Unable to remove Free Test Now

[Itsirkdrop]

When I intentionally installed Quickbooks Desktop Pro for my business, I inadvertently installed Sponsored Search by Free Test Now, which has hijacked my home page and new tab. It's malware. I cannot even locate it in my list of programs to uninstall. Neither AVG free nor Windows detect it, yet it's on here. Thoughts on how I can remove it, please??

 

[nasdaq]

Hello, Welcome to MalwareTips.
I'm nasdaq and will be helping you.

If you can please print this topic it will make it easier for you to follow the instructions and complete all of the necessary steps in the order listed.
===

Let's find out more about it.

Download the Farbar Recovery Scan Tool (FRST).
Choose the 32 or 64 bit version for your system.
and save it to a folder on your computer's Desktop.
Ensure that you are in an Administrator Account
Double-click to run it. When the tool opens click Yes to disclaimer.
Check the boxes as seen here:

Press Scan button.
It will make a log (FRST.txt) in the same directory the tool is run. Please copy and paste it to your reply.
The first time the tool is run, it makes also another log (Addition.txt). Please attach it to your reply.

How to attach a file to your reply:
In the Reply section in the bottom of the topic Click the "more reply Options" button.
[img=[URL]http://deeprybka.trojaner-board.de/eset/eng/attachlogs.png[/URL]]

Attach the file(s). A 2 Steps process.
Reply to this topic.
Select the "Choose a File" navigate to the location of the File.
Click the file you wish to Attach. <- Step 1.
Click Attach this file. <- Step 2.
Click the Add reply button.

Please post the logs for my review.

Let me know what problems persists.

Wait for further instructions

p.s.

The Farbar program is updated often.
If it's identified as suspicious by your Anti-Virus program trust it if Downloaded from the link I provided.
You should restore the program from the Quarantine folder.
====

 

[Itsirkdrop]

Hello, Welcome to MalwareTips.
I'm nasdaq and will be helping you.

If you can please print this topic it will make it easier for you to follow the instructions and complete all of the necessary steps in the order listed.
===

Let's find out more about it.

Download the Farbar Recovery Scan Tool (FRST).
Choose the 32 or 64 bit version for your system.
and save it to a folder on your computer's Desktop.
Ensure that you are in an Administrator Account
Double-click to run it. When the tool opens click Yes to disclaimer.
Check the boxes as seen here:

Press Scan button.
It will make a log (FRST.txt) in the same directory the tool is run. Please copy and paste it to your reply.
The first time the tool is run, it makes also another log (Addition.txt). Please attach it to your reply.

How to attach a file to your reply:
In the Reply section in the bottom of the topic Click the "more reply Options" button.
[img=[URL]http://deeprybka.trojaner-board.de/eset/eng/attachlogs.png[/URL]]

Attach the file(s). A 2 Steps process.
Reply to this topic.
Select the "Choose a File" navigate to the location of the File.
Click the file you wish to Attach. <- Step 1.
Click Attach this file. <- Step 2.
Click the Add reply button.

Please post the logs for my review.

Let me know what problems persists.

Wait for further instructions

p.s.

The Farbar program is updated often.
If it's identified as suspicious by your Anti-Virus program trust it if Downloaded from the link I provided.
You should restore the program from the Quarantine folder.
====

Your help is appreciated. I printed the instructions and confirmed my Lenovo Yoga is 64 bit, however the FRST program is taking an interminable amount of time to download. Is that normal?

 

[nasdaq]

Hi,

No it should not.
Close the download and try again.
Let me know if you still have an issue.

 

[Itsirkdrop]

Hello, Welcome to MalwareTips.
I'm nasdaq and will be helping you.

If you can please print this topic it will make it easier for you to follow the instructions and complete all of the necessary steps in the order listed.
===

Let's find out more about it.

Download the Farbar Recovery Scan Tool (FRST).
Choose the 32 or 64 bit version for your system.
and save it to a folder on your computer's Desktop.
Ensure that you are in an Administrator Account
Double-click to run it. When the tool opens click Yes to disclaimer.
Check the boxes as seen here:

Press Scan button.
It will make a log (FRST.txt) in the same directory the tool is run. Please copy and paste it to your reply.
The first time the tool is run, it makes also another log (Addition.txt). Please attach it to your reply.

How to attach a file to your reply:
In the Reply section in the bottom of the topic Click the "more reply Options" button.
[img=[URL]http://deeprybka.trojaner-board.de/eset/eng/attachlogs.png[/URL]]

Attach the file(s). A 2 Steps process.
Reply to this topic.
Select the "Choose a File" navigate to the location of the File.
Click the file you wish to Attach. <- Step 1.
Click Attach this file. <- Step 2.
Click the Add reply button.

Please post the logs for my review.

Let me know what problems persists.

Wait for further instructions

p.s.

The Farbar program is updated often.
If it's identified as suspicious by your Anti-Virus program trust it if Downloaded from the link I provided.
You should restore the program from the Quarantine folder.
====

Hello, Welcome to MalwareTips.
I'm nasdaq and will be helping you.

If you can please print this topic it will make it easier for you to follow the instructions and complete all of the necessary steps in the order listed.
===

Let's find out more about it.

Download the Farbar Recovery Scan Tool (FRST).
Choose the 32 or 64 bit version for your system.
and save it to a folder on your computer's Desktop.
Ensure that you are in an Administrator Account
Double-click to run it. When the tool opens click Yes to disclaimer.
Check the boxes as seen here:

Press Scan button.
It will make a log (FRST.txt) in the same directory the tool is run. Please copy and paste it to your reply.
The first time the tool is run, it makes also another log (Addition.txt). Please attach it to your reply.

How to attach a file to your reply:
In the Reply section in the bottom of the topic Click the "more reply Options" button.
[img=[URL]http://deeprybka.trojaner-board.de/eset/eng/attachlogs.png[/URL]]

Attach the file(s). A 2 Steps process.
Reply to this topic.
Select the "Choose a File" navigate to the location of the File.
Click the file you wish to Attach. <- Step 1.
Click Attach this file. <- Step 2.
Click the Add reply button.

Please post the logs for my review.

Let me know what problems persists.

Wait for further instructions

p.s.

The Farbar program is updated often.
If it's identified as suspicious by your Anti-Virus program trust it if Downloaded from the link I provided.
You should restore the program from the Quarantine folder.
====

Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 12-10-2021
Ran by 18508 (administrator) on DESKTOP-3ASQI55 (LENOVO 81TD) (13-10-2021 11:05:12)
Running from C:\Users\18508\Downloads
Loaded Profiles: 18508
Platform: Microsoft Windows 10 Home Version 21H1 19043.1237 (X64) Language: English (United States)
Default browser: FF
Boot Mode: Normal

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(Dolby Laboratories, Inc. -> ) C:\Windows\System32\dolbyaposvc\DAX3API.exe <2>
(Google LLC -> Google LLC) C:\Program Files (x86)\Google\Update\1.3.36.112\GoogleCrashHandler.exe
(Google LLC -> Google LLC) C:\Program Files (x86)\Google\Update\1.3.36.112\GoogleCrashHandler64.exe
(HP Inc. -> HP Inc.) C:\Program Files\HPPrintScanDoctor\HPPrintScanDoctorService.exe
(Intel Corporation -> Intel Corporation) C:\Windows\System32\DriverStore\FileRepository\dptf_cpu.inf_amd64_82b77f8c4618e2d0\esif_uf.exe
(Intel Corporation -> Intel Corporation) C:\Windows\System32\DriverStore\FileRepository\sgx_psw.inf_amd64_69d915519e0a2ac8\aesm_service.exe
(Intel(R) Embedded Subsystems and IP Blocks Group -> Intel Corporation) C:\Windows\System32\DriverStore\FileRepository\dal.inf_amd64_0b214be229a13e84\jhi_service.exe
(Intel(R) pGFX 2020 -> Intel Corporation) C:\Windows\System32\DriverStore\FileRepository\cui_dch.inf_amd64_0d8dab4470c5524b\igfxCUIService.exe
(Intel(R) pGFX 2020 -> Intel Corporation) C:\Windows\System32\DriverStore\FileRepository\cui_dch.inf_amd64_0d8dab4470c5524b\igfxEM.exe
(Intel(R) pGFX 2020 -> Intel Corporation) C:\Windows\System32\DriverStore\FileRepository\igcc_dch.inf_amd64_a9a2dde7124f013f\OneApp.IGCC.WinService.exe
(Intel(R) pGFX 2020 -> Intel Corporation) C:\Windows\System32\DriverStore\FileRepository\iigd_dch.inf_amd64_93d11e2397cac3a9\IntelCpHDCPSvc.exe
(Intel(R) pGFX 2020 -> Intel Corporation) C:\Windows\System32\DriverStore\FileRepository\iigd_dch.inf_amd64_93d11e2397cac3a9\IntelCpHeciSvc.exe
(Intel(R) Rapid Storage Technology -> Intel Corporation) C:\Windows\System32\DriverStore\FileRepository\iastorac.inf_amd64_0c50c5dc47ed0efe\RstMwService.exe
(Intel(R) Rapid Storage Technology -> Intel Corporation) C:\Windows\System32\iaStorAfsService.exe
(Intel(R) Trust Services -> Intel(R) Corporation) C:\Windows\System32\DriverStore\FileRepository\iclsclient.inf_amd64_75ffca5eec865b4b\lib\SocketHeciServer.exe
(Intuit Inc.) [File not signed] C:\Program Files (x86)\Common Files\Intuit\DataProtect\QBIDPService.exe
(Intuit, Inc. -> ) C:\Program Files (x86)\Common Files\Intuit\DataProtect\IBuEngHost.exe
(Intuit, Inc. -> ) C:\Program Files (x86)\Common Files\Intuit\QuickBooks\QBWebConnector3.0\Intuit.QBDT.Webconnector.Application.exe
(Intuit, Inc. -> ) C:\Program Files (x86)\Common Files\Intuit\QuickBooks\QBWebConnector3.0\Intuit.QBDT.Webconnector.QBWCMonitor.exe
(Intuit, Inc. -> Intuit Inc.) C:\Program Files (x86)\Common Files\Intuit\DataProtect\IntuitDataProtect.exe
(Intuit, Inc. -> Intuit Inc.) C:\Program Files (x86)\Common Files\Intuit\QuickBooks\QBCFMonitorService.exe
(Intuit, Inc. -> Intuit Inc.) C:\Program Files (x86)\Common Files\Intuit\QuickBooks\QBUpdate\qbupdate.exe
(Lenovo -> Lenovo Group Ltd.) C:\Program Files (x86)\Lenovo\VantageService\3.8.23.0\Lenovo.Vantage.AddinHost.Amd64.exe
(Lenovo -> Lenovo Group Ltd.) C:\Program Files (x86)\Lenovo\VantageService\3.8.23.0\Lenovo.Vantage.AddinHost.exe <3>
(Lenovo -> Lenovo Group Ltd.) C:\Program Files (x86)\Lenovo\VantageService\3.8.23.0\LenovoVantageService.exe
(Lenovo -> Lenovo Group Ltd.) C:\Windows\Lenovo\ImController\PluginHost\Lenovo.Modern.ImController.PluginHost.SettingsApp.exe <2>
(Lenovo -> Lenovo Group Ltd.) C:\Windows\Lenovo\ImController\PluginHost86\Lenovo.Modern.ImController.PluginHost.CompanionApp.exe
(Lenovo -> Lenovo Group Ltd.) C:\Windows\Lenovo\ImController\PluginHost86\Lenovo.Modern.ImController.PluginHost.Device.exe <3>
(Lenovo -> Lenovo Group Ltd.) C:\Windows\Lenovo\ImController\Service\Lenovo.Modern.ImController.exe
(Lenovo -> Lenovo Group Ltd.) C:\Windows\System32\drivers\Lenovo\udc\Service\UDClientService.exe
(Lenovo -> Lenovo Group Ltd.) C:\Windows\System32\drivers\Lenovo\udc\Service\UDCUserAgent.exe
(Lenovo -> Lenovo Group Ltd.) C:\Windows\System32\YMC.exe
(Lenovo -> Lenovo(beijing) Limited) C:\Windows\System32\LNBITSSvc.exe
(LENOVO INC) C:\Program Files\WindowsApps\E0469640.LenovoUtility_4.1.22.0_x64__5grkq8ppsgwt4\LaunchUtility\utility.exe
(Microsoft Corporation -> Microsoft Corporation) C:\Program Files\Common Files\microsoft shared\ClickToRun\OfficeClickToRun.exe
(Microsoft Corporation) C:\Program Files\WindowsApps\Microsoft.WindowsStore_12107.1001.15.0_x64__8wekyb3d8bbwe\WinStore.App.exe
(Microsoft Windows -> Microsoft Corporation) C:\Windows\ImmersiveControlPanel\SystemSettings.exe
(Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\MusNotifyIcon.exe
(Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\smartscreen.exe
(Microsoft Windows Hardware Compatibility Publisher -> Fortemedia) C:\Windows\System32\FMService64.exe
(Microsoft Windows Publisher -> Microsoft Corporation) C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.2109.6-0\MpCopyAccelerator.exe
(Microsoft Windows Publisher -> Microsoft Corporation) C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.2109.6-0\MsMpEng.exe
(Microsoft Windows Publisher -> Microsoft Corporation) C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.2109.6-0\NisSrv.exe
(Mozilla Corporation -> Mozilla Corporation) C:\Program Files\Mozilla Firefox\firefox.exe <9>
(Realtek Semiconductor Corp. -> Realtek Semiconductor) C:\Windows\System32\RtkAudUService64.exe <2>
(Smart Sound Technology -> Intel) C:\Windows\System32\cAVS\Intel(R) Audio Service\IntelAudioService.exe
(Wacom Technology Corporation -> Wacom Technology, Corp.) C:\Windows\System32\DriverStore\FileRepository\wtabletserviceisd.inf_amd64_4690d097c38be4a9\WTabletServiceISD.exe <2>

==================== Registry (Whitelisted) ===================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [RtkAudUService] => C:\WINDOWS\System32\RtkAudUService64.exe [1084720 2020-05-07] (Realtek Semiconductor Corp. -> Realtek Semiconductor)
HKLM\...\Run: [Logitech Download Assistant] => C:\Windows\System32\LogiLDA.dll [3952096 2020-03-11] (Logitech -> Logitech, Inc.)
HKLM\...\Print\Monitors\HP E311 Status Monitor: C:\WINDOWS\system32\hpinkstsE311LM.dll [392200 2019-03-15] (HP Inc -> HP Inc.)
HKLM\Software\Microsoft\Active Setup\Installed Components: [{8A69D345-D564-463c-AFF1-A69D9E530F96}] -> C:\Program Files (x86)\Google\Chrome\Application\94.0.4606.81\Installer\chrmstp.exe [2021-10-12] (Google LLC -> Google LLC)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Intuit Data Protect.lnk [2021-09-27]
ShortcutTarget: Intuit Data Protect.lnk -> C:\Program Files (x86)\Common Files\Intuit\DataProtect\IntuitDataProtect.exe (Intuit, Inc. -> Intuit Inc.)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\QuickBooks Update Agent.lnk [2021-09-27]
ShortcutTarget: QuickBooks Update Agent.lnk -> C:\Program Files (x86)\Common Files\Intuit\QuickBooks\QBUpdate\qbupdate.exe (Intuit, Inc. -> Intuit Inc.)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\QuickBooks_Standard_21.lnk [2021-09-27]
ShortcutTarget: QuickBooks_Standard_21.lnk -> C:\Program Files (x86)\Intuit\QuickBooks 2021\QBW32.EXE (Intuit, Inc. -> Intuit Inc.)
HKLM\SOFTWARE\Policies\Mozilla\Firefox: Restriction <==== ATTENTION

==================== Scheduled Tasks (Whitelisted) ============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

Task: {0D319722-E95B-4710-B289-855A87FBCDFB} - System32\Tasks\Lenovo\UDC\Lenovo UDC Monitor => C:\WINDOWS\system32\drivers\lenovo\udc\data\InfBackup\UdcInfInstaller.exe [201584 2021-07-21] (Lenovo -> Lenovo Group Ltd.)
Task: {0E42C280-9769-4EF3-AF6F-FC2D24C7A5B4} - System32\Tasks\Microsoft\Office\Office Automatic Updates 2.0 => C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeC2RClient.exe [21976976 2021-09-25] (Microsoft Corporation -> Microsoft Corporation)
Task: {247B4AE3-EF7F-46B6-91D1-4A7E45EF392F} - System32\Tasks\Microsoft\Windows\Windows Defender\Windows Defender Cache Maintenance => C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.2109.6-0\MpCmdRun.exe [884544 2021-10-11] (Microsoft Windows Publisher -> Microsoft Corporation)
Task: {2660CE13-568D-43F2-8F95-BD09B931D862} - System32\Tasks\LenovoUtility Startup => C:\Windows\explorer.exe lenovo-utility://
Task: {2DFD7D47-BBB8-4E4D-A863-C569DE7DB299} - System32\Tasks\Mozilla\Firefox Default Browser Agent 308046B0AF4A39CB => C:\Program Files\Mozilla Firefox\default-browser-agent.exe [680888 2021-10-05] (Mozilla Corporation -> Mozilla Foundation)
Task: {32DB0B4C-F15D-4D43-9E0B-1B6304B790E7} - System32\Tasks\Microsoft\Office\Office Feature Updates Logon => C:\Program Files\Microsoft Office\root\Office16\sdxhelper.exe [134488 2021-10-06] (Microsoft Corporation -> Microsoft Corporation)
Task: {41FEE154-5624-4055-B47D-5DE6C269DBEA} - System32\Tasks\Lenovo\Vantage\Schedule\VantageTelemetryAddinTask => C:\Program Files (x86)\Lenovo\VantageService\3.6.15.0\ScheduleEventAction.exe
Task: {4894935C-6B60-4934-97FC-14BD5B486F39} - System32\Tasks\Microsoft\Office\Office Subscription Maintenance => C:\Program Files\Microsoft Office\root\vfs\ProgramFilesCommonx64\Microsoft Shared\Office16\OLicenseHeartbeat.exe [1551232 2021-10-06] (Microsoft Corporation -> Microsoft Corporation)
Task: {49E40435-C910-4981-895C-92418FA50DF1} - System32\Tasks\Lenovo\ImController\TimeBasedEvents\515eadaa-c218-455f-81cc-e9e2825b1ff4 => C:\WINDOWS\Lenovo\ImController\Service\Lenovo.Modern.ImController.exe [81896 2021-08-12] (Lenovo -> Lenovo Group Ltd.)
Task: {54F0DF20-CFE2-4540-BBC0-B0D520D16061} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [155432 2019-12-09] (Google Inc -> Google LLC)
Task: {66C4C357-A676-4DB5-B7BC-2343F0A5A2D8} - System32\Tasks\Microsoft\Office\Office Feature Updates => C:\Program Files\Microsoft Office\root\Office16\sdxhelper.exe [134488 2021-10-06] (Microsoft Corporation -> Microsoft Corporation)
Task: {69CAE466-9F93-489A-96B4-6E6C6C84DF9B} - System32\Tasks\Microsoft\Windows\Windows Defender\Windows Defender Cleanup => C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.2109.6-0\MpCmdRun.exe [884544 2021-10-11] (Microsoft Windows Publisher -> Microsoft Corporation)
Task: {72BCE8E6-90F8-4DE4-9A6D-28FD92FDCAAC} - System32\Tasks\QBScheduledReport => C:\Program Files (x86)\Common Files\Intuit\QuickBooks\ScheduledReports\ScheduledReports.Scheduler.exe [382616 2021-05-04] (Intuit, Inc. -> Intuit Inc.)
Task: {7963C823-853A-458F-8C78-729E389CFC0D} - System32\Tasks\Microsoft\Windows\Windows Defender\Windows Defender Verification => C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.2109.6-0\MpCmdRun.exe [884544 2021-10-11] (Microsoft Windows Publisher -> Microsoft Corporation)
Task: {8A8298E2-0D3B-4B78-B62A-18BB30D897A3} - System32\Tasks\Microsoft\Office\Office ClickToRun Service Monitor => C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeC2RClient.exe [21976976 2021-09-25] (Microsoft Corporation -> Microsoft Corporation)
Task: {91719C61-CFE7-457B-9CFE-1B3689ED2946} - System32\Tasks\Lenovo\ImController\TimeBasedEvents\9a95b12f-2c53-41da-afa8-46ce459b2af7 => C:\WINDOWS\Lenovo\ImController\Service\Lenovo.Modern.ImController.exe [81896 2021-08-12] (Lenovo -> Lenovo Group Ltd.)
Task: {97DA304B-A7CD-4512-AB52-85604543D5AE} - System32\Tasks\Lenovo\UDC\Lenovo UDC Idle Monitor => C:\windows\system32\drivers\Lenovo\udc\Service\UDCUserAgent.exe [443248 2021-07-21] (Lenovo -> Lenovo Group Ltd.)
Task: {A16A55DD-14D7-46D4-B981-AA12647A93C2} - System32\Tasks\Lenovo\ImController\Lenovo iM Controller Monitor => C:\WINDOWS\system32\ImController.InfInstaller.exe [62440 2021-08-12] (Lenovo -> Lenovo Group Ltd.)
Task: {B15470FE-F393-4055-B7F4-01CB8626DDE7} - System32\Tasks\Lenovo\ImController\TimeBasedEvents\195aca3f-058f-4c1e-8685-39ac904a3da1 => C:\WINDOWS\Lenovo\ImController\Service\Lenovo.Modern.ImController.exe [81896 2021-08-12] (Lenovo -> Lenovo Group Ltd.)
Task: {C777C4BC-3E19-42D2-94D4-28758C592085} - System32\Tasks\Lenovo\ImController\Lenovo iM Controller Scheduled Maintenance => "%windir%\system32\sc.exe" START ImControllerService
Task: {D8FD9027-922B-43AF-BEDD-A89F95DC3C71} - System32\Tasks\Lenovo\Vantage\Lenovo.Vantage.ServiceMaintainance => %systemroot%\system32\sc.exe start LenovoVantageService
Task: {DA7B42BB-22D1-43AB-9506-DA32578B4338} - System32\Tasks\Lenovo\BatteryGauge\BatteryGaugeMaintenance => C:\ProgramData\Lenovo\ImController\Plugins\LenovoBatteryGaugePackage\x64\BGHelper.exe [144456 2021-07-15] (Lenovo -> Lenovo Group Ltd.)
Task: {DACBE7F5-83E7-435F-B323-7306BB75DAC1} - System32\Tasks\Lenovo\ImController\Plugins\LenovoSystemUpdatePlugin_WeeklyTask => %windir%\System32\reg.exe add hklm\SOFTWARE\Lenovo\SystemUpdatePlugin\scheduler /v start /t reg_dword /d 1 /f /reg:32
Task: {DD880D0E-863B-422F-A53C-7CB075958A9A} - System32\Tasks\Lenovo\Vantage\Schedule\DailyTelemetryTransmission => C:\Program Files (x86)\Lenovo\VantageService\3.8.23.0\ScheduleEventAction.exe [26664 2021-07-21] (Lenovo -> Lenovo Group Ltd.)
Task: {E667C100-72C0-4718-9E8C-CE594249FCC6} - System32\Tasks\Intel\Intel(R) Optane(TM) Memory - Volume Optimization => {D19AAF57-65A7-484B-9E7A-26C0E667DC66} c:\Windows\System32\iaStorAfsService.exe [2871264 2019-08-21] (Intel(R) Rapid Storage Technology -> Intel Corporation)
Task: {EAE65A2D-9E6A-430C-869D-FDB2199091D9} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [155432 2019-12-09] (Google Inc -> Google LLC)
Task: {EE2FB9DB-0317-48C2-BBE7-DB707CCA29D6} - System32\Tasks\Lenovo\ImController\TimeBasedEvents\277a7bec-9fdd-4492-a548-2a6f51fa1ecc => C:\WINDOWS\Lenovo\ImController\Service\Lenovo.Modern.ImController.exe [81896 2021-08-12] (Lenovo -> Lenovo Group Ltd.)
Task: {F6FEE66D-B16D-48E9-AF3D-0F6162A5083D} - System32\Tasks\Microsoft\Windows\Windows Defender\Windows Defender Scheduled Scan => C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.2109.6-0\MpCmdRun.exe [884544 2021-10-11] (Microsoft Windows Publisher -> Microsoft Corporation)
Task: {FE0F74E0-EA21-4A31-B1D4-1562D0E2EF87} - System32\Tasks\Lenovo\ImController\TimeBasedEvents\b0d58098-035e-4547-a5d6-55f4ee57fb97 => C:\WINDOWS\Lenovo\ImController\Service\Lenovo.Modern.ImController.exe [81896 2021-08-12] (Lenovo -> Lenovo Group Ltd.)

(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)


==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

Tcpip\Parameters: [DhcpNameServer] 192.168.12.1
Tcpip\..\Interfaces\{520a7f6b-2cb6-4237-8929-4575a7623d59}: [DhcpNameServer] 192.168.12.1
Tcpip\..\Interfaces\{72e5c458-94d6-41b5-b137-8756e2247dd3}: [DhcpNameServer] 150.206.1.2
Tcpip\..\Interfaces\{85941d80-e56a-4881-bf0e-293cc22bb99f}: [DhcpNameServer] 192.168.0.1

Edge:
=======
Edge Extension: (No Name) -> AutoFormFill_5ED10D46BD7E47DEB1F3685D2C0FCE08 => C:\windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\Assets\HostExtensions\AutoFormFill [not found]
Edge Extension: (No Name) -> BookReader_B171F20233094AC88D05A8EF7B9763E8 => C:\windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\Assets\BookViewer [not found]
Edge Extension: (No Name) -> LearningTools_7706F933-971C-41D1-9899-8A026EB5D824 => C:\windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\Assets\HostExtensions\LearningTools [not found]
Edge Extension: (No Name) -> PinJSAPI_EC01B57063BE468FAB6DB7EBFC3BF368 => C:\windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\Assets\HostExtensions\PinJSAPI [not found]
Edge Profile: C:\Users\18508\AppData\Local\Microsoft\Edge\User Data\Default [2021-10-12]

FireFox:
========
FF DefaultProfile: lga2d43y.default
FF ProfilePath: C:\Users\18508\AppData\Roaming\Mozilla\Firefox\Profiles\lga2d43y.default [2019-11-09]
FF ProfilePath: C:\Users\18508\AppData\Roaming\Mozilla\Firefox\Profiles\ci1a3e8n.default-release [2021-10-13]
FF Homepage: Mozilla\Firefox\Profiles\ci1a3e8n.default-release -> hxxps://www.google.com/
FF Session Restore: Mozilla\Firefox\Profiles\ci1a3e8n.default-release -> is enabled.
FF Notifications: Mozilla\Firefox\Profiles\ci1a3e8n.default-release -> hxxps://malwaretips.com
FF HomepageOverride: Mozilla\Firefox\Profiles\ci1a3e8n.default-release -> Enabled: sp@QuickForms
FF HomepageOverride: Mozilla\Firefox\Profiles\ci1a3e8n.default-release -> Enabled: ep@FreeTestNow
FF NewTabOverride: Mozilla\Firefox\Profiles\ci1a3e8n.default-release -> Enabled: sp@QuickForms
FF NewTabOverride: Mozilla\Firefox\Profiles\ci1a3e8n.default-release -> Enabled: ep@FreeTestNow
FF NewTabOverride: Mozilla\Firefox\Profiles\ci1a3e8n.default-release -> Enabled: {afdb6e5e-c989-4c5d-a2f1-abc06d7d0cfe}
FF NewTabOverride: Mozilla\Firefox\Profiles\ci1a3e8n.default-release -> Disabled: ep@FreeTestNow
FF Extension: (Sponsored Search by FreeTestNow) - C:\Users\18508\AppData\Roaming\Mozilla\Firefox\Profiles\ci1a3e8n.default-release\Extensions\ep@FreeTestNow.xpi [2021-10-06]
FF Extension: (Sponsored Search by QuickForms) - C:\Users\18508\AppData\Roaming\Mozilla\Firefox\Profiles\ci1a3e8n.default-release\Extensions\sp@QuickForms.xpi [2021-09-27] [UpdateUrl:hxxps://hquick-forms.com/firefox/updates]
FF Extension: (Manuals Library Search) - C:\Users\18508\AppData\Roaming\Mozilla\Firefox\Profiles\ci1a3e8n.default-release\Extensions\{afdb6e5e-c989-4c5d-a2f1-abc06d7d0cfe}.xpi [2021-02-24] [UpdateUrl:hxxps://cdn.manualsearch-cdn.org/xpi/manualsearch/yhs/0620/search/updates.json]
FF Plugin: @microsoft.com/SharePoint,version=14.0 -> C:\Program Files\Microsoft Office\root\Office16\NPSPWRAP.DLL [2021-05-29] (Microsoft Corporation -> Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\Program Files\Microsoft Office\root\VFS\ProgramFilesX86\Microsoft Office\Office16\NPSPWRAP.DLL [2021-05-29] (Microsoft Corporation -> Microsoft Corporation)

Chrome:
=======
CHR Profile: C:\Users\18508\AppData\Local\Google\Chrome\User Data\Default [2021-10-08]
CHR Extension: (Slides) - C:\Users\18508\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2019-12-09]
CHR Extension: (Docs) - C:\Users\18508\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2019-12-09]
CHR Extension: (Google Drive) - C:\Users\18508\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2021-03-05]
CHR Extension: (YouTube) - C:\Users\18508\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2019-12-09]
CHR Extension: (Sheets) - C:\Users\18508\AppData\Local\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2019-12-09]
CHR Extension: (Google Docs Offline) - C:\Users\18508\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2021-10-04]
CHR Extension: (Chrome Web Store Payments) - C:\Users\18508\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2021-03-05]
CHR Extension: (Gmail) - C:\Users\18508\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2021-03-05]

==================== Services (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R2 ClickToRunSvc; C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exe [9250696 2021-10-01] (Microsoft Corporation -> Microsoft Corporation)
R2 DolbyDAXAPI; C:\WINDOWS\system32\dolbyaposvc\DAX3API.exe [1646536 2019-06-16] (Dolby Laboratories, Inc. -> )
R2 FMAPOService; C:\WINDOWS\System32\FMService64.exe [360320 2019-09-05] (Microsoft Windows Hardware Compatibility Publisher -> Fortemedia)
R2 HPPrintScanDoctorService; C:\Program Files\HPPrintScanDoctor\HPPrintScanDoctorService.exe [299680 2021-09-27] (HP Inc. -> HP Inc.)
R2 ImControllerService; C:\WINDOWS\Lenovo\ImController\Service\Lenovo.Modern.ImController.exe [81896 2021-08-12] (Lenovo -> Lenovo Group Ltd.)
R2 LenovoVantageService; C:\Program Files (x86)\Lenovo\VantageService\3.8.23.0\LenovoVantageService.exe [31248 2021-07-21] (Lenovo -> Lenovo Group Ltd.)
R2 LITSSVC; C:\WINDOWS\System32\LNBITSSvc.exe [1643688 2019-05-06] (Lenovo -> Lenovo(beijing) Limited)
S3 QBFCService; C:\Program Files (x86)\Common Files\Intuit\QuickBooks\FCS\Intuit.QuickBooks.FCS.exe [65536 2021-05-04] (Intuit Inc.) [File not signed]
R2 QBVSS; C:\Program Files (x86)\Common Files\Intuit\DataProtect\QBIDPService.exe [1537536 2021-05-04] (Intuit Inc.) [File not signed]
R2 QBWCMonitor; C:\Program Files (x86)\Common Files\Intuit\QuickBooks\QBWebConnector3.0\Intuit.QBDT.Webconnector.QBWCMonitor.exe [40784 2021-03-11] (Intuit, Inc. -> )
R2 UDCService; C:\WINDOWS\System32\drivers\Lenovo\udc\Service\UDClientService.exe [116592 2021-07-21] (Lenovo -> Lenovo Group Ltd.)
R3 WdNisSvc; C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.2109.6-0\NisSrv.exe [2855512 2021-10-11] (Microsoft Windows Publisher -> Microsoft Corporation)
R2 WinDefend; C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.2109.6-0\MsMpEng.exe [128392 2021-10-11] (Microsoft Windows Publisher -> Microsoft Corporation)
R2 YMC; C:\WINDOWS\System32\YMC.exe [856960 2019-05-26] (Lenovo -> Lenovo Group Ltd.)

===================== Drivers (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

S0 WdBoot; C:\WINDOWS\System32\drivers\wd\WdBoot.sys [48520 2021-10-11] (Microsoft Windows Early Launch Anti-malware Publisher -> Microsoft Corporation)
R0 WdFilter; C:\WINDOWS\System32\drivers\wd\WdFilter.sys [434424 2021-10-11] (Microsoft Windows -> Microsoft Corporation)
R3 WdNisDrv; C:\WINDOWS\System32\drivers\wd\WdNisDrv.sys [86264 2021-10-11] (Microsoft Windows -> Microsoft Corporation)

==================== NetSvcs (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)


==================== One month (created) (Whitelisted) =========

(If an entry is included in the fixlist, the file/folder will be moved.)

2021-10-13 11:05 - 2021-10-13 11:05 - 000022959 _____ C:\Users\18508\Downloads\FRST.txt
2021-10-13 11:04 - 2021-10-13 11:05 - 000000000 ____D C:\FRST
2021-10-13 11:03 - 2021-10-13 11:03 - 002310656 _____ (Farbar) C:\Users\18508\Downloads\FRST64.exe
2021-10-13 10:39 - 2021-10-13 10:39 - 000000000 ___HD C:\$WinREAgent
2021-10-12 13:52 - 2021-10-12 13:52 - 000890302 _____ C:\Users\18508\Desktop\Hoch 4211 Seapoint Cir..pdf
2021-10-12 13:51 - 2021-10-12 13:51 - 000999897 _____ C:\Users\18508\Desktop\Hoch 3501 Rolling Acres Rd..pdf
2021-10-12 13:49 - 2021-10-12 13:49 - 000778540 _____ C:\Users\18508\Desktop\Hoch 11418 Big Buck Rd..pdf
2021-10-11 14:57 - 2021-10-11 14:57 - 095682560 _____ C:\WINDOWS\system32\config\SOFTWARE
2021-10-11 14:54 - 2021-10-11 14:57 - 000000000 ____D C:\WINDOWS\Microsoft Antimalware
2021-10-11 10:47 - 2021-10-11 10:47 - 000000000 ____D C:\WINDOWS\system32\Tasks\Mozilla
2021-10-05 15:49 - 2021-10-11 11:30 - 000000000 ____D C:\Program Files\Mozilla Firefox
2021-10-04 10:52 - 2021-10-04 10:52 - 000672555 _____ C:\Users\18508\Downloads\Peyton.pdf
2021-10-04 10:51 - 2021-10-11 11:50 - 000000000 ____D C:\Users\18508\AppData\Local\AVG
2021-10-04 10:47 - 2021-10-11 11:50 - 000000000 ____D C:\ProgramData\AVG
2021-10-04 10:47 - 2021-10-04 10:47 - 000224072 _____ (AVG Technologies CZ, s.r.o.) C:\Users\18508\Downloads\avg_antivirus_free_setup.exe
2021-10-04 10:20 - 2021-10-04 10:45 - 003591880 _____ (RCS LT) C:\Users\18508\Downloads\CCSetup.exe
2021-09-28 11:27 - 2021-09-28 11:27 - 000002318 _____ C:\Users\18508\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Online Customer Support (2).lnk
2021-09-28 11:18 - 2021-09-28 11:18 - 000000000 ____D C:\Program Files (x86)\LogMeIn Rescue Applet
2021-09-28 11:17 - 2021-09-28 11:17 - 002399480 _____ (LogMeIn, Inc.) C:\Users\18508\Downloads\Support-LogMeInRescue.exe
2021-09-28 11:17 - 2021-09-28 11:17 - 000002333 _____ C:\Users\18508\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Online Customer Support.lnk
2021-09-28 11:17 - 2021-09-28 11:17 - 000000000 ____D C:\Users\18508\AppData\Local\LogMeIn Rescue Applet
2021-09-28 10:03 - 2021-09-28 10:03 - 000184150 _____ C:\Users\18508\Downloads\Checking_1_History_1-1-2021_9-28-2021.qbo
2021-09-28 09:57 - 2021-09-28 09:53 - 000010663 _____ C:\Users\18508\Downloads\Delete.qbo
2021-09-28 09:24 - 2021-09-28 10:01 - 000000000 ____D C:\ProgramData\SQL Anywhere 17
2021-09-27 11:59 - 2021-09-27 11:59 - 000000000 ____D C:\WINDOWS\Intuit
2021-09-27 11:59 - 2021-09-27 11:59 - 000000000 ____D C:\Users\18508\AppData\Roaming\SQL Anywhere 17
2021-09-27 11:58 - 2021-09-28 09:20 - 000000000 ____D C:\Users\18508\AppData\Local\Intuit
2021-09-27 11:58 - 2021-09-27 11:58 - 000003014 _____ C:\WINDOWS\system32\Tasks\QBScheduledReport
2021-09-27 11:58 - 2021-09-27 11:58 - 000002197 _____ C:\Users\Public\Desktop\QuickBooks Pro Plus 2021.lnk
2021-09-27 11:58 - 2021-09-27 11:58 - 000000000 ____D C:\WINDOWS\SysWOW64\spool
2021-09-27 11:58 - 2021-09-27 11:58 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\QuickBooks
2021-09-27 11:58 - 2012-08-15 00:15 - 006525440 _____ (Amyuni Technologies hxxp://www.amyuni.com) C:\WINDOWS\system32\cdintf450_64.dll
2021-09-27 11:58 - 2012-08-15 00:11 - 004809728 _____ (Amyuni Technologies hxxp://www.amyuni.com) C:\WINDOWS\SysWOW64\cdintf450.dll
2021-09-27 11:57 - 2021-09-27 11:57 - 000000000 ____D C:\ProgramData\Nuance
2021-09-27 11:56 - 2021-10-11 11:30 - 000000000 ____D C:\ProgramData\Intuit
2021-09-27 11:56 - 2021-09-27 11:58 - 000000095 _____ C:\WINDOWS\QBChanUtil_Trigger.ini
2021-09-27 11:56 - 2021-09-27 11:56 - 000000000 ____D C:\Users\Public\Documents\Intuit
2021-09-27 11:56 - 2021-09-27 11:56 - 000000000 ____D C:\Program Files (x86)\Intuit
2021-09-27 11:22 - 2021-09-27 11:22 - 771400976 _____ (Intuit, Inc. ) C:\Users\18508\Downloads\QuickBooksProSub2021.exe
2021-09-27 11:19 - 2021-09-27 11:19 - 001963704 _____ () C:\Users\18508\Downloads\QuickBooks desktop manager.exe
2021-09-17 07:52 - 2021-09-17 07:52 - 000000000 ____D C:\WINDOWS\LastGood.Tmp
2021-09-14 20:48 - 2021-09-14 20:48 - 002111488 _____ (Digimarc) C:\WINDOWS\SysWOW64\DMRCDecoder.dll
2021-09-14 20:48 - 2021-09-14 20:48 - 001333760 _____ C:\WINDOWS\SysWOW64\TextInputMethodFormatter.dll
2021-09-14 20:48 - 2021-09-14 20:48 - 001313608 _____ (Microsoft Corporation) C:\WINDOWS\system32\SecConfig.efi
2021-09-14 20:48 - 2021-09-14 20:48 - 000672768 _____ C:\WINDOWS\system32\FsNVSDeviceSource.dll
2021-09-14 20:48 - 2021-09-14 20:48 - 000570368 _____ (Microsoft Corporation) C:\WINDOWS\system32\inetcpl.cpl
2021-09-14 20:48 - 2021-09-14 20:48 - 000452096 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\inetcpl.cpl
2021-09-14 20:48 - 2021-09-14 20:48 - 000122880 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wshom.ocx
2021-09-14 20:48 - 2021-09-14 20:48 - 000011355 _____ C:\WINDOWS\system32\DrtmAuthTxt.wim
2021-09-14 20:47 - 2021-09-14 20:47 - 002295296 _____ (Digimarc) C:\WINDOWS\system32\DMRCDecoder.dll
2021-09-14 20:47 - 2021-09-14 20:47 - 002260992 _____ C:\WINDOWS\system32\TextInputMethodFormatter.dll
2021-09-14 20:47 - 2021-09-14 20:47 - 001823304 _____ (Microsoft Corporation) C:\WINDOWS\system32\winload.efi
2021-09-14 20:47 - 2021-09-14 20:47 - 001393480 _____ (Microsoft Corporation) C:\WINDOWS\system32\winresume.efi
2021-09-14 20:47 - 2021-09-14 20:47 - 001164288 _____ C:\WINDOWS\system32\MBR2GPT.EXE
2021-09-14 20:47 - 2021-09-14 20:47 - 000566784 _____ (Microsoft Corporation) C:\WINDOWS\system32\winspool.drv
2021-09-14 20:47 - 2021-09-14 20:47 - 000426496 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\winspool.drv
2021-09-14 20:47 - 2021-09-14 20:47 - 000272384 _____ C:\WINDOWS\system32\TpmTool.exe
2021-09-14 20:47 - 2021-09-14 20:47 - 000223744 _____ C:\WINDOWS\SysWOW64\TpmTool.exe
2021-09-14 20:47 - 2021-09-14 20:47 - 000162816 _____ C:\WINDOWS\system32\DataStoreCacheDumpTool.exe
2021-09-14 20:47 - 2021-09-14 20:47 - 000147456 _____ (Microsoft Corporation) C:\WINDOWS\system32\wshom.ocx
2021-09-14 20:47 - 2021-09-14 20:47 - 000098816 _____ C:\WINDOWS\system32\Drivers\cimfs.sys
2021-09-14 12:25 - 2021-09-14 12:25 - 002204134 _____ C:\Users\18508\Desktop\2020 tax form 4.pdf
2021-09-14 12:24 - 2021-09-14 12:27 - 002989310 _____ C:\Users\18508\Desktop\2020 tax form 3.pdf
2021-09-14 12:23 - 2021-09-14 12:23 - 002775826 _____ C:\Users\18508\Desktop\2020 tax form 2.pdf
2021-09-14 12:21 - 2021-09-14 12:21 - 002253751 _____ C:\Users\18508\Desktop\2020 tax form 1.pdf
2021-09-13 14:21 - 2021-09-13 14:21 - 000040186 _____ C:\Users\18508\Downloads\UPS Birk return label.pdf
2021-09-13 12:56 - 2021-09-13 12:56 - 000018838 _____ C:\Users\18508\Downloads\4044 Fairbanks Dr Quote.pdf
2021-09-13 10:21 - 2021-09-13 10:22 - 000692550 _____ C:\Users\18508\Downloads\FHA Addendum.pdf
2021-09-13 09:27 - 2021-09-13 09:27 - 002221892 _____ C:\Users\18508\Downloads\flbasi35972019_20s_FC.pdf
2021-09-13 09:27 - 2021-09-13 09:27 - 001675162 _____ C:\Users\18508\Downloads\basi3124_20i_FC.pdf

==================== One month (modified) ==================

(If an entry is included in the fixlist, the file/folder will be moved.)

2021-10-13 10:59 - 2019-12-07 04:14 - 000000000 ____D C:\ProgramData\regid.1991-06.com.microsoft
2021-10-13 10:55 - 2019-11-09 14:21 - 000000000 ____D C:\ProgramData\Mozilla
2021-10-13 10:54 - 2020-10-05 15:13 - 000000000 ____D C:\WINDOWS\system32\SleepStudy
2021-10-13 10:54 - 2019-11-09 14:21 - 000000000 ____D C:\Users\18508\AppData\LocalLow\Mozilla
2021-10-13 10:44 - 2019-12-07 04:03 - 000000000 ____D C:\WINDOWS\CbsTemp
2021-10-13 10:39 - 2019-12-09 13:05 - 000000000 ____D C:\Program Files (x86)\Google
2021-10-13 10:38 - 2019-11-15 12:32 - 000000000 ____D C:\WINDOWS\system32\MRT
2021-10-13 10:37 - 2020-06-19 08:21 - 000002449 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Edge.lnk
2021-10-13 10:37 - 2019-12-07 04:14 - 000000000 ___HD C:\Program Files\WindowsApps
2021-10-13 10:37 - 2019-12-07 04:14 - 000000000 ____D C:\WINDOWS\AppReadiness
2021-10-13 10:37 - 2019-11-15 12:32 - 139806512 ____C (Microsoft Corporation) C:\WINDOWS\system32\MRT.exe
2021-10-13 10:36 - 2019-11-09 13:55 - 000000000 __SHD C:\Users\18508\IntelGraphicsProfiles
2021-10-12 20:20 - 2019-11-09 13:58 - 000000000 ____D C:\Users\18508\AppData\Local\PlaceholderTileLogoFolder
2021-10-12 14:13 - 2019-12-09 13:05 - 000002312 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk
2021-10-12 10:36 - 2019-11-09 13:55 - 000000000 ____D C:\Users\18508\AppData\Local\Packages
2021-10-11 12:08 - 2020-05-13 15:05 - 000000000 ____D C:\Users\18508\AppData\Local\D3DSCache
2021-10-11 12:02 - 2020-10-05 15:22 - 000795738 _____ C:\WINDOWS\system32\PerfStringBackup.INI
2021-10-11 12:02 - 2019-12-07 04:13 - 000000000 ____D C:\WINDOWS\INF
2021-10-11 11:58 - 2020-10-05 15:18 - 000000006 ____H C:\WINDOWS\Tasks\SA.DAT
2021-10-11 11:58 - 2019-12-07 04:14 - 000000000 ____D C:\WINDOWS\ServiceState
2021-10-11 11:58 - 2019-10-27 16:39 - 000000134 _____ C:\WINDOWS\system32\regtest.txt
2021-10-11 11:58 - 2019-10-27 16:20 - 000000000 ___HD C:\Intel
2021-10-11 11:57 - 2020-10-05 15:13 - 000008192 ___SH C:\DumpStack.log.tmp
2021-10-11 11:54 - 2019-12-07 04:14 - 000000000 ____D C:\WINDOWS\system32\WinBioDatabase
2021-10-11 11:54 - 2019-12-07 04:03 - 000786432 _____ C:\WINDOWS\system32\config\BBI
2021-10-11 11:49 - 2019-04-19 00:00 - 000000000 ____D C:\WINDOWS\system32\Drivers\wd
2021-10-11 11:39 - 2019-10-27 16:38 - 000000000 ____D C:\ProgramData\Goodix
2021-10-11 11:35 - 2019-12-07 04:14 - 000000000 ___HD C:\WINDOWS\ELAMBKUP
2021-10-11 11:30 - 2020-10-05 15:13 - 000452080 _____ C:\WINDOWS\system32\FNTCACHE.DAT
2021-10-11 11:30 - 2019-11-09 14:21 - 000000000 ____D C:\Program Files (x86)\Mozilla Maintenance Service
2021-10-11 10:47 - 2020-10-05 15:18 - 000003480 _____ C:\WINDOWS\system32\Tasks\MicrosoftEdgeUpdateTaskMachineUA
2021-10-11 10:47 - 2020-10-05 15:18 - 000003356 _____ C:\WINDOWS\system32\Tasks\MicrosoftEdgeUpdateTaskMachineCore
2021-10-11 10:47 - 2019-11-09 14:21 - 000001016 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Firefox.lnk
2021-10-11 10:47 - 2019-10-27 16:25 - 000000000 ____D C:\Program Files\Microsoft Office
2021-10-08 15:11 - 2020-10-05 15:18 - 000003380 _____ C:\WINDOWS\system32\Tasks\OneDrive Standalone Update Task-S-1-5-21-2495932232-2485700646-2361781530-1001
2021-10-08 15:11 - 2020-10-05 15:15 - 000002394 _____ C:\Users\18508\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\OneDrive.lnk
2021-10-07 17:05 - 2020-10-05 14:56 - 000000000 ____D C:\Program Files\Microsoft Update Health Tools
2021-10-04 10:55 - 2021-05-30 13:47 - 000000000 ____D C:\Users\18508\Desktop\BELLC - misc
2021-10-04 10:08 - 2020-10-05 15:18 - 000003420 _____ C:\WINDOWS\system32\Tasks\GoogleUpdateTaskMachineUA
2021-10-04 10:08 - 2020-10-05 15:18 - 000003296 _____ C:\WINDOWS\system32\Tasks\GoogleUpdateTaskMachineCore
2021-09-27 11:56 - 2019-10-27 16:36 - 000000000 ____D C:\ProgramData\Package Cache
2021-09-27 09:33 - 2021-08-05 15:25 - 000000000 ____D C:\Program Files\HPPrintScanDoctor
2021-09-26 10:06 - 2020-02-16 12:50 - 000000000 ____D C:\Users\18508\AppData\Local\ElevatedDiagnostics
2021-09-14 20:54 - 2019-12-07 04:14 - 000000000 ___RD C:\WINDOWS\ImmersiveControlPanel
2021-09-14 20:54 - 2019-12-07 04:14 - 000000000 ____D C:\WINDOWS\SysWOW64\WinMetadata
2021-09-14 20:54 - 2019-12-07 04:14 - 000000000 ____D C:\WINDOWS\SysWOW64\oobe
2021-09-14 20:54 - 2019-12-07 04:14 - 000000000 ____D C:\WINDOWS\SysWOW64\Dism
2021-09-14 20:54 - 2019-12-07 04:14 - 000000000 ____D C:\WINDOWS\SystemResources
2021-09-14 20:54 - 2019-12-07 04:14 - 000000000 ____D C:\WINDOWS\system32\WinMetadata
2021-09-14 20:54 - 2019-12-07 04:14 - 000000000 ____D C:\WINDOWS\system32\WinBioPlugIns
2021-09-14 20:54 - 2019-12-07 04:14 - 000000000 ____D C:\WINDOWS\system32\oobe
2021-09-14 20:54 - 2019-12-07 04:14 - 000000000 ____D C:\WINDOWS\system32\migwiz
2021-09-14 20:54 - 2019-12-07 04:14 - 000000000 ____D C:\WINDOWS\system32\Dism
2021-09-14 20:54 - 2019-12-07 04:14 - 000000000 ____D C:\WINDOWS\system32\DDFs
2021-09-14 20:54 - 2019-12-07 04:14 - 000000000 ____D C:\WINDOWS\system32\appraiser
2021-09-14 20:54 - 2019-12-07 04:14 - 000000000 ____D C:\WINDOWS\ShellComponents
2021-09-14 20:54 - 2019-12-07 04:14 - 000000000 ____D C:\WINDOWS\Provisioning
2021-09-14 20:54 - 2019-12-07 04:14 - 000000000 ____D C:\WINDOWS\bcastdvr
2021-09-14 20:54 - 2019-12-07 04:03 - 000000000 ____D C:\WINDOWS\servicing

==================== SigCheck ============================

(There is no automatic fix for files that do not pass verification.)

==================== End of FRST.txt ========================

 

[Itsirkdrop]

Hi,

No it should not.
Close the download and try again.
Let me know if you still have an issue.

For some reason I was able to DL it today. C&P'd the FRST and attached the Additional.

 

[nasdaq]

Hi,

Please download the attached Fixlist.txt file to the same folder where the Farbar tool is running from.
The location is listed in the 3rd line of the FRST.txt log you have submitted.

Run FRST and click Fix only once and wait.

The Computer will restart when the fix is completed.

It will create a log (Fixlog.txt) please post it to your reply.
===


Please post the Fixlog.txt and let me know if the problem persists.

 

[nasdaq]

I the problem solved?