-C83A-4BD5-90D0-095128A113D1} - C:\Program Files\Microsoft Office 15\root\Office15\MSOSB.DLL [2017-12-20] (Microsoft Corporation -> Microsoft Corporation)

==================== Hosts content: =========================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2017-03-18 15:03 - 2019-07-11 01:06 - 000000830 _____ C:\WINDOWS\system32\drivers\etc\hosts

2018-08-20 13:44 - 2021-04-03 23:13 - 000000443 _____ C:\WINDOWS\system32\drivers\etc\hosts.ics

==================== Other Areas ===========================

(Currently there is no automatic fix for this section.)

HKU\S-1-5-21-260720292-2504253849-2348319339-1001\Control Panel\Desktop\\Wallpaper -> C:\Users\baile\Pictures\Saved Pictures\1 My Kids and Family\Brady and Ricki\2_devils lake j (8).jpg
DNS Servers: 192.168.1.1
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1)
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer => (SmartScreenEnabled: )
Windows Firewall is enabled.

==================== MSCONFIG/TASK MANAGER disabled items ==

(If an entry is included in the fixlist, it will be removed.)

MSCONFIG\Services: EasyAntiCheat => 3
MSCONFIG\Services: WTabletServiceISD => 2
MSCONFIG\Services: WTabletServicePro => 2
HKLM\...\StartupApproved\Run: => "Logitech Download Assistant"
HKLM\...\StartupApproved\Run: => "iTunesHelper"
HKLM\...\StartupApproved\Run32: => "Adobe Creative Cloud"
HKLM\...\StartupApproved\Run32: => "Fitbit Connect"
HKLM\...\StartupApproved\Run32: => "Polarr"
HKU\S-1-5-21-260720292-2504253849-2348319339-1001\...\StartupApproved\StartupFolder: => "Facebook Gameroom.lnk"
HKU\S-1-5-21-260720292-2504253849-2348319339-1001\...\StartupApproved\Run: => "OneDrive"
HKU\S-1-5-21-260720292-2504253849-2348319339-1001\...\StartupApproved\Run: => "iCloudServices"
HKU\S-1-5-21-260720292-2504253849-2348319339-1001\...\StartupApproved\Run: => "iCloudDrive"
HKU\S-1-5-21-260720292-2504253849-2348319339-1001\...\StartupApproved\Run: => "Fitbit Connect"
HKU\S-1-5-21-260720292-2504253849-2348319339-1001\...\StartupApproved\Run: => "Steam"
HKU\S-1-5-21-260720292-2504253849-2348319339-1001\...\StartupApproved\Run: => "EpicGamesLauncher"

==================== FirewallRules (Whitelisted) ================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

FirewallRules: [{57382B5D-78B2-4D71-A607-7BC55AB1DC39}] => (Allow) C:\ProgramData\Logishrd\LogiOptions\Software\Current\LogiOptionsMgr.EXE (Logitech Inc -> Logitech, Inc.)
FirewallRules: [{F9164E6F-39EE-4E35-81D9-067E432681A2}] => (Allow) C:\Program Files\WindowsApps\Microsoft.SkypeApp_15.78.159.0_x86__kzf8qxf38zg5c\Skype\Skype.exe (Skype Software Sarl -> Skype Technologies S.A.)
FirewallRules: [{B01CC7BF-461C-4973-A65D-0DD1B8E89769}] => (Allow) C:\Program Files\WindowsApps\Microsoft.SkypeApp_15.78.159.0_x86__kzf8qxf38zg5c\Skype\Skype.exe (Skype Software Sarl -> Skype Technologies S.A.)
FirewallRules: [{109682B1-CB8C-4DC1-AA4F-97C5920A01F5}] => (Allow) C:\Program Files\WindowsApps\Microsoft.SkypeApp_15.78.159.0_x86__kzf8qxf38zg5c\Skype\Skype.exe (Skype Software Sarl -> Skype Technologies S.A.)
FirewallRules: [{E24BEBF0-7961-4468-8B36-B43B30E892DA}] => (Allow) C:\Program Files\WindowsApps\Microsoft.SkypeApp_15.78.159.0_x86__kzf8qxf38zg5c\Skype\Skype.exe (Skype Software Sarl -> Skype Technologies S.A.)
FirewallRules: [{5A2E9522-BC99-433F-AE07-12284CC5496A}] => (Allow) C:\Users\baile\Downloads\iTunes.exe (Apple Inc. -> Apple Inc.)
FirewallRules: [{E063C019-70C6-42D0-BE28-D7378F0FB7B2}] => (Allow) C:\Users\baile\New folder\bin\cef\cef.win7x64\steamwebhelper.exe (Valve -> Valve Corporation)
FirewallRules: [{4765E7B2-E045-474A-99DF-C6F971C7A6CC}] => (Allow) C:\Users\baile\New folder\bin\cef\cef.win7x64\steamwebhelper.exe (Valve -> Valve Corporation)
FirewallRules: [{6BF03055-F70E-4244-BA2F-FDDEDF019799}] => (Allow) C:\Users\baile\AppData\Roaming\Zoom\bin\Zoom.exe (Zoom Video Communications, Inc. -> Zoom Video Communications, Inc.)
FirewallRules: [{1C84C52E-82C6-4AC8-8B61-CFEEDFDD7ECA}] => (Allow) C:\Users\baile\New folder\steamapps\common\Rebel Forces\RebelForces.exe () [File not signed]
FirewallRules: [{CCCC2654-EEB2-49C0-9DE2-FA07E08758E9}] => (Allow) C:\Users\baile\New folder\steamapps\common\Rebel Forces\RebelForces.exe () [File not signed]
FirewallRules: [{AB9F7C8B-357B-4AA5-8551-8FC526F6C262}] => (Allow) C:\Users\baile\New folder\Steam.exe (Valve -> Valve Corporation)
FirewallRules: [{E54CB9F1-20C0-41D4-8AFC-40C587F5A399}] => (Allow) C:\Users\baile\New folder\Steam.exe (Valve -> Valve Corporation)
FirewallRules: [{DB029122-856A-4900-896E-B5F828836049}] => (Allow) C:\Program Files (x86)\Bonjour\mDNSResponder.exe (Apple Inc. -> Apple Inc.)
FirewallRules: [{6733E1F9-EA29-4E45-9CFA-FD25A297EAB6}] => (Allow) C:\Program Files (x86)\Bonjour\mDNSResponder.exe (Apple Inc. -> Apple Inc.)
FirewallRules: [{0FD7C4B0-A458-45A0-A28F-74DD83578761}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe (Apple Inc. -> Apple Inc.)
FirewallRules: [{205AC0AE-3A23-4EFF-9D8D-1407C7350A9B}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe (Apple Inc. -> Apple Inc.)
FirewallRules: [{BB9E4FCE-C6D4-4D79-A5B5-6596087E3486}] => (Allow) C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc. -> Apple Inc.)
FirewallRules: [{F110E177-1997-42B6-AB07-24234331214B}] => (Allow) C:\Program Files\Microsoft Office 15\root\Office15\outlook.exe (Microsoft Corporation -> Microsoft Corporation)
FirewallRules: [TCP Query User{131D7F90-ACA0-4069-96D0-1F3A00E14292}C:\users\baile\appdata\local\microsoft\skypeforbusinessplugin\16.2.0.511\pluginhost.exe] => (Allow) C:\users\baile\appdata\local\microsoft\skypeforbusinessplugin\16.2.0.511\pluginhost.exe (Microsoft Corporation -> Microsoft Corporation)
FirewallRules: [UDP Query User{FB915863-E8D0-430A-BAF4-DFE4634B338A}C:\users\baile\appdata\local\microsoft\skypeforbusinessplugin\16.2.0.511\pluginhost.exe] => (Allow) C:\users\baile\appdata\local\microsoft\skypeforbusinessplugin\16.2.0.511\pluginhost.exe (Microsoft Corporation -> Microsoft Corporation)
FirewallRules: [{33CE38FA-6092-4F6D-AC37-434A6AEE9C72}] => (Allow) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google LLC -> Google LLC)
FirewallRules: [{460F3311-31E3-4CE0-9814-B3366E99FB88}] => (Allow) C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.174.631.0_x86__zpdnekdrzrea0\Spotify.exe (Spotify AB -> Spotify Ltd)
FirewallRules: [{401546A9-991F-42F7-9CAD-89470B6EACB0}] => (Allow) C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.174.631.0_x86__zpdnekdrzrea0\Spotify.exe (Spotify AB -> Spotify Ltd)
FirewallRules: [{0DBC0934-F40A-4BFC-A432-0FCCC3861A7D}] => (Allow) C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.174.631.0_x86__zpdnekdrzrea0\Spotify.exe (Spotify AB -> Spotify Ltd)
FirewallRules: [{F986C698-5240-47D9-B669-9001FE055540}] => (Allow) C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.174.631.0_x86__zpdnekdrzrea0\Spotify.exe (Spotify AB -> Spotify Ltd)
FirewallRules: [{DEFB7CC9-7B47-4B5C-AFF6-F290EFAD1A98}] => (Allow) C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.174.631.0_x86__zpdnekdrzrea0\Spotify.exe (Spotify AB -> Spotify Ltd)
FirewallRules: [{84CAD95E-4FD0-493C-B4ED-FB8C6DCFE238}] => (Allow) C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.174.631.0_x86__zpdnekdrzrea0\Spotify.exe (Spotify AB -> Spotify Ltd)
FirewallRules: [{BDAB208D-46FC-4CD4-853E-F64AEF642D0C}] => (Allow) C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.174.631.0_x86__zpdnekdrzrea0\Spotify.exe (Spotify AB -> Spotify Ltd)
FirewallRules: [{A4AC18B0-9235-4B63-B700-258CA269AA70}] => (Allow) C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.174.631.0_x86__zpdnekdrzrea0\Spotify.exe (Spotify AB -> Spotify Ltd)

==================== Restore Points =========================

10-12-2021 19:34:05 Windows Modules Installer
12-12-2021 11:05:30 Restore Point Created by FRST

==================== Faulty Device Manager Devices ============

==================== Event log errors: ========================

Application errors:
==================
Error: (12/12/2021 11:06:28 AM) (Source: VSS) (EventID: 8193) (User: )
Description: Volume Shadow Copy Service error: Unexpected error calling routine CoCreateInstance. hr = 0x8007045b, A system shutdown is in progress.
.

Error: (12/12/2021 11:06:28 AM) (Source: VSS) (EventID: 13) (User: )
Description: Volume Shadow Copy Service information: The COM Server with CLSID {4e14fba2-2e22-11d1-9964-00c04fbbb345} and name CEventSystem cannot be started. [0x8007045b, A system shutdown is in progress.
]

Error: (12/09/2021 01:47:29 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: svchost.exe_FrameServer, version: 10.0.19041.546, time stamp: 0x058e175a
Faulting module name: combase.dll, version: 10.0.19041.1348, time stamp: 0xbaf10630
Exception code: 0xc0000005
Fault offset: 0x00000000000d1898
Faulting process id: 0x774
Faulting application start time: 0x01d7ecd0f213728b
Faulting application path: C:\WINDOWS\System32\svchost.exe
Faulting module path: C:\WINDOWS\System32\combase.dll
Report Id: 741cac91-c031-46d6-ae11-e99ec49c118a
Faulting package full name:
Faulting package-relative application ID:

Error: (12/09/2021 12:48:05 AM) (Source: VSS) (EventID: 8193) (User: )
Description: Volume Shadow Copy Service error: Unexpected error calling routine CoCreateInstance. hr = 0x8007045b, A system shutdown is in progress.
.

Error: (12/09/2021 12:48:05 AM) (Source: VSS) (EventID: 13) (User: )
Description: Volume Shadow Copy Service information: The COM Server with CLSID {4e14fba2-2e22-11d1-9964-00c04fbbb345} and name CEventSystem cannot be started. [0x8007045b, A system shutdown is in progress.
]

Error: (12/09/2021 12:48:05 AM) (Source: VSS) (EventID: 8193) (User: )
Description: Volume Shadow Copy Service error: Unexpected error calling routine CoCreateInstance. hr = 0x8007045b, A system shutdown is in progress.
.

Error: (12/09/2021 12:48:05 AM) (Source: VSS) (EventID: 13) (User: )
Description: Volume Shadow Copy Service information: The COM Server with CLSID {4e14fba2-2e22-11d1-9964-00c04fbbb345} and name CEventSystem cannot be started. [0x8007045b, A system shutdown is in progress.
]

Error: (12/06/2021 12:00:07 PM) (Source: Microsoft-Windows-Perflib) (EventID: 1023) (User: YOGA720-15IKB)
Description: Windows cannot load the extensible counter DLL "C:\WINDOWS\system32\sysmain.dll" (Win32 error code 126).

System errors:
=============
Error: (12/12/2021 11:06:29 AM) (Source: Microsoft-Windows-WLAN-AutoConfig) (EventID: 10003) (User: NT AUTHORITY)
Description: WLAN Extensibility Module has stopped unexpectedly.

Module Path: C:\WINDOWS\system32\IntelIHVRouter06.dll

Error: (12/12/2021 11:06:29 AM) (Source: Microsoft-Windows-WLAN-AutoConfig) (EventID: 10003) (User: NT AUTHORITY)
Description: WLAN Extensibility Module has stopped unexpectedly.

Module Path: C:\WINDOWS\system32\IntelIHVRouter06.dll

Error: (12/12/2021 11:06:27 AM) (Source: Microsoft-Windows-WLAN-AutoConfig) (EventID: 10003) (User: NT AUTHORITY)
Description: WLAN Extensibility Module has stopped unexpectedly.

Module Path: C:\WINDOWS\system32\IntelIHVRouter06.dll

Error: (12/12/2021 11:06:26 AM) (Source: DCOM) (EventID: 10010) (User: YOGA720-15IKB)
Description: The server {AB8902B4-09CA-4BB6-B78D-A8F59079A8D5} did not register with DCOM within the required timeout.

Error: (12/12/2021 11:06:26 AM) (Source: DCOM) (EventID: 10010) (User: YOGA720-15IKB)
Description: The server {AB8902B4-09CA-4BB6-B78D-A8F59079A8D5} did not register with DCOM within the required timeout.

Error: (12/12/2021 11:06:26 AM) (Source: DCOM) (EventID: 10010) (User: YOGA720-15IKB)
Description: The server {AB8902B4-09CA-4BB6-B78D-A8F59079A8D5} did not register with DCOM within the required timeout.

Error: (12/12/2021 11:05:37 AM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: The System Interface Foundation Service service terminated unexpectedly. It has done this 1 time(s).

Error: (12/12/2021 11:05:37 AM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: The Windows Search service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 30000 milliseconds: Restart the service.

Windows Defender:
================
Date: 2021-12-10 14:44:11
Description:
Microsoft Defender Antivirus scan has been stopped before completion.
Scan Type: Antimalware
Scan Parameters: Quick Scan

Date: 2021-12-09 20:10:55
Description:
Microsoft Defender Antivirus scan has been stopped before completion.
Scan Type: Antimalware
Scan Parameters: Quick Scan

Date: 2021-12-08 12:12:38
Description:
Microsoft Defender Antivirus scan has been stopped before completion.
Scan Type: Antimalware
Scan Parameters: Quick Scan

Date: 2021-12-07 11:58:00
Description:
Microsoft Defender Antivirus scan has been stopped before completion.
Scan Type: Antimalware
Scan Parameters: Quick Scan
Event[0]:

Date: 2021-12-07 10:07:32
Description:
Microsoft Defender Antivirus has encountered an error trying to update security intelligence.
New security intelligence Version:
Previous security intelligence Version: 1.353.2180.0
Update Source: Microsoft Update Server
Security intelligence Type: AntiVirus
Update Type: Full
Current Engine Version:
Previous Engine Version: 1.1.18700.4
Error code: 0x80240438
Error description: An unexpected problem occurred while checking for updates. For information on installing or troubleshooting updates, see Help and Support.

==================== Memory info ===========================

BIOS: LENOVO 4MCN33WW(V2.05) 07/19/2018
Motherboard: LENOVO LNVNB161216
Processor: Intel(R) Core(TM) i7-7700HQ CPU @ 2.80GHz
Percentage of memory in use: 55%
Total physical RAM: 8050.39 MB
Available physical RAM: 3549.42 MB
Total Virtual: 11122.39 MB
Available Virtual: 6589.39 MB

==================== Drives ================================

Drive c: (Windows) (Fixed) (Total:212.23 GB) (Free:63.76 GB) NTFS
Drive d: (LENOVO) (Fixed) (Total:25 GB) (Free:12.17 GB) NTFS

\\?\Volume{f502dc90-57ed-4a7b-a2e2-fa55f122b281}\ (WINRE_DRV) (Fixed) (Total:0.98 GB) (Free:0.44 GB) NTFS
\\?\Volume{d43090cd-ee40-4e84-a945-39394c9839b4}\ (SYSTEM_DRV) (Fixed) (Total:0.25 GB) (Free:0.22 GB) FAT32

==================== MBR & Partition Table ====================

==========================================================
Disk: 0 (Size: 238.5 GB) (Disk ID: A3FF1E49)

Partition: GPT.

==================== End of Addition.txt =======================
 
#55 ·
Hi, Sportsmom.

For some reason the supportaccount returns. Whatever it is, I don't like it.

Try this:

FRST fix

NOTICE: This script was written specifically for this user. Running it on another machine may cause damage to your operating system
  • Please select the entire contents of the code box below, from the "Start::" line to "End::", including both lines. Right-click and select "Copy ". No need to paste anything to anywhere.
Code: 
Start::
CreateRestorePoint:
CloseProcesses:
supportaccount (S-1-5-21-260720292-2504253849-2348319339-1003 - Administrator - Enabled)
EmptyTemp:
End::
  • Please right-click on FRST64 on your Desktop, to run it as administrator. When the tool opens, click "yes" to the disclaimer.
  • Press the Fix button once and wait.
  • FRST will process fixlist.txt
  • When finished, it will produce a log fixlog.txt on your Desktop.
  • Please post the log in your next reply.

After the above, run FRST once more, to check the two logs (Addition and FRST).
 
Save
Like Like
Discussion starter · #56 ·
Fix result of Farbar Recovery Scan Tool (x64) Version: 11-12-2021
Ran by bailey (12-12-2021 13:58:44) Run:10
Running from C:\Users\baile\Desktop
Loaded Profiles: bailey
Boot Mode: Normal
==============================================

fixlist content:
*****************
CreateRestorePoint:
CloseProcesses:
supportaccount (S-1-5-21-260720292-2504253849-2348319339-1003 - Administrator - Enabled)
EmptyTemp:

*****************

Restore point was successfully created.
Processes closed successfully.
supportaccount (S-1-5-21-260720292-2504253849-2348319339-1003 - Administrator - Enabled) => removed successfully

=========== EmptyTemp: ==========

BITS transfer queue => 0 B
DOMStore, IE Recovery, AppCache, Feeds Cache, Thumbcache, IconCache => 8439970 B
Java, Flash, Steam htmlcache => 0 B
Windows/system/drivers => 693018 B
Edge => 0 B
Chrome => 441204793 B
Firefox => 0 B
Opera => 0 B

Temp, IE cache, history, cookies, recent:
Default => 0 B
ProgramData => 0 B
Public => 0 B
systemprofile => 0 B
systemprofile32 => 0 B
LocalService => 0 B
NetworkService => 2004 B
baile => 485793 B

RecycleBin => 86401 B
EmptyTemp: => 430 MB temporary data Removed.

================================


The system needed a reboot.

==== End of Fixlog 13:59:08 ====
 
#57 ·
Can I see the fresh FRST logs please?
 
Save
Like Like
Discussion starter · #58 ·
Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 11-12-2021
Ran by bailey (administrator) on YOGA720-15IKB (LENOVO 80X7) (13-12-2021 02:21:43)
Running from C:\Users\baile\Desktop
Loaded Profiles: bailey
Platform: Microsoft Windows 10 Home Version 21H2 19044.1348 (X64) Language: English (United States)
Default browser: Chrome
Boot Mode: Normal

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(Adobe Inc. -> Adobe Systems, Incorporated) C:\Program Files (x86)\Common Files\Adobe\AdobeGCClient\AGMService.exe
(Adobe Inc. -> Adobe Systems, Incorporated) C:\Program Files (x86)\Common Files\Adobe\AdobeGCClient\AGSService.exe
(Apple Inc. -> Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(Apple Inc. -> Apple Inc.) C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(Apple Inc.) C:\Program Files\WindowsApps\AppleInc.iCloud_13.0.201.0_x86__nzyj5cx40ttqa\iCloud\APSDaemon.exe
(Apple Inc.) C:\Program Files\WindowsApps\AppleInc.iCloud_13.0.201.0_x86__nzyj5cx40ttqa\iCloud\iCloudServices.exe
(Dolby Laboratories, Inc. -> ) C:\Program Files\Dolby\Dolby DAX3\API\DAX3API.exe
(Dolby Laboratories, Inc. -> Dolby Laboratories, Inc.) C:\Program Files\Dolby\Dolby DAX3\APP\DAX3TrayIcon.exe
(Express Vpn LLC -> ExpressVPN) C:\Program Files (x86)\ExpressVPN\bootstrap\amd64\nssm.exe
(Express Vpn LLC -> ExpressVPN) C:\Program Files (x86)\ExpressVPN\expressvpnd\expressvpnd.exe
(Express Vpn LLC -> ExpressVPN) C:\Program Files (x86)\ExpressVPN\expressvpn-ui\ExpressVPN.exe
(Express Vpn LLC -> ExpressVPN) C:\Program Files (x86)\ExpressVPN\expressvpn-ui\ExpressVPNNotificationService.exe
(Google LLC -> Google LLC) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe <14>
(Google LLC -> Google LLC) C:\Program Files (x86)\Google\Update\1.3.36.112\GoogleCrashHandler.exe
(Google LLC -> Google LLC) C:\Program Files (x86)\Google\Update\1.3.36.112\GoogleCrashHandler64.exe
(HP Inc. -> HP Inc.) C:\Program Files\HPPrintScanDoctor\HPPrintScanDoctorService.exe
(Intel Corporation -> Intel Corporation) C:\Windows\System32\Intel\DPTF\esif_uf.exe
(Intel Corporation -> Intel Corporation) C:\Windows\Temp\DPTF\esif_assist_64.exe
(Intel(R) pGFX -> Intel Corporation) C:\Windows\System32\DriverStore\FileRepository\igdlh64.inf_amd64_3d757484a892eacf\igfxCUIService.exe
(Intel(R) pGFX -> Intel Corporation) C:\Windows\System32\DriverStore\FileRepository\igdlh64.inf_amd64_3d757484a892eacf\igfxEM.exe
(Intel(R) pGFX -> Intel Corporation) C:\Windows\System32\DriverStore\FileRepository\igdlh64.inf_amd64_3d757484a892eacf\IntelCpHDCPSvc.exe
(Intel(R) pGFX -> Intel Corporation) C:\Windows\System32\DriverStore\FileRepository\igdlh64.inf_amd64_3d757484a892eacf\IntelCpHeciSvc.exe
(Intel(R) Wireless Connectivity Solutions -> Intel Corporation) C:\Windows\System32\ibtsiva.exe
(Logitech Inc -> Logitech) C:\ProgramData\Logishrd\LogiOptions\Software\Current\LogiOverlay.exe
(Logitech Inc -> Logitech, Inc.) C:\Program Files\Logitech\LogiOptions\LogiOptions.exe
(Logitech Inc -> Logitech, Inc.) C:\ProgramData\Logishrd\LogiOptions\Software\Current\LogiOptionsMgr.exe
(Microsoft Corporation -> Microsoft Corporation) C:\Program Files\Microsoft Office 15\ClientX64\officeclicktorun.exe
(Microsoft Corporation -> Microsoft Corporation) C:\Program Files\Microsoft Office 15\root\office15\ONENOTEM.EXE
(Microsoft Corporation -> Microsoft Corporation) C:\Program Files\Microsoft Office 15\root\office15\outlook.exe
(Microsoft Corporation -> Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v3.0\WPF\PresentationFontCache.exe
(Microsoft Corporation) C:\Program Files\WindowsApps\Microsoft.549981C3F5F10_3.2110.13603.0_x64__8wekyb3d8bbwe\Cortana.exe
(Microsoft Corporation) C:\Program Files\WindowsApps\Microsoft.XboxGamingOverlay_5.721.12013.0_x64__8wekyb3d8bbwe\GameBar.exe
(Microsoft Corporation) C:\Program Files\WindowsApps\Microsoft.XboxGamingOverlay_5.721.12013.0_x64__8wekyb3d8bbwe\GameBarFTServer.exe
(Microsoft Corporation) C:\Program Files\WindowsApps\Microsoft.YourPhone_1.21111.123.0_x64__8wekyb3d8bbwe\YourPhoneAppProxy\YourPhoneAppProxy.exe
(Microsoft Corporation) C:\Program Files\WindowsApps\Microsoft.ZuneMusic_10.21102.11411.0_x64__8wekyb3d8bbwe\Music.UI.exe
(Microsoft Windows -> Microsoft Corporation) C:\Windows\ImmersiveControlPanel\SystemSettings.exe
(Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\dllhost.exe <2>
(Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\IESettingSync.exe
(Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\smartscreen.exe
(Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\wlanext.exe
(Microsoft Windows -> Microsoft Corporation) C:\Windows\SysWOW64\dllhost.exe
(Microsoft Windows -> Microsoft Corporation) C:\Windows\SysWOW64\SearchProtocolHost.exe
(Microsoft Windows Publisher -> Microsoft Corporation) C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.2110.6-0\MpCopyAccelerator.exe
(Microsoft Windows Publisher -> Microsoft Corporation) C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.2110.6-0\MsMpEng.exe
(Microsoft Windows Publisher -> Microsoft Corporation) C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.2110.6-0\NisSrv.exe
(Realtek Semiconductor Corp. -> Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe <3>
(Realtek Semiconductor Corp. -> Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
(Realtek Semiconductor Corp. -> Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RtkAudioService64.exe
(Wacom Technology Corp. -> Wacom Technology) C:\Program Files\Tablet\ISD\WacomHost.exe
(Wacom Technology Corporation -> Wacom Technology, Corp.) C:\Program Files\Tablet\ISD\ISD_Tablet.exe
(Wacom Technology Corporation -> Wacom Technology, Corp.) C:\Program Files\Tablet\ISD\ISD_TabletUser.exe
(Wacom Technology Corporation -> Wacom Technology, Corp.) C:\Program Files\Tablet\ISD\WTabletServiceISD.exe
(Western Digital Technologies, Inc. -> Western Digital Technologies, Inc.) C:\Program Files (x86)\Western Digital\WD App Manager\Plugins\WD Backup\App\WDBackupService.exe
(Western Digital Technologies, Inc. -> Western Digital Technologies, Inc.) C:\Program Files (x86)\Western Digital\WD App Manager\WDAppManager.exe

==================== Registry (Whitelisted) ===================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [AdobeAAMUpdater-1.0] => C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe [509936 2018-04-10] (Adobe Systems Incorporated -> Adobe Systems Incorporated)
HKLM\...\Run: [AdobeGCInvoker-1.0] => C:\Program Files (x86)\Common Files\Adobe\AdobeGCClient\AGCInvokerUtility.exe [3426560 2021-11-23] (Adobe Inc. -> Adobe Systems, Incorporated)
HKLM\...\Run: [RTHDVCPL] => C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [18382824 2017-08-10] (Realtek Semiconductor Corp. -> Realtek Semiconductor)
HKLM\...\Run: [RtHDVBg_Dolby] => C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe [1493992 2017-08-10] (Realtek Semiconductor Corp. -> Realtek Semiconductor)
HKLM\...\Run: [RtHDVBg_LENOVO_DOLBYDRAGON] => C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe [1493992 2017-08-10] (Realtek Semiconductor Corp. -> Realtek Semiconductor)
HKLM\...\Run: [iTunesHelper] => C:\Users\baile\Downloads\iTunesHelper.exe [340440 2021-04-16] (Apple Inc. -> Apple Inc.)
HKLM\...\Run: [LogiOptions] => C:\Program Files\Logitech\LogiOptions\LogiOptions.exe [1675680 2021-09-24] (Logitech Inc -> Logitech, Inc.)
HKLM\...\Run: [APP] => C:\Program Files\Dolby\Dolby DAX3\APP\DAX3TrayIcon.exe [999216 2017-04-28] (Dolby Laboratories, Inc. -> Dolby Laboratories, Inc.)
HKLM\...\Run: [Logitech Download Assistant] => C:\Windows\System32\LogiLDA.dll [3831808 2021-08-30] (Microsoft Windows Hardware Compatibility Publisher -> Logitech)
HKLM-x32\...\Run: [WDAppManager] => C:\Program Files (x86)\Western Digital\WD App Manager\AppManagerLauncher.exe [21888 2018-01-24] (Western Digital Technologies, Inc. -> Western Digital Technologies, Inc.)
HKLM-x32\...\Run: [Polarr] => C:\ProgramData\SquirrelMachineInstalls\Polarr.exe [73300232 2020-06-16] (Polarr, Inc. -> Polarr, Inc.) [File not signed]
HKLM-x32\...\Run: [Fitbit Connect] => C:\Users\baile\Downloads\Fitbit Connect.exe [3414184 2015-09-11] (Fitbit, Inc. -> Fitbit, Inc.) [File not signed]
HKLM-x32\...\Run: [ExpressVPNNotificationService] => C:\Program Files (x86)\ExpressVPN\expressvpn-ui\ExpressVPNNotificationServiceStarter.exe [373600 2021-01-18] (Express Vpn LLC -> ExpressVPN)
HKU\S-1-5-21-260720292-2504253849-2348319339-1001\...\Run: [Fitbit Connect] => C:\Users\baile\Downloads\Fitbit Connect.exe [3414184 2015-09-11] (Fitbit, Inc. -> Fitbit, Inc.) [File not signed]
HKU\S-1-5-21-260720292-2504253849-2348319339-1001\...\Run: [Steam] => C:\Users\baile\New folder\steam.exe [3421984 2020-12-07] (Valve -> Valve Corporation)
HKU\S-1-5-21-260720292-2504253849-2348319339-1001\...\Run: [ExpressVPN4] => C:\Program Files (x86)\ExpressVPN\expressvpn-ui\ExpressVPN.exe [850272 2021-01-18] (Express Vpn LLC -> ExpressVPN)
HKU\S-1-5-21-260720292-2504253849-2348319339-1001\...\RunOnce: [Delete Cached Update Binary] => C:\WINDOWS\system32\cmd.exe /q /c del /q "C:\Users\baile\AppData\Local\Microsoft\OneDrive\Update\OneDriveSetup.exe"
HKU\S-1-5-21-260720292-2504253849-2348319339-1001\...\RunOnce: [Delete Cached Standalone Update Binary] => C:\WINDOWS\system32\cmd.exe /q /c del /q "C:\Users\baile\AppData\Local\Microsoft\OneDrive\StandaloneUpdater\OneDriveSetup.exe"
HKU\S-1-5-21-260720292-2504253849-2348319339-1001\...\RunOnce: [Uninstall 21.220.1024.0005] => C:\WINDOWS\system32\cmd.exe /q /c rmdir /s /q "C:\Users\baile\AppData\Local\Microsoft\OneDrive\21.220.1024.0005"
HKLM\...\Print\Monitors\HP 5912 Status Monitor: hpinksts5912LM.dll
HKLM\Software\Microsoft\Active Setup\Installed Components: [{8A69D345-D564-463c-AFF1-A69D9E530F96}] -> C:\Program Files (x86)\Google\Chrome\Application\96.0.4664.93\Installer\chrmstp.exe [2021-12-08] (Google LLC -> Google LLC)
Startup: C:\Users\baile\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Send to OneNote.lnk [2021-12-09]
ShortcutTarget: Send to OneNote.lnk -> C:\Program Files\Microsoft Office 15\root\office15\ONENOTEM.EXE (Microsoft Corporation -> Microsoft Corporation)

==================== Scheduled Tasks (Whitelisted) ============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

Task: {0E41EACB-602F-472D-A50B-BAC99EBC6892} - System32\Tasks\AdobeAAMUpdater-1.0-MicrosoftAccount-baileyl032017@outlook.com => C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe [509936 2018-04-10] (Adobe Systems Incorporated -> Adobe Systems Incorporated)
Task: {10D771B3-2D11-4309-B81F-F345B570E2B4} - System32\Tasks\CreateExplorerShellUnelevatedTask => C:\WINDOWS\Explorer.exe /NOUACCHECK
Task: {138C7D27-E8F7-45CF-824E-5382F35FB876} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [153168 2017-12-30] (Google Inc -> Google Inc.)
Task: {1F3D31A8-1D0B-47FF-8300-4DE9302035ED} - System32\Tasks\HPPSDrTelemetryWatch => C:\Program Files (x86)\HP\Diagnostics\TelemetryWatch\PSDrTelemetryWatch.exe [32808 2020-01-14] (HP Inc. -> )
Task: {20FDF483-B4A8-4CEF-A0DD-BFD065B5ED91} - System32\Tasks\Microsoft\Windows\Windows Defender\Windows Defender Verification => C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.2110.6-0\MpCmdRun.exe [901056 2021-11-02] (Microsoft Windows Publisher -> Microsoft Corporation)
Task: {25B126E2-E129-4B8C-A051-AE8F6C2AC12F} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [153168 2017-12-30] (Google Inc -> Google Inc.)
Task: {59866E19-5E2E-4586-9F79-52A3BD86C3B6} - System32\Tasks\Microsoft\Windows\Windows Defender\Windows Defender Cache Maintenance => C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.2110.6-0\MpCmdRun.exe [901056 2021-11-02] (Microsoft Windows Publisher -> Microsoft Corporation)
Task: {75101032-CD10-4D65-928B-35A3A80C5829} - System32\Tasks\Microsoft\Windows\Windows Defender\Windows Defender Cleanup => C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.2110.6-0\MpCmdRun.exe [901056 2021-11-02] (Microsoft Windows Publisher -> Microsoft Corporation)
Task: {8B91E542-FE4C-432F-BF64-0EC991CA49A9} - System32\Tasks\Microsoft\Windows\Windows Defender\Windows Defender Scheduled Scan => C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.2110.6-0\MpCmdRun.exe [901056 2021-11-02] (Microsoft Windows Publisher -> Microsoft Corporation)
Task: {90484D13-C697-40E3-9114-7AF344EA07BB} - System32\Tasks\AdobeGCInvoker-1.0 => C:\Program Files (x86)\Common Files\Adobe\AdobeGCClient\AGCInvokerUtility.exe [3426560 2021-11-23] (Adobe Inc. -> Adobe Systems, Incorporated)
Task: {A9273BAF-7D29-4FA6-8AD5-DB9A00224729} - System32\Tasks\Microsoft\Office\Office ClickToRun Service Monitor => C:\Program Files\Microsoft Office 15\ClientX64\OfficeC2RClient.exe [972184 2021-03-17] (Microsoft Corporation -> Microsoft Corporation)
Task: {BBEF7351-1502-4175-AC87-4BAB29443B41} - \Agent Activation Runtime\S-1-5-21-260720292-2504253849-2348319339-1001 -> No File <==== ATTENTION
Task: {D7E912F0-CD6F-456B-A47A-42DCED783974} - System32\Tasks\AdobeAAMUpdater-1.0-YOGA720-15IKB-bailey => C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe [509936 2018-04-10] (Adobe Systems Incorporated -> Adobe Systems Incorporated)
Task: {E631038B-2CFE-4CA4-9F1F-8732D0DFB9A8} - \Apple\AppleSoftwareUpdate -> No File <==== ATTENTION
Task: {EC6B61A4-0F42-49F5-83DA-B1C2D337B005} - System32\Tasks\Microsoft\Office\Office Automatic Updates => C:\Program Files\Microsoft Office 15\ClientX64\OfficeC2RClient.exe [972184 2021-03-17] (Microsoft Corporation -> Microsoft Corporation)

(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

Tcpip\Parameters: [DhcpNameServer] 192.168.1.1
Tcpip\..\Interfaces\{22bdf8f0-d55e-4cab-bdff-f39f79a367ff}: [NameServer] 10.186.0.1
Tcpip\..\Interfaces\{3c4a9f21-8085-4361-98eb-ab3060e81302}: [DhcpNameServer] 192.168.1.1

Edge:
=======
DownloadDir: C:\Users\baile\Downloads
Edge Notifications: HKU\S-1-5-21-260720292-2504253849-2348319339-1001 -> hxxps://gundersenhealthengage.mrcommunities.com
Edge DefaultProfile: Default
Edge Profile: C:\Users\baile\AppData\Local\Microsoft\Edge\User Data\Default [2021-12-13]
Edge HomePage: Default -> hxxp://www.google.com/
Edge StartupUrls: Default -> "hxxp://www.google.com/"
Edge Extension: (Honey) - C:\Users\baile\AppData\Local\Microsoft\Edge\User Data\Default\Extensions\amnbcmdbanbkjhnfoeceemmmdiepnbpp [2021-12-04]
Edge Extension: (LastPass: Free Password Manager) - C:\Users\baile\AppData\Local\Microsoft\Edge\User Data\Default\Extensions\bbcinlkgjjkejfdpemiealijmmooekmp [2021-12-04]
Edge Extension: (Grammarly for Microsoft Edge) - C:\Users\baile\AppData\Local\Microsoft\Edge\User Data\Default\Extensions\cnlefmmeadmemmdciolhbnfeacpdfbkd [2021-12-10]
Edge Extension: (Fancy & Cool Text Generator) - C:\Users\baile\AppData\Local\Microsoft\Edge\User Data\Default\Extensions\fafnphaopehepcmfnakggljonnhkofpk [2021-12-04]
Edge Extension: (Rakuten: Get Cash Back For Shopping) - C:\Users\baile\AppData\Local\Microsoft\Edge\User Data\Default\Extensions\gmmlpenookphoknnpfilofakghemolmg [2021-12-04]
Edge HKLM-x32\...\Edge\Extension: [ihcjicgdanjaechkgeegckofjjedodee]

FireFox:
========
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\Program Files\Microsoft Office 15\root\Office15\NPSPWRAP.DLL [2017-12-20] (Microsoft Corporation -> Microsoft Corporation)
FF Plugin-x32: @parallelgraphics.com/Cortona -> C:\Program Files (x86)\Common Files\ParallelGraphics\Cortona\npcortona.dll [2019-09-12] (Parallel Graphics Limited -> ParallelGraphics)
FF Plugin HKU\S-1-5-21-260720292-2504253849-2348319339-1001: @rocketlife.com/RocketLife Secure Plug-In Layer;version=1.0.5 -> C:\Users\baile\AppData\Roaming\Visan\plugins\npRLSecurePluginLayer.dll [2011-11-15] (RocketLife -> RocketLife, LLP)
FF Plugin HKU\S-1-5-21-260720292-2504253849-2348319339-1001: SkypeForBusinessPlugin-16.2 -> C:\Users\baile\AppData\Local\Microsoft\SkypeForBusinessPlugin\16.2.0.511\npGatewayNpapi.dll [2019-08-03] (Microsoft Corporation -> Microsoft Corporation)
FF Plugin HKU\S-1-5-21-260720292-2504253849-2348319339-1001: SkypeForBusinessPlugin64-16.2 -> C:\Users\baile\AppData\Local\Microsoft\SkypeForBusinessPlugin\16.2.0.511\npGatewayNpapi-x64.dll [2019-08-03] (Microsoft Corporation -> Microsoft Corporation)

Chrome:
=======
CHR DefaultProfile: Default
CHR Profile: C:\Users\baile\AppData\Local\Google\Chrome\User Data\Default [2021-12-13]
CHR Notifications: Default -> hxxps://typiccor.com; hxxps://www.facebook.com; hxxps://www.youtube.com
CHR HomePage: Default -> file:///C:/Users/Owner/Documents/Medical
CHR StartupUrls: Default -> "hxxp://google.com/"
CHR Extension: (Slides) - C:\Users\baile\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2017-12-30]
CHR Extension: (Docs) - C:\Users\baile\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2017-12-30]
CHR Extension: (Google Drive) - C:\Users\baile\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2020-10-20]
CHR Extension: (YouTube) - C:\Users\baile\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2017-12-30]
CHR Extension: (Honey) - C:\Users\baile\AppData\Local\Google\Chrome\User Data\Default\Extensions\bmnlcjabgnpnenekpadlanbbkooimhnj [2021-11-19]
CHR Extension: (Rakuten: Get Cash Back For Shopping) - C:\Users\baile\AppData\Local\Google\Chrome\User Data\Default\Extensions\chhjbpecpncaggjpdakmflnfcopglcmi [2021-11-18]
CHR Extension: (Netflix) - C:\Users\baile\AppData\Local\Google\Chrome\User Data\Default\Extensions\deceagebecbceejblnlcjooeohmmeldh [2017-12-30]
CHR Extension: (Sheets) - C:\Users\baile\AppData\Local\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2017-12-30]
CHR Extension: (Google Docs Offline) - C:\Users\baile\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2021-11-30]
CHR Extension: (LastPass: Free Password Manager) - C:\Users\baile\AppData\Local\Google\Chrome\User Data\Default\Extensions\hdokiejnpimakedhajhdlcegeplioahd [2021-11-25]
CHR Extension: (Malwarebytes Browser Guard) - C:\Users\baile\AppData\Local\Google\Chrome\User Data\Default\Extensions\ihcjicgdanjaechkgeegckofjjedodee [2021-11-24]
CHR Extension: (Grammarly for Chrome) - C:\Users\baile\AppData\Local\Google\Chrome\User Data\Default\Extensions\kbfnbcaeplbcioakkpcpgfkobkghlhen [2021-12-05]
CHR Extension: (Capital One Shopping: Add to Chrome for Free) - C:\Users\baile\AppData\Local\Google\Chrome\User Data\Default\Extensions\nenlahapcbofgnanklpelkaejcehkggg [2021-12-07]
CHR Extension: (Chrome Web Store Payments) - C:\Users\baile\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2021-01-28]
CHR Extension: (Gmail) - C:\Users\baile\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2020-10-22]
CHR Profile: C:\Users\baile\AppData\Local\Google\Chrome\User Data\Guest Profile [2020-08-15]
CHR Profile: C:\Users\baile\AppData\Local\Google\Chrome\User Data\System Profile [2020-08-15]
CHR HKLM-x32\...\Chrome\Extension: [ihcjicgdanjaechkgeegckofjjedodee]

==================== Services (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R2 AGMService; C:\Program Files (x86)\Common Files\Adobe\AdobeGCClient\AGMService.exe [3849472 2021-11-23] (Adobe Inc. -> Adobe Systems, Incorporated)
R2 AGSService; C:\Program Files (x86)\Common Files\Adobe\AdobeGCClient\AGSService.exe [3617024 2021-11-23] (Adobe Inc. -> Adobe Systems, Incorporated)
R2 Apple Mobile Device Service; C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe [99104 2021-03-16] (Apple Inc. -> Apple Inc.)
S3 BEService; C:\Program Files (x86)\Common Files\BattlEye\BEService.exe [8473200 2019-06-09] (BattlEye Innovations e.K. -> )
R2 ClickToRunSvc; C:\Program Files\Microsoft Office 15\ClientX64\OfficeClickToRun.exe [3052952 2021-03-17] (Microsoft Corporation -> Microsoft Corporation)
R2 Dolby DAX API Service; C:\Program Files\Dolby\Dolby DAX3\API\DAX3API.exe [212784 2017-04-28] (Dolby Laboratories, Inc. -> )
S3 EasyAntiCheat; C:\Program Files (x86)\EasyAntiCheat\EasyAntiCheat.exe [803440 2019-06-09] (EasyAntiCheat Oy -> EasyAntiCheat Ltd)
R2 ExpressVPNService; C:\Program Files (x86)\ExpressVPN\bootstrap\amd64\nssm.exe [437088 2021-01-18] (Express Vpn LLC -> ExpressVPN)
R2 HPPrintScanDoctorService; C:\Program Files\HPPrintScanDoctor\HPPrintScanDoctorService.exe [299680 2021-11-01] (HP Inc. -> HP Inc.)
S3 MBAMService; C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe [7848632 2021-11-07] (Malwarebytes Inc -> Malwarebytes)
S3 WD Backup Drive Helper; C:\WINDOWS\SysWOW64\dllhost.exe /Processid:{4AB831D3-8315-414C-8A7A-303105288D0B} [19256 2021-10-06] (Microsoft Windows -> Microsoft Corporation)
S3 WD Backup Snapshot; C:\WINDOWS\SysWOW64\dllhost.exe /Processid:{302480DF-3AC5-4400-BE7B-DD77AF93B6DD} [19256 2021-10-06] (Microsoft Windows -> Microsoft Corporation)
R3 WdNisSvc; C:\ProgramData\Microsoft\Windows Defender\platform\4.18.2110.6-0\NisSrv.exe [2872024 2021-11-02] (Microsoft Windows Publisher -> Microsoft Corporation)
R2 WinDefend; C:\ProgramData\Microsoft\Windows Defender\platform\4.18.2110.6-0\MsMpEng.exe [128376 2021-11-02] (Microsoft Windows Publisher -> Microsoft Corporation)

===================== Drivers (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

S3 aftap0901; C:\WINDOWS\System32\drivers\aftap0901.sys [48624 2018-03-06] (AnchorFree Inc -> The OpenVPN Project)
S3 expressvpnsplittunnel; C:\Program Files (x86)\ExpressVPN\splittunnel\expressvpnsplittunnel.sys [37024 2021-01-18] (ExprsVPN LLC -> ExpressVPN)
R3 expressvpnwintun; C:\WINDOWS\System32\drivers\expressvpn-wintun.sys [46824 2021-01-18] (Express VPN International Ltd. -> ExpressVPN)
S0 MbamElam; C:\WINDOWS\System32\DRIVERS\MbamElam.sys [19912 2020-12-27] (Microsoft Windows Early Launch Anti-malware Publisher -> Malwarebytes)
S3 MBAMSwissArmy; C:\WINDOWS\System32\Drivers\mbamswissarmy.sys [248992 2021-11-07] (Malwarebytes Inc -> Malwarebytes)
S3 Netaapl; C:\WINDOWS\System32\drivers\netaapl64.sys [23040 2017-11-27] (Microsoft Windows Hardware Compatibility Publisher -> Apple Inc.)
R3 tap0901; C:\WINDOWS\System32\drivers\tap0901.sys [39040 2018-08-15] (GZ Systems Limited -> The OpenVPN Project)
R3 tapexpressvpn; C:\WINDOWS\System32\drivers\tapexpressvpn.sys [52904 2021-01-18] (ExprsVPN LLC -> The OpenVPN Project)
S3 USBAAPL64; C:\WINDOWS\System32\Drivers\usbaapl64.sys [54784 2017-11-27] (Microsoft Windows Hardware Compatibility Publisher -> Apple, Inc.)
R3 WacHidRouterISD; C:\WINDOWS\system32\DRIVERS\wachidrouter_isd.sys [142424 2017-05-24] (Wacom Technology Corporation -> Wacom Technology, Corp.)
S0 WdBoot; C:\WINDOWS\System32\drivers\wd\WdBoot.sys [48520 2021-11-02] (Microsoft Windows Early Launch Anti-malware Publisher -> Microsoft Corporation)
S3 WDC_SAM; C:\WINDOWS\System32\drivers\wdcsam64.sys [26880 2015-11-12] (WDKTestCert wdclab,130885612892544312 -> Western Digital Technologies, Inc.)
R0 WdFilter; C:\WINDOWS\System32\drivers\wd\WdFilter.sys [435424 2021-11-02] (Microsoft Windows -> Microsoft Corporation)
R3 WdNisDrv; C:\WINDOWS\System32\drivers\wd\WdNisDrv.sys [86240 2021-11-02] (Microsoft Windows -> Microsoft Corporation)

==================== NetSvcs (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

==================== One month (created) (Whitelisted) =========

(If an entry is included in the fixlist, the file/folder will be moved.)

2021-12-13 02:21 - 2021-12-13 02:22 - 000024680 _____ C:\Users\baile\Desktop\FRST.txt
2021-12-12 23:08 - 2021-12-12 23:08 - 000003588 _____ C:\WINDOWS\system32\Tasks\OneDrive Reporting Task-S-1-5-21-260720292-2504253849-2348319339-1001
2021-12-12 13:58 - 2021-12-12 13:59 - 000001299 _____ C:\Users\baile\Desktop\Fixlog.txt
2021-12-12 11:01 - 2021-12-12 11:01 - 000000166 _____ C:\Users\baile\Desktop\fix.reg
2021-12-11 23:14 - 2021-12-11 23:14 - 000000000 ____D C:\Users\baile\Documents\My Media
2021-12-11 00:13 - 2021-12-11 00:13 - 000003386 _____ C:\WINDOWS\system32\Tasks\MicrosoftEdgeUpdateTaskMachineCore1d7eac7dfec1a48
2021-12-10 22:03 - 2021-12-10 22:03 - 000000000 ____D C:\Users\baile\Documents\New folder
2021-12-07 09:55 - 2021-12-07 09:55 - 000000000 ____D C:\Users\baile\AppData\Local\TempTaskUpdateDetection571071D5-D41E-4820-80EE-1A7417AC8614
2021-12-06 13:33 - 2021-12-06 11:41 - 000000000 ____D C:\Windows.old
2021-12-06 12:40 - 2021-12-12 01:04 - 000000000 ____D C:\Users\baile\Desktop\FRST-OlderVersion
2021-12-06 11:44 - 2021-12-12 14:07 - 000840598 _____ C:\WINDOWS\system32\PerfStringBackup.INI
2021-12-06 11:43 - 2021-12-06 11:43 - 000000000 ____D C:\ProgramData\Microsoft OneDrive
2021-12-06 11:41 - 2021-12-12 23:08 - 000003376 _____ C:\WINDOWS\system32\Tasks\OneDrive Standalone Update Task-S-1-5-21-260720292-2504253849-2348319339-1001
2021-12-06 11:41 - 2021-12-12 22:24 - 000004164 _____ C:\WINDOWS\system32\Tasks\User_Feed_Synchronization-{B393C7FE-B95B-48A2-8819-C5B1623E23B2}
2021-12-06 11:41 - 2021-12-12 13:59 - 000000006 ____H C:\WINDOWS\Tasks\SA.DAT
2021-12-06 11:41 - 2021-12-11 00:13 - 000003480 _____ C:\WINDOWS\system32\Tasks\MicrosoftEdgeUpdateTaskMachineUA
2021-12-06 11:41 - 2021-12-10 14:45 - 000003522 _____ C:\WINDOWS\system32\Tasks\AdobeGCInvoker-1.0
2021-12-06 11:41 - 2021-12-07 09:56 - 000000000 ____D C:\WINDOWS\system32\Tasks\Intel
2021-12-06 11:41 - 2021-12-06 11:41 - 000003348 _____ C:\WINDOWS\system32\Tasks\GoogleUpdateTaskMachineUA
2021-12-06 11:41 - 2021-12-06 11:41 - 000003184 _____ C:\WINDOWS\system32\Tasks\MicrosoftEdgeUpdateTaskMachineCore
2021-12-06 11:41 - 2021-12-06 11:41 - 000003124 _____ C:\WINDOWS\system32\Tasks\GoogleUpdateTaskMachineCore
2021-12-06 11:41 - 2021-12-06 11:41 - 000002858 _____ C:\WINDOWS\system32\Tasks\OneDrive Standalone Update Task-S-1-5-21-260720292-2504253849-2348319339-1003
2021-12-06 11:41 - 2021-12-06 11:41 - 000002848 _____ C:\WINDOWS\system32\Tasks\HPPSDrTelemetryWatch
2021-12-06 11:41 - 2021-12-06 11:41 - 000002814 _____ C:\WINDOWS\system32\Tasks\AdobeAAMUpdater-1.0-MicrosoftAccount-baileyl032017@outlook.com
2021-12-06 11:41 - 2021-12-06 11:41 - 000002770 _____ C:\WINDOWS\system32\Tasks\AdobeAAMUpdater-1.0-YOGA720-15IKB-bailey
2021-12-06 11:41 - 2021-12-06 11:41 - 000002768 _____ C:\WINDOWS\system32\Tasks\OneDrive Standalone Update Task v2
2021-12-06 11:41 - 2021-12-06 11:41 - 000002588 _____ C:\WINDOWS\system32\Tasks\CreateExplorerShellUnelevatedTask
2021-12-06 11:41 - 2021-12-06 11:41 - 000000020 ___SH C:\Users\baile\ntuser.ini
2021-12-06 11:41 - 2021-12-06 11:41 - 000000000 ____D C:\WINDOWS\system32\Tasks\S-1-5-21-260720292-2504253849-2348319339-1001
2021-12-06 11:40 - 2021-12-06 11:41 - 000007623 _____ C:\WINDOWS\diagwrn.xml
2021-12-06 11:40 - 2021-12-06 11:41 - 000007623 _____ C:\WINDOWS\diagerr.xml
2021-12-06 11:35 - 2021-12-06 11:35 - 000001087 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Wacom Pen.lnk
2021-12-06 11:35 - 2021-12-06 11:35 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Dolby
2021-12-06 11:35 - 2021-12-06 11:35 - 000000000 ____D C:\Program Files\Dolby
2021-12-06 11:35 - 2021-12-06 11:35 - 000000000 ____D C:\Program Files\Common Files\Dolby
2021-12-06 11:35 - 2017-09-18 05:22 - 000140312 _____ (Khronos Group) C:\WINDOWS\system32\OpenCL.DLL
2021-12-06 11:35 - 2017-09-18 05:22 - 000116760 _____ (Khronos Group) C:\WINDOWS\SysWOW64\OpenCL.DLL
2021-12-06 11:34 - 2021-12-12 23:42 - 000000000 ____D C:\WINDOWS\system32\SleepStudy
2021-12-06 11:34 - 2021-12-06 11:34 - 000442704 _____ C:\WINDOWS\system32\FNTCACHE.DAT
2021-12-06 11:19 - 2021-12-06 13:33 - 000000000 ____D C:\WINDOWS\system32\config\bbimigrate
2021-12-06 11:18 - 2021-12-12 23:08 - 000002386 _____ C:\Users\baile\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\OneDrive.lnk
2021-12-06 11:18 - 2021-12-06 11:41 - 000000000 ____D C:\Users\baile
2021-12-06 11:16 - 2021-12-06 11:19 - 000000000 ____D C:\WINDOWS\ServiceProfiles
2021-12-06 11:11 - 2021-12-06 11:11 - 000272384 _____ C:\WINDOWS\system32\TpmTool.exe
2021-12-06 11:11 - 2021-12-06 11:11 - 000223744 _____ C:\WINDOWS\SysWOW64\TpmTool.exe
2021-12-06 11:11 - 2021-12-06 11:11 - 000060928 _____ C:\WINDOWS\system32\runexehelper.exe
2021-12-06 11:11 - 2021-12-06 11:11 - 000011363 _____ C:\WINDOWS\system32\DrtmAuthTxt.wim
2021-12-06 11:05 - 2019-10-15 13:53 - 000076060 _____ C:\WINDOWS\system32\xpsrchvw.xml
2021-12-06 11:05 - 2019-04-18 18:49 - 000076060 _____ C:\WINDOWS\SysWOW64\xpsrchvw.xml
2021-12-06 11:04 - 2021-12-06 13:33 - 000000000 ____D C:\WINDOWS\IAStorAfsService
2021-12-06 11:04 - 2021-12-06 11:04 - 000000000 ____D C:\Program Files\Reference Assemblies
2021-12-06 11:04 - 2021-12-06 11:04 - 000000000 ____D C:\Program Files\MSBuild
2021-12-06 11:04 - 2021-12-06 11:04 - 000000000 ____D C:\Program Files (x86)\Reference Assemblies
2021-12-06 11:04 - 2021-12-06 11:04 - 000000000 ____D C:\Program Files (x86)\MSBuild
2021-12-06 10:59 - 2021-12-06 10:59 - 000008192 _____ C:\WINDOWS\system32\config\userdiff
2021-12-06 03:09 - 2021-12-06 11:41 - 000000000 ___DC C:\WINDOWS\Panther
2021-12-06 03:04 - 2021-12-06 03:08 - 000000000 ____D C:\ESD
2021-12-06 03:03 - 2021-12-06 03:03 - 000000000 ___HD C:\$Windows.~WS
2021-12-04 05:50 - 2021-12-04 05:50 - 008540344 _____ (Malwarebytes) C:\Users\baile\Desktop\AdwCleaner.exe
2021-12-03 03:18 - 2021-12-03 03:18 - 000048251 _____ C:\Users\baile\AppData\LocalLow\wbkF666.tmp
2021-12-03 03:17 - 2021-12-08 02:14 - 000000000 ____D C:\Users\baile\Documents\Stem Cells
2021-12-01 22:14 - 2021-12-12 01:04 - 002311168 _____ (Farbar) C:\Users\baile\Desktop\FRST64.exe
2021-12-01 22:12 - 2021-12-01 22:12 - 000064513 _____ C:\Users\baile\Desktop\frst.htm
2021-12-01 21:51 - 2021-12-01 21:55 - 002311680 _____ (Farbar) C:\Users\baile\Downloads\FRST64.exe
2021-11-30 05:32 - 2021-11-30 05:32 - 000001942 _____ C:\Users\baile\Desktop\PC Health Check.lnk
2021-11-30 05:32 - 2021-11-30 05:32 - 000001352 _____ C:\Users\baile\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\PC Health Check.lnk
2021-11-30 05:32 - 2021-11-30 05:32 - 000000000 ___RD C:\Users\baile\AppData\Local\PCHealthCheck
2021-11-30 05:31 - 2021-11-30 05:31 - 014233600 _____ C:\Users\baile\Downloads\WindowsPCHealthCheckSetup.msi
2021-11-29 17:54 - 2021-11-29 17:54 - 000000000 ____D C:\Users\baile\AppData\Local\LogiBolt
2021-11-29 17:53 - 2021-12-06 13:33 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Logitech
2021-11-29 17:53 - 2021-12-06 13:33 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Logi
2021-11-29 17:53 - 2021-11-29 17:54 - 000000000 ____D C:\ProgramData\Logishrd
2021-11-29 17:53 - 2021-11-29 17:53 - 000000000 ____D C:\Users\baile\AppData\Roaming\Logishrd
2021-11-29 17:53 - 2021-11-29 17:53 - 000000000 ____D C:\Program Files\Logitech
2021-11-29 17:53 - 2021-11-29 17:53 - 000000000 ____D C:\Program Files\Logi

==================== One month (modified) ==================

(If an entry is included in the fixlist, the file/folder will be moved.)

2021-12-13 02:21 - 2020-08-05 03:17 - 000000000 ____D C:\FRST
2021-12-13 02:12 - 2017-12-20 15:47 - 000000000 ____D C:\Users\baile\Documents\Outlook Files
2021-12-13 02:00 - 2017-12-20 00:53 - 000000000 ____D C:\Users\baile\AppData\Local\Adobe
2021-12-13 01:50 - 2019-12-07 03:14 - 000000000 ____D C:\ProgramData\regid.1991-06.com.microsoft
2021-12-13 01:27 - 2017-12-30 22:57 - 000000000 ____D C:\Program Files (x86)\Google
2021-12-12 23:44 - 2018-04-24 19:10 - 000000000 ____D C:\Users\baile\Documents\Amazon
2021-12-12 22:25 - 2019-10-01 20:08 - 000000000 ___HD C:\Users\Public\Documents\AdobeGCData
2021-12-12 22:03 - 2019-03-11 01:04 - 000000000 ____D C:\Users\baile\Documents\Kitchen
2021-12-12 19:20 - 2018-01-05 00:17 - 000000000 ____D C:\Users\baile\Documents\Dog Information
2021-12-12 14:07 - 2019-12-07 03:13 - 000000000 ____D C:\WINDOWS\INF
2021-12-12 13:59 - 2020-06-17 16:53 - 000008192 ___SH C:\DumpStack.log.tmp
2021-12-12 13:59 - 2019-12-07 03:14 - 000000000 ____D C:\WINDOWS\ServiceState
2021-12-12 13:59 - 2019-12-07 03:03 - 001048576 _____ C:\WINDOWS\system32\config\BBI
2021-12-12 11:25 - 2019-12-07 03:14 - 000000000 ____D C:\WINDOWS\AppReadiness
2021-12-12 11:05 - 2020-06-18 10:02 - 000000000 ____D C:\WINDOWS\Lenovo
2021-12-12 11:05 - 2017-11-09 18:26 - 000000000 ____D C:\ProgramData\Lenovo
2021-12-12 09:56 - 2020-06-26 02:38 - 000002445 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Edge.lnk
2021-12-12 09:56 - 2020-06-26 02:38 - 000002283 _____ C:\Users\Public\Desktop\Microsoft Edge.lnk
2021-12-12 09:56 - 2019-12-07 03:14 - 000000000 ___HD C:\Program Files\WindowsApps
2021-12-11 00:13 - 2021-01-23 13:37 - 000000000 ____D C:\Program Files\Microsoft Update Health Tools
2021-12-10 19:34 - 2019-12-07 03:03 - 000000000 ____D C:\WINDOWS\CbsTemp
2021-12-10 01:31 - 2018-02-12 23:29 - 000000000 ____D C:\Users\baile\Documents\Recipies
2021-12-08 21:04 - 2020-07-13 22:29 - 000002267 _____ C:\Users\Public\Desktop\Google Chrome.lnk
2021-12-08 21:04 - 2017-12-30 22:58 - 000002308 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk
2021-12-08 04:08 - 2019-12-07 03:14 - 000000000 ____D C:\WINDOWS\appcompat
2021-12-07 09:59 - 2019-12-07 03:14 - 000000000 ____D C:\WINDOWS\system32\NDF
2021-12-06 14:04 - 2017-12-19 21:12 - 000000000 ____D C:\Users\baile\AppData\Local\Packages
2021-12-06 13:52 - 2019-06-21 12:20 - 000000000 ____D C:\Users\baile\Documents\Social Security
2021-12-06 13:33 - 2021-04-26 13:56 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\iTunes
2021-12-06 13:33 - 2020-11-26 14:07 - 000000000 ____D C:\Users\baile\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Zoom
2021-12-06 13:33 - 2020-11-24 15:24 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Steam
2021-12-06 13:33 - 2020-08-01 00:51 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Fitbit Connect
2021-12-06 13:33 - 2020-07-05 21:02 - 000000000 ____D C:\Users\baile\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\GitHub, Inc
2021-12-06 13:33 - 2020-03-28 21:56 - 000000000 ____D C:\Users\baile\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps
2021-12-06 13:33 - 2019-12-07 03:14 - 000028672 _____ C:\WINDOWS\system32\config\BCD-Template
2021-12-06 13:33 - 2019-12-07 03:14 - 000000000 __RHD C:\Users\Public\Libraries
2021-12-06 13:33 - 2019-12-07 03:14 - 000000000 ____D C:\WINDOWS\SysWOW64\Macromed
2021-12-06 13:33 - 2019-12-07 03:14 - 000000000 ____D C:\WINDOWS\system32\WinBioDatabase
2021-12-06 13:33 - 2019-12-07 03:14 - 000000000 ____D C:\WINDOWS\system32\Tasks_Migrated
2021-12-06 13:33 - 2019-12-07 03:14 - 000000000 ____D C:\WINDOWS\system32\spool
2021-12-06 13:33 - 2019-12-07 03:14 - 000000000 ____D C:\WINDOWS\system32\Macromed
2021-12-06 13:33 - 2019-12-07 03:14 - 000000000 ____D C:\WINDOWS\LiveKernelReports
2021-12-06 13:33 - 2019-12-07 03:14 - 000000000 ____D C:\Program Files\Common Files\microsoft shared
2021-12-06 13:33 - 2019-06-18 10:29 - 000000000 ____D C:\Program Files\UNP
2021-12-06 13:33 - 2018-12-29 22:02 - 000000000 ____D C:\Users\baile\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Steam
2021-12-06 13:33 - 2018-11-28 18:21 - 000000000 ____D C:\Users\baile\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Grammarly
2021-12-06 13:33 - 2018-09-15 01:33 - 000000000 ____D C:\WINDOWS\system32\MsDtc
2021-12-06 13:33 - 2018-05-18 20:26 - 000000000 ___RD C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Wacom Tablet
2021-12-06 13:33 - 2018-04-12 03:19 - 000000000 ____D C:\WINDOWS\SysWOW64\gd-GB
2021-12-06 13:33 - 2018-01-13 00:06 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\OverDrive for Windows
2021-12-06 13:33 - 2017-12-20 16:49 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Office 2013
2021-12-06 13:33 - 2017-12-20 01:08 - 000000000 ____D C:\ProgramData\regid.1986-12.com.adobe
2021-12-06 13:33 - 2017-11-09 18:43 - 000000000 ____D C:\Program Files\Tablet
2021-12-06 13:33 - 2017-11-09 18:41 - 000000000 ____D C:\Program Files\Intel
2021-12-06 12:39 - 2017-12-20 00:25 - 000000000 ____D C:\Users\baile\AppData\Local\PlaceholderTileLogoFolder
2021-12-06 11:57 - 2019-12-07 03:14 - 000000000 ___RD C:\WINDOWS\PrintDialog
2021-12-06 11:41 - 2019-12-07 03:14 - 000000000 ___RD C:\WINDOWS\ImmersiveControlPanel
2021-12-06 11:41 - 2019-12-07 03:14 - 000000000 ____D C:\WINDOWS\system32\oobe
2021-12-06 11:41 - 2019-12-07 03:14 - 000000000 ____D C:\Program Files\Windows Defender
2021-12-06 11:41 - 2019-12-07 03:03 - 000032768 _____ C:\WINDOWS\system32\config\ELAM
2021-12-06 11:41 - 2017-12-19 21:41 - 000000000 ___RD C:\Users\baile\3D Objects
2021-12-06 11:41 - 2017-03-23 11:27 - 000000000 __RHD C:\Users\Public\AccountPictures
2021-12-06 11:38 - 2019-12-07 03:14 - 000000000 __RSD C:\WINDOWS\Media
2021-12-06 11:38 - 2019-12-07 03:14 - 000000000 ____D C:\WINDOWS\Registration
2021-12-06 11:38 - 2017-12-19 21:14 - 000027280 _____ C:\WINDOWS\system32\emptyregdb.dat
2021-12-06 11:35 - 2019-12-07 03:14 - 000000000 ____D C:\WINDOWS\system32\WinBioPlugIns
2021-12-06 11:35 - 2017-11-09 18:43 - 000312687 _____ C:\WINDOWS\system32\Drivers\rtkhdasetting.zip
2021-12-06 11:35 - 2017-11-09 18:43 - 000000000 ____D C:\WINDOWS\system32\DAX3
2021-12-06 11:35 - 2017-11-09 18:43 - 000000000 ____D C:\WINDOWS\system32\DAX2
2021-12-06 11:35 - 2017-11-09 18:42 - 000000000 ____D C:\WINDOWS\SysWOW64\RTCOM
2021-12-06 11:33 - 2019-12-07 03:18 - 000000000 ____D C:\WINDOWS\Setup
2021-12-06 11:30 - 2019-12-07 03:14 - 000000000 ____D C:\ProgramData\USOPrivate
2021-12-06 11:19 - 2020-01-12 00:04 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\WD Discovery
2021-12-06 11:19 - 2019-12-07 03:14 - 000000000 ____D C:\WINDOWS\Resources
2021-12-06 11:19 - 2017-11-09 18:43 - 000000000 ____D C:\WINDOWS\system32\Intel
2021-12-06 11:19 - 2017-11-09 18:42 - 000000000 ____D C:\Program Files\Realtek
2021-12-06 11:14 - 2019-12-07 03:14 - 000000000 ___SD C:\WINDOWS\system32\DiagSvcs
2021-12-06 11:14 - 2019-12-07 03:14 - 000000000 ____D C:\WINDOWS\SysWOW64\setup
2021-12-06 11:14 - 2019-12-07 03:14 - 000000000 ____D C:\WINDOWS\SysWOW64\lv-LV
2021-12-06 11:14 - 2019-12-07 03:14 - 000000000 ____D C:\WINDOWS\SysWOW64\lt-LT
2021-12-06 11:14 - 2019-12-07 03:14 - 000000000 ____D C:\WINDOWS\SysWOW64\et-EE
2021-12-06 11:14 - 2019-12-07 03:14 - 000000000 ____D C:\WINDOWS\SysWOW64\es-MX
2021-12-06 11:14 - 2019-12-07 03:14 - 000000000 ____D C:\WINDOWS\SysWOW64\Dism
2021-12-06 11:14 - 2019-12-07 03:14 - 000000000 ____D C:\WINDOWS\SystemResources
2021-12-06 11:14 - 2019-12-07 03:14 - 000000000 ____D C:\WINDOWS\system32\setup
2021-12-06 11:14 - 2019-12-07 03:14 - 000000000 ____D C:\WINDOWS\system32\lv-LV
2021-12-06 11:14 - 2019-12-07 03:14 - 000000000 ____D C:\WINDOWS\system32\lt-LT
2021-12-06 11:14 - 2019-12-07 03:14 - 000000000 ____D C:\WINDOWS\system32\et-EE
2021-12-06 11:14 - 2019-12-07 03:14 - 000000000 ____D C:\WINDOWS\system32\es-MX
2021-12-06 11:14 - 2019-12-07 03:14 - 000000000 ____D C:\WINDOWS\system32\Dism
2021-12-06 11:14 - 2019-12-07 03:14 - 000000000 ____D C:\WINDOWS\ShellExperiences
2021-12-06 11:14 - 2019-12-07 03:14 - 000000000 ____D C:\WINDOWS\bcastdvr
2021-12-06 11:14 - 2019-12-07 03:03 - 000000000 ____D C:\WINDOWS\servicing
2021-12-04 18:50 - 2018-04-09 19:37 - 000000000 ____D C:\Users\baile\Documents\Purchases off Internet
2021-12-04 18:47 - 2018-04-29 19:25 - 000000000 ____D C:\Users\baile\Documents\Mom and Dad
2021-12-04 18:45 - 2018-10-16 22:39 - 000000000 ____D C:\Users\baile\Documents\Ricki Lowe
2021-12-04 18:43 - 2018-08-10 22:37 - 000000000 ____D C:\Users\baile\Documents\Politics
2021-12-04 18:42 - 2018-01-30 22:07 - 000000000 ____D C:\Users\baile\Documents\Insurance
2021-12-04 18:40 - 2018-03-31 18:25 - 000000000 ____D C:\Users\baile\Documents\Margie Birthday
2021-12-04 18:37 - 2019-10-15 21:06 - 000000000 ____D C:\Users\baile\Documents\Medicare
2021-12-04 18:36 - 2021-06-02 20:30 - 000000000 ____D C:\Users\baile\Documents\Fax
2021-12-04 18:34 - 2018-01-05 00:16 - 000000000 ____D C:\Users\baile\Documents\Crafts
2021-12-04 18:33 - 2018-01-05 00:16 - 000000000 ____D C:\Users\baile\Documents\Computer
2021-12-04 18:30 - 2018-01-07 19:34 - 000000000 ____D C:\Users\baile\Documents\Camping
2021-12-04 18:27 - 2018-01-05 00:16 - 000000000 ____D C:\Users\baile\Documents\Cabin Oct 2017
2021-12-04 18:24 - 2018-01-13 01:01 - 000000000 ____D C:\Users\baile\Documents\Boat
2021-12-04 18:23 - 2021-01-17 14:59 - 000000000 ____D C:\Users\baile\Documents\Barrett Cook Book
2021-12-04 18:23 - 2018-02-12 18:35 - 000000000 ____D C:\Users\baile\Documents\Bank of America
2021-12-04 18:13 - 2020-12-04 00:11 - 000000000 ____D C:\ProgramData\Luminar 4
2021-12-04 05:34 - 2020-08-12 21:25 - 000000000 ____D C:\Users\baile\AppData\LocalLow\Temp
2021-12-02 01:34 - 2018-05-05 14:45 - 000000000 ____D C:\Users\baile\Documents\Pam
2021-12-01 21:58 - 2020-08-05 03:18 - 000039246 _____ C:\Users\baile\Downloads\Addition.txt
2021-12-01 21:58 - 2020-08-05 03:17 - 000042236 _____ C:\Users\baile\Downloads\FRST.txt
2021-11-28 20:30 - 2020-01-16 21:03 - 000000000 ____D C:\Users\baile\Documents\2020 Calif Trip
2021-11-28 20:30 - 2018-01-05 00:16 - 000000000 ____D C:\Users\baile\Documents\2 Pam Health Savings Account
2021-11-26 23:41 - 2018-04-10 00:41 - 000000000 ____D C:\Users\baile\Documents\Battle Pirates
2021-11-26 23:01 - 2018-06-21 03:36 - 000000000 ____D C:\Users\baile\AppData\Local\CrashDumps
2021-11-26 22:39 - 2020-12-20 18:18 - 000000000 ____D C:\Users\baile\Documents\Christmas
2021-11-25 21:02 - 2018-01-05 00:17 - 000000000 ____D C:\Users\baile\Documents\Verizon
2021-11-19 13:49 - 2018-06-17 15:34 - 000000000 ____D C:\ProgramData\Packages
2021-11-19 03:34 - 2017-12-20 16:49 - 000000000 ____D C:\Program Files\Microsoft Office 15
2021-11-17 16:36 - 2018-05-27 12:01 - 000000000 ____D C:\Users\baile\Documents\DNR Licenses

==================== Files in the root of some directories ========

2018-09-25 22:03 - 2018-09-25 22:03 - 000000000 _____ () C:\Users\baile\AppData\Local\oobelibMkey.log
2019-08-09 16:03 - 2019-08-09 16:03 - 000000017 _____ () C:\Users\baile\AppData\Local\resmon.resmoncfg

==================== SigCheck ============================

(There is no automatic fix for files that do not pass verification.)

==================== End of FRST.txt ========================
 
Discussion starter · #59 ·
Additional scan result of Farbar Recovery Scan Tool (x64) Version: 11-12-2021
Ran by bailey (13-12-2021 02:22:47)
Running from C:\Users\baile\Desktop
Microsoft Windows 10 Home Version 21H2 19044.1348 (X64) (2021-12-06 17:41:42)
Boot Mode: Normal
==========================================================

==================== Accounts: =============================

(If an entry is included in the fixlist, it will be removed.)

Administrator (S-1-5-21-260720292-2504253849-2348319339-500 - Administrator - Disabled)
Baile (S-1-5-21-260720292-2504253849-2348319339-1002 - Limited - Disabled)
bailey (S-1-5-21-260720292-2504253849-2348319339-1001 - Administrator - Enabled) => C:\Users\baile
DefaultAccount (S-1-5-21-260720292-2504253849-2348319339-503 - Limited - Disabled)
Guest (S-1-5-21-260720292-2504253849-2348319339-501 - Limited - Disabled)
WDAGUtilityAccount (S-1-5-21-260720292-2504253849-2348319339-504 - Limited - Disabled)

==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AV: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AV: Malwarebytes (Enabled - Up to date) {23007AD3-69FE-687C-2629-D584AFFAF72B}
AS: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

==================== Installed Programs ======================

(Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

Adobe Genuine Service (HKLM-x32\...\AdobeGenuineService) (Version: 7.6.0.52 - Adobe Inc.)
Amazon Games (HKU\S-1-5-21-260720292-2504253849-2348319339-1001\...\{4DD10B06-78A4-4E6F-AA39-25E9C38FA568}) (Version: 2.1.5699.1 - Amazon.com Services, Inc.)
Amazon Photos (HKU\S-1-5-21-260720292-2504253849-2348319339-1001\...\Amazon Photos) (Version: 6.5.0 - Amazon.com, Inc.)
Apple Application Support (32-bit) (HKLM-x32\...\{C3A282C9-4C8B-4A63-B449-3A064FB378D7}) (Version: 8.2 - Apple Inc.)
Apple Application Support (64-bit) (HKLM\...\{CC046FB9-E84E-4092-B924-DBE33DA2BE75}) (Version: 8.2 - Apple Inc.)
Apple Mobile Device Support (HKLM\...\{74CC99EB-7DC0-4CB0-847A-F8C2FE39690C}) (Version: 14.5.0.7 - Apple Inc.)
Apple Software Update (HKLM-x32\...\{A3985C05-7386-411F-A4BF-32A73F37EB44}) (Version: 2.6.3.1 - Apple Inc.)
Bonjour (HKLM\...\{56DDDFB8-7F79-4480-89D5-25E1F52AB28F}) (Version: 3.1.0.1 - Apple Inc.)
Cortona3D Viewer (HKLM\...\{71C24FD8-9FA4-4727-B1CB-E22B1E6D8403}) (Version: 8.6.212 - ParallelGraphics)
Dolby Atmos Windows API SDK (HKLM\...\{1F4A261B-588C-4A43-B1F0-49365AC430C7}) (Version: 1.1.3.23 - Dolby Laboratories, Inc.)
Dolby Atmos Windows APP (HKLM\...\{3CCE82BF-69CF-4172-8AFE-1DACB991A62B}) (Version: 1.1.3.21 - Dolby Laboratories, Inc.)
Epic Games Launcher Prerequisites (x64) (HKLM\...\{F9C5C994-F6B9-4D75-B3E7-AD01B84073E9}) (Version: 1.0.0.0 - Epic Games, Inc.) Hidden
ExpressVPN (HKLM-x32\...\{57e033a5-c75e-4823-83af-c1b6b3b759ab}) (Version: 10.0.9.2 - ExpressVPN)
ExpressVPN (HKLM-x32\...\{E5B9C3E5-889C-4F22-A959-F4B876CD0833}) (Version: 10.0.9.2 - ExpressVPN) Hidden
Fitbit Connect (HKLM-x32\...\{F76678F2-2FF6-40D7-9B16-A39B0A820ED2}) (Version: 1.0.3.5512 - Fitbit Inc.)
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 96.0.4664.93 - Google LLC)
Grammarly (HKU\S-1-5-21-260720292-2504253849-2348319339-1001\...\GrammarlyForWindows) (Version: 1.5.45 - Grammarly)
Grammarly for Microsoft® Office Suite (HKLM\...\{DE46CC28-5477-4CFB-9AE2-8C7C111E3EE7}) (Version: 6.8.261 - Grammarly) Hidden
Grammarly for Microsoft® Office Suite (HKU\S-1-5-21-260720292-2504253849-2348319339-1001\...\{ee962c45-b827-4262-a720-3a939910ce37}) (Version: 6.8.261 - Grammarly)
I.R.I.S. OCR (HKLM-x32\...\{CA6BCA2F-EDEB-408F-850B-31404BE16A61}) (Version: 12.3.4.0 - HP)
iCloud Outlook (HKLM\...\{969F33A2-7E0F-43FC-8896-6EF0C028CA12}) (Version: 10.9.0.9 - Apple Inc.)
Intel(R) Chipset Device Software (HKLM-x32\...\{bb0592a7-5772-4736-9d55-2402740085db}) (Version: 10.1.1.38 - Intel(R) Corporation) Hidden
Intel(R) Management Engine Components (HKLM\...\{1CEAC85D-2590-4760-800F-8DE5E91F3700}) (Version: 11.6.0.1039 - Intel Corporation)
Intel(R) Processor Graphics (HKLM-x32\...\{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}) (Version: 21.20.16.4627 - Intel Corporation) Hidden
iTunes (HKLM\...\{653C59E1-B78D-4D82-9259-C14DFD9F6EFC}) (Version: 12.11.3.17 - Apple Inc.)
Launcher Prerequisites (x64) (HKLM-x32\...\{43a03b9c-4770-409c-a999-587b60700b63}) (Version: 1.0.0.0 - Epic Games, Inc.) Hidden
Launcher Prerequisites (x64) (HKLM-x32\...\{c6c5a357-c7ca-4a5f-9789-3bb1af579253}) (Version: 1.0.0.0 - Epic Games, Inc.) Hidden
Logi Bolt (HKLM\...\LogiBolt) (Version: 1.01.415.0 - Logi)
Logitech Options (HKLM\...\LogiOptions) (Version: 9.40.86 - Logitech)
Malwarebytes version 4.4.10.144 (HKLM\...\{35065F43-4BB2-439A-BFF7-0F1014F2E0CD}_is1) (Version: 4.4.10.144 - Malwarebytes)
Microsoft Edge (HKLM-x32\...\Microsoft Edge) (Version: 96.0.1054.53 - Microsoft Corporation)
Microsoft Office Professional 2013 - en-us (HKLM\...\ProfessionalRetail - en-us) (Version: 15.0.5397.1002 - Microsoft Corporation)
Microsoft OneDrive (HKU\S-1-5-21-260720292-2504253849-2348319339-1001\...\OneDriveSetup.exe) (Version: 21.230.1107.0004 - Microsoft Corporation)
Microsoft Update Health Tools (HKLM\...\{E876418F-BE59-4D8C-B9A5-74B056B676FA}) (Version: 2.93.0.0 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{7299052b-02a4-4627-81f2-1818da5d550d}) (Version: 8.0.56336 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{071c9b48-7c32-4621-a0ac-3f809523288f}) (Version: 8.0.56336 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.61030 (HKLM-x32\...\{ca67548a-5ebe-413a-b50c-4b9ceb6d66c6}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.61030 (HKLM-x32\...\{33d1fd90-4274-48a1-9bc1-97e33d9c2d6f}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x64) - 12.0.30501 (HKLM-x32\...\{050d4fc8-5d48-4b8f-8972-47c82c46020f}) (Version: 12.0.30501.0 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x64) - 12.0.40660 (HKLM-x32\...\{ef6b00ec-13e1-4c25-9064-b2f383cb8412}) (Version: 12.0.40660.0 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.30501 (HKLM-x32\...\{f65db027-aff3-4070-886a-0d87064aabb1}) (Version: 12.0.30501.0 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.40660 (HKLM-x32\...\{61087a79-ac85-455c-934d-1fa22cc64f36}) (Version: 12.0.40660.0 - Microsoft Corporation)
Microsoft Visual C++ 2015-2019 Redistributable (x64) - 14.23.27820 (HKLM-x32\...\{852adda4-4c78-4a38-b583-c0b360a329d6}) (Version: 14.23.27820.0 - Microsoft Corporation)
Microsoft Visual C++ 2017 Redistributable (x86) - 14.15.26706 (HKLM-x32\...\{7e9fae12-5bbf-47fb-b944-09c49e75c061}) (Version: 14.15.26706.0 - Microsoft Corporation)
Office 15 Click-to-Run Extensibility Component (HKLM-x32\...\{90150000-008C-0000-0000-0000000FF1CE}) (Version: 15.0.5397.1002 - Microsoft Corporation) Hidden
Office 15 Click-to-Run Licensing Component (HKLM\...\{90150000-008F-0000-1000-0000000FF1CE}) (Version: 15.0.5397.1002 - Microsoft Corporation) Hidden
Office 15 Click-to-Run Localization Component (HKLM-x32\...\{90150000-008C-0409-0000-0000000FF1CE}) (Version: 15.0.5397.1002 - Microsoft Corporation) Hidden
OverDrive for Windows (HKLM-x32\...\{FF27E73D-C30A-4F32-B2D7-22069F01DDB9}) (Version: 3.6.0 - OverDrive, Inc.)
Polarr (HKU\S-1-5-21-260720292-2504253849-2348319339-1001\...\Polarr) (Version: 1.0.0 - Polarr, Inc.)
Skype Meetings App (HKLM-x32\...\{BC1D9E47-8927-4AA1-A891-7763BC2475B7}) (Version: 16.2.0.511 - Microsoft Corporation)
Steam (HKLM-x32\...\Steam) (Version: 2.10.91.91 - Valve Corporation)
Update for Windows 10 for x64-based Systems (KB4023057) (HKLM\...\{16AD6161-2E47-4BF1-AA77-0946EFE93E08}) (Version: 2.61.0.0 - Microsoft Corporation)
Vulkan Run Time Libraries 1.0.33.0 (HKLM\...\VulkanRT1.0.33.0) (Version: 1.0.33.0 - LunarG, Inc.)
Vulkan Run Time Libraries 1.0.42.0 (HKLM\...\VulkanRT1.0.42.0) (Version: 1.0.42.0 - LunarG, Inc.) Hidden
Vulkan Run Time Libraries 1.0.42.0 (HKLM\...\VulkanRT1.0.42.0-2) (Version: 1.0.42.0 - LunarG, Inc.) Hidden
Vulkan Run Time Libraries 1.0.42.0 (HKLM\...\VulkanRT1.0.42.0-3) (Version: 1.0.42.0 - LunarG, Inc.) Hidden
Vulkan Run Time Libraries 1.0.42.0 (HKLM\...\VulkanRT1.0.42.0-4) (Version: 1.0.42.0 - LunarG, Inc.) Hidden
Vulkan Run Time Libraries 1.0.42.0 (HKLM\...\VulkanRT1.0.42.0-5) (Version: 1.0.42.0 - LunarG, Inc.) Hidden
Vulkan Run Time Libraries 1.0.42.0 (HKLM\...\VulkanRT1.0.42.0-6) (Version: 1.0.42.0 - LunarG, Inc.)
Wacom Pen (HKLM\...\ISD Tablet Driver) (Version: 7.3.4-38 - Wacom Technology Corp.)
Wacom Tablet (HKLM\...\Wacom Tablet Driver) (Version: 6.3.29-6 - Wacom Technology Corp.)
WD Backup (HKLM-x32\...\{09C422A7-0421-40A5-933A-9177BEDF9B3B}) (Version: 1.9.6598.18388 - Western Digital Technologies, Inc) Hidden
WD Backup (HKLM-x32\...\{61ccf853-a113-4862-9d4a-6dd2b869c9db}) (Version: 1.9.6598.18388 - Western Digital Technologies, Inc.)
Windows 10 Update Assistant (HKLM-x32\...\{D5C69738-B486-402E-85AC-2456D98A64E4}) (Version: 1.4.9200.22589 - Microsoft Corporation)
Windows PC Health Check (HKLM\...\{014B7442-C784-45D3-A152-F7D2C651F28A}) (Version: 3.3.2110.22002 - Microsoft Corporation)
Windows PC Health Check (HKLM\...\{B1E7D0FD-7CFE-4E0C-A5DA-0F676499DB91}) (Version: 3.2.2110.14001 - Microsoft Corporation)
Zoom (HKU\S-1-5-21-260720292-2504253849-2348319339-1001\...\ZoomUMX) (Version: 5.4.3 (58891.1115) - Zoom Video Communications, Inc.)

Packages:
=========
Autodesk SketchBook -> C:\Program Files\WindowsApps\89006A2E.AutodeskSketchBook_5.1.0.0_x64__tf1gferkr813w [2020-09-27] (Autodesk Inc.)
Bamboo Paper -> C:\Program Files\WindowsApps\D91E29CF.BambooPaper_2.0.23.0_x64__38kynpdw5g1aw [2021-11-18] (Wacom Europe GmbH)
Facebook -> C:\Program Files\WindowsApps\FACEBOOK.FACEBOOK_2021.927.1.0_neutral__8xx8rvfyw5nnt [2021-12-06] (Facebook Inc)
Fitbit -> C:\Program Files\WindowsApps\Fitbit.Fitbit_2.44.1997.0_x64__6mqt6hf9g46tw [2020-09-27] (Fitbit)
HP Smart -> C:\Program Files\WindowsApps\AD2F1837.HPPrinterControl_132.5.268.0_x64__v10z8vjag6ke6 [2021-12-10] (HP Inc.)
iCloud -> C:\Program Files\WindowsApps\AppleInc.iCloud_13.0.201.0_x86__nzyj5cx40ttqa [2021-12-07] (Apple Inc.) [Startup Task]
Instagram -> C:\Program Files\WindowsApps\Facebook.InstagramBeta_42.0.19.0_neutral__8xx8rvfyw5nnt [2021-11-04] (Instagram)
Journalist -> C:\Program Files\WindowsApps\49752MichaelS.Scherotter.Journalist_1.1.631.0_x64__9eg5g21zq32qm [2021-07-27] (Michael S. Scherotter)
LastPass: Free Password Manager -> C:\Program Files\WindowsApps\LastPass.LastPassFreePasswordManager_4.69.0.0_neutral__qq0fmhteeht3j [2021-12-06] (LastPass)
Libby, by OverDrive -> C:\Program Files\WindowsApps\2FA138F6.LibbybyOverDrive_1.4.2.0_x64__daecb9042jmvt [2020-09-27] (OverDrive Inc.)
Messenger -> C:\Program Files\WindowsApps\FACEBOOK.317180B0BB486_1320.12.119.0_x64__8xx8rvfyw5nnt [2021-12-11] (Facebook Inc) [Startup Task]
Microsoft Advertising SDK for XAML -> C:\Program Files\WindowsApps\Microsoft.Advertising.Xaml_10.1811.1.0_x64__8wekyb3d8bbwe [2021-12-06] (Microsoft Corporation) [MS Ad]
Microsoft Advertising SDK for XAML -> C:\Program Files\WindowsApps\Microsoft.Advertising.Xaml_10.1811.1.0_x86__8wekyb3d8bbwe [2021-12-06] (Microsoft Corporation) [MS Ad]
Microsoft Solitaire Collection -> C:\Program Files\WindowsApps\Microsoft.MicrosoftSolitaireCollection_4.11.12030.0_x64__8wekyb3d8bbwe [2021-12-10] (Microsoft Studios) [MS Ad]
Microsoft Whiteboard -> C:\Program Files\WindowsApps\Microsoft.Whiteboard_51.10913.5796.0_x64__8wekyb3d8bbwe [2021-12-01] (Microsoft Corporation)
Netflix -> C:\Program Files\WindowsApps\4DF9E0F8.Netflix_6.97.752.0_x64__mcm4njqhnhss8 [2021-04-15] (Netflix, Inc.)
OverDrive - Library eBooks & Audiobooks -> C:\Program Files\WindowsApps\2FA138F6.OverDriveMediaConsole_3.8.0.5_neutral__daecb9042jmvt [2020-09-27] (OverDrive Inc.)
Pandora -> C:\Program Files\WindowsApps\PandoraMediaInc.29680B314EFC2_15.0.3.0_x64__n619g4d5j0fnw [2020-09-27] (Pandora Media Inc) [Startup Task]
Photos Add-on -> C:\Program Files\WindowsApps\Microsoft.Windows.Photos.DLC.Main_2021.39122.10110.0_x64__8wekyb3d8bbwe [2021-04-15] (Microsoft Corporation)
Photos Media Engine Add-on -> C:\Program Files\WindowsApps\Microsoft.Photos.MediaEngineDLC_1.0.0.0_x64__8wekyb3d8bbwe [2020-09-27] (Microsoft Corporation)
Spotify Music -> C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.174.631.0_x86__zpdnekdrzrea0 [2021-12-11] (Spotify AB) [Startup Task]

==================== Custom CLSID (Whitelisted): ==============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

CustomCLSID: HKU\S-1-5-21-260720292-2504253849-2348319339-1001_Classes\CLSID\{2AD206F1-152C-4F9D-A24E-6F93FE7A4AFC}\InprocServer32 -> C:\Users\baile\AppData\Local\Grammarly\Grammarly for Microsoft Office Suite\6.8.261\D457D793AD\GrammarlyShim64.dll (Grammarly, Inc. -> CompanyName)
CustomCLSID: HKU\S-1-5-21-260720292-2504253849-2348319339-1001_Classes\CLSID\{3E3AD4BD-346A-460A-80E8-90699B75C00B}\InprocServer32 -> C:\Users\baile\AppData\Local\Microsoft\SkypeForBusinessPlugin\16.2.0.511\GatewayActiveX-x64.dll (Microsoft Corporation -> Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-260720292-2504253849-2348319339-1001_Classes\CLSID\{4BE56754-B616-4998-B825-D16983AEE1B2}\InprocServer32 -> C:\Users\baile\AppData\Local\Grammarly\Grammarly for Microsoft Office Suite\6.8.261\D457D793AD\Grammarly.AddIn.Connect.ActiveX.dll (Grammarly, Inc. -> Grammarly)
ContextMenuHandlers3: [MBAMShlExt] -> {57CE581A-0CB6-4266-9CA0-19364C90A0B3} => C:\Program Files\Malwarebytes\Anti-Malware\mbshlext.dll [2020-08-03] (Malwarebytes Corporation -> Malwarebytes)
ContextMenuHandlers5: [igfxDTCM] -> {9B5F5829-A529-4B12-814A-E81BCB8D93FC} => C:\WINDOWS\System32\DriverStore\FileRepository\igdlh64.inf_amd64_3d757484a892eacf\igfxDTCM.dll [2017-09-18] (Microsoft Windows Hardware Compatibility Publisher -> Intel Corporation)
ContextMenuHandlers6: [MBAMShlExt] -> {57CE581A-0CB6-4266-9CA0-19364C90A0B3} => C:\Program Files\Malwarebytes\Anti-Malware\mbshlext.dll [2020-08-03] (Malwarebytes Corporation -> Malwarebytes)

==================== Codecs (Whitelisted) ====================

==================== Shortcuts & WMI ========================

(The entries could be listed to be restored or removed.)

ShortcutWithArgument: C:\Users\baile\Desktop\Hulu.lnk -> C:\Program Files (x86)\Google\Chrome\Application\chrome_proxy.exe (Google LLC) -> --profile-directory=Default --app-id=epffkfffophpagfbbklffindaiconkmc
ShortcutWithArgument: C:\Users\baile\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Hulu.lnk -> C:\Program Files (x86)\Google\Chrome\Application\chrome_proxy.exe (Google LLC) -> --profile-directory=Default --app-id=epffkfffophpagfbbklffindaiconkmc

==================== Loaded Modules (Whitelisted) =============

==================== Alternate Data Streams (Whitelisted) ========

==================== Safe Mode (Whitelisted) ==================

==================== Association (Whitelisted) =================

==================== Internet Explorer (Whitelisted) ==========

HKU\S-1-5-21-260720292-2504253849-2348319339-1001\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://lenovo17win10.msn.com/?pc=LCTE
HKU\S-1-5-21-260720292-2504253849-2348319339-1001\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://lenovo17win10.msn.com/?pc=LCTE
HKU\S-1-5-21-260720292-2504253849-2348319339-1001\Software\Microsoft\Internet Explorer\Main,Secondary Start Pages = hxxp://mystart.lenovo.com/
BHO: Skype for Business Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX64\Microsoft Office\Office15\OCHelper.dll [2021-03-17] (Microsoft Corporation -> Microsoft Corporation)
BHO: Microsoft SkyDrive Pro Browser Helper -> {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} -> C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX64\Microsoft Office\Office15\GROOVEEX.DLL [2021-10-19] (Microsoft Corporation -> Microsoft Corporation)
Handler-x32: osf - {D924BDC6-C83A-4BD5-90D0-095128A113D1} - C:\Program Files\Microsoft Office 15\root\Office15\MSOSB.DLL [2017-12-20] (Microsoft Corporation -> Microsoft Corporation)

==================== Hosts content: =========================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2017-03-18 15:03 - 2019-07-11 01:06 - 000000830 _____ C:\WINDOWS\system32\drivers\etc\hosts

2018-08-20 13:44 - 2021-04-03 23:13 - 000000443 _____ C:\WINDOWS\system32\drivers\etc\hosts.ics

==================== Other Areas ===========================

(Currently there is no automatic fix for this section.)

HKU\S-1-5-21-260720292-2504253849-2348319339-1001\Control Panel\Desktop\\Wallpaper -> C:\Users\baile\Pictures\Saved Pictures\1 My Kids and Family\Brady and Ricki\2_devils lake j (8).jpg
DNS Servers: 192.168.1.1
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1)
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer => (SmartScreenEnabled: )
Windows Firewall is enabled.

==================== MSCONFIG/TASK MANAGER disabled items ==

(If an entry is included in the fixlist, it will be removed.)

MSCONFIG\Services: EasyAntiCheat => 3
MSCONFIG\Services: WTabletServiceISD => 2
MSCONFIG\Services: WTabletServicePro => 2
HKLM\...\StartupApproved\Run: => "Logitech Download Assistant"
HKLM\...\StartupApproved\Run: => "iTunesHelper"
HKLM\...\StartupApproved\Run32: => "Adobe Creative Cloud"
HKLM\...\StartupApproved\Run32: => "Fitbit Connect"
HKLM\...\StartupApproved\Run32: => "Polarr"
HKU\S-1-5-21-260720292-2504253849-2348319339-1001\...\StartupApproved\StartupFolder: => "Facebook Gameroom.lnk"
HKU\S-1-5-21-260720292-2504253849-2348319339-1001\...\StartupApproved\Run: => "OneDrive"
HKU\S-1-5-21-260720292-2504253849-2348319339-1001\...\StartupApproved\Run: => "iCloudServices"
HKU\S-1-5-21-260720292-2504253849-2348319339-1001\...\StartupApproved\Run: => "iCloudDrive"
HKU\S-1-5-21-260720292-2504253849-2348319339-1001\...\StartupApproved\Run: => "Fitbit Connect"
HKU\S-1-5-21-260720292-2504253849-2348319339-1001\...\StartupApproved\Run: => "Steam"
HKU\S-1-5-21-260720292-2504253849-2348319339-1001\...\StartupApproved\Run: => "EpicGamesLauncher"

==================== FirewallRules (Whitelisted) ================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

FirewallRules: [{57382B5D-78B2-4D71-A607-7BC55AB1DC39}] => (Allow) C:\ProgramData\Logishrd\LogiOptions\Software\Current\LogiOptionsMgr.EXE (Logitech Inc -> Logitech, Inc.)
FirewallRules: [{F9164E6F-39EE-4E35-81D9-067E432681A2}] => (Allow) C:\Program Files\WindowsApps\Microsoft.SkypeApp_15.78.159.0_x86__kzf8qxf38zg5c\Skype\Skype.exe (Skype Software Sarl -> Skype Technologies S.A.)
FirewallRules: [{B01CC7BF-461C-4973-A65D-0DD1B8E89769}] => (Allow) C:\Program Files\WindowsApps\Microsoft.SkypeApp_15.78.159.0_x86__kzf8qxf38zg5c\Skype\Skype.exe (Skype Software Sarl -> Skype Technologies S.A.)
FirewallRules: [{109682B1-CB8C-4DC1-AA4F-97C5920A01F5}] => (Allow) C:\Program Files\WindowsApps\Microsoft.SkypeApp_15.78.159.0_x86__kzf8qxf38zg5c\Skype\Skype.exe (Skype Software Sarl -> Skype Technologies S.A.)
FirewallRules: [{E24BEBF0-7961-4468-8B36-B43B30E892DA}] => (Allow) C:\Program Files\WindowsApps\Microsoft.SkypeApp_15.78.159.0_x86__kzf8qxf38zg5c\Skype\Skype.exe (Skype Software Sarl -> Skype Technologies S.A.)
FirewallRules: [{5A2E9522-BC99-433F-AE07-12284CC5496A}] => (Allow) C:\Users\baile\Downloads\iTunes.exe (Apple Inc. -> Apple Inc.)
FirewallRules: [{E063C019-70C6-42D0-BE28-D7378F0FB7B2}] => (Allow) C:\Users\baile\New folder\bin\cef\cef.win7x64\steamwebhelper.exe (Valve -> Valve Corporation)
FirewallRules: [{4765E7B2-E045-474A-99DF-C6F971C7A6CC}] => (Allow) C:\Users\baile\New folder\bin\cef\cef.win7x64\steamwebhelper.exe (Valve -> Valve Corporation)
FirewallRules: [{6BF03055-F70E-4244-BA2F-FDDEDF019799}] => (Allow) C:\Users\baile\AppData\Roaming\Zoom\bin\Zoom.exe (Zoom Video Communications, Inc. -> Zoom Video Communications, Inc.)
FirewallRules: [{1C84C52E-82C6-4AC8-8B61-CFEEDFDD7ECA}] => (Allow) C:\Users\baile\New folder\steamapps\common\Rebel Forces\RebelForces.exe () [File not signed]
FirewallRules: [{CCCC2654-EEB2-49C0-9DE2-FA07E08758E9}] => (Allow) C:\Users\baile\New folder\steamapps\common\Rebel Forces\RebelForces.exe () [File not signed]
FirewallRules: [{AB9F7C8B-357B-4AA5-8551-8FC526F6C262}] => (Allow) C:\Users\baile\New folder\Steam.exe (Valve -> Valve Corporation)
FirewallRules: [{E54CB9F1-20C0-41D4-8AFC-40C587F5A399}] => (Allow) C:\Users\baile\New folder\Steam.exe (Valve -> Valve Corporation)
FirewallRules: [{DB029122-856A-4900-896E-B5F828836049}] => (Allow) C:\Program Files (x86)\Bonjour\mDNSResponder.exe (Apple Inc. -> Apple Inc.)
FirewallRules: [{6733E1F9-EA29-4E45-9CFA-FD25A297EAB6}] => (Allow) C:\Program Files (x86)\Bonjour\mDNSResponder.exe (Apple Inc. -> Apple Inc.)
FirewallRules: [{0FD7C4B0-A458-45A0-A28F-74DD83578761}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe (Apple Inc. -> Apple Inc.)
FirewallRules: [{205AC0AE-3A23-4EFF-9D8D-1407C7350A9B}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe (Apple Inc. -> Apple Inc.)
FirewallRules: [{BB9E4FCE-C6D4-4D79-A5B5-6596087E3486}] => (Allow) C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc. -> Apple Inc.)
FirewallRules: [{F110E177-1997-42B6-AB07-24234331214B}] => (Allow) C:\Program Files\Microsoft Office 15\root\Office15\outlook.exe (Microsoft Corporation -> Microsoft Corporation)
FirewallRules: [TCP Query User{131D7F90-ACA0-4069-96D0-1F3A00E14292}C:\users\baile\appdata\local\microsoft\skypeforbusinessplugin\16.2.0.511\pluginhost.exe] => (Allow) C:\users\baile\appdata\local\microsoft\skypeforbusinessplugin\16.2.0.511\pluginhost.exe (Microsoft Corporation -> Microsoft Corporation)
FirewallRules: [UDP Query User{FB915863-E8D0-430A-BAF4-DFE4634B338A}C:\users\baile\appdata\local\microsoft\skypeforbusinessplugin\16.2.0.511\pluginhost.exe] => (Allow) C:\users\baile\appdata\local\microsoft\skypeforbusinessplugin\16.2.0.511\pluginhost.exe (Microsoft Corporation -> Microsoft Corporation)
FirewallRules: [{33CE38FA-6092-4F6D-AC37-434A6AEE9C72}] => (Allow) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google LLC -> Google LLC)
FirewallRules: [{460F3311-31E3-4CE0-9814-B3366E99FB88}] => (Allow) C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.174.631.0_x86__zpdnekdrzrea0\Spotify.exe (Spotify AB -> Spotify Ltd)
FirewallRules: [{401546A9-991F-42F7-9CAD-89470B6EACB0}] => (Allow) C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.174.631.0_x86__zpdnekdrzrea0\Spotify.exe (Spotify AB -> Spotify Ltd)
FirewallRules: [{0DBC0934-F40A-4BFC-A432-0FCCC3861A7D}] => (Allow) C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.174.631.0_x86__zpdnekdrzrea0\Spotify.exe (Spotify AB -> Spotify Ltd)
FirewallRules: [{F986C698-5240-47D9-B669-9001FE055540}] => (Allow) C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.174.631.0_x86__zpdnekdrzrea0\Spotify.exe (Spotify AB -> Spotify Ltd)
FirewallRules: [{DEFB7CC9-7B47-4B5C-AFF6-F290EFAD1A98}] => (Allow) C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.174.631.0_x86__zpdnekdrzrea0\Spotify.exe (Spotify AB -> Spotify Ltd)
FirewallRules: [{84CAD95E-4FD0-493C-B4ED-FB8C6DCFE238}] => (Allow) C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.174.631.0_x86__zpdnekdrzrea0\Spotify.exe (Spotify AB -> Spotify Ltd)
FirewallRules: [{BDAB208D-46FC-4CD4-853E-F64AEF642D0C}] => (Allow) C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.174.631.0_x86__zpdnekdrzrea0\Spotify.exe (Spotify AB -> Spotify Ltd)
FirewallRules: [{A4AC18B0-9235-4B63-B700-258CA269AA70}] => (Allow) C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.174.631.0_x86__zpdnekdrzrea0\Spotify.exe (Spotify AB -> Spotify Ltd)

==================== Restore Points =========================

10-12-2021 19:34:05 Windows Modules Installer
12-12-2021 11:05:30 Restore Point Created by FRST
12-12-2021 13:58:45 Restore Point Created by FRST

==================== Faulty Device Manager Devices ============

==================== Event log errors: ========================

Application errors:
==================
Error: (12/12/2021 11:06:28 AM) (Source: VSS) (EventID: 8193) (User: )
Description: Volume Shadow Copy Service error: Unexpected error calling routine CoCreateInstance. hr = 0x8007045b, A system shutdown is in progress.
.

Error: (12/12/2021 11:06:28 AM) (Source: VSS) (EventID: 13) (User: )
Description: Volume Shadow Copy Service information: The COM Server with CLSID {4e14fba2-2e22-11d1-9964-00c04fbbb345} and name CEventSystem cannot be started. [0x8007045b, A system shutdown is in progress.
]

Error: (12/09/2021 01:47:29 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: svchost.exe_FrameServer, version: 10.0.19041.546, time stamp: 0x058e175a
Faulting module name: combase.dll, version: 10.0.19041.1348, time stamp: 0xbaf10630
Exception code: 0xc0000005
Fault offset: 0x00000000000d1898
Faulting process id: 0x774
Faulting application start time: 0x01d7ecd0f213728b
Faulting application path: C:\WINDOWS\System32\svchost.exe
Faulting module path: C:\WINDOWS\System32\combase.dll
Report Id: 741cac91-c031-46d6-ae11-e99ec49c118a
Faulting package full name:
Faulting package-relative application ID:

Error: (12/09/2021 12:48:05 AM) (Source: VSS) (EventID: 8193) (User: )
Description: Volume Shadow Copy Service error: Unexpected error calling routine CoCreateInstance. hr = 0x8007045b, A system shutdown is in progress.
.

Error: (12/09/2021 12:48:05 AM) (Source: VSS) (EventID: 13) (User: )
Description: Volume Shadow Copy Service information: The COM Server with CLSID {4e14fba2-2e22-11d1-9964-00c04fbbb345} and name CEventSystem cannot be started. [0x8007045b, A system shutdown is in progress.
]

Error: (12/09/2021 12:48:05 AM) (Source: VSS) (EventID: 8193) (User: )
Description: Volume Shadow Copy Service error: Unexpected error calling routine CoCreateInstance. hr = 0x8007045b, A system shutdown is in progress.
.

Error: (12/09/2021 12:48:05 AM) (Source: VSS) (EventID: 13) (User: )
Description: Volume Shadow Copy Service information: The COM Server with CLSID {4e14fba2-2e22-11d1-9964-00c04fbbb345} and name CEventSystem cannot be started. [0x8007045b, A system shutdown is in progress.
]

Error: (12/06/2021 12:00:07 PM) (Source: Microsoft-Windows-Perflib) (EventID: 1023) (User: YOGA720-15IKB)
Description: Windows cannot load the extensible counter DLL "C:\WINDOWS\system32\sysmain.dll" (Win32 error code 126).

System errors:
=============
Error: (12/12/2021 01:59:16 PM) (Source: Microsoft-Windows-WLAN-AutoConfig) (EventID: 10003) (User: NT AUTHORITY)
Description: WLAN Extensibility Module has stopped unexpectedly.

Module Path: C:\WINDOWS\system32\IntelIHVRouter06.dll

Error: (12/12/2021 01:59:16 PM) (Source: Microsoft-Windows-WLAN-AutoConfig) (EventID: 10003) (User: NT AUTHORITY)
Description: WLAN Extensibility Module has stopped unexpectedly.

Module Path: C:\WINDOWS\system32\IntelIHVRouter06.dll

Error: (12/12/2021 01:59:14 PM) (Source: Microsoft-Windows-WLAN-AutoConfig) (EventID: 10003) (User: NT AUTHORITY)
Description: WLAN Extensibility Module has stopped unexpectedly.

Module Path: C:\WINDOWS\system32\IntelIHVRouter06.dll

Error: (12/12/2021 01:59:13 PM) (Source: DCOM) (EventID: 10010) (User: YOGA720-15IKB)
Description: The server {AB8902B4-09CA-4BB6-B78D-A8F59079A8D5} did not register with DCOM within the required timeout.

Error: (12/12/2021 01:59:13 PM) (Source: DCOM) (EventID: 10010) (User: YOGA720-15IKB)
Description: The server {AB8902B4-09CA-4BB6-B78D-A8F59079A8D5} did not register with DCOM within the required timeout.

Error: (12/12/2021 01:59:13 PM) (Source: DCOM) (EventID: 10010) (User: YOGA720-15IKB)
Description: The server {AB8902B4-09CA-4BB6-B78D-A8F59079A8D5} did not register with DCOM within the required timeout.

Error: (12/12/2021 01:58:52 PM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: The Windows Search service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 30000 milliseconds: Restart the service.

Error: (12/12/2021 01:58:52 PM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: The Windows Presentation Foundation Font Cache 3.0.0.0 service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 0 milliseconds: Restart the service.

Windows Defender:
================
Date: 2021-12-12 12:00:33
Description:
Microsoft Defender Antivirus scan has been stopped before completion.
Scan Type: Antimalware
Scan Parameters: Quick Scan

Date: 2021-12-10 14:44:11
Description:
Microsoft Defender Antivirus scan has been stopped before completion.
Scan Type: Antimalware
Scan Parameters: Quick Scan

Date: 2021-12-09 20:10:55
Description:
Microsoft Defender Antivirus scan has been stopped before completion.
Scan Type: Antimalware
Scan Parameters: Quick Scan

Date: 2021-12-08 12:12:38
Description:
Microsoft Defender Antivirus scan has been stopped before completion.
Scan Type: Antimalware
Scan Parameters: Quick Scan

Date: 2021-12-07 11:58:00
Description:
Microsoft Defender Antivirus scan has been stopped before completion.
Scan Type: Antimalware
Scan Parameters: Quick Scan
Event[0]:

Date: 2021-12-07 10:07:32
Description:
Microsoft Defender Antivirus has encountered an error trying to update security intelligence.
New security intelligence Version:
Previous security intelligence Version: 1.353.2180.0
Update Source: Microsoft Update Server
Security intelligence Type: AntiVirus
Update Type: Full
Current Engine Version:
Previous Engine Version: 1.1.18700.4
Error code: 0x80240438
Error description: An unexpected problem occurred while checking for updates. For information on installing or troubleshooting updates, see Help and Support.

==================== Memory info ===========================

BIOS: LENOVO 4MCN33WW(V2.05) 07/19/2018
Motherboard: LENOVO LNVNB161216
Processor: Intel(R) Core(TM) i7-7700HQ CPU @ 2.80GHz
Percentage of memory in use: 54%
Total physical RAM: 8050.39 MB
Available physical RAM: 3692.55 MB
Total Virtual: 11122.39 MB
Available Virtual: 5100.84 MB

==================== Drives ================================

Drive c: (Windows) (Fixed) (Total:212.23 GB) (Free:60.95 GB) NTFS
Drive d: (LENOVO) (Fixed) (Total:25 GB) (Free:12.17 GB) NTFS

\\?\Volume{f502dc90-57ed-4a7b-a2e2-fa55f122b281}\ (WINRE_DRV) (Fixed) (Total:0.98 GB) (Free:0.44 GB) NTFS
\\?\Volume{d43090cd-ee40-4e84-a945-39394c9839b4}\ (SYSTEM_DRV) (Fixed) (Total:0.25 GB) (Free:0.22 GB) FAT32

==================== MBR & Partition Table ====================

==========================================================
Disk: 0 (Size: 238.5 GB) (Disk ID: A3FF1E49)

Partition: GPT.

==================== End of Addition.txt =======================
 
41 - 60 of 70 Posts
Status
Not open for further replies.
You have insufficient privileges to reply here.
About this Discussion
69 Replies
2 Participants
Last post:
DR M
Tech Support Guy
posts
9.9M
members
873K
Since
1998
A forum community dedicated to tech experts and enthusiasts. Come join the discussion about articles, computer security, Mac, Microsoft, Linux, hardware, networking, gaming, reviews, accessories, and more!
Full Forum Listing
Explore Our Forums
Hardware Virus & Other Malware Removal Off Topic Lounge Thread Games & Discussion Networking