I’m helping someone who got a pop that their “computer was infected,” called the number on the pop and let the bad actor onto his computer to “help remove the infection. I saw UltraViewer was installed and I have removed that via the Apps section. I am concerned that there still might be something on the computer. Hoping you guys can help check it out as there are no other easy to notice issuesinfections.
OS: Windows 10 Home
AV: Windows Defender
Make: Lenovo
What I have done so far.
1) Uninstalled UltraViewer via Apps
2) Run Windows Defender offline scan. Gets to 91% and pc reboots. Security Settings don’t have acknowledgment of the scan
Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 05-02-2022
Ran by Jim (administrator) on GOOGOOPC (LENOVO 10156) (06-02-2022 15:45:37)
Running from C:UsersJimDesktop
Loaded Profiles: Jim
Platform: Microsoft Windows 10 Home Version 21H1 19043.1466 (X64) Language: English (United States)
Default browser: Edge
Boot Mode: Normal
==================== Processes (Whitelisted) =================
(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
() [File not signed] C:WindowsjmesoftJME_LOAD.exe
() [File not signed] C:WindowsjmesoftService.exe
(Adobe Inc. -> Adobe Inc.) C:Program Files (x86)Common FilesAdobeARM1.0AdobeARM.exe
(Adobe Inc. -> Adobe Inc.) C:Program Files (x86)Common FilesAdobeARM1.0armsvc.exe
(Intel® pGFX -> Intel Corporation) C:WindowsSystem32igfxCUIService.exe
(Intel® pGFX -> Intel Corporation) C:WindowsSystem32igfxEM.exe
(Intel® pGFX -> Intel Corporation) C:WindowsSystem32igfxext.exe
(Intel® pGFX -> Intel Corporation) C:WindowsSystem32igfxHK.exe
(Intel® pGFX -> Intel Corporation) C:WindowsSystem32igfxTray.exe
(Intuit, Inc. -> Intuit Inc.) C:Program Files (x86)Common FilesIntuitUpdate Service v4IntuitUpdateService.exe
(Lenovo -> Lenovo Group Ltd.) C:Program Files (x86)LenovoVantageService3.10.26.0Lenovo.Vantage.AddinHost.Amd64.exe <2>
(Lenovo -> Lenovo Group Ltd.) C:Program Files (x86)LenovoVantageService3.10.26.0Lenovo.Vantage.AddinHost.exe <4>
(Lenovo -> Lenovo Group Ltd.) C:Program Files (x86)LenovoVantageService3.10.26.0Lenovo.Vantage.AddinHost.x86.exe
(Lenovo -> Lenovo Group Ltd.) C:Program Files (x86)LenovoVantageService3.10.26.0LenovoVantageService.exe
(Lenovo -> Lenovo Group Ltd.) C:WindowsLenovoImControllerPluginHostLenovo.Modern.ImController.PluginHost.SettingsApp.exe <2>
(Lenovo -> Lenovo Group Ltd.) C:WindowsLenovoImControllerPluginHost86Lenovo.Modern.ImController.PluginHost.Device.exe
(Lenovo -> Lenovo Group Ltd.) C:WindowsLenovoImControllerServiceLenovo.Modern.ImController.exe
(Lenovo) [File not signed] C:Windowsjmesofthotkey.exe
(Microsoft Corporation -> Microsoft Corporation) C:Program FilesCommon Filesmicrosoft sharedClickToRunOfficeClickToRun.exe
(Microsoft Corporation -> Microsoft Corporation) C:WindowsMicrosoft.NETFramework64v3.0WPFPresentationFontCache.exe
(Microsoft Corporation) C:Program FilesWindowsAppsmicrosoft.windowscommunicationsapps_16005.14326.20544.0_x64__8wekyb3d8bbweHxOutlook.exe
(Microsoft Corporation) C:Program FilesWindowsAppsmicrosoft.windowscommunicationsapps_16005.14326.20544.0_x64__8wekyb3d8bbweHxTsr.exe
(Microsoft Windows -> Microsoft Corporation) C:WindowsImmersiveControlPanelSystemSettings.exe
(Microsoft Windows -> Microsoft Corporation) C:WindowsSystem32dllhost.exe <2>
(Microsoft Windows -> Microsoft Corporation) C:WindowsSystem32LocationNotificationWindows.exe
(Microsoft Windows -> Microsoft Corporation) C:WindowsSystem32Taskmgr.exe
(Microsoft Windows -> Microsoft Corporation) C:WindowsSystem32wlanext.exe
(Microsoft Windows Publisher -> Microsoft Corporation) C:ProgramDataMicrosoftWindows DefenderPlatform4.18.2111.5-0MpCopyAccelerator.exe
(Microsoft Windows Publisher -> Microsoft Corporation) C:ProgramDataMicrosoftWindows DefenderPlatform4.18.2111.5-0MsMpEng.exe
(Microsoft Windows Publisher -> Microsoft Corporation) C:ProgramDataMicrosoftWindows DefenderPlatform4.18.2111.5-0NisSrv.exe
(Realtek Semiconductor Corp -> Realtek Semiconductor) C:Program FilesRealtekAudioHDARAVBg64.exe
(Realtek Semiconductor Corp -> Realtek Semiconductor) C:Program FilesRealtekAudioHDARAVCpl64.exe
(SEIKO EPSON Corporation -> SEIKO EPSON CORPORATION) C:WindowsSystem32spooldriversx643E_IATICEA.EXE
(Skype Software Sarl -> Skype Technologies S.A.) C:Program Files (x86)MicrosoftSkype for DesktopSkype.exe <2>
==================== Registry (Whitelisted) ===================
(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
HKLM…Run: [RTHDVCPL] => C:Program FilesRealtekAudioHDARAVCpl64.exe [16475392 2016-04-15] (Realtek Semiconductor Corp -> Realtek Semiconductor)
HKLM…Run: [RtHDVBg_LENOVO_MICPKEY] => C:Program FilesRealtekAudioHDARAVBg64.exe [1419008 2016-04-15] (Realtek Semiconductor Corp -> Realtek Semiconductor)
HKLM-x32…Run: [jmekey] => C:WINDOWSjmesofthotkey.exe [118784 2013-07-24] (Lenovo) [File not signed]
HKLM-x32…Run: [jmesoft] => C:WindowsjmesoftServiceLoader.exe [28672 2011-08-16] () [File not signed]
HKUS-1-5-21-2439729490-4236933183-955795659-1001…Run: [Skype for Desktop] => C:Program Files (x86)MicrosoftSkype for DesktopSkype.exe [112191904 2021-12-06] (Skype Software Sarl -> Skype Technologies S.A.)
HKUS-1-5-21-2439729490-4236933183-955795659-1001…Run: [MicrosoftEdgeAutoLaunch_D0492BB4DE118B93F253393DBF3D44AC] => “C:Program Files (x86)MicrosoftEdgeApplicationmsedge.exe” –no-startup-window –win-session-start /prefetch:5
HKUS-1-5-21-2439729490-4236933183-955795659-1001…Run: [EPSON Stylus CX8400 Series] => C:WINDOWSsystem32spoolDRIVERSx643E_IATICEA.EXE [209408 2007-02-15] (SEIKO EPSON Corporation -> SEIKO EPSON CORPORATION)
HKLM…PrintMonitorsEPSON Stylus CX8400 Series 64MonitorBA: C:WINDOWSsystem32E_ILMCEA.DLL [108032 2007-12-07] (SEIKO EPSON Corporation -> SEIKO EPSON CORPORATION)
HKLMSoftwareMicrosoftActive SetupInstalled Components: [{8A69D345-D564-463c-AFF1-A69D9E530F96}] -> C:Program Files (x86)GoogleChromeApplication97.0.4692.99Installerchrmstp.exe [2022-01-25] (Google LLC -> Google LLC)
==================== Scheduled Tasks (Whitelisted) ============
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
Task: {0931DAC3-984D-4A6A-9C4D-402027C1D46A} – System32TasksMicrosoftOfficeOffice Feature Updates => C:Program Files (x86)Microsoft OfficerootOffice16sdxhelper.exe [108904 2022-02-02] (Microsoft Corporation -> Microsoft Corporation)
Task: {0D138A3F-22BD-4F4E-8644-C5222550ED7A} – System32TasksLenovoVantageLenovo.Vantage.ServiceMaintainance => %systemroot%system32sc.exe start LenovoVantageService
Task: {0DC7F15B-224C-4508-9C56-674DF2D0A550} – System32TasksMicrosoftWindowsWindows DefenderWindows Defender Cache Maintenance => C:ProgramDataMicrosoftWindows DefenderPlatform4.18.2111.5-0MpCmdRun.exe [901048 2021-12-16] (Microsoft Windows Publisher -> Microsoft Corporation)
Task: {13F2A6D6-BC0C-4EE4-B913-F656C4396478} – System32TasksGoogleUpdateTaskMachineUA => C:Program Files (x86)GoogleUpdateGoogleUpdate.exe [152216 2017-06-30] (Google Inc -> Google Inc.)
Task: {1723348E-42E5-479E-A664-73C4F2367892} – System32TasksLenovoVantageScheduleLenovo.Vantage.SmartPerformance.SScan => C:Program Files (x86)LenovoVantageService3.10.26.0ScheduleEventAction.exe [26408 2021-12-14] (Lenovo -> Lenovo Group Ltd.)
Task: {18C5B38A-BE56-4EEB-A4BF-23A188A927AC} – System32TasksMicrosoftOfficeOffice ClickToRun Service Monitor => C:Program FilesCommon FilesMicrosoft SharedClickToRunOfficeC2RClient.exe [22880112 2022-02-02] (Microsoft Corporation -> Microsoft Corporation)
Task: {1EF7E0E3-8652-4D28-A7AA-82D0F90F3D6E} – MicrosoftWindowsUNPRunCampaignManager -> No File <==== ATTENTION
Task: {207A6205-5DBB-44F0-ACE6-7E03CF5D5348} – System32TasksLenovoImControllerTimeBasedEventsbf649924-fd4d-4520-8239-01863ffe4c91 => C:WINDOWSLenovoImControllerServiceLenovo.Modern.ImController.exe [84264 2022-01-13] (Lenovo -> Lenovo Group Ltd.)
Task: {244EA6C7-96B6-4B9D-B6A0-4C8F5AA8FAD0} – System32TasksLenovoImControllerLenovo iM Controller Scheduled Maintenance => “%windir%system32sc.exe” START ImControllerService
Task: {2C97FD32-217F-491F-B811-B5CC3E1DCF5F} – System32TasksMicrosoftOfficeOffice Automatic Updates 2.0 => C:Program FilesCommon FilesMicrosoft SharedClickToRunOfficeC2RClient.exe [22880112 2022-02-02] (Microsoft Corporation -> Microsoft Corporation)
Task: {43CB79B0-A98E-4A95-8DAC-0C95C6CA6195} – System32TasksLenovoImControllerTimeBasedEvents74796ee4-ad13-410e-b42b-df1039c10892 => C:WINDOWSLenovoImControllerServiceLenovo.Modern.ImController.exe [84264 2022-01-13] (Lenovo -> Lenovo Group Ltd.)
Task: {4BD325E3-7C79-4C3D-9E52-4F78F28B060E} – System32TasksLenovoImControllerTimeBasedEventsea69a85-7a47-47fe-913b-a762f1be7513 => C:WINDOWSLenovoImControllerServiceLenovo.Modern.ImController.exe [84264 2022-01-13] (Lenovo -> Lenovo Group Ltd.)
Task: {50868824-3719-4E8D-B859-31954420F651} – System32TasksLenovoVantageScheduleVantageTelemetryAddinTask => C:Program Files (x86)LenovoVantageService3.6.15.0ScheduleEventAction.exe VantageTelemetryAddinTask (No File)
Task: {57E4CDDF-62A4-4B2E-A3D4-EE2D854EBCF8} – System32TasksMicrosoftWindowsWindows DefenderWindows Defender Verification => C:ProgramDataMicrosoftWindows DefenderPlatform4.18.2111.5-0MpCmdRun.exe [901048 2021-12-16] (Microsoft Windows Publisher -> Microsoft Corporation)
Task: {5B0EEB1A-43D8-45CE-9B58-08E9FA6E4BE1} – System32TasksLaunchSignup => C:Program Files (x86)JustCloudSignup Wizard.exe frompopup (No File)
Task: {61EEDB42-08F0-49BE-93C8-4445BBACDB51} – System32TasksMicrosoftWindowsWindows DefenderWindows Defender Scheduled Scan => C:ProgramDataMicrosoftWindows DefenderPlatform4.18.2111.5-0MpCmdRun.exe [901048 2021-12-16] (Microsoft Windows Publisher -> Microsoft Corporation)
Task: {674E2AB2-B077-4412-A335-02503DBAD710} – System32TasksLenovoImControllerTimeBasedEventsf3fa1091-b34c-45e1-8764-8ab96309a897 => C:WINDOWSLenovoImControllerServiceLenovo.Modern.ImController.exe [84264 2022-01-13] (Lenovo -> Lenovo Group Ltd.)
Task: {6C52DE09-EDA0-4CE5-A82E-C39A3D569F56} – System32TasksAdobe Acrobat Update Task => C:Program Files (x86)Common FilesAdobeARM1.0AdobeARM.exe [1564424 2021-11-17] (Adobe Inc. -> Adobe Inc.)
Task: {71AFAC46-A96B-4D4C-A1BC-C4548D41C665} – System32TasksLenovoImControllerLenovo iM Controller Monitor => C:WINDOWSsystem32ImController.InfInstaller.exe [64248 2022-01-13] (Lenovo -> Lenovo Group Ltd.)
Task: {8470377F-F6A5-41F6-9ACF-7AB71BAA8A07} – System32TasksMicrosoftOfficeOffice Feature Updates Logon => C:Program Files (x86)Microsoft OfficerootOffice16sdxhelper.exe [108904 2022-02-02] (Microsoft Corporation -> Microsoft Corporation)
Task: {92F6CC22-FCBE-4C9A-818E-7D6D659835D8} – System32TasksLenovoImControllerPluginsLenovoSystemUpdatePlugin_WeeklyTask => %windir%System32reg.exe add hklmSOFTWARELenovoSystemUpdatePluginscheduler /v start /t reg_dword /d 1 /f /reg:32
Task: {A586AD6B-DE8D-481A-BD7C-103C26B0F86A} – System32TasksSlimCleaner Plus (Scheduled Scan – Jim) => C:Program FilesSlimCleaner PlusSlimCleanerPlus.exe /doScheduledScan (No File)
Task: {BE31505A-BBCA-4A9C-BCCA-B2921B835278} – System32TasksLenovoVantageScheduleDailyTelemetryTransmission => C:Program Files (x86)LenovoVantageService3.10.26.0ScheduleEventAction.exe [26408 2021-12-14] (Lenovo -> Lenovo Group Ltd.)
Task: {C101426F-D49A-45A4-8295-793BC0686934} – System32TasksGoogleUpdateTaskMachineCore => C:Program Files (x86)GoogleUpdateGoogleUpdate.exe [152216 2017-06-30] (Google Inc -> Google Inc.)
Task: {C494B776-9E97-43CF-A65A-53B4C936B24A} – System32TasksLaunchApp => C:Program Files (x86)JustCloudJustCloud.exe windowlaunch (No File)
Task: {C81A1744-2DC6-43CE-8330-D414871C72C0} – System32TasksLenovoLenovo MigrationAssistant start event task => C:Program FilesLenovoLenovo Migration AssistantLenovo Migration Assistant Srv.exe [291216 2020-11-11] (Lenovo -> )
Task: {F6E4F63E-9650-42F1-8C56-574D8DFBDD3C} – System32TasksLenovoBatteryGaugeBatteryGaugeMaintenance => C:ProgramDataLenovoImControllerPluginsLenovoBatteryGaugePackagex64BGHelper.exe [145480 2021-09-09] (Lenovo -> Lenovo Group Ltd.)
Task: {FA928BEC-907B-44F5-98BE-268B1D4886E8} – System32Tasks{4728F58E-877B-42A3-ADC5-AC8BE482312B} => “c:windowssystem32launchwinapp.exe” hxxp://www.skype.com/go/downloading?source=lightinstaller&ver=6.18.0.105&LastError=404
Task: {FC3EAF3B-FD55-4A3C-818E-A3E790A457AB} – System32TasksMicrosoftOfficeOffice Subscription Maintenance => C:Program Files (x86)Microsoft OfficerootvfsProgramFilesCommonx86Microsoft SharedOffice16OLicenseHeartbeat.exe [1172360 2022-02-02] (Microsoft Corporation -> Microsoft Corporation)
Task: {FEF9911F-B819-474E-90D4-D9E37324F63E} – System32TasksMicrosoftWindowsWindows DefenderWindows Defender Cleanup => C:ProgramDataMicrosoftWindows DefenderPlatform4.18.2111.5-0MpCmdRun.exe [901048 2021-12-16] (Microsoft Windows Publisher -> Microsoft Corporation)
(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)
Task: C:WINDOWSTasksSlimCleaner Plus (Scheduled Scan – Jim).job => C:Program FilesSlimCleaner PlusSlimCleanerPlus.exe
==================== Internet (Whitelisted) ====================
(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
TcpipParameters: [DhcpNameServer] 192.168.1.1
Tcpip..Interfaces{fea5a3b9-2297-4478-ae7f-1808039ce62a}: [DhcpNameServer] 192.168.1.1
Edge:
=======
DownloadDir: C:UsersJimDownloads
Edge Notifications: HKUS-1-5-21-2439729490-4236933183-955795659-1001 -> hxxps://mail.google.com
Edge Extension: (No Name) -> AutoFormFill_5ED10D46BD7E47DEB1F3685D2C0FCE08 => C:WindowsSystemAppsMicrosoft.MicrosoftEdge_8wekyb3d8bbweAssetsHostExtensionsAutoFormFill [not found]
Edge Extension: (No Name) -> BookReader_B171F20233094AC88D05A8EF7B9763E8 => C:WindowsSystemAppsMicrosoft.MicrosoftEdge_8wekyb3d8bbweAssetsBookViewer [not found]
Edge Extension: (No Name) -> EdgeExtension_BrowseTechLLCAdRemover_fstwarvhxwf4c => C:Program FilesWindowsAppsBrowseTechLLC.AdRemover_5.8.3.0_neutral__fstwarvhxwf4c [not found]
Edge Extension: (No Name) -> LearningTools_7706F933-971C-41D1-9899-8A026EB5D824 => C:WindowsSystemAppsMicrosoft.MicrosoftEdge_8wekyb3d8bbweAssetsHostExtensionsLearningTools [not found]
Edge Extension: (No Name) -> PinJSAPI_EC01B57063BE468FAB6DB7EBFC3BF368 => C:WindowsSystemAppsMicrosoft.MicrosoftEdge_8wekyb3d8bbweAssetsHostExtensionsPinJSAPI [not found]
Edge DefaultProfile: Default
Edge Profile: C:UsersJimAppDataLocalMicrosoftEdgeUser DatacId=128000000001363769&path= [2021-03-30] <==== ATTENTION
Edge Profile: C:UsersJimAppDataLocalMicrosoftEdgeUser DataDefault [2022-02-06]
Edge DownloadDir: Default -> C:UsersJimDownloads
Edge Notifications: Default -> hxxps://mail.google.com; hxxps://www.everydaywinner.com
Edge Extension: (Ad Remover) – C:UsersJimAppDataLocalMicrosoftEdgeUser DataDefaultExtensionsojegeldnlnmnjhnlgkghkkalkingcabj [2021-06-11]
FireFox:
========
FF DefaultProfile: 0wawpx7t.default
FF ProfilePath: C:UsersJimAppDataRoamingMozillaFirefoxProfileswawpx7t.default [2021-07-31]
FF Extension: (Avira SafeSearch Plus) – C:UsersJimAppDataRoamin[email protected]avira.com [2017-02-22] [Legacy]
FF Extension: (SavvyConnect) – C:UsersJimAppDataRoa[email protected]surveysavvy.com.xpi [2017-03-02] [Legacy]
FF HKLM-x32…FirefoxExtensions: [[email protected]] – C:Program Files (x86)[email protected]i => not found
FF Plugin: Adobe Acrobat -> C:Program FilesAdobeAcrobat DCAcrobatAirnppdf32.dll [2021-12-24] (Adobe Inc. -> Adobe Systems Inc.)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:Program Files (x86)Microsoft OfficerootOffice16NPSPWRAP.DLL [2021-10-31] (Microsoft Corporation -> Microsoft Corporation)
Chrome:
=======
CHR Profile: C:UsersJimAppDataLocalGoogleChromeUser DataDefault [2019-09-13]
CHR HomePage: Default -> hxxp://www.google.com/
CHR StartupUrls: Default -> “hxxp://www.google.com/”
CHR DefaultSearchURL: Default -> hxxps://search.avira.com/#web/result?source=omnibar&q={searchTerms}
CHR DefaultSearchKeyword: Default -> Avira
CHR DefaultSuggestURL: Default -> hxxps://search.avira.com/suggestions?q={searchTerms}&li=ff&hl=en
CHR Extension: (Slides) – C:UsersJimAppDataLocalGoogleChromeUser DataDefaultExtensionsaapocclcgogkmnckokdopfmhonfmgoek [2019-09-13]
CHR Extension: (Docs) – C:UsersJimAppDataLocalGoogleChromeUser DataDefaultExtensionsaohghmighlieiainnegkcijnfilokake [2019-09-13]
CHR Extension: (Google Drive) – C:UsersJimAppDataLocalGoogleChromeUser DataDefaultExtensionsapdfllckaahabafndbhieahigkjlhalf [2017-07-15]
CHR Extension: (YouTube) – C:UsersJimAppDataLocalGoogleChromeUser DataDefaultExtensionsblpcfgokakmgnkcojhhkbfbldkacnbeo [2017-07-15]
CHR Extension: (Sheets) – C:UsersJimAppDataLocalGoogleChromeUser DataDefaultExtensionsfelcaaldnbdncclmgdcncolpebgiejap [2019-09-13]
CHR Extension: (Avira Browser Safety) – C:UsersJimAppDataLocalGoogleChromeUser DataDefaultExtensionsflliilndjeohchalpbbcdekjklbdgfkk [2019-09-13]
CHR Extension: (Google Docs Offline) – C:UsersJimAppDataLocalGoogleChromeUser DataDefaultExtensionsghbmnnjooekpmoecnnnilnnbdlolhkhi [2019-09-13]
CHR Extension: (Avira SafeSearch Plus) – C:UsersJimAppDataLocalGoogleChromeUser DataDefaultExtensionsipmkfpcnmccejididiaagpgchgjfajgp [2019-09-13]
CHR Extension: (Chrome Web Store Payments) – C:UsersJimAppDataLocalGoogleChromeUser DataDefaultExtensionsnmmhkkegccagdldgiimedpiccmgmieda [2019-09-13]
CHR Extension: (Gmail) – C:UsersJimAppDataLocalGoogleChromeUser DataDefaultExtensionspjkljhegncpnkpknbcohdijeoejaedia [2019-09-13]
CHR Extension: (Chrome Media Router) – C:UsersJimAppDataLocalGoogleChromeUser DataDefaultExtensionspkedcjkdefgpdelpbcmbmeomcjbeemfm [2019-09-13]
CHR HKLM…ChromeExtension: [flliilndjeohchalpbbcdekjklbdgfkk]
CHR HKLM…ChromeExtension: [ipmkfpcnmccejididiaagpgchgjfajgp]
CHR HKLM-x32…ChromeExtension: [flliilndjeohchalpbbcdekjklbdgfkk]
CHR HKLM-x32…ChromeExtension: [ipmkfpcnmccejididiaagpgchgjfajgp]
==================== Services (Whitelisted) ===================
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
R2 AdobeARMservice; C:Program Files (x86)Common FilesAdobeARM1.0armsvc.exe [169728 2021-11-17] (Adobe Inc. -> Adobe Inc.)
R2 ClickToRunSvc; C:Program FilesCommon FilesMicrosoft SharedClickToRunOfficeClickToRun.exe [12124536 2022-02-02] (Microsoft Corporation -> Microsoft Corporation)
R2 ImControllerService; C:WINDOWSLenovoImControllerServiceLenovo.Modern.ImController.exe [84264 2022-01-13] (Lenovo -> Lenovo Group Ltd.)
R2 JME Keyboard; C:WindowsjmesoftService.exe [32768 2011-08-16] () [File not signed]
R2 LenovoVantageService; C:Program Files (x86)LenovoVantageService3.10.26.0LenovoVantageService.exe [31016 2021-12-14] (Lenovo -> Lenovo Group Ltd.)
R3 WdNisSvc; C:ProgramDataMicrosoftWindows DefenderPlatform4.18.2111.5-0NisSrv.exe [2876152 2021-12-16] (Microsoft Windows Publisher -> Microsoft Corporation)
R2 WinDefend; C:ProgramDataMicrosoftWindows DefenderPlatform4.18.2111.5-0MsMpEng.exe [128360 2021-12-16] (Microsoft Windows Publisher -> Microsoft Corporation)
===================== Drivers (Whitelisted) ===================
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
S3 BthA2dp; C:WINDOWSSystem32driversBthA2dp.sys [279040 2019-12-07] (Microsoft Corporation) [File not signed]
S3 BthHFEnum; C:WINDOWSSystem32driversbthhfenum.sys [144896 2019-12-07] (Microsoft Corporation) [File not signed]
R3 GeneStor; C:WINDOWSsystem32DRIVERSGeneStor.sys [188840 2015-08-29] (GENESYS LOGIC, INC. -> GenesysLogic)
S3 mbamchameleon; C:WINDOWSsystem32driversmbamchameleon.sys [140672 2018-01-13] (Malwarebytes Corporation -> Malwarebytes)
S3 MBAMSwissArmy; C:WINDOWSsystem32driversMBAMSwissArmy.sys [192216 2018-11-06] (Malwarebytes Corporation -> Malwarebytes)
S3 phantomtap; C:WINDOWSSystem32driversphantomtap.sys [45056 2017-05-18] (Avira Operations GmbH & Co. KG -> The OpenVPN Project)
S3 SWDUMon; C:WINDOWSsystem32DRIVERSSWDUMon.sys [16152 2016-08-24] (Slimware Utilities, Inc. -> )
S3 tap0901; C:WINDOWSSystem32driverstap0901.sys [35784 2017-02-03] (Avira Operations GmbH & Co. KG -> The OpenVPN Project)
S0 WdBoot; C:WINDOWSSystem32driverswdWdBoot.sys [48536 2021-12-16] (Microsoft Windows Early Launch Anti-malware Publisher -> Microsoft Corporation)
R0 WdFilter; C:WINDOWSSystem32driverswdWdFilter.sys [435432 2021-12-16] (Microsoft Windows -> Microsoft Corporation)
R3 WdNisDrv; C:WINDOWSSystem32driverswdWdNisDrv.sys [86248 2021-12-16] (Microsoft Windows -> Microsoft Corporation)
==================== NetSvcs (Whitelisted) ===================
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
==================== One month (created) (Whitelisted) =========
(If an entry is included in the fixlist, the file/folder will be moved.)
2022-02-06 15:28 – 2022-02-06 15:37 – 000030338 ____C C:UsersJimDesktopAddition.txt
2022-02-06 15:20 – 2022-02-06 15:48 – 000021475 ____C C:UsersJimDesktopFRST.txt
2022-02-06 15:19 – 2022-02-06 15:47 – 000000000 ___DC C:FRST
2022-02-06 15:17 – 2022-02-06 15:02 – 002311680 ____C (Farbar) C:UsersJimDesktopFRST64.exe
2022-02-04 12:10 – 2022-02-06 14:59 – 000000000 _____ C:WINDOWSUV_LastPW.ini
2022-02-04 11:35 – 2022-02-04 11:45 – 000000000 ____D C:UsersJimAppDataRoamingUltraViewer
2022-02-04 11:33 – 2022-02-06 14:59 – 000000000 ____D C:Program Files (x86)UltraViewer
2022-02-04 11:32 – 2022-02-04 11:32 – 003465760 _____ (DucFabulous ) C:UsersJimDownloadsUltraViewer_setup_6.5_en.exe
2022-01-30 22:09 – 2022-01-30 22:09 – 000016995 _____ C:UsersJimDownloadsStatements_01302022_210918.PDF
2022-01-30 21:36 – 2022-01-30 21:36 – 000117717 _____ C:UsersJimDownloadsdxweb (1).pdf
2022-01-30 17:58 – 2022-01-30 17:58 – 000117717 _____ C:UsersJimDownloadsdxweb.pdf
2022-01-21 10:36 – 2022-01-21 10:36 – 000016932 _____ C:UsersJimDownloadsStatements_01212022_093642.PDF
2022-01-20 13:44 – 2022-01-20 13:44 – 000018817 _____ C:UsersJimDownloadsStatements_01202022_124417.PDF
2022-01-20 13:42 – 2022-01-20 13:42 – 000016932 _____ C:UsersJimDownloadsStatements_01202022_124253.PDF
2022-01-18 22:48 – 2022-01-18 22:48 – 000000000 ____D C:WINDOWSMinidump
2022-01-18 22:48 – 2022-01-18 22:48 – 000000000 _____ C:WINDOWSMinidump11822-27687-01.dmp
2022-01-15 15:12 – 2022-01-15 15:12 – 000018817 _____ C:UsersJimDownloadsStatements_01152022_141203.PDF
2022-01-15 14:58 – 2022-01-15 14:59 – 012463904 _____ C:UsersJimDownloadsepson12226 (1).exe
2022-01-15 14:58 – 2022-01-15 14:58 – 035440928 _____ C:UsersJimDownloadseasyphotoprint_win (1).exe
2022-01-15 14:58 – 2022-01-15 14:58 – 018902128 _____ C:UsersJimDownloadsEEM_31153 (1).exe
2022-01-15 14:58 – 2022-01-15 14:58 – 012463904 _____ C:UsersJimDownloadsepson12226.exe
2022-01-15 14:57 – 2022-01-15 14:57 – 007813048 _____ C:UsersJimDownloadsepson15143.exe
2022-01-15 14:57 – 2022-01-15 14:57 – 007813048 _____ C:UsersJimDownloadsepson15143 (1).exe
2022-01-15 14:56 – 2022-01-15 14:56 – 022214584 _____ C:UsersJimDownloadsepson15145 (5).exe
2022-01-15 14:55 – 2022-01-15 14:55 – 022214584 _____ C:UsersJimDownloadsepson15145 (4).exe
2022-01-15 14:42 – 2022-01-15 14:43 – 000109356 _____ C:WINDOWSEPSTPLOG.TXT
2022-01-15 14:42 – 2022-01-15 14:42 – 000008284 _____ C:WINDOWSSysWOW64eps_icon.avi
2022-01-15 14:42 – 2022-01-15 14:42 – 000000031 _____ C:WINDOWSEPSMTL32.TXT
2022-01-15 14:42 – 2005-02-25 00:00 – 000046080 _____ (SEIKO EPSON CORP.) C:WINDOWSSysWOW64escimgd.dll
2022-01-15 14:42 – 2005-02-25 00:00 – 000029696 _____ (SEIKO EPSON CORP.) C:WINDOWSSysWOW64escwiad.dll
2022-01-15 14:42 – 2005-02-25 00:00 – 000022016 _____ (SEIKO EPSON CORP.) C:WINDOWSSysWOW64esccmd.dll
2022-01-15 14:23 – 2022-01-15 14:23 – 000000000 ____D C:UsersJimAppDataRoamingEPSON
2022-01-15 14:21 – 2022-01-15 14:21 – 000002251 ____C C:UsersPublicDesktopEpson Easy Photo Print.lnk
2022-01-15 14:21 – 2022-01-15 14:21 – 000000000 ____D C:ProgramDataUDL
2022-01-15 14:21 – 2022-01-15 14:21 – 000000000 ____D C:ProgramDataMicrosoftWindowsStart MenuProgramsEpson Software
2022-01-15 14:20 – 2022-01-15 14:20 – 000000000 ____D C:ProgramDataSony Corporation
2022-01-15 14:20 – 2022-01-15 14:20 – 000000000 ____D C:Program Files (x86)Epson Software
2022-01-15 13:43 – 2022-01-15 13:43 – 035440928 _____ C:UsersJimDownloadseasyphotoprint_win.exe
2022-01-15 13:43 – 2022-01-15 13:43 – 018902128 _____ C:UsersJimDownloadsEEM_31153.exe
2022-01-15 13:42 – 2022-01-15 13:43 – 012001056 _____ C:UsersJimDownloadsepson12347.exe
2022-01-15 13:41 – 2022-01-15 13:41 – 023828408 _____ C:UsersJimDownloadsepson15096 (6).exe
2022-01-15 13:41 – 2022-01-15 13:41 – 009861048 _____ C:UsersJimDownloadsepson15094.exe
2022-01-15 13:39 – 2022-01-15 13:40 – 023828408 _____ C:UsersJimDownloadsepson15096 (5).exe
2022-01-14 12:11 – 2022-01-26 15:16 – 000002384 _____ C:UsersJimAppDataRoamingMicrosoftWindowsStart MenuProgramsOneDrive.lnk
2022-01-14 09:28 – 2022-01-14 09:28 – 000523776 _____ (curl, hxxps://curl.se/) C:WINDOWSsystem32curl.exe
2022-01-14 09:28 – 2022-01-14 09:28 – 000464384 _____ (curl, hxxps://curl.se/) C:WINDOWSSysWOW64curl.exe
2022-01-14 09:28 – 2022-01-14 09:28 – 000011797 _____ C:WINDOWSsystem32DrtmAuthTxt.wim
2022-01-14 08:41 – 2022-01-14 08:41 – 000000000 __HDC C:$WinREAgent
2022-01-07 12:31 – 2022-01-07 12:32 – 000768410 _____ C:UsersJimDownloadsDocument (6).pdf
==================== One month (modified) ==================
(If an entry is included in the fixlist, the file/folder will be moved.)
2022-02-06 15:45 – 2017-06-30 20:05 – 000000000 ____D C:Program Files (x86)Google
2022-02-06 15:44 – 2019-12-07 04:14 – 000000000 ____D C:ProgramDataregid.1991-06.com.microsoft
2022-02-06 15:36 – 2019-12-07 04:13 – 000000000 ____D C:WINDOWSINF
2022-02-06 14:56 – 2019-09-13 16:58 – 000000000 ____D C:UsersJimAppDataLocalD3DSCache
2022-02-06 14:33 – 2015-08-06 07:35 – 000000000 __SHD C:UsersJimIntelGraphicsProfiles
2022-02-06 14:30 – 2020-09-10 03:46 – 000000006 ___HC C:WINDOWSTasksSA.DAT
2022-02-06 14:30 – 2020-09-10 03:08 – 000000000 ____D C:WINDOWSsystem32SleepStudy
2022-02-06 14:30 – 2020-09-10 03:07 – 000008192 ___SH C:DumpStack.log.tmp
2022-02-06 14:30 – 2019-12-07 04:14 – 000000000 ____D C:WINDOWSServiceState
2022-02-04 07:05 – 2019-12-07 04:14 – 000000000 ___HD C:Program FilesWindowsApps
2022-02-04 07:05 – 2019-12-07 04:14 – 000000000 ____D C:WINDOWSAppReadiness
2022-02-02 22:53 – 2016-06-07 11:32 – 000000000 ___DC C:Program Files (x86)Microsoft Office
2022-02-02 22:35 – 2019-12-07 04:03 – 000524288 _____ C:WINDOWSsystem32configBBI
2022-02-02 22:34 – 2020-09-10 03:11 – 000000000 ____D C:UsersJim
2022-01-30 17:28 – 2014-06-29 13:28 – 000000000 ____D C:UsersJimDocumentsAccess Jim’s Files
2022-01-28 18:13 – 2020-06-14 20:15 – 000002449 _____ C:ProgramDataMicrosoftWindowsStart MenuProgramsMicrosoft Edge.lnk
2022-01-28 18:13 – 2020-06-14 20:15 – 000002287 ____C C:UsersPublicDesktopMicrosoft Edge.lnk
2022-01-26 15:16 – 2021-12-13 10:49 – 000003588 _____ C:WINDOWSsystem32TasksOneDrive Reporting Task-S-1-5-21-2439729490-4236933183-955795659-1001
2022-01-26 15:16 – 2020-09-10 03:46 – 000003360 _____ C:WINDOWSsystem32TasksOneDrive Standalone Update Task-S-1-5-21-2439729490-4236933183-955795659-1001
2022-01-25 23:05 – 2020-09-10 03:46 – 000003480 _____ C:WINDOWSsystem32TasksMicrosoftEdgeUpdateTaskMachineUA
2022-01-25 23:05 – 2020-09-10 03:46 – 000003356 _____ C:WINDOWSsystem32TasksMicrosoftEdgeUpdateTaskMachineCore
2022-01-25 19:01 – 2018-01-08 16:02 – 000000000 __RDC C:UsersJimDocumentsWright, Christina
2022-01-25 18:41 – 2020-11-13 14:52 – 000000000 ___DC C:UsersJimDocumentsLogitech C270 HD Webcam, 720p Video with Noise Reducing Mic_files
2022-01-25 02:05 – 2017-06-30 20:05 – 000002312 _____ C:ProgramDataMicrosoftWindowsStart MenuProgramsGoogle Chrome.lnk
2022-01-25 02:05 – 2017-06-30 20:05 – 000002271 ____C C:UsersPublicDesktopGoogle Chrome.lnk
2022-01-21 09:39 – 2020-09-10 03:46 – 000003420 _____ C:WINDOWSsystem32TasksGoogleUpdateTaskMachineUA
2022-01-21 09:39 – 2020-09-10 03:46 – 000003296 _____ C:WINDOWSsystem32TasksGoogleUpdateTaskMachineCore
2022-01-18 22:48 – 2020-01-15 23:51 – 795879414 _____ C:WINDOWSMEMORY.DMP
2022-01-15 14:42 – 2016-09-19 15:53 – 000001014 ____C C:UsersPublicDesktopEPSON Scan.lnk
2022-01-15 14:42 – 2016-06-07 13:12 – 000000000 ___DC C:Program Files (x86)epson
2022-01-15 14:41 – 2016-06-06 17:25 – 000000000 ___DC C:UsersJimAppDataLocalVirtualStore
2022-01-15 14:21 – 2017-04-15 09:19 – 000000000 ____D C:ProgramDataEPSON
2022-01-15 14:20 – 2016-06-07 13:12 – 000000000 __HDC C:Program Files (x86)InstallShield Installation Information
2022-01-14 22:30 – 2020-07-25 14:18 – 000000000 __RDC C:UsersJimDocumentsWright, Gregory
2022-01-14 22:30 – 2017-10-04 16:37 – 000000000 __RDC C:UsersJimDesktopHardware Scans
2022-01-14 22:04 – 2020-09-10 03:29 – 000840598 _____ C:WINDOWSsystem32PerfStringBackup.INI
2022-01-14 22:01 – 2020-09-10 03:08 – 000448408 _____ C:WINDOWSsystem32FNTCACHE.DAT
2022-01-14 21:58 – 2019-12-07 04:14 – 000000000 ___SD C:WINDOWSsystem32DiagSvcs
2022-01-14 21:58 – 2019-12-07 04:14 – 000000000 ____D C:WINDOWSSysWOW64Dism
2022-01-14 21:58 – 2019-12-07 04:14 – 000000000 ____D C:WINDOWSSystemResources
2022-01-14 21:58 – 2019-12-07 04:14 – 000000000 ____D C:WINDOWSsystem32setup
2022-01-14 21:58 – 2019-12-07 04:14 – 000000000 ____D C:WINDOWSsystem32oobe
2022-01-14 21:58 – 2019-12-07 04:14 – 000000000 ____D C:WINDOWSsystem32Dism
2022-01-14 21:58 – 2019-12-07 04:14 – 000000000 ____D C:WINDOWSbcastdvr
2022-01-14 20:58 – 2019-12-07 04:14 – 000000000 ____D C:WINDOWSLiveKernelReports
2022-01-14 20:55 – 2020-09-10 03:46 – 000004562 _____ C:WINDOWSsystem32TasksAdobe Acrobat Update Task
2022-01-14 20:47 – 2021-12-14 04:04 – 000002084 _____ C:ProgramDataMicrosoftWindowsStart MenuProgramsAdobe Acrobat DC.lnk
2022-01-14 20:47 – 2021-12-14 04:04 – 000002072 ____C C:UsersPublicDesktopAdobe Acrobat DC.lnk
2022-01-14 09:39 – 2019-12-07 04:03 – 000000000 ____D C:WINDOWSCbsTemp
2022-01-14 08:37 – 2016-06-07 07:33 – 000000000 ___DC C:WINDOWSsystem32MRT
2022-01-14 08:25 – 2016-06-07 07:33 – 145765912 ____C (Microsoft Corporation) C:WINDOWSsystem32MRT.exe
2022-01-13 01:07 – 2021-11-07 22:36 – 000064248 _____ (Lenovo Group Ltd.) C:WINDOWSsystem32ImController.InfInstaller.exe
2022-01-13 01:06 – 2021-11-07 22:36 – 000109312 _____ (Lenovo Group Ltd.) C:WINDOWSsystem32WudfUpdate_02000.dll
2022-01-13 01:06 – 2020-07-31 19:08 – 000431016 _____ (Lenovo Group Limited) C:WINDOWSsystem32iMDriverHelper.dll
2022-01-13 01:06 – 2017-10-05 15:06 – 000109312 _____ (Lenovo Group Ltd.) C:WINDOWSsystem32ImController.CoInstaller.dll
==================== FLock ==============================
2022-02-06 14:59 C:WINDOWSUV_LastPW.ini
==================== SigCheck ============================
(There is no automatic fix for files that do not pass verification.)
Additional scan result of Farbar Recovery Scan Tool (x64) Version: 05-02-2022
Ran by Jim (06-02-2022 15:52:17)
Running from C:UsersJimDesktop
Microsoft Windows 10 Home Version 21H1 19043.1466 (X64) (2020-09-10 08:47:30)
Boot Mode: Normal
==========================================================
==================== Accounts: =============================
(If an entry is included in the fixlist, it will be removed.)
Administrator (S-1-5-21-2439729490-4236933183-955795659-500 – Administrator – Disabled)
DefaultAccount (S-1-5-21-2439729490-4236933183-955795659-503 – Limited – Disabled)
Guest (S-1-5-21-2439729490-4236933183-955795659-501 – Limited – Disabled)
HomeGroupUser$ (S-1-5-21-2439729490-4236933183-955795659-1003 – Limited – Enabled)
Jim (S-1-5-21-2439729490-4236933183-955795659-1001 – Administrator – Enabled) => C:UsersJim
WDAGUtilityAccount (S-1-5-21-2439729490-4236933183-955795659-504 – Limited – Disabled)
==================== Security Center ========================
(If an entry is included in the fixlist, it will be removed.)
AV: Windows Defender (Enabled – Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: Windows Defender (Enabled – Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
==================== Installed Programs ======================
(Only the adware programs with “Hidden” flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)
Adobe Acrobat DC (64-bit) (HKLM…{AC76BA86-1033-1033-7760-BC15014EA700}) (Version: 21.011.20039 – Adobe)
Adobe Connect (HKUS-1-5-21-2439729490-4236933183-955795659-1001…Adobe Connect App) (Version: 2020.1.5.32 – Adobe Systems Inc.)
ArcSoft PhotoImpression 6 (HKLM-x32…{D03E7B00-CA85-4684-9321-1888873C34BD}) (Version: 6 – ArcSoft)
ArcSoft Print Creations (HKLM-x32…{0D6D96F4-0CAF-4522-B05F-70A88EDECDFD}) (Version: – ArcSoft)
Cisco EAP-FAST Module (HKLM-x32…{64BF0187-F3D2-498B-99EA-163AF9AE6EC9}) (Version: 2.2.14 – Cisco Systems, Inc.)
Cisco LEAP Module (HKLM-x32…{AF312B06-5C5C-468E-89B3-BE6DE2645722}) (Version: 1.0.19 – Cisco Systems, Inc.)
Cisco PEAP Module (HKLM-x32…{0A4EF0E6-A912-4CDE-A7F3-6E56E7C13A2F}) (Version: 1.1.6 – Cisco Systems, Inc.)
EPSON CX8400 User’s Guide (HKLM-x32…Silent Package Run-Time Sample) (Version: – )
Epson Easy Photo Print 2 (HKLM-x32…{674E262F-72EA-41C1-AF16-9727311A4553}) (Version: 2.4.1.0 – SEIKO EPSON CORPORATION)
EPSON Printer Software (HKLM…EPSON Printer and Utilities) (Version: – SEIKO EPSON Corporation)
EPSON Printer Software (HKLM-x32…EPSON Printer and Utilities) (Version: – )
EPSON Scan (HKLM-x32…EPSON Scanner) (Version: – )
EPSON Stylus CX8400 Series Scanner Driver Update (HKLM-x32…{24ADC0E4-8D3E-40C4-9106-F2DE5E9112F1}) (Version: – )
EPSON Web-To-Page (HKLM-x32…{7F14F68C-17FA-4F88-B3FD-7F449C1EBF32}) (Version: – )
Genesys USB Mass Storage Device (HKLM-x32…{959B7F35-2819-40C5-A0CD-3C53B5FCC935}) (Version: 4.5.0.8.1001 – Genesys Logic)
Google Chrome (HKLM-x32…Google Chrome) (Version: 97.0.4692.99 – Google LLC)
Intel® Chipset Device Software (HKLM-x32…{fb610cea-ba50-4d4b-a717-cf025419035c}) (Version: 10.1.1.13 – Intel® Corporation) Hidden
Intel® Processor Graphics (HKLM-x32…{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}) (Version: 10.18.10.4358 – Intel Corporation)
Intel® Trusted Execution Engine (HKLM…{176E2755-0A17-42C6-88E2-192AB2131278}) (Version: 1.0.0.1064 – Intel Corporation)
Just Cloud _ Control Panel (HKUS-1-5-21-2439729490-4236933183-955795659-1001…ccbd4b783635ae0e8a32802d171cab4f) (Version: 1.0 – Just Cloud _ Control Panel)
Lenovo Blacksilk USB Keyboard Driver (HKLM-x32…{B266E062-D6C5-485B-B426-51B152B041A6}) (Version: V1.6.13.0724 – Lenovo)
Lenovo Migration Assistant (HKLM…Lenovo Migration Assistant_is1) (Version: 2.1.4.6 – Lenovo)
Lenovo Vantage Service (HKLM-x32…VantageSRV_is1) (Version: 3.10.26.0 – Lenovo Group Ltd.)
Microsoft 365 – en-us (HKLM…O365HomePremRetail – en-us) (Version: 16.0.14827.20158 – Microsoft Corporation)
Microsoft Edge (HKLM-x32…Microsoft Edge) (Version: 97.0.1072.76 – Microsoft Corporation)
Microsoft Edge WebView2 Runtime (HKLM-x32…Microsoft EdgeWebView) (Version: 97.0.1072.76 – Microsoft Corporation)
Microsoft OneDrive (HKUS-1-5-21-2439729490-4236933183-955795659-1001…OneDriveSetup.exe) (Version: 22.002.0103.0004 – Microsoft Corporation)
Microsoft Support and Recovery Assistant for Office 365 (HKUS-1-5-21-2439729490-4236933183-955795659-1001…4415f693b586d348) (Version: 16.0.1389.12 – Microsoft Corporation)
Microsoft Update Health Tools (HKLM…{29B15818-E79F-4AB0-8938-9410C807AD76}) (Version: 2.84.0.0 – Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32…{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 – Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable – x64 9.0.30729.17 (HKLM…{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 – Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable – x64 9.0.30729.6161 (HKLM…{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 – Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x64) – 12.0.30501 (HKLM-x32…{050d4fc8-5d48-4b8f-8972-47c82c46020f}) (Version: 12.0.30501.0 – Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x64) – 12.0.40649 (HKLM-x32…{5d0723d3-cff7-4e07-8d0b-ada737deb5e6}) (Version: 12.0.40649.5 – Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x86) – 12.0.30501 (HKLM-x32…{f65db027-aff3-4070-886a-0d87064aabb1}) (Version: 12.0.30501.0 – Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x86) – 12.0.40649 (HKLM-x32…{35b83883-40fa-423c-ae73-2aff7e1ea820}) (Version: 12.0.40649.5 – Microsoft Corporation)
Microsoft Visual C++ 2015 Redistributable (x64) – 14.0.23026 (HKLM-x32…{e46eca4f-393b-40df-9f49-076faf788d83}) (Version: 14.0.23026.0 – Microsoft Corporation)
Mozilla Firefox 47.0 (x86 en-US) (HKLM-x32…Mozilla Firefox 47.0 (x86 en-US)) (Version: 47.0 – Mozilla)
Mozilla Maintenance Service (HKLM-x32…MozillaMaintenanceService) (Version: 47.0 – Mozilla)
Office 16 Click-to-Run Extensibility Component (HKLM-x32…{90160000-008C-0000-0000-0000000FF1CE}) (Version: 16.0.14827.20088 – Microsoft Corporation) Hidden
Office 16 Click-to-Run Extensibility Component 64-bit Registration (HKLM…{90160000-00DD-0000-1000-0000000FF1CE}) (Version: 16.0.14827.20088 – Microsoft Corporation) Hidden
Office 16 Click-to-Run Licensing Component (HKLM…{90160000-008F-0000-1000-0000000FF1CE}) (Version: 16.0.14827.20158 – Microsoft Corporation) Hidden
Office 16 Click-to-Run Localization Component (HKLM-x32…{90160000-008C-0409-0000-0000000FF1CE}) (Version: 16.0.14131.20278 – Microsoft Corporation) Hidden
Realtek Ethernet Controller Driver (HKLM-x32…{8833FFB6-5B0C-4764-81AA-06DFEED9A476}) (Version: 10.6.1001.2015 – Realtek)
Realtek High Definition Audio Driver (HKLM-x32…{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.7796 – Realtek Semiconductor Corp.)
REALTEK Wireless LAN Driver (HKLM-x32…{9DAABC60-A5EF-41FF-B2B9-17329590CD5}) (Version: 1.213.243 – REALTEK Semiconductor Corp.)
Skype version 8.79 (HKLM-x32…Skype_is1) (Version: 8.79 – Skype Technologies S.A.)
Skype™ 7.24 (HKLM-x32…{FC965A47-4839-40CA-B618-18F486F042C6}) (Version: 7.24.104 – Skype Technologies S.A.)
TurboTax 2013 (HKLM-x32…TurboTax 2013) (Version: 2013.0 – Intuit, Inc)
TurboTax 2014 (HKLM-x32…TurboTax 2014) (Version: 2014.0 – Intuit, Inc)
TurboTax 2015 (HKLM-x32…TurboTax 2015) (Version: 2015.0 – Intuit, Inc)
TurboTax 2016 (HKLM-x32…TurboTax 2016) (Version: 2016.0 – Intuit, Inc)
TurboTax 2017 (HKLM-x32…TurboTax 2017) (Version: 2017.0 – Intuit, Inc)
TurboTax 2018 (HKLM-x32…TurboTax 2018) (Version: 2018.0 – Intuit, Inc)
Update for Windows 10 for x64-based Systems (KB4023057) (HKLM…{16AD6161-2E47-4BF1-AA77-0946EFE93E08}) (Version: 2.61.0.0 – Microsoft Corporation)
Windows PC Health Check (HKLM…{B1E7D0FD-7CFE-4E0C-A5DA-0F676499DB91}) (Version: 3.2.2110.14001 – Microsoft Corporation)
Zoom (HKUS-1-5-21-2439729490-4236933183-955795659-1001…ZoomUMX) (Version: 5.7.7 (1105) – Zoom Video Communications, Inc.)
Packages:
=========
Converter Bot -> C:Program FilesWindowsApps16200DatassemblyResearch.ConverterBot_1.1.22.0_x64__pzzx47jxjmsae [2018-04-06] (Datassembly Research)
Lenovo Vantage -> C:Program FilesWindowsAppsE046963F.LenovoCompanion_10.2112.10.0_x64__k1h2ywk1493x8 [2021-12-21] (LENOVO INC.)
Microsoft Advertising SDK for XAML -> C:Program FilesWindowsAppsMicrosoft.Advertising.Xaml_10.1811.1.0_x64__8wekyb3d8bbwe [2019-01-18] (Microsoft Corporation) [MS Ad]
Microsoft Advertising SDK for XAML -> C:Program FilesWindowsAppsMicrosoft.Advertising.Xaml_10.1811.1.0_x86__8wekyb3d8bbwe [2019-01-18] (Microsoft Corporation) [MS Ad]
Microsoft Solitaire Collection -> C:Program FilesWindowsAppsMicrosoft.MicrosoftSolitaireCollection_4.12.1050.0_x64__8wekyb3d8bbwe [2022-01-11] (Microsoft Studios) [MS Ad]
Photos Media Engine Add-on -> C:Program FilesWindowsAppsMicrosoft.Photos.MediaEngineDLC_1.0.0.0_x64__8wekyb3d8bbwe [2020-10-18] (Microsoft Corporation)
==================== Custom CLSID (Whitelisted): ==============
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
CustomCLSID: HKUS-1-5-21-2439729490-4236933183-955795659-1001_ClassesCLSID{820D63D5-8CFF-46DE-86AF-4997DEDD6DB5}localserver32 -> C:WINDOWSsystem32igfxEM.exe (Intel® pGFX -> Intel Corporation)
ContextMenuHandlers3: [MBAMShlExt] -> {57CE581A-0CB6-4266-9CA0-19364C90A0B3} => C:Program Files (x86)Malwarebytes Anti-Malwarembamext.dll [2016-03-10] (Malwarebytes Corporation -> Malwarebytes)
ContextMenuHandlers5: [igfxcui] -> {3AB1675A-CCFF-11D2-8B20-00A0C93CB1F4} => -> No File
ContextMenuHandlers5: [igfxDTCM] -> {9B5F5829-A529-4B12-814A-E81BCB8D93FC} => C:WINDOWSsystem32igfxDTCM.dll [2016-05-03] (Microsoft Windows Hardware Compatibility Publisher -> Intel Corporation)
ContextMenuHandlers6: [MBAMShlExt] -> {57CE581A-0CB6-4266-9CA0-19364C90A0B3} => C:Program Files (x86)Malwarebytes Anti-Malwarembamext.dll [2016-03-10] (Malwarebytes Corporation -> Malwarebytes)
==================== Codecs (Whitelisted) ====================
(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
HKLM…Drivers32: [vidc.i420] => C:WINDOWSsystem32lvcod64.dll [475936 2007-05-11] (Logitech Inc -> Logitech Inc.)
HKLM…Drivers32: [vidc.i420] => C:WindowsSysWOW64lvcodec2.dll [416544 2007-05-11] (Logitech Inc -> Logitech Inc.)
==================== Shortcuts & WMI ========================
(The entries could be listed to be restored or removed.)
Shortcut: C:UsersJimDocumentsOld FilesPCHP_PAVILION ©FROM OLD COMPUTERDocuments and SettingsComputerNetHoodMy Web Sites on MSNtarget.lnk -> hxxp://www.msnusers.co
Shortcut: C:UsersJimDocumentsOld FilesPCHP_PAVILION ©Documents and SettingsHP_AdministratorNetHoodMy Web Sites on MSNtarget.lnk -> hxxp://www.msnusers.co
ShortcutWithArgument: C:UsersJimAppDataRoamingMicrosoftWindowsStart MenuProgramsJust Cloud _ Control Panel.lnk -> C:Program Files (x86)MicrosoftEdgeApplicationmsedge_proxy.exe (Microsoft Corporation) -> –profile-directory=Default –app-id=naelehcmpjfgoonpgdpcoaijcjkncing –app-url=hxxps://my.justcloud.com/
==================== Loaded Modules (Whitelisted) =============
2017-01-20 13:47 – 2011-05-17 13:27 – 000028672 _____ () [File not signed] C:Windowsjmesofthidhook.dll
2021-10-14 04:51 – 2021-10-14 04:51 – 000453632 _____ (Intuit Inc.) [File not signed] C:WINDOWSassemblyNativeImages_v4.0.30319_32Intuit.Spc.09f690bd#a08fe9769ddaa5439a5f996c3e8403c8Intuit.Spc.Esd.Client.BusinessLogic.ni.dll
2021-06-21 10:25 – 2013-04-01 22:19 – 000574464 _____ (Realtek Semiconductor Corp.) [File not signed] C:WINDOWSsystem32Rtlihvs.dll
==================== Alternate Data Streams (Whitelisted) ========
==================== Safe Mode (Whitelisted) ==================
==================== Association (Whitelisted) =================
==================== Internet Explorer (Whitelisted) ==========
BHO: Skype for Business Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:Program Files (x86)Microsoft OfficerootVFSProgramFilesX64Microsoft OfficeOffice16OCHelper.dll [2022-02-02] (Microsoft Corporation -> Microsoft Corporation)
BHO: Easy Photo Print -> {9421DD08-935F-4701-A9CA-22DF90AC4EA6} -> C:Program Files (x86)Epson SoftwareEasy Photo PrintEPTBL.dll [2012-01-25] (SEIKO EPSON Corporation -> SEIKO EPSON CORPORATION)
BHO-x32: EpsonToolBandKicker Class -> {E99421FB-68DD-40F0-B4AC-B7027CAE2F1A} -> C:Program Files (x86)EPSONEPSON Web-To-PageEPSON Web-To-Page.dll [2005-02-22] (SEIKO EPSON CORPORATION) [File not signed]
Toolbar: HKLM – Easy Photo Print – {9421DD08-935F-4701-A9CA-22DF90AC4EA6} – C:Program Files (x86)Epson SoftwareEasy Photo PrintEPTBL.dll [2012-01-25] (SEIKO EPSON Corporation -> SEIKO EPSON CORPORATION)
Toolbar: HKLM-x32 – EPSON Web-To-Page – {EE5D279F-081B-4404-994D-C6B60AAEBA6D} – C:Program Files (x86)EPSONEPSON Web-To-PageEPSON Web-To-Page.dll [2005-02-22] (SEIKO EPSON CORPORATION) [File not signed]
Toolbar: HKUS-1-5-21-2439729490-4236933183-955795659-1001 -> No Name – {EE5D279F-081B-4404-994D-C6B60AAEBA6D} – No File
Handler-x32: mso-minsb-roaming.16 – {83C25742-A9F7-49FB-9138-434302C88D07} – C:Program Files (x86)Microsoft OfficerootOffice16MSOSB.DLL [2022-02-02] (Microsoft Corporation -> Microsoft Corporation)
Handler-x32: mso-minsb.16 – {42089D2D-912D-4018-9087-2B87803E93FB} – C:Program Files (x86)Microsoft OfficerootOffice16MSOSB.DLL [2022-02-02] (Microsoft Corporation -> Microsoft Corporation)
Handler-x32: osf-roaming.16 – {42089D2D-912D-4018-9087-2B87803E93FB} – C:Program Files (x86)Microsoft OfficerootOffice16MSOSB.DLL [2022-02-02] (Microsoft Corporation -> Microsoft Corporation)
Handler-x32: osf.16 – {5504BE45-A83B-4808-900A-3A5C36E7F77A} – C:Program Files (x86)Microsoft OfficerootOffice16MSOSB.DLL [2022-02-02] (Microsoft Corporation -> Microsoft Corporation)
==================== Hosts content: =========================
(If needed Hosts: directive could be included in the fixlist to reset Hosts.)
2016-06-06 20:47 – 2016-06-06 20:43 – 000000824 ____C C:WINDOWSsystem32driversetchosts
==================== Other Areas ===========================
(Currently there is no automatic fix for this section.)
HKLMSystemCurrentControlSetControlSession ManagerEnvironment\Path -> C:Program Files (x86)IntelTXE ComponentsTCS;C:Program FilesIntelTXE ComponentsTCS;%SystemRoot%system32;%SystemRoot%;%SystemRoot%System32Wbem;%SYSTEMROOT%System32WindowsPowerShellv1.0;C:Program Files (x86)SkypePhone;%SYSTEMROOT%System32OpenSSH
HKUS-1-5-21-2439729490-4236933183-955795659-1001Control PanelDesktop\Wallpaper -> C:UsersJimAppDataLocalMicrosoftWindowsThemesRoamedThemeFilesDesktopBackgroundantarctic7.jpg
DNS Servers: Media is not connected to internet.
HKLMSOFTWAREMicrosoftWindowsCurrentVersionPoliciesSystem => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1)
HKLMSOFTWAREMicrosoftWindowsCurrentVersionExplorer => (SmartScreenEnabled: RequireAdmin)
Windows Firewall is enabled.
==================== MSCONFIG/TASK MANAGER disabled items ==
==================== FirewallRules (Whitelisted) ================
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
FirewallRules: [{31493F3C-534B-40A8-9E3F-41A9EBE88F0A}] => (Allow) C:UsersJimAppDataRoamingZoombinairhost.exe (Zoom Video Communications, Inc. -> Zoom Video Communications, Inc.)
FirewallRules: [{830F4A8E-9B18-4550-8255-AD308E05FA17}] => (Allow) C:UsersJimAppDataRoamingZoombinZoom.exe (Zoom Video Communications, Inc. -> Zoom Video Communications, Inc.)
FirewallRules: [{471346AA-981A-4ABA-9D7A-E81C3519C945}] => (Allow) C:Program Files (x86)NetRatingsNetSightNetSightNielsenOnline.exe => No File
FirewallRules: [{F18230BD-63C8-46AC-A361-236634D289F3}] => (Allow) C:Program Files (x86)NetRatingsNetSightNetSightNielsenOnline.exe => No File
FirewallRules: [{87E73A51-7EDE-4B75-93B3-24A94D834BB0}] => (Allow) C:Program Files (x86)SkypePhoneSkype.exe (Skype Software Sarl -> Skype Technologies S.A.)
FirewallRules: [{644FD484-FFD8-453B-A145-41155B517F84}] => (Allow) C:Program Files (x86)Mozilla Firefoxfirefox.exe (Mozilla Corporation -> Mozilla Corporation)
FirewallRules: [{4A9827B0-CD71-4030-AFAE-335032FE5A25}] => (Allow) C:Program Files (x86)Mozilla Firefoxfirefox.exe (Mozilla Corporation -> Mozilla Corporation)
FirewallRules: [{40417ADE-EB20-4283-9277-F844D4ED658C}] => (Allow) C:Program Files (x86)Common FilesIntuitUpdate Service v4IntuitUpdater.exe (Intuit, Inc. -> Intuit Inc.)
FirewallRules: [{48FFFF47-EE21-41EB-8C91-5B63F9DBE384}] => (Allow) C:Program Files (x86)Common FilesIntuitUpdate Service v4IntuitUpdateService.exe (Intuit, Inc. -> Intuit Inc.)
FirewallRules: [{925FDC7C-A369-472C-95B0-E5A315E97395}] => (Allow) C:Program Files (x86)Common FilesIntuitUpdate Service v4IntuitUpdateService.exe (Intuit, Inc. -> Intuit Inc.)
FirewallRules: [{9A6BDFA7-D02C-43C1-8B28-A5BF2C88CD97}] => (Allow) C:Program Files (x86)Common FilesIntuitUpdate Service v4IntuitUpdateService.exe (Intuit, Inc. -> Intuit Inc.)
FirewallRules: [{624237EE-BC36-4C6E-A539-229C88CC8D22}] => (Allow) C:Program Files (x86)Common FilesIntuitUpdate Service v4IntuitUpdateService.exe (Intuit, Inc. -> Intuit Inc.)
FirewallRules: [{FD2D5808-6826-4E07-A08C-A5F4DDA6EE8B}] => (Allow) C:Program Files (x86)Common FilesIntuitUpdate Service v4IntuitUpdateService.exe (Intuit, Inc. -> Intuit Inc.)
FirewallRules: [{2F4F9165-448F-4FD8-962A-CE32892693A0}] => (Allow) C:Program Files (x86)MicrosoftSkype for DesktopSkype.exe (Skype Software Sarl -> Skype Technologies S.A.)
FirewallRules: [{CD0B89CF-F403-4D99-8897-E5E77838009A}] => (Allow) C:Program Files (x86)MicrosoftSkype for DesktopSkype.exe (Skype Software Sarl -> Skype Technologies S.A.)
FirewallRules: [{4D039E71-3813-4408-BDB1-A5DFABA7BF2A}] => (Allow) C:Program FilesWindowsAppsMicrosoft.SkypeApp_15.79.95.0_x86__kzf8qxf38zg5cSkypeSkype.exe (Skype Software Sarl -> Skype Technologies S.A.)
FirewallRules: [{E1BF4E6A-BFD9-4BDD-8952-F913C66B2BDB}] => (Allow) C:Program FilesWindowsAppsMicrosoft.SkypeApp_15.79.95.0_x86__kzf8qxf38zg5cSkypeSkype.exe (Skype Software Sarl -> Skype Technologies S.A.)
FirewallRules: [{7C9BF2BD-1DB5-4D56-AE39-4F2BC0566249}] => (Allow) C:Program FilesWindowsAppsMicrosoft.SkypeApp_15.79.95.0_x86__kzf8qxf38zg5cSkypeSkype.exe (Skype Software Sarl -> Skype Technologies S.A.)
FirewallRules: [{8EDC1F4B-9D36-4CAD-8347-BC007DE3E81F}] => (Allow) C:Program FilesWindowsAppsMicrosoft.SkypeApp_15.79.95.0_x86__kzf8qxf38zg5cSkypeSkype.exe (Skype Software Sarl -> Skype Technologies S.A.)
FirewallRules: [{73C48676-20BE-4525-A9BA-4EDC6D5D8367}] => (Allow) C:Program FilesLenovoLenovo Migration AssistantMigrationAssistant.exe (Lenovo -> )
FirewallRules: [{1639A2D8-22AA-4C2A-B60E-030598DDB035}] => (Allow) C:Program FilesLenovoLenovo Migration AssistantMigrationAssistant.exe (Lenovo -> )
FirewallRules: [{5C3626B0-A4E5-4951-8C8D-6E669A7DC8D4}] => (Allow) C:Program FilesLenovoLenovo Migration AssistantLenovo Migration Assistant Srv.exe (Lenovo -> )
FirewallRules: [{AA81D4DA-B035-4366-BF3D-1DBE7F033525}] => (Allow) C:Program FilesLenovoLenovo Migration AssistantLenovo Migration Assistant Srv.exe (Lenovo -> )
FirewallRules: [{1E3E74DB-8935-4AF5-A162-1369D97A8126}] => (Allow) C:Program Files (x86)Microsoft OfficerootOffice16outlook.exe (Microsoft Corporation -> Microsoft Corporation)
FirewallRules: [{F1A38531-65C4-484D-BFC0-DBA2C34C6FC6}] => (Allow) C:Program Files (x86)GoogleChromeApplicationchrome.exe (Google LLC -> Google LLC)
FirewallRules: [{1DF49B40-FCB6-4199-84A8-D19285FC595C}] => (Allow) C:Program Files (x86)MicrosoftEdgeWebViewApplication97.0.1072.76msedgewebview2.exe (Microsoft Corporation -> Microsoft Corporation)
==================== Restore Points =========================
25-01-2022 10:01:59 Scheduled Checkpoint
03-02-2022 09:30:06 Scheduled Checkpoint
==================== Faulty Device Manager Devices ============
==================== Event log errors: ========================
Application errors:
==================
Error: (02/03/2022 03:05:07 PM) (Source: Office 2016 Licensing Service) (EventID: 0) (User: )
Description: Event-ID 0
Error: (02/02/2022 10:35:16 PM) (Source: Microsoft-Windows-Perflib) (EventID: 1000) (User: NT AUTHORITY)
Description: Access to performance data was denied to user “SYSTEM” (value from GetUserName() for the running thread) as attempted from module “C:Program Files (x86)LenovoVantageService3.10.26.0Lenovo.Vantage.AddinHost.Amd64.exe” (value from GetModuleFileName() for the binary that issued the query).
Error: (02/02/2022 10:34:33 PM) (Source: Microsoft-Windows-User Profiles Service) (EventID: 1512) (User: NT AUTHORITY)
Description: Windows cannot unload your registry file. The memory used by the registry has not been freed. This problem is often caused by services running as a user account. Try configuring services to run in either the LocalService or NetworkService account.
DETAIL – Access is denied.
Error: (02/02/2022 10:34:33 PM) (Source: Microsoft-Windows-User Profiles Service) (EventID: 1512) (User: NT AUTHORITY)
Description: Windows cannot unload your registry file. The memory used by the registry has not been freed. This problem is often caused by services running as a user account. Try configuring services to run in either the LocalService or NetworkService account.
DETAIL – Access is denied.
Error: (02/02/2022 02:20:57 PM) (Source: Office 2016 Licensing Service) (EventID: 0) (User: )
Description: Event-ID 0