Laptop Running Slow 2023 Oct

Discussion in 'Malware Help - MG (A Specialist Will Reply)' started by Donmg49, Oct 3, 2023.

  1. Donmg49

    Donmg49 Private E-2

    My wife’s laptop was performing well. Then I started doing a full backup from the laptop to a Seagate model STCA2000100 2TB Backup Plus external hard drive. The longer the backup went, the slower the transfer speeds became, finally running at 500 KB/sec. I ran the antimalware as recommended with the Seagate connected. The logs are attached. The laptop seemed to run better. Then she opened Google Chrome and the laptop almost stopped; on the Desktop, icons would not highlight or open. I did a Restart and disconnected the Seagate. Now the laptop is usable. It is still running slowly; Google Chrome takes 2 minutes to open but will work. Your help is appreciated.
     

    Attached Files:

    Donmg49, Oct 3, 2023
    #1
  2. Oh My!

    Oh My! Malware Expert Staff Member

    Greetings and welcome to the Major Geeks Malware Forum.

    While I review what you have posted please do this.

    ===================================================

    Farbar Recovery Scan Tool (FRST)

    --------------------
    • Download Farbar Recover Scan Tool for 64 bit systems and save the file onto your Desktop (if it is downloaded elsewhere copy and paste the file onto your Desktop)
    • Right click on the icon and select Run as administrator
    • Note: If you receive any warning about the download it is a false positive and you can ignore it. Click on More info to get the Run anyway option
    • Click Yes to the disclaimer
    • Click Scan and allow the program to run
    • Click OK on the Scan complete screen, then OK on the Addition.txt pop up screen
    • 2 Notepad documents should now be open on your desktop.
    • Please attach both reports to your reply
    ===================================================

    Things I would like to see in your next reply. Please be sure to copy and paste any requested log information unless you are asked to attach it. :thumbsup2:

    • FRST.txt
    • Addition.txt
     
    Oh My!, Oct 3, 2023
    #2
  3. Donmg49

    Donmg49 Private E-2

    I apologize for taking so long to reply, but things intervened. I have run FRST. Attached are the 2 txt files.
     

    Attached Files:

    Donmg49, Oct 23, 2023
    #3
  4. Oh My!

    Oh My! Malware Expert Staff Member

    I sent you a Personal Message.
     
    Oh My!, Oct 23, 2023
    #4
  5. Oh My!

    Oh My! Malware Expert Staff Member

    Greetings.

    There is no evidence of malicious software on the computer. Before we do anything else I want to clarify what you have already done.

    It is normal for the initial launch of a browser to take a bit of time to load. However, 2 minutes is excessive. I see you have CCleaner installed. Have you already cleared out the cache and cookies for Chrome?

    Can you be more specific regarding running slowly apart from Chrome. Is that during boot, running certain programs, generally hanging, etc.?
     
    Oh My!, Oct 23, 2023
    #5
  6. Donmg49

    Donmg49 Private E-2

    The problem was the laptop was running slow at all times. We run CCleaner at least every 3 days. Today the laptop is running at acceptable speeds. Task Manager loads and starts updating in 15 sec. Microsoft Word opens a document in 15 sec. Google Chrome opens in 10 sec. So, today we have no complaints. We haven't made any changes other than normal Microsoft and Lenovo system updates.
     
    Donmg49, Oct 23, 2023
    #6
  7. Oh My!

    Oh My! Malware Expert Staff Member

    Thanks for the update.

    I would recommend you allow Windows Update to handle driver updates rather than Driver Easy. If that is something you would like to do I would recommend uninstalling Driver Easy.

    Please run this.

    ===================================================

    Farbar Recovery Scan Tool Fix

    --------------------
    • Right click on the FRST64 icon and select Run as administrator
    • Highlight the below information then hit the Ctrl + C keys at the same time and the text will be copied
    • There is no need to paste the information anywhere, FRST64 will do it for you
    Code:
    Start::
CreateRestorePoint:
CloseProcesses:
S3 Browser; %SystemRoot%\System32\browser.dll [X] 
S3 LenovoDiagnosticsDriver; \??\C:\ProgramData\Lenovo\Vantage\Addins\LenovoHardwareScanAddin\2.4.1.1\LDiagsLegacy\LenovoDiagnosticsDriver.sys [X] 
S1 WinSetupMon; system32\DRIVERS\WinSetupMon.sys [X] 
Task: {3AFAF916-374D-43F9-88C1-17A9BE1ECB01} - \Lenovo\ImController\Lenovo iM Controller Scheduled Maintenance -> No File <==== ATTENTION 
Task: {57758678-E369-456D-9FFF-441CF51D5408} - \Lenovo\ImController\Lenovo iM Controller Monitor -> No File <==== ATTENTION 
Task: {8A36633D-772B-4400-B569-18AA4DD21CA8} - \Lenovo\ImController\Plugins\LenovoSystemUpdatePlugin_WeeklyTask -> No File <==== ATTENTION 
Task: {CB3BBD49-64F5-4756-87F6-1ED35C7BB270} - System32\Tasks\Lenovo\Vantage\Schedule\VantageTelemetryAddinTask => C:\Program Files (x86)\Lenovo\VantageService\3.6.15.0\ScheduleEventAction.exe  VantageTelemetryAddinTask (No File) 
Task: {CCDFC0B8-01A3-4E74-A820-4F13F51D269E} - System32\Tasks\Microsoft\Windows\Mobile Broadband Accounts\MNO Metadata Parser => %SystemRoot%\System32\MbaeParserTask.exe  (No File) 
Task: {F3B9EC4C-5985-4752-B7FC-6EAE5B98FFB4} - System32\Tasks\Microsoft\Windows\UpdateOrchestrator\MusUx_UpdateInterval => %systemroot%\system32\MusNotification.exe  Display (No File) 
Task: {9A09BC42-1495-4575-AF27-38F9F3016DD8} - System32\Tasks\Microsoft\Windows\UpdateOrchestrator\Reboot_AC => %systemroot%\system32\MusNotification.exe  /RunOnAC RebootDialog (No File) 
Task: {4D38A469-C482-47FA-87C7-AEE5F8E65A72} - System32\Tasks\Microsoft\Windows\UpdateOrchestrator\Reboot_Battery => %systemroot%\system32\MusNotification.exe  /RunOnBattery RebootDialog (No File) 
Task: {E0F10DCF-44AD-40E8-9370-FB5DA59F93FB} - System32\Tasks\Microsoft\Windows\UpdateOrchestrator\USO_UxBroker => %systemroot%\system32\MusNotification.exe  (No File) 
Task: {F44D719F-C238-4240-A6E7-BA2B64B68EB8} - System32\Tasks\OneDrive Standalone Update Task-S-1-5-21-3465463654-1579146225-1964756943-1002 => %localappdata%\Microsoft\OneDrive\OneDriveStandaloneUpdater.exe  (No File) 
Task: {EB097344-4802-4DB0-9D64-9F1D5F7204D5} - System32\Tasks\OneDrive Standalone Update Task-S-1-5-21-3465463654-1579146225-1964756943-500 => %localappdata%\Microsoft\OneDrive\OneDriveStandaloneUpdater.exe  (No File) 
ShellIconOverlayIdentifiers: [ OneDrive1] -> {BBACC218-34EA-4666-9D7A-C78F2274A524} =>  -> No File 
ShellIconOverlayIdentifiers: [ OneDrive2] -> {5AB7172C-9C11-405C-8DD5-AF20F3606282} =>  -> No File 
ShellIconOverlayIdentifiers: [ OneDrive3] -> {A78ED123-AB77-406B-9962-2A5D9D2F7F30} =>  -> No File 
ShellIconOverlayIdentifiers: [ OneDrive4] -> {F241C880-6982-4CE5-8CF7-7085BA96DA5A} =>  -> No File 
ShellIconOverlayIdentifiers: [ OneDrive5] -> {A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E} =>  -> No File 
ShellIconOverlayIdentifiers: [ OneDrive6] -> {9AA2F32D-362A-42D9-9328-24A483E2CCC3} =>  -> No File 
ShellIconOverlayIdentifiers: [ OneDrive7] -> {C5FF006E-2AE9-408C-B85B-2DFDD5449D9C} =>  -> No File 
ShellIconOverlayIdentifiers-x32: [ OneDrive1] -> {BBACC218-34EA-4666-9D7A-C78F2274A524} =>  -> No File 
ShellIconOverlayIdentifiers-x32: [ OneDrive2] -> {5AB7172C-9C11-405C-8DD5-AF20F3606282} =>  -> No File 
ShellIconOverlayIdentifiers-x32: [ OneDrive3] -> {A78ED123-AB77-406B-9962-2A5D9D2F7F30} =>  -> No File 
ShellIconOverlayIdentifiers-x32: [ OneDrive4] -> {F241C880-6982-4CE5-8CF7-7085BA96DA5A} =>  -> No File 
ShellIconOverlayIdentifiers-x32: [ OneDrive5] -> {A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E} =>  -> No File 
ShellIconOverlayIdentifiers-x32: [ OneDrive6] -> {9AA2F32D-362A-42D9-9328-24A483E2CCC3} =>  -> No File 
ShellIconOverlayIdentifiers-x32: [ OneDrive7] -> {C5FF006E-2AE9-408C-B85B-2DFDD5449D9C} =>  -> No File 
ContextMenuHandlers4: [ FileSyncEx] -> {CB3D0F55-BC2C-4C1A-85ED-23ED75B5106B} =>  -> No File 
ContextMenuHandlers4: [Offline Files] -> {474C98EE-CF3D-41f5-80E3-4AAB0AB04301} =>  -> No File 
ContextMenuHandlers5: [ FileSyncEx] -> {CB3D0F55-BC2C-4C1A-85ED-23ED75B5106B} =>  -> No File 
ContextMenuHandlers6: [Offline Files] -> {474C98EE-CF3D-41f5-80E3-4AAB0AB04301} =>  -> No File 
FirewallRules: [{A36FC46F-4735-448E-B7D5-3A7395744AA1}] => (Allow) C:\Users\penny\AppData\Local\Temp\7zS7622\HPEasyStart\HP.EasyStart.exe => No File 
FirewallRules: [{A81694D0-FE11-400A-9C33-FC2FDA85E9F6}] => (Allow) C:\Users\penny\AppData\Local\Temp\7zS5447\HPEasyStart\HP.EasyStart.exe => No File 
FirewallRules: [{ED4B8C23-AC3C-4C6E-B40F-42DB18172164}] => (Allow) C:\Users\penny\AppData\Local\Temp\7zS3639\HP.EasyStart.exe => No File 
FirewallRules: [{3A0FEEA7-829A-41E2-BFC3-A051D12B8287}] => (Allow) C:\Users\penny\AppData\Local\Temp\7zS3C14\HPEasyStart\HP.EasyStart.exe => No File 
FirewallRules: [{3D995BFB-F10B-48E3-8EFE-51F670C3FEB6}] => (Allow) C:\Users\penny\AppData\Local\Temp\7zS439E\HPEasyStart\HP.EasyStart.exe => No File 
FirewallRules: [TCP Query User{C139FF30-CC1A-48EB-B1FA-A73622F5F07D}C:\users\penny\appdata\local\temp\7zs7b07\enterprisedu.exe] => (Allow) C:\users\penny\appdata\local\temp\7zs7b07\enterprisedu.exe => No File 
FirewallRules: [UDP Query User{26849BB0-66BD-45A0-A12F-850E31A42447}C:\users\penny\appdata\local\temp\7zs7b07\enterprisedu.exe] => (Allow) C:\users\penny\appdata\local\temp\7zs7b07\enterprisedu.exe => No File 
FirewallRules: [TCP Query User{7872DE82-8393-435E-9586-7C11606059E5}C:\users\penny\appdata\local\temp\7zs6feb\enterprisedu.exe] => (Allow) C:\users\penny\appdata\local\temp\7zs6feb\enterprisedu.exe => No File 
FirewallRules: [UDP Query User{5E8AEAB4-F45B-40F9-A6A6-8657EE29530B}C:\users\penny\appdata\local\temp\7zs6feb\enterprisedu.exe] => (Allow) C:\users\penny\appdata\local\temp\7zs6feb\enterprisedu.exe => No File 
FirewallRules: [TCP Query User{485D9288-E6E7-4750-ADA1-47E5458C331E}C:\users\penny\appdata\local\temp\7zs1a26\enterprisedu.exe] => (Allow) C:\users\penny\appdata\local\temp\7zs1a26\enterprisedu.exe => No File 
FirewallRules: [UDP Query User{BE516DE9-59B2-431F-BD86-A459B5C50556}C:\users\penny\appdata\local\temp\7zs1a26\enterprisedu.exe] => (Allow) C:\users\penny\appdata\local\temp\7zs1a26\enterprisedu.exe => No File 
FirewallRules: [{2FB80A6C-5117-4597-9D5D-61C68C616CDB}] => (Allow) C:\Users\penny\AppData\Local\Temp\7zS771F\HPEasyStart\HP.EasyStart.exe => No File 
FirewallRules: [{35CAFF0B-BC3B-4C5E-AF00-A8354CEB78E2}] => (Allow) C:\Users\penny\AppData\Local\Temp\EasySetup\74d38f81-c419-4337-9ca6-725565855ac0\FullPackage\Y20B_C1_UWC_PP-usa-inst-B1\wlan_wiz\.\wlan_assistant\waw.exe => No File 
FirewallRules: [{9B7FBDD4-4AB1-4B4D-8E88-3FF975F81944}] => (Allow) C:\Users\penny\AppData\Local\Temp\EasySetup\74d38f81-c419-4337-9ca6-725565855ac0\FullPackage\Y20B_C1_UWC_PP-usa-inst-B1\wlan_wiz\.\wlan_assistant\waw.exe => No File 
FirewallRules: [{8D40BC5B-0A0D-4D4B-A56F-C7FCB6BA22D3}] => (Allow) C:\Users\penny\AppData\Local\Temp\EasySetup\74d38f81-c419-4337-9ca6-725565855ac0\FullPackage\Y20B_C1_UWC_PP-usa-inst-B1\wlan_wiz\.\wlan_assistant\waw.exe => No File 
FirewallRules: [{101A1567-9F09-49CC-AD1A-2DA8681A277A}] => (Allow) C:\Users\penny\AppData\Local\Temp\EasySetup\74d38f81-c419-4337-9ca6-725565855ac0\FullPackage\Y20B_C1_UWC_PP-usa-inst-B1\wlan_wiz\.\wlan_assistant\waw.exe => No File 
FirewallRules: [{FE370656-73D1-4DB0-8737-021754BD03FA}] => (Allow) C:\Users\penny\AppData\Local\Temp\EasySetup\74d38f81-c419-4337-9ca6-725565855ac0\FullPackage\Y20B_C1_UWC_PP-usa-inst-B1\wlan_wiz\.\wlan_assistant\waw.exe => No File 
FirewallRules: [{D03073F4-7644-49B9-9D67-B9781FBF580B}] => (Allow) C:\Program Files\WindowsApps\Microsoft.SkypeApp_15.75.140.0_x86__kzf8qxf38zg5c\Skype\Skype.exe => No File 
FirewallRules: [{28000B34-7BF2-474D-9D5D-A15578AE25B1}] => (Allow) C:\Program Files\WindowsApps\Microsoft.SkypeApp_15.75.140.0_x86__kzf8qxf38zg5c\Skype\Skype.exe => No File 
FirewallRules: [{F2F668F5-7DD7-4809-8282-B637488776F7}] => (Allow) C:\Program Files\WindowsApps\Microsoft.SkypeApp_15.75.140.0_x86__kzf8qxf38zg5c\Skype\Skype.exe => No File 
FirewallRules: [{0648CB0F-B5CC-4C12-A3F0-3581F5704FF3}] => (Allow) C:\Program Files\WindowsApps\Microsoft.SkypeApp_15.75.140.0_x86__kzf8qxf38zg5c\Skype\Skype.exe => No File 
FirewallRules: [{B2860D58-2015-49D3-8683-993CD30B91C8}] => (Allow) C:\Program Files\WindowsApps\MicrosoftTeams_21253.510.996.1465_x64__8wekyb3d8bbwe\msteams.exe => No File 
FirewallRules: [{17EFE77D-9BB4-4BE7-A785-BE5AADA9B675}] => (Allow) C:\Program Files\WindowsApps\MicrosoftTeams_21253.510.996.1465_x64__8wekyb3d8bbwe\msteams.exe => No File 
Task: {CB3BBD49-64F5-4756-87F6-1ED35C7BB270} - System32\Tasks\Lenovo\Vantage\Schedule\VantageTelemetryAddinTask => C:\Program Files (x86)\Lenovo\VantageService\3.6.15.0\ScheduleEventAction.exe  VantageTelemetryAddinTask (No File) 
Task: {CCDFC0B8-01A3-4E74-A820-4F13F51D269E} - System32\Tasks\Microsoft\Windows\Mobile Broadband Accounts\MNO Metadata Parser => %SystemRoot%\System32\MbaeParserTask.exe  (No File) 
Task: {F3B9EC4C-5985-4752-B7FC-6EAE5B98FFB4} - System32\Tasks\Microsoft\Windows\UpdateOrchestrator\MusUx_UpdateInterval => %systemroot%\system32\MusNotification.exe  Display (No File) 
Task: {9A09BC42-1495-4575-AF27-38F9F3016DD8} - System32\Tasks\Microsoft\Windows\UpdateOrchestrator\Reboot_AC => %systemroot%\system32\MusNotification.exe  /RunOnAC RebootDialog (No File) 
Task: {4D38A469-C482-47FA-87C7-AEE5F8E65A72} - System32\Tasks\Microsoft\Windows\UpdateOrchestrator\Reboot_Battery => %systemroot%\system32\MusNotification.exe  /RunOnBattery RebootDialog (No File) 
Task: {E0F10DCF-44AD-40E8-9370-FB5DA59F93FB} - System32\Tasks\Microsoft\Windows\UpdateOrchestrator\USO_UxBroker => %systemroot%\system32\MusNotification.exe  (No File) 
Task: {F44D719F-C238-4240-A6E7-BA2B64B68EB8} - System32\Tasks\OneDrive Standalone Update Task-S-1-5-21-3465463654-1579146225-1964756943-1002 => %localappdata%\Microsoft\OneDrive\OneDriveStandaloneUpdater.exe  (No File) 
Task: {EB097344-4802-4DB0-9D64-9F1D5F7204D5} - System32\Tasks\OneDrive Standalone Update Task-S-1-5-21-3465463654-1579146225-1964756943-500 => %localappdata%\Microsoft\OneDrive\OneDriveStandaloneUpdater.exe  (No File) 
HKLM\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate: Restriction <==== ATTENTION 
Task: {3AFAF916-374D-43F9-88C1-17A9BE1ECB01} - \Lenovo\ImController\Lenovo iM Controller Scheduled Maintenance -> No File <==== ATTENTION 
Task: {57758678-E369-456D-9FFF-441CF51D5408} - \Lenovo\ImController\Lenovo iM Controller Monitor -> No File <==== ATTENTION 
Task: {8A36633D-772B-4400-B569-18AA4DD21CA8} - \Lenovo\ImController\Plugins\LenovoSystemUpdatePlugin_WeeklyTask -> No File <==== ATTENTION 
Task: {3AFAF916-374D-43F9-88C1-17A9BE1ECB01} - \Lenovo\ImController\Lenovo iM Controller Scheduled Maintenance -> No File <==== ATTENTION 
Task: {57758678-E369-456D-9FFF-441CF51D5408} - \Lenovo\ImController\Lenovo iM Controller Monitor -> No File <==== ATTENTION 
Task: {8A36633D-772B-4400-B569-18AA4DD21CA8} - \Lenovo\ImController\Plugins\LenovoSystemUpdatePlugin_WeeklyTask -> No File <==== ATTENTION 
SearchScopes: HKU\S-1-5-21-3465463654-1579146225-1964756943-1001 -> DefaultScope {29C23E05-C2CA-4EEB-ADDF-E5B3F0CCB9B6} URL =
SearchScopes: HKU\S-1-5-21-3465463654-1579146225-1964756943-1001 -> {29C23E05-C2CA-4EEB-ADDF-E5B3F0CCB9B6} URL =
ExportKey: HKLM\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate
cmd: sfc /scannow
cmd: DISM /Online /Cleanup-Image /CheckHealth
End::
    • Click Fix
    • When completed the tool will create a log on the desktop called Fixlog.txt. Please copy and paste the contents of the file in your reply.
    ===================================================

    Things I would like to see in your next reply. Please be sure to copy and paste any requested log information unless you are asked to attach it.
    • Fixlog
     
    Oh My!, Oct 23, 2023
    #7
  8. Donmg49

    Donmg49 Private E-2

    I will uninstall DriverEasy. Thank you for your help. I will run FRST as requested and post the results.
     
    Donmg49, Oct 23, 2023
    #8
  9. Donmg49

    Donmg49 Private E-2

    FRST Fix has been run. Here are the contents of the Fixlog.txt.

    Fix result of Farbar Recovery Scan Tool (x64) Version: 06-10-2023
    Ran by penny (23-10-2023 16:35:27) Run:1
    Running from C:\Users\penny\Desktop
    Loaded Profiles: penny & donnp
    Boot Mode: Normal
    ==============================================
    fixlist content:
    *****************
    Start::
    CreateRestorePoint:
    CloseProcesses:
    S3 Browser; %SystemRoot%\System32\browser.dll [X]
    S3 LenovoDiagnosticsDriver; \??\C:\ProgramData\Lenovo\Vantage\Addins\LenovoHardwareScanAddin\2.4.1.1\LDiagsLegacy\LenovoDiagnosticsDriver.sys [X]
    S1 WinSetupMon; system32\DRIVERS\WinSetupMon.sys [X]
    Task: {3AFAF916-374D-43F9-88C1-17A9BE1ECB01} - \Lenovo\ImController\Lenovo iM Controller Scheduled Maintenance -> No File <==== ATTENTION
    Task: {57758678-E369-456D-9FFF-441CF51D5408} - \Lenovo\ImController\Lenovo iM Controller Monitor -> No File <==== ATTENTION
    Task: {8A36633D-772B-4400-B569-18AA4DD21CA8} - \Lenovo\ImController\Plugins\LenovoSystemUpdatePlugin_WeeklyTask -> No File <==== ATTENTION
    Task: {CB3BBD49-64F5-4756-87F6-1ED35C7BB270} - System32\Tasks\Lenovo\Vantage\Schedule\VantageTelemetryAddinTask => C:\Program Files (x86)\Lenovo\VantageService\3.6.15.0\ScheduleEventAction.exe VantageTelemetryAddinTask (No File)
    Task: {CCDFC0B8-01A3-4E74-A820-4F13F51D269E} - System32\Tasks\Microsoft\Windows\Mobile Broadband Accounts\MNO Metadata Parser => %SystemRoot%\System32\MbaeParserTask.exe (No File)
    Task: {F3B9EC4C-5985-4752-B7FC-6EAE5B98FFB4} - System32\Tasks\Microsoft\Windows\UpdateOrchestrator\MusUx_UpdateInterval => %systemroot%\system32\MusNotification.exe Display (No File)
    Task: {9A09BC42-1495-4575-AF27-38F9F3016DD8} - System32\Tasks\Microsoft\Windows\UpdateOrchestrator\Reboot_AC => %systemroot%\system32\MusNotification.exe /RunOnAC RebootDialog (No File)
    Task: {4D38A469-C482-47FA-87C7-AEE5F8E65A72} - System32\Tasks\Microsoft\Windows\UpdateOrchestrator\Reboot_Battery => %systemroot%\system32\MusNotification.exe /RunOnBattery RebootDialog (No File)
    Task: {E0F10DCF-44AD-40E8-9370-FB5DA59F93FB} - System32\Tasks\Microsoft\Windows\UpdateOrchestrator\USO_UxBroker => %systemroot%\system32\MusNotification.exe (No File)
    Task: {F44D719F-C238-4240-A6E7-BA2B64B68EB8} - System32\Tasks\OneDrive Standalone Update Task-S-1-5-21-3465463654-1579146225-1964756943-1002 => %localappdata%\Microsoft\OneDrive\OneDriveStandaloneUpdater.exe (No File)
    Task: {EB097344-4802-4DB0-9D64-9F1D5F7204D5} - System32\Tasks\OneDrive Standalone Update Task-S-1-5-21-3465463654-1579146225-1964756943-500 => %localappdata%\Microsoft\OneDrive\OneDriveStandaloneUpdater.exe (No File)
    ShellIconOverlayIdentifiers: [ OneDrive1] -> {BBACC218-34EA-4666-9D7A-C78F2274A524} => -> No File
    ShellIconOverlayIdentifiers: [ OneDrive2] -> {5AB7172C-9C11-405C-8DD5-AF20F3606282} => -> No File
    ShellIconOverlayIdentifiers: [ OneDrive3] -> {A78ED123-AB77-406B-9962-2A5D9D2F7F30} => -> No File
    ShellIconOverlayIdentifiers: [ OneDrive4] -> {F241C880-6982-4CE5-8CF7-7085BA96DA5A} => -> No File
    ShellIconOverlayIdentifiers: [ OneDrive5] -> {A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E} => -> No File
    ShellIconOverlayIdentifiers: [ OneDrive6] -> {9AA2F32D-362A-42D9-9328-24A483E2CCC3} => -> No File
    ShellIconOverlayIdentifiers: [ OneDrive7] -> {C5FF006E-2AE9-408C-B85B-2DFDD5449D9C} => -> No File
    ShellIconOverlayIdentifiers-x32: [ OneDrive1] -> {BBACC218-34EA-4666-9D7A-C78F2274A524} => -> No File
    ShellIconOverlayIdentifiers-x32: [ OneDrive2] -> {5AB7172C-9C11-405C-8DD5-AF20F3606282} => -> No File
    ShellIconOverlayIdentifiers-x32: [ OneDrive3] -> {A78ED123-AB77-406B-9962-2A5D9D2F7F30} => -> No File
    ShellIconOverlayIdentifiers-x32: [ OneDrive4] -> {F241C880-6982-4CE5-8CF7-7085BA96DA5A} => -> No File
    ShellIconOverlayIdentifiers-x32: [ OneDrive5] -> {A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E} => -> No File
    ShellIconOverlayIdentifiers-x32: [ OneDrive6] -> {9AA2F32D-362A-42D9-9328-24A483E2CCC3} => -> No File
    ShellIconOverlayIdentifiers-x32: [ OneDrive7] -> {C5FF006E-2AE9-408C-B85B-2DFDD5449D9C} => -> No File
    ContextMenuHandlers4: [ FileSyncEx] -> {CB3D0F55-BC2C-4C1A-85ED-23ED75B5106B} => -> No File
    ContextMenuHandlers4: [Offline Files] -> {474C98EE-CF3D-41f5-80E3-4AAB0AB04301} => -> No File
    ContextMenuHandlers5: [ FileSyncEx] -> {CB3D0F55-BC2C-4C1A-85ED-23ED75B5106B} => -> No File
    ContextMenuHandlers6: [Offline Files] -> {474C98EE-CF3D-41f5-80E3-4AAB0AB04301} => -> No File
    FirewallRules: [{A36FC46F-4735-448E-B7D5-3A7395744AA1}] => (Allow) C:\Users\penny\AppData\Local\Temp\7zS7622\HPEasyStart\HP.EasyStart.exe => No File
    FirewallRules: [{A81694D0-FE11-400A-9C33-FC2FDA85E9F6}] => (Allow) C:\Users\penny\AppData\Local\Temp\7zS5447\HPEasyStart\HP.EasyStart.exe => No File
    FirewallRules: [{ED4B8C23-AC3C-4C6E-B40F-42DB18172164}] => (Allow) C:\Users\penny\AppData\Local\Temp\7zS3639\HP.EasyStart.exe => No File
    FirewallRules: [{3A0FEEA7-829A-41E2-BFC3-A051D12B8287}] => (Allow) C:\Users\penny\AppData\Local\Temp\7zS3C14\HPEasyStart\HP.EasyStart.exe => No File
    FirewallRules: [{3D995BFB-F10B-48E3-8EFE-51F670C3FEB6}] => (Allow) C:\Users\penny\AppData\Local\Temp\7zS439E\HPEasyStart\HP.EasyStart.exe => No File
    FirewallRules: [TCP Query User{C139FF30-CC1A-48EB-B1FA-A73622F5F07D}C:\users\penny\appdata\local\temp\7zs7b07\enterprisedu.exe] => (Allow) C:\users\penny\appdata\local\temp\7zs7b07\enterprisedu.exe => No File
    FirewallRules: [UDP Query User{26849BB0-66BD-45A0-A12F-850E31A42447}C:\users\penny\appdata\local\temp\7zs7b07\enterprisedu.exe] => (Allow) C:\users\penny\appdata\local\temp\7zs7b07\enterprisedu.exe => No File
    FirewallRules: [TCP Query User{7872DE82-8393-435E-9586-7C11606059E5}C:\users\penny\appdata\local\temp\7zs6feb\enterprisedu.exe] => (Allow) C:\users\penny\appdata\local\temp\7zs6feb\enterprisedu.exe => No File
    FirewallRules: [UDP Query User{5E8AEAB4-F45B-40F9-A6A6-8657EE29530B}C:\users\penny\appdata\local\temp\7zs6feb\enterprisedu.exe] => (Allow) C:\users\penny\appdata\local\temp\7zs6feb\enterprisedu.exe => No File
    FirewallRules: [TCP Query User{485D9288-E6E7-4750-ADA1-47E5458C331E}C:\users\penny\appdata\local\temp\7zs1a26\enterprisedu.exe] => (Allow) C:\users\penny\appdata\local\temp\7zs1a26\enterprisedu.exe => No File
    FirewallRules: [UDP Query User{BE516DE9-59B2-431F-BD86-A459B5C50556}C:\users\penny\appdata\local\temp\7zs1a26\enterprisedu.exe] => (Allow) C:\users\penny\appdata\local\temp\7zs1a26\enterprisedu.exe => No File
    FirewallRules: [{2FB80A6C-5117-4597-9D5D-61C68C616CDB}] => (Allow) C:\Users\penny\AppData\Local\Temp\7zS771F\HPEasyStart\HP.EasyStart.exe => No File
    FirewallRules: [{35CAFF0B-BC3B-4C5E-AF00-A8354CEB78E2}] => (Allow) C:\Users\penny\AppData\Local\Temp\EasySetup\74d38f81-c419-4337-9ca6-725565855ac0\FullPackage\Y20B_C1_UWC_PP-usa-inst-B1\wlan_wiz\.\wlan_assistant\waw.exe => No File
    FirewallRules: [{9B7FBDD4-4AB1-4B4D-8E88-3FF975F81944}] => (Allow) C:\Users\penny\AppData\Local\Temp\EasySetup\74d38f81-c419-4337-9ca6-725565855ac0\FullPackage\Y20B_C1_UWC_PP-usa-inst-B1\wlan_wiz\.\wlan_assistant\waw.exe => No File
    FirewallRules: [{8D40BC5B-0A0D-4D4B-A56F-C7FCB6BA22D3}] => (Allow) C:\Users\penny\AppData\Local\Temp\EasySetup\74d38f81-c419-4337-9ca6-725565855ac0\FullPackage\Y20B_C1_UWC_PP-usa-inst-B1\wlan_wiz\.\wlan_assistant\waw.exe => No File
    FirewallRules: [{101A1567-9F09-49CC-AD1A-2DA8681A277A}] => (Allow) C:\Users\penny\AppData\Local\Temp\EasySetup\74d38f81-c419-4337-9ca6-725565855ac0\FullPackage\Y20B_C1_UWC_PP-usa-inst-B1\wlan_wiz\.\wlan_assistant\waw.exe => No File
    FirewallRules: [{FE370656-73D1-4DB0-8737-021754BD03FA}] => (Allow) C:\Users\penny\AppData\Local\Temp\EasySetup\74d38f81-c419-4337-9ca6-725565855ac0\FullPackage\Y20B_C1_UWC_PP-usa-inst-B1\wlan_wiz\.\wlan_assistant\waw.exe => No File
    FirewallRules: [{D03073F4-7644-49B9-9D67-B9781FBF580B}] => (Allow) C:\Program Files\WindowsApps\Microsoft.SkypeApp_15.75.140.0_x86__kzf8qxf38zg5c\Skype\Skype.exe => No File
    FirewallRules: [{28000B34-7BF2-474D-9D5D-A15578AE25B1}] => (Allow) C:\Program Files\WindowsApps\Microsoft.SkypeApp_15.75.140.0_x86__kzf8qxf38zg5c\Skype\Skype.exe => No File
    FirewallRules: [{F2F668F5-7DD7-4809-8282-B637488776F7}] => (Allow) C:\Program Files\WindowsApps\Microsoft.SkypeApp_15.75.140.0_x86__kzf8qxf38zg5c\Skype\Skype.exe => No File
    FirewallRules: [{0648CB0F-B5CC-4C12-A3F0-3581F5704FF3}] => (Allow) C:\Program Files\WindowsApps\Microsoft.SkypeApp_15.75.140.0_x86__kzf8qxf38zg5c\Skype\Skype.exe => No File
    FirewallRules: [{B2860D58-2015-49D3-8683-993CD30B91C8}] => (Allow) C:\Program Files\WindowsApps\MicrosoftTeams_21253.510.996.1465_x64__8wekyb3d8bbwe\msteams.exe => No File
    FirewallRules: [{17EFE77D-9BB4-4BE7-A785-BE5AADA9B675}] => (Allow) C:\Program Files\WindowsApps\MicrosoftTeams_21253.510.996.1465_x64__8wekyb3d8bbwe\msteams.exe => No File
    Task: {CB3BBD49-64F5-4756-87F6-1ED35C7BB270} - System32\Tasks\Lenovo\Vantage\Schedule\VantageTelemetryAddinTask => C:\Program Files (x86)\Lenovo\VantageService\3.6.15.0\ScheduleEventAction.exe VantageTelemetryAddinTask (No File)
    Task: {CCDFC0B8-01A3-4E74-A820-4F13F51D269E} - System32\Tasks\Microsoft\Windows\Mobile Broadband Accounts\MNO Metadata Parser => %SystemRoot%\System32\MbaeParserTask.exe (No File)
    Task: {F3B9EC4C-5985-4752-B7FC-6EAE5B98FFB4} - System32\Tasks\Microsoft\Windows\UpdateOrchestrator\MusUx_UpdateInterval => %systemroot%\system32\MusNotification.exe Display (No File)
    Task: {9A09BC42-1495-4575-AF27-38F9F3016DD8} - System32\Tasks\Microsoft\Windows\UpdateOrchestrator\Reboot_AC => %systemroot%\system32\MusNotification.exe /RunOnAC RebootDialog (No File)
    Task: {4D38A469-C482-47FA-87C7-AEE5F8E65A72} - System32\Tasks\Microsoft\Windows\UpdateOrchestrator\Reboot_Battery => %systemroot%\system32\MusNotification.exe /RunOnBattery RebootDialog (No File)
    Task: {E0F10DCF-44AD-40E8-9370-FB5DA59F93FB} - System32\Tasks\Microsoft\Windows\UpdateOrchestrator\USO_UxBroker => %systemroot%\system32\MusNotification.exe (No File)
    Task: {F44D719F-C238-4240-A6E7-BA2B64B68EB8} - System32\Tasks\OneDrive Standalone Update Task-S-1-5-21-3465463654-1579146225-1964756943-1002 => %localappdata%\Microsoft\OneDrive\OneDriveStandaloneUpdater.exe (No File)
    Task: {EB097344-4802-4DB0-9D64-9F1D5F7204D5} - System32\Tasks\OneDrive Standalone Update Task-S-1-5-21-3465463654-1579146225-1964756943-500 => %localappdata%\Microsoft\OneDrive\OneDriveStandaloneUpdater.exe (No File)
    HKLM\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate: Restriction <==== ATTENTION
    Task: {3AFAF916-374D-43F9-88C1-17A9BE1ECB01} - \Lenovo\ImController\Lenovo iM Controller Scheduled Maintenance -> No File <==== ATTENTION
    Task: {57758678-E369-456D-9FFF-441CF51D5408} - \Lenovo\ImController\Lenovo iM Controller Monitor -> No File <==== ATTENTION
    Task: {8A36633D-772B-4400-B569-18AA4DD21CA8} - \Lenovo\ImController\Plugins\LenovoSystemUpdatePlugin_WeeklyTask -> No File <==== ATTENTION
    Task: {3AFAF916-374D-43F9-88C1-17A9BE1ECB01} - \Lenovo\ImController\Lenovo iM Controller Scheduled Maintenance -> No File <==== ATTENTION
    Task: {57758678-E369-456D-9FFF-441CF51D5408} - \Lenovo\ImController\Lenovo iM Controller Monitor -> No File <==== ATTENTION
    Task: {8A36633D-772B-4400-B569-18AA4DD21CA8} - \Lenovo\ImController\Plugins\LenovoSystemUpdatePlugin_WeeklyTask -> No File <==== ATTENTION
    SearchScopes: HKU\S-1-5-21-3465463654-1579146225-1964756943-1001 -> DefaultScope {29C23E05-C2CA-4EEB-ADDF-E5B3F0CCB9B6} URL =
    SearchScopes: HKU\S-1-5-21-3465463654-1579146225-1964756943-1001 -> {29C23E05-C2CA-4EEB-ADDF-E5B3F0CCB9B6} URL =
    ExportKey: HKLM\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate
    cmd: sfc /scannow
    cmd: DISM /Online /Cleanup-Image /CheckHealth
    End::
    *****************
    Restore point was successfully created.
    Processes closed successfully.
    HKLM\System\CurrentControlSet\Services\Browser => removed successfully
    Browser => service removed successfully
    HKLM\System\CurrentControlSet\Services\LenovoDiagnosticsDriver => removed successfully
    LenovoDiagnosticsDriver => service removed successfully
    HKLM\System\CurrentControlSet\Services\WinSetupMon => removed successfully
    WinSetupMon => service removed successfully
    "HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{3AFAF916-374D-43F9-88C1-17A9BE1ECB01}" => removed successfully
    "HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{3AFAF916-374D-43F9-88C1-17A9BE1ECB01}" => removed successfully
    "HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Lenovo\ImController\Lenovo iM Controller Scheduled Maintenance" => removed successfully
    "HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{57758678-E369-456D-9FFF-441CF51D5408}" => removed successfully
    "HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{57758678-E369-456D-9FFF-441CF51D5408}" => removed successfully
    "HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Lenovo\ImController\Lenovo iM Controller Monitor" => removed successfully
    "HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{8A36633D-772B-4400-B569-18AA4DD21CA8}" => removed successfully
    "HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{8A36633D-772B-4400-B569-18AA4DD21CA8}" => removed successfully
    "HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Lenovo\ImController\Plugins\LenovoSystemUpdatePlugin_WeeklyTask" => removed successfully
    "HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{CB3BBD49-64F5-4756-87F6-1ED35C7BB270}" => removed successfully
    "HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{CB3BBD49-64F5-4756-87F6-1ED35C7BB270}" => removed successfully
    C:\WINDOWS\System32\Tasks\Lenovo\Vantage\Schedule\VantageTelemetryAddinTask => moved successfully
    "HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Lenovo\Vantage\Schedule\VantageTelemetryAddinTask" => removed successfully
    "HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{CCDFC0B8-01A3-4E74-A820-4F13F51D269E}" => removed successfully
    "HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{CCDFC0B8-01A3-4E74-A820-4F13F51D269E}" => removed successfully
    C:\WINDOWS\System32\Tasks\Microsoft\Windows\Mobile Broadband Accounts\MNO Metadata Parser => moved successfully
    "HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Mobile Broadband Accounts\MNO Metadata Parser" => removed successfully
    "HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{F3B9EC4C-5985-4752-B7FC-6EAE5B98FFB4}" => removed successfully
    "HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{F3B9EC4C-5985-4752-B7FC-6EAE5B98FFB4}" => removed successfully
    C:\WINDOWS\System32\Tasks\Microsoft\Windows\UpdateOrchestrator\MusUx_UpdateInterval => moved successfully
    "HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\UpdateOrchestrator\MusUx_UpdateInterval" => removed successfully
    "HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{9A09BC42-1495-4575-AF27-38F9F3016DD8}" => removed successfully
    "HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{9A09BC42-1495-4575-AF27-38F9F3016DD8}" => removed successfully
    C:\WINDOWS\System32\Tasks\Microsoft\Windows\UpdateOrchestrator\Reboot_AC => moved successfully
    "HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\UpdateOrchestrator\Reboot_AC" => removed successfully
    "HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{4D38A469-C482-47FA-87C7-AEE5F8E65A72}" => removed successfully
    "HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{4D38A469-C482-47FA-87C7-AEE5F8E65A72}" => removed successfully
    C:\WINDOWS\System32\Tasks\Microsoft\Windows\UpdateOrchestrator\Reboot_Battery => moved successfully
    "HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\UpdateOrchestrator\Reboot_Battery" => removed successfully
    "HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{E0F10DCF-44AD-40E8-9370-FB5DA59F93FB}" => removed successfully
    "HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{E0F10DCF-44AD-40E8-9370-FB5DA59F93FB}" => removed successfully
    C:\WINDOWS\System32\Tasks\Microsoft\Windows\UpdateOrchestrator\USO_UxBroker => moved successfully
    "HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\UpdateOrchestrator\USO_UxBroker" => removed successfully
    "HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{F44D719F-C238-4240-A6E7-BA2B64B68EB8}" => removed successfully
    "HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{F44D719F-C238-4240-A6E7-BA2B64B68EB8}" => removed successfully
    C:\WINDOWS\System32\Tasks\OneDrive Standalone Update Task-S-1-5-21-3465463654-1579146225-1964756943-1002 => moved successfully
    "HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\OneDrive Standalone Update Task-S-1-5-21-3465463654-1579146225-1964756943-1002" => removed successfully
    "HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{EB097344-4802-4DB0-9D64-9F1D5F7204D5}" => removed successfully
    "HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{EB097344-4802-4DB0-9D64-9F1D5F7204D5}" => removed successfully
    C:\WINDOWS\System32\Tasks\OneDrive Standalone Update Task-S-1-5-21-3465463654-1579146225-1964756943-500 => moved successfully
    "HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\OneDrive Standalone Update Task-S-1-5-21-3465463654-1579146225-1964756943-500" => removed successfully
    HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\ OneDrive1 => removed successfully
    HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\ OneDrive2 => removed successfully
    HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\ OneDrive3 => removed successfully
    HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\ OneDrive4 => removed successfully
    HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\ OneDrive5 => removed successfully
    HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\ OneDrive6 => removed successfully
    HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\ OneDrive7 => removed successfully
    HKLM\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\ OneDrive1 => removed successfully
    HKLM\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\ OneDrive2 => removed successfully
    HKLM\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\ OneDrive3 => removed successfully
    HKLM\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\ OneDrive4 => removed successfully
    HKLM\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\ OneDrive5 => removed successfully
    HKLM\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\ OneDrive6 => removed successfully
    HKLM\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\ OneDrive7 => removed successfully
    HKLM\Software\Classes\Directory\ShellEx\ContextMenuHandlers\ FileSyncEx => removed successfully
    HKLM\Software\Classes\Directory\ShellEx\ContextMenuHandlers\Offline Files => removed successfully
    HKLM\Software\Classes\Directory\Background\ShellEx\ContextMenuHandlers\ FileSyncEx => removed successfully
    HKLM\Software\Classes\Folder\ShellEx\ContextMenuHandlers\Offline Files => removed successfully
    "HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{A36FC46F-4735-448E-B7D5-3A7395744AA1}" => removed successfully
    "HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{A81694D0-FE11-400A-9C33-FC2FDA85E9F6}" => removed successfully
    "HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{ED4B8C23-AC3C-4C6E-B40F-42DB18172164}" => removed successfully
    "HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{3A0FEEA7-829A-41E2-BFC3-A051D12B8287}" => removed successfully
    "HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{3D995BFB-F10B-48E3-8EFE-51F670C3FEB6}" => removed successfully
    "HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\TCP Query User{C139FF30-CC1A-48EB-B1FA-A73622F5F07D}C:\users\penny\appdata\local\temp\7zs7b07\enterprisedu.exe" => removed successfully
    "HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\UDP Query User{26849BB0-66BD-45A0-A12F-850E31A42447}C:\users\penny\appdata\local\temp\7zs7b07\enterprisedu.exe" => removed successfully
    "HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\TCP Query User{7872DE82-8393-435E-9586-7C11606059E5}C:\users\penny\appdata\local\temp\7zs6feb\enterprisedu.exe" => removed successfully
    "HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\UDP Query User{5E8AEAB4-F45B-40F9-A6A6-8657EE29530B}C:\users\penny\appdata\local\temp\7zs6feb\enterprisedu.exe" => removed successfully
    "HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\TCP Query User{485D9288-E6E7-4750-ADA1-47E5458C331E}C:\users\penny\appdata\local\temp\7zs1a26\enterprisedu.exe" => removed successfully
    "HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\UDP Query User{BE516DE9-59B2-431F-BD86-A459B5C50556}C:\users\penny\appdata\local\temp\7zs1a26\enterprisedu.exe" => removed successfully
    "HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{2FB80A6C-5117-4597-9D5D-61C68C616CDB}" => removed successfully
    "HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{35CAFF0B-BC3B-4C5E-AF00-A8354CEB78E2}" => removed successfully
    "HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{9B7FBDD4-4AB1-4B4D-8E88-3FF975F81944}" => removed successfully
    "HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{8D40BC5B-0A0D-4D4B-A56F-C7FCB6BA22D3}" => removed successfully
    "HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{101A1567-9F09-49CC-AD1A-2DA8681A277A}" => removed successfully
    "HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{FE370656-73D1-4DB0-8737-021754BD03FA}" => removed successfully
    "HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{D03073F4-7644-49B9-9D67-B9781FBF580B}" => removed successfully
    "HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{28000B34-7BF2-474D-9D5D-A15578AE25B1}" => removed successfully
    "HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{F2F668F5-7DD7-4809-8282-B637488776F7}" => removed successfully
    "HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{0648CB0F-B5CC-4C12-A3F0-3581F5704FF3}" => removed successfully
    "HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{B2860D58-2015-49D3-8683-993CD30B91C8}" => removed successfully
    "HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{17EFE77D-9BB4-4BE7-A785-BE5AADA9B675}" => removed successfully
    "HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{CB3BBD49-64F5-4756-87F6-1ED35C7BB270}" => not found
    "C:\WINDOWS\System32\Tasks\Lenovo\Vantage\Schedule\VantageTelemetryAddinTask" => not found
    "HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Lenovo\Vantage\Schedule\VantageTelemetryAddinTask" => not found
    "HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{CCDFC0B8-01A3-4E74-A820-4F13F51D269E}" => not found
    "C:\WINDOWS\System32\Tasks\Microsoft\Windows\Mobile Broadband Accounts\MNO Metadata Parser" => not found
    "HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Mobile Broadband Accounts\MNO Metadata Parser" => not found
    "HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{F3B9EC4C-5985-4752-B7FC-6EAE5B98FFB4}" => not found
    "C:\WINDOWS\System32\Tasks\Microsoft\Windows\UpdateOrchestrator\MusUx_UpdateInterval" => not found
    "HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\UpdateOrchestrator\MusUx_UpdateInterval" => not found
    "HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{9A09BC42-1495-4575-AF27-38F9F3016DD8}" => not found
    "C:\WINDOWS\System32\Tasks\Microsoft\Windows\UpdateOrchestrator\Reboot_AC" => not found
    "HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\UpdateOrchestrator\Reboot_AC" => not found
    "HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{4D38A469-C482-47FA-87C7-AEE5F8E65A72}" => not found
    "C:\WINDOWS\System32\Tasks\Microsoft\Windows\UpdateOrchestrator\Reboot_Battery" => not found
    "HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\UpdateOrchestrator\Reboot_Battery" => not found
    "HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{E0F10DCF-44AD-40E8-9370-FB5DA59F93FB}" => not found
    "C:\WINDOWS\System32\Tasks\Microsoft\Windows\UpdateOrchestrator\USO_UxBroker" => not found
    "HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\UpdateOrchestrator\USO_UxBroker" => not found
    "HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{F44D719F-C238-4240-A6E7-BA2B64B68EB8}" => not found
    "C:\WINDOWS\System32\Tasks\OneDrive Standalone Update Task-S-1-5-21-3465463654-1579146225-1964756943-1002" => not found
    "HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\OneDrive Standalone Update Task-S-1-5-21-3465463654-1579146225-1964756943-1002" => not found
    "HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{EB097344-4802-4DB0-9D64-9F1D5F7204D5}" => not found
    "C:\WINDOWS\System32\Tasks\OneDrive Standalone Update Task-S-1-5-21-3465463654-1579146225-1964756943-500" => not found
    "HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\OneDrive Standalone Update Task-S-1-5-21-3465463654-1579146225-1964756943-500" => not found
    HKLM\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate => removed successfully
    "HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{3AFAF916-374D-43F9-88C1-17A9BE1ECB01}" => not found
    "HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Lenovo\ImController\Lenovo iM Controller Scheduled Maintenance" => not found
    "HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{57758678-E369-456D-9FFF-441CF51D5408}" => not found
    "HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Lenovo\ImController\Lenovo iM Controller Monitor" => not found
    "HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{8A36633D-772B-4400-B569-18AA4DD21CA8}" => not found
    "HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Lenovo\ImController\Plugins\LenovoSystemUpdatePlugin_WeeklyTask" => not found
    "HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{3AFAF916-374D-43F9-88C1-17A9BE1ECB01}" => not found
    "HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Lenovo\ImController\Lenovo iM Controller Scheduled Maintenance" => not found
    "HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{57758678-E369-456D-9FFF-441CF51D5408}" => not found
    "HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Lenovo\ImController\Lenovo iM Controller Monitor" => not found
    "HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{8A36633D-772B-4400-B569-18AA4DD21CA8}" => not found
    "HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Lenovo\ImController\Plugins\LenovoSystemUpdatePlugin_WeeklyTask" => not found
    "HKU\S-1-5-21-3465463654-1579146225-1964756943-1001\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope" => removed successfully
    HKU\S-1-5-21-3465463654-1579146225-1964756943-1001\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{29C23E05-C2CA-4EEB-ADDF-E5B3F0CCB9B6} => removed successfully
    ================== ExportKey: ===================
    [HKLM\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate]
    "HKLM\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate" => not found
    ========= sfc /scannow =========
    Beginning system scan. This process will take some time.
    Beginning verification phase of system scan.
    Verification 0% complete.
    Verification 1% complete.
    Verification 1% complete.
    Verification 2% complete.
    Verification 3% complete.
    Verification 3% complete.
    Verification 4% complete.
    Verification 5% complete.
    Verification 5% complete.
    Verification 6% complete.
    Verification 7% complete.
    Verification 7% complete.
    Verification 8% complete.
    Verification 9% complete.
    Verification 9% complete.
    Verification 10% complete.
    Verification 10% complete.
    Verification 11% complete.
    Verification 12% complete.
    Verification 12% complete.
    Verification 13% complete.
    Verification 14% complete.
    Verification 14% complete.
    Verification 15% complete.
    Verification 16% complete.
    Verification 16% complete.
    Verification 17% complete.
    Verification 18% complete.
    Verification 18% complete.
    Verification 19% complete.
    Verification 20% complete.
    Verification 20% complete.
    Verification 21% complete.
    Verification 21% complete.
    Verification 22% complete.
    Verification 23% complete.
    Verification 23% complete.
    Verification 24% complete.
    Verification 25% complete.
    Verification 25% complete.
    Verification 26% complete.
    Verification 27% complete.
    Verification 27% complete.
    Verification 28% complete.
    Verification 29% complete.
    Verification 29% complete.
    Verification 30% complete.
    Verification 31% complete.
    Verification 31% complete.
    Verification 32% complete.
    Verification 32% complete.
    Verification 33% complete.
    Verification 34% complete.
    Verification 34% complete.
    Verification 35% complete.
    Verification 36% complete.
    Verification 36% complete.
    Verification 37% complete.
    Verification 38% complete.
    Verification 38% complete.
    Verification 39% complete.
    Verification 40% complete.
    Verification 40% complete.
    Verification 41% complete.
    Verification 42% complete.
    Verification 42% complete.
    Verification 43% complete.
    Verification 43% complete.
    Verification 44% complete.
    Verification 45% complete.
    Verification 45% complete.
    Verification 46% complete.
    Verification 47% complete.
    Verification 47% complete.
    Verification 48% complete.
    Verification 49% complete.
    Verification 49% complete.
    Verification 50% complete.
    Verification 51% complete.
    Verification 51% complete.
    Verification 52% complete.
    Verification 52% complete.
    Verification 53% complete.
    Verification 54% complete.
    Verification 54% complete.
    Verification 55% complete.
    Verification 56% complete.
    Verification 56% complete.
    Verification 57% complete.
    Verification 58% complete.
    Verification 58% complete.
    Verification 59% complete.
    Verification 60% complete.
    Verification 60% complete.
    Verification 61% complete.
    Verification 62% complete.
    Verification 62% complete.
    Verification 63% complete.
    Verification 63% complete.
    Verification 64% complete.
    Verification 65% complete.
    Verification 65% complete.
    Verification 66% complete.
    Verification 67% complete.
    Verification 67% complete.
    Verification 68% complete.
    Verification 69% complete.
    Verification 69% complete.
    Verification 70% complete.
    Verification 71% complete.
    Verification 71% complete.
    Verification 72% complete.
    Verification 73% complete.
    Verification 73% complete.
    Verification 74% complete.
    Verification 74% complete.
    Verification 75% complete.
    Verification 76% complete.
    Verification 76% complete.
    Verification 77% complete.
    Verification 78% complete.
    Verification 78% complete.
    Verification 79% complete.
    Verification 80% complete.
    Verification 80% complete.
    Verification 81% complete.
    Verification 82% complete.
    Verification 82% complete.
    Verification 83% complete.
    Verification 84% complete.
    Verification 84% complete.
    Verification 85% complete.
    Verification 85% complete.
    Verification 86% complete.
    Verification 87% complete.
    Verification 87% complete.
    Verification 88% complete.
    Verification 89% complete.
    Verification 89% complete.
    Verification 90% complete.
    Verification 91% complete.
    Verification 91% complete.
    Verification 92% complete.
    Verification 93% complete.
    Verification 93% complete.
    Verification 94% complete.
    Verification 95% complete.
    Verification 95% complete.
    Verification 96% complete.
    Verification 96% complete.
    Verification 97% complete.
    Verification 98% complete.
    Verification 98% complete.
    Verification 99% complete.
    Verification 100% complete.
    Windows Resource Protection found corrupt files and successfully repaired them.
    For online repairs, details are included in the CBS log file located at
    windir\Logs\CBS\CBS.log. For example C:\Windows\Logs\CBS\CBS.log. For offline
    repairs, details are included in the log file provided by the /OFFLOGFILE flag.
    ========= End of CMD: =========
    ========= DISM /Online /Cleanup-Image /CheckHealth =========
    Deployment Image Servicing and Management tool
    Version: 10.0.22621.1
    Image Version: 10.0.22621.2428
    No component store corruption detected.
    The operation completed successfully.
    ========= End of CMD: =========
    The system needed a reboot.
    ==== End of Fixlog 17:07:51 ====
     
    Donmg49, Oct 23, 2023
    #9
  10. Oh My!

    Oh My! Malware Expert Staff Member

    Thank you.

    The process repaired some corrupt Windows files. Everything else looks good.

    Are things still running well?
     
    Oh My!, Oct 23, 2023
    #10
  11. Donmg49

    Donmg49 Private E-2

    Yes, the laptop is still running well. Thank you for your help.
     
    Donmg49, Oct 23, 2023
    #11
  12. Oh My!

    Oh My! Malware Expert Staff Member

    You are quite welcome. We will wrap this up but if something comes up feel free to post your concern.

    Here is our final step and some additional information to consider.

    ===================================================

    KpRm by Kernel-panik

    --------------
    • Download KpRm and save it to your Desktop (see here if you must use Chrome)
    • Note: If the file is detected as malware it is not and it is safe to download. The detection is a false positive.
    • Right click on the icon and select Run as administrator
    • Click Yes on the Disclaimer
    • Place a check mark in Delete Tools, Create Restore Point, and Delete in 7 days
    • Click Run
    • Click OK on All operations are completed
    • KpRm will delete itself from you Desktop and you can either save or remove the report that is generated
    • You are free to remove any other tools/reports still remaining
    ===================================================

    All Clean!

    --------------

    Your computer is now clean. Please consider this going forward.

    ===================================================

    Please take the time to read below on how to secure the machine and take the necessary steps to keep it clean.

    Thank you for placing your trust in Major Geeks. It was a pleasure serving you.
     
    Oh My!, Oct 23, 2023
    #12

MajorGeeks.Com Menu

Downloads All In One Tweaks \ Android \ Anti-Malware \ Anti-Virus \ Appearance \ Backup \ Browsers \ CD\DVD\Blu-Ray \ Covert Ops \ Drive Utilities \ Drivers \ Graphics \ Internet Tools \ Multimedia \ Networking \ Office Tools \ PC Games \ System Tools \ Mac/Apple/Ipad Downloads

Other News: Top Downloads \ News (Tech) \ Off Base (Other Websites News) \ Way Off Base (Offbeat Stories and Pics)

Social: Facebook \ YouTube \ Twitter \ Tumblr \ Pintrest \ RSS Feeds