-
June 1st, 2022, 05:58 PM
#1
PC is slow to boot and run programs
I am using a Lenovo Ideapad Y700-15ACZ
Processor AMD FX-8800P Radeon R7, 12 Compute Cores 4C+8G 2.10 GHz, with 8GB ram
It has become a snail to boot up and run programs.
FRST log part 1
==================== Processes (Whitelisted) =================
(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
(atiesrxx.exe ->) (Advanced Micro Devices, Inc. -> AMD) C:\Windows\System32\atieclxx.exe
(Avast Software s.r.o. -> AVAST Software) C:\Program Files (x86)\AVAST Software\Browser\Update\1.8.1065.0\AvastBrowserCrashHandler.exe
(Avast Software s.r.o. -> AVAST Software) C:\Program Files (x86)\AVAST Software\Browser\Update\1.8.1065.0\AvastBrowserCrashHandler64.exe
(Avast Software s.r.o. -> AVAST Software) C:\Program Files\Avast Software\Avast\AvastUI.exe <6>
(C:\Program Files (x86)\Lenovo\VantageService\3.12.13.0\LenovoVantageService.exe ->) (Lenovo -> Lenovo Group Ltd.) C:\Program Files (x86)\Lenovo\VantageService\3.12.13.0\LenovoVantage-(DeviceSettingsSystemAddin).exe
(C:\Program Files (x86)\Lenovo\VantageService\3.12.13.0\LenovoVantageService.exe ->) (Lenovo -> Lenovo Group Ltd.) C:\Program Files (x86)\Lenovo\VantageService\3.12.13.0\LenovoVantage-(LenovoBoostAddin).exe
(C:\Program Files (x86)\Lenovo\VantageService\3.12.13.0\LenovoVantageService.exe ->) (Lenovo -> Lenovo Group Ltd.) C:\Program Files (x86)\Lenovo\VantageService\3.12.13.0\LenovoVantage-(LenovoBoostSystemAddin).exe
(C:\Program Files (x86)\Lenovo\VantageService\3.12.13.0\LenovoVantageService.exe ->) (Lenovo -> Lenovo Group Ltd.) C:\Program Files (x86)\Lenovo\VantageService\3.12.13.0\LenovoVantage-(LenovoServiceBridgeAddin).exe
(C:\Program Files (x86)\Lenovo\VantageService\3.12.13.0\LenovoVantageService.exe ->) (Lenovo -> Lenovo Group Ltd.) C:\Program Files (x86)\Lenovo\VantageService\3.12.13.0\LenovoVantage-(SmartInteractAddin).exe
(C:\Program Files (x86)\Lenovo\VantageService\3.12.13.0\LenovoVantageService.exe ->) (Lenovo -> Lenovo Group Ltd.) C:\Program Files (x86)\Lenovo\VantageService\3.12.13.0\LenovoVantage-(VantageCoreAddin).exe
(C:\Program Files\Avast Software\Avast\AvastSvc.exe ->) (Avast Software s.r.o. -> AVAST Software) C:\Program Files\Avast Software\Avast\aswEngSrv.exe
(C:\Program Files\Avast Software\Avast\AvastSvc.exe ->) (Avast Software s.r.o. -> AVAST Software) C:\Program Files\Avast Software\Avast\AvBugReport.exe
(C:\Program Files\Elantech\ETDCtrl.exe ->) (ELAN Microelectronics Corporation -> ELAN Microelectronics Corp.) C:\Program Files\Elantech\ETDCtrlHelper.exe
(C:\Program Files\Elantech\ETDCtrl.exe ->) (ELAN Microelectronics Corporation -> ELAN Microelectronics Corp.) C:\Program Files\Elantech\ETDIntelligent.exe
(C:\Program Files\Elantech\ETDService.exe ->) (ELAN Microelectronics Corporation -> ELAN Microelectronics Corp.) C:\Program Files\Elantech\ETDCtrl.exe
(C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe ->) (Malwarebytes Inc. -> Malwarebytes) C:\Program Files\Malwarebytes\Anti-Malware\mbamtray.exe
(C:\Users\molli\AppData\Local\Programs\RingCentral\RingCentral.exe ->) (RingCentral, Inc. -> RingCentral) C:\Users\molli\AppData\Local\Programs\RingCentral\resources\win\bin\Meetings.exe <4>
(C:\Users\molli\AppData\Roaming\uTorrent\uTorrent.exe ->) (BitTorrent Inc -> BitTorrent Inc.) C:\Users\molli\AppData\Roaming\uTorrent\helper\helper.exe
(C:\Users\molli\AppData\Roaming\uTorrent\uTorrent.exe ->) (BitTorrent Inc -> BitTorrent Inc.) C:\Users\molli\AppData\Roaming\uTorrent\updates\3.5.5_46248\utorrentie.exe <2>
(C:\Windows\Lenovo\ImController\Service\Lenovo.Modern.ImController.exe ->) (Lenovo -> Lenovo Group Ltd.) C:\Windows\Lenovo\ImController\PluginHost\Lenovo.Modern.ImController.PluginHost.SettingsApp.exe <4>
(Dropbox, Inc -> Dropbox, Inc.) C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe
(explorer.exe ->) (BitTorrent Inc -> BitTorrent Inc.) C:\Users\molli\AppData\Roaming\uTorrent\uTorrent.exe
(explorer.exe ->) (Google LLC -> Google LLC) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe <13>
(explorer.exe ->) (HP Inc -> HP Inc.) C:\Program Files\HP\HP OfficeJet 8010 series\Bin\ScanToPCActivationApp.exe
(explorer.exe ->) (Parallels International GmbH -> Parallels International GmbH.) C:\Program Files\Parallels\Client\APPServerClient.exe
(LENOVO -> Lenovo) C:\Program Files\Lenovo\Lenovo Solution Center\LSCNotify.exe
(Microsoft Corporation -> Microsoft Corporation) C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe <2>
(MusNotification.exe ->) (Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\MusNotificationUx.exe
(RingCentral, Inc. -> RingCentral) C:\Users\molli\AppData\Local\Programs\RingCentral\RingCentral.exe <6>
(services.exe ->) (Adobe Inc. -> Adobe Inc.) C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
(services.exe ->) (Advanced Micro Devices, Inc. -> AMD) C:\Windows\System32\atiesrxx.exe
(services.exe ->) (Avast Software s.r.o. -> AVAST Software) C:\Program Files\Avast Software\Avast\aswidsagent.exe
(services.exe ->) (Avast Software s.r.o. -> AVAST Software) C:\Program Files\Avast Software\Avast\aswToolsSvc.exe
(services.exe ->) (Avast Software s.r.o. -> AVAST Software) C:\Program Files\Avast Software\Avast\AvastSvc.exe
(services.exe ->) (Avast Software s.r.o. -> AVAST Software) C:\Program Files\Avast Software\Avast\wsc_proxy.exe
(services.exe ->) (Dolby Laboratories, Inc. -> Dolby Laboratories, Inc.) C:\Program Files\Dolby\Dolby DAX2\DAX2_API\DolbyDAX2API.exe
(services.exe ->) (Dropbox, Inc -> Dropbox, Inc.) C:\Windows\System32\DbxSvc.exe
(services.exe ->) (ELAN Microelectronics Corporation -> ELAN Microelectronics Corp.) C:\Program Files\Elantech\ETDService.exe
(services.exe ->) (HP Inc. -> HP Inc.) C:\Program Files (x86)\Hewlett-Packard\HP Support Solutions\HPSupportSolutionsFrameworkService.exe
(services.exe ->) (HP Inc. -> HP Inc.) C:\Program Files\HPPrintScanDoctor\HPPrintScanDoctorService.exe
(services.exe ->) (Lenovo -> Lenovo Group Ltd.) C:\Program Files (x86)\Lenovo\VantageService\3.12.13.0\LenovoVantageService.exe
(services.exe ->) (Lenovo -> Lenovo Group Ltd.) C:\Windows\Lenovo\ImController\Service\Lenovo.Modern.ImController.exe <5>
(services.exe ->) (Malwarebytes Inc. -> Malwarebytes) C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe
(services.exe ->) (Microsoft Corporation -> Microsoft Corporation) C:\Program Files\Microsoft Office 15\ClientX64\officeclicktorun.exe
(services.exe ->) (Microsoft Windows Hardware Compatibility Publisher -> Realtek Semiconductor Corp.) C:\Windows\RtkBtManServ.exe
(services.exe ->) (Microsoft Windows Publisher -> Microsoft Corporation) C:\Windows\SysWOW64\svchost.exe <2>
(services.exe ->) (Parallels International GmbH -> Parallels International GmbH.) C:\Program Files\Parallels\Client\x86\TuxWinClientService.exe
(services.exe ->) (TeamViewer Germany GmbH -> TeamViewer Germany GmbH) C:\Program Files\TeamViewer\TeamViewer_Service.exe
(sihost.exe ->) (Microsoft Corporation) C:\Program Files\WindowsApps\Microsoft.MSPaint_6.2203.1037.0_x64__8wekyb3d8bbwe\PaintStudio.View.exe
(svchost.exe ->) (Adobe Inc. -> Adobe Inc.) C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe
(svchost.exe ->) (Avast Software s.r.o. -> AVAST Software) C:\Program Files (x86)\AVAST Software\Browser\Application\AvastBrowser.exe <6>
(svchost.exe ->) (Avast Software s.r.o. -> AVAST Software) C:\Program Files (x86)\AVAST Software\Browser\Update\AvastBrowserUpdate.exe
(svchost.exe ->) (Google Inc -> Google Inc.) C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
(svchost.exe ->) (HP Inc. -> HP Inc.) C:\Program Files (x86)\Hewlett-Packard\HP Support Solutions\Modules\HPSFReport.exe
(svchost.exe ->) (HP Inc. -> HP Inc.) C:\Program Files (x86)\Hewlett-Packard\HP Support Solutions\Modules\HPSSFUpdater.exe
(svchost.exe ->) (HP Inc. -> HP Inc.) C:\Program Files\HP\HP OfficeJet 8010 series\Bin\HPNetworkCommunicatorCom.exe
(svchost.exe ->) (Lenovo (Beijing) Limited -> Lenovo Group Limited) C:\Users\molli\AppData\Local\Programs\Lenovo\Lenovo Service Bridge\LSBUpdater.exe
(svchost.exe ->) (Lenovo -> Lenovo Group Ltd.) C:\ProgramData\Lenovo\ImController\Plugins\LenovoBatteryGaugePackage\x64\BGHelper.exe
(svchost.exe ->) (LENOVO -> Lenovo) C:\Program Files (x86)\Lenovo\Customer Feedback Program\Lenovo.TVT.CustomerFeedback.Agent.exe
(svchost.exe ->) (LENOVO -> Lenovo) C:\Program Files (x86)\Lenovo\REACHit\REACHitAgent.exe
(svchost.exe ->) (Microsoft Corporation -> Microsoft Corporation) C:\Program Files\Microsoft Office 15\root\office15\msoia.exe <2>
(svchost.exe ->) (Microsoft Corporation) C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_16005.14326.20970.0_x64__8wekyb3d8bbwe\HxTsr.exe
(svchost.exe ->) (Microsoft Windows -> Microsoft Corporation) C:\Program Files\RUXIM\PLUGScheduler.exe
(svchost.exe ->) (Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\CompatTelRunner.exe <2>
(svchost.exe ->) (Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\DeviceCensus.exe
(svchost.exe ->) (Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\dllhost.exe
(svchost.exe ->) (Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\MoUsoCoreWorker.exe
(svchost.exe ->) (Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\MusNotification.exe
(svchost.exe ->) (Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\smartscreen.exe
==================== Registry (Whitelisted) ===================
(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
HKLM\...\Run: [RTHDVCPL] => C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [18374632 2017-05-18] (Realtek Semiconductor Corp. -> Realtek Semiconductor)
HKLM\...\Run: [RtHDVBg_Dolby] => C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe [1488360 2017-05-18] (Realtek Semiconductor Corp. -> Realtek Semiconductor)
HKLM\...\Run: [RtHDVBg_LENOVO_DOLBYDRAGON] => C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe [1488360 2017-05-18] (Realtek Semiconductor Corp. -> Realtek Semiconductor)
HKLM\...\Run: [RtHDVBg_LENOVO_MICPKEY] => C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe [1488360 2017-05-18] (Realtek Semiconductor Corp. -> Realtek Semiconductor)
HKLM\...\Run: [LenovoUtility] => C:\Program Files\Lenovo\LenovoUtility\utility.exe [791848 2015-11-28] (LENOVO -> )
HKLM\...\Run: [BtServer] => C:\Program Files (x86)\REALTEK\Realtek Bluetooth\BTServer.exe [230104 2015-07-11] (Realtek Semiconductor Corp -> Realtek Semiconductor Corporation)
HKLM\...\Run: [DAX2_APP] => C:\Program Files\Dolby\Dolby DAX2\DAX2_APP\DolbyDAX2TrayIcon.exe [628736 2015-06-16] () [File not signed]
HKLM\...\Run: [AvastUI.exe] => C:\Program Files\Avast Software\Avast\AvLaunch.exe [212816 2022-05-16] (Avast Software s.r.o. -> AVAST Software)
HKLM-x32\...\Run: [CLMLServer_For_P2G8] => C:\Program Files (x86)\Lenovo\Power2Go\CLMLSvc_P2G8.exe [110008 2015-07-21] (CyberLink Corp. -> CyberLink)
HKLM-x32\...\Run: [CLVirtualDrive] => C:\Program Files (x86)\Lenovo\Power2Go\VirtualDrive.exe [492472 2015-07-21] (CyberLink Corp. -> CyberLink Corp.)
HKLM-x32\...\Run: [HP Software Update] => C:\Program Files (x86)\HP\HP Software Update\HPWuSchd2.exe [96056 2013-05-30] (Hewlett-Packard Company -> Hewlett-Packard)
HKLM-x32\...\Run: [Dropbox] => C:\Program Files (x86)\Dropbox\Client\Dropbox.exe [10586448 2022-05-21] (Dropbox, Inc -> Dropbox, Inc.)
HKLM-x32\...\Run: [WDDiscovery] => C:\Program Files (x86)\Western Digital\Discovery\Current\WD Discovery.exe [81359872 2021-07-31] (Western Digital Corporation) [File not signed]
HKU\S-1-5-21-3805500227-4192919812-1505005631-1002\...\Run: [BlueCoreInterfaceTrayApp] => C:\Program Files (x86)\Cardo Updater\CardoUpdater.exe [853912 2016-12-11] (Cardo Systems Inc -> )
HKU\S-1-5-21-3805500227-4192919812-1505005631-1002\...\Run: [Skype for Desktop] => C:\Program Files (x86)\Microsoft\Skype for Desktop\Skype.exe [116060056 2022-04-12] (Skype Software Sarl -> Skype Technologies S.A.)
HKU\S-1-5-21-3805500227-4192919812-1505005631-1002\...\Run: [HP OfficeJet 8010 series (NET)] => C:\Program Files\HP\HP OfficeJet 8010 series\Bin\ScanToPCActivationApp.exe [4075072 2021-03-29] (HP Inc -> HP Inc.)
HKU\S-1-5-21-3805500227-4192919812-1505005631-1002\...\Run: [ut] => C:\Users\molli\AppData\Roaming\uTorrent\uTorrent.exe [2103968 2022-04-13] (BitTorrent Inc -> BitTorrent Inc.)
HKU\S-1-5-21-3805500227-4192919812-1505005631-1002\...\MountPoints2: {5d469f1f-db53-11ec-9e1f-507b9d76ffe2} - "E:\HiSuiteDownLoader.exe"
HKU\S-1-5-21-3805500227-4192919812-1505005631-1002\...\MountPoints2: {76246a4f-d02f-11eb-9dc7-507b9d76ffe2} - "E:\HiSuiteDownLoader.exe"
HKU\S-1-5-21-3805500227-4192919812-1505005631-1002\...\MountPoints2: {9d8973b1-8551-11ec-9df5-507b9d76ffe2} - "E:\HiSuiteDownLoader.exe"
HKU\S-1-5-21-3805500227-4192919812-1505005631-1002\...\MountPoints2: {c3ef43ca-d505-11eb-9dc7-507b9d76ffe2} - "E:\HiSuiteDownLoader.exe"
HKU\S-1-5-21-3805500227-4192919812-1505005631-1002\...\MountPoints2: {e5cc98c8-0dc0-11ec-9dd3-507b9d76ffe2} - "E:\HiSuiteDownLoader.exe"
HKLM\...\Windows x64\Print Processors\hpzppw71: C:\Windows\System32\spool\prtprocs\x64\hpzppw71.dll [230400 2009-07-14] (Microsoft Windows -> Hewlett-Packard Corporation)
HKLM\...\Print\Monitors\CutePDF Writer Monitor: C:\WINDOWS\system32\cpwmon64.dll [89008 2016-01-22] (Acro Software Inc. -> )
HKLM\...\Print\Monitors\PCL hpz3lw71: C:\WINDOWS\system32\hpz3lw71.dll [46080 2009-07-14] (Microsoft Windows -> Hewlett-Packard Corporation)
HKLM\Software\Microsoft\Active Setup\Installed Components: [{8A69D345-D564-463c-AFF1-A69D9E530F96}] -> C:\Program Files (x86)\Google\Chrome\Application\102.0.5005.63\Installer\chrmstp.exe [2022-05-31] (Google LLC -> Google LLC)
HKLM\Software\Microsoft\Active Setup\Installed Components: [{A8504530-742B-42BC-895D-2BAD6406F698}] -> C:\Program Files (x86)\AVAST Software\Browser\Application\101.0.16440.68\Installer\chrmstp.exe [2022-05-26] (Avast Software s.r.o. -> AVAST Software)
HKLM\Software\...\Authentication\Credential Providers: [{985546C2-9C8D-4EE6-A4FA-D8C004ED9EC0}] -> SCardWrapCredProv.dll
Startup: C:\Users\molli\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Parallels Client.lnk [2022-05-31]
ShortcutTarget: Parallels Client.lnk -> C:\Program Files\Parallels\Client\APPServerClient.exe (Parallels International GmbH -> Parallels International GmbH.)
Startup: C:\Users\molli\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\RingCentral.lnk [2022-04-22]
ShortcutTarget: RingCentral.lnk -> C:\Users\molli\AppData\Local\Programs\RingCentral\RingCentral.exe (RingCentral, Inc. -> RingCentral)
HKLM\SOFTWARE\Policies\Mozilla\Firefox: Restriction <==== ATTENTION
==================== Scheduled Tasks (Whitelisted) ============
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
Task: {02DD17FC-F0C8-4491-B2D0-45D62C726524} - System32\Tasks\Hewlett-Packard\HP Support Assistant\WarrantyChecker_TH0AL3P1FG => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPWarrantyCheck\HPWarrantyChecker.exe [1136984 2020-09-17] (HP Inc. -> HP Inc.)
Task: {09147153-2BD2-4C9A-AC43-3BBB9E22B7F7} - System32\Tasks\Lenovo\ImController\TimeBasedEvents\2b6b756a-3867-45c2-a507-feec45f440b3 => C:\WINDOWS\Lenovo\ImController\Service\Lenovo.Modern.ImController.exe [84240 2022-01-28] (Lenovo -> Lenovo Group Ltd.)
Task: {10DE4B3A-E667-434E-B5EA-228698F17C98} - System32\Tasks\Lenovo\REACHit Agent Startup => C:\Program Files (x86)\Lenovo\REACHit\REACHitAgent.exe [676176 2016-05-18] (LENOVO -> Lenovo)
Task: {22F70DE8-F69F-484F-AE63-E602B0146EFF} - System32\Tasks\Lenovo\Experience Improvement => C:\Program Files\Lenovo\ExperienceImprovement\LenovoExperienceImprovement.exe [287688 2016-03-30] (LENOVO -> Lenovo)
Task: {2B911569-A66E-4DFA-A151-27E7F3FD733D} - System32\Tasks\GoogleUpdateTaskMachineCore1d602e9b9647972 => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [154440 2016-03-31] (Google Inc -> Google Inc.)
Task: {32914283-B6C7-4535-8188-8D00D6708152} - System32\Tasks\Lenovo\ImController\Lenovo iM Controller Scheduled Maintenance => %windir%\system32\sc.exe START ImControllerService
Task: {346E8652-D6CA-4880-A401-9CC81D821DDB} - System32\Tasks\Microsoft\Office\OfficeTelemetryAgentLogOn => C:\Program Files\Microsoft Office 15\root\Office15\msoia.exe [286088 2020-05-12] (Microsoft Corporation -> Microsoft Corporation)
Task: {45C9D3D2-5170-4525-ADB9-C9E92AD9C9EA} - System32\Tasks\Avast Secure Browser Heartbeat Task (Hourly) => C:\Program Files (x86)\AVAST Software\Browser\Application\AvastBrowser.exe [2717768 2022-05-13] (Avast Software s.r.o. -> AVAST Software)
Task: {4B0472A9-C152-40BE-A3A2-800E757256C7} - System32\Tasks\TVT\TVSUUpdateTask_UserLogOn => C:\Program Files (x86)\Lenovo\System Update\tvsuShim.exe [1897824 2022-03-09] (Lenovo -> )
Task: {50EF0B55-9E9B-46D6-A1D6-36F7443FB46E} - System32\Tasks\UMonitor Task => C:\WINDOWS\SysWOW64\UMonit64.exe [62560 2015-08-29] (Microsoft Windows Hardware Compatibility Publisher -> )
Task: {543E4E37-84FB-4B80-AF58-4B8D55D643D8} - System32\Tasks\Hewlett-Packard\HP Support Assistant\HP Support Assistant Quick Start => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSF.exe [1506648 2020-08-20] (HP Inc. -> HP Inc.)
Task: {548EC764-BFC0-4EBD-AD1D-6BBD62AF1838} - System32\Tasks\Lenovo\Vantage\Schedule\DailyTelemetryTransmission => C:\Program Files (x86)\Lenovo\VantageService\3.12.13.0\ScheduleEventAction.exe [26384 2022-03-20] (Lenovo -> Lenovo Group Ltd.)
Task: {57E90D42-DBC1-47D5-8AA4-285B90849D3B} - System32\Tasks\Microsoft\Office\Office ClickToRun Service Monitor => C:\Program Files\Microsoft Office 15\ClientX64\OfficeC2RClient.exe [972184 2021-03-17] (Microsoft Corporation -> Microsoft Corporation)
Task: {595F2C3C-CE63-4108-B390-7FE6121EDE9C} - System32\Tasks\Lenovo\ImController\TimeBasedEvents\7631dd97-7868-4b52-8539-e27a7c3699ea => C:\WINDOWS\Lenovo\ImController\Service\Lenovo.Modern.ImController.exe [84240 2022-01-28] (Lenovo -> Lenovo Group Ltd.)
Task: {5ABB794C-14BA-45C3-8F85-8FBD84DD64B5} - System32\Tasks\Lenovo\Vantage\Schedule\VantageTelemetryAddinTask => C:\Program Files (x86)\Lenovo\VantageService\3.6.15.0\ScheduleEventAction.exe VantageTelemetryAddinTask (No File)
Task: {5F01B491-8934-475E-8BD9-E4E9846A7187} - System32\Tasks\Avast Software\Overseer => C:\Program Files\Common Files\Avast Software\Overseer\overseer.exe [2250576 2022-05-24] (Avast Software s.r.o. -> Avast Software)
Task: {6BE3E2F3-36F9-473D-9F2B-DD78282F3B00} - System32\Tasks\Lenovo\ImController\TimeBasedEvents\12065564-8fef-487f-9ca6-e2c93ac6ee3a => C:\WINDOWS\Lenovo\ImController\Service\Lenovo.Modern.ImController.exe [84240 2022-01-28] (Lenovo -> Lenovo Group Ltd.)
Task: {6DB73BB3-2A8E-4827-91F4-A28523AB288A} - System32\Tasks\Hewlett-Packard\HP Support Assistant\HP Support Solutions Framework Updater => C:\Program Files (x86)\Hewlett-Packard\HP Support Solutions\Modules\HPSSFUpdater.exe [930960 2022-05-11] (HP Inc. -> HP Inc.)
Task: {6EDD5101-3F5A-4A39-8922-52917FED8BFC} - System32\Tasks\Lenovo\Lenovo Service Bridge\S-1-5-21-3805500227-4192919812-1505005631-1002 => C:\Users\molli\AppData\Local\Programs\Lenovo\Lenovo Service Bridge\LSBUpdater.exe [122344 2019-04-04] (Lenovo (Beijing) Limited -> Lenovo Group Limited)
Task: {701B9749-3974-4F68-A006-AE597F3C72C3} - System32\Tasks\Hewlett-Packard\HP Support Assistant\HP Support Solutions Framework Report => C:\Program Files (x86)\Hewlett-Packard\HP Support Solutions\Modules\HPSFReport.exe [136304 2021-03-30] (HP Inc. -> HP Inc.)
Task: {71280683-330D-4B63-9359-2F27C6EE4813} - System32\Tasks\Hewlett-Packard\HP Support Assistant\PC Health Analysis => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSF.exe [1506648 2020-08-20] (HP Inc. -> HP Inc.)
Task: {73EF4189-26C6-4149-809A-5660C9F963BC} - System32\Tasks\DropboxUpdateTaskMachineUA => C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe [130320 2021-11-12] (Dropbox, Inc -> Dropbox, Inc.)
Task: {748496A6-02BB-4C59-8249-ABB80BFF7AAE} - System32\Tasks\Lenovo\Vantage\Schedule\GenericMessagingAddin => C:\Program Files (x86)\Lenovo\VantageService\3.12.13.0\ScheduleEventAction.exe [26384 2022-03-20] (Lenovo -> Lenovo Group Ltd.)
Task: {76025D61-D042-430E-8020-027EB9BFF6D9} - System32\Tasks\WD Device Agent Task molli => C:\Program Files (x86)\Western Digital\Discovery\Current\WD Device Agent.exe [720432 2021-07-31] (Western Digital Technologies, Inc. -> Western Digital Technologies, Inc.)
Task: {7E917DB0-9CDC-4FB7-ADF4-7DB6F9856FDD} - System32\Tasks\Lenovo\BatteryGauge\BatteryGaugeMaintenance => C:\ProgramData\Lenovo\ImController\Plugins\LenovoBatteryGaugePackage\x64\BGHelper.exe [145480 2021-09-09] (Lenovo -> Lenovo Group Ltd.)
Task: {80184825-2BFE-4A17-BE04-E446B10626B0} - System32\Tasks\AvastUpdateTaskMachineCore => C:\Program Files (x86)\AVAST Software\Browser\Update\AvastBrowserUpdate.exe [194200 2020-10-11] (Avast Software s.r.o. -> AVAST Software)
Task: {89A42FFD-2F6F-4B1B-A725-FCA776BE39B4} - System32\Tasks\Hewlett-Packard\HP Support Assistant\Product Configurator => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\ProductConfig.exe [327256 2022-02-09] (HP Inc. -> HP Inc.)
Task: {8BCAAF8E-F73C-4C9B-BD8D-0B6B9026F023} - System32\Tasks\StartDVR => C:\Program Files\AMD\CNext\CNext\dvrcmd.exe (No File)
Task: {8C2A3648-2F5F-468F-B210-A6AA6726F929} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [154440 2016-03-31] (Google Inc -> Google Inc.)
Task: {949D0EBD-B7F3-42A3-B933-A9553FEC2BAC} - System32\Tasks\AvastUpdateTaskMachineUA => C:\Program Files (x86)\AVAST Software\Browser\Update\AvastBrowserUpdate.exe [194200 2020-10-11] (Avast Software s.r.o. -> AVAST Software)
Task: {953C7F48-81F5-4185-A1AF-A936F660619B} - System32\Tasks\StartCN => C:\Program Files\AMD\CNext\CNext\cncmd.exe [52104 2017-03-21] (Advanced Micro Devices, Inc. -> Advanced Micro Devices, Inc.)
Task: {96233069-34F9-4F33-98B7-6F87E6DB712E} - System32\Tasks\Lenovo\REACHit Agent Update => C:\Program Files (x86)\Lenovo\REACHit\REACHitAgent.exe [676176 2016-05-18] (LENOVO -> Lenovo)
Task: {987F8A50-3A9F-4F7C-8D8F-B2B5593359D8} - System32\Tasks\CreateExplorerShellUnelevatedTask => C:\WINDOWS\explorer.exe /NoUACCheck
Task: {992E5FD9-BD72-41B0-A82C-50E9CA2812E6} - System32\Tasks\HPCustParticipation HP OfficeJet 8010 series => C:\Program Files\HP\HP OfficeJet 8010 series\Bin\HPCustPartic.exe [6721184 2021-11-18] (HP Inc. -> HP Inc.)
Task: {9A4F5C1C-787F-472D-9A54-99C7F495264C} - System32\Tasks\Hewlett-Packard\HP Support Assistant\WarrantyChecker_DeviceScan => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPWarrantyCheck\HPWarrantyChecker.exe [1136984 2020-09-17] (HP Inc. -> HP Inc.)
Task: {9C13AFE4-1664-43B5-B23E-122B46747114} - System32\Tasks\Lenovo\ImController\TimeBasedEvents\5e53d492-c689-4eaf-8ebb-a44d1fbea162 => C:\WINDOWS\Lenovo\ImController\Service\Lenovo.Modern.ImController.exe [84240 2022-01-28] (Lenovo -> Lenovo Group Ltd.)
Task: {9D520ADD-330E-403F-9988-942F97CC9872} - System32\Tasks\Lenovo\LSC\Lenovo Solution Center Notifications => C:\Program Files\Lenovo\Lenovo Solution Center\LSCNotify.exe [1321296 2016-06-02] (LENOVO -> Lenovo)
Task: {A5759B49-C9AA-420B-A5BD-2ACD14247B51} - System32\Tasks\Microsoft\Office\OfficeTelemetryAgentFallBack => C:\Program Files\Microsoft Office 15\root\Office15\msoia.exe [286088 2020-05-12] (Microsoft Corporation -> Microsoft Corporation)
Task: {A88C97F6-BB13-4E0E-BA7F-24C68515C7A5} - System32\Tasks\Lenovo\Vantage\Schedule\LenovoSystemUpdateAddin_WeeklyTask => C:\Program Files (x86)\Lenovo\VantageService\3.12.13.0\ScheduleEventAction.exe [26384 2022-03-20] (Lenovo -> Lenovo Group Ltd.)
Task: {B0E7ED42-E7D0-4802-BAF0-E5AFC61728A8} - System32\Tasks\Adobe Acrobat Update Task => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [1564424 2021-11-18] (Adobe Inc. -> Adobe Inc.)
Task: {B36B7D14-0AAF-40B3-882E-EC96A429844C} - System32\Tasks\Microsoft\Windows\PLA\LSC Memory => C:\Windows\system32\rundll32.exe C:\Windows\system32\pla.dll,PlaHost "LSC Memory" "$(Arg0)"
Task: {B8045498-B5D0-46BA-9C3E-78BF62972088} - System32\Tasks\Microsoft\Office\Office Automatic Updates => C:\Program Files\Microsoft Office 15\ClientX64\OfficeC2RClient.exe [972184 2021-03-17] (Microsoft Corporation -> Microsoft Corporation)
Task: {BA450CB0-D2FA-4092-9813-BEC7336F8B7A} - System32\Tasks\Lenovo\ImController\TimeBasedEvents\834ecaf4-65d8-42c6-8b3a-691d62177f32 => C:\WINDOWS\Lenovo\ImController\Service\Lenovo.Modern.ImController.exe [84240 2022-01-28] (Lenovo -> Lenovo Group Ltd.)
Task: {BA61D100-8CCF-4980-8B72-4F7F41B23C67} - System32\Tasks\CyberLink\Photo Master Gadget startup => C:\Program Files (x86)\Lenovo\Lenovo Photo Master\PhotoMasterWorker.exe [745240 2016-09-22] (CyberLink Corp. -> CyberLink Corp.)
Task: {BB09B081-3E05-4904-A173-08C2D7C85431} - System32\Tasks\WD Discovery Service Task molli => C:\Program Files (x86)\Western Digital\Discovery\Current\Service\WDDiscoveryService.exe [58880 2021-07-31] () [File not signed]
Task: {BEF4DB56-9439-43F8-8C9C-C6F9315E58A9} - System32\Tasks\Lenovo\ImController\Plugins\LenovoSystemUpdatePlugin_WeeklyTask => %windir%\System32\reg.exe add hklm\SOFTWARE\Lenovo\SystemUpdatePlugin\scheduler /v start /t reg_dword /d 1 /f /reg:32
Task: {C6F2710D-E818-496B-8338-97AB3BF229CF} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [154440 2016-03-31] (Google Inc -> Google Inc.)
Task: {C8388F3A-C2B4-4CB2-9F4A-0778109ECF4E} - System32\Tasks\Hewlett-Packard\HP Support Assistant\HP Support Solutions Framework Updater - resources updates => C:\Program Files (x86)\Hewlett-Packard\HP Support Solutions\Modules\HPSSFUpdater.exe [930960 2022-05-11] (HP Inc. -> HP Inc.)
Task: {CE64F059-0402-4941-846D-085CC3309FAB} - System32\Tasks\Lenovo\Lenovo Customer Feedback Program 64 => C:\Program Files (x86)\Lenovo\Customer Feedback Program\Lenovo.TVT.CustomerFeedback.Agent.exe [16832 2015-07-08] (LENOVO -> Lenovo)
Task: {D322E16D-87D1-40BB-9157-D96A73D7877E} - System32\Tasks\Lenovo\ImController\Lenovo iM Controller Monitor => C:\WINDOWS\system32\ImController.InfInstaller.exe [64256 2022-01-28] (Lenovo -> Lenovo Group Ltd.)
Task: {D5F26B4D-C936-4EF1-B58B-486064D0605C} - System32\Tasks\Lenovo\Vantage\Lenovo.Vantage.ServiceMaintainance => %systemroot%\system32\sc.exe start LenovoVantageService
Task: {D9E857E0-7A73-4715-8670-888C056FBF2B} - System32\Tasks\Avast Emergency Update => C:\Program Files\Avast Software\Avast\AvEmUpdate.exe [4925264 2022-05-16] (Avast Software s.r.o. -> AVAST Software)
Task: {DA2B9286-BBF1-4F1F-8093-BFF79841E8E6} - System32\Tasks\Hewlett-Packard\HP Support Assistant\HP Support Solutions Framework Updater - Resources => C:\Program Files (x86)\Hewlett-Packard\HP Support Solutions\Modules\HPSSFUpdater.exe [930960 2022-05-11] (HP Inc. -> HP Inc.)
Task: {DC64D404-0AE3-465C-B961-2B60FDA79A29} - System32\Tasks\Hewlett-Packard\HP Active Health\HP Active Health Scan (HPSA) => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPActiveHealth\ActiveHealth.exe [25128 2017-11-25] (HP Inc. -> )
Task: {E8C80844-8C86-4CD1-A122-C43C07AC5C73} - System32\Tasks\Lenovo\Lenovo Solution Center Launcher => C:\Program Files\lenovo\lenovo solution center\App\LSC.Services.UpdateStatusService.exe [263504 2016-06-02] (LENOVO -> )
Task: {F056B9E3-8802-41E7-83C2-27AE79F98F85} - System32\Tasks\PDVDServ12 Task => C:\Program Files (x86)\Lenovo\PowerDVD12\PDVD12Serv.exe [85432 2015-08-05] (CyberLink Corp. -> CyberLink Corp.)
Task: {F6722126-3039-4BE0-A61C-35002D6B7530} - System32\Tasks\DropboxUpdateTaskMachineCore => C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe [130320 2021-11-12] (Dropbox, Inc -> Dropbox, Inc.)
Task: {F894F18F-83FA-4F02-9A38-4D090090D257} - System32\Tasks\TVT\TVSUUpdateTask => C:\Program Files (x86)\Lenovo\System Update\tvsuShim.exe [1897824 2022-03-09] (Lenovo -> )
Task: {FABEB7FD-365A-4F41-8804-25A91DC67F5C} - System32\Tasks\AVG EUpdate Task => avgsetupx.exe /eu (No File)
Task: {FE8B8E46-0ADF-4775-8A04-871F3020782D} - System32\Tasks\Avast Secure Browser Heartbeat Task (Logon) => C:\Program Files (x86)\AVAST Software\Browser\Application\AvastBrowser.exe [2717768 2022-05-13] (Avast Software s.r.o. -> AVAST Software)
(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)
Task: C:\WINDOWS\Tasks\DropboxUpdateTaskMachineCore.job => C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe
Task: C:\WINDOWS\Tasks\DropboxUpdateTaskMachineUA.job => C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe
-
June 1st, 2022, 05:59 PM
#2
FRST log part 2
==================== Internet (Whitelisted) ====================
(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
Tcpip\Parameters: [DhcpNameServer] 89.101.160.5 89.101.160.4
Tcpip\..\Interfaces\{99dd8d5b-380b-4ad1-a687-a87487ff059a}: [DhcpNameServer] 192.168.42.129
Tcpip\..\Interfaces\{b46db2f2-e42d-4142-8786-937e4b1aa7e3}: [DhcpNameServer] 89.101.160.5 89.101.160.4
Tcpip\..\Interfaces\{c2c54ad8-35c7-4fee-9257-97ec8045a3b7}: [DhcpNameServer] 89.101.160.5 89.101.160.4
Edge:
=======
Edge Extension: (No Name) -> AutoFormFill_5ED10D46BD7E47DEB1F3685D2C0FCE08 => C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\Assets\HostExtensions\AutoFormFill [not found]
Edge Extension: (No Name) -> BookReader_B171F20233094AC88D05A8EF7B9763E8 => C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\Assets\BookViewer [not found]
Edge Extension: (No Name) -> LearningTools_7706F933-971C-41D1-9899-8A026EB5D824 => C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\Assets\HostExtensions\LearningTools [not found]
Edge Extension: (No Name) -> PinJSAPI_EC01B57063BE468FAB6DB7EBFC3BF368 => C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\Assets\HostExtensions\PinJSAPI [not found]
Edge Profile: C:\Users\molli\AppData\Local\Microsoft\Edge\User Data\Default [2021-07-26]
Edge HKLM-x32\...\Edge\Extension: [ihcjicgdanjaechkgeegckofjjedodee]
FireFox:
========
FF DefaultProfile: dg32le2u.default
FF ProfilePath: C:\Users\molli\AppData\Roaming\Mozilla\Firefox\Profiles\dg32le2u.default [2020-10-11]
FF Homepage: Mozilla\Firefox\Profiles\dg32le2u.default -> hxxps://www.google.com/
FF NewTab: Mozilla\Firefox\Profiles\dg32le2u.default -> hxxp://securedsearch.lavasoft.com/?pr=vmn&id=webcompa&ent=hp_WCYID10440__180520
FF Plugin: @videolan.org/vlc,version=3.0.13 -> C:\Program Files\VideoLAN\VLC\npvlc.dll [2021-05-03] (VideoLAN -> VideoLAN)
FF Plugin: Adobe Acrobat -> C:\Program Files\Adobe\Acrobat DC\Acrobat\Air\nppdf32.dll [2022-04-07] (Adobe Inc. -> Adobe Systems Inc.)
FF Plugin-x32: @microsoft.com/Lync,version=15.0 -> C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX86\Mozilla Firefox\plugins\npmeetingjoinpluginoc.dll [2016-12-20] (Microsoft Corporation -> Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\Program Files\Microsoft Office 15\root\Office15\NPSPWRAP.DLL [2016-12-20] (Microsoft Corporation -> Microsoft Corporation)
FF Plugin-x32: @update.avastbrowser.com/Avast Browser;version=3 -> C:\Program Files (x86)\AVAST Software\Browser\Update\1.8.1065.0\npAvastBrowserUpdate3.dll [2020-10-11] (Avast Software s.r.o. -> AVAST Software)
FF Plugin-x32: @update.avastbrowser.com/Avast Browser;version=9 -> C:\Program Files (x86)\AVAST Software\Browser\Update\1.8.1065.0\npAvastBrowserUpdate3.dll [2020-10-11] (Avast Software s.r.o. -> AVAST Software)
Chrome:
=======
CHR DefaultProfile: Profile 1
CHR Profile: C:\Users\molli\AppData\Local\Google\Chrome\User Data\Default [2021-04-10]
CHR HomePage: Default -> hxxps://www.yahoo.com/
CHR StartupUrls: Default -> "hxxps://www.yahoo.com/"
CHR Profile: C:\Users\molli\AppData\Local\Google\Chrome\User Data\Profile 1 [2022-06-01]
CHR Notifications: Profile 1 -> hxxps://bringatrailer.com; hxxps://cricfree.sc; hxxps://football.fantasysports.yahoo.com; hxxps://www.dailymail.co.uk; hxxps://www.facebook.com; hxxps://www.yahoo.com
CHR HomePage: Profile 1 -> hxxps://www.yahoo.com/
CHR StartupUrls: Profile 1 -> "hxxps://www.yahoo.com/"
CHR Extension: (Safe Torrent Scanner) - C:\Users\molli\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\aegnopegbbhjeeiganiajffnalhlkkjb [2022-04-13]
CHR Extension: (Adblock Plus - free ad blocker) - C:\Users\molli\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\cfhdojbkjhnklbpkdaibdccddilifddb [2022-05-31]
CHR Extension: (ZenMate Free VPN–Best VPN for Chrome) - C:\Users\molli\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\fdcgdnkidjaadafnichfpabhfomcebme [2022-04-07]
CHR Extension: (Malwarebytes Browser Guard) - C:\Users\molli\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\ihcjicgdanjaechkgeegckofjjedodee [2022-05-26]
CHR Extension: (Chrome Web Store Payments) - C:\Users\molli\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2021-01-30]
CHR Profile: C:\Users\molli\AppData\Local\Google\Chrome\User Data\System Profile [2018-09-29]
CHR HKU\S-1-5-21-3805500227-4192919812-1505005631-1002\SOFTWARE\Google\Chrome\Extensions\...\Chrome\Extension: [dhdgffkkebhmkfjojejmpbldmpobfkfo]
CHR HKLM-x32\...\Chrome\Extension: [aegnopegbbhjeeiganiajffnalhlkkjb]
CHR HKLM-x32\...\Chrome\Extension: [efaidnbmnnnibpcajpcglclefindmkaj]
CHR HKLM-x32\...\Chrome\Extension: [ihcjicgdanjaechkgeegckofjjedodee]
==================== Services (Whitelisted) ===================
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
R2 AdobeARMservice; C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe [169728 2021-11-18] (Adobe Inc. -> Adobe Inc.)
R3 aswbIDSAgent; C:\Program Files\Avast Software\Avast\aswidsagent.exe [8434824 2022-05-16] (Avast Software s.r.o. -> AVAST Software)
S2 avast; C:\Program Files (x86)\AVAST Software\Browser\Update\AvastBrowserUpdate.exe [194200 2020-10-11] (Avast Software s.r.o. -> AVAST Software)
R2 avast! Antivirus; C:\Program Files\Avast Software\Avast\AvastSvc.exe [576336 2022-05-16] (Avast Software s.r.o. -> AVAST Software)
R2 avast! Tools; C:\Program Files\Avast Software\Avast\aswToolsSvc.exe [576336 2022-05-16] (Avast Software s.r.o. -> AVAST Software)
S3 avastm; C:\Program Files (x86)\AVAST Software\Browser\Update\AvastBrowserUpdate.exe [194200 2020-10-11] (Avast Software s.r.o. -> AVAST Software)
S3 AvastSecureBrowserElevationService; C:\Program Files (x86)\AVAST Software\Browser\Application\101.0.16440.68\elevation_service.exe [1982752 2022-05-13] (Avast Software s.r.o. -> AVAST Software)
R2 AvastWscReporter; C:\Program Files\Avast Software\Avast\wsc_proxy.exe [56912 2021-06-01] (Avast Software s.r.o. -> AVAST Software)
S4 AvrcpService; C:\Program Files (x86)\REALTEK\Realtek Bluetooth\AvrcpService.exe [41176 2015-03-03] (Realtek Semiconductor Corp -> Realtek Semiconductor Corporation)
S4 BTDevManager; C:\Program Files (x86)\REALTEK\Realtek Bluetooth\BTDevMgr.exe [120024 2015-07-02] (Realtek Semiconductor Corp -> )
S4 CCSDK; C:\Program Files (x86)\Lenovo\CCSDK\CCSDK.exe [650680 2015-07-29] (LENOVO -> Lenovo)
R2 ClickToRunSvc; C:\Program Files\Microsoft Office 15\ClientX64\OfficeClickToRun.exe [3052952 2021-03-17] (Microsoft Corporation -> Microsoft Corporation)
S2 dbupdate; C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe [130320 2021-11-12] (Dropbox, Inc -> Dropbox, Inc.)
S3 dbupdatem; C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe [130320 2021-11-12] (Dropbox, Inc -> Dropbox, Inc.)
R2 DbxSvc; C:\WINDOWS\system32\DbxSvc.exe [45408 2022-05-21] (Dropbox, Inc -> Dropbox, Inc.)
R2 Dolby DAX2 API Service; C:\Program Files\Dolby\Dolby DAX2\DAX2_API\DolbyDAX2API.exe [194048 2017-04-10] (Dolby Laboratories, Inc. -> Dolby Laboratories, Inc.)
S4 GDCAgent; C:\Program Files (x86)\Lenovo\GDCAgentSetupRed\GDCAgent.exe [1155512 2015-07-30] (LENOVO -> Lenovo)
R2 HPPrintScanDoctorService; C:\Program Files\HPPrintScanDoctor\HPPrintScanDoctorService.exe [223904 2022-04-30] (HP Inc. -> HP Inc.)
R2 HPSLPSVC; C:\Program Files (x86)\HP\Digital Imaging\bin\HPSLPSVC64.DLL [1039360 2011-08-18] (Hewlett-Packard Co.) [File not signed]
R2 HPSupportSolutionsFrameworkService; C:\Program Files (x86)\Hewlett-Packard\HP Support Solutions\HPSupportSolutionsFrameworkService.exe [379736 2020-08-20] (HP Inc. -> HP Inc.)
S2 HPTouchpointAnalyticsService; C:\Program Files\HP\HP Touchpoint Analytics Client\TouchpointAnalyticsClientService.exe [332216 2017-11-25] (HP Inc. -> HP Inc.)
R2 ImControllerService; C:\WINDOWS\Lenovo\ImController\Service\Lenovo.Modern.ImController.exe [84240 2022-01-28] (Lenovo -> Lenovo Group Ltd.)
R2 LenovoVantageService; C:\Program Files (x86)\Lenovo\VantageService\3.12.13.0\LenovoVantageService.exe [29968 2022-03-20] (Lenovo -> Lenovo Group Ltd.)
S4 LSC.Services.SystemService; C:\Program Files\Lenovo\Lenovo Solution Center\App\LSC.Services.SystemService.exe [273232 2016-06-02] (LENOVO -> Lenovo)
R2 MBAMService; C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe [8524512 2022-05-21] (Malwarebytes Inc. -> Malwarebytes)
S2 Net Driver HPZ12; C:\Windows\System32\HPZinw12.dll [71680 2010-08-06] (Hewlett-Packard) [File not signed]
S2 Pml Driver HPZ12; C:\Windows\System32\HPZipm12.dll [89600 2010-08-06] (Hewlett-Packard) [File not signed]
R2 RAS RDP Backend Service; C:\Program Files\Parallels\Client\x86\TuxWinClientService.exe [3638040 2021-10-28] (Parallels International GmbH -> Parallels International GmbH.)
S4 ShareItSvc; C:\Program Files (x86)\Lenovo\SHAREit\Shareit.Service.exe [31176 2016-01-20] (LENOVO -> SHAREit Technologies Co.Ltd)
R2 TeamViewer; C:\Program Files\TeamViewer\TeamViewer_Service.exe [14754088 2021-11-06] (TeamViewer Germany GmbH -> TeamViewer Germany GmbH)
S3 WdNisSvc; C:\ProgramData\Microsoft\Windows Defender\platform\4.18.2009.7-0\NisSrv.exe [2372048 2020-10-07] (Microsoft Windows Publisher -> Microsoft Corporation)
S3 WinDefend; C:\ProgramData\Microsoft\Windows Defender\platform\4.18.2009.7-0\MsMpEng.exe [128376 2020-10-07] (Microsoft Windows Publisher -> Microsoft Corporation)
===================== Drivers (Whitelisted) ===================
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
S0 amdkmafd; C:\WINDOWS\System32\drivers\amdkmafd.sys [49448 2016-08-18] (Advanced Micro Devices, Inc. -> Advanced Micro Devices, Inc.)
S3 AppleLowerFilter; C:\WINDOWS\System32\drivers\AppleLowerFilter.sys [35560 2018-05-10] (WDKTestCert build,131474841775766162 -> Apple Inc.)
R0 aswArDisk; C:\WINDOWS\System32\drivers\aswArDisk.sys [38936 2022-05-16] (Avast Software s.r.o. -> AVAST Software)
R1 aswArPot; C:\WINDOWS\System32\drivers\aswArPot.sys [232648 2022-05-16] (Avast Software s.r.o. -> AVAST Software)
R1 aswbidsdriver; C:\WINDOWS\System32\drivers\aswbidsdriver.sys [381616 2022-05-16] (Avast Software s.r.o. -> AVAST Software)
R0 aswbidsh; C:\WINDOWS\System32\drivers\aswbidsh.sys [255144 2022-05-16] (Avast Software s.r.o. -> AVAST Software)
R0 aswbuniv; C:\WINDOWS\System32\drivers\aswbuniv.sys [102568 2022-05-16] (Avast Software s.r.o. -> AVAST Software)
R0 aswElam; C:\WINDOWS\System32\drivers\aswElam.sys [21936 2021-10-02] (Microsoft Windows Early Launch Anti-malware Publisher -> AVAST Software)
R1 aswKbd; C:\WINDOWS\System32\drivers\aswKbd.sys [44568 2022-05-16] (Avast Software s.r.o. -> AVAST Software)
R1 aswMonFlt; C:\WINDOWS\System32\drivers\aswMonFlt.sys [271592 2022-05-16] (Avast Software s.r.o. -> AVAST Software)
R1 aswNetHub; C:\WINDOWS\System32\drivers\aswNetHub.sys [548976 2022-05-16] (Avast Software s.r.o. -> AVAST Software)
R1 aswRdr; C:\WINDOWS\System32\drivers\aswRdr2.sys [111056 2022-05-16] (Avast Software s.r.o. -> AVAST Software)
R0 aswRvrt; C:\WINDOWS\System32\drivers\aswRvrt.sys [86120 2022-05-16] (Avast Software s.r.o. -> AVAST Software)
R1 aswSnx; C:\WINDOWS\System32\drivers\aswSnx.sys [857488 2022-05-16] (Avast Software s.r.o. -> AVAST Software)
R1 aswSP; C:\WINDOWS\System32\drivers\aswSP.sys [558768 2022-05-16] (Avast Software s.r.o. -> AVAST Software)
R2 aswStm; C:\WINDOWS\System32\drivers\aswStm.sys [218088 2022-05-16] (Avast Software s.r.o. -> AVAST Software)
R0 aswVmm; C:\WINDOWS\System32\drivers\aswVmm.sys [317832 2022-05-16] (Avast Software s.r.o. -> AVAST Software)
S3 BthA2dp; C:\WINDOWS\System32\drivers\BthA2dp.sys [279040 2019-12-07] (Microsoft Corporation) [File not signed]
S3 BthHFEnum; C:\WINDOWS\System32\drivers\bthhfenum.sys [144896 2019-12-07] (Microsoft Corporation) [File not signed]
S3 CSRBC; C:\WINDOWS\System32\Drivers\rider64.sys [38400 2015-03-10] (Microsoft Windows Hardware Compatibility Publisher -> CSR plc.)
R1 ESProtectionDriver; C:\WINDOWS\system32\drivers\mbae64.sys [103888 2022-04-21] (Microsoft Windows Hardware Compatibility Publisher -> Malwarebytes)
S3 ew_usbccgpfilter; C:\WINDOWS\System32\drivers\ew_usbccgpfilter.sys [18944 2019-12-27] (Microsoft Windows Hardware Compatibility Publisher -> Huawei Technologies Co., Ltd.)
S3 GeneStor; C:\WINDOWS\system32\DRIVERS\GeneStor.sys [188840 2015-08-29] (GENESYS LOGIC, INC. -> GenesysLogic)
R2 MBAMChameleon; C:\WINDOWS\System32\Drivers\MbamChameleon.sys [223176 2022-05-21] (Microsoft Windows Hardware Compatibility Publisher -> Malwarebytes)
S0 MbamElam; C:\WINDOWS\System32\DRIVERS\MbamElam.sys [21480 2022-04-21] (Microsoft Windows Early Launch Anti-malware Publisher -> Malwarebytes)
R3 MBAMFarflt; C:\WINDOWS\System32\DRIVERS\farflt.sys [194512 2022-05-31] (Microsoft Windows Hardware Compatibility Publisher -> Malwarebytes)
R3 MBAMProtection; C:\WINDOWS\system32\DRIVERS\mbam.sys [74688 2022-05-31] (Microsoft Windows Hardware Compatibility Publisher -> Malwarebytes)
R3 MBAMSwissArmy; C:\WINDOWS\System32\Drivers\mbamswissarmy.sys [239560 2022-05-30] (Microsoft Windows Hardware Compatibility Publisher -> Malwarebytes)
R3 MBAMWebProtection; C:\WINDOWS\system32\DRIVERS\mwac.sys [181992 2022-05-31] (Malwarebytes Inc. -> Malwarebytes)
S3 RtkA2dp; C:\WINDOWS\system32\drivers\RtkA2dp.sys [182288 2015-05-21] (Microsoft Windows Hardware Compatibility Publisher -> Realtek Semiconductor Corporation)
S3 RtkAvrcpCtrlr; C:\WINDOWS\System32\drivers\RtkAvrcpCtrlr.sys [70672 2015-05-12] (Microsoft Windows Hardware Compatibility Publisher -> Realtek Semiconductor Corporation)
S3 Ser2pl; C:\WINDOWS\system32\DRIVERS\ser2pl64.sys [262160 2019-08-11] (WDKTestCert charles-yeh,132058328970830801 -> Prolific Technology Inc.)
S3 ssudmdm; C:\WINDOWS\system32\DRIVERS\ssudmdm.sys [221824 2016-04-25] (Samsung Electronics CO., LTD. -> Samsung Electronics Co., Ltd.)
S3 WdBoot; C:\WINDOWS\system32\drivers\wd\WdBoot.sys [48536 2020-10-07] (Microsoft Windows Early Launch Anti-malware Publisher -> Microsoft Corporation)
S3 WDC_SAM; C:\WINDOWS\System32\drivers\wdcsam64.sys [26880 2018-06-04] (WDKTestCert wdclab,130885612892544312 -> Western Digital Technologies, Inc.)
S3 WdFilter; C:\WINDOWS\system32\drivers\wd\WdFilter.sys [428264 2020-10-07] (Microsoft Windows -> Microsoft Corporation)
R1 wdfsconnect2017; C:\WINDOWS\system32\drivers\wdfsconnect2017.sys [468112 2017-11-21] (Microsoft Windows Hardware Compatibility Publisher -> Western Digital Technologies, Inc.)
S3 WdNisDrv; C:\WINDOWS\System32\drivers\wd\WdNisDrv.sys [69864 2020-10-07] (Microsoft Windows -> Microsoft Corporation)
R3 wdvpnpbus; C:\WINDOWS\System32\drivers\wdvpnpbus.sys [20624 2017-11-21] (Microsoft Windows Hardware Compatibility Publisher -> Western Digital Technologies, Inc.)
S3 wsvd; C:\WINDOWS\system32\DRIVERS\wsvd.sys [102376 2012-06-13] (CyberLink -> "CyberLink)
==================== NetSvcs (Whitelisted) ===================
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
-
June 2nd, 2022, 01:21 AM
#3
Additions part 1
Additional scan result of Farbar Recovery Scan Tool (x64) Version: 31-05-2022 01
Ran by molli (01-06-2022 22:59:54)
Running from C:\Users\molli\Desktop
Microsoft Windows 10 Home Version 21H2 19044.1706 (X64) (2020-11-22 16:35:14)
Boot Mode: Normal
==========================================================
==================== Accounts: =============================
(If an entry is included in the fixlist, it will be removed.)
Administrator (S-1-5-21-3805500227-4192919812-1505005631-500 - Administrator - Disabled)
DefaultAccount (S-1-5-21-3805500227-4192919812-1505005631-503 - Limited - Disabled)
Guest (S-1-5-21-3805500227-4192919812-1505005631-501 - Limited - Disabled)
molli (S-1-5-21-3805500227-4192919812-1505005631-1002 - Administrator - Enabled) => C:\Users\molli
WDAGUtilityAccount (S-1-5-21-3805500227-4192919812-1505005631-504 - Limited - Disabled)
==================== Security Center ========================
(If an entry is included in the fixlist, it will be removed.)
AV: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AV: Avast Antivirus (Enabled - Up to date) {EB19B86E-3998-C706-90EF-92B41EB091AF}
AV: Malwarebytes (Enabled - Up to date) {23007AD3-69FE-687C-2629-D584AFFAF72B}
==================== Installed Programs ======================
(Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)
µTorrent (HKU\S-1-5-21-3805500227-4192919812-1505005631-1002\...\uTorrent) (Version: 3.5.5.46248 - BitTorrent Inc.)
64 Bit HP CIO Components Installer (HKLM\...\{FF21C3E6-97FD-474F-9518-8DCBE94C2854}) (Version: 7.2.8 - Hewlett-Packard) Hidden
7-Zip 18.06 (x64) (HKLM\...\7-Zip) (Version: 18.06 - Igor Pavlov)
7-Zip 19.00 (x64 edition) (HKLM\...\{23170F69-40C1-2702-1900-000001000000}) (Version: 19.00.00.0 - Igor Pavlov)
Avast Free Antivirus (HKLM\...\Avast Antivirus) (Version: 22.4.6011 - Avast Software)
Avast Secure Browser (HKLM-x32\...\Avast Secure Browser) (Version: 101.0.16440.68 - AVAST Software)
Avast Update Helper (HKLM-x32\...\{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}) (Version: 1.8.1065.0 - AVAST Software) Hidden
Cardo Updater (HKLM-x32\...\Cardo Updater_is1) (Version: - Cardo Systems, Inc.)
Cisco EAP-FAST Module (HKLM-x32\...\{64BF0187-F3D2-498B-99EA-163AF9AE6EC9}) (Version: 2.2.14 - Cisco Systems, Inc.)
Cisco LEAP Module (HKLM-x32\...\{AF312B06-5C5C-468E-89B3-BE6DE2645722}) (Version: 1.0.19 - Cisco Systems, Inc.)
Cisco PEAP Module (HKLM-x32\...\{0A4EF0E6-A912-4CDE-A7F3-6E56E7C13A2F}) (Version: 1.1.6 - Cisco Systems, Inc.)
Components (HKLM-x32\...\{1720B0E0-C520-43A6-B677-97A1D80F3B99}) (Version: 1.0.023.00 - Lenovo) Hidden
CutePDF Writer 3.1 (HKLM\...\CutePDF Writer Installation) (Version: 3.1 - Acro Software Inc.)
Dolby Audio X2 Windows API SDK (HKLM\...\{68B3293E-612B-48B4-BC0F-4CCFBF83AB96}) (Version: 0.8.2.76 - Dolby Laboratories, Inc.)
Dolby Audio X2 Windows APP (HKLM\...\{7DA57EF8-9D20-4126-AF15-D0CC97D0C017}) (Version: 0.4.0.22 - Dolby Laboratories, Inc.)
Dropbox (HKLM-x32\...\Dropbox) (Version: 149.4.4568 - Dropbox, Inc.)
Dropbox Update Helper (HKLM-x32\...\{099218A5-A723-43DC-8DB5-6173656A1E94}) (Version: 1.3.583.1 - Dropbox, Inc.) Hidden
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 102.0.5005.63 - Google LLC)
Lenovo Experience Improvement (HKLM\...\LenovoExperienceImprovement) (Version: 2.0.9.0 - Lenovo)
Lenovo FusionEngine (HKLM-x32\...\Lenovo FusionEngine) (Version: 1.0.13.0 - Lenovo, Inc.)
Lenovo OneKey Recovery (HKLM\...\{46F4D124-20E5-4D12-BE52-EC177A7A4B42}) (Version: 8.1.0.5708 - CyberLink Corp.) Hidden
Lenovo OneKey Recovery (HKLM-x32\...\InstallShield_{46F4D124-20E5-4D12-BE52-EC177A7A4B42}) (Version: 8.1.0.5708 - CyberLink Corp.)
Lenovo Photo Master (HKLM-x32\...\{BC94C56A-3649-420C-8756-2ADEBE399D33}) (Version: 2.5.5720.01 - CyberLink Corp.)
Lenovo pointing device (HKLM\...\Elantech) (Version: 11.4.71.2 - ELAN Microelectronic Corp.)
Lenovo PowerDVD12 (HKLM-x32\...\{B46BEA36-0B71-4A4E-AE41-87241643FA0A}) (Version: 12.0.5604.55 - CyberLink Corp.) Hidden
Lenovo PowerDVD12 (HKLM-x32\...\InstallShield_{B46BEA36-0B71-4A4E-AE41-87241643FA0A}) (Version: 12.0.5604.55 - CyberLink Corp.)
Lenovo QuickOptimizer (HKLM\...\{8D2C871B-1B9F-45AC-9C43-2BB18089CDFA}) (Version: 1.0.022.00 - Lenovo)
Lenovo Service Bridge (HKU\S-1-5-21-3805500227-4192919812-1505005631-1002\...\{2C74547D-EF88-47F4-85F5-BE46A31E26B7}_is1) (Version: 4.0.6.7 - Lenovo)
Lenovo Solution Center (HKLM\...\{C1FC707B-AE6B-4DC4-89A5-6628A01F8103}) (Version: 3.3.003.00 - Lenovo)
Lenovo System Interface Foundation (HKLM\...\{C2E5CA37-C862-4A69-AC6D-24F450A20C16}) (Version: 1.0.067.00 - Lenovo)
Lenovo System Update (HKLM-x32\...\TVSU_is1) (Version: 5.07.0136 - Lenovo)
Lenovo Vantage Service (HKLM-x32\...\VantageSRV_is1) (Version: 3.12.13.0 - Lenovo Group Ltd.)
LenovoUtility (HKLM-x32\...\{6ADA7E88-8D16-4D0D-BC90-2B93AC5E56DA}) (Version: 3.0.0.4 - Lenovo) Hidden
LenovoUtility (HKLM-x32\...\InstallShield_{6ADA7E88-8D16-4D0D-BC90-2B93AC5E56DA}) (Version: 3.0.0.4 - Lenovo)
Malwarebytes version 4.5.9.198 (HKLM\...\{35065F43-4BB2-439A-BFF7-0F1014F2E0CD}_is1) (Version: 4.5.9.198 - Malwarebytes)
Metric Collection SDK (HKLM-x32\...\{DDAA788F-52E6-44EA-ADB8-92837B11BF26}) (Version: 1.1.0012.00 - Lenovo Group Limited) Hidden
Metric Collection SDK 35 (HKLM-x32\...\{C2B5B5B0-2545-4E94-B4BA-548D4BF0B196}) (Version: 1.2.0010.00 - Lenovo Group Limited) Hidden
Microsoft OneDrive (HKU\S-1-5-21-3805500227-4192919812-1505005631-1002\...\OneDriveSetup.exe) (Version: 21.139.0711.0001 - Microsoft Corporation)
MY.GAMES GameCenter (HKU\S-1-5-21-3805500227-4192919812-1505005631-1002\...\GameCenter) (Version: 4.1663 - MY.COM B.V.)
OCR Software by I.R.I.S. 14.0 (HKLM\...\HPOCR) (Version: 14.0 - HP)
OEM Application Profile (HKLM-x32\...\{B4B7FD8F-06FC-E277-4F29-8F75F8281D8F}) (Version: 1.00.0000 - Advanced Micro Devices, Inc.)
Office 15 Click-to-Run Extensibility Component (HKLM-x32\...\{90150000-008C-0000-0000-0000000FF1CE}) (Version: 15.0.5423.1000 - Microsoft Corporation) Hidden
Office 15 Click-to-Run Licensing Component (HKLM\...\{90150000-008F-0000-1000-0000000FF1CE}) (Version: 15.0.5423.1000 - Microsoft Corporation) Hidden
Office 15 Click-to-Run Localization Component (HKLM-x32\...\{90150000-008C-0409-0000-0000000FF1CE}) (Version: 15.0.5423.1000 - Microsoft Corporation) Hidden
Parallels Client-64 bit (HKLM\...\{6BD6F307-41E8-4570-9D5C-E03C34A81C00}) (Version: 18.2.22862 - Parallels International GmbH)
Product Improvement Study for HP OfficeJet 8010 series (HKLM\...\{3A0E9F23-78FD-4AE0-BD79-59D37E6046DE}) (Version: 49.10.4647.21322 - HP Inc.)
REACHit (HKLM-x32\...\{4532E4C5-C84D-4040-A044-ECFCC5C6995B}) (Version: 2.5.005.12 - Lenovo)
REALTEK Bluetooth Driver (HKLM-x32\...\{9D3D8C60-A5EF-4123-B2B9-172095903AB}) (Version: 3.868.867.071015 - REALTEK Semiconductor Corp.)
Realtek Ethernet Controller Driver (HKLM-x32\...\{8833FFB6-5B0C-4764-81AA-06DFEED9A476}) (Version: 10.1.505.2015 - Realtek)
REALTEK Wireless LAN Driver (HKLM-x32\...\{9DAABC60-A5EF-41FF-B2B9-17329590CD5}) (Version: 1.00.0276 - REALTEK Semiconductor Corp.)
RingCentral (HKU\S-1-5-21-3805500227-4192919812-1505005631-1002\...\584acf4c-ebc3-56fa-9cfd-586227f098ba) (Version: 22.2.20 - RingCentral)
SHAREit (HKLM-x32\...\SHAREit_is1) (Version: 3.2.0.543 - Lenovo)
Sky Go 21.3.2.0 (HKU\S-1-5-21-3805500227-4192919812-1505005631-1002\...\com.bskyb.skygoplayer_is1) (Version: 21.3.2.0 - Sky)
Skype version 8.83 (HKLM-x32\...\Skype_is1) (Version: 8.83 - Skype Technologies S.A.)
TeamViewer (HKLM\...\TeamViewer) (Version: 15.23.9 - TeamViewer)
Update for Windows 10 for x64-based Systems (KB5001716) (HKLM\...\{82BD0A1C-815F-487F-9AE7-CE73DA413CFF}) (Version: 4.91.0.0 - Microsoft Corporation)
User Manuals (HKLM-x32\...\{F07C2CF8-4C53-4EC3-8162-A6221E36EB88}) (Version: 4.0.0.1 - Lenovo) Hidden
User Manuals (HKLM-x32\...\InstallShield_{F07C2CF8-4C53-4EC3-8162-A6221E36EB88}) (Version: 4.0.0.1 - Lenovo)
VLC media player (HKLM\...\VLC media player) (Version: 3.0.13 - VideoLAN)
Vulkan Run Time Libraries 1.0.26.0 (HKLM\...\VulkanRT1.0.26.0) (Version: 1.0.26.0 - LunarG, Inc.) Hidden
Vulkan Run Time Libraries 1.0.26.0 (HKLM\...\VulkanRT1.0.26.0-2) (Version: 1.0.26.0 - LunarG, Inc.)
Vulkan Run Time Libraries 1.0.65.0 (HKLM\...\VulkanRT1.0.65.0) (Version: 1.0.65.0 - LunarG, Inc.) Hidden
WD Desktop App 2.1.0.313 (HKLM-x32\...\{756e70ec-1fb0-41c8-896b-df0302d17bff}) (Version: 2.1.0.313 - Western Digital Corporation) Hidden
WD Desktop App 2.1.0.313 (x64) (HKLM\...\{CA7F7232-526E-41BD-971A-47BE28C18516}) (Version: 2.1.0.313 - Western Digital Corporation) Hidden
WD Discovery (HKLM-x32\...\WDDiscovery) (Version: 4.3.327 - Western Digital Technologies, Inc.)
WD SES Driver Setup (HKLM-x32\...\{924A274D-38B6-4930-8859-F3F51CFA8DDD}) (Version: 1.1.0.25 - Western Digital) Hidden
Zoom (HKU\S-1-5-21-3805500227-4192919812-1505005631-1002\...\ZoomUMX) (Version: 5.5.2 (12494.0204) - Zoom Video Communications, Inc.)
Packages:
=========
HP Smart -> C:\Program Files\WindowsApps\AD2F1837.HPPrinterControl_136.1.269.0_x64__v10z8vjag6ke6 [2022-05-22] (HP Inc.)
Lenovo Account Portal -> C:\Program Files\WindowsApps\LenovoCorporation.LenovoID_2.0.37.0_x86__4642shxvsv8s2 [2022-05-22] (LENOVO INCORPORATED.)
Lenovo Settings -> C:\Program Files\WindowsApps\LenovoCorporation.LenovoSettings_3.177.0.0_x86__4642shxvsv8s2 [2022-03-29] (LENOVO INCORPORATED.)
Lenovo Vantage -> C:\Program Files\WindowsApps\E046963F.LenovoCompanion_10.2204.14.0_x64__k1h2ywk1493x8 [2022-04-25] (LENOVO INC.)
Microsoft Advertising SDK for XAML -> C:\Program Files\WindowsApps\Microsoft.Advertising.Xaml_10.1811.1.0_x64__8wekyb3d8bbwe [2019-01-17] (Microsoft Corporation) [MS Ad]
Microsoft Advertising SDK for XAML -> C:\Program Files\WindowsApps\Microsoft.Advertising.Xaml_10.1811.1.0_x86__8wekyb3d8bbwe [2019-01-17] (Microsoft Corporation) [MS Ad]
Microsoft Solitaire Collection -> C:\Program Files\WindowsApps\Microsoft.MicrosoftSolitaireCollection_4.12.5120.0_x64__8wekyb3d8bbwe [2022-05-17] (Microsoft Studios) [MS Ad]
MPEG-2 Video Extension -> C:\Program Files\WindowsApps\Microsoft.MPEG2VideoExtension_1.0.50901.0_x64__8wekyb3d8bbwe [2022-05-03] (Microsoft Corporation)
Open PDF + -> C:\Program Files\WindowsApps\3538OpenOffice.OpenOfficePDF_1.25.0.2_neutral__nmw6e14cfhspc [2017-04-05] (Open PDF, Word, Excel)
Photos Media Engine Add-on -> C:\Program Files\WindowsApps\Microsoft.Photos.MediaEngineDLC_1.0.0.0_x64__8wekyb3d8bbwe [2020-03-26] (Microsoft Corporation)
==================== Custom CLSID (Whitelisted): ==============
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
CustomCLSID: HKU\S-1-5-21-3805500227-4192919812-1505005631-1002_Classes\CLSID\{E31EA727-12ED-4702-820C-4B6445F28E1A} -> [Dropbox] => C:\Users\molli\Dropbox [2016-04-18 23:36]
SSODL: WDFSMountNotificator-wdfsconnect2017 - {DBD7FD30-5740-4331-81CF-D711F322B06F} - C:\WINDOWS\system32\wdfsconnectMntNtf2017.dll (Western Digital Technologies, Inc.) [File not signed]
SSODL-x32: WDFSMountNotificator-wdfsconnect2017 - {DBD7FD30-5740-4331-81CF-D711F322B06F} - C:\WINDOWS\SysWOW64\wdfsconnectMntNtf2017.dll (Western Digital Technologies, Inc.) [File not signed]
ShellServiceObjects: Virtual Storage Mount Notification -> {DBD7FD30-5740-4331-81CF-D711F322B06F} => C:\WINDOWS\system32\wdfsconnectMntNtf2017.dll [2017-11-10] (Western Digital Technologies, Inc.) [File not signed]
ShellServiceObjects-x32: Virtual Storage Mount Notification -> {DBD7FD30-5740-4331-81CF-D711F322B06F} => C:\WINDOWS\SysWOW64\wdfsconnectMntNtf2017.dll [2017-11-10] (Western Digital Technologies, Inc.) [File not signed]
ShellIconOverlayIdentifiers: [ WDDesktopIconOverlay01] -> {4F8A325E-9DAF-44B8-A825-1A14DFA0FA78} => C:\Program Files\WD Desktop App\kda.DLL [2020-07-20] (Western Digital Technologies, Inc. -> Western Digital Corporation)
ShellIconOverlayIdentifiers: [ WDDesktopIconOverlay02] -> {0176BDDE-B59A-4A1E-808B-CAD461415CCA} => C:\Program Files\WD Desktop App\kda.DLL [2020-07-20] (Western Digital Technologies, Inc. -> Western Digital Corporation)
ShellIconOverlayIdentifiers: [ WDDesktopIconOverlay03] -> {B65909D1-57AF-41F5-AB94-BEB733F62B35} => C:\Program Files\WD Desktop App\kda.DLL [2020-07-20] (Western Digital Technologies, Inc. -> Western Digital Corporation)
ShellIconOverlayIdentifiers: [ WDDesktopIconOverlay04] -> {C6C2397D-8238-4332-8935-86C39C7C165F} => C:\Program Files\WD Desktop App\kda.DLL [2020-07-20] (Western Digital Technologies, Inc. -> Western Digital Corporation)
ShellIconOverlayIdentifiers: [ WDDesktopIconOverlay05] -> {E7B3BCF9-0386-4B5F-AE6A-91B9F1423973} => C:\Program Files\WD Desktop App\kda.DLL [2020-07-20] (Western Digital Technologies, Inc. -> Western Digital Corporation)
ShellIconOverlayIdentifiers: [ WDDesktopIconOverlay06] -> {564EA121-D9DA-485D-82C2-C2ED7BFCCEAD} => C:\Program Files\WD Desktop App\kda.DLL [2020-07-20] (Western Digital Technologies, Inc. -> Western Digital Corporation)
ShellIconOverlayIdentifiers: [ DropboxExt01] -> {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.52.0.dll [2022-01-19] (Dropbox, Inc -> Dropbox, Inc.)
ShellIconOverlayIdentifiers: [ DropboxExt02] -> {FB314EDF-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.52.0.dll [2022-01-19] (Dropbox, Inc -> Dropbox, Inc.)
ShellIconOverlayIdentifiers: [ DropboxExt03] -> {FB314EE1-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.52.0.dll [2022-01-19] (Dropbox, Inc -> Dropbox, Inc.)
ShellIconOverlayIdentifiers: [ DropboxExt04] -> {FB314EDB-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.52.0.dll [2022-01-19] (Dropbox, Inc -> Dropbox, Inc.)
ShellIconOverlayIdentifiers: [ DropboxExt05] -> {FB314EDA-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.52.0.dll [2022-01-19] (Dropbox, Inc -> Dropbox, Inc.)
ShellIconOverlayIdentifiers: [ DropboxExt06] -> {FB314EDC-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.52.0.dll [2022-01-19] (Dropbox, Inc -> Dropbox, Inc.)
ShellIconOverlayIdentifiers: [ DropboxExt07] -> {FB314EDD-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.52.0.dll [2022-01-19] (Dropbox, Inc -> Dropbox, Inc.)
ShellIconOverlayIdentifiers: [ DropboxExt08] -> {FB314EE0-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.52.0.dll [2022-01-19] (Dropbox, Inc -> Dropbox, Inc.)
ShellIconOverlayIdentifiers: [ DropboxExt09] -> {FB314EE2-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.52.0.dll [2022-01-19] (Dropbox, Inc -> Dropbox, Inc.)
ShellIconOverlayIdentifiers: [ DropboxExt10] -> {FB314EDE-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.52.0.dll [2022-01-19] (Dropbox, Inc -> Dropbox, Inc.)
ShellIconOverlayIdentifiers: [00asw] -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Program Files\Avast Software\Avast\ashShell.dll [2022-05-16] (Avast Software s.r.o. -> AVAST Software)
ShellIconOverlayIdentifiers-x32: [ DropboxExt01] -> {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.52.0.dll [2022-01-19] (Dropbox, Inc -> Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [ DropboxExt02] -> {FB314EDF-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.52.0.dll [2022-01-19] (Dropbox, Inc -> Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [ DropboxExt03] -> {FB314EE1-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.52.0.dll [2022-01-19] (Dropbox, Inc -> Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [ DropboxExt04] -> {FB314EDB-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.52.0.dll [2022-01-19] (Dropbox, Inc -> Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [ DropboxExt05] -> {FB314EDA-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.52.0.dll [2022-01-19] (Dropbox, Inc -> Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [ DropboxExt06] -> {FB314EDC-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.52.0.dll [2022-01-19] (Dropbox, Inc -> Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [ DropboxExt07] -> {FB314EDD-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.52.0.dll [2022-01-19] (Dropbox, Inc -> Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [ DropboxExt08] -> {FB314EE0-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.52.0.dll [2022-01-19] (Dropbox, Inc -> Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [ DropboxExt09] -> {FB314EE2-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.52.0.dll [2022-01-19] (Dropbox, Inc -> Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [ DropboxExt10] -> {FB314EDE-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.52.0.dll [2022-01-19] (Dropbox, Inc -> Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [00asw] -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Program Files\Avast Software\Avast\ashShell.dll [2022-05-16] (Avast Software s.r.o. -> AVAST Software)
ContextMenuHandlers1: [7-Zip] -> {23170F69-40C1-278A-1000-000100020000} => C:\Program Files\7-Zip\7-zip.dll [2019-02-21] (Igor Pavlov) [File not signed]
ContextMenuHandlers1: [avast] -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Program Files\Avast Software\Avast\ashShell.dll [2022-05-16] (Avast Software s.r.o. -> AVAST Software)
ContextMenuHandlers1: [BtSendToMenuEx] -> {CF24E6B8-F148-4BCB-9108-ADF313966E80} => C:\Program Files (x86)\REALTEK\Realtek Bluetooth\DevMenuExt.dll [2014-07-03] (Realtek Semiconductor Corp -> Realtek Semiconductor Corporation)
ContextMenuHandlers1: [CLVDShellExt] -> {3E2A0A32-6E14-4BAD-AA87-BBB6A75EBFF2} => C:\Program Files (x86)\Common Files\CyberLink\ShellExtComponent\CLVDShellExt.dll [2015-07-21] (CyberLink Corp. -> Cyberlink)
ContextMenuHandlers1: [DropboxExt] -> {ECD97DE5-3C8F-4ACB-AEEE-CCAB78F7711C} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.52.0.dll [2022-01-19] (Dropbox, Inc -> Dropbox, Inc.)
ContextMenuHandlers1: [WDDesktopContextMenu] -> {fa00ba41-b6f6-3cfa-a300-f25ce175fe7e} => C:\Program Files\WD Desktop App\kda.DLL [2020-07-20] (Western Digital Technologies, Inc. -> Western Digital Corporation)
ContextMenuHandlers2: [CLVDShellExt] -> {3E2A0A32-6E14-4BAD-AA87-BBB6A75EBFF2} => C:\Program Files (x86)\Common Files\CyberLink\ShellExtComponent\CLVDShellExt.dll [2015-07-21] (CyberLink Corp. -> Cyberlink)
ContextMenuHandlers3: [00asw] -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Program Files\Avast Software\Avast\ashShell.dll [2022-05-16] (Avast Software s.r.o. -> AVAST Software)
ContextMenuHandlers3: [MBAMShlExt] -> {57CE581A-0CB6-4266-9CA0-19364C90A0B3} => C:\Program Files\Malwarebytes\Anti-Malware\mbshlext.dll [2022-05-21] (Malwarebytes Inc. -> Malwarebytes)
ContextMenuHandlers4: [7-Zip] -> {23170F69-40C1-278A-1000-000100020000} => C:\Program Files\7-Zip\7-zip.dll [2019-02-21] (Igor Pavlov) [File not signed]
ContextMenuHandlers4: [DropboxExt] -> {ECD97DE5-3C8F-4ACB-AEEE-CCAB78F7711C} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.52.0.dll [2022-01-19] (Dropbox, Inc -> Dropbox, Inc.)
ContextMenuHandlers4: [WDDesktopContextMenu] -> {fa00ba41-b6f6-3cfa-a300-f25ce175fe7e} => C:\Program Files\WD Desktop App\kda.DLL [2020-07-20] (Western Digital Technologies, Inc. -> Western Digital Corporation)
ContextMenuHandlers5: [ACE] -> {5E2121EE-0300-11D4-8D3B-444553540000} => C:\Program Files\AMD\CNext\CNext\atiacm64.dll [2017-03-21] (Advanced Micro Devices, Inc.) [File not signed]
ContextMenuHandlers5: [DropboxExt] -> {ECD97DE5-3C8F-4ACB-AEEE-CCAB78F7711C} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.52.0.dll [2022-01-19] (Dropbox, Inc -> Dropbox, Inc.)
ContextMenuHandlers6: [7-Zip] -> {23170F69-40C1-278A-1000-000100020000} => C:\Program Files\7-Zip\7-zip.dll [2019-02-21] (Igor Pavlov) [File not signed]
ContextMenuHandlers6: [avast] -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Program Files\Avast Software\Avast\ashShell.dll [2022-05-16] (Avast Software s.r.o. -> AVAST Software)
ContextMenuHandlers6: [MBAMShlExt] -> {57CE581A-0CB6-4266-9CA0-19364C90A0B3} => C:\Program Files\Malwarebytes\Anti-Malware\mbshlext.dll [2022-05-21] (Malwarebytes Inc. -> Malwarebytes)
==================== Codecs (Whitelisted) ====================
==================== Shortcuts & WMI ========================
(The entries could be listed to be restored or removed.)
ShortcutWithArgument: C:\Users\molli\Desktop\Select profile Disney+.lnk -> C:\Program Files (x86)\Google\Chrome\Application\chrome_proxy.exe (Google LLC) -> --profile-directory="Profile 1" --app-id=filcohkaojcjmnjcfcbijhiekgkfpimm
ShortcutWithArgument: C:\Users\molli\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Select profile Disney+.lnk -> C:\Program Files (x86)\Google\Chrome\Application\chrome_proxy.exe (Google LLC) -> --profile-directory="Profile 1" --app-id=filcohkaojcjmnjcfcbijhiekgkfpimm
ShortcutWithArgument: C:\Users\molli\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\ImplicitAppShortcuts\69639df789022856\Google Chrome.lnk -> C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google LLC) -> --profile-directory="Profile 1"
-
June 2nd, 2022, 01:22 AM
#4
Additions part 2
==================== Loaded Modules (Whitelisted) =============
2022-05-31 21:24 - 2022-05-27 23:14 - 000341504 _____ () [File not signed] \\?\C:\Users\molli\AppData\Local\Programs\RingCentral\resources\app.asar.unpacked\node_modules\@ringcentral\os-session\prebuilds\win32-x64\node.napi.node
2022-05-31 21:24 - 2022-05-27 23:14 - 004775936 _____ () [File not signed] \\?\C:\Users\molli\AppData\Local\Programs\RingCentral\resources\app.asar.unpacked\node_modules\@ringcentral\rse-desktop\out\ringcentral-rse-desktop.node
2022-05-31 21:24 - 2022-05-27 23:14 - 000086528 _____ () [File not signed] \\?\C:\Users\molli\AppData\Local\Programs\RingCentral\resources\app.asar.unpacked\node_modules\@ringcentral\rse-desktop\out\zlib1.dll
2022-05-31 21:24 - 2022-05-27 23:14 - 000372224 _____ () [File not signed] \\?\C:\Users\molli\AppData\Local\Programs\RingCentral\resources\app.asar.unpacked\node_modules\get_win_version\prebuilds\win32-x64\node.napi.node
2022-05-31 21:24 - 2022-05-27 23:14 - 000095744 _____ () [File not signed] \\?\C:\Users\molli\AppData\Local\Programs\RingCentral\resources\app.asar.unpacked\node_modules\macos-notification-state\build\Release\notificationstate.node
2022-05-31 21:24 - 2022-05-27 23:14 - 025709568 _____ () [File not signed] \\?\C:\Users\molli\AppData\Local\Programs\RingCentral\resources\app.asar.unpacked\node_modules\rcv-desktop-sdk\tools\build\bin\krisp-audio-bindings.node
2022-05-31 21:24 - 2022-05-27 23:14 - 003969024 _____ () [File not signed] \\?\C:\Users\molli\AppData\Local\Programs\RingCentral\resources\app.asar.unpacked\node_modules\rcv-desktop-sdk\tools\build\bin\rcv-desktop-tools.node
2022-05-31 21:24 - 2022-05-27 23:14 - 000376832 _____ () [File not signed] \\?\C:\Users\molli\AppData\Local\Programs\RingCentral\resources\app.asar.unpacked\node_modules\winreglib\build\Release\node_winreglib.node
2022-05-31 21:24 - 2022-05-27 23:14 - 001266176 _____ () [File not signed] \\?\C:\Users\molli\AppData\Local\Programs\RingCentral\resources\win\bin\resources\app.asar.unpacked\node_modules\@ringcentral\zsdk\prebuilds\win32-x64\electron.abi85.node
2022-01-27 18:58 - 2022-01-27 18:58 - 001469440 _____ () [File not signed] C:\Program Files\WindowsApps\AD2F1837.HPPrinterControl_136.1.269.0_x64__v10z8vjag6ke6\e_sqlite3.dll
2022-05-31 21:24 - 2022-05-27 23:14 - 002675712 _____ () [File not signed] C:\Users\molli\AppData\Local\Programs\RingCentral\ffmpeg.dll
2022-05-31 21:24 - 2022-05-27 23:14 - 000435712 _____ () [File not signed] C:\Users\molli\AppData\Local\Programs\RingCentral\libegl.dll
2022-05-31 21:24 - 2022-05-27 23:14 - 007936512 _____ () [File not signed] C:\Users\molli\AppData\Local\Programs\RingCentral\libglesv2.dll
2022-05-31 21:24 - 2022-05-27 23:14 - 002823680 _____ () [File not signed] C:\Users\molli\AppData\Local\Programs\RingCentral\resources\win\bin\ffmpeg.dll
2022-05-31 21:24 - 2022-05-27 23:14 - 000449024 _____ () [File not signed] C:\Users\molli\AppData\Local\Programs\RingCentral\resources\win\bin\libegl.dll
2022-05-31 21:24 - 2022-05-27 23:14 - 007620096 _____ () [File not signed] C:\Users\molli\AppData\Local\Programs\RingCentral\resources\win\bin\libglesv2.dll
2011-08-18 01:29 - 2011-08-18 01:29 - 001039360 _____ (Hewlett-Packard Co.) [File not signed] c:\program files (x86)\hp\digital imaging\bin\hpslpsvc64.dll
2022-04-30 18:41 - 2022-04-30 18:41 - 119193088 _____ (HP Development Company, L.P.) [File not signed] C:\Program Files\WindowsApps\AD2F1837.HPPrinterControl_136.1.269.0_x64__v10z8vjag6ke6\HP.Smart.dll
2021-11-02 23:15 - 2021-11-02 23:15 - 007170048 _____ (HP Development Company, L.P.) [File not signed] C:\Program Files\WindowsApps\AD2F1837.HPPrinterControl_136.1.269.0_x64__v10z8vjag6ke6\HPPageLift.UWP.dll
2022-04-30 18:41 - 2022-04-30 18:41 - 000133632 _____ (HP Inc) [File not signed] C:\Program Files\WindowsApps\AD2F1837.HPPrinterControl_136.1.269.0_x64__v10z8vjag6ke6\HP.OneDriver.UserForms.dll
2022-03-22 21:14 - 2022-03-22 21:16 - 000013824 _____ (HP Inc.) [File not signed] C:\Program Files\WindowsApps\AD2F1837.HPPrinterControl_136.1.269.0_x64__v10z8vjag6ke6\NativeRpcClient.dll
2019-02-21 21:00 - 2019-02-21 21:00 - 000078336 _____ (Igor Pavlov) [File not signed] C:\Program Files\7-Zip\7-zip.dll
2022-05-31 21:24 - 2022-05-27 23:14 - 000489984 _____ (The curl library, hxxps://curl.se/) [File not signed] \\?\C:\Users\molli\AppData\Local\Programs\RingCentral\resources\app.asar.unpacked\node_modules\@ringcentral\rse-desktop\out\libcurl.dll
2022-05-31 21:24 - 2022-05-27 23:14 - 003406848 _____ (The OpenSSL Project, hxxps://www.openssl.org/) [File not signed] \\?\C:\Users\molli\AppData\Local\Programs\RingCentral\resources\app.asar.unpacked\node_modules\@ringcentral\rse-desktop\out\libcrypto-1_1-x64.dll
2022-05-31 21:24 - 2022-05-27 23:14 - 000685056 _____ (The OpenSSL Project, hxxps://www.openssl.org/) [File not signed] \\?\C:\Users\molli\AppData\Local\Programs\RingCentral\resources\app.asar.unpacked\node_modules\@ringcentral\rse-desktop\out\libssl-1_1-x64.dll
==================== Alternate Data Streams (Whitelisted) ========
==================== Safe Mode (Whitelisted) ==================
(If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\aswSP.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MBAMService => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\aswSP.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\MBAMService => ""="Service"
==================== Association (Whitelisted) =================
==================== Internet Explorer (Whitelisted) ==========
HKU\S-1-5-21-3805500227-4192919812-1505005631-1002\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://lenovo15.msn.com/?pc=LCTE
HKU\S-1-5-21-3805500227-4192919812-1505005631-1002\Software\Microsoft\Internet Explorer\Main,Secondary Start Pages = hxxp://mystart.lenovo.com
SearchScopes: HKU\S-1-5-21-3805500227-4192919812-1505005631-1002 -> DefaultScope {E09A2151-3467-4174-8E16-BD5B6D09480F} URL =
SearchScopes: HKU\S-1-5-21-3805500227-4192919812-1505005631-1002 -> {C0C3A6C6-03BC-4195-8FCB-AEA091301353} URL = hxxps://ie.search.yahoo.com/yhs/search?hspart=lvs&hsimp=yhs-awc&type=lvs__webcompa__1_0__ya__ch_WCYID10440__180520__yaie&p={searchTerms}
SearchScopes: HKU\S-1-5-21-3805500227-4192919812-1505005631-1002 -> {E09A2151-3467-4174-8E16-BD5B6D09480F} URL =
BHO: Skype for Business Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX64\Microsoft Office\Office15\OCHelper.dll [2021-03-17] (Microsoft Corporation -> Microsoft Corporation)
BHO: Microsoft SkyDrive Pro Browser Helper -> {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} -> C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX64\Microsoft Office\Office15\GROOVEEX.DLL [2022-01-20] (Microsoft Corporation -> Microsoft Corporation)
BHO: No Name -> {DBD7FD30-5740-4331-81CF-D711F322B06F}' -> No File
BHO-x32: Skype for Business Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files\Microsoft Office 15\root\Office15\OCHelper.dll [2021-03-17] (Microsoft Corporation -> Microsoft Corporation)
BHO-x32: Microsoft SkyDrive Pro Browser Helper -> {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} -> C:\Program Files\Microsoft Office 15\root\Office15\GROOVEEX.DLL [2022-01-20] (Microsoft Corporation -> Microsoft Corporation)
BHO-x32: No Name -> {DBD7FD30-5740-4331-81CF-D711F322B06F}' -> No File
Handler-x32: osf - {D924BDC6-C83A-4BD5-90D0-095128A113D1} - C:\Program Files\Microsoft Office 15\root\Office15\MSOSB.DLL [2017-07-18] (Microsoft Corporation -> Microsoft Corporation)
(If an entry is included in the fixlist, it will be removed from the registry.)
IE trusted site: HKU\.DEFAULT\...\localhost -> localhost
IE trusted site: HKU\S-1-5-21-3805500227-4192919812-1505005631-1002\...\localhost -> localhost
==================== Hosts content: =========================
(If needed Hosts: directive could be included in the fixlist to reset Hosts.)
2016-07-16 12:47 - 2016-07-16 12:45 - 000000824 _____ C:\WINDOWS\system32\drivers\etc\hosts
==================== Other Areas ===========================
(Currently there is no automatic fix for this section.)
HKLM\System\CurrentControlSet\Control\Session Manager\Environment\\Path -> C:\Program Files (x86)\Lenovo\FusionEngine;%SystemRoot%\system32;%SystemRoot%;%SystemRoot%\System32\Wbem;%SYSTEMROOT%\System32\WindowsPowerShell\v1.0\;C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static;C:\Program Files\RogueKiller;%SYSTEMROOT%\System32\OpenSSH\;C:\Program Files (x86)\HP\Common\HPDestPlgIn\
HKU\S-1-5-21-3805500227-4192919812-1505005631-1002\Control Panel\Desktop\\Wallpaper -> c:\windows\web\wallpaper\theme1\img1.jpg
DNS Servers: 89.101.160.5 - 89.101.160.4
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1)
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer => (SmartScreenEnabled: RequireAdmin)
Windows Firewall is enabled.
==================== MSCONFIG/TASK MANAGER disabled items ==
(If an entry is included in the fixlist, it will be removed.)
MSCONFIG\Services: AdaptiveSleepService => 2
MSCONFIG\Services: AdobeARMservice => 2
MSCONFIG\Services: AMD External Events Utility => 2
MSCONFIG\Services: AvrcpService => 2
MSCONFIG\Services: BTDevManager => 2
MSCONFIG\Services: CCSDK => 2
MSCONFIG\Services: DAX2API => 2
MSCONFIG\Services: dbupdate => 2
MSCONFIG\Services: dbupdatem => 3
MSCONFIG\Services: DbxSvc => 2
MSCONFIG\Services: ETDService => 2
MSCONFIG\Services: GDCAgent => 2
MSCONFIG\Services: gupdate => 2
MSCONFIG\Services: gupdatem => 3
MSCONFIG\Services: HPSupportSolutionsFrameworkService => 2
MSCONFIG\Services: HuaweiHiSuiteService64.exe => 2
MSCONFIG\Services: ImControllerService => 2
MSCONFIG\Services: isesrv => 2
MSCONFIG\Services: LSC.Services.SystemService => 3
MSCONFIG\Services: MozillaMaintenance => 3
MSCONFIG\Services: ShareItSvc => 3
MSCONFIG\Services: SkypeUpdate => 2
MSCONFIG\Services: tbaseprovisioning => 2
HKLM\...\StartupApproved\StartupFolder: => "AnyDesk.lnk"
HKLM\...\StartupApproved\Run: => "SecurityHealth"
HKLM\...\StartupApproved\Run: => "RTHDVCPL"
HKLM\...\StartupApproved\Run: => "RtHDVBg_Dolby"
HKLM\...\StartupApproved\Run: => "RtHDVBg_LENOVO_DOLBYDRAGON"
HKLM\...\StartupApproved\Run: => "RtHDVBg_LENOVO_MICPKEY"
HKLM\...\StartupApproved\Run: => "LenovoUtility"
HKLM\...\StartupApproved\Run: => "DAX2_APP"
HKLM\...\StartupApproved\Run: => "BtServer"
HKLM\...\StartupApproved\Run: => "StartCN"
HKLM\...\StartupApproved\Run32: => "CLMLServer_For_P2G8"
HKLM\...\StartupApproved\Run32: => "CLVirtualDrive"
HKLM\...\StartupApproved\Run32: => "Dropbox"
HKLM\...\StartupApproved\Run32: => "HP Software Update"
HKLM\...\StartupApproved\Run32: => "AvgUi"
HKLM\...\StartupApproved\Run32: => "CCAV"
HKLM\...\StartupApproved\Run32: => "IseUI"
HKLM\...\StartupApproved\Run32: => "WDDiscovery"
HKU\S-1-5-21-3805500227-4192919812-1505005631-1002\...\StartupApproved\Run: => "OneDrive"
HKU\S-1-5-21-3805500227-4192919812-1505005631-1002\...\StartupApproved\Run: => "BlueCoreInterfaceTrayApp"
HKU\S-1-5-21-3805500227-4192919812-1505005631-1002\...\StartupApproved\Run: => "Skype"
HKU\S-1-5-21-3805500227-4192919812-1505005631-1002\...\StartupApproved\Run: => "Skype for Desktop"
==================== FirewallRules (Whitelisted) ================
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
FirewallRules: [UDP Query User{B4BBEFFA-D6F9-40EE-B1AA-62F3E33811BC}C:\users\molli\appdata\roaming\utorrent\updates\3.5.5_45828.exe] => (Allow) C:\users\molli\appdata\roaming\utorrent\updates\3.5.5_45828.exe (BitTorrent Inc -> BitTorrent Inc.)
FirewallRules: [TCP Query User{98EF0F8A-EA8F-4BC6-BD89-BDA31E78E6A0}C:\users\molli\appdata\roaming\utorrent\updates\3.5.5_45828.exe] => (Allow) C:\users\molli\appdata\roaming\utorrent\updates\3.5.5_45828.exe (BitTorrent Inc -> BitTorrent Inc.)
FirewallRules: [{017DE5D4-AD84-4DC0-95E5-ABD8BF8EE798}] => (Allow) C:\Program Files (x86)\Cardo Updater\CardoUpdater.exe (Cardo Systems Inc -> )
FirewallRules: [{F52C28C9-9366-459C-A3B0-6C8254768177}] => (Allow) C:\Program Files (x86)\Cardo Updater\CardoUpdater.exe (Cardo Systems Inc -> )
FirewallRules: [{0153588C-5FB3-4D90-8EFF-896EA03A5163}] => (Allow) C:\Program Files (x86)\Cardo Updater\CardoUpdater.exe (Cardo Systems Inc -> )
FirewallRules: [{833CA06F-2383-4DE5-BCFE-5A188FE9C97B}] => (Allow) C:\Program Files (x86)\Cardo Updater\CardoUpdater.exe (Cardo Systems Inc -> )
FirewallRules: [{5C5718B9-8431-45F5-9680-332D313FB851}] => (Allow) C:\Program Files\Microsoft Office 15\root\Office15\outlook.exe (Microsoft Corporation -> Microsoft Corporation)
FirewallRules: [{3F940AA2-3D16-4E16-8EFA-86CECCA919A4}] => (Allow) C:\Program Files (x86)\HP\hp software update\hpwucli.exe (Hewlett-Packard Company -> Hewlett-Packard)
FirewallRules: [{A63FB4BF-0BCA-40BE-BCB9-500EA0672707}] => (Allow) C:\Program Files (x86)\HP\Digital Imaging\bin\hpqusgh.exe (Hewlett Packard -> Hewlett-Packard Co.)
FirewallRules: [{311A8BD1-BF43-4133-848C-85E82D700222}] => (Allow) C:\Program Files (x86)\HP\Digital Imaging\bin\hpqusgm.exe (Hewlett Packard -> Hewlett-Packard Co.)
FirewallRules: [{251D6BEC-47FD-4DBB-91BB-701F9A5308C0}] => (Allow) C:\Program Files (x86)\HP\Digital Imaging\bin\hpqgpc01.exe (Hewlett Packard -> Hewlett-Packard)
FirewallRules: [{BD44DEAD-03E8-4C67-A61E-526547D9837A}] => (Allow) C:\Program Files (x86)\HP\Digital Imaging\bin\hpqgplgtupl.exe (Hewlett Packard -> Hewlett-Packard Co.)
FirewallRules: [{DF6DC4B7-3E77-4BDB-843F-C58306E2AD4D}] => (Allow) C:\Program Files (x86)\HP\Digital Imaging\bin\hpqfxt08.exe (Hewlett Packard -> Hewlett-Packard Co.)
FirewallRules: [{8D8BCE91-46A0-4AA7-9DDA-0C711CDFB03F}] => (Allow) C:\Program Files (x86)\HP\Digital Imaging\bin\hpofxs08.exe (Hewlett Packard -> Hewlett-Packard Co.)
FirewallRules: [{CA1583A6-95A2-4EF1-B998-1E7D28852466}] => (Allow) C:\Program Files (x86)\HP\Digital Imaging\bin\hpiscnapp.exe (Hewlett Packard -> Hewlett-Packard Co.)
FirewallRules: [{6864749C-43B2-47C4-9E3B-763CA1593B3C}] => (Allow) C:\Program Files (x86)\HP\Digital Imaging\bin\hpqnrs08.exe (Hewlett-Packard Co.) [File not signed]
FirewallRules: [{8ADED271-20FF-4CDB-96C1-0E7D9F007AEE}] => (Allow) C:\Program Files (x86)\HP\Digital Imaging\bin\hpoews01.exe (Hewlett Packard -> Hewlett-Packard Co.)
FirewallRules: [{3B78500B-C9E9-4833-9B29-1C46AA276348}] => (Allow) C:\Program Files (x86)\HP\Digital Imaging\bin\hpzwiz01.exe (Hewlett Packard -> Hewlett-Packard Co.)
FirewallRules: [{9472BDAA-662C-4F29-98B0-F714B153823B}] => (Allow) C:\Program Files (x86)\HP\Digital Imaging\bin\hpfccopy.exe (Hewlett Packard -> Hewlett-Packard Co.)
FirewallRules: [{6283E653-DEE2-4E9D-8C74-B703E4567583}] => (Allow) C:\Program Files (x86)\HP\Digital Imaging\bin\hpqcopy2.exe (Hewlett Packard -> Hewlett-Packard Co.)
FirewallRules: [{AFBDFC6D-17BC-4E03-8CBC-83BB1321047A}] => (Allow) C:\Program Files (x86)\HP\Digital Imaging\bin\hpqkygrp.exe (Hewlett Packard -> Hewlett-Packard Co.)
FirewallRules: [{21454B6C-61C2-426A-A63C-2AF316F2136D}] => (Allow) C:\Program Files (x86)\HP\Digital Imaging\bin\hposid01.exe (Hewlett Packard -> Hewlett-Packard Co.)
FirewallRules: [{ECBAF2CC-E2CC-42DA-89A5-6A2B10F9FBEC}] => (Allow) C:\Program Files (x86)\HP\Digital Imaging\bin\hposfx08.exe (Hewlett Packard -> Hewlett-Packard Co.)
FirewallRules: [{D5D81A35-A848-4BBE-BC40-163CFB49E067}] => (Allow) C:\Program Files (x86)\HP\Digital Imaging\bin\hpofxm08.exe (Hewlett Packard -> Hewlett-Packard Co.)
FirewallRules: [{85C72577-23C7-4ADC-A6AF-A4769E09CF0F}] => (Allow) C:\Program Files (x86)\HP\Digital Imaging\bin\hpqste08.exe (Hewlett Packard -> Hewlett-Packard Co.)
FirewallRules: [{D35F49DC-8A11-49AD-ADC4-E786156CEA02}] => (Allow) C:\Program Files (x86)\HP\Digital Imaging\bin\hpqtra08.exe (Hewlett Packard -> Hewlett-Packard Co.)
FirewallRules: [{7C11E1D0-001D-40B3-8239-B4A851C674FF}] => (Allow) C:\Program Files (x86)\Lenovo\SHAREit\SHAREit.exe (LENOVO -> SHAREit Technologies Co.Ltd)
FirewallRules: [{A00A74F3-7F75-4658-8241-C2A62B52A4E0}] => (Allow) C:\Program Files (x86)\Lenovo\SHAREit\SHAREit.exe (LENOVO -> SHAREit Technologies Co.Ltd)
FirewallRules: [{07A9E33B-637E-44C4-92F6-EA1B6593A40A}] => (Allow) C:\Users\molli\AppData\Roaming\uTorrent\uTorrent.exe (BitTorrent Inc -> BitTorrent Inc.)
FirewallRules: [{B8AED7C4-57CF-4BDD-BF0A-6C95BB4DDD9D}] => (Allow) C:\Users\molli\AppData\Roaming\uTorrent\uTorrent.exe (BitTorrent Inc -> BitTorrent Inc.)
FirewallRules: [{59C3339F-516B-4E70-8E88-76BCE2D043C1}] => (Allow) C:\Users\molli\AppData\Roaming\uTorrent\uTorrent.exe (BitTorrent Inc -> BitTorrent Inc.)
FirewallRules: [{06892A88-06A5-4BF4-9F47-AFBC50AAA457}] => (Allow) C:\Users\molli\AppData\Roaming\uTorrent\uTorrent.exe (BitTorrent Inc -> BitTorrent Inc.)
FirewallRules: [{E55B8E25-78E6-4B2F-A90C-17F0E934666F}] => (Allow) C:\Users\molli\AppData\Roaming\uTorrent\uTorrent.exe (BitTorrent Inc -> BitTorrent Inc.)
FirewallRules: [{F2140B2B-F580-4E87-9161-671669890C72}] => (Allow) C:\Users\molli\AppData\Roaming\uTorrent\uTorrent.exe (BitTorrent Inc -> BitTorrent Inc.)
FirewallRules: [{52F0F72F-5953-4EF6-A2C6-CFB2E691E464}] => (Allow) C:\Program Files\Microsoft Office 15\root\Office15\Lync.exe (Microsoft Corporation -> Microsoft Corporation)
FirewallRules: [{4DF68B5B-2658-4C83-A9E0-8CF8D60766E6}] => (Allow) C:\Program Files\Microsoft Office 15\root\Office15\Lync.exe (Microsoft Corporation -> Microsoft Corporation)
FirewallRules: [{573CF173-FCF2-46F6-AE50-D5E55A198771}] => (Allow) C:\Program Files\Microsoft Office 15\root\Office15\UcMapi.exe (Microsoft Corporation -> Microsoft Corporation)
FirewallRules: [{69B17E52-9949-4B1D-9AFD-1885A282EB3C}] => (Allow) C:\Program Files\Microsoft Office 15\root\Office15\UcMapi.exe (Microsoft Corporation -> Microsoft Corporation)
FirewallRules: [TCP Query User{1355592A-4A96-4249-93CB-99AAE9C7F540}C:\users\molli\appdata\roaming\utorrent\updates\3.5.5_45291.exe] => (Allow) C:\users\molli\appdata\roaming\utorrent\updates\3.5.5_45291.exe (BitTorrent Inc -> BitTorrent Inc.)
FirewallRules: [UDP Query User{2888709D-154C-4049-9F14-A948FBAC2BC0}C:\users\molli\appdata\roaming\utorrent\updates\3.5.5_45291.exe] => (Allow) C:\users\molli\appdata\roaming\utorrent\updates\3.5.5_45291.exe (BitTorrent Inc -> BitTorrent Inc.)
FirewallRules: [{64C945B8-CEBE-4501-80DC-BEF8850ADB50}] => (Allow) C:\Users\molli\AppData\Roaming\Zoom\bin\Zoom.exe (Zoom Video Communications, Inc. -> Zoom Video Communications, Inc.)
FirewallRules: [{0D6DA26D-0968-43A2-AABA-A1C14321F9BD}] => (Block) C:\Program Files\Avast Software\Avast\AvastUI.exe (Avast Software s.r.o. -> AVAST Software)
FirewallRules: [{9A03B354-FCC4-48BB-8B3D-513498EA4E97}] => (Block) C:\Program Files\Avast Software\Avast\AvastUI.exe (Avast Software s.r.o. -> AVAST Software)
FirewallRules: [{036E10BD-72FA-465D-8DED-C8A8E340C937}] => (Block) C:\Program Files\Avast Software\Avast\AvastUI.exe (Avast Software s.r.o. -> AVAST Software)
FirewallRules: [{DE8698F5-197B-4FF0-93EB-49C70B632F6E}] => (Block) C:\Program Files\Avast Software\Avast\AvastUI.exe (Avast Software s.r.o. -> AVAST Software)
FirewallRules: [{3BD83479-0DD2-45EE-AA10-5310BDBF83FE}] => (Block) C:\Program Files\Avast Software\Avast\AvastUI.exe (Avast Software s.r.o. -> AVAST Software)
FirewallRules: [{D192DC2A-FFE8-4129-B6B4-402323F1D455}] => (Block) C:\Program Files\Avast Software\Avast\AvastUI.exe (Avast Software s.r.o. -> AVAST Software)
FirewallRules: [{85865557-468C-479D-885C-893D1E9A3F86}] => (Allow) C:\Program Files\TeamViewer\TeamViewer.exe (TeamViewer Germany GmbH -> TeamViewer Germany GmbH)
FirewallRules: [{4F32B292-5FA6-489C-8B45-AE39EE242396}] => (Allow) C:\Program Files\TeamViewer\TeamViewer.exe (TeamViewer Germany GmbH -> TeamViewer Germany GmbH)
FirewallRules: [{8DE0F070-2D11-4AC5-BE69-8862C80B7D46}] => (Allow) C:\Program Files\TeamViewer\TeamViewer_Service.exe (TeamViewer Germany GmbH -> TeamViewer Germany GmbH)
FirewallRules: [{21BD37CD-D312-4BCC-B7AE-EA7E9BCFB6EC}] => (Allow) C:\Program Files\TeamViewer\TeamViewer_Service.exe (TeamViewer Germany GmbH -> TeamViewer Germany GmbH)
FirewallRules: [{15542010-2F38-41CA-B881-D1110C2A376E}] => (Allow) LPort=50005
FirewallRules: [{4DF95C14-F25A-4B6A-9BAA-BBBF48C961C7}] => (Allow) C:\Program Files\Parallels\Client\APPServerClient.exe (Parallels International GmbH -> Parallels International GmbH.)
FirewallRules: [{DD69EC4F-B900-4ED2-A4F7-A6224DB61FEE}] => (Allow) C:\Program Files\Parallels\Client\TSClient.exe (Parallels International GmbH -> Parallels International GmbH.)
FirewallRules: [TCP Query User{6B9C78A7-5375-48F8-B583-D2FBF3C85A7A}C:\users\molli\appdata\local\programs\ringcentral\ringcentral.exe] => (Allow) C:\users\molli\appdata\local\programs\ringcentral\ringcentral.exe (RingCentral, Inc. -> RingCentral)
FirewallRules: [UDP Query User{D8896416-5CDB-42CB-BCED-C64B7F183697}C:\users\molli\appdata\local\programs\ringcentral\ringcentral.exe] => (Allow) C:\users\molli\appdata\local\programs\ringcentral\ringcentral.exe (RingCentral, Inc. -> RingCentral)
FirewallRules: [{B7F8F179-80A5-41E2-AAC6-377D6DC596CF}] => (Block) C:\users\molli\appdata\local\programs\ringcentral\ringcentral.exe (RingCentral, Inc. -> RingCentral)
FirewallRules: [{357825E6-59AC-4E01-9904-066F3444EB9B}] => (Block) C:\users\molli\appdata\local\programs\ringcentral\ringcentral.exe (RingCentral, Inc. -> RingCentral)
FirewallRules: [{14518F47-8769-4280-B292-6D0F358616EA}] => (Allow) C:\Program Files (x86)\Microsoft\Skype for Desktop\Skype.exe (Skype Software Sarl -> Skype Technologies S.A.)
FirewallRules: [{4A758B59-8810-4066-AC23-BFAAC0E6D7A6}] => (Allow) C:\Program Files (x86)\Microsoft\Skype for Desktop\Skype.exe (Skype Software Sarl -> Skype Technologies S.A.)
FirewallRules: [{973FC89C-F981-4A78-860A-66C1E977B581}] => (Block) C:\Program Files\Avast Software\Avast\AvastUI.exe (Avast Software s.r.o. -> AVAST Software)
FirewallRules: [{FD9FE2FF-4154-46C0-96F7-0B99F36AA8EE}] => (Block) C:\Program Files\Avast Software\Avast\AvastUI.exe (Avast Software s.r.o. -> AVAST Software)
FirewallRules: [{7C490D35-D968-433F-860A-B7EBF206F3ED}] => (Block) C:\Program Files\Avast Software\Avast\AvastUI.exe (Avast Software s.r.o. -> AVAST Software)
FirewallRules: [{862CDF21-A801-4B64-933C-464DC910FE61}] => (Block) C:\Program Files\Avast Software\Avast\AvastUI.exe (Avast Software s.r.o. -> AVAST Software)
FirewallRules: [TCP Query User{C01AFF57-D17C-40B7-9A5D-87D1B7BD0469}C:\users\molli\appdata\local\gamecenter\gamecenter.exe] => (Allow) C:\users\molli\appdata\local\gamecenter\gamecenter.exe => No File
FirewallRules: [UDP Query User{23B32CCF-9EB6-47A3-9A49-82DD35AFD043}C:\users\molli\appdata\local\gamecenter\gamecenter.exe] => (Allow) C:\users\molli\appdata\local\gamecenter\gamecenter.exe => No File
FirewallRules: [{73EFB91F-8C34-477C-AB39-1EEF3F577340}] => (Allow) C:\Program Files (x86)\AnyDesk\AnyDesk.exe => No File
FirewallRules: [{152410C6-F7B0-4952-9013-4A071A23E4DB}] => (Allow) C:\Program Files (x86)\AnyDesk\AnyDesk.exe => No File
FirewallRules: [{EEB6F8D2-CECE-4BE3-BC93-62A744EAE6E1}] => (Allow) C:\Program Files (x86)\AnyDesk\AnyDesk.exe => No File
FirewallRules: [{278E31B4-A8A6-4722-BDD0-4CE6464ECE93}] => (Allow) C:\Program Files (x86)\AnyDesk\AnyDesk.exe => No File
FirewallRules: [{BE81E01C-3CC6-4AC9-91FD-8B95E7DAF22B}] => (Allow) C:\Program Files (x86)\AnyDesk\AnyDesk.exe => No File
FirewallRules: [{F8D1EE00-2DA7-4280-A707-B14459A7595A}] => (Allow) C:\Program Files (x86)\AnyDesk\AnyDesk.exe => No File
FirewallRules: [{A688B80E-196E-4DE3-81B2-5A4C1962DA6A}] => (Block) C:\Program Files\Avast Software\Avast\AvastUI.exe (Avast Software s.r.o. -> AVAST Software)
FirewallRules: [{64497A17-6A9F-4D38-A089-3D6E767E5543}] => (Block) C:\Program Files\Avast Software\Avast\AvastUI.exe (Avast Software s.r.o. -> AVAST Software)
FirewallRules: [{5557C55E-40C5-4AB0-BBC6-2868741E9CC0}] => (Allow) C:\Program Files\HP\HP OfficeJet 8010 series\Bin\DeviceSetup.exe (HP Inc. -> HP Inc.)
FirewallRules: [{89C0CD06-7620-4101-B1CC-5E4F2FA71B47}] => (Allow) LPort=5357
FirewallRules: [{A7244B45-0175-4237-AC3D-074780604ACF}] => (Allow) C:\Program Files\HP\HP OfficeJet 8010 series\Bin\HPNetworkCommunicatorCom.exe (HP Inc. -> HP Inc.)
FirewallRules: [{24DC84CE-C1A6-499A-8181-71E9E55F5A28}] => (Block) C:\Program Files\Avast Software\Avast\AvastUI.exe (Avast Software s.r.o. -> AVAST Software)
FirewallRules: [{10038C4A-1296-4585-A211-890C4F22344B}] => (Block) C:\Program Files\Avast Software\Avast\AvastUI.exe (Avast Software s.r.o. -> AVAST Software)
FirewallRules: [{472C1433-0EE0-49DA-8BA1-669372D03A8A}] => (Allow) C:\Program Files (x86)\Lenovo\System Update\uncserver.exe (Lenovo -> )
FirewallRules: [{C55FF48B-56D6-49C6-AC9C-AC04B2255379}] => (Allow) C:\Program Files (x86)\Lenovo\System Update\uncserver.exe (Lenovo -> )
FirewallRules: [{BF52BCA7-3A1C-44CE-8A04-DA9836A8F5B6}] => (Allow) C:\Users\molli\AppData\Roaming\uTorrent\uTorrent.exe (BitTorrent Inc -> BitTorrent Inc.)
FirewallRules: [{C5A4E187-E664-4E7F-B9EC-68EC357892CE}] => (Allow) C:\Users\molli\AppData\Roaming\uTorrent\uTorrent.exe (BitTorrent Inc -> BitTorrent Inc.)
FirewallRules: [TCP Query User{A8D373AD-745F-4B66-8B50-6FFEE0C20C3D}C:\users\molli\appdata\local\temp\7zs462c\enterprisedu.exe] => (Allow) C:\users\molli\appdata\local\temp\7zs462c\enterprisedu.exe (VistaName -> HP Inc.) [File not signed]
FirewallRules: [UDP Query User{EBD15E50-7A82-4A30-A22A-29DD1687D327}C:\users\molli\appdata\local\temp\7zs462c\enterprisedu.exe] => (Allow) C:\users\molli\appdata\local\temp\7zs462c\enterprisedu.exe (VistaName -> HP Inc.) [File not signed]
FirewallRules: [{89DBB667-C309-4DB8-B676-E7814B69AC1B}] => (Block) C:\Program Files\Avast Software\Avast\AvastUI.exe (Avast Software s.r.o. -> AVAST Software)
FirewallRules: [{5B62B505-702E-4819-A48E-3A9F05885951}] => (Block) C:\Program Files\Avast Software\Avast\AvastUI.exe (Avast Software s.r.o. -> AVAST Software)
FirewallRules: [{D66920BA-D3E5-45E1-8764-FBC907AC4CCC}] => (Block) C:\Program Files\Avast Software\Avast\AvastUI.exe (Avast Software s.r.o. -> AVAST Software)
FirewallRules: [{EF9ECAFD-49C1-47D8-8D28-61C334251265}] => (Block) C:\Program Files\Avast Software\Avast\AvastUI.exe (Avast Software s.r.o. -> AVAST Software)
FirewallRules: [{2E2536E7-F64A-4D8C-9F30-F7FA1FB6DB63}] => (Allow) C:\Program Files (x86)\Microsoft\Skype for Desktop\Skype.exe (Skype Software Sarl -> Skype Technologies S.A.)
FirewallRules: [{9ADC632C-79F4-4CBD-92C9-311044F0790F}] => (Allow) C:\Program Files (x86)\Microsoft\Skype for Desktop\Skype.exe (Skype Software Sarl -> Skype Technologies S.A.)
FirewallRules: [{4D2FB71E-9496-4BD5-9387-6484BBA5E01C}] => (Block) C:\Program Files\Avast Software\Avast\AvastUI.exe (Avast Software s.r.o. -> AVAST Software)
FirewallRules: [{68BF5DAE-C16A-4CC4-853F-E58078034D70}] => (Block) C:\Program Files\Avast Software\Avast\AvastUI.exe (Avast Software s.r.o. -> AVAST Software)
FirewallRules: [{0886A637-1950-44B3-91FB-DF467CCA4A3F}] => (Allow) C:\Program Files\WindowsApps\Microsoft.SkypeApp_15.83.3409.0_x86__kzf8qxf38zg5c\Skype\Skype.exe (Skype Software Sarl -> Skype Technologies S.A.)
FirewallRules: [{19AE090F-7C19-485B-953C-DDB09EAAC7AA}] => (Allow) C:\Program Files\WindowsApps\Microsoft.SkypeApp_15.83.3409.0_x86__kzf8qxf38zg5c\Skype\Skype.exe (Skype Software Sarl -> Skype Technologies S.A.)
FirewallRules: [{F2D017A6-465D-47F1-B5B6-10C4266F1EB4}] => (Allow) C:\Program Files\WindowsApps\Microsoft.SkypeApp_15.83.3409.0_x86__kzf8qxf38zg5c\Skype\Skype.exe (Skype Software Sarl -> Skype Technologies S.A.)
FirewallRules: [{55C52732-D381-4D8E-A679-8FE3C86C4FF6}] => (Allow) C:\Program Files\WindowsApps\Microsoft.SkypeApp_15.83.3409.0_x86__kzf8qxf38zg5c\Skype\Skype.exe (Skype Software Sarl -> Skype Technologies S.A.)
FirewallRules: [{B51DED49-3FBD-441C-85C9-B8B8B2DA00B9}] => (Allow) C:\Program Files (x86)\Dropbox\Client\Dropbox.exe (Dropbox, Inc -> Dropbox, Inc.)
FirewallRules: [{C3AD20D5-4FAB-42A9-B82B-706EE9DD8558}] => (Allow) C:\Program Files (x86)\AVAST Software\Browser\Application\AvastBrowser.exe (Avast Software s.r.o. -> AVAST Software)
FirewallRules: [{63897619-5C76-4A6A-88CC-9BB7F73F4129}] => (Allow) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google LLC -> Google LLC)
==================== Restore Points =========================
18-05-2022 18:28:15 Scheduled Checkpoint
27-05-2022 17:51:47 Scheduled Checkpoint
==================== Faulty Device Manager Devices ============
==================== Event log errors: ========================
Application errors:
==================
Error: (06/01/2022 10:42:09 PM) (Source: Application Hang) (EventID: 1002) (User: )
Description: The program mbam.exe version 4.0.0.1302 stopped interacting with Windows and was closed. To see if more information about the problem is available, check the problem history in the Security and Maintenance control panel.
Process ID: 1238
Start Time: 01d875ffa35a09f4
Termination Time: 8777
Application Path: C:\Program Files\Malwarebytes\Anti-Malware\mbam.exe
Report Id: 205edced-06a1-4ffa-8582-8dbf0b949bb5
Faulting package full name:
Faulting package-relative application ID:
Hang type: Unknown
Error: (06/01/2022 10:18:38 PM) (Source: ESENT) (EventID: 447) (User: )
Description: svchost (4248,D,29) SRUJet: A bad page link (error -327) has been detected in a B-Tree (ObjectId: 40, PgnoRoot: 287) of database C:\WINDOWS\system32\SRU\SRUDB.dat (4438 => 5297, 5295).
Tag: BtNextBadPgnoNextOrBacklink
Fatal: 1
Error: (06/01/2022 10:17:50 PM) (Source: ESENT) (EventID: 467) (User: )
Description: svchost (4248,D,23) SRUJet: Database C:\WINDOWS\system32\SRU\SRUDB.dat: Index AutoIncIdIndex of table {7ACBBAA3-D029-4BE4-9A7A-0885927F1D8F} is corrupted (0).
Error: (06/01/2022 10:17:44 PM) (Source: ESENT) (EventID: 467) (User: )
Description: svchost (4248,D,23) SRUJet: Database C:\WINDOWS\system32\SRU\SRUDB.dat: Index AppIdIndex of table {B6D82AF1-F780-4E17-8077-6CB9AD8A6FC4} is corrupted (0).
Error: (06/01/2022 03:19:12 AM) (Source: ESENT) (EventID: 447) (User: )
Description: svchost (4248,D,29) SRUJet: A bad page link (error -327) has been detected in a B-Tree (ObjectId: 40, PgnoRoot: 287) of database C:\WINDOWS\system32\SRU\SRUDB.dat (4438 => 5297, 5295).
Tag: BtNextBadPgnoNextOrBacklink
Fatal: 1
Error: (06/01/2022 03:18:59 AM) (Source: ESENT) (EventID: 467) (User: )
Description: svchost (4248,D,23) SRUJet: Database C:\WINDOWS\system32\SRU\SRUDB.dat: Index AutoIncIdIndex of table {7ACBBAA3-D029-4BE4-9A7A-0885927F1D8F} is corrupted (0).
Error: (06/01/2022 03:18:59 AM) (Source: ESENT) (EventID: 467) (User: )
Description: svchost (4248,D,23) SRUJet: Database C:\WINDOWS\system32\SRU\SRUDB.dat: Index AppIdIndex of table {B6D82AF1-F780-4E17-8077-6CB9AD8A6FC4} is corrupted (0).
Error: (06/01/2022 12:07:02 AM) (Source: ESENT) (EventID: 447) (User: )
Description: svchost (4248,D,29) SRUJet: A bad page link (error -327) has been detected in a B-Tree (ObjectId: 40, PgnoRoot: 287) of database C:\WINDOWS\system32\SRU\SRUDB.dat (4438 => 5297, 5295).
Tag: BtNextBadPgnoNextOrBacklink
Fatal: 1
System errors:
=============
Error: (06/01/2022 10:27:06 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The Software Protection service failed to start due to the following error:
The service did not respond to the start or control request in a timely fashion.
Error: (06/01/2022 10:27:05 PM) (Source: Service Control Manager) (EventID: 7009) (User: )
Description: A timeout was reached (30000 milliseconds) while waiting for the Software Protection service to connect.
Error: (06/01/2022 10:17:30 PM) (Source: DCOM) (EventID: 10010) (User: LAPTOP-3VS60BL9)
Description: The server microsoft.windowscommunicationsapps_16005.14326.20970.0_x64__8wekyb3d8bbwe!microsoft.windowslive.calendar.AppXwkn9j84yh1kvnt49k5r8h6y1ecsv09hs.mca did not register with DCOM within the required timeout.
Error: (05/31/2022 09:14:56 PM) (Source: Service Control Manager) (EventID: 7022) (User: )
Description: The Storage Service service hung on starting.
Error: (05/31/2022 09:12:47 PM) (Source: Service Control Manager) (EventID: 7022) (User: )
Description: The System Guard Runtime Monitor Broker service hung on starting.
Error: (05/31/2022 09:10:30 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The HP Touchpoint Analytics service failed to start due to the following error:
The service did not respond to the start or control request in a timely fashion.
Error: (05/31/2022 09:10:30 PM) (Source: Service Control Manager) (EventID: 7009) (User: )
Description: A timeout was reached (30000 milliseconds) while waiting for the HP Touchpoint Analytics service to connect.
Error: (05/31/2022 09:05:09 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The LenovoVantageService service failed to start due to the following error:
The service did not respond to the start or control request in a timely fashion.
CodeIntegrity:
===============
Date: 2022-06-01 22:31:05
Description:
Code Integrity determined that a process (\Device\HarddiskVolume3\Windows\System32\svchost.exe) attempted to load \Device\HarddiskVolume3\Program Files\Avast Software\Avast\aswAMSI.dll that did not meet the Windows signing level requirements.
Date: 2022-06-01 22:18:50
Description:
Code Integrity determined that a process (\Device\HarddiskVolume3\Windows\System32\SIHClient.exe) attempted to load \Device\HarddiskVolume3\Program Files\Avast Software\Avast\aswAMSI.dll that did not meet the Windows signing level requirements.
==================== Memory info ===========================
BIOS: LENOVO CECN43WW 09/15/2015
Motherboard: LENOVO Allsparks 5B
Processor: AMD FX-8800P Radeon R7, 12 Compute Cores 4C+8G
Percentage of memory in use: 76%
Total physical RAM: 7127.18 MB
Available physical RAM: 1648.74 MB
Total Virtual: 14039.18 MB
Available Virtual: 6118.87 MB
==================== Drives ================================
Drive c: (Windows) (Fixed) (Total:885.92 GB) (Free:207.02 GB) (Model: WDC WD10SPCX-24HWST1) NTFS ==>[system with boot components (obtained from drive)]
Drive d: (LENOVO) (Fixed) (Total:25 GB) (Free:23.14 GB) (Model: WDC WD10SPCX-24HWST1) NTFS
\\?\Volume{fe75932f-00b7-47b2-a944-89a1e2c3e23e}\ () (Fixed) (Total:0.98 GB) (Free:0.48 GB) NTFS
\\?\Volume{0919af76-0e0f-4460-9657-7a2ecada3e3a}\ (LENOVO_PART) (Fixed) (Total:18.37 GB) (Free:6.39 GB) NTFS
\\?\Volume{1d2c27e8-96fa-4a45-ae0c-42bcf61cbb5b}\ (SYSTEM_DRV) (Fixed) (Total:0.25 GB) (Free:0.22 GB) FAT32
==================== MBR & Partition Table ====================
==========================================================
Disk: 0 (Size: 931.5 GB) (Disk ID: C57589EA)
Partition: GPT.
==================== End of Addition.txt =======================
-
June 2nd, 2022, 10:50 AM
#5
First log is incomplete. The upper part is missing.
-
June 2nd, 2022, 12:53 PM
#6
I will run them again as that was everything in the txt file.
-
June 2nd, 2022, 03:00 PM
#7
-
June 2nd, 2022, 03:58 PM
#8
FRST Part 1
Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 31-05-2022 01
Ran by molli (administrator) on LAPTOP-3VS60BL9 (LENOVO 80NY) (02-06-2022 17:52:23)
Running from C:\Users\molli\Desktop
Loaded Profiles: molli
Platform: Microsoft Windows 10 Home Version 21H2 19044.1706 (X64) Language: English (United States)
Default browser: Chrome
Boot Mode: Normal
==================== Processes (Whitelisted) =================
(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
(atiesrxx.exe ->) (Advanced Micro Devices, Inc. -> AMD) C:\Windows\System32\atieclxx.exe
(Avast Software s.r.o. -> AVAST Software) C:\Program Files (x86)\AVAST Software\Browser\Update\1.8.1065.0\AvastBrowserCrashHandler.exe
(Avast Software s.r.o. -> AVAST Software) C:\Program Files (x86)\AVAST Software\Browser\Update\1.8.1065.0\AvastBrowserCrashHandler64.exe
(Avast Software s.r.o. -> AVAST Software) C:\Program Files\Avast Software\Avast\AvastUI.exe <5>
(C:\Program Files (x86)\Lenovo\VantageService\3.12.13.0\LenovoVantageService.exe ->) (Lenovo -> Lenovo Group Ltd.) C:\Program Files (x86)\Lenovo\VantageService\3.12.13.0\LenovoVantage-(DeviceSettingsSystemAddin).exe
(C:\Program Files (x86)\Lenovo\VantageService\3.12.13.0\LenovoVantageService.exe ->) (Lenovo -> Lenovo Group Ltd.) C:\Program Files (x86)\Lenovo\VantageService\3.12.13.0\LenovoVantage-(LenovoBoostAddin).exe
(C:\Program Files (x86)\Lenovo\VantageService\3.12.13.0\LenovoVantageService.exe ->) (Lenovo -> Lenovo Group Ltd.) C:\Program Files (x86)\Lenovo\VantageService\3.12.13.0\LenovoVantage-(LenovoBoostSystemAddin).exe
(C:\Program Files (x86)\Lenovo\VantageService\3.12.13.0\LenovoVantageService.exe ->) (Lenovo -> Lenovo Group Ltd.) C:\Program Files (x86)\Lenovo\VantageService\3.12.13.0\LenovoVantage-(LenovoServiceBridgeAddin).exe
(C:\Program Files (x86)\Lenovo\VantageService\3.12.13.0\LenovoVantageService.exe ->) (Lenovo -> Lenovo Group Ltd.) C:\Program Files (x86)\Lenovo\VantageService\3.12.13.0\LenovoVantage-(SmartInteractAddin).exe
(C:\Program Files (x86)\Lenovo\VantageService\3.12.13.0\LenovoVantageService.exe ->) (Lenovo -> Lenovo Group Ltd.) C:\Program Files (x86)\Lenovo\VantageService\3.12.13.0\LenovoVantage-(VantageCoreAddin).exe
(C:\Program Files\Avast Software\Avast\AvastSvc.exe ->) (Avast Software s.r.o. -> AVAST Software) C:\Program Files\Avast Software\Avast\aswEngSrv.exe
(C:\Program Files\Elantech\ETDCtrl.exe ->) (ELAN Microelectronics Corporation -> ELAN Microelectronics Corp.) C:\Program Files\Elantech\ETDCtrlHelper.exe
(C:\Program Files\Elantech\ETDCtrl.exe ->) (ELAN Microelectronics Corporation -> ELAN Microelectronics Corp.) C:\Program Files\Elantech\ETDIntelligent.exe
(C:\Program Files\Elantech\ETDService.exe ->) (ELAN Microelectronics Corporation -> ELAN Microelectronics Corp.) C:\Program Files\Elantech\ETDCtrl.exe
(C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe ->) (Malwarebytes Inc. -> Malwarebytes) C:\Program Files\Malwarebytes\Anti-Malware\mbamtray.exe
(C:\Users\molli\AppData\Local\Programs\RingCentral\RingCentral.exe ->) (RingCentral, Inc. -> RingCentral) C:\Users\molli\AppData\Local\Programs\RingCentral\resources\win\bin\Meetings.exe <4>
(C:\Users\molli\AppData\Roaming\uTorrent\uTorrent.exe ->) (BitTorrent Inc -> BitTorrent Inc.) C:\Users\molli\AppData\Roaming\uTorrent\helper\helper.exe
(C:\Users\molli\AppData\Roaming\uTorrent\uTorrent.exe ->) (BitTorrent Inc -> BitTorrent Inc.) C:\Users\molli\AppData\Roaming\uTorrent\updates\3.5.5_46248\utorrentie.exe <2>
(C:\Windows\Lenovo\ImController\Service\Lenovo.Modern.ImController.exe ->) (Lenovo -> Lenovo Group Ltd.) C:\Windows\Lenovo\ImController\PluginHost\Lenovo.Modern.ImController.PluginHost.SettingsApp.exe <4>
(C:\Windows\Lenovo\ImController\Service\Lenovo.Modern.ImController.exe ->) (Lenovo -> Lenovo Group Ltd.) C:\Windows\Lenovo\ImController\PluginHost86\Lenovo.Modern.ImController.PluginHost.Device.exe
(Dropbox, Inc -> Dropbox, Inc.) C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe
(explorer.exe ->) (BitTorrent Inc -> BitTorrent Inc.) C:\Users\molli\AppData\Roaming\uTorrent\uTorrent.exe
(explorer.exe ->) (Google LLC -> Google LLC) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe <15>
(explorer.exe ->) (HP Inc -> HP Inc.) C:\Program Files\HP\HP OfficeJet 8010 series\Bin\ScanToPCActivationApp.exe
(explorer.exe ->) (Parallels International GmbH -> Parallels International GmbH.) C:\Program Files\Parallels\Client\APPServerClient.exe
(LENOVO -> Lenovo) C:\Program Files\Lenovo\Lenovo Solution Center\LSCNotify.exe
(RingCentral, Inc. -> RingCentral) C:\Users\molli\AppData\Local\Programs\RingCentral\RingCentral.exe <6>
(services.exe ->) (Adobe Inc. -> Adobe Inc.) C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
(services.exe ->) (Advanced Micro Devices, Inc. -> AMD) C:\Windows\System32\atiesrxx.exe
(services.exe ->) (Avast Software s.r.o. -> AVAST Software) C:\Program Files\Avast Software\Avast\aswidsagent.exe
(services.exe ->) (Avast Software s.r.o. -> AVAST Software) C:\Program Files\Avast Software\Avast\aswToolsSvc.exe
(services.exe ->) (Avast Software s.r.o. -> AVAST Software) C:\Program Files\Avast Software\Avast\AvastSvc.exe
(services.exe ->) (Avast Software s.r.o. -> AVAST Software) C:\Program Files\Avast Software\Avast\wsc_proxy.exe
(services.exe ->) (Dolby Laboratories, Inc. -> Dolby Laboratories, Inc.) C:\Program Files\Dolby\Dolby DAX2\DAX2_API\DolbyDAX2API.exe
(services.exe ->) (Dropbox, Inc -> Dropbox, Inc.) C:\Windows\System32\DbxSvc.exe
(services.exe ->) (ELAN Microelectronics Corporation -> ELAN Microelectronics Corp.) C:\Program Files\Elantech\ETDService.exe
(services.exe ->) (HP Inc. -> HP Inc.) C:\Program Files (x86)\Hewlett-Packard\HP Support Solutions\HPSupportSolutionsFrameworkService.exe
(services.exe ->) (HP Inc. -> HP Inc.) C:\Program Files\HPPrintScanDoctor\HPPrintScanDoctorService.exe
(services.exe ->) (Lenovo -> Lenovo Group Ltd.) C:\Program Files (x86)\Lenovo\VantageService\3.12.13.0\LenovoVantageService.exe
(services.exe ->) (Lenovo -> Lenovo Group Ltd.) C:\Windows\Lenovo\ImController\Service\Lenovo.Modern.ImController.exe
(services.exe ->) (Malwarebytes Inc. -> Malwarebytes) C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe
(services.exe ->) (Microsoft Corporation -> Microsoft Corporation) C:\Program Files\Microsoft Office 15\ClientX64\officeclicktorun.exe
(services.exe ->) (Microsoft Windows Hardware Compatibility Publisher -> Realtek Semiconductor Corp.) C:\Windows\RtkBtManServ.exe
(services.exe ->) (Microsoft Windows Publisher -> Microsoft Corporation) C:\Windows\SysWOW64\svchost.exe <2>
(services.exe ->) (Parallels International GmbH -> Parallels International GmbH.) C:\Program Files\Parallels\Client\x86\TuxWinClientService.exe
(services.exe ->) (TeamViewer Germany GmbH -> TeamViewer Germany GmbH) C:\Program Files\TeamViewer\TeamViewer_Service.exe
(sihost.exe ->) (Microsoft Corporation) C:\Program Files\WindowsApps\Microsoft.MSPaint_6.2203.1037.0_x64__8wekyb3d8bbwe\PaintStudio.View.exe
(svchost.exe ->) (HP Inc. -> HP Inc.) C:\Program Files\HP\HP OfficeJet 8010 series\Bin\HPNetworkCommunicatorCom.exe
(svchost.exe ->) (Microsoft Windows -> Microsoft Corporation) C:\Windows\ImmersiveControlPanel\SystemSettings.exe
(svchost.exe ->) (Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\dllhost.exe
(svchost.exe ->) (Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\smartscreen.exe
==================== Registry (Whitelisted) ===================
(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
HKLM\...\Run: [RTHDVCPL] => C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [18374632 2017-05-18] (Realtek Semiconductor Corp. -> Realtek Semiconductor)
HKLM\...\Run: [RtHDVBg_Dolby] => C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe [1488360 2017-05-18] (Realtek Semiconductor Corp. -> Realtek Semiconductor)
HKLM\...\Run: [RtHDVBg_LENOVO_DOLBYDRAGON] => C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe [1488360 2017-05-18] (Realtek Semiconductor Corp. -> Realtek Semiconductor)
HKLM\...\Run: [RtHDVBg_LENOVO_MICPKEY] => C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe [1488360 2017-05-18] (Realtek Semiconductor Corp. -> Realtek Semiconductor)
HKLM\...\Run: [LenovoUtility] => C:\Program Files\Lenovo\LenovoUtility\utility.exe [791848 2015-11-28] (LENOVO -> )
HKLM\...\Run: [BtServer] => C:\Program Files (x86)\REALTEK\Realtek Bluetooth\BTServer.exe [230104 2015-07-11] (Realtek Semiconductor Corp -> Realtek Semiconductor Corporation)
HKLM\...\Run: [DAX2_APP] => C:\Program Files\Dolby\Dolby DAX2\DAX2_APP\DolbyDAX2TrayIcon.exe [628736 2015-06-16] () [File not signed]
HKLM\...\Run: [AvastUI.exe] => C:\Program Files\Avast Software\Avast\AvLaunch.exe [212816 2022-05-16] (Avast Software s.r.o. -> AVAST Software)
HKLM-x32\...\Run: [CLMLServer_For_P2G8] => C:\Program Files (x86)\Lenovo\Power2Go\CLMLSvc_P2G8.exe [110008 2015-07-21] (CyberLink Corp. -> CyberLink)
HKLM-x32\...\Run: [CLVirtualDrive] => C:\Program Files (x86)\Lenovo\Power2Go\VirtualDrive.exe [492472 2015-07-21] (CyberLink Corp. -> CyberLink Corp.)
HKLM-x32\...\Run: [HP Software Update] => C:\Program Files (x86)\HP\HP Software Update\HPWuSchd2.exe [96056 2013-05-30] (Hewlett-Packard Company -> Hewlett-Packard)
HKLM-x32\...\Run: [Dropbox] => C:\Program Files (x86)\Dropbox\Client\Dropbox.exe [10586448 2022-05-21] (Dropbox, Inc -> Dropbox, Inc.)
HKLM-x32\...\Run: [WDDiscovery] => C:\Program Files (x86)\Western Digital\Discovery\Current\WD Discovery.exe [81359872 2021-07-31] (Western Digital Corporation) [File not signed]
HKU\S-1-5-21-3805500227-4192919812-1505005631-1002\...\Run: [BlueCoreInterfaceTrayApp] => C:\Program Files (x86)\Cardo Updater\CardoUpdater.exe [853912 2016-12-11] (Cardo Systems Inc -> )
HKU\S-1-5-21-3805500227-4192919812-1505005631-1002\...\Run: [Skype for Desktop] => C:\Program Files (x86)\Microsoft\Skype for Desktop\Skype.exe [116060056 2022-04-12] (Skype Software Sarl -> Skype Technologies S.A.)
HKU\S-1-5-21-3805500227-4192919812-1505005631-1002\...\Run: [HP OfficeJet 8010 series (NET)] => C:\Program Files\HP\HP OfficeJet 8010 series\Bin\ScanToPCActivationApp.exe [4075072 2021-03-29] (HP Inc -> HP Inc.)
HKU\S-1-5-21-3805500227-4192919812-1505005631-1002\...\Run: [ut] => C:\Users\molli\AppData\Roaming\uTorrent\uTorrent.exe [2103968 2022-04-13] (BitTorrent Inc -> BitTorrent Inc.)
HKU\S-1-5-21-3805500227-4192919812-1505005631-1002\...\MountPoints2: {5d469f1f-db53-11ec-9e1f-507b9d76ffe2} - "E:\HiSuiteDownLoader.exe"
HKU\S-1-5-21-3805500227-4192919812-1505005631-1002\...\MountPoints2: {76246a4f-d02f-11eb-9dc7-507b9d76ffe2} - "E:\HiSuiteDownLoader.exe"
HKU\S-1-5-21-3805500227-4192919812-1505005631-1002\...\MountPoints2: {9d8973b1-8551-11ec-9df5-507b9d76ffe2} - "E:\HiSuiteDownLoader.exe"
HKU\S-1-5-21-3805500227-4192919812-1505005631-1002\...\MountPoints2: {c3ef43ca-d505-11eb-9dc7-507b9d76ffe2} - "E:\HiSuiteDownLoader.exe"
HKU\S-1-5-21-3805500227-4192919812-1505005631-1002\...\MountPoints2: {e5cc98c8-0dc0-11ec-9dd3-507b9d76ffe2} - "E:\HiSuiteDownLoader.exe"
HKLM\...\Windows x64\Print Processors\hpzppw71: C:\Windows\System32\spool\prtprocs\x64\hpzppw71.dll [230400 2009-07-14] (Microsoft Windows -> Hewlett-Packard Corporation)
HKLM\...\Print\Monitors\CutePDF Writer Monitor: C:\WINDOWS\system32\cpwmon64.dll [89008 2016-01-22] (Acro Software Inc. -> )
HKLM\...\Print\Monitors\PCL hpz3lw71: C:\WINDOWS\system32\hpz3lw71.dll [46080 2009-07-14] (Microsoft Windows -> Hewlett-Packard Corporation)
HKLM\Software\Microsoft\Active Setup\Installed Components: [{8A69D345-D564-463c-AFF1-A69D9E530F96}] -> C:\Program Files (x86)\Google\Chrome\Application\102.0.5005.63\Installer\chrmstp.exe [2022-05-31] (Google LLC -> Google LLC)
HKLM\Software\Microsoft\Active Setup\Installed Components: [{A8504530-742B-42BC-895D-2BAD6406F698}] -> C:\Program Files (x86)\AVAST Software\Browser\Application\101.0.16440.68\Installer\chrmstp.exe [2022-05-26] (Avast Software s.r.o. -> AVAST Software)
HKLM\Software\...\Authentication\Credential Providers: [{985546C2-9C8D-4EE6-A4FA-D8C004ED9EC0}] -> SCardWrapCredProv.dll
Startup: C:\Users\molli\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Parallels Client.lnk [2022-05-31]
ShortcutTarget: Parallels Client.lnk -> C:\Program Files\Parallels\Client\APPServerClient.exe (Parallels International GmbH -> Parallels International GmbH.)
Startup: C:\Users\molli\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\RingCentral.lnk [2022-04-22]
ShortcutTarget: RingCentral.lnk -> C:\Users\molli\AppData\Local\Programs\RingCentral\RingCentral.exe (RingCentral, Inc. -> RingCentral)
HKLM\SOFTWARE\Policies\Mozilla\Firefox: Restriction <==== ATTENTION
==================== Scheduled Tasks (Whitelisted) ============
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
Task: {02DD17FC-F0C8-4491-B2D0-45D62C726524} - System32\Tasks\Hewlett-Packard\HP Support Assistant\WarrantyChecker_TH0AL3P1FG => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPWarrantyCheck\HPWarrantyChecker.exe [1136984 2020-09-17] (HP Inc. -> HP Inc.)
Task: {09147153-2BD2-4C9A-AC43-3BBB9E22B7F7} - System32\Tasks\Lenovo\ImController\TimeBasedEvents\2b6b756a-3867-45c2-a507-feec45f440b3 => C:\WINDOWS\Lenovo\ImController\Service\Lenovo.Modern.ImController.exe [84240 2022-01-28] (Lenovo -> Lenovo Group Ltd.)
Task: {10DE4B3A-E667-434E-B5EA-228698F17C98} - System32\Tasks\Lenovo\REACHit Agent Startup => C:\Program Files (x86)\Lenovo\REACHit\REACHitAgent.exe [676176 2016-05-18] (LENOVO -> Lenovo)
Task: {22F70DE8-F69F-484F-AE63-E602B0146EFF} - System32\Tasks\Lenovo\Experience Improvement => C:\Program Files\Lenovo\ExperienceImprovement\LenovoExperienceImprovement.exe [287688 2016-03-30] (LENOVO -> Lenovo)
Task: {2B911569-A66E-4DFA-A151-27E7F3FD733D} - System32\Tasks\GoogleUpdateTaskMachineCore1d602e9b9647972 => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [154440 2016-03-31] (Google Inc -> Google Inc.)
Task: {32914283-B6C7-4535-8188-8D00D6708152} - System32\Tasks\Lenovo\ImController\Lenovo iM Controller Scheduled Maintenance => %windir%\system32\sc.exe START ImControllerService
Task: {346E8652-D6CA-4880-A401-9CC81D821DDB} - System32\Tasks\Microsoft\Office\OfficeTelemetryAgentLogOn => C:\Program Files\Microsoft Office 15\root\Office15\msoia.exe [286088 2020-05-12] (Microsoft Corporation -> Microsoft Corporation)
Task: {45C9D3D2-5170-4525-ADB9-C9E92AD9C9EA} - System32\Tasks\Avast Secure Browser Heartbeat Task (Hourly) => C:\Program Files (x86)\AVAST Software\Browser\Application\AvastBrowser.exe [2717768 2022-05-13] (Avast Software s.r.o. -> AVAST Software)
Task: {4B0472A9-C152-40BE-A3A2-800E757256C7} - System32\Tasks\TVT\TVSUUpdateTask_UserLogOn => C:\Program Files (x86)\Lenovo\System Update\tvsuShim.exe [1897824 2022-03-09] (Lenovo -> )
Task: {50EF0B55-9E9B-46D6-A1D6-36F7443FB46E} - System32\Tasks\UMonitor Task => C:\WINDOWS\SysWOW64\UMonit64.exe [62560 2015-08-29] (Microsoft Windows Hardware Compatibility Publisher -> )
Task: {543E4E37-84FB-4B80-AF58-4B8D55D643D8} - System32\Tasks\Hewlett-Packard\HP Support Assistant\HP Support Assistant Quick Start => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSF.exe [1506648 2020-08-20] (HP Inc. -> HP Inc.)
Task: {548EC764-BFC0-4EBD-AD1D-6BBD62AF1838} - System32\Tasks\Lenovo\Vantage\Schedule\DailyTelemetryTransmission => C:\Program Files (x86)\Lenovo\VantageService\3.12.13.0\ScheduleEventAction.exe [26384 2022-03-20] (Lenovo -> Lenovo Group Ltd.)
Task: {57E90D42-DBC1-47D5-8AA4-285B90849D3B} - System32\Tasks\Microsoft\Office\Office ClickToRun Service Monitor => C:\Program Files\Microsoft Office 15\ClientX64\OfficeC2RClient.exe [972184 2021-03-17] (Microsoft Corporation -> Microsoft Corporation)
Task: {595F2C3C-CE63-4108-B390-7FE6121EDE9C} - System32\Tasks\Lenovo\ImController\TimeBasedEvents\7631dd97-7868-4b52-8539-e27a7c3699ea => C:\WINDOWS\Lenovo\ImController\Service\Lenovo.Modern.ImController.exe [84240 2022-01-28] (Lenovo -> Lenovo Group Ltd.)
Task: {5ABB794C-14BA-45C3-8F85-8FBD84DD64B5} - System32\Tasks\Lenovo\Vantage\Schedule\VantageTelemetryAddinTask => C:\Program Files (x86)\Lenovo\VantageService\3.6.15.0\ScheduleEventAction.exe VantageTelemetryAddinTask (No File)
Task: {5F01B491-8934-475E-8BD9-E4E9846A7187} - System32\Tasks\Avast Software\Overseer => C:\Program Files\Common Files\Avast Software\Overseer\overseer.exe [2250576 2022-05-24] (Avast Software s.r.o. -> Avast Software)
Task: {6BE3E2F3-36F9-473D-9F2B-DD78282F3B00} - System32\Tasks\Lenovo\ImController\TimeBasedEvents\12065564-8fef-487f-9ca6-e2c93ac6ee3a => C:\WINDOWS\Lenovo\ImController\Service\Lenovo.Modern.ImController.exe [84240 2022-01-28] (Lenovo -> Lenovo Group Ltd.)
Task: {6DB73BB3-2A8E-4827-91F4-A28523AB288A} - System32\Tasks\Hewlett-Packard\HP Support Assistant\HP Support Solutions Framework Updater => C:\Program Files (x86)\Hewlett-Packard\HP Support Solutions\Modules\HPSSFUpdater.exe [930960 2022-05-11] (HP Inc. -> HP Inc.)
Task: {6EDD5101-3F5A-4A39-8922-52917FED8BFC} - System32\Tasks\Lenovo\Lenovo Service Bridge\S-1-5-21-3805500227-4192919812-1505005631-1002 => C:\Users\molli\AppData\Local\Programs\Lenovo\Lenovo Service Bridge\LSBUpdater.exe [122344 2019-04-04] (Lenovo (Beijing) Limited -> Lenovo Group Limited)
Task: {701B9749-3974-4F68-A006-AE597F3C72C3} - System32\Tasks\Hewlett-Packard\HP Support Assistant\HP Support Solutions Framework Report => C:\Program Files (x86)\Hewlett-Packard\HP Support Solutions\Modules\HPSFReport.exe [136304 2021-03-30] (HP Inc. -> HP Inc.)
Task: {71280683-330D-4B63-9359-2F27C6EE4813} - System32\Tasks\Hewlett-Packard\HP Support Assistant\PC Health Analysis => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSF.exe [1506648 2020-08-20] (HP Inc. -> HP Inc.)
Task: {73EF4189-26C6-4149-809A-5660C9F963BC} - System32\Tasks\DropboxUpdateTaskMachineUA => C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe [130320 2021-11-12] (Dropbox, Inc -> Dropbox, Inc.)
Task: {748496A6-02BB-4C59-8249-ABB80BFF7AAE} - System32\Tasks\Lenovo\Vantage\Schedule\GenericMessagingAddin => C:\Program Files (x86)\Lenovo\VantageService\3.12.13.0\ScheduleEventAction.exe [26384 2022-03-20] (Lenovo -> Lenovo Group Ltd.)
Task: {76025D61-D042-430E-8020-027EB9BFF6D9} - System32\Tasks\WD Device Agent Task molli => C:\Program Files (x86)\Western Digital\Discovery\Current\WD Device Agent.exe [720432 2021-07-31] (Western Digital Technologies, Inc. -> Western Digital Technologies, Inc.)
Task: {7E917DB0-9CDC-4FB7-ADF4-7DB6F9856FDD} - System32\Tasks\Lenovo\BatteryGauge\BatteryGaugeMaintenance => C:\ProgramData\Lenovo\ImController\Plugins\LenovoBatteryGaugePackage\x64\BGHelper.exe [145480 2021-09-09] (Lenovo -> Lenovo Group Ltd.)
Task: {80184825-2BFE-4A17-BE04-E446B10626B0} - System32\Tasks\AvastUpdateTaskMachineCore => C:\Program Files (x86)\AVAST Software\Browser\Update\AvastBrowserUpdate.exe [194200 2020-10-11] (Avast Software s.r.o. -> AVAST Software)
Task: {89A42FFD-2F6F-4B1B-A725-FCA776BE39B4} - System32\Tasks\Hewlett-Packard\HP Support Assistant\Product Configurator => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\ProductConfig.exe [327256 2022-02-09] (HP Inc. -> HP Inc.)
Task: {8BCAAF8E-F73C-4C9B-BD8D-0B6B9026F023} - System32\Tasks\StartDVR => C:\Program Files\AMD\CNext\CNext\dvrcmd.exe (No File)
Task: {8C2A3648-2F5F-468F-B210-A6AA6726F929} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [154440 2016-03-31] (Google Inc -> Google Inc.)
Task: {949D0EBD-B7F3-42A3-B933-A9553FEC2BAC} - System32\Tasks\AvastUpdateTaskMachineUA => C:\Program Files (x86)\AVAST Software\Browser\Update\AvastBrowserUpdate.exe [194200 2020-10-11] (Avast Software s.r.o. -> AVAST Software)
Task: {953C7F48-81F5-4185-A1AF-A936F660619B} - System32\Tasks\StartCN => C:\Program Files\AMD\CNext\CNext\cncmd.exe [52104 2017-03-21] (Advanced Micro Devices, Inc. -> Advanced Micro Devices, Inc.)
Task: {96233069-34F9-4F33-98B7-6F87E6DB712E} - System32\Tasks\Lenovo\REACHit Agent Update => C:\Program Files (x86)\Lenovo\REACHit\REACHitAgent.exe [676176 2016-05-18] (LENOVO -> Lenovo)
Task: {987F8A50-3A9F-4F7C-8D8F-B2B5593359D8} - System32\Tasks\CreateExplorerShellUnelevatedTask => C:\WINDOWS\explorer.exe /NoUACCheck
Task: {992E5FD9-BD72-41B0-A82C-50E9CA2812E6} - System32\Tasks\HPCustParticipation HP OfficeJet 8010 series => C:\Program Files\HP\HP OfficeJet 8010 series\Bin\HPCustPartic.exe [6721184 2021-11-18] (HP Inc. -> HP Inc.)
Task: {9A4F5C1C-787F-472D-9A54-99C7F495264C} - System32\Tasks\Hewlett-Packard\HP Support Assistant\WarrantyChecker_DeviceScan => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPWarrantyCheck\HPWarrantyChecker.exe [1136984 2020-09-17] (HP Inc. -> HP Inc.)
Task: {9C13AFE4-1664-43B5-B23E-122B46747114} - System32\Tasks\Lenovo\ImController\TimeBasedEvents\5e53d492-c689-4eaf-8ebb-a44d1fbea162 => C:\WINDOWS\Lenovo\ImController\Service\Lenovo.Modern.ImController.exe [84240 2022-01-28] (Lenovo -> Lenovo Group Ltd.)
Task: {9D520ADD-330E-403F-9988-942F97CC9872} - System32\Tasks\Lenovo\LSC\Lenovo Solution Center Notifications => C:\Program Files\Lenovo\Lenovo Solution Center\LSCNotify.exe [1321296 2016-06-02] (LENOVO -> Lenovo)
Task: {A5759B49-C9AA-420B-A5BD-2ACD14247B51} - System32\Tasks\Microsoft\Office\OfficeTelemetryAgentFallBack => C:\Program Files\Microsoft Office 15\root\Office15\msoia.exe [286088 2020-05-12] (Microsoft Corporation -> Microsoft Corporation)
Task: {A88C97F6-BB13-4E0E-BA7F-24C68515C7A5} - System32\Tasks\Lenovo\Vantage\Schedule\LenovoSystemUpdateAddin_WeeklyTask => C:\Program Files (x86)\Lenovo\VantageService\3.12.13.0\ScheduleEventAction.exe [26384 2022-03-20] (Lenovo -> Lenovo Group Ltd.)
Task: {B0E7ED42-E7D0-4802-BAF0-E5AFC61728A8} - System32\Tasks\Adobe Acrobat Update Task => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [1564424 2021-11-18] (Adobe Inc. -> Adobe Inc.)
Task: {B36B7D14-0AAF-40B3-882E-EC96A429844C} - System32\Tasks\Microsoft\Windows\PLA\LSC Memory => C:\Windows\system32\rundll32.exe C:\Windows\system32\pla.dll,PlaHost "LSC Memory" "$(Arg0)"
Task: {B8045498-B5D0-46BA-9C3E-78BF62972088} - System32\Tasks\Microsoft\Office\Office Automatic Updates => C:\Program Files\Microsoft Office 15\ClientX64\OfficeC2RClient.exe [972184 2021-03-17] (Microsoft Corporation -> Microsoft Corporation)
Task: {BA450CB0-D2FA-4092-9813-BEC7336F8B7A} - System32\Tasks\Lenovo\ImController\TimeBasedEvents\834ecaf4-65d8-42c6-8b3a-691d62177f32 => C:\WINDOWS\Lenovo\ImController\Service\Lenovo.Modern.ImController.exe [84240 2022-01-28] (Lenovo -> Lenovo Group Ltd.)
Task: {BA61D100-8CCF-4980-8B72-4F7F41B23C67} - System32\Tasks\CyberLink\Photo Master Gadget startup => C:\Program Files (x86)\Lenovo\Lenovo Photo Master\PhotoMasterWorker.exe [745240 2016-09-22] (CyberLink Corp. -> CyberLink Corp.)
Task: {BB09B081-3E05-4904-A173-08C2D7C85431} - System32\Tasks\WD Discovery Service Task molli => C:\Program Files (x86)\Western Digital\Discovery\Current\Service\WDDiscoveryService.exe [58880 2021-07-31] () [File not signed]
Task: {BEF4DB56-9439-43F8-8C9C-C6F9315E58A9} - System32\Tasks\Lenovo\ImController\Plugins\LenovoSystemUpdatePlugin_WeeklyTask => %windir%\System32\reg.exe add hklm\SOFTWARE\Lenovo\SystemUpdatePlugin\scheduler /v start /t reg_dword /d 1 /f /reg:32
Task: {C6F2710D-E818-496B-8338-97AB3BF229CF} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [154440 2016-03-31] (Google Inc -> Google Inc.)
Task: {C8388F3A-C2B4-4CB2-9F4A-0778109ECF4E} - System32\Tasks\Hewlett-Packard\HP Support Assistant\HP Support Solutions Framework Updater - resources updates => C:\Program Files (x86)\Hewlett-Packard\HP Support Solutions\Modules\HPSSFUpdater.exe [930960 2022-05-11] (HP Inc. -> HP Inc.)
Task: {CE64F059-0402-4941-846D-085CC3309FAB} - System32\Tasks\Lenovo\Lenovo Customer Feedback Program 64 => C:\Program Files (x86)\Lenovo\Customer Feedback Program\Lenovo.TVT.CustomerFeedback.Agent.exe [16832 2015-07-08] (LENOVO -> Lenovo)
Task: {D322E16D-87D1-40BB-9157-D96A73D7877E} - System32\Tasks\Lenovo\ImController\Lenovo iM Controller Monitor => C:\WINDOWS\system32\ImController.InfInstaller.exe [64256 2022-01-28] (Lenovo -> Lenovo Group Ltd.)
Task: {D5F26B4D-C936-4EF1-B58B-486064D0605C} - System32\Tasks\Lenovo\Vantage\Lenovo.Vantage.ServiceMaintainance => %systemroot%\system32\sc.exe start LenovoVantageService
Task: {D9E857E0-7A73-4715-8670-888C056FBF2B} - System32\Tasks\Avast Emergency Update => C:\Program Files\Avast Software\Avast\AvEmUpdate.exe [4925264 2022-05-16] (Avast Software s.r.o. -> AVAST Software)
Task: {DA2B9286-BBF1-4F1F-8093-BFF79841E8E6} - System32\Tasks\Hewlett-Packard\HP Support Assistant\HP Support Solutions Framework Updater - Resources => C:\Program Files (x86)\Hewlett-Packard\HP Support Solutions\Modules\HPSSFUpdater.exe [930960 2022-05-11] (HP Inc. -> HP Inc.)
Task: {DC64D404-0AE3-465C-B961-2B60FDA79A29} - System32\Tasks\Hewlett-Packard\HP Active Health\HP Active Health Scan (HPSA) => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPActiveHealth\ActiveHealth.exe [25128 2017-11-25] (HP Inc. -> )
Task: {E8C80844-8C86-4CD1-A122-C43C07AC5C73} - System32\Tasks\Lenovo\Lenovo Solution Center Launcher => C:\Program Files\lenovo\lenovo solution center\App\LSC.Services.UpdateStatusService.exe [263504 2016-06-02] (LENOVO -> )
Task: {F056B9E3-8802-41E7-83C2-27AE79F98F85} - System32\Tasks\PDVDServ12 Task => C:\Program Files (x86)\Lenovo\PowerDVD12\PDVD12Serv.exe [85432 2015-08-05] (CyberLink Corp. -> CyberLink Corp.)
Task: {F6722126-3039-4BE0-A61C-35002D6B7530} - System32\Tasks\DropboxUpdateTaskMachineCore => C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe [130320 2021-11-12] (Dropbox, Inc -> Dropbox, Inc.)
Task: {F894F18F-83FA-4F02-9A38-4D090090D257} - System32\Tasks\TVT\TVSUUpdateTask => C:\Program Files (x86)\Lenovo\System Update\tvsuShim.exe [1897824 2022-03-09] (Lenovo -> )
Task: {FABEB7FD-365A-4F41-8804-25A91DC67F5C} - System32\Tasks\AVG EUpdate Task => avgsetupx.exe /eu (No File)
Task: {FE8B8E46-0ADF-4775-8A04-871F3020782D} - System32\Tasks\Avast Secure Browser Heartbeat Task (Logon) => C:\Program Files (x86)\AVAST Software\Browser\Application\AvastBrowser.exe [2717768 2022-05-13] (Avast Software s.r.o. -> AVAST Software)
(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)
Task: C:\WINDOWS\Tasks\DropboxUpdateTaskMachineCore.job => C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe
Task: C:\WINDOWS\Tasks\DropboxUpdateTaskMachineUA.job => C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe
-
June 2nd, 2022, 03:58 PM
#9
FRST part 2
==================== Internet (Whitelisted) ====================
(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
Tcpip\Parameters: [DhcpNameServer] 89.101.160.5 89.101.160.4
Tcpip\..\Interfaces\{99dd8d5b-380b-4ad1-a687-a87487ff059a}: [DhcpNameServer] 192.168.42.129
Tcpip\..\Interfaces\{b46db2f2-e42d-4142-8786-937e4b1aa7e3}: [DhcpNameServer] 89.101.160.5 89.101.160.4
Tcpip\..\Interfaces\{c2c54ad8-35c7-4fee-9257-97ec8045a3b7}: [DhcpNameServer] 89.101.160.5 89.101.160.4
Edge:
=======
Edge Extension: (No Name) -> AutoFormFill_5ED10D46BD7E47DEB1F3685D2C0FCE08 => C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\Assets\HostExtensions\AutoFormFill [not found]
Edge Extension: (No Name) -> BookReader_B171F20233094AC88D05A8EF7B9763E8 => C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\Assets\BookViewer [not found]
Edge Extension: (No Name) -> LearningTools_7706F933-971C-41D1-9899-8A026EB5D824 => C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\Assets\HostExtensions\LearningTools [not found]
Edge Extension: (No Name) -> PinJSAPI_EC01B57063BE468FAB6DB7EBFC3BF368 => C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\Assets\HostExtensions\PinJSAPI [not found]
Edge Profile: C:\Users\molli\AppData\Local\Microsoft\Edge\User Data\Default [2021-07-26]
Edge HKLM-x32\...\Edge\Extension: [ihcjicgdanjaechkgeegckofjjedodee]
FireFox:
========
FF DefaultProfile: dg32le2u.default
FF ProfilePath: C:\Users\molli\AppData\Roaming\Mozilla\Firefox\Profiles\dg32le2u.default [2020-10-11]
FF Homepage: Mozilla\Firefox\Profiles\dg32le2u.default -> hxxps://www.google.com/
FF NewTab: Mozilla\Firefox\Profiles\dg32le2u.default -> hxxp://securedsearch.lavasoft.com/?pr=vmn&id=webcompa&ent=hp_WCYID10440__180520
FF Plugin: @videolan.org/vlc,version=3.0.13 -> C:\Program Files\VideoLAN\VLC\npvlc.dll [2021-05-03] (VideoLAN -> VideoLAN)
FF Plugin: Adobe Acrobat -> C:\Program Files\Adobe\Acrobat DC\Acrobat\Air\nppdf32.dll [2022-04-07] (Adobe Inc. -> Adobe Systems Inc.)
FF Plugin-x32: @microsoft.com/Lync,version=15.0 -> C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX86\Mozilla Firefox\plugins\npmeetingjoinpluginoc.dll [2016-12-20] (Microsoft Corporation -> Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\Program Files\Microsoft Office 15\root\Office15\NPSPWRAP.DLL [2016-12-20] (Microsoft Corporation -> Microsoft Corporation)
FF Plugin-x32: @update.avastbrowser.com/Avast Browser;version=3 -> C:\Program Files (x86)\AVAST Software\Browser\Update\1.8.1065.0\npAvastBrowserUpdate3.dll [2020-10-11] (Avast Software s.r.o. -> AVAST Software)
FF Plugin-x32: @update.avastbrowser.com/Avast Browser;version=9 -> C:\Program Files (x86)\AVAST Software\Browser\Update\1.8.1065.0\npAvastBrowserUpdate3.dll [2020-10-11] (Avast Software s.r.o. -> AVAST Software)
Chrome:
=======
CHR DefaultProfile: Profile 1
CHR Profile: C:\Users\molli\AppData\Local\Google\Chrome\User Data\Default [2021-04-10]
CHR HomePage: Default -> hxxps://www.yahoo.com/
CHR StartupUrls: Default -> "hxxps://www.yahoo.com/"
CHR Profile: C:\Users\molli\AppData\Local\Google\Chrome\User Data\Profile 1 [2022-06-02]
CHR Notifications: Profile 1 -> hxxps://bringatrailer.com; hxxps://cricfree.sc; hxxps://football.fantasysports.yahoo.com; hxxps://www.dailymail.co.uk; hxxps://www.facebook.com; hxxps://www.yahoo.com
CHR HomePage: Profile 1 -> hxxps://www.yahoo.com/
CHR StartupUrls: Profile 1 -> "hxxps://www.yahoo.com/"
CHR Extension: (Safe Torrent Scanner) - C:\Users\molli\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\aegnopegbbhjeeiganiajffnalhlkkjb [2022-04-13]
CHR Extension: (Adblock Plus - free ad blocker) - C:\Users\molli\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\cfhdojbkjhnklbpkdaibdccddilifddb [2022-05-31]
CHR Extension: (ZenMate Free VPN–Best VPN for Chrome) - C:\Users\molli\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\fdcgdnkidjaadafnichfpabhfomcebme [2022-04-07]
CHR Extension: (Malwarebytes Browser Guard) - C:\Users\molli\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\ihcjicgdanjaechkgeegckofjjedodee [2022-05-26]
CHR Extension: (Chrome Web Store Payments) - C:\Users\molli\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2021-01-30]
CHR Profile: C:\Users\molli\AppData\Local\Google\Chrome\User Data\System Profile [2018-09-29]
CHR HKU\S-1-5-21-3805500227-4192919812-1505005631-1002\SOFTWARE\Google\Chrome\Extensions\...\Chrome\Extension: [dhdgffkkebhmkfjojejmpbldmpobfkfo]
CHR HKLM-x32\...\Chrome\Extension: [aegnopegbbhjeeiganiajffnalhlkkjb]
CHR HKLM-x32\...\Chrome\Extension: [efaidnbmnnnibpcajpcglclefindmkaj]
CHR HKLM-x32\...\Chrome\Extension: [ihcjicgdanjaechkgeegckofjjedodee]
==================== Services (Whitelisted) ===================
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
R2 AdobeARMservice; C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe [169728 2021-11-18] (Adobe Inc. -> Adobe Inc.)
R3 aswbIDSAgent; C:\Program Files\Avast Software\Avast\aswidsagent.exe [8434824 2022-05-16] (Avast Software s.r.o. -> AVAST Software)
S2 avast; C:\Program Files (x86)\AVAST Software\Browser\Update\AvastBrowserUpdate.exe [194200 2020-10-11] (Avast Software s.r.o. -> AVAST Software)
R2 avast! Antivirus; C:\Program Files\Avast Software\Avast\AvastSvc.exe [576336 2022-05-16] (Avast Software s.r.o. -> AVAST Software)
R2 avast! Tools; C:\Program Files\Avast Software\Avast\aswToolsSvc.exe [576336 2022-05-16] (Avast Software s.r.o. -> AVAST Software)
S3 avastm; C:\Program Files (x86)\AVAST Software\Browser\Update\AvastBrowserUpdate.exe [194200 2020-10-11] (Avast Software s.r.o. -> AVAST Software)
S3 AvastSecureBrowserElevationService; C:\Program Files (x86)\AVAST Software\Browser\Application\101.0.16440.68\elevation_service.exe [1982752 2022-05-13] (Avast Software s.r.o. -> AVAST Software)
R2 AvastWscReporter; C:\Program Files\Avast Software\Avast\wsc_proxy.exe [56912 2021-06-01] (Avast Software s.r.o. -> AVAST Software)
S4 AvrcpService; C:\Program Files (x86)\REALTEK\Realtek Bluetooth\AvrcpService.exe [41176 2015-03-03] (Realtek Semiconductor Corp -> Realtek Semiconductor Corporation)
S4 BTDevManager; C:\Program Files (x86)\REALTEK\Realtek Bluetooth\BTDevMgr.exe [120024 2015-07-02] (Realtek Semiconductor Corp -> )
S4 CCSDK; C:\Program Files (x86)\Lenovo\CCSDK\CCSDK.exe [650680 2015-07-29] (LENOVO -> Lenovo)
R2 ClickToRunSvc; C:\Program Files\Microsoft Office 15\ClientX64\OfficeClickToRun.exe [3052952 2021-03-17] (Microsoft Corporation -> Microsoft Corporation)
S2 dbupdate; C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe [130320 2021-11-12] (Dropbox, Inc -> Dropbox, Inc.)
S3 dbupdatem; C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe [130320 2021-11-12] (Dropbox, Inc -> Dropbox, Inc.)
R2 DbxSvc; C:\WINDOWS\system32\DbxSvc.exe [45408 2022-05-21] (Dropbox, Inc -> Dropbox, Inc.)
R2 Dolby DAX2 API Service; C:\Program Files\Dolby\Dolby DAX2\DAX2_API\DolbyDAX2API.exe [194048 2017-04-10] (Dolby Laboratories, Inc. -> Dolby Laboratories, Inc.)
S4 GDCAgent; C:\Program Files (x86)\Lenovo\GDCAgentSetupRed\GDCAgent.exe [1155512 2015-07-30] (LENOVO -> Lenovo)
R2 HPPrintScanDoctorService; C:\Program Files\HPPrintScanDoctor\HPPrintScanDoctorService.exe [223904 2022-04-30] (HP Inc. -> HP Inc.)
R2 HPSLPSVC; C:\Program Files (x86)\HP\Digital Imaging\bin\HPSLPSVC64.DLL [1039360 2011-08-18] (Hewlett-Packard Co.) [File not signed]
R2 HPSupportSolutionsFrameworkService; C:\Program Files (x86)\Hewlett-Packard\HP Support Solutions\HPSupportSolutionsFrameworkService.exe [379736 2020-08-20] (HP Inc. -> HP Inc.)
S2 HPTouchpointAnalyticsService; C:\Program Files\HP\HP Touchpoint Analytics Client\TouchpointAnalyticsClientService.exe [332216 2017-11-25] (HP Inc. -> HP Inc.)
R2 ImControllerService; C:\WINDOWS\Lenovo\ImController\Service\Lenovo.Modern.ImController.exe [84240 2022-01-28] (Lenovo -> Lenovo Group Ltd.)
R2 LenovoVantageService; C:\Program Files (x86)\Lenovo\VantageService\3.12.13.0\LenovoVantageService.exe [29968 2022-03-20] (Lenovo -> Lenovo Group Ltd.)
S4 LSC.Services.SystemService; C:\Program Files\Lenovo\Lenovo Solution Center\App\LSC.Services.SystemService.exe [273232 2016-06-02] (LENOVO -> Lenovo)
R2 MBAMService; C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe [8524512 2022-05-21] (Malwarebytes Inc. -> Malwarebytes)
S2 Net Driver HPZ12; C:\Windows\System32\HPZinw12.dll [71680 2010-08-06] (Hewlett-Packard) [File not signed]
S2 Pml Driver HPZ12; C:\Windows\System32\HPZipm12.dll [89600 2010-08-06] (Hewlett-Packard) [File not signed]
R2 RAS RDP Backend Service; C:\Program Files\Parallels\Client\x86\TuxWinClientService.exe [3638040 2021-10-28] (Parallels International GmbH -> Parallels International GmbH.)
S4 ShareItSvc; C:\Program Files (x86)\Lenovo\SHAREit\Shareit.Service.exe [31176 2016-01-20] (LENOVO -> SHAREit Technologies Co.Ltd)
R2 TeamViewer; C:\Program Files\TeamViewer\TeamViewer_Service.exe [14754088 2021-11-06] (TeamViewer Germany GmbH -> TeamViewer Germany GmbH)
S3 WdNisSvc; C:\ProgramData\Microsoft\Windows Defender\platform\4.18.2009.7-0\NisSrv.exe [2372048 2020-10-07] (Microsoft Windows Publisher -> Microsoft Corporation)
S3 WinDefend; C:\ProgramData\Microsoft\Windows Defender\platform\4.18.2009.7-0\MsMpEng.exe [128376 2020-10-07] (Microsoft Windows Publisher -> Microsoft Corporation)
===================== Drivers (Whitelisted) ===================
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
S0 amdkmafd; C:\WINDOWS\System32\drivers\amdkmafd.sys [49448 2016-08-18] (Advanced Micro Devices, Inc. -> Advanced Micro Devices, Inc.)
S3 AppleLowerFilter; C:\WINDOWS\System32\drivers\AppleLowerFilter.sys [35560 2018-05-10] (WDKTestCert build,131474841775766162 -> Apple Inc.)
R0 aswArDisk; C:\WINDOWS\System32\drivers\aswArDisk.sys [38936 2022-05-16] (Avast Software s.r.o. -> AVAST Software)
R1 aswArPot; C:\WINDOWS\System32\drivers\aswArPot.sys [232648 2022-05-16] (Avast Software s.r.o. -> AVAST Software)
R1 aswbidsdriver; C:\WINDOWS\System32\drivers\aswbidsdriver.sys [381616 2022-05-16] (Avast Software s.r.o. -> AVAST Software)
R0 aswbidsh; C:\WINDOWS\System32\drivers\aswbidsh.sys [255144 2022-05-16] (Avast Software s.r.o. -> AVAST Software)
R0 aswbuniv; C:\WINDOWS\System32\drivers\aswbuniv.sys [102568 2022-05-16] (Avast Software s.r.o. -> AVAST Software)
R0 aswElam; C:\WINDOWS\System32\drivers\aswElam.sys [21936 2021-10-02] (Microsoft Windows Early Launch Anti-malware Publisher -> AVAST Software)
R1 aswKbd; C:\WINDOWS\System32\drivers\aswKbd.sys [44568 2022-05-16] (Avast Software s.r.o. -> AVAST Software)
R1 aswMonFlt; C:\WINDOWS\System32\drivers\aswMonFlt.sys [271592 2022-05-16] (Avast Software s.r.o. -> AVAST Software)
R1 aswNetHub; C:\WINDOWS\System32\drivers\aswNetHub.sys [548976 2022-05-16] (Avast Software s.r.o. -> AVAST Software)
R1 aswRdr; C:\WINDOWS\System32\drivers\aswRdr2.sys [111056 2022-05-16] (Avast Software s.r.o. -> AVAST Software)
R0 aswRvrt; C:\WINDOWS\System32\drivers\aswRvrt.sys [86120 2022-05-16] (Avast Software s.r.o. -> AVAST Software)
R1 aswSnx; C:\WINDOWS\System32\drivers\aswSnx.sys [857488 2022-05-16] (Avast Software s.r.o. -> AVAST Software)
R1 aswSP; C:\WINDOWS\System32\drivers\aswSP.sys [558768 2022-05-16] (Avast Software s.r.o. -> AVAST Software)
R2 aswStm; C:\WINDOWS\System32\drivers\aswStm.sys [218088 2022-05-16] (Avast Software s.r.o. -> AVAST Software)
R0 aswVmm; C:\WINDOWS\System32\drivers\aswVmm.sys [317832 2022-05-16] (Avast Software s.r.o. -> AVAST Software)
S3 BthA2dp; C:\WINDOWS\System32\drivers\BthA2dp.sys [279040 2019-12-07] (Microsoft Corporation) [File not signed]
S3 BthHFEnum; C:\WINDOWS\System32\drivers\bthhfenum.sys [144896 2019-12-07] (Microsoft Corporation) [File not signed]
S3 CSRBC; C:\WINDOWS\System32\Drivers\rider64.sys [38400 2015-03-10] (Microsoft Windows Hardware Compatibility Publisher -> CSR plc.)
R1 ESProtectionDriver; C:\WINDOWS\system32\drivers\mbae64.sys [103888 2022-04-21] (Microsoft Windows Hardware Compatibility Publisher -> Malwarebytes)
S3 ew_usbccgpfilter; C:\WINDOWS\System32\drivers\ew_usbccgpfilter.sys [18944 2019-12-27] (Microsoft Windows Hardware Compatibility Publisher -> Huawei Technologies Co., Ltd.)
S3 GeneStor; C:\WINDOWS\system32\DRIVERS\GeneStor.sys [188840 2015-08-29] (GENESYS LOGIC, INC. -> GenesysLogic)
R2 MBAMChameleon; C:\WINDOWS\System32\Drivers\MbamChameleon.sys [223176 2022-05-21] (Microsoft Windows Hardware Compatibility Publisher -> Malwarebytes)
S0 MbamElam; C:\WINDOWS\System32\DRIVERS\MbamElam.sys [21480 2022-04-21] (Microsoft Windows Early Launch Anti-malware Publisher -> Malwarebytes)
R3 MBAMFarflt; C:\WINDOWS\System32\DRIVERS\farflt.sys [194512 2022-05-31] (Microsoft Windows Hardware Compatibility Publisher -> Malwarebytes)
R3 MBAMProtection; C:\WINDOWS\system32\DRIVERS\mbam.sys [74688 2022-05-31] (Microsoft Windows Hardware Compatibility Publisher -> Malwarebytes)
R3 MBAMSwissArmy; C:\WINDOWS\System32\Drivers\mbamswissarmy.sys [239560 2022-05-30] (Microsoft Windows Hardware Compatibility Publisher -> Malwarebytes)
R3 MBAMWebProtection; C:\WINDOWS\system32\DRIVERS\mwac.sys [181992 2022-05-31] (Malwarebytes Inc. -> Malwarebytes)
S3 RtkA2dp; C:\WINDOWS\system32\drivers\RtkA2dp.sys [182288 2015-05-21] (Microsoft Windows Hardware Compatibility Publisher -> Realtek Semiconductor Corporation)
S3 RtkAvrcpCtrlr; C:\WINDOWS\System32\drivers\RtkAvrcpCtrlr.sys [70672 2015-05-12] (Microsoft Windows Hardware Compatibility Publisher -> Realtek Semiconductor Corporation)
S3 Ser2pl; C:\WINDOWS\system32\DRIVERS\ser2pl64.sys [262160 2019-08-11] (WDKTestCert charles-yeh,132058328970830801 -> Prolific Technology Inc.)
S3 ssudmdm; C:\WINDOWS\system32\DRIVERS\ssudmdm.sys [221824 2016-04-25] (Samsung Electronics CO., LTD. -> Samsung Electronics Co., Ltd.)
S3 WdBoot; C:\WINDOWS\system32\drivers\wd\WdBoot.sys [48536 2020-10-07] (Microsoft Windows Early Launch Anti-malware Publisher -> Microsoft Corporation)
S3 WDC_SAM; C:\WINDOWS\System32\drivers\wdcsam64.sys [26880 2018-06-04] (WDKTestCert wdclab,130885612892544312 -> Western Digital Technologies, Inc.)
S3 WdFilter; C:\WINDOWS\system32\drivers\wd\WdFilter.sys [428264 2020-10-07] (Microsoft Windows -> Microsoft Corporation)
R1 wdfsconnect2017; C:\WINDOWS\system32\drivers\wdfsconnect2017.sys [468112 2017-11-21] (Microsoft Windows Hardware Compatibility Publisher -> Western Digital Technologies, Inc.)
S3 WdNisDrv; C:\WINDOWS\System32\drivers\wd\WdNisDrv.sys [69864 2020-10-07] (Microsoft Windows -> Microsoft Corporation)
R3 wdvpnpbus; C:\WINDOWS\System32\drivers\wdvpnpbus.sys [20624 2017-11-21] (Microsoft Windows Hardware Compatibility Publisher -> Western Digital Technologies, Inc.)
S3 wsvd; C:\WINDOWS\system32\DRIVERS\wsvd.sys [102376 2012-06-13] (CyberLink -> "CyberLink)
==================== NetSvcs (Whitelisted) ===================
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
==================== One month (created) (Whitelisted) =========
(If an entry is included in the fixlist, the file/folder will be moved.)
2022-06-01 22:59 - 2022-06-01 23:15 - 000057096 _____ C:\Users\molli\Desktop\Addition.txt
2022-06-01 22:35 - 2022-06-02 17:57 - 000042357 _____ C:\Users\molli\Desktop\FRST.txt
2022-06-01 22:29 - 2022-06-01 22:30 - 002072576 _____ (Farbar) C:\Users\molli\Downloads\FRST.exe
2022-06-01 22:22 - 2022-06-01 22:22 - 002367488 _____ (Farbar) C:\Users\molli\Downloads\FRST64 (1).exe
2022-06-01 22:20 - 2022-06-01 22:21 - 002367488 _____ (Farbar) C:\Users\molli\Desktop\FRST64.exe
2022-05-31 22:11 - 2022-05-31 22:11 - 000194512 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\farflt.sys
2022-05-31 22:11 - 2022-05-31 22:11 - 000181992 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\mwac.sys
2022-05-31 22:11 - 2022-05-31 22:11 - 000074688 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\mbam.sys
2022-05-30 04:45 - 2022-05-30 04:45 - 000239560 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\mbamswissarmy.sys
2022-05-26 18:12 - 2022-05-26 18:12 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Dropbox
2022-05-21 15:03 - 2022-05-21 15:03 - 000047600 _____ (Dropbox, Inc.) C:\WINDOWS\system32\Drivers\dbx-stable.sys
2022-05-21 15:03 - 2022-05-21 15:03 - 000047600 _____ (Dropbox, Inc.) C:\WINDOWS\system32\Drivers\dbx-dev.sys
2022-05-21 15:03 - 2022-05-21 15:03 - 000047600 _____ (Dropbox, Inc.) C:\WINDOWS\system32\Drivers\dbx-canary.sys
2022-05-21 15:03 - 2022-05-21 15:03 - 000045408 _____ (Dropbox, Inc.) C:\WINDOWS\system32\DbxSvc.exe
2022-05-21 13:55 - 2022-05-21 13:55 - 000223176 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\MbamChameleon.sys
2022-05-21 12:46 - 2022-05-21 12:46 - 000014244 _____ C:\Users\molli\Downloads\2bf121a1.kml
2022-05-16 22:28 - 2022-05-16 22:27 - 000287056 _____ (AVAST Software) C:\WINDOWS\system32\aswBoot.exe
2022-05-16 22:28 - 2022-05-16 22:27 - 000218088 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswStm.sys
2022-05-12 20:00 - 2022-05-12 20:00 - 006971326 _____ C:\Users\molli\Downloads\YourDocuments (2).pdf
2022-05-10 20:38 - 2022-05-10 20:38 - 000011799 _____ C:\WINDOWS\system32\DrtmAuthTxt.wim
2022-05-10 20:35 - 2022-05-10 20:35 - 000288768 _____ C:\WINDOWS\system32\Windows.Management.InprocObjects.dll
2022-05-10 20:35 - 2022-05-10 20:35 - 000093696 _____ C:\WINDOWS\system32\Drivers\cimfs.sys
2022-05-10 19:28 - 2022-05-10 19:28 - 000000000 ___HD C:\$WinREAgent
2022-05-04 22:30 - 2022-05-04 22:30 - 000041152 _____ C:\Users\molli\Downloads\Seating_Plan.pdf
2022-05-04 22:30 - 2022-05-04 22:30 - 000041152 _____ C:\Users\molli\Downloads\Seating_Plan (1).pdf
2022-05-04 20:17 - 2022-05-04 20:42 - 001372388 _____ C:\WINDOWS\Minidump\050422-51359-01.dmp
==================== One month (modified) ==================
(If an entry is included in the fixlist, the file/folder will be moved.)
2022-06-02 18:00 - 2019-03-19 22:04 - 000000000 ____D C:\Users\molli\AppData\Local\BitTorrentHelper
2022-06-02 18:00 - 2016-04-09 21:17 - 000000000 ____D C:\Users\molli\AppData\Roaming\uTorrent
2022-06-02 17:59 - 2021-11-15 15:26 - 000000000 ____D C:\Users\molli\AppData\Roaming\RingCentral
2022-06-02 17:55 - 2022-01-28 00:33 - 000000000 ____D C:\FRST
2022-06-02 17:51 - 2020-11-22 16:37 - 000000000 ____D C:\WINDOWS\system32\SleepStudy
2022-06-02 17:37 - 2016-03-31 11:14 - 000000000 ____D C:\Program Files (x86)\Google
2022-06-02 17:01 - 2019-12-07 10:14 - 000000000 ____D C:\ProgramData\regid.1991-06.com.microsoft
2022-06-02 07:32 - 2016-04-01 22:42 - 000000000 ____D C:\Users\molli\Desktop\Watch Me
2022-06-02 03:51 - 2021-06-10 15:40 - 000000000 ____D C:\Users\molli\AppData\LocalLow\IGDump
2022-06-01 23:29 - 2019-12-07 10:14 - 000000000 ___HD C:\Program Files\WindowsApps
2022-06-01 23:29 - 2019-12-07 10:14 - 000000000 ____D C:\WINDOWS\AppReadiness
2022-06-01 23:29 - 2018-07-14 00:21 - 000000000 ____D C:\ProgramData\Packages
2022-06-01 22:21 - 2021-11-15 15:34 - 000000000 ____D C:\Users\molli\AppData\Roaming\2XClient
2022-06-01 22:18 - 2020-11-22 17:31 - 000004264 _____ C:\WINDOWS\system32\Tasks\Avast Emergency Update
2022-06-01 22:17 - 2022-03-12 16:10 - 000000000 ____D C:\Users\molli\AppData\Roaming\Meetings
2022-06-01 22:17 - 2019-12-07 10:50 - 000000000 ____D C:\WINDOWS\system32\FxsTmp
2022-05-31 22:47 - 2016-03-31 11:15 - 000002308 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk
2022-05-31 21:28 - 2022-04-24 06:45 - 000000000 ____D C:\Users\molli\AppData\LocalLow\uTorrent
2022-05-31 21:04 - 2021-11-15 15:15 - 000000000 ____D C:\Program Files\TeamViewer
2022-05-31 21:04 - 2020-11-22 17:31 - 000000006 ____H C:\WINDOWS\Tasks\SA.DAT
2022-05-31 21:04 - 2020-11-22 16:36 - 000008192 ___SH C:\DumpStack.log.tmp
2022-05-31 21:04 - 2019-12-07 10:14 - 000000000 ____D C:\WINDOWS\ServiceState
2022-05-30 21:38 - 2020-11-30 21:26 - 000003270 _____ C:\WINDOWS\system32\Tasks\MicrosoftEdgeUpdateTaskMachineCore1d6c0e950b0a570
2022-05-30 21:38 - 2020-11-22 17:31 - 000003482 _____ C:\WINDOWS\system32\Tasks\Adobe Acrobat Update Task
2022-05-30 21:38 - 2020-11-22 17:31 - 000003464 _____ C:\WINDOWS\system32\Tasks\MicrosoftEdgeUpdateTaskMachineUA
2022-05-30 21:38 - 2020-11-22 17:31 - 000003348 _____ C:\WINDOWS\system32\Tasks\GoogleUpdateTaskMachineUA
2022-05-30 21:38 - 2020-11-22 17:31 - 000003154 _____ C:\WINDOWS\system32\Tasks\GoogleUpdateTaskMachineCore1d602e9b9647972
2022-05-30 21:38 - 2020-11-22 17:31 - 000000000 ____D C:\WINDOWS\system32\Tasks\Avast Software
2022-05-29 00:34 - 2016-11-14 22:05 - 000000000 ____D C:\Users\molli\AppData\Local\CrashDumps
2022-05-26 18:41 - 2020-10-11 22:44 - 000002505 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Avast Secure Browser.lnk
2022-05-26 18:15 - 2016-04-18 23:33 - 000000000 ____D C:\Program Files (x86)\Dropbox
2022-05-25 17:15 - 2020-11-22 16:49 - 000000000 ____D C:\Users\molli
2022-05-24 12:22 - 2016-11-12 21:07 - 000000000 ____D C:\ProgramData\AVAST Software
2022-05-24 12:20 - 2015-11-28 20:34 - 000000000 ____D C:\ProgramData\Realtek
2022-05-24 12:19 - 2019-12-07 10:03 - 000786432 _____ C:\WINDOWS\system32\config\BBI
2022-05-24 12:18 - 2017-06-04 02:49 - 000065536 _____ C:\WINDOWS\system32\spu_storage.bin
2022-05-24 12:18 - 2017-06-04 02:49 - 000065536 _____ C:\WINDOWS\psp_storage.bin
2022-05-23 20:39 - 2019-12-07 10:14 - 000000000 ____D C:\WINDOWS\LiveKernelReports
2022-05-23 20:38 - 2019-12-07 10:13 - 000000000 ____D C:\WINDOWS\INF
2022-05-21 19:32 - 2020-06-03 23:58 - 000002445 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Edge.lnk
2022-05-21 14:10 - 2020-11-22 17:07 - 000840602 _____ C:\WINDOWS\system32\PerfStringBackup.INI
2022-05-21 09:13 - 2021-06-01 23:29 - 000002040 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes.lnk
2022-05-21 09:13 - 2021-06-01 23:29 - 000002028 _____ C:\Users\Public\Desktop\Malwarebytes.lnk
2022-05-21 09:10 - 2021-06-01 22:09 - 000000000 ____D C:\Program Files\Malwarebytes
2022-05-21 09:10 - 2016-11-13 22:42 - 000000000 ____D C:\ProgramData\Malwarebytes
2022-05-19 20:21 - 2021-05-10 13:42 - 000000000 ____D C:\Users\molli\AppData\Roaming\vlc
2022-05-16 22:49 - 2020-10-11 22:37 - 000381616 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswbidsdriver.sys
2022-05-16 22:42 - 2020-10-11 22:37 - 000317832 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswVmm.sys
2022-05-16 22:28 - 2019-12-07 10:14 - 000000000 ___HD C:\WINDOWS\ELAMBKUP
2022-05-16 22:27 - 2020-10-11 22:37 - 000558768 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswSP.sys
2022-05-16 22:27 - 2020-10-11 22:37 - 000548976 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswNetHub.sys
2022-05-16 22:27 - 2020-10-11 22:37 - 000271592 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswMonFlt.sys
2022-05-16 22:27 - 2020-10-11 22:37 - 000255144 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswbidsh.sys
2022-05-16 22:27 - 2020-10-11 22:37 - 000111056 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswRdr2.sys
2022-05-16 22:27 - 2020-10-11 22:37 - 000102568 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswbuniv.sys
2022-05-16 22:27 - 2020-10-11 22:37 - 000086120 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswRvrt.sys
2022-05-16 22:27 - 2020-10-11 22:37 - 000044568 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswKbd.sys
2022-05-16 22:26 - 2020-10-11 22:37 - 000857488 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswSnx.sys
2022-05-16 22:26 - 2020-10-11 22:37 - 000232648 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswArPot.sys
2022-05-16 22:26 - 2020-10-11 22:37 - 000038936 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswArDisk.sys
2022-05-13 07:22 - 2016-05-02 22:45 - 000000000 ____D C:\Users\molli\Desktop\excel spread sheets
2022-05-11 00:20 - 2020-11-22 16:37 - 000452184 _____ C:\WINDOWS\system32\FNTCACHE.DAT
2022-05-11 00:15 - 2019-12-07 10:14 - 000000000 ___SD C:\WINDOWS\system32\UNP
2022-05-11 00:15 - 2019-12-07 10:14 - 000000000 ____D C:\WINDOWS\SystemResources
2022-05-11 00:15 - 2019-12-07 10:14 - 000000000 ____D C:\WINDOWS\system32\migwiz
2022-05-11 00:14 - 2019-12-07 10:14 - 000000000 ___RD C:\WINDOWS\ImmersiveControlPanel
2022-05-11 00:14 - 2019-12-07 10:14 - 000000000 ____D C:\WINDOWS\bcastdvr
2022-05-11 00:14 - 2019-12-07 10:14 - 000000000 ____D C:\Program Files\Common Files\System
2022-05-10 21:00 - 2019-12-07 10:03 - 000000000 ____D C:\WINDOWS\CbsTemp
2022-05-10 19:20 - 2016-04-11 02:11 - 000000000 ____D C:\WINDOWS\system32\MRT
2022-05-10 19:13 - 2016-04-11 02:11 - 145501456 ____C (Microsoft Corporation) C:\WINDOWS\system32\MRT.exe
2022-05-04 20:43 - 2021-02-01 05:48 - 000000000 ____D C:\WINDOWS\Minidump
2022-05-04 20:17 - 2021-09-05 22:55 - 1113401607 _____ C:\WINDOWS\MEMORY.DMP
==================== Files in the root of some directories ========
2016-11-12 21:50 - 2016-11-03 08:32 - 002594688 _____ (COMODO) C:\Users\molli\AppData\Roaming\temp~ccavstart.exe
2016-11-12 21:50 - 2016-11-03 08:32 - 003856048 _____ (Terra Informatica Software, Inc.) C:\Users\molli\AppData\Roaming\temp~cmdhtml.dll
2016-11-16 22:34 - 2016-11-24 16:10 - 000042847 _____ () C:\Users\molli\AppData\Local\BTServer.log
2018-10-24 16:32 - 2018-10-24 16:32 - 000000000 _____ () C:\Users\molli\AppData\Local\{823E5C07-0FD7-4076-BCF6-EAFEAD04A47D}
==================== SigCheck ============================
(There is no automatic fix for files that do not pass verification.)
==================== End of FRST.txt ========================
-
June 2nd, 2022, 03:59 PM
#10
Additional Part 1
Additional scan result of Farbar Recovery Scan Tool (x64) Version: 31-05-2022 01
Ran by molli (02-06-2022 18:01:18)
Running from C:\Users\molli\Desktop
Microsoft Windows 10 Home Version 21H2 19044.1706 (X64) (2020-11-22 16:35:14)
Boot Mode: Normal
==========================================================
==================== Accounts: =============================
(If an entry is included in the fixlist, it will be removed.)
Administrator (S-1-5-21-3805500227-4192919812-1505005631-500 - Administrator - Disabled)
DefaultAccount (S-1-5-21-3805500227-4192919812-1505005631-503 - Limited - Disabled)
Guest (S-1-5-21-3805500227-4192919812-1505005631-501 - Limited - Disabled)
molli (S-1-5-21-3805500227-4192919812-1505005631-1002 - Administrator - Enabled) => C:\Users\molli
WDAGUtilityAccount (S-1-5-21-3805500227-4192919812-1505005631-504 - Limited - Disabled)
==================== Security Center ========================
(If an entry is included in the fixlist, it will be removed.)
AV: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AV: Avast Antivirus (Enabled - Up to date) {EB19B86E-3998-C706-90EF-92B41EB091AF}
AV: Malwarebytes (Enabled - Up to date) {23007AD3-69FE-687C-2629-D584AFFAF72B}
==================== Installed Programs ======================
(Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)
µTorrent (HKU\S-1-5-21-3805500227-4192919812-1505005631-1002\...\uTorrent) (Version: 3.5.5.46248 - BitTorrent Inc.)
64 Bit HP CIO Components Installer (HKLM\...\{FF21C3E6-97FD-474F-9518-8DCBE94C2854}) (Version: 7.2.8 - Hewlett-Packard) Hidden
7-Zip 18.06 (x64) (HKLM\...\7-Zip) (Version: 18.06 - Igor Pavlov)
7-Zip 19.00 (x64 edition) (HKLM\...\{23170F69-40C1-2702-1900-000001000000}) (Version: 19.00.00.0 - Igor Pavlov)
Avast Free Antivirus (HKLM\...\Avast Antivirus) (Version: 22.4.6011 - Avast Software)
Avast Secure Browser (HKLM-x32\...\Avast Secure Browser) (Version: 101.0.16440.68 - AVAST Software)
Avast Update Helper (HKLM-x32\...\{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}) (Version: 1.8.1065.0 - AVAST Software) Hidden
Cardo Updater (HKLM-x32\...\Cardo Updater_is1) (Version: - Cardo Systems, Inc.)
Cisco EAP-FAST Module (HKLM-x32\...\{64BF0187-F3D2-498B-99EA-163AF9AE6EC9}) (Version: 2.2.14 - Cisco Systems, Inc.)
Cisco LEAP Module (HKLM-x32\...\{AF312B06-5C5C-468E-89B3-BE6DE2645722}) (Version: 1.0.19 - Cisco Systems, Inc.)
Cisco PEAP Module (HKLM-x32\...\{0A4EF0E6-A912-4CDE-A7F3-6E56E7C13A2F}) (Version: 1.1.6 - Cisco Systems, Inc.)
Components (HKLM-x32\...\{1720B0E0-C520-43A6-B677-97A1D80F3B99}) (Version: 1.0.023.00 - Lenovo) Hidden
CutePDF Writer 3.1 (HKLM\...\CutePDF Writer Installation) (Version: 3.1 - Acro Software Inc.)
Dolby Audio X2 Windows API SDK (HKLM\...\{68B3293E-612B-48B4-BC0F-4CCFBF83AB96}) (Version: 0.8.2.76 - Dolby Laboratories, Inc.)
Dolby Audio X2 Windows APP (HKLM\...\{7DA57EF8-9D20-4126-AF15-D0CC97D0C017}) (Version: 0.4.0.22 - Dolby Laboratories, Inc.)
Dropbox (HKLM-x32\...\Dropbox) (Version: 149.4.4568 - Dropbox, Inc.)
Dropbox Update Helper (HKLM-x32\...\{099218A5-A723-43DC-8DB5-6173656A1E94}) (Version: 1.3.583.1 - Dropbox, Inc.) Hidden
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 102.0.5005.63 - Google LLC)
Lenovo Experience Improvement (HKLM\...\LenovoExperienceImprovement) (Version: 2.0.9.0 - Lenovo)
Lenovo FusionEngine (HKLM-x32\...\Lenovo FusionEngine) (Version: 1.0.13.0 - Lenovo, Inc.)
Lenovo OneKey Recovery (HKLM\...\{46F4D124-20E5-4D12-BE52-EC177A7A4B42}) (Version: 8.1.0.5708 - CyberLink Corp.) Hidden
Lenovo OneKey Recovery (HKLM-x32\...\InstallShield_{46F4D124-20E5-4D12-BE52-EC177A7A4B42}) (Version: 8.1.0.5708 - CyberLink Corp.)
Lenovo Photo Master (HKLM-x32\...\{BC94C56A-3649-420C-8756-2ADEBE399D33}) (Version: 2.5.5720.01 - CyberLink Corp.)
Lenovo pointing device (HKLM\...\Elantech) (Version: 11.4.71.2 - ELAN Microelectronic Corp.)
Lenovo PowerDVD12 (HKLM-x32\...\{B46BEA36-0B71-4A4E-AE41-87241643FA0A}) (Version: 12.0.5604.55 - CyberLink Corp.) Hidden
Lenovo PowerDVD12 (HKLM-x32\...\InstallShield_{B46BEA36-0B71-4A4E-AE41-87241643FA0A}) (Version: 12.0.5604.55 - CyberLink Corp.)
Lenovo QuickOptimizer (HKLM\...\{8D2C871B-1B9F-45AC-9C43-2BB18089CDFA}) (Version: 1.0.022.00 - Lenovo)
Lenovo Service Bridge (HKU\S-1-5-21-3805500227-4192919812-1505005631-1002\...\{2C74547D-EF88-47F4-85F5-BE46A31E26B7}_is1) (Version: 4.0.6.7 - Lenovo)
Lenovo Solution Center (HKLM\...\{C1FC707B-AE6B-4DC4-89A5-6628A01F8103}) (Version: 3.3.003.00 - Lenovo)
Lenovo System Interface Foundation (HKLM\...\{C2E5CA37-C862-4A69-AC6D-24F450A20C16}) (Version: 1.0.067.00 - Lenovo)
Lenovo System Update (HKLM-x32\...\TVSU_is1) (Version: 5.07.0136 - Lenovo)
Lenovo Vantage Service (HKLM-x32\...\VantageSRV_is1) (Version: 3.12.13.0 - Lenovo Group Ltd.)
LenovoUtility (HKLM-x32\...\{6ADA7E88-8D16-4D0D-BC90-2B93AC5E56DA}) (Version: 3.0.0.4 - Lenovo) Hidden
LenovoUtility (HKLM-x32\...\InstallShield_{6ADA7E88-8D16-4D0D-BC90-2B93AC5E56DA}) (Version: 3.0.0.4 - Lenovo)
Malwarebytes version 4.5.9.198 (HKLM\...\{35065F43-4BB2-439A-BFF7-0F1014F2E0CD}_is1) (Version: 4.5.9.198 - Malwarebytes)
Metric Collection SDK (HKLM-x32\...\{DDAA788F-52E6-44EA-ADB8-92837B11BF26}) (Version: 1.1.0012.00 - Lenovo Group Limited) Hidden
Metric Collection SDK 35 (HKLM-x32\...\{C2B5B5B0-2545-4E94-B4BA-548D4BF0B196}) (Version: 1.2.0010.00 - Lenovo Group Limited) Hidden
Microsoft OneDrive (HKU\S-1-5-21-3805500227-4192919812-1505005631-1002\...\OneDriveSetup.exe) (Version: 21.139.0711.0001 - Microsoft Corporation)
MY.GAMES GameCenter (HKU\S-1-5-21-3805500227-4192919812-1505005631-1002\...\GameCenter) (Version: 4.1663 - MY.COM B.V.)
OCR Software by I.R.I.S. 14.0 (HKLM\...\HPOCR) (Version: 14.0 - HP)
OEM Application Profile (HKLM-x32\...\{B4B7FD8F-06FC-E277-4F29-8F75F8281D8F}) (Version: 1.00.0000 - Advanced Micro Devices, Inc.)
Office 15 Click-to-Run Extensibility Component (HKLM-x32\...\{90150000-008C-0000-0000-0000000FF1CE}) (Version: 15.0.5423.1000 - Microsoft Corporation) Hidden
Office 15 Click-to-Run Licensing Component (HKLM\...\{90150000-008F-0000-1000-0000000FF1CE}) (Version: 15.0.5423.1000 - Microsoft Corporation) Hidden
Office 15 Click-to-Run Localization Component (HKLM-x32\...\{90150000-008C-0409-0000-0000000FF1CE}) (Version: 15.0.5423.1000 - Microsoft Corporation) Hidden
Parallels Client-64 bit (HKLM\...\{6BD6F307-41E8-4570-9D5C-E03C34A81C00}) (Version: 18.2.22862 - Parallels International GmbH)
Product Improvement Study for HP OfficeJet 8010 series (HKLM\...\{3A0E9F23-78FD-4AE0-BD79-59D37E6046DE}) (Version: 49.10.4647.21322 - HP Inc.)
REACHit (HKLM-x32\...\{4532E4C5-C84D-4040-A044-ECFCC5C6995B}) (Version: 2.5.005.12 - Lenovo)
REALTEK Bluetooth Driver (HKLM-x32\...\{9D3D8C60-A5EF-4123-B2B9-172095903AB}) (Version: 3.868.867.071015 - REALTEK Semiconductor Corp.)
Realtek Ethernet Controller Driver (HKLM-x32\...\{8833FFB6-5B0C-4764-81AA-06DFEED9A476}) (Version: 10.1.505.2015 - Realtek)
REALTEK Wireless LAN Driver (HKLM-x32\...\{9DAABC60-A5EF-41FF-B2B9-17329590CD5}) (Version: 1.00.0276 - REALTEK Semiconductor Corp.)
RingCentral (HKU\S-1-5-21-3805500227-4192919812-1505005631-1002\...\584acf4c-ebc3-56fa-9cfd-586227f098ba) (Version: 22.2.20 - RingCentral)
SHAREit (HKLM-x32\...\SHAREit_is1) (Version: 3.2.0.543 - Lenovo)
Sky Go 21.3.2.0 (HKU\S-1-5-21-3805500227-4192919812-1505005631-1002\...\com.bskyb.skygoplayer_is1) (Version: 21.3.2.0 - Sky)
Skype version 8.83 (HKLM-x32\...\Skype_is1) (Version: 8.83 - Skype Technologies S.A.)
TeamViewer (HKLM\...\TeamViewer) (Version: 15.23.9 - TeamViewer)
Update for Windows 10 for x64-based Systems (KB5001716) (HKLM\...\{82BD0A1C-815F-487F-9AE7-CE73DA413CFF}) (Version: 4.91.0.0 - Microsoft Corporation)
User Manuals (HKLM-x32\...\{F07C2CF8-4C53-4EC3-8162-A6221E36EB88}) (Version: 4.0.0.1 - Lenovo) Hidden
User Manuals (HKLM-x32\...\InstallShield_{F07C2CF8-4C53-4EC3-8162-A6221E36EB88}) (Version: 4.0.0.1 - Lenovo)
VLC media player (HKLM\...\VLC media player) (Version: 3.0.13 - VideoLAN)
Vulkan Run Time Libraries 1.0.26.0 (HKLM\...\VulkanRT1.0.26.0) (Version: 1.0.26.0 - LunarG, Inc.) Hidden
Vulkan Run Time Libraries 1.0.26.0 (HKLM\...\VulkanRT1.0.26.0-2) (Version: 1.0.26.0 - LunarG, Inc.)
Vulkan Run Time Libraries 1.0.65.0 (HKLM\...\VulkanRT1.0.65.0) (Version: 1.0.65.0 - LunarG, Inc.) Hidden
WD Desktop App 2.1.0.313 (HKLM-x32\...\{756e70ec-1fb0-41c8-896b-df0302d17bff}) (Version: 2.1.0.313 - Western Digital Corporation) Hidden
WD Desktop App 2.1.0.313 (x64) (HKLM\...\{CA7F7232-526E-41BD-971A-47BE28C18516}) (Version: 2.1.0.313 - Western Digital Corporation) Hidden
WD Discovery (HKLM-x32\...\WDDiscovery) (Version: 4.3.327 - Western Digital Technologies, Inc.)
WD SES Driver Setup (HKLM-x32\...\{924A274D-38B6-4930-8859-F3F51CFA8DDD}) (Version: 1.1.0.25 - Western Digital) Hidden
Zoom (HKU\S-1-5-21-3805500227-4192919812-1505005631-1002\...\ZoomUMX) (Version: 5.5.2 (12494.0204) - Zoom Video Communications, Inc.)
Packages:
=========
HP Smart -> C:\Program Files\WindowsApps\AD2F1837.HPPrinterControl_136.1.269.0_x64__v10z8vjag6ke6 [2022-05-22] (HP Inc.)
Lenovo Account Portal -> C:\Program Files\WindowsApps\LenovoCorporation.LenovoID_2.0.37.0_x86__4642shxvsv8s2 [2022-05-22] (LENOVO INCORPORATED.)
Lenovo Settings -> C:\Program Files\WindowsApps\LenovoCorporation.LenovoSettings_3.177.0.0_x86__4642shxvsv8s2 [2022-03-29] (LENOVO INCORPORATED.)
Lenovo Vantage -> C:\Program Files\WindowsApps\E046963F.LenovoCompanion_10.2204.14.0_x64__k1h2ywk1493x8 [2022-04-25] (LENOVO INC.)
Microsoft Advertising SDK for XAML -> C:\Program Files\WindowsApps\Microsoft.Advertising.Xaml_10.1811.1.0_x64__8wekyb3d8bbwe [2019-01-17] (Microsoft Corporation) [MS Ad]
Microsoft Advertising SDK for XAML -> C:\Program Files\WindowsApps\Microsoft.Advertising.Xaml_10.1811.1.0_x86__8wekyb3d8bbwe [2019-01-17] (Microsoft Corporation) [MS Ad]
Microsoft Solitaire Collection -> C:\Program Files\WindowsApps\Microsoft.MicrosoftSolitaireCollection_4.12.5120.0_x64__8wekyb3d8bbwe [2022-05-17] (Microsoft Studios) [MS Ad]
MPEG-2 Video Extension -> C:\Program Files\WindowsApps\Microsoft.MPEG2VideoExtension_1.0.50901.0_x64__8wekyb3d8bbwe [2022-05-03] (Microsoft Corporation)
Open PDF + -> C:\Program Files\WindowsApps\3538OpenOffice.OpenOfficePDF_1.25.0.2_neutral__nmw6e14cfhspc [2017-04-05] (Open PDF, Word, Excel)
Photos Media Engine Add-on -> C:\Program Files\WindowsApps\Microsoft.Photos.MediaEngineDLC_1.0.0.0_x64__8wekyb3d8bbwe [2020-03-26] (Microsoft Corporation)
==================== Custom CLSID (Whitelisted): ==============
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
CustomCLSID: HKU\S-1-5-21-3805500227-4192919812-1505005631-1002_Classes\CLSID\{E31EA727-12ED-4702-820C-4B6445F28E1A} -> [Dropbox] => C:\Users\molli\Dropbox [2016-04-18 23:36]
SSODL: WDFSMountNotificator-wdfsconnect2017 - {DBD7FD30-5740-4331-81CF-D711F322B06F} - C:\WINDOWS\system32\wdfsconnectMntNtf2017.dll (Western Digital Technologies, Inc.) [File not signed]
SSODL-x32: WDFSMountNotificator-wdfsconnect2017 - {DBD7FD30-5740-4331-81CF-D711F322B06F} - C:\WINDOWS\SysWOW64\wdfsconnectMntNtf2017.dll (Western Digital Technologies, Inc.) [File not signed]
ShellServiceObjects: Virtual Storage Mount Notification -> {DBD7FD30-5740-4331-81CF-D711F322B06F} => C:\WINDOWS\system32\wdfsconnectMntNtf2017.dll [2017-11-10] (Western Digital Technologies, Inc.) [File not signed]
ShellServiceObjects-x32: Virtual Storage Mount Notification -> {DBD7FD30-5740-4331-81CF-D711F322B06F} => C:\WINDOWS\SysWOW64\wdfsconnectMntNtf2017.dll [2017-11-10] (Western Digital Technologies, Inc.) [File not signed]
ShellIconOverlayIdentifiers: [ WDDesktopIconOverlay01] -> {4F8A325E-9DAF-44B8-A825-1A14DFA0FA78} => C:\Program Files\WD Desktop App\kda.DLL [2020-07-20] (Western Digital Technologies, Inc. -> Western Digital Corporation)
ShellIconOverlayIdentifiers: [ WDDesktopIconOverlay02] -> {0176BDDE-B59A-4A1E-808B-CAD461415CCA} => C:\Program Files\WD Desktop App\kda.DLL [2020-07-20] (Western Digital Technologies, Inc. -> Western Digital Corporation)
ShellIconOverlayIdentifiers: [ WDDesktopIconOverlay03] -> {B65909D1-57AF-41F5-AB94-BEB733F62B35} => C:\Program Files\WD Desktop App\kda.DLL [2020-07-20] (Western Digital Technologies, Inc. -> Western Digital Corporation)
ShellIconOverlayIdentifiers: [ WDDesktopIconOverlay04] -> {C6C2397D-8238-4332-8935-86C39C7C165F} => C:\Program Files\WD Desktop App\kda.DLL [2020-07-20] (Western Digital Technologies, Inc. -> Western Digital Corporation)
ShellIconOverlayIdentifiers: [ WDDesktopIconOverlay05] -> {E7B3BCF9-0386-4B5F-AE6A-91B9F1423973} => C:\Program Files\WD Desktop App\kda.DLL [2020-07-20] (Western Digital Technologies, Inc. -> Western Digital Corporation)
ShellIconOverlayIdentifiers: [ WDDesktopIconOverlay06] -> {564EA121-D9DA-485D-82C2-C2ED7BFCCEAD} => C:\Program Files\WD Desktop App\kda.DLL [2020-07-20] (Western Digital Technologies, Inc. -> Western Digital Corporation)
ShellIconOverlayIdentifiers: [ DropboxExt01] -> {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.52.0.dll [2022-01-19] (Dropbox, Inc -> Dropbox, Inc.)
ShellIconOverlayIdentifiers: [ DropboxExt02] -> {FB314EDF-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.52.0.dll [2022-01-19] (Dropbox, Inc -> Dropbox, Inc.)
ShellIconOverlayIdentifiers: [ DropboxExt03] -> {FB314EE1-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.52.0.dll [2022-01-19] (Dropbox, Inc -> Dropbox, Inc.)
ShellIconOverlayIdentifiers: [ DropboxExt04] -> {FB314EDB-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.52.0.dll [2022-01-19] (Dropbox, Inc -> Dropbox, Inc.)
ShellIconOverlayIdentifiers: [ DropboxExt05] -> {FB314EDA-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.52.0.dll [2022-01-19] (Dropbox, Inc -> Dropbox, Inc.)
ShellIconOverlayIdentifiers: [ DropboxExt06] -> {FB314EDC-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.52.0.dll [2022-01-19] (Dropbox, Inc -> Dropbox, Inc.)
ShellIconOverlayIdentifiers: [ DropboxExt07] -> {FB314EDD-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.52.0.dll [2022-01-19] (Dropbox, Inc -> Dropbox, Inc.)
ShellIconOverlayIdentifiers: [ DropboxExt08] -> {FB314EE0-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.52.0.dll [2022-01-19] (Dropbox, Inc -> Dropbox, Inc.)
ShellIconOverlayIdentifiers: [ DropboxExt09] -> {FB314EE2-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.52.0.dll [2022-01-19] (Dropbox, Inc -> Dropbox, Inc.)
ShellIconOverlayIdentifiers: [ DropboxExt10] -> {FB314EDE-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.52.0.dll [2022-01-19] (Dropbox, Inc -> Dropbox, Inc.)
ShellIconOverlayIdentifiers: [00asw] -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Program Files\Avast Software\Avast\ashShell.dll [2022-05-16] (Avast Software s.r.o. -> AVAST Software)
ShellIconOverlayIdentifiers-x32: [ DropboxExt01] -> {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.52.0.dll [2022-01-19] (Dropbox, Inc -> Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [ DropboxExt02] -> {FB314EDF-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.52.0.dll [2022-01-19] (Dropbox, Inc -> Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [ DropboxExt03] -> {FB314EE1-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.52.0.dll [2022-01-19] (Dropbox, Inc -> Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [ DropboxExt04] -> {FB314EDB-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.52.0.dll [2022-01-19] (Dropbox, Inc -> Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [ DropboxExt05] -> {FB314EDA-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.52.0.dll [2022-01-19] (Dropbox, Inc -> Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [ DropboxExt06] -> {FB314EDC-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.52.0.dll [2022-01-19] (Dropbox, Inc -> Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [ DropboxExt07] -> {FB314EDD-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.52.0.dll [2022-01-19] (Dropbox, Inc -> Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [ DropboxExt08] -> {FB314EE0-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.52.0.dll [2022-01-19] (Dropbox, Inc -> Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [ DropboxExt09] -> {FB314EE2-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.52.0.dll [2022-01-19] (Dropbox, Inc -> Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [ DropboxExt10] -> {FB314EDE-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.52.0.dll [2022-01-19] (Dropbox, Inc -> Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [00asw] -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Program Files\Avast Software\Avast\ashShell.dll [2022-05-16] (Avast Software s.r.o. -> AVAST Software)
ContextMenuHandlers1: [7-Zip] -> {23170F69-40C1-278A-1000-000100020000} => C:\Program Files\7-Zip\7-zip.dll [2019-02-21] (Igor Pavlov) [File not signed]
ContextMenuHandlers1: [avast] -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Program Files\Avast Software\Avast\ashShell.dll [2022-05-16] (Avast Software s.r.o. -> AVAST Software)
ContextMenuHandlers1: [BtSendToMenuEx] -> {CF24E6B8-F148-4BCB-9108-ADF313966E80} => C:\Program Files (x86)\REALTEK\Realtek Bluetooth\DevMenuExt.dll [2014-07-03] (Realtek Semiconductor Corp -> Realtek Semiconductor Corporation)
ContextMenuHandlers1: [CLVDShellExt] -> {3E2A0A32-6E14-4BAD-AA87-BBB6A75EBFF2} => C:\Program Files (x86)\Common Files\CyberLink\ShellExtComponent\CLVDShellExt.dll [2015-07-21] (CyberLink Corp. -> Cyberlink)
ContextMenuHandlers1: [DropboxExt] -> {ECD97DE5-3C8F-4ACB-AEEE-CCAB78F7711C} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.52.0.dll [2022-01-19] (Dropbox, Inc -> Dropbox, Inc.)
ContextMenuHandlers1: [WDDesktopContextMenu] -> {fa00ba41-b6f6-3cfa-a300-f25ce175fe7e} => C:\Program Files\WD Desktop App\kda.DLL [2020-07-20] (Western Digital Technologies, Inc. -> Western Digital Corporation)
ContextMenuHandlers2: [CLVDShellExt] -> {3E2A0A32-6E14-4BAD-AA87-BBB6A75EBFF2} => C:\Program Files (x86)\Common Files\CyberLink\ShellExtComponent\CLVDShellExt.dll [2015-07-21] (CyberLink Corp. -> Cyberlink)
ContextMenuHandlers3: [00asw] -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Program Files\Avast Software\Avast\ashShell.dll [2022-05-16] (Avast Software s.r.o. -> AVAST Software)
ContextMenuHandlers3: [MBAMShlExt] -> {57CE581A-0CB6-4266-9CA0-19364C90A0B3} => C:\Program Files\Malwarebytes\Anti-Malware\mbshlext.dll [2022-05-21] (Malwarebytes Inc. -> Malwarebytes)
ContextMenuHandlers4: [7-Zip] -> {23170F69-40C1-278A-1000-000100020000} => C:\Program Files\7-Zip\7-zip.dll [2019-02-21] (Igor Pavlov) [File not signed]
ContextMenuHandlers4: [DropboxExt] -> {ECD97DE5-3C8F-4ACB-AEEE-CCAB78F7711C} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.52.0.dll [2022-01-19] (Dropbox, Inc -> Dropbox, Inc.)
ContextMenuHandlers4: [WDDesktopContextMenu] -> {fa00ba41-b6f6-3cfa-a300-f25ce175fe7e} => C:\Program Files\WD Desktop App\kda.DLL [2020-07-20] (Western Digital Technologies, Inc. -> Western Digital Corporation)
ContextMenuHandlers5: [ACE] -> {5E2121EE-0300-11D4-8D3B-444553540000} => C:\Program Files\AMD\CNext\CNext\atiacm64.dll [2017-03-21] (Advanced Micro Devices, Inc.) [File not signed]
ContextMenuHandlers5: [DropboxExt] -> {ECD97DE5-3C8F-4ACB-AEEE-CCAB78F7711C} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.52.0.dll [2022-01-19] (Dropbox, Inc -> Dropbox, Inc.)
ContextMenuHandlers6: [7-Zip] -> {23170F69-40C1-278A-1000-000100020000} => C:\Program Files\7-Zip\7-zip.dll [2019-02-21] (Igor Pavlov) [File not signed]
ContextMenuHandlers6: [avast] -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Program Files\Avast Software\Avast\ashShell.dll [2022-05-16] (Avast Software s.r.o. -> AVAST Software)
ContextMenuHandlers6: [MBAMShlExt] -> {57CE581A-0CB6-4266-9CA0-19364C90A0B3} => C:\Program Files\Malwarebytes\Anti-Malware\mbshlext.dll [2022-05-21] (Malwarebytes Inc. -> Malwarebytes)
==================== Codecs (Whitelisted) ====================
-
June 3rd, 2022, 02:47 PM
#11
I don't see much, so far...
Download RogueKiller from one of the following links and save it to your Desktop:
Link 1
Link 2
- Close all the running programs
- Double click on downloaded setup.exe file to install the program.
- Click on Start Scan button.
- Click on another Start Scan button.
- Wait until the Status box shows Scan Finished
- Click on Remove Selected.
- Wait until the Status box shows Deleting Finished.
- Click on Report and copy/paste the content of the Notepad into your next reply.
- RKreport.txt could also be found on your desktop.
- If more than one log is produced post all logs.
Please download Malwarebytes to your desktop.
- Double-click mb3-setup-consumer-{version}.exe and follow the prompts to install the program.
- Then click Finish.
- Once the program has fully updated, select Scan Now on the Dashboard. Or select the Threat Scan from the Scan menu.
- If another update of the definitions is available, it will be implemented before the rest of the scanning procedure.
- When the scan is complete, make sure that all Threats are selected, and click Remove Selected.
- Restart your computer when prompted to do so.
- The Scan log is available throughout History ->Application logs. Please post it contents in your next reply.
Please download AdwCleaner by Xplode and save to your Desktop.
- Double click on AdwCleaner.exe to run the tool.
Vista/Windows 7/8/10 users right-click and select Run As Administrator - The tool will start to update the database if one is required.
- Click on the Scan button.
- AdwCleaner will begin...be patient as the scan may take some time to complete.
- After the scan has finished, click on the Logfile button.
- A window will open which lists the logs of your scans.
- Click on the Scan tab.
- Double-click the most recent scan which will be at the top of the list....the log will appear.
- Review the results...see note below
- After reviewing the log, click on the Clean button.
- Press OK when asked to close all programs and follow the onscreen prompts.
- Press OK again to allow AdwCleaner to restart the computer and complete the removal process.
- After rebooting, a logfile report (AdwCleaner[CX].txt) will open automatically (where the largest value of X represents the most recent report).
- To open a Cleaning log, launch AdwareClearer, click on the Logfile button, click on the Cleaning tab and double-click the log at the top of the list.
- Copy and paste the contents of AdwCleaner[CX].txt in your next reply.
- A copy of all logfiles are saved to C:\AdwCleaner.
-- Note: The contents of the AdwCleaner log file may be confusing. Unless you see a program name or entry that you recognize and know should not be removed, don't worry about it. If you see an entry you want to keep, return to AdwCleaner before cleaning...all detected items will be listed (and checked) in each tab. Click on and uncheck any items you want to keep.
-
June 6th, 2022, 05:12 PM
#12
Program : RogueKiller Anti-Malware
Version : 15.5.1.0
x64 : Yes
Program Date : May 13 2022
Location : C:\Program Files\RogueKiller\RogueKiller64.exe
Premium : No
Company : Adlice Software
Website : https://www.adlice.com/
Contact : https://adlice.com/contact/
Website : https://adlice.com/download/roguekiller/
Operating System : Windows 10 (10.0.19044) 64-bit
64-bit OS : Yes
Startup : 0
WindowsPE : No
User : molli
User is Admin : Yes
Date : 2022/06/06 16:56:31
Type : Scan
Aborted : No
Scan Mode : Standard
Duration : 5627
Found items : 0
Total scanned : 115692
Signatures Version : 20220530_080817
Truesight Driver : Yes
Updates Count : 5
Arguments : -minimize
************************* Warnings *************************
************************* Updates *************************
7-Zip 18.06 (x64) (64-bit), version 18.06
[+] Available Version : 21.07
[+] Size : 4.95 MB
[+] Wow6432 : No
[+] Portable : No
[+] update_location : C:\Program Files\7-Zip\
Avast Free Antivirus (64-bit), version 22.4.7175.0
[+] Available Version : 22.5.7263
[+] Wow6432 : No
[+] Portable : No
[+] update_location : C:\Program Files\Avast Software\Avast
TeamViewer (64-bit), version 15.23.9
[+] Available Version : 15.30.3
[+] Wow6432 : No
[+] Portable : No
[+] update_location : C:\Program Files\TeamViewer
VLC media player (64-bit), version 3.0.13
[+] Available Version : 3.0.17.4
[+] Wow6432 : No
[+] Portable : No
[+] update_location : C:\Program Files\VideoLAN\VLC
7-Zip 19.00 (x64 edition) (64-bit), version 19.00.00.0
[+] Available Version : 21.07
[+] Size : 5.13 MB
[+] Wow6432 : No
[+] Portable : No
************************* Processes *************************
************************* Modules *************************
************************* Services *************************
************************* Scheduled Tasks *************************
************************* Registry *************************
************************* WMI *************************
************************* Hosts File *************************
is_too_big : No
hosts_file_path : C:\Windows\System32\drivers\etc\hosts
************************* Filesystem *************************
************************* Web Browsers *************************
************************* Antirootkit *************************
-
June 6th, 2022, 05:19 PM
#13
# -------------------------------
# Malwarebytes AdwCleaner 8.3.2.0
# -------------------------------
# Build: 03-23-2022
# Database: 2022-03-15.3 (Local)
# Support: https://www.malwarebytes.com/support
#
# -------------------------------
# Mode: Scan
# -------------------------------
# Start: 06-06-2022
# Duration: 00:02:07
# OS: Windows 10 Home
# Scanned: 32049
# Detected: 66
***** [ Services ] *****
No malicious services found.
***** [ Folders ] *****
No malicious folders found.
***** [ Files ] *****
No malicious files found.
***** [ DLL ] *****
No malicious DLLs found.
***** [ WMI ] *****
No malicious WMI found.
***** [ Shortcuts ] *****
No malicious shortcuts found.
***** [ Tasks ] *****
No malicious tasks found.
***** [ Registry ] *****
No malicious registry entries found.
***** [ Chromium (and derivatives) ] *****
No malicious Chromium entries found.
***** [ Chromium URLs ] *****
No malicious Chromium URLs found.
***** [ Firefox (and derivatives) ] *****
No malicious Firefox entries found.
***** [ Firefox URLs ] *****
No malicious Firefox URLs found.
***** [ Hosts File Entries ] *****
No malicious hosts file entries found.
***** [ Preinstalled Software ] *****
Preinstalled.CyberLinkShellExtension Registry HKLM\Software\Classes\CLSID\{3E2A0A32-6E14-4BAD-AA87-BBB6A75EBFF2}
Preinstalled.HPSupportAssistant Folder C:\Program Files (x86)\HEWLETT-PACKARD\HP CUSTOMER FEEDBACK
Preinstalled.HPSupportAssistant Folder C:\Program Files (x86)\HEWLETT-PACKARD\HP SUPPORT FRAMEWORK
Preinstalled.HPSupportAssistant Folder C:\Program Files (x86)\HEWLETT-PACKARD\HP SUPPORT SOLUTIONS
Preinstalled.HPSupportAssistant Folder C:\ProgramData\HEWLETT-PACKARD\HP SUPPORT FRAMEWORK
Preinstalled.HPSupportAssistant Folder C:\Users\molli\AppData\Local\HEWLETT-PACKARD\HP SUPPORT FRAMEWORK
Preinstalled.HPSupportAssistant Folder C:\Users\molli\AppData\Roaming\HEWLETT-PACKARD\HP SUPPORT FRAMEWORK
Preinstalled.HPSupportAssistant Folder C:\Windows\System32\config\systemprofile\AppData\Local\HEWLETT-PACKARD\HP SUPPORT FRAMEWORK
Preinstalled.HPSupportAssistant Registry HKLM\Software\Classes\CLSID\{335F9A62-FE4B-40CD-B4ED-BB4DE21DC95D}
Preinstalled.HPSupportAssistant Registry HKLM\Software\Wow6432Node\\Classes\CLSID\{335F9A62-FE4B-40CD-B4ED-BB4DE21DC95D}
Preinstalled.HPSupportAssistant Registry HKLM\Software\Wow6432Node\\Classes\CLSID\{C0ABBA07-B636-47B8-B9E1-BB96D7CD4831}
Preinstalled.HPSupportAssistant Registry HKLM\Software\Wow6432Node\\Microsoft\Windows\CurrentVersion\Uninstall\{78E2C850-ADA6-420D-BA35-2F4A9BE733CC}
Preinstalled.HPSupportAssistant Registry HKLM\Software\Wow6432Node\\Microsoft\Windows\CurrentVersion\Uninstall\{CE7447C2-EF12-4EF3-BE51-BFC3B049C0F6}
Preinstalled.HPTouchpointAnalyticsClient Folder C:\Program Files\HP\HP TOUCHPOINT ANALYTICS CLIENT
Preinstalled.HPTouchpointAnalyticsClient Folder C:\ProgramData\HP\HP TOUCHPOINT ANALYTICS CLIENT
Preinstalled.HPTouchpointAnalyticsClient Registry HKLM\Software\Microsoft\Windows\CurrentVersion\Uninstall\{E5FB98E0-0784-44F0-8CEC-95CD4690C43F}
Preinstalled.LenovoAcceleratorApplication Folder C:\Program Files (x86)\LENOVO\LENOVOPORTAL
Preinstalled.LenovoCCSDK Folder C:\Program Files (x86)\LENOVO\CCSDK
Preinstalled.LenovoCCSDK Registry HKLM\Software\Wow6432Node\\Classes\CLSID\{67827BB6-4B05-6181-921A-E49FC484E859}
Preinstalled.LenovoExperienceImprovement Folder C:\Program Files\LENOVO\EXPERIENCEIMPROVEMENT
Preinstalled.LenovoExperienceImprovement Registry HKLM\Software\Microsoft\Windows\CurrentVersion\Uninstall\LenovoExperienceImprovement
Preinstalled.LenovoIMController Folder C:\ProgramData\LENOVO\IMCONTROLLER
Preinstalled.LenovoIMController Folder C:\Users\molli\AppData\Local\LENOVO\IMCONTROLLER
Preinstalled.LenovoIMController Folder C:\Windows\LENOVO\IMCONTROLLER
Preinstalled.LenovoIMController Folder C:\Windows\System32\Tasks\LENOVO\IMCONTROLLER
Preinstalled.LenovoIMController Registry HKLM\Software\Microsoft\Windows\CurrentVersion\Uninstall\{C2E5CA37-C862-4A69-AC6D-24F450A20C16}
Preinstalled.LenovoIMController Registry HKLM\Software\Wow6432Node\\Microsoft\Windows\CurrentVersion\Uninstall\Lenovo Dependency Package_is1
Preinstalled.LenovoIMController Registry HKLM\Software\Wow6432Node\\Microsoft\Windows\CurrentVersion\Uninstall\{1720B0E0-C520-43A6-B677-97A1D80F3B99}
Preinstalled.LenovoPhotoMaster Folder C:\Program Files (x86)\LENOVO\LENOVO PHOTO MASTER
Preinstalled.LenovoPhotoMaster Registry HKLM\Software\Wow6432Node\\Microsoft\Windows\CurrentVersion\Uninstall\{BC94C56A-3649-420C-8756-2ADEBE399D33}
Preinstalled.LenovoPower2Go Folder C:\Program Files (x86)\LENOVO\POWER2GO
Preinstalled.LenovoPower2Go Registry HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\StartupApproved\Run32|CLMLServer_For_P2G8
Preinstalled.LenovoPower2Go Registry HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\StartupApproved\Run32|CLVirtualDrive
Preinstalled.LenovoPower2Go Registry HKLM\Software\Wow6432Node\\Microsoft\Windows\CurrentVersion\Run|CLMLServer_For_P2G8
Preinstalled.LenovoPower2Go Registry HKLM\Software\Wow6432Node\\Microsoft\Windows\CurrentVersion\Run|CLVirtualDrive
Preinstalled.LenovoPower2Go Registry HKLM\Software\Wow6432Node\\Microsoft\Windows\CurrentVersion\Uninstall\InstallShield_{2A87D48D-3FDF-41fd-97CD-A1E370EFFFE2}
Preinstalled.LenovoPower2Go Registry HKLM\Software\Wow6432Node\\Microsoft\Windows\CurrentVersion\Uninstall\{2A87D48D-3FDF-41fd-97CD-A1E370EFFFE2}
Preinstalled.LenovoPowerDVD Registry HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{F056B9E3-8802-41E7-83C2-27AE79F98F85}
Preinstalled.LenovoPowerDVD Registry HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\PDVDServ12 Task
Preinstalled.LenovoPowerDVD Registry HKLM\Software\Wow6432Node\\Microsoft\Windows\CurrentVersion\Uninstall\InstallShield_{B46BEA36-0B71-4A4E-AE41-87241643FA0A}
Preinstalled.LenovoPowerDVD Registry HKLM\Software\Wow6432Node\\Microsoft\Windows\CurrentVersion\Uninstall\{B46BEA36-0B71-4A4E-AE41-87241643FA0A}
Preinstalled.LenovoPowerDVD Task C:\Windows\System32\Tasks\PDVDSERV12 TASK
Preinstalled.LenovoQuickOptimizer Folder C:\Program Files\LENOVO\QUICKOPTIMIZER
Preinstalled.LenovoQuickOptimizer Registry HKLM\Software\Microsoft\Windows\CurrentVersion\Uninstall\{8D2C871B-1B9F-45AC-9C43-2BB18089CDFA}
Preinstalled.LenovoREACHit Folder C:\Program Files (x86)\LENOVO\REACHIT
Preinstalled.LenovoREACHit Folder C:\ProgramData\Microsoft\Windows\Start Menu\Programs\LENOVO\REACHIT
Preinstalled.LenovoREACHit Folder C:\Users\molli\AppData\Local\LENOVO\REACHIT
Preinstalled.LenovoREACHit Registry HKLM\Software\Classes\CLSID\{2B3256D4-49AA-11D1-8429-0050AE509033}
Preinstalled.LenovoREACHit Registry HKLM\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved|{2B3256D4-49AA-11D1-8429-0050AE509033}
Preinstalled.LenovoREACHit Registry HKLM\Software\Wow6432Node\\Microsoft\Windows\CurrentVersion\Uninstall\{4532E4C5-C84D-4040-A044-ECFCC5C6995B}
Preinstalled.LenovoSHAREit Folder C:\Program Files (x86)\LENOVO\SHAREIT
Preinstalled.LenovoSHAREit Folder C:\ProgramData\LENOVO\SHAREIT
Preinstalled.LenovoSHAREit Folder C:\Users\molli\AppData\Local\SHAREIT\SHAREIT
Preinstalled.LenovoSHAREit Registry HKLM\Software\Wow6432Node\\Microsoft\Windows\CurrentVersion\Uninstall\SHAREit_is1
Preinstalled.LenovoServiceBridge Folder C:\Users\molli\AppData\Local\PROGRAMS\LENOVO\LENOVO SERVICE BRIDGE
Preinstalled.LenovoServiceBridge Registry HKCU\Software\Microsoft\Windows\CurrentVersion\Uninstall\{2C74547D-EF88-47F4-85F5-BE46A31E26B7}_is1
Preinstalled.LenovoSolutionCenter Folder C:\Program Files\LENOVO\LENOVO SOLUTION CENTER
Preinstalled.LenovoSolutionCenter Registry HKLM\Software\Microsoft\Windows\CurrentVersion\Uninstall\{C1FC707B-AE6B-4DC4-89A5-6628A01F8103}
Preinstalled.LenovoUpdate Folder C:\Program Files (x86)\LENOVO\SYSTEM UPDATE
Preinstalled.LenovoUpdate Registry HKLM\Software\Wow6432Node\\Classes\CLSID\{03C6CC92-68F2-4961-9A73-CAECA350BD08}
Preinstalled.LenovoUpdate Registry HKLM\Software\Wow6432Node\\Microsoft\Windows\CurrentVersion\Uninstall\TVSU_is1
Preinstalled.LenovoUtility Folder C:\Program Files\LENOVO\LENOVOUTILITY
Preinstalled.LenovoUtility Registry HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\StartupApproved\Run|LenovoUtility
Preinstalled.LenovoUtility Registry HKLM\Software\Microsoft\Windows\CurrentVersion\Run|LenovoUtility
Preinstalled.LenovoUtility Registry HKLM\Software\Wow6432Node\\Microsoft\Windows\CurrentVersion\Uninstall\InstallShield_{6ADA7E88-8D16-4D0D-BC90-2B93AC5E56DA}
Preinstalled.LenovoUtility Registry HKLM\Software\Wow6432Node\\Microsoft\Windows\CurrentVersion\Uninstall\{6ADA7E88-8D16-4D0D-BC90-2B93AC5E56DA}
########## EOF - C:\AdwCleaner\Logs\AdwCleaner[S00].txt ##########
-
June 6th, 2022, 05:24 PM
#14
Malwarebytes
www.malwarebytes.com
-Log Details-
Scan Date: 6/6/22
Scan Time: 6:45 PM
Log File: 7b5e9f1a-e5c0-11ec-93e0-507b9d76ffe2.json
-Software Information-
Version: 4.5.9.198
Components Version: 1.0.1689
Update Package Version: 1.0.55884
License: Trial
-System Information-
OS: Windows 10 (Build 19044.1706)
CPU: x64
File System: NTFS
User: LAPTOP-3VS60BL9\molli
-Scan Summary-
Scan Type: Threat Scan
Scan Initiated By: Manual
Result: Completed
Objects Scanned: 329495
Threats Detected: 0
Threats Quarantined: 0
Time Elapsed: 23 min, 38 sec
-Scan Options-
Memory: Enabled
Startup: Enabled
Filesystem: Enabled
Archives: Enabled
Rootkits: Disabled
Heuristics: Enabled
PUP: Detect
PUM: Detect
-Scan Details-
Process: 0
(No malicious items detected)
Module: 0
(No malicious items detected)
Registry Key: 0
(No malicious items detected)
Registry Value: 0
(No malicious items detected)
Registry Data: 0
(No malicious items detected)
Data Stream: 0
(No malicious items detected)
Folder: 0
(No malicious items detected)
File: 0
(No malicious items detected)
Physical Sector: 0
(No malicious items detected)
WMI: 0
(No malicious items detected)
(end)
-
June 6th, 2022, 05:40 PM
#15
There is nothing malicious there.
I suggest new topic in Windows forum.
Good luck
Thread Information
Users Browsing this Thread
There are currently 1 users browsing this thread. (0 members and 1 guests)
Posting Permissions
- You may not post new threads
- You may not post replies
- You may not post attachments
- You may not edit your posts
-
Forum Rules
|
|