Hi,
When I try to open the Task Manager it opens for a split second and says there are no processes then immediately closes every time. A tray icon appears and disappears when I mouse over it.
After running a scan on Windows security it says threats found, but when I click on ‘Start Actions’ it does nothing! I’ve been concred I’ve compromised myself for a while and this is worrying me! Any help is appreciated!
Here is my FRST.txt log:
Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 26-11-2021
Ran by Milos Kazic (administrator) on MILOSYOGA (LENOVO 80ML) (30-11-2021 16:00:14)
Running from C:UsersmilosDownloads
Loaded Profiles: Milos Kazic
Platform: Microsoft Windows 10 Home Version 21H1 19043.1348 (X64) Language: English (United States)
Default browser: Chrome
Boot Mode: Normal
==================== Processes (Whitelisted) =================
(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
() [File not signed] C:Program FilesBroadcomBroadcom 802.11 Network AdapterAutoRoaming.exe
() [File not signed] C:Program FilesDolbyDolby DAX2DAX2_APIDolbyDAX2API.exe
() [File not signed] C:Program FilesDolbyDolby DAX2DAX2_APPDolbyDAX2TrayIcon.exe
(Adobe Inc. -> Adobe Inc.) C:Program Files (x86)Common FilesAdobeARM1.0armsvc.exe
(Adobe Inc. -> Adobe Systems Incorporated) C:Program Files (x86)AdobeAcrobat Reader DCReaderAdobeCollabSync.exe <2>
(Adobe Inc. -> Adobe Systems, Incorporated) C:Program Files (x86)Common FilesAdobeAdobeGCClientAGMService.exe
(Adobe Inc. -> Adobe Systems, Incorporated) C:Program Files (x86)Common FilesAdobeAdobeGCClientAGSService.exe
(Adobe Systems Incorporated) C:Program FilesWindowsAppsReaderNotificationClient_1.0.4.0_x86__e1rzdqpraam7rAcrobatNotificationClient.exe
(Broadcom Corporation -> Broadcom Corporation.) C:Program FilesLenovoBluetooth SoftwareBTStackServer.exe
(Broadcom Corporation -> Broadcom Corporation.) C:Program FilesLenovoBluetooth SoftwareBTTray.exe
(Broadcom Corporation -> Broadcom Corporation.) C:Program FilesLenovoBluetooth Softwarebtwdins.exe
(CANON INC. -> CANON INC.) C:Program FilesCanonCanon MF Network Scan UtilityCNMFSUT6.EXE
(Cold Turkey Software, Inc. -> ) C:Program FilesCold TurkeyServiceHub.Helper.exe
(Cold Turkey Software, Inc. -> ) C:Program FilesCold TurkeyServiceHub.Power.exe
(Cold Turkey Software, Inc. -> Cold Turkey Software Inc.) C:Program FilesCold TurkeyCold Turkey Blocker.exe
(Cold Turkey Software, Inc. -> Cold Turkey Software Inc.) C:Program FilesCold TurkeyCTMsgHostChrome.exe
(Google LLC -> Google LLC) C:Program Files (x86)GoogleChromeApplicationchrome.exe <32>
(Hewlett-Packard Company -> HP) C:WindowsSystem32HPSIsvc.exe
(Intel® pGFX -> ) C:WindowsSystem32igfxTray.exe
(Intel® pGFX -> Intel Corporation) C:WindowsSystem32igfxCUIService.exe
(Intel® pGFX -> Intel Corporation) C:WindowsSystem32igfxEM.exe
(Intel® pGFX -> Intel Corporation) C:WindowsSystem32igfxHK.exe
(Intel® Rapid Storage Technology -> Intel Corporation) C:Program FilesIntelIntel® Rapid Storage TechnologyIAStorDataMgrSvc.exe
(Intel® Rapid Storage Technology -> Intel Corporation) C:Program FilesIntelIntel® Rapid Storage TechnologyIAStorIcon.exe
(Intel® Software -> Intel Corporation) C:WindowsSysWOW64esif_uf.exe
(Intel® Software -> Intel Corporation) C:WindowsTempDPTFesif_assist_64.exe
(Lenovo (Beijing) Limited -> Lenovo Group Limited) C:UsersmilosAppDataLocalProgramsLenovoLenovo Service BridgeLSB.exe
(Lenovo -> Lenovo Group Ltd.) C:Program Files (x86)LenovoVantageService3.9.23.0Lenovo.Vantage.AddinHost.Amd64.exe <2>
(Lenovo -> Lenovo Group Ltd.) C:Program Files (x86)LenovoVantageService3.9.23.0Lenovo.Vantage.AddinHost.exe <5>
(Lenovo -> Lenovo Group Ltd.) C:Program Files (x86)LenovoVantageService3.9.23.0Lenovo.Vantage.AddinHost.x86.exe
(Lenovo -> Lenovo Group Ltd.) C:Program Files (x86)LenovoVantageService3.9.23.0LenovoVantageService.exe
(Lenovo -> Lenovo Group Ltd.) C:WindowsLenovoImControllerPluginHostLenovo.Modern.ImController.PluginHost.CompanionApp.exe <2>
(Lenovo -> Lenovo Group Ltd.) C:WindowsLenovoImControllerPluginHostLenovo.Modern.ImController.PluginHost.Device.exe <2>
(Lenovo -> Lenovo Group Ltd.) C:WindowsLenovoImControllerPluginHostLenovo.Modern.ImController.PluginHost.SettingsApp.exe
(Lenovo -> Lenovo Group Ltd.) C:WindowsLenovoImControllerPluginHost86Lenovo.Modern.ImController.PluginHost.CompanionApp.exe
(Lenovo -> Lenovo Group Ltd.) C:WindowsLenovoImControllerPluginHost86Lenovo.Modern.ImController.PluginHost.Device.exe <3>
(Lenovo -> Lenovo Group Ltd.) C:WindowsLenovoImControllerServiceLenovo.Modern.ImController.exe
(LENOVO -> Lenovo(beijing) Limited) C:ProgramDataLenovoImControllerPluginsIdeaOSDPackagex64utility.exe
(LENOVO -> Lenovo) C:Program Files (x86)LenovoCCSDKCCSDK.exe
(Lenovo -> Lenovo) C:Program Files (x86)LenovoConnect2Connect2.Service.exe
(LENOVO -> Lenovo) C:Program Files (x86)LenovoGDCAgentSetupRedGDCAgent.exe
(LENOVO -> Lenovo) C:Program FilesLenovoLenovo Solution CenterLSCNotify.exe
(LENOVO -> Lenovo) C:ProgramDataLenovoTransitionServerx64ymc.exe
(Malwarebytes Inc -> Malwarebytes) C:Program FilesMalwarebytesAnti-Malwarembam.exe
(Malwarebytes Inc -> Malwarebytes) C:Program FilesMalwarebytesAnti-MalwareMBAMService.exe
(Malwarebytes Inc -> Malwarebytes) C:Program FilesMalwarebytesAnti-Malwarembamtray.exe
(Microsoft Corporation -> Microsoft Corporation) C:Program Files (x86)Microsoft OfficerootOffice16ONENOTEM.EXE
(Microsoft Corporation -> Microsoft Corporation) C:Program FilesCommon Filesmicrosoft sharedClickToRunOfficeClickToRun.exe
(Microsoft Corporation -> Microsoft Corporation) C:WindowsMicrosoft.NETFramework64v3.0WPFPresentationFontCache.exe
(Microsoft Corporation) C:Program FilesWindowsAppsMicrosoft.549981C3F5F10_3.2110.13603.0_x64__8wekyb3d8bbweCortana.exe
(Microsoft Windows -> Microsoft Corporation) C:WindowsSystem32cmd.exe <2>
(Microsoft Windows -> Microsoft Corporation) C:WindowsSystem32dllhost.exe <2>
(Microsoft Windows -> Microsoft Corporation) C:WindowsSystem32rundll32.exe
(Microsoft Windows -> Microsoft Corporation) C:WindowsSystem32smartscreen.exe
(Microsoft Windows -> Microsoft Corporation) C:WindowsSysWOW64rundll32.exe
(Microsoft Windows Publisher -> Microsoft Corporation) C:ProgramDataMicrosoftWindows DefenderPlatform4.18.2110.6-0MpCopyAccelerator.exe
(Microsoft Windows Publisher -> Microsoft Corporation) C:ProgramDataMicrosoftWindows DefenderPlatform4.18.2110.6-0MsMpEng.exe
(Microsoft Windows Publisher -> Microsoft Corporation) C:ProgramDataMicrosoftWindows DefenderPlatform4.18.2110.6-0NisSrv.exe
(Mullvad VPN AB -> Mullvad VPN AB) C:Program FilesMullvad VPNresourcesmullvad-daemon.exe
(Mullvad VPN) [File not signed] C:Program FilesMullvad VPNMullvad VPN.exe <4>
(Realtek Semiconductor Corp -> Realtek Semiconductor) C:Program FilesRealtekAudioHDARAVBg64.exe <3>
(Realtek Semiconductor Corp -> Realtek Semiconductor) C:Program FilesRealtekAudioHDARAVCpl64.exe
(Synaptics Incorporated -> Synaptics Incorporated) C:Program FilesSynapticsSynTPSynTPEnh.exe
(Synaptics Incorporated -> Synaptics Incorporated) C:Program FilesSynapticsSynTPSynTPEnhService.exe
(Synaptics Incorporated -> Synaptics Incorporated) C:Program FilesSynapticsSynTPSynTPHelper.exe
(Viber Media S.à r.l. -> Viber Media S.Ã r.l.) C:UsersmilosAppDataLocalViberViber.exe
==================== Registry (Whitelisted) ===================
(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
HKLM…Run: [RTHDVCPL] => C:Program FilesRealtekAudioHDARAVCpl64.exe [16418216 2015-12-28] (Realtek Semiconductor Corp -> Realtek Semiconductor)
HKLM…Run: [RtHDVBg_Dolby] => C:Program FilesRealtekAudioHDARAVBg64.exe [1416464 2015-12-28] (Realtek Semiconductor Corp -> Realtek Semiconductor)
HKLM…Run: [RtHDVBg_LENOVO_DOLBYDRAGON] => C:Program FilesRealtekAudioHDARAVBg64.exe [1416464 2015-12-28] (Realtek Semiconductor Corp -> Realtek Semiconductor)
HKLM…Run: [RtHDVBg_LENOVO_MICPKEY] => C:Program FilesRealtekAudioHDARAVBg64.exe [1416464 2015-12-28] (Realtek Semiconductor Corp -> Realtek Semiconductor)
HKLM…Run: [IAStorIcon] => C:Program FilesIntelIntel® Rapid Storage TechnologyIAStorIcon.exe [323056 2015-11-04] (Intel® Rapid Storage Technology -> Intel Corporation)
HKLM…Run: [Bluetooth] => C:Program FilesLenovoBluetooth Softwarebttray.exe [536320 2016-03-29] (Broadcom Corporation -> Broadcom Corporation.)
HKLM…Run: [MFNetworkScanUtility] => C:Program FilesCanonCanon MF Network Scan UtilityCNMFSUT6.EXE [486552 2012-09-27] (CANON INC. -> CANON INC.)
HKLM…Run: [LenovoUtility] => C:ProgramDataLenovoImControllerPluginsIdeaOSDPackagex64utility.exe [911272 2017-07-27] (LENOVO -> Lenovo(beijing) Limited)
HKLM…Run: [DAX2_APP] => C:Program FilesDolbyDolby DAX2DAX2_APPDolbyDAX2TrayIcon.exe [628736 2015-09-23] () [File not signed]
HKLM…Run: [AdobeGCInvoker-1.0] => C:Program Files (x86)Common FilesAdobeAdobeGCClientAGCInvokerUtility.exe [3412736 2021-09-07] (Adobe Inc. -> Adobe Systems, Incorporated)
HKLM…Run: [Eraser] => C:Program FilesEraserEraser.exe [1070664 2021-02-12] (Heidi Computers Ltd -> The Eraser Project)
HKLM-x32…Run: [Wondershare Helper Compact.exe] => C:Program Files (x86)Common FilesWondershareWondershare Helper CompactWSHelper.exe (No File)
HKUS-1-5-21-458231350-2704687506-1668943915-1001…Run: [com.squirrel.Teams.Teams] => C:UsersmilosAppDataLocalMicrosoftTeamsUpdate.exe [2324624 2020-02-08] (Microsoft 3rd Party Application Component -> Microsoft Corporation)
HKUS-1-5-21-458231350-2704687506-1668943915-1001…Run: [Adobe Reader Synchronizer] => C:Program Files (x86)AdobeAcrobat Reader DCReaderAdobeCollabSync.exe [5397216 2021-10-05] (Adobe Inc. -> Adobe Systems Incorporated)
HKUS-1-5-21-458231350-2704687506-1668943915-1001…Run: [Google Update] => C:UsersmilosAppDataLocalGoogleUpdate1.3.36.112GoogleUpdateCore.exe [223816 2021-09-30] (Google LLC -> Google LLC)
HKUS-1-5-21-458231350-2704687506-1668943915-1001…Run: [Web Companion] => C:Program Files (x86)LavasoftWeb CompanionApplicationWebCompanion.exe –minimize (No File)
HKUS-1-5-21-458231350-2704687506-1668943915-1001…Run: [Viber] => C:UsersmilosAppDataLocalViberViber.exe [55089936 2021-11-15] (Viber Media S.à r.l. -> Viber Media S.Ã r.l.)
HKUS-1-5-21-458231350-2704687506-1668943915-1001…Run: [net.mullvad.vpn] => C:Program FilesMullvad VPNMullvad VPN.exe [140550656 2021-11-17] (Mullvad VPN) [File not signed]
HKLM…Windows x64Print ProcessorsHP1100PrintProc: C:WindowsSystem32spoolprtprocsx64HP1100PP.DLL [74240 2012-08-31] (Microsoft Windows Hardware Compatibility Publisher -> )
HKLM…PrintMonitorsCanon MFNP Port: C:WINDOWSsystem32CNCENPM6.dll [153088 2016-02-10] (CANON INC.) [File not signed]
HKLM…PrintMonitorsCanon WSD Language Monitor: C:WINDOWSsystem32cnnx0_flm.dll [1420800 2013-02-26] (Microsoft Windows Hardware Compatibility Publisher -> CANON INC.)
HKLM…PrintMonitorsCPCA Language Monitor3b: C:WINDOWSsystem32CNAS0MOK.DLL [1006080 2012-08-09] (Microsoft Windows Hardware Compatibility Publisher -> CANON INC.)
HKLM…PrintMonitorsHP 7012 Status Monitor: C:WINDOWSsystem32hpinksts7012LM.dll [328704 2014-03-03] (Microsoft Windows Hardware Compatibility Publisher -> Hewlett-Packard Co.)
HKLM…PrintMonitorsHP1100LM: C:WINDOWSsystem32HP1100LM.DLL [288768 2012-08-31] (Microsoft Windows Hardware Compatibility Publisher -> )
HKLM…PrintMonitorsus008 Langmon: C:WINDOWSsystem32us008lm.dll [31256 2016-02-16] (Microsoft Windows Hardware Compatibility Publisher -> )
HKLMSoftwareMicrosoftActive SetupInstalled Components: [{8A69D345-D564-463c-AFF1-A69D9E530F96}] -> C:Program Files (x86)GoogleChromeApplication96.0.4664.45Installerchrmstp.exe [2021-11-19] (Google LLC -> Google LLC)
HKLMSoftware…AuthenticationCredential Providers: [{50968FF7-10C1-4fb3-98B0-CD654D6CB97E}] -> C:Program FilesLenovoBluetooth Software\BtwCP.dll [2016-03-29] (Broadcom Corporation -> Broadcom Corporation.)
Startup: C:UsersmilosAppDataRoamingMicrosoftWindowsStart MenuProgramsStartupSend to OneNote.lnk [2021-08-28]
ShortcutTarget: Send to OneNote.lnk -> C:Program Files (x86)Microsoft OfficerootOffice16ONENOTEM.EXE (Microsoft Corporation -> Microsoft Corporation)
HKLMSOFTWAREPoliciesMozillaFirefox: Restriction <==== ATTENTION
HKU.DEFAULTSOFTWAREPoliciesMozillaFirefox: Restriction <==== ATTENTION
HKLMSOFTWAREPoliciesGoogle: Restriction <==== ATTENTION
==================== Scheduled Tasks (Whitelisted) ============
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
Task: {0E5A6069-C57C-4151-AB08-948DB1298456} – System32TasksGoogleUpdateTaskUserS-1-5-21-458231350-2704687506-1668943915-1001UA => C:UsersmilosAppDataLocalGoogleUpdateGoogleUpdate.exe [154440 2021-03-16] (Google LLC -> Google LLC)
Task: {11139E68-3A22-4B1C-AE50-6F13231EBB19} – System32TasksLenovoLSCLenovo Solution Center Notifications => C:Program FilesLenovoLenovo Solution CenterLSCNotify.exe [1321296 2016-06-03] (LENOVO -> Lenovo)
Task: {21FC80C8-F9F3-4EE4-B4D0-A7FBE3A1B5CF} – System32TasksAdobeGCInvoker-1.0 => C:Program Files (x86)Common FilesAdobeAdobeGCClientAGCInvokerUtility.exe [3412736 2021-09-07] (Adobe Inc. -> Adobe Systems, Incorporated)
Task: {265FAF29-BB11-4B98-A236-347F0341AE22} – System32TasksMicrosoftWindowsWindows DefenderWindows Defender Scheduled Scan => C:ProgramDataMicrosoftWindows DefenderPlatform4.18.2110.6-0MpCmdRun.exe [901056 2021-11-03] (Microsoft Windows Publisher -> Microsoft Corporation)
Task: {305A6BC7-1964-409F-9675-45E6BB794DC0} – System32TasksGoogleUpdateTaskMachineUA => C:Program Files (x86)GoogleUpdateGoogleUpdate.exe [153752 2016-09-16] (Google Inc -> Google Inc.)
Task: {30D7776D-00D5-4E68-AF44-6BE23CDFD54F} – System32TasksPower_a17007 => C:Program FilesCold TurkeyCTServiceInstaller.exe [20224 2021-02-19] (Cold Turkey Software, Inc. -> Cold Turkey Software Inc.)
Task: {33782926-5BC9-4698-BB50-FF74BFC822DD} – System32TasksOpera scheduled Autoupdate 1631588054 => C:UsersmilosAppDataLocalProgramsOperalauncher.exe [41907408 2021-08-25] (Opera Software AS -> Opera Software)
Task: {38107FD5-A91E-4BC2-8C5B-DA66FEFAB343} – System32TasksTVTTVSUUpdateTask => C:Program Files (x86)LenovoSystem UpdatetvsuShim.exe [1758792 2021-09-23] (Lenovo -> )
Task: {39B6860E-21FC-423E-8496-72484C41C687} – System32TasksCyberLinkPhoto Master Gadget startup => C:Program Files (x86)LenovoLenovo Photo MasterPhotoMasterWorker.exe [736696 2015-09-30] (CyberLink Corp. -> CyberLink Corp.)
Task: {4320F995-E2CE-4059-AEBA-D9F22CBA0120} – System32TasksAdobe Uninstaller => C:Program Files (x86)AdobeAdobe Creative CloudACCCreative Cloud.exe –sapCode=ILST –productVersion=25.2.1 –productPlatform=win64 –appletID=AppsPanel_BL –appletVersion=1.0 –appMode=Uninstall (No File)
Task: {472C350C-A1B0-40DB-851A-1B0F417631F5} – System32TasksGoogleUpdateTaskUserS-1-5-21-458231350-2704687506-1668943915-1001Core => C:UsersmilosAppDataLocalGoogleUpdateGoogleUpdate.exe [154440 2021-03-16] (Google LLC -> Google LLC)
Task: {481DDA31-73A7-4210-919F-14898E4BA7B8} – System32TasksLenovoImControllerTimeBasedEvents677ff509-8200-4b9a-b7b9-44bcbd8f98be => C:WINDOWSLenovoImControllerServiceLenovo.Modern.ImController.exe [83200 2021-11-07] (Lenovo -> Lenovo Group Ltd.)
Task: {50C76FD7-D43C-4DE0-A1A4-161096C33255} – System32TasksLenovoLSCLSCHardwareScanPostpone => C:Program FilesLenovoLenovo Solution CenterLSC.exe [9944400 2016-06-03] (LENOVO -> Lenovo)
Task: {5335019B-7705-4412-9EE6-F545F6EF1E57} – System32TasksLenovoImControllerTimeBasedEvents5602be3b-fd86-48b9-ac2d-81efabee4f9e => C:WINDOWSLenovoImControllerServiceLenovo.Modern.ImController.exe [83200 2021-11-07] (Lenovo -> Lenovo Group Ltd.)
Task: {5CA9E52E-A336-41CC-90CD-CB10E8C72B1F} – System32TasksLenovoVantageLenovo.Vantage.ServiceMaintainance => %systemroot%system32sc.exe start LenovoVantageService
Task: {6119AC2A-A1D4-44FF-80AE-DBB594278026} – System32TasksLenovoBatteryGaugeBatteryGaugeMaintenance => C:ProgramDataLenovoImControllerPluginsLenovoBatteryGaugePackagex64BGHelper.exe [145480 2021-09-09] (Lenovo -> Lenovo Group Ltd.)
Task: {63C279D7-D6C7-43BE-B43D-AC27706BBAEA} – System32TasksMicrosoftWindowsWindows DefenderWindows Defender Cleanup => C:ProgramDataMicrosoftWindows DefenderPlatform4.18.2110.6-0MpCmdRun.exe [901056 2021-11-03] (Microsoft Windows Publisher -> Microsoft Corporation)
Task: {680CE313-A6CD-4F0D-A48A-C7932B7FB1FB} – System32TasksLenovoImControllerTimeBasedEvents86778043-0ff3-43b3-b725-c7faa0ed6974 => C:WINDOWSLenovoImControllerServiceLenovo.Modern.ImController.exe [83200 2021-11-07] (Lenovo -> Lenovo Group Ltd.)
Task: {69AD91BE-436F-4A2C-9FDF-AF1F2EFC5E9F} – System32TasksLenovoVantageScheduleDailyTelemetryTransmission => C:Program Files (x86)LenovoVantageService3.9.23.0ScheduleEventAction.exe [26656 2021-09-17] (Lenovo -> Lenovo Group Ltd.)
Task: {786CF245-A11A-4217-98D9-B9D420D9E416} – System32TasksMicrosoftWindowsWindows DefenderWindows Defender Cache Maintenance => C:ProgramDataMicrosoftWindows DefenderPlatform4.18.2110.6-0MpCmdRun.exe [901056 2021-11-03] (Microsoft Windows Publisher -> Microsoft Corporation)
Task: {7E910632-E628-4A82-BC43-54DC5E0B071F} – System32TasksLenovoVantageScheduleVantageTelemetryAddinTask => C:Program Files (x86)LenovoVantageService3.6.15.0ScheduleEventAction.exe VantageTelemetryAddinTask (No File)
Task: {80BE248E-1A56-420C-B5FD-B856A0E74589} – System32TasksLenovoImControllerTimeBasedEventscd47cf66-81ec-4a61-b937-e4ef30363f2b => C:WINDOWSLenovoImControllerServiceLenovo.Modern.ImController.exe [83200 2021-11-07] (Lenovo -> Lenovo Group Ltd.)
Task: {838CD58C-FFDC-412F-B760-E58BE1784E2D} – System32TasksMicrosoftOfficeOffice Subscription Maintenance => C:Program Files (x86)Microsoft OfficerootvfsProgramFilesCommonx86Microsoft SharedOffice16OLicenseHeartbeat.exe [1162160 2021-11-14] (Microsoft Corporation -> Microsoft Corporation)
Task: {9122FFD6-799E-4FD6-9BB5-C6BF2B6037FB} – System32TasksAdobe Acrobat Update Task => C:Program Files (x86)Common FilesAdobeARM1.0AdobeARM.exe [1562376 2021-08-16] (Adobe Inc. -> Adobe Inc.)
Task: {97B65D90-BE04-4490-A02B-45B9D449B6EA} – System32TasksOpera scheduled assistant Autoupdate 1631588066 => C:UsersmilosAppDataLocalProgramsOperalauncher.exe [41907408 2021-08-25] (Opera Software AS -> Opera Software) -> –scheduledautoupdate –component-name=assistant –component-path=”C:UsersmilosAppDataLocalProgramsOperaassistant” $(Arg0)
Task: {98C1A70F-71E7-44AE-91B5-451C50D6C4D6} – System32TasksLenovoLenovo Service BridgeS-1-5-21-458231350-2704687506-1668943915-1001 => C:UsersmilosAppDataLocalProgramsLenovoLenovo Service BridgeLSBUpdater.exe [87896 2021-10-30] (Lenovo (Beijing) Limited -> Lenovo Group Limited)
Task: {A3F51F96-AA76-43EF-A54A-727A408F8166} – System32TasksLenovoLSCLSCHardwareScan => C:Program FilesLenovoLenovo Solution CenterLSC.exe [9944400 2016-06-03] (LENOVO -> Lenovo)
Task: {A59B28FD-CCBC-47F7-9104-C3ED47FC5E6C} – System32TasksMicrosoftWindowsPLALSC Memory => C:Windowssystem32rundll32.exe C:Windowssystem32pla.dll,PlaHost “LSC Memory” “$(Arg0)”
Task: {AA26AF10-0797-4323-AF64-A502CB62A3F5} – System32TasksCreateExplorerShellUnelevatedTask => C:WINDOWSexplorer.exe /NOUACCHECK
Task: {B0A5C3EE-ACA7-418D-BF0F-85346BAB256C} – System32TasksLenovoEnableAndStartOSK => C:Program Files (x86)LenovoWRITEitEnableOSKCommand.exe [12112 2016-07-21] (LENOVO -> )
Task: {B0C4E199-BD59-4569-B6A9-B5F5D6308695} – MicrosoftWindowsUNPRunCampaignManager -> No File <==== ATTENTION
Task: {B6036AF2-B4A8-4BD9-A1F4-504814541489} – System32TasksLenovoImControllerLenovo iM Controller Monitor => C:WINDOWSsystem32ImController.InfInstaller.exe [63728 2021-11-07] (Lenovo -> Lenovo Group Ltd.)
Task: {BA5FADAF-24E7-4031-A38F-8EC0FA87238C} – System32TasksLenovoImControllerTimeBasedEventse52a092c-e7d7-4b22-a69e-9803e887b555 => C:WINDOWSLenovoImControllerServiceLenovo.Modern.ImController.exe [83200 2021-11-07] (Lenovo -> Lenovo Group Ltd.)
Task: {C2DBF748-44EF-4C5A-B5C6-B60A8B2B1E3E} – System32TasksMicrosoftWindowsWindows DefenderWindows Defender Verification => C:ProgramDataMicrosoftWindows DefenderPlatform4.18.2110.6-0MpCmdRun.exe [901056 2021-11-03] (Microsoft Windows Publisher -> Microsoft Corporation)
Task: {C5E63CBA-49B4-43D4-821D-A46D3BD318F6} – System32TasksLenovoREACHit Agent Startup => C:Program Files (x86)LenovoREACHitREACHitAgent.exe [676176 2016-05-18] (LENOVO -> Lenovo)
Task: {C8180B99-AB19-4C8D-A9FA-F4328388241E} – System32TasksLenovoImControllerLenovo iM Controller Scheduled Maintenance => “%windir%system32sc.exe” START ImControllerService
Task: {CA400228-7646-4015-B023-63808F33F369} – System32TasksLenovoLenovo Solution Center Launcher => C:Program Fileslenovolenovo solution centerAppLSC.Services.UpdateStatusService.exe [263504 2016-06-03] (LENOVO -> )
Task: {CBD7976F-F4C6-4A7E-9DB7-29BE77D63D38} – System32TasksMicrosoftOfficeOffice Automatic Updates 2.0 => C:Program FilesCommon FilesMicrosoft SharedClickToRunOfficeC2RClient.exe [22654872 2021-11-04] (Microsoft Corporation -> Microsoft Corporation)
Task: {D2B5D2F3-A5C7-416A-8F49-212F3E78699A} – System32TasksMicrosoftOfficeOffice Feature Updates => C:Program Files (x86)Microsoft OfficerootOffice16sdxhelper.exe [108888 2021-11-14] (Microsoft Corporation -> Microsoft Corporation)
Task: {D3473476-95CC-4FD1-98AD-70F334F87AAB} – System32TasksLenovoLenovo Customer Feedback Program 64 => C:Program Files (x86)LenovoCustomer Feedback ProgramLenovo.TVT.CustomerFeedback.Agent.exe [16832 2015-07-08] (LENOVO -> Lenovo)
Task: {D5194E0D-7D48-4349-820B-AB32DBEF7802} – System32TasksMicrosoftOfficeOffice Feature Updates Logon => C:Program Files (x86)Microsoft OfficerootOffice16sdxhelper.exe [108888 2021-11-14] (Microsoft Corporation -> Microsoft Corporation)
Task: {DB684843-6904-4389-9002-1EBD848D4F45} – System32TasksLenovoImControllerPluginsLenovoSystemUpdatePlugin_WeeklyTask => %windir%System32reg.exe add hklmSOFTWARELenovoSystemUpdatePluginscheduler /v start /t reg_dword /d 1 /f /reg:32
Task: {DD833010-02F4-4813-8EF6-121A29E130D9} – System32TasksLenovoDisableAndStopOSK => C:Program Files (x86)LenovoWRITEitDisableOSKCommand.exe [12112 2016-07-21] (LENOVO -> )
Task: {E68B0B4C-D61F-4442-9A34-F8915CEA288F} – System32TasksGoogleUpdateTaskMachineCore => C:Program Files (x86)GoogleUpdateGoogleUpdate.exe [153752 2016-09-16] (Google Inc -> Google Inc.)
Task: {EA49713E-CFDF-4087-9A73-AFFFF28BC717} – System32TasksMicrosoftOfficeOffice ClickToRun Service Monitor => C:Program FilesCommon FilesMicrosoft SharedClickToRunOfficeC2RClient.exe [22654872 2021-11-04] (Microsoft Corporation -> Microsoft Corporation)
Task: {F019AB26-3CB8-462C-9333-AA0BDE6D6537} – System32TasksLenovoVantageScheduleHeartbeatAddinDailyScheduleTask => C:Program Files (x86)LenovoVantageService3.9.23.0ScheduleEventAction.exe [26656 2021-09-17] (Lenovo -> Lenovo Group Ltd.)
Task: {F0A7FD2C-DAF9-4002-9A78-AD64962C1F00} – System32TasksMicrosoftOfficeOfficeTelemetryAgentLogOn2016 => C:Program Files (x86)Microsoft OfficerootOffice16msoia.exe [6242232 2021-11-14] (Microsoft Corporation -> Microsoft Corporation)
Task: {F5BFFBFD-3B64-4D72-8306-6DB389DC98DF} – System32TasksLenovoREACHit Agent Update => C:Program Files (x86)LenovoREACHitREACHitAgent.exe [676176 2016-05-18] (LENOVO -> Lenovo)
Task: {F862DF60-E721-4E76-851C-EA231D81AAEC} – System32TasksTVTTVSUUpdateTask_UserLogOn => C:Program Files (x86)LenovoSystem UpdatetvsuShim.exe [1758792 2021-09-23] (Lenovo -> )
Task: {FD33B2CC-E218-47B5-9FB7-D0BDCFCD2F41} – System32TasksMicrosoftOfficeOfficeTelemetryAgentFallBack2016 => C:Program Files (x86)Microsoft OfficerootOffice16msoia.exe [6242232 2021-11-14] (Microsoft Corporation -> Microsoft Corporation)
(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)
==================== Internet (Whitelisted) ====================
(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
Hosts: 216.239.38.120 www.google.com #forcesafesearch
TcpipParameters: [DhcpNameServer] 192.168.50.1
Tcpip..Interfaces{3737cb45-e02c-4810-ba79-8e104cd27f38}: [DhcpNameServer] 150.206.1.2
Tcpip..Interfaces{423603fa-aeab-4b8c-9d0f-78385aa55405}: [NameServer] 192.168.0.3,1.1.1.1
Tcpip..Interfaces{423603fa-aeab-4b8c-9d0f-78385aa55405}: [DhcpNameServer] 192.168.0.3 192.168.0.3
Tcpip..Interfaces{b26dd4d1-3642-42e6-babf-fe0ddbcbc487}: [DhcpNameServer] 192.168.50.1
Edge:
=======
DownloadDir: C:UsersmilosDownloads
Edge Extension: (Adblock Plus) -> 10_EyeoGmbHAdblockPlus_d55gg7py3s0m0 => C:Program FilesWindowsAppsEyeoGmbH.AdblockPlus_0.9.19.0_neutral__d55gg7py3s0m0 [2021-03-10]
Edge Extension: (No Name) -> AutoFormFill_5ED10D46BD7E47DEB1F3685D2C0FCE08 => C:WindowsSystemAppsMicrosoft.MicrosoftEdge_8wekyb3d8bbweAssetsHostExtensionsAutoFormFill [not found]
Edge Extension: (No Name) -> BookReader_B171F20233094AC88D05A8EF7B9763E8 => C:WindowsSystemAppsMicrosoft.MicrosoftEdge_8wekyb3d8bbweAssetsBookViewer [not found]
Edge Extension: (No Name) -> LearningTools_7706F933-971C-41D1-9899-8A026EB5D824 => C:WindowsSystemAppsMicrosoft.MicrosoftEdge_8wekyb3d8bbweAssetsHostExtensionsLearningTools [not found]
Edge Extension: (No Name) -> PinJSAPI_EC01B57063BE468FAB6DB7EBFC3BF368 => C:WindowsSystemAppsMicrosoft.MicrosoftEdge_8wekyb3d8bbweAssetsHostExtensionsPinJSAPI [not found]
Edge Profile: C:UsersmilosAppDataLocalMicrosoftEdgeUser DataDefault [2021-11-17]
Edge DefaultSearchURL: Default -> hxxps://www.google.ca/search?q={searchTerms}&ie={inputEncoding?}&oe={outputEncoding?}
Edge Extension: (Cold Turkey Blocker) – C:UsersmilosAppDataLocalMicrosoftEdgeUser DataDefaultExtensionsjfphahkinplobmabmgjmjgflbhjjddeb [2021-11-17]
FireFox:
========
FF DefaultProfile: 7uz3k2x8.default
FF ProfilePath: C:UsersmilosAppDataRoamingMozillaFirefoxProfiles7uz3k2x8.default [2018-07-23]
FF Plugin-x32: @microsoft.com/Lync,version=15.0 -> C:Program Files (x86)Microsoft OfficerootVFSProgramFilesX86Mozilla Firefoxpluginsnpmeetingjoinpluginoc.dll [2021-11-01] (Microsoft Corporation -> Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:Program Files (x86)Microsoft OfficerootOffice16NPSPWRAP.DLL [2021-11-01] (Microsoft Corporation -> Microsoft Corporation)
FF Plugin-x32: Adobe Reader -> C:Program Files (x86)AdobeAcrobat Reader DCReaderAIRnppdf32.dll [2021-10-05] (Adobe Inc. -> Adobe Systems Inc.)
Chrome:
=======
CHR Profile: C:UsersmilosAppDataLocalGoogleChromeUser DataBackup default [2018-04-24]
CHR HomePage: Backup default -> hxxp://samsung.msn.com/
CHR StartupUrls: Backup default -> “hxxp://www.facebook.com/?ref=logo”,”hxxp://www.atpworldtour.com/”,”hxxp://www.tennis.com/index.aspx”
CHR Extension: (Slides) – C:UsersmilosAppDataLocalGoogleChromeUser DataBackup defaultExtensionsaapocclcgogkmnckokdopfmhonfmgoek [2017-10-12]
CHR Extension: (Docs) – C:UsersmilosAppDataLocalGoogleChromeUser DataBackup defaultExtensionsaohghmighlieiainnegkcijnfilokake [2017-10-12]
CHR Extension: (Google Drive) – C:UsersmilosAppDataLocalGoogleChromeUser DataBackup defaultExtensionsapdfllckaahabafndbhieahigkjlhalf [2016-09-16]
CHR Extension: (YouTube) – C:UsersmilosAppDataLocalGoogleChromeUser DataBackup defaultExtensionsblpcfgokakmgnkcojhhkbfbldkacnbeo [2016-09-16]
CHR Extension: (Honey) – C:UsersmilosAppDataLocalGoogleChromeUser DataBackup defaultExtensionsbmnlcjabgnpnenekpadlanbbkooimhnj [2018-04-15]
CHR Extension: (uBlock Origin) – C:UsersmilosAppDataLocalGoogleChromeUser DataBackup defaultExtensionscjpalhdlnbpafiamejdnhcphjbkeiagm [2018-04-24]
CHR Extension: (SportZone) – C:UsersmilosAppDataLocalGoogleChromeUser DataBackup defaultExtensionscmeikikackmjcmgkcgpnangjlnicecml [2017-04-26]
CHR Extension: (Session Buddy) – C:UsersmilosAppDataLocalGoogleChromeUser DataBackup defaultExtensionsedacconmaakjimmfgnblocblbcdcpbko [2018-01-29]
CHR Extension: (Adobe Acrobat) – C:UsersmilosAppDataLocalGoogleChromeUser DataBackup defaultExtensionsefaidnbmnnnibpcajpcglclefindmkaj [2017-03-19]
CHR Extension: (Google Calendar) – C:UsersmilosAppDataLocalGoogleChromeUser DataBackup defaultExtensionsejjicmeblgpmajnghnpcppodonldlgfn [2017-01-10]
CHR Extension: (Sheets) – C:UsersmilosAppDataLocalGoogleChromeUser DataBackup defaultExtensionsfelcaaldnbdncclmgdcncolpebgiejap [2017-10-12]
CHR Extension: (Google Docs Offline) – C:UsersmilosAppDataLocalGoogleChromeUser DataBackup defaultExtensionsghbmnnjooekpmoecnnnilnnbdlolhkhi [2016-09-28]
CHR Extension: (Unlimited Free VPN – Hola) – C:UsersmilosAppDataLocalGoogleChromeUser DataBackup defaultExtensionsgkojfkhlekighikafcpjkiklfbnlmeio [2018-04-24]
CHR Extension: (Terms of Service; Didn’t Read) – C:UsersmilosAppDataLocalGoogleChromeUser DataBackup defaultExtensionshjdoplcnndgiblooccencgcggcoihigg [2017-08-16]
CHR Extension: (Wolfram|Alpha (Official)) – C:UsersmilosAppDataLocalGoogleChromeUser DataBackup defaultExtensionsicncamkooinmbehmkeilcccmoljfkdhp [2016-09-16]
CHR Extension: (Lightshot (screenshot tool)) – C:UsersmilosAppDataLocalGoogleChromeUser DataBackup defaultExtensionsmbniclmhobmnbdlbpiphghaielnnpgdp [2018-01-29]
CHR Extension: (LinkedIn Extension) – C:UsersmilosAppDataLocalGoogleChromeUser DataBackup defaultExtensionsmeajfmicibjppdgbjfkpdikfjcflabpk [2018-03-05]
CHR Extension: (Google Dictionary (by Google)) – C:UsersmilosAppDataLocalGoogleChromeUser DataBackup defaultExtensionsmgijmajocgfcbeboacabfgobmjgjcoja [2017-07-27]
CHR Extension: (Google Mail Checker) – C:UsersmilosAppDataLocalGoogleChromeUser DataBackup defaultExtensionsmihcahmgecmbnbcchbopgniflfhgnkff [2016-09-16]
CHR Extension: (Chrome Web Store Payments) – C:UsersmilosAppDataLocalGoogleChromeUser DataBackup defaultExtensionsnmmhkkegccagdldgiimedpiccmgmieda [2018-04-05]
CHR Extension: (Hover Zoom) – C:UsersmilosAppDataLocalGoogleChromeUser DataBackup defaultExtensionsnonjdcjchghhkdoolnlbekcfllmednbl [2018-04-22]
CHR Extension: (Gmail) – C:UsersmilosAppDataLocalGoogleChromeUser DataBackup defaultExtensionspjkljhegncpnkpknbcohdijeoejaedia [2016-09-16]
CHR Extension: (Chrome Media Router) – C:UsersmilosAppDataLocalGoogleChromeUser DataBackup defaultExtensionspkedcjkdefgpdelpbcmbmeomcjbeemfm [2018-04-23]
CHR Profile: C:UsersmilosAppDataLocalGoogleChromeUser DataDefault [2021-11-30]
CHR Notifications: Default -> hxxps://manage.wix.com
CHR HomePage: Default -> hxxp://samsung.msn.com/
CHR StartupUrls: Default -> “hxxp://www.facebook.com/?ref=logo”,”hxxp://www.atpworldtour.com/”,”hxxp://www.tennis.com/index.aspx”
CHR Session Restore: Default -> is enabled.
CHR Extension: (Google Translate) – C:UsersmilosAppDataLocalGoogleChromeUser DataDefaultExtensionsaapbdbdomjkkjkaonfhkkikfgjllcleb [2021-10-03]
CHR Extension: (Safe Torrent Scanner) – C:UsersmilosAppDataLocalGoogleChromeUser DataDefaultExtensionsaegnopegbbhjeeiganiajffnalhlkkjb [2021-09-14]
CHR Extension: (uBlock Origin) – C:UsersmilosAppDataLocalGoogleChromeUser DataDefaultExtensionscjpalhdlnbpafiamejdnhcphjbkeiagm [2021-10-16]
CHR Extension: (Session Buddy) – C:UsersmilosAppDataLocalGoogleChromeUser DataDefaultExtensionsedacconmaakjimmfgnblocblbcdcpbko [2020-05-17]
CHR Extension: (Dark Reader) – C:UsersmilosAppDataLocalGoogleChromeUser DataDefaultExtensionseimadpbcbfnmbkopoojfekhnkhdbieeh [2021-11-11]
CHR Extension: (Google Docs Offline) – C:UsersmilosAppDataLocalGoogleChromeUser DataDefaultExtensionsghbmnnjooekpmoecnnnilnnbdlolhkhi [2021-10-27]
CHR Extension: (Web Safety) – C:UsersmilosAppDataLocalGoogleChromeUser DataDefaultExtensionsmfhcmdonhekjhfbjmeacdjbhlfgpjabp [2021-09-14]
CHR Extension: (Chrome Web Store Payments) – C:UsersmilosAppDataLocalGoogleChromeUser DataDefaultExtensionsnmmhkkegccagdldgiimedpiccmgmieda [2021-02-02]
CHR Extension: (Bitwarden – Free Password Manager) – C:UsersmilosAppDataLocalGoogleChromeUser DataDefaultExtensionsnngceckbapebfimnlniiiahkandclblb [2021-10-29]
CHR Extension: (Hover Zoom) – C:UsersmilosAppDataLocalGoogleChromeUser DataDefaultExtensionsnonjdcjchghhkdoolnlbekcfllmednbl [2019-07-12]
CHR Extension: (Cold Turkey Blocker) – C:UsersmilosAppDataLocalGoogleChromeUser DataDefaultExtensionspganeibhckoanndahmnfggfoeofncnii [2021-11-08]
CHR Extension: (uBlock Origin Extra) – C:UsersmilosAppDataLocalGoogleChromeUser DataDefaultExtensionspgdnlhfefecpicbbihgmbmffkjpaplco [2019-09-12]
CHR Profile: C:UsersmilosAppDataLocalGoogleChromeUser DataSystem Profile [2021-10-03]
CHR HKLM-x32…ChromeExtension: [aegnopegbbhjeeiganiajffnalhlkkjb]
CHR HKLM-x32…ChromeExtension: [efaidnbmnnnibpcajpcglclefindmkaj]
CHR HKLM-x32…ChromeExtension: [mfhcmdonhekjhfbjmeacdjbhlfgpjabp]
Opera:
=======
OPR Profile: C:UsersmilosAppDataRoamingOpera SoftwareOpera Stable [2021-09-14]
==================== Services (Whitelisted) ===================
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
R2 AdobeARMservice; C:Program Files (x86)Common FilesAdobeARM1.0armsvc.exe [169728 2021-08-16] (Adobe Inc. -> Adobe Inc.)
R2 AGMService; C:Program Files (x86)Common FilesAdobeAdobeGCClientAGMService.exe [3833088 2021-09-07] (Adobe Inc. -> Adobe Systems, Incorporated)
R2 AGSService; C:Program Files (x86)Common FilesAdobeAdobeGCClientAGSService.exe [3603200 2021-09-07] (Adobe Inc. -> Adobe Systems, Incorporated)
R2 AutoRoamingService; C:Program FilesBroadcomBroadcom 802.11 Network AdapterAutoRoaming.exe [37888 2016-08-16] () [File not signed]
R2 btwdins; C:Program FilesLenovoBluetooth Softwarebtwdins.exe [983808 2016-03-29] (Broadcom Corporation -> Broadcom Corporation.)
R2 CCSDK; C:Program Files (x86)LenovoCCSDKCCSDK.exe [650680 2015-07-29] (LENOVO -> Lenovo)
R2 ClickToRunSvc; C:Program FilesCommon FilesMicrosoft SharedClickToRunOfficeClickToRun.exe [12034464 2021-11-04] (Microsoft Corporation -> Microsoft Corporation)
R2 connect2hotspot; C:Program Files (x86)LenovoConnect2Connect2.Service.exe [100680 2017-02-08] (Lenovo -> Lenovo)
R2 DAX2API; C:Program FilesDolbyDolby DAX2DAX2_APIDolbyDAX2API.exe [176640 2015-09-23] () [File not signed]
R2 GDCAgent; C:Program Files (x86)LenovoGDCAgentSetupRedGDCAgent.exe [1155512 2015-07-30] (LENOVO -> Lenovo)
R2 HPSIService; C:WINDOWSsystem32HPSIsvc.exe [126880 2012-09-27] (Hewlett-Packard Company -> HP)
R2 ImControllerService; C:WINDOWSLenovoImControllerServiceLenovo.Modern.ImController.exe [83200 2021-11-07] (Lenovo -> Lenovo Group Ltd.)
R2 LenovoVantageService; C:Program Files (x86)LenovoVantageService3.9.23.0LenovoVantageService.exe [31248 2021-09-17] (Lenovo -> Lenovo Group Ltd.)
S3 LSC.Services.SystemService; C:Program FilesLenovoLenovo Solution CenterAppLSC.Services.SystemService.exe [273232 2016-06-03] (LENOVO -> Lenovo)
R2 MBAMService; C:Program FilesMalwarebytesAnti-MalwareMBAMService.exe [7848632 2021-11-08] (Malwarebytes Inc -> Malwarebytes)
R2 MullvadVPN; C:Program FilesMullvad VPNresourcesmullvad-daemon.exe [11517720 2021-11-17] (Mullvad VPN AB -> Mullvad VPN AB)
R2 Power_a17007; C:Program FilesCold TurkeyServiceHub.Power.exe [117008 2021-05-11] (Cold Turkey Software, Inc. -> )
R3 WdNisSvc; C:ProgramDataMicrosoftWindows DefenderPlatform4.18.2110.6-0NisSrv.exe [2872024 2021-11-03] (Microsoft Windows Publisher -> Microsoft Corporation)
R2 WinDefend; C:ProgramDataMicrosoftWindows DefenderPlatform4.18.2110.6-0MsMpEng.exe [128376 2021-11-03] (Microsoft Windows Publisher -> Microsoft Corporation)
R2 ymc; C:ProgramDataLenovoTransitionServerx64ymc.exe [42424 2015-12-02] (LENOVO -> Lenovo)
===================== Drivers (Whitelisted) ===================
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
R3 BCMPCIEDHD63; C:WINDOWSsystem32DRIVERSbcmpciedhd63.sys [1049896 2016-08-16] (Broadcom Corporation -> Broadcom Corp)
S3 BthA2dp; C:WINDOWSSystem32driversBthA2dp.sys [279040 2019-12-07] (Microsoft Corporation) [File not signed]
S3 BthHFEnum; C:WINDOWSSystem32driversbthhfenum.sys [144896 2019-12-07] (Microsoft Corporation) [File not signed]
R2 MBAMChameleon; C:WINDOWSSystem32DriversMbamChameleon.sys [210344 2021-10-16] (Microsoft Windows Hardware Compatibility Publisher -> Malwarebytes)
S0 MbamElam; C:WINDOWSSystem32DRIVERSMbamElam.sys [19912 2020-06-30] (Microsoft Windows Early Launch Anti-malware Publisher -> Malwarebytes)
R3 MBAMSwissArmy; C:WINDOWSSystem32Driversmbamswissarmy.sys [248992 2021-11-08] (Malwarebytes Inc -> Malwarebytes)
R3 mullvad-split-tunnel; C:WINDOWSSystem32driversmullvad-split-tunnel.sys [87024 2021-07-02] (Mullvad VPN AB -> Mullvad VPN AB)
S3 mvusbews; C:WINDOWSSystem32Driversmvusbews.sys [20480 2012-09-26] (Microsoft Windows Hardware Compatibility Publisher -> Marvell Semiconductor, Inc.)
S3 rtump64x64; C:WINDOWSSystem32driversrtump64x64.sys [937464 2021-06-30] (Realtek Semiconductor Corp. -> Realtek Corporation)
S3 ssudmdm; C:WINDOWSsystem32DRIVERSssudmdm.sys [167280 2020-11-11] (Samsung Electronics Co., Ltd. -> Samsung Electronics Co., Ltd.)
S3 usbaud; C:WINDOWSSystem32driversusbaud64w10.sys [109880 2020-03-26] (Synaptics Incorporated -> Synaptics Inc.)
S0 WdBoot; C:WINDOWSSystem32driverswdWdBoot.sys [48520 2021-11-03] (Microsoft Windows Early Launch Anti-malware Publisher -> Microsoft Corporation)
R0 WdFilter; C:WINDOWSSystem32driverswdWdFilter.sys [435424 2021-11-03] (Microsoft Windows -> Microsoft Corporation)
R3 WdNisDrv; C:WINDOWSSystem32driverswdWdNisDrv.sys [86240 2021-11-03] (Microsoft Windows -> Microsoft Corporation)
S3 wintun; C:WINDOWSsystem32DRIVERSwintun.sys [29680 2021-10-30] (Microsoft Windows Hardware Compatibility Publisher -> WireGuard LLC)
S3 wsvd; C:WINDOWSsystem32DRIVERSwsvd.sys [102376 2012-06-14] (CyberLink -> “CyberLink)
==================== NetSvcs (Whitelisted) ===================
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
==================== One month (created) (Whitelisted) =========
(If an entry is included in the fixlist, the file/folder will be moved.)
2021-11-30 16:00 – 2021-11-30 16:01 – 000039287 _____ C:UsersmilosDownloadsFRST.txt
2021-11-30 15:59 – 2021-11-30 16:00 – 000000000 ____D C:FRST
2021-11-30 15:58 – 2021-11-30 15:59 – 002311680 _____ (Farbar) C:UsersmilosDownloadsFRST64.exe
2021-11-30 15:53 – 2021-11-30 15:53 – 000000000 ___HD C:Usersmilos.opera
2021-11-30 15:40 – 2021-11-30 15:40 – 000377904 _____ C:UsersmilosDocumentsregbackup.reg
2021-11-30 15:29 – 2021-11-30 15:50 – 000000000 ___HD C:UsersPublicDocumentsAdobeGC
2021-11-28 11:03 – 2021-11-29 13:34 – 000000000 ____D C:UsersmilosAppDataRoamingMicrosoftWindowsStart MenuProgramsBluetooth
2021-11-28 10:35 – 2021-11-28 10:35 – 000000000 ____D C:WINDOWSLastGood.Tmp
2021-11-25 18:30 – 2021-11-25 18:30 – 000000000 ____D C:Program FilesMullvad VPN
2021-11-25 18:28 – 2021-11-25 18:29 – 094699432 _____ (Mullvad VPN) C:UsersmilosDownloadsMullvadVPN-2021.6.exe
2021-11-21 22:43 – 2021-11-21 22:44 – 000000000 ____D C:UsersmilosAppDataLocalViber
2021-11-21 22:30 – 2021-11-21 22:30 – 000000000 ____D C:UsersmilosAppDataLocalEraser 6
2021-11-18 22:49 – 2021-11-18 22:49 – 000065808 _____ C:UsersmilosDownloads8299-600537-CRA-GRID.zip
2021-11-18 22:08 – 2021-11-18 22:08 – 000083925 _____ C:UsersmilosDownloads8299-600537-CRA-GRID.pdf
2021-11-17 00:40 – 2021-11-17 00:40 – 000000000 ____D C:UsersmilosAppDataRoamingMicrosoftWindowsStart MenuProgramsGoogle Ads Editor
2021-11-12 13:16 – 2021-11-12 13:16 – 000223744 _____ C:WINDOWSSysWOW64TpmTool.exe
2021-11-12 13:16 – 2021-11-12 13:16 – 000060928 _____ C:WINDOWSsystem32runexehelper.exe
2021-11-12 13:16 – 2021-11-12 13:16 – 000011363 _____ C:WINDOWSsystem32DrtmAuthTxt.wim
2021-11-12 13:15 – 2021-11-12 13:15 – 000272384 _____ C:WINDOWSsystem32TpmTool.exe
2021-11-12 13:03 – 2021-11-12 13:03 – 000000000 ___HD C:$WinREAgent
2021-11-09 22:37 – 2021-11-09 22:37 – 000000000 ____D C:UsersmilosDocumentssys_mic
2021-11-08 21:57 – 2021-11-30 16:02 – 000000000 ____D C:ProgramDataCold Turkey
2021-11-08 21:57 – 2021-11-08 21:57 – 000003868 _____ C:WINDOWSsystem32TasksPower_a17007
2021-11-08 21:57 – 2021-11-08 21:57 – 000000936 _____ C:UsersPublicDesktopCold Turkey Blocker.lnk
2021-11-08 21:57 – 2021-11-08 21:57 – 000000000 ____D C:ProgramDataMicrosoftWindowsStart MenuProgramsCold Turkey Software
2021-11-08 21:57 – 2021-11-08 21:57 – 000000000 ____D C:Program FilesCold Turkey
2021-11-08 21:45 – 2021-11-08 21:45 – 000248992 _____ (Malwarebytes) C:WINDOWSsystem32Driversmbamswissarmy.sys
2021-11-07 12:25 – 2021-11-07 12:25 – 000001153 _____ C:ProgramDataMicrosoftWindowsStart MenuProgramsPC Health Check.lnk
2021-11-07 12:25 – 2021-11-07 12:25 – 000000000 ____D C:Program FilesPCHealthCheck
2021-11-04 20:54 – 2021-11-30 15:53 – 000000000 ___HD C:UsersmilosDownloads.opera
==================== One month (modified) ==================
(If an entry is included in the fixlist, the file/folder will be moved.)
2021-11-30 15:57 – 2019-12-07 10:14 – 000000000 ____D C:WINDOWSAppReadiness
2021-11-30 15:56 – 2019-12-07 10:14 – 000000000 ____D C:ProgramDataregid.1991-06.com.microsoft
2021-11-30 15:53 – 2021-03-10 21:23 – 000000000 ____D C:Usersmilos
2021-11-30 15:52 – 2021-03-10 21:54 – 000787362 _____ C:WINDOWSsystem32perfh010.dat
2021-11-30 15:52 – 2021-03-10 21:54 – 000151168 _____ C:WINDOWSsystem32perfc010.dat
2021-11-30 15:52 – 2021-03-10 21:29 – 001757720 _____ C:WINDOWSsystem32PerfStringBackup.INI
2021-11-30 15:52 – 2019-12-07 10:13 – 000000000 ____D C:WINDOWSINF
2021-11-30 15:50 – 2021-03-12 03:02 – 000000000 ___HD C:UsersPublicDocumentsAdobeGCData
2021-11-30 15:50 – 2021-03-10 21:33 – 000004166 _____ C:WINDOWSsystem32TasksUser_Feed_Synchronization-{7A5A3FB7-0457-4A29-BDDF-AADC0A866E8E}
2021-11-30 15:49 – 2016-09-16 05:41 – 000000000 ____D C:Program Files (x86)Google
2021-11-30 15:48 – 2021-10-30 19:36 – 000000000 ____D C:UsersmilosAppDataLocalMullvad VPN
2021-11-30 15:48 – 2017-07-27 19:50 – 000000180 _____ C:WINDOWSsystem32{A6D608F0-0BDE-491A-97AE-5C4B05D86E01}.bat
2021-11-30 15:47 – 2021-10-30 19:35 – 000000000 ____D C:ProgramDataMullvad VPN
2021-11-30 15:47 – 2021-03-10 21:33 – 000000006 ____H C:WINDOWSTasksSA.DAT
2021-11-30 15:47 – 2021-03-10 21:20 – 000008192 ___SH C:DumpStack.log.tmp
2021-11-30 15:47 – 2019-12-07 10:14 – 000000000 ____D C:WINDOWSServiceState
2021-11-30 15:47 – 2019-12-07 10:03 – 001310720 _____ C:WINDOWSsystem32configBBI
2021-11-30 14:05 – 2021-08-31 16:49 – 000000000 ____D C:UsersmilosDocumentsViberDownloads
2021-11-30 14:00 – 2021-03-10 21:20 – 000000000 ____D C:WINDOWSsystem32SleepStudy
2021-11-30 11:44 – 2019-12-07 10:14 – 000000000 ___HD C:Program FilesWindowsApps
2021-11-29 22:45 – 2020-03-16 02:49 – 000000000 ____D C:UsersmilosAppDataRoamingViberPC
2021-11-29 14:00 – 2017-11-14 02:48 – 000000000 ____D C:UsersmilosAppDataLocalPackages
2021-11-29 13:48 – 2021-10-03 12:29 – 000000000 ____D C:UsersmilosAppDataRoamingvlc
2021-11-28 15:11 – 2018-04-27 03:35 – 000000000 ____D C:UsersmilosAppDataLocalElevatedDiagnostics
2021-11-28 11:08 – 2016-08-16 11:06 – 000000000 ____D C:ProgramDataPackage Cache
2021-11-27 23:30 – 2021-10-24 22:41 – 000000000 ____D C:UsersmilosAppDataRoamingqBittorrent
2021-11-27 15:13 – 2019-12-07 10:03 – 000000000 ____D C:WINDOWSCbsTemp
2021-11-26 22:46 – 2021-04-02 17:26 – 000000000 ____D C:UsersmilosAppDataLocalCrashDumps
2021-11-19 13:51 – 2016-09-16 05:41 – 000002308 _____ C:ProgramDataMicrosoftWindowsStart MenuProgramsGoogle Chrome.lnk
2021-11-18 15:34 – 2018-07-05 11:30 – 000000000 ____D C:ProgramDataPackages
2021-11-18 15:15 – 2021-03-10 21:33 – 000003378 _____ C:WINDOWSsystem32TasksOneDrive Standalone Update Task-S-1-5-21-458231350-2704687506-1668943915-1001
2021-11-18 15:15 – 2021-03-10 21:23 – 000002386 _____ C:UsersmilosAppDataRoamingMicrosoftWindowsStart MenuProgramsOneDrive.lnk
2021-11-17 21:58 – 2021-05-30 19:46 – 000003480 _____ C:WINDOWSsystem32TasksMicrosoftEdgeUpdateTaskMachineUA
2021-11-17 21:58 – 2021-05-30 19:46 – 000003356 _____ C:WINDOWSsystem32TasksMicrosoftEdgeUpdateTaskMachineCore
2021-11-17 00:38 – 2016-10-20 15:53 – 000000000 ____D C:UsersmilosAppDataLocalConnectedDevicesPlatform
2021-11-16 10:48 – 2021-10-30 19:10 – 000000792 _____ C:WINDOWSstorelibdebug.txt
2021-11-16 10:47 – 2016-08-16 11:23 – 000000000 ____D C:ProgramDataLenovo
2021-11-15 15:50 – 2021-03-10 21:20 – 000529000 _____ C:WINDOWSsystem32FNTCACHE.DAT
2021-11-15 15:49 – 2019-12-07 10:14 – 000000000 ___SD C:WINDOWSsystem32DiagSvcs
2021-11-15 15:49 – 2019-12-07 10:14 – 000000000 ___RD C:WINDOWSImmersiveControlPanel
2021-11-15 15:49 – 2019-12-07 10:14 – 000000000 ____D C:WINDOWSSysWOW64setup
2021-11-15 15:49 – 2019-12-07 10:14 – 000000000 ____D C:WINDOWSSysWOW64Dism
2021-11-15 15:49 – 2019-12-07 10:14 – 000000000 ____D C:WINDOWSSystemResources
2021-11-15 15:49 – 2019-12-07 10:14 – 000000000 ____D C:WINDOWSsystem32setup
2021-11-15 15:49 – 2019-12-07 10:14 – 000000000 ____D C:WINDOWSsystem32oobe
2021-11-15 15:49 – 2019-12-07 10:14 – 000000000 ____D C:WINDOWSsystem32Dism
2021-11-15 15:49 – 2019-12-07 10:14 – 000000000 ____D C:WINDOWSShellExperiences
2021-11-15 15:49 – 2019-12-07 10:14 – 000000000 ____D C:WINDOWSbcastdvr
2021-11-15 15:49 – 2019-12-07 10:03 – 000000000 ____D C:WINDOWSservicing
2021-11-14 13:32 – 2016-08-16 11:08 – 000000000 ____D C:Program Files (x86)Microsoft Office
2021-11-12 22:46 – 2021-03-16 18:49 – 000000000 ____D C:UsersmilosAppDataRoamingGoogle
2021-11-12 13:01 – 2016-09-24 05:28 – 000000000 ____D C:WINDOWSsystem32MRT
2021-11-12 12:49 – 2016-09-24 05:28 – 141529560 ____C (Microsoft Corporation) C:WINDOWSsystem32MRT.exe
2021-11-07 22:36 – 2021-03-03 04:19 – 000429952 _____ (Lenovo Group Limited) C:WINDOWSsystem32iMDriverHelper.dll
2021-11-07 22:36 – 2021-03-03 04:19 – 000109296 _____ (Lenovo Group Ltd.) C:WINDOWSsystem32WudfUpdate_02000.dll
2021-11-07 22:36 – 2021-03-03 04:19 – 000063728 _____ (Lenovo Group Ltd.) C:WINDOWSsystem32ImController.InfInstaller.exe
2021-11-07 22:36 – 2017-10-05 17:55 – 000109296 _____ (Lenovo Group Ltd.) C:WINDOWSsystem32ImController.CoInstaller.dll
2021-11-06 20:02 – 2021-03-10 21:33 – 000003364 _____ C:WINDOWSsystem32TasksOneDrive Standalone Update Task-S-1-5-21-458231350-2704687506-1668943915-1004
2021-11-06 10:17 – 2018-07-04 17:00 – 000000000 ____D C:UsersmilosAppDataLocalHost App Service
2021-11-03 19:33 – 2019-12-07 10:14 – 000000000 ____D C:WINDOWSLiveKernelReports
2021-11-03 11:37 – 2018-03-01 20:02 – 000000000 ____D C:WINDOWSsystem32Driverswd
2021-10-31 10:07 – 2021-06-22 22:17 – 000000000 ____D C:UsersmilosCalibre Library
==================== Files in the root of some directories ========
2021-03-12 03:16 – 2021-03-12 03:16 – 000000000 _____ () C:UsersmilosAppDataLocaloobelibMkey.log
2017-02-24 03:20 – 2017-02-24 03:20 – 000000218 _____ () C:UsersmilosAppDataLocalrecently-used.xbel
==================== SigCheck ============================
(There is no automatic fix for files that do not pass verification.)
==================== End of FRST.txt ========================
And the Addition.txt log:
Additional scan result of Farbar Recovery Scan Tool (x64) Version: 26-11-2021
Ran by Milos Kazic (30-11-2021 16:02:39)
Running from C:UsersmilosDownloads
Microsoft Windows 10 Home Version 21H1 19043.1348 (X64) (2021-03-10 20:34:04)
Boot Mode: Normal
==========================================================
==================== Accounts: =============================
(If an entry is included in the fixlist, it will be removed.)
Administrator (S-1-5-21-458231350-2704687506-1668943915-500 – Administrator – Disabled)
DefaultAccount (S-1-5-21-458231350-2704687506-1668943915-503 – Limited – Disabled)
Guest (S-1-5-21-458231350-2704687506-1668943915-501 – Limited – Disabled)
Milos Kazic (S-1-5-21-458231350-2704687506-1668943915-1001 – Administrator – Enabled) => C:Usersmilos
WDAGUtilityAccount (S-1-5-21-458231350-2704687506-1668943915-504 – Limited – Disabled)
==================== Security Center ========================
(If an entry is included in the fixlist, it will be removed.)
AV: Windows Defender (Enabled – Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: Windows Defender (Enabled – Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
==================== Installed Programs ======================
(Only the adware programs with “Hidden” flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)
7-Zip 19.00 (x64) (HKLM…7-Zip) (Version: 19.00 – Igor Pavlov)
Adobe Acrobat Reader DC (HKLM-x32…{AC76BA86-7AD7-1033-7B44-AC0F074E4100}) (Version: 21.007.20099 – Adobe Systems Incorporated)
Adobe AIR (HKLM-x32…Adobe AIR) (Version: 28.0.0.127 – Adobe Systems Incorporated)
Adobe Digital Editions 4.5 (HKLM-x32…Adobe Digital Editions 4.5) (Version: 4.5.10 – Adobe Systems Incorporated)
Adobe Genuine Service (HKLM-x32…AdobeGenuineService) (Version: – Adobe)
Authy Desktop (HKUS-1-5-21-458231350-2704687506-1668943915-1001…authy) (Version: 1.8.4 – Twilio Inc.)
Bitwarden (HKLM…173a9bac-6f0d-50c4-8202-4744c69d091a) (Version: 1.28.2 – Bitwarden Inc.)
calibre 64bit (HKLM…{0E5A6226-D476-487B-8963-3FA0BBA32170}) (Version: 5.24.0 – Kovid Goyal)
Canon MF Toolbox 4.9.1.1.mf18 (HKLM-x32…{6767DFEE-8909-453A-B553-C7693912B2EB}) (Version: 4.9.1.1.mf18 – CANON INC.)
Canon MF4700 Series (HKLM…{47A8DB42-4E21-4d55-9931-D4F44CC3F03B}) (Version: 4.1.0.1 – CANON INC.)
Cisco EAP-FAST Module (HKLM-x32…{64BF0187-F3D2-498B-99EA-163AF9AE6EC9}) (Version: 2.2.14 – Cisco Systems, Inc.) Hidden
Cisco LEAP Module (HKLM-x32…{51C7AD07-C3F6-4635-8E8A-231306D810FE}) (Version: 1.0.19 – Cisco Systems, Inc.) Hidden
Cisco PEAP Module (HKLM-x32…{ED5776D5-59B4-46B7-AF81-5F2D94D7C640}) (Version: 1.1.6 – Cisco Systems, Inc.) Hidden
Cold Turkey Blocker (HKLM…{6498E673-B9C2-4544-A722-1E854B5B573E}_is1) (Version: 4.3 – Cold Turkey Software, Inc.)
Connect2 (HKLM-x32…Connect2_is1) (Version: 4.2.1.3973 – Lenovo)
ConquerorLive (HKLM-x32…{8F826DBB-119F-42a1-94F9-E52878CC94C8}_is1) (Version: – OSToto Co., Ltd.)
Corel Graphics – Windows Shell Extension (HKLM…_{39AB9389-ABC5-4603-AFB6-071BB35225E4}) (Version: 21.0.0.581 – Corel Corporation)
Corel Graphics – Windows Shell Extension (HKLM…{39AB9389-ABC5-4603-AFB6-071BB35225E4}) (Version: 21.0.581 – Corel Corporation) Hidden
Corel Graphics – Windows Shell Extension 32 Bit Keys (HKLM…{95555783-E5F3-40B2-99C7-7345C39EFF76}) (Version: 21.0.581 – Corel Corporation) Hidden
Dolby Audio X2 Windows API SDK (HKLM…{6A478BF2-F67F-4ABC-A7F1-B6B5BA862371}) (Version: 0.5.2.33 – Dolby Laboratories, Inc.)
Dolby Audio X2 Windows APP (HKLM…{7DA57EF8-9D20-4126-AF15-D0CC97D0C017}) (Version: 0.5.2.30 – Dolby Laboratories, Inc.)
Eraser 6.2.0.2992 (HKLM…{6735C886-F5F0-446A-BB8C-03B92BA6775D}) (Version: 6.2.2992 – The Eraser Project)
GenuTax Standard (HKLM-x32…{1F9BB510-3CCF-483B-8556-A65D8F6E3EE1}) (Version: 1.64 – GenuSource Consulting Inc)
Ghostscript GPL 8.64 (Msi Setup) (HKLM-x32…_{06CD45E6-FF5E-4D8E-BC01-B276A90DADF2}) (Version: 8.64 – Corel Corporation)
Ghostscript GPL 8.64 (Msi Setup) (HKLM-x32…{06CD45E6-FF5E-4D8E-BC01-B276A90DADF2}) (Version: 8.64 – Corel Corporation) Hidden
Git version 2.32.0 (HKLM…Git_is1) (Version: 2.32.0 – The Git Development Community)
Google Ads Editor (HKLM-x32…{BD8B9D40-4659-11EC-9DAF-DC4A3E998CF6}) (Version: 13.8.2.0 – Google)
Google Chrome (HKLM-x32…Google Chrome) (Version: 96.0.4664.45 – Google LLC)
HP LaserJet Professional P1100-P1560-P1600 Series (HKLM…HP LaserJet Professional P1100-P1560-P1600 Series) (Version: – )
Intel® Chipset Device Software (HKLM-x32…{c7f54569-0018-439c-809a-48046a4d4ebc}) (Version: 10.1.1.9 – Intel® Corporation) Hidden
Intel® Dynamic Platform and Thermal Framework (HKLM-x32…{654EE65D-FAA4-4EA6-8C07-DC94E6A304D4}) (Version: 8.1.10604.207 – Intel Corporation)
Intel® Management Engine Components (HKLM…{1CEAC85D-2590-4760-800F-8DE5E91F3700}) (Version: 11.0.0.1177 – Intel Corporation)
Intel® Processor Graphics (HKLM-x32…{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}) (Version: 20.19.15.4380 – Intel Corporation)
Intel® Rapid Storage Technology (HKLM…{409CB30E-E457-4008-9B1A-ED1B9EA21140}) (Version: 14.8.0.1042 – Intel Corporation)
Intel® Serial IO (HKLM…{9FD91C5C-44AE-4D9D-85BE-AE52816B0294}) (Version: 30.63.1519.7 – Intel Corporation)
Lenovo App Explorer (HKUS-1-5-21-458231350-2704687506-1668943915-1001…Host App Service) (Version: 0.273.4.227 – SweetLabs for Lenovo) <==== ATTENTION
Lenovo Bluetooth with Enhanced Data Rate Software (HKLM…{C6D9ED03-6FCF-4410-9CB7-45CA285F9E11}) (Version: 12.0.1.885 – Broadcom Corporation)
Lenovo EasyCamera (HKLM-x32…{E399A5B3-ED53-4DEA-AF04-8011E1EB1EAC}) (Version: 6.3.9600.11103 – Realtek Semiconductor Corp.)
Lenovo OneKey Recovery (HKLM…{46F4D124-20E5-4D12-BE52-EC177A7A4B42}) (Version: 8.1.0.5708 – CyberLink Corp.) Hidden
Lenovo OneKey Recovery (HKLM-x32…InstallShield_{46F4D124-20E5-4D12-BE52-EC177A7A4B42}) (Version: 8.1.0.5708 – CyberLink Corp.)
Lenovo Photo Master (HKLM-x32…{BC94C56A-3649-420C-8756-2ADEBE399D33}) (Version: 2.1.3330.01 – CyberLink Corp.)
Lenovo QuickOptimizer (HKLM…{8D2C871B-1B9F-45AC-9C43-2BB18089CDFA}) (Version: 1.0.022.00 – Lenovo)
Lenovo Screensaver Yoga 900S (HKLM-x32…{9956630E-8953-43E9-8FFA-4A5F0E773449}) (Version: 1.0.4 – Lenovo)
Lenovo Service Bridge (HKUS-1-5-21-458231350-2704687506-1668943915-1001…{2C74547D-EF88-47F4-85F5-BE46A31E26B7}_is1) (Version: 5.0.2.8 – Lenovo)
Lenovo Solution Center (HKLM…{C1FC707B-AE6B-4DC4-89A5-6628A01F8103}) (Version: 3.3.003.00 – Lenovo)
Lenovo System Update (HKLM-x32…TVSU_is1) (Version: 5.07.0131 – Lenovo)
Lenovo Vantage Service (HKLM-x32…VantageSRV_is1) (Version: 3.9.23.0 – Lenovo Group Ltd.)
Lenovo Wireless LAN Driver (HKLM…Broadcom 802.11 Network Adapter) (Version: 1.558.29.5 – Broadcom Corporation)
Lenovo WRITEit (HKLM-x32…{96F263CD-0854-4781-B02B-E1047C3C3EEB}) (Version: 2.3.0023.00 – Lenovo)
Malwarebytes version 4.4.10.144 (HKLM…{35065F43-4BB2-439A-BFF7-0F1014F2E0CD}_is1) (Version: 4.4.10.144 – Malwarebytes)
Metric Collection SDK (HKLM-x32…{DDAA788F-52E6-44EA-ADB8-92837B11BF26}) (Version: 1.1.0012.00 – Lenovo Group Limited) Hidden
Metric Collection SDK 35 (HKLM-x32…{C2B5B5B0-2545-4E94-B4BA-548D4BF0B196}) (Version: 1.2.0010.00 – Lenovo Group Limited) Hidden
Microsoft 365 – en-us (HKLM…O365HomePremRetail – en-us) (Version: 16.0.14527.20276 – Microsoft Corporation)
Microsoft 365 Apps for enterprise – en-us (HKLM…O365ProPlusRetail – en-us) (Version: 16.0.14527.20276 – Microsoft Corporation)
Microsoft Edge (HKLM-x32…Microsoft Edge) (Version: 96.0.1054.34 – Microsoft Corporation)
Microsoft Edge WebView2 Runtime (HKLM-x32…Microsoft EdgeWebView) (Version: 96.0.1054.34 – Microsoft Corporation)
Microsoft OneDrive (HKUS-1-5-21-458231350-2704687506-1668943915-1001…OneDriveSetup.exe) (Version: 21.220.1024.0005 – Microsoft Corporation)
Microsoft Project – en-us (HKLM…ProjectProRetail – en-us) (Version: 16.0.14527.20276 – Microsoft Corporation)
Microsoft Teams (HKUS-1-5-21-458231350-2704687506-1668943915-1001…Teams) (Version: 1.2.00.34161 – Microsoft Corporation)
Microsoft Update Health Tools (HKLM…{29B15818-E79F-4AB0-8938-9410C807AD76}) (Version: 2.84.0.0 – Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable – x64 9.0.30729.17 (HKLM…{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 – Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable – x86 9.0.30729.17 (HKLM-x32…{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 – Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable – x86 9.0.30729.4148 (HKLM-x32…{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 – Microsoft Corporation)
Microsoft Visual C++ 2010 x64 Redistributable – 10.0.40219 (HKLM…{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 – Microsoft Corporation)
Microsoft Visual C++ 2010 x86 Redistributable – 10.0.40219 (HKLM-x32…{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 – Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x64) – 11.0.61030 (HKLM-x32…{ca67548a-5ebe-413a-b50c-4b9ceb6d66c6}) (Version: 11.0.61030.0 – Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x86) – 11.0.61030 (HKLM-x32…{33d1fd90-4274-48a1-9bc1-97e33d9c2d6f}) (Version: 11.0.61030.0 – Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x64) – 12.0.21005 (HKLM-x32…{7f51bdb9-ee21-49ee-94d6-90afc321780e}) (Version: 12.0.21005.1 – Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x64) – 12.0.30501 (HKLM-x32…{050d4fc8-5d48-4b8f-8972-47c82c46020f}) (Version: 12.0.30501.0 – Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x64) – 12.0.40664 (HKLM-x32…{042d26ef-3dbe-4c25-95d3-4c1b11b235a7}) (Version: 12.0.40664.0 – Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x86) – 12.0.21005 (HKLM-x32…{ce085a78-074e-4823-8dc1-8a721b94b76d}) (Version: 12.0.21005.1 – Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x86) – 12.0.30501 (HKLM-x32…{f65db027-aff3-4070-886a-0d87064aabb1}) (Version: 12.0.30501.0 – Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x86) – 12.0.40664 (HKLM-x32…{9dff3540-fc85-4ed5-ac84-9e3c7fd8bece}) (Version: 12.0.40664.0 – Microsoft Corporation)
Microsoft Visual C++ 2015-2019 Redistributable (x86) – 14.23.27820 (HKLM-x32…{45231ab4-69fd-486a-859d-7a59fcd11013}) (Version: 14.23.27820.0 – Microsoft Corporation)
Microsoft Visual C++ 2015-2019 Redistributable (x86) – 14.24.28127 (HKLM-x32…{e31cb1a4-76b5-46a5-a084-3fa419e82201}) (Version: 14.24.28127.4 – Microsoft Corporation)
Microsoft Visual C++ 2015-2022 Redistributable (x64) – 14.30.30704 (HKLM-x32…{57a73df6-4ba9-4c1d-bbbb-517289ff6c13}) (Version: 14.30.30704.0 – Microsoft Corporation)
Microsoft Visual Studio Code (User) (HKUS-1-5-21-458231350-2704687506-1668943915-1001…{771FD6B0-FA20-440A-A002-3B3BAC16DC50}_is1) (Version: 1.61.1 – Microsoft Corporation)
Microsoft Visual Studio Tools for Applications 2017 (HKLM-x32…{5a7dc0ad-cdb2-43b5-8b82-f81065fe6092}) (Version: 15.0.26717 – Microsoft Corporation)
Microsoft XNA Framework Redistributable 4.0 Refresh (HKLM-x32…{D69C8EDE-BBC5-436B-8E0E-C5A6D311CF4F}) (Version: 4.0.30901.0 – Microsoft Corporation)
MSXML 4.0 SP2 Parser and SDK (HKLM-x32…{716E0306-8318-4364-8B8F-0CC4E9376BAC}) (Version: 4.20.9818.0 – Microsoft Corporation)
Mullvad VPN 2021.6.0 (HKLM…2A356FD4-03B7-4F45-99B4-737BE580DC82) (Version: 2021.6.0 – Mullvad VPN)
Notepad++ (64-bit x64) (HKLM…Notepad++) (Version: 7.9.5 – Notepad++ Team)
Office 16 Click-to-Run Extensibility Component (HKLM-x32…{90160000-008C-0000-0000-0000000FF1CE}) (Version: 16.0.14527.20276 – Microsoft Corporation) Hidden
Office 16 Click-to-Run Extensibility Component 64-bit Registration (HKLM…{90160000-00DD-0000-1000-0000000FF1CE}) (Version: 16.0.14527.20234 – Microsoft Corporation) Hidden
Office 16 Click-to-Run Licensing Component (HKLM…{90160000-008F-0000-1000-0000000FF1CE}) (Version: 16.0.14527.20276 – Microsoft Corporation) Hidden
Office 16 Click-to-Run Localization Component (HKLM-x32…{90160000-008C-0409-0000-0000000FF1CE}) (Version: 16.0.14131.20278 – Microsoft Corporation) Hidden
qBittorrent 4.3.8 (HKLM-x32…qBittorrent) (Version: 4.3.8 – The qBittorrent project)
REACHit (HKLM-x32…{4532E4C5-C84D-4040-A044-ECFCC5C6995B}) (Version: 2.5.005.12 – Lenovo)
Realtek High Definition Audio Driver (HKLM-x32…{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.7699 – Realtek Semiconductor Corp.)
Signal 5.1.0 (HKUS-1-5-21-458231350-2704687506-1668943915-1001…7d96caee-06e6-597c-9f2f-c7bb2e0948b4) (Version: 5.1.0 – Open Whisper Systems)
Synaptics Pointing Device Driver (HKLM…SynTPDeinstKey) (Version: 19.0.17.64 – Synaptics Incorporated)
Teams Machine-Wide Installer (HKLM-x32…{39AF0813-FA7B-4860-ADBE-93B9B214B914}) (Version: 1.2.0.34161 – Microsoft Corporation)
TechSmith Capture (HKUS-1-5-21-458231350-2704687506-1668943915-1001…RelayRecorder) (Version: 2.0.6 – TechSmith Corporation)
UE4 Prerequisites (x64) (HKLM…{D7B591D8-1091-4A00-A0B3-5301C45E5D51}) (Version: 1.0.14.0 – Epic Games, Inc.) Hidden
UE4 Prerequisites (x64) (HKLM-x32…{0d995f46-317b-4b5f-bf3e-9f98bae9d339}) (Version: 1.0.14.0 – Epic Games, Inc.) Hidden
User Manuals (HKLM-x32…{7042D952-EE42-4C09-A23D-E7AE4D047007}) (Version: 6.0.0.0 – Lenovo) Hidden
User Manuals (HKLM-x32…InstallShield_{7042D952-EE42-4C09-A23D-E7AE4D047007}) (Version: 6.0.0.0 – Lenovo)
Viber (HKLM-x32…{F63D69B6-ADC2-4703-A907-21339BC4B737}) (Version: 12.5.0.50 – Viber Media S.a.r.l) Hidden
Viber (HKUS-1-5-21-458231350-2704687506-1668943915-1001…{bb10069d-30f8-4e3b-829d-e11aadee1863}) (Version: 12.5.0.50 – 2010-2020 Viber Media S.a.r.l)
VLC media player (HKLM…VLC media player) (Version: 3.0.16 – VideoLAN)
WhatsApp (HKUS-1-5-21-458231350-2704687506-1668943915-1001…WhatsApp) (Version: 0.2.8505 – WhatsApp)
Windows PC Health Check (HKLM…{B1E7D0FD-7CFE-4E0C-A5DA-0F676499DB91}) (Version: 3.2.2110.14001 – Microsoft Corporation)
Packages:
=========
Adblock Plus -> C:Program FilesWindowsAppsEyeoGmbH.AdblockPlus_0.9.19.0_neutral__d55gg7py3s0m0 [2021-03-10] (eyeo GmbH)
HP Smart -> C:Program FilesWindowsAppsAD2F1837.HPPrinterControl_132.4.265.0_x64__v10z8vjag6ke6 [2021-11-30] (HP Inc.)
Lenovo Account Portal -> C:Program FilesWindowsAppsLenovoCorporation.LenovoID_2.0.37.0_x86__4642shxvsv8s2 [2017-04-25] (LENOVO INCORPORATED.)
Lenovo Settings -> C:Program FilesWindowsAppsLenovoCorporation.LenovoSettings_3.177.0.0_x86__4642shxvsv8s2 [2021-11-01] (LENOVO INCORPORATED.)
Lenovo Vantage -> C:Program FilesWindowsAppsE046963F.LenovoCompanion_10.2110.17.0_x64__k1h2ywk1493x8 [2021-11-17] (LENOVO INC.)
Microsoft Advertising SDK for XAML -> C:Program FilesWindowsAppsMicrosoft.Advertising.Xaml_10.1808.3.0_x64__8wekyb3d8bbwe [2021-03-10] (Microsoft Corporation) [MS Ad]
Microsoft Advertising SDK for XAML -> C:Program FilesWindowsAppsMicrosoft.Advertising.Xaml_10.1811.1.0_x64__8wekyb3d8bbwe [2019-02-12] (Microsoft Corporation) [MS Ad]
Microsoft Advertising SDK for XAML -> C:Program FilesWindowsAppsMicrosoft.Advertising.Xaml_10.1811.1.0_x86__8wekyb3d8bbwe [2019-02-12] (Microsoft Corporation) [MS Ad]
Microsoft Solitaire Collection -> C:Program FilesWindowsAppsMicrosoft.MicrosoftSolitaireCollection_4.10.10270.0_x64__8wekyb3d8bbwe [2021-11-01] (Microsoft Studios) [MS Ad]
Paket za lokalni interfejs za srpski -> C:Program FilesWindowsAppsMicrosoft.LanguageExperiencePacksr-Latn-RS_19041.27.86.0_neutral__8wekyb3d8bbwe [2021-10-16] (Microsoft Corporation)
Photos Add-on -> C:Program FilesWindowsAppsMicrosoft.Windows.Photos.DLC.Main_2021.39122.10110.0_x64__8wekyb3d8bbwe [2021-03-14] (Microsoft Corporation)
Photos Media Engine Add-on -> C:Program FilesWindowsAppsMicrosoft.Photos.MediaEngineDLC_1.0.0.0_x64__8wekyb3d8bbwe [2019-09-13] (Microsoft Corporation)
Reader Notification Client -> C:Program FilesWindowsAppsReaderNotificationClient_1.0.4.0_x86__e1rzdqpraam7r [2021-03-10] (Adobe Systems Incorporated)
Samsung Printer Experience -> C:Program FilesWindowsAppsSAMSUNGELECTRONICSCO.LTD.SamsungPrinterExperience_1.3.15.0_x64__3c1yjt4zspk6g [2017-02-16] (Samsung Electronics Co. Ltd.)
WinOpener -> C:Program FilesWindowsAppsDeviceDoctor.WinOpener_2.1.32.0_x64__mkdtfchztkfbm [2021-11-01] (Tiny Opener)
Xbox One SmartGlass -> C:Program FilesWindowsAppsMicrosoft.XboxOneSmartGlass_2.2.1702.2004_x64__8wekyb3d8bbwe [2018-10-27] (Microsoft Corporation)
==================== Custom CLSID (Whitelisted): ==============
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
CustomCLSID: HKUS-1-5-21-458231350-2704687506-1668943915-1001_ClassesCLSID{018D5C66-4533-4307-9B53-224DE2ED1FE6} -> [OneDrive – Personal] => {a52bba46-e9e1-435f-b3d9-28daa648c0f6}
CustomCLSID: HKUS-1-5-21-458231350-2704687506-1668943915-1001_ClassesCLSID{041F9391-C79D-44EE-AA4E-AF4E029C4B47}InprocServer32 -> C:UsersmilosAppDataLocalGoogleUpdate1.3.36.112psuser_64.dll (Google LLC -> Google LLC)
CustomCLSID: HKUS-1-5-21-458231350-2704687506-1668943915-1001_ClassesCLSID{19A6E644-14E6-4A60-B8D7-DD20610A871D}InprocServer32 -> C:UsersmilosAppDataLocalMicrosoftTeamsMeetingAddin1.0.19317.2x64Microsoft.Teams.AddinLoader.dll (Microsoft Corporation -> Microsoft Corporation)
CustomCLSID: HKUS-1-5-21-458231350-2704687506-1668943915-1001_ClassesCLSID{220d4c62-e55b-4ba8-8a2a-4893f134b062}localserver32 -> C:Program FilesCold TurkeyCold Turkey Blocker.exe (Cold Turkey Software, Inc. -> Cold Turkey Software Inc.)
CustomCLSID: HKUS-1-5-21-458231350-2704687506-1668943915-1001_ClassesCLSID{2F81B25E-7507-4844-BFF2-77D2CC24CED4}localserver32 -> “C:Program FilesAdobeAdobe Creative CloudACCCreative Cloud.exe” -ToastActivated => No File
CustomCLSID: HKUS-1-5-21-458231350-2704687506-1668943915-1001_ClassesCLSID{85D8EE2F-794F-41F0-BB03-49D56A23BEF4}InprocServer32 -> C:UsersmilosAppDataLocalGoogleUpdate1.3.36.112psuser_64.dll (Google LLC -> Google LLC)
CustomCLSID: HKUS-1-5-21-458231350-2704687506-1668943915-1001_ClassesCLSID{8B480070-D37D-4090-A063-7A429F849652}InprocServer32 -> C:UsersmilosAppDataLocalGoogleUpdate1.3.36.92psuser_64.dll => No File
CustomCLSID: HKUS-1-5-21-458231350-2704687506-1668943915-1001_ClassesCLSID{BE5C2E39-090F-46A2-AFAA-47540743B4FE}InprocServer32 -> C:UsersmilosAppDataLocalGoogleUpdate1.3.36.102psuser_64.dll => No File
CustomCLSID: HKUS-1-5-21-458231350-2704687506-1668943915-1001_ClassesCLSID{CA8FA699-91CD-412F-9D13-9B1222F4370E}InprocServer32 -> C:UsersmilosAppDataLocalGoogleUpdate1.3.36.83psuser_64.dll => No File
CustomCLSID: HKUS-1-5-21-458231350-2704687506-1668943915-1001_ClassesCLSID{CB965DF1-B8EA-49C7-BDAD-5457FDC1BF92}InprocServer32 -> C:UsersmilosAppDataLocalMicrosoftTeamsMeetingAddin1.0.19317.2x64Microsoft.Teams.AddinLoader.dll (Microsoft Corporation -> Microsoft Corporation)
CustomCLSID: HKUS-1-5-21-458231350-2704687506-1668943915-1001_ClassesCLSID{DEDF773D-E27B-485E-8E7D-85C5B0EB5A67}InprocServer32 -> C:UsersmilosAppDataLocalGoogleUpdate1.3.36.72psuser_64.dll => No File
CustomCLSID: HKUS-1-5-21-458231350-2704687506-1668943915-1001_ClassesCLSID{E8CF3E55-F919-49D9-ABC0-948E6CB34B9F}InprocServer32 -> C:UsersmilosAppDataLocalGoogleUpdate1.3.36.112psuser_64.dll (Google LLC -> Google LLC)
ShellIconOverlayIdentifiers: [ MEGA (Pending)] -> {056D528D-CE28-4194-9BA3-BA2E9197FF8C} => C:UsersmilosAppDataLocalMEGAsyncShellExtX64.dll -> No File
ShellIconOverlayIdentifiers: [ MEGA (Synced)] -> {05B38830-F4E9-4329-978B-1DD28605D202} => C:UsersmilosAppDataLocalMEGAsyncShellExtX64.dll -> No File
ShellIconOverlayIdentifiers: [ MEGA (Syncing)] -> {0596C850-7BDD-4C9D-AFDF-873BE6890637} => C:UsersmilosAppDataLocalMEGAsyncShellExtX64.dll -> No File
ShellIconOverlayIdentifiers-x32: [ MEGA (Pending)] -> {056D528D-CE28-4194-9BA3-BA2E9197FF8C} => C:UsersmilosAppDataLocalMEGAsyncShellExtX64.dll -> No File
ShellIconOverlayIdentifiers-x32: [ MEGA (Synced)] -> {05B38830-F4E9-4329-978B-1DD28605D202} => C:UsersmilosAppDataLocalMEGAsyncShellExtX64.dll -> No File
ShellIconOverlayIdentifiers-x32: [ MEGA (Syncing)] -> {0596C850-7BDD-4C9D-AFDF-873BE6890637} => C:UsersmilosAppDataLocalMEGAsyncShellExtX64.dll -> No File
ContextMenuHandlers1: [7-Zip] -> {23170F69-40C1-278A-1000-000100020000} => C:Program Files7-Zip7-zip.dll [2019-02-21] (Igor Pavlov) [File not signed]
ContextMenuHandlers1: [ANotepad++64] -> {B298D29A-A6ED-11DE-BA8C-A68E55D89593} => C:Program FilesNotepad++NppShell_06.dll [2021-03-22] (Notepad++ -> )
ContextMenuHandlers1: [Eraser] -> {BC9B776A-90D7-4476-A791-79D835F30650} => C:Program FilesEraserEraser.Shell.dll [2021-02-12] (Heidi Computers Ltd -> The Eraser Project)
ContextMenuHandlers1: [MEGA (Context menu)] -> {0229E5E7-09E9-45CF-9228-0228EC7D5F17} => C:UsersmilosAppDataLocalMEGAsyncShellExtX64.dll -> No File
ContextMenuHandlers2: [Eraser] -> {BC9B776A-90D7-4476-A791-79D835F30650} => C:Program FilesEraserEraser.Shell.dll [2021-02-12] (Heidi Computers Ltd -> The Eraser Project)
ContextMenuHandlers2: [MEGA (Context menu)] -> {0229E5E7-09E9-45CF-9228-0228EC7D5F17} => C:UsersmilosAppDataLocalMEGAsyncShellExtX64.dll -> No File
ContextMenuHandlers3: [MBAMShlExt] -> {57CE581A-0CB6-4266-9CA0-19364C90A0B3} => C:Program FilesMalwarebytesAnti-Malwarembshlext.dll [2019-12-09] (Malwarebytes Corporation -> Malwarebytes)
ContextMenuHandlers3: [MEGA (Context menu)] -> {0229E5E7-09E9-45CF-9228-0228EC7D5F17} => C:UsersmilosAppDataLocalMEGAsyncShellExtX64.dll -> No File
ContextMenuHandlers4: [7-Zip] -> {23170F69-40C1-278A-1000-000100020000} => C:Program Files7-Zip7-zip.dll [2019-02-21] (Igor Pavlov) [File not signed]
ContextMenuHandlers4: [Eraser] -> {BC9B776A-90D7-4476-A791-79D835F30650} => C:Program FilesEraserEraser.Shell.dll [2021-02-12] (Heidi Computers Ltd -> The Eraser Project)
ContextMenuHandlers4: [MEGA (Context menu)] -> {0229E5E7-09E9-45CF-9228-0228EC7D5F17} => C:UsersmilosAppDataLocalMEGAsyncShellExtX64.dll -> No File
ContextMenuHandlers5: [Eraser] -> {BC9B776A-90D7-4476-A791-79D835F30650} => C:Program FilesEraserEraser.Shell.dll [2021-02-12] (Heidi Computers Ltd -> The Eraser Project)
ContextMenuHandlers5: [igfxcui] -> {3AB1675A-CCFF-11D2-8B20-00A0C93CB1F4} => -> No File
ContextMenuHandlers5: [igfxDTCM] -> {9B5F5829-A529-4B12-814A-E81BCB8D93FC} => C:WINDOWSsystem32igfxDTCM.dll [2016-04-14] (Microsoft Windows Hardware Compatibility Publisher -> Intel Corporation)
ContextMenuHandlers6: [7-Zip] -> {23170F69-40C1-278A-1000-000100020000} => C:Program Files7-Zip7-zip.dll [2019-02-21] (Igor Pavlov) [File not signed]
ContextMenuHandlers6: [Eraser] -> {BC9B776A-90D7-4476-A791-79D835F30650} => C:Program FilesEraserEraser.Shell.dll [2021-02-12] (Heidi Computers Ltd -> The Eraser Project)
ContextMenuHandlers6: [MBAMShlExt] -> {57CE581A-0CB6-4266-9CA0-19364C90A0B3} => C:Program FilesMalwarebytesAnti-Malwarembshlext.dll [2019-12-09] (Malwarebytes Corporation -> Malwarebytes)
==================== Codecs (Whitelisted) ====================
==================== Shortcuts & WMI ========================
(The entries could be listed to be restored or removed.)
ShortcutWithArgument: C:UsersmilosAppDataRoamingMicrosoftInternet ExplorerQuick LaunchUser PinnedImplicitAppShortcuts54e4c98ff3d2e220Bitwarden – Free Password Manager.lnk -> C:Program Files (x86)GoogleChromeApplicationchrome_proxy.exe (Google LLC) -> –profile-directory=Default –app-id=nngceckbapebfimnlniiiahkandclblb
==================== Loaded Modules (Whitelisted) =============
2021-11-25 18:30 – 2021-11-17 09:37 – 002698752 _____ () [File not signed] C:Program FilesMullvad VPNffmpeg.dll
2021-11-25 18:30 – 2021-11-17 09:37 – 000441856 _____ () [File not signed] C:Program FilesMullvad VPNlibegl.dll
2021-11-25 18:30 – 2021-11-17 09:37 – 007825920 _____ () [File not signed] C:Program FilesMullvad VPNlibglesv2.dll
2016-08-26 00:18 – 2012-09-26 21:02 – 000004608 _____ (CANON INC.) [File not signed] C:Program FilesCanonCanon MF Network Scan UtilityCNMFSUR6.DLL
2017-11-06 22:00 – 2016-02-10 21:33 – 000153088 _____ (CANON INC.) [File not signed] C:WINDOWSSystem32CNCENPM6.dll
2016-08-16 11:08 – 2016-08-16 11:08 – 000000000 ____L (Microsoft Corporation) [simlink -> C:Program FilesCommon FilesMicrosoft SharedClickToRunAppvIsvSubsystems32.dll] C:Program Files (x86)Microsoft OfficerootOffice16AppVIsvSubsystems32.dll
2016-08-16 11:08 – 2016-08-16 11:08 – 000000000 ____L (Microsoft Corporation) [simlink -> C:Program FilesCommon FilesMicrosoft SharedClickToRunC2R32.dll] C:Program Files (x86)Microsoft OfficerootOffice16c2r32.dll
2021-11-08 21:57 – 2017-11-01 21:58 – 001246208 _____ (Robert Simpson, et al.) [File not signed] [File is in use] C:Program FilesCold Turkeyx86SQLite.Interop.dll
2021-11-08 21:57 – 2017-11-01 21:58 – 001537024 _____ (Robert Simpson, et al.) [File not signed] C:Program FilesCold Turkeyx64SQLite.Interop.dll
2020-05-30 23:04 – 2020-05-30 23:04 – 001638912 _____ (Robert Simpson, et al.) [File not signed] C:ProgramDataLenovoVantageAddinsGenericTelemetryAddin1.0.0.34x64SQLite.Interop.dll
2021-06-02 17:23 – 2020-11-03 12:08 – 000954864 _____ (SQLite Development Team) [File not signed] C:ProgramDataLenovoiMControllerPluginsLenovoWiFiSecurityPluginx86x86e_sqlite3.dll
==================== Alternate Data Streams (Whitelisted) ========
==================== Safe Mode (Whitelisted) ==================
(If an entry is included in the fixlist, it will be removed from the registry. The “AlternateShell” will be restored.)
HKLMSYSTEMCurrentControlSetControlSafeBootMinimalMBAMService => “”=”Service”
HKLMSYSTEMCurrentControlSetControlSafeBootNetworkMBAMService => “”=”Service”
==================== Association (Whitelisted) =================
==================== Internet Explorer (Whitelisted) ==========
HKLMSoftwareMicrosoftInternet ExplorerMain,Search Page =
HKLMSoftwareWow6432NodeMicrosoftInternet ExplorerMain,Search Page =
HKLMSoftwareMicrosoftInternet ExplorerMain,Default_Page_URL =
HKLMSoftwareWow6432NodeMicrosoftInternet ExplorerMain,Default_Page_URL =
HKLMSoftwareMicrosoftInternet ExplorerMain,Default_Search_URL =
HKLMSoftwareWow6432NodeMicrosoftInternet ExplorerMain,Default_Search_URL =
HKLMSoftwareMicrosoftInternet ExplorerMain,Local Page =
HKLMSoftwareWow6432NodeMicrosoftInternet ExplorerMain,Local Page =
HKUS-1-5-21-458231350-2704687506-1668943915-1001SoftwareMicrosoftInternet ExplorerMain,Start Page = hxxp://samsung.msn.com/
HKUS-1-5-21-458231350-2704687506-1668943915-1001SoftwareMicrosoftInternet ExplorerMain,Default_Page_URL = hxxp://lenovo15.msn.com/?pc=LCTE
HKUS-1-5-21-458231350-2704687506-1668943915-1001SoftwareMicrosoftInternet ExplorerMain,Secondary Start Pages = hxxp://mystart.lenovo.com
SearchScopes: HKLM -> DefaultScope {76193574-6D82-493A-8A97-2CEF62F3ECAF} URL = hxxp://www.bing.com/search?q={searchTerms}&form=PRLNC1&src=IE11TR&pc=LCTE
SearchScopes: HKLM -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
SearchScopes: HKLM -> {76193574-6D82-493A-8A97-2CEF62F3ECAF} URL = hxxp://www.bing.com/search?q={searchTerms}&form=PRLNC1&src=IE11TR&pc=LCTE
SearchScopes: HKLM-x32 -> DefaultScope {76193574-6D82-493A-8A97-2CEF62F3ECAF} URL = hxxp://www.bing.com/search?q={searchTerms}&form=PRLNC1&src=IE11TR&pc=LCTE
SearchScopes: HKLM-x32 -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
SearchScopes: HKLM-x32 -> {76193574-6D82-493A-8A97-2CEF62F3ECAF} URL = hxxp://www.bing.com/search?q={searchTerms}&form=PRLNC1&src=IE11TR&pc=LCTE
SearchScopes: HKUS-1-5-21-458231350-2704687506-1668943915-1001 -> DefaultScope {76193574-6D82-493A-8A97-2CEF62F3ECAF} URL =
SearchScopes: HKUS-1-5-21-458231350-2704687506-1668943915-1001 -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxp://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IESR02
SearchScopes: HKUS-1-5-21-458231350-2704687506-1668943915-1001 -> {76193574-6D82-493A-8A97-2CEF62F3ECAF} URL =
BHO: Skype for Business Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:Program Files (x86)Microsoft OfficerootVFSProgramFilesX64Microsoft OfficeOffice16OCHelper.dll [2021-11-01] (Microsoft Corporation -> Microsoft Corporation)
BHO-x32: Skype for Business Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:Program Files (x86)Microsoft OfficerootOffice16OCHelper.dll [2021-11-01] (Microsoft Corporation -> Microsoft Corporation)
Handler-x32: mso-minsb-roaming.16 – {83C25742-A9F7-49FB-9138-434302C88D07} – C:Program Files (x86)Microsoft OfficerootOffice16MSOSB.DLL [2021-11-01] (Microsoft Corporation -> Microsoft Corporation)
Handler-x32: mso-minsb.16 – {42089D2D-912D-4018-9087-2B87803E93FB} – C:Program Files (x86)Microsoft OfficerootOffice16MSOSB.DLL [2021-11-01] (Microsoft Corporation -> Microsoft Corporation)
Handler-x32: osf-roaming.16 – {42089D2D-912D-4018-9087-2B87803E93FB} – C:Program Files (x86)Microsoft OfficerootOffice16MSOSB.DLL [2021-11-01] (Microsoft Corporation -> Microsoft Corporation)
Handler-x32: osf.16 – {5504BE45-A83B-4808-900A-3A5C36E7F77A} – C:Program Files (x86)Microsoft OfficerootOffice16MSOSB.DLL [2021-11-01] (Microsoft Corporation -> Microsoft Corporation)
(If an entry is included in the fixlist, it will be removed from the registry.)
IE trusted site: HKUS-1-5-21-458231350-2704687506-1668943915-1001…hola.org -> hxxp://hola.org
IE trusted site: HKUS-1-5-21-458231350-2704687506-1668943915-1001…localhost -> localhost
IE trusted site: HKUS-1-5-21-458231350-2704687506-1668943915-1001…sharepoint.com -> hxxps://uofc-files.sharepoint.com
IE trusted site: HKUS-1-5-21-458231350-2704687506-1668943915-1001…webcompanion.com -> hxxp://webcompanion.com
==================== Hosts content: =========================
(If needed Hosts: directive could be included in the fixlist to reset Hosts.)
2015-10-30 08:24 – 2021-04-14 04:28 – 000000872 _____ C:WINDOWSsystem32driversetchosts
216.239.38.120 www.google.com #forcesafesearch
2021-02-09 22:40 – 2021-02-10 00:40 – 000000498 _____ C:WINDOWSsystem32driversetchosts.ics
192.168.137.140 Milos2.mshome.net # 2021 2 2 16 23 40 53 183
192.168.137.1 MilosYoga.mshome.net # 2026 2 0 8 23 40 53 183
==================== Other Areas ===========================
(Currently there is no automatic fix for this section.)
HKLMSystemCurrentControlSetControlSession ManagerEnvironment\Path -> C:Program FilesBroadcomBroadcom 802.11 Network Adapter;%SystemRoot%system32;%SystemRoot%;%SystemRoot%System32Wbem;%SYSTEMROOT%System32WindowsPowerShellv1.0;C:Program FilesLenovoBluetooth Software;C:Program FilesLenovoBluetooth Softwaresyswow64;%SYSTEMROOT%System32OpenSSH;C:Program FilesGitcmd;C:Program FilesCalibre2;C:Program FilesMullvad VPNresources
HKUS-1-5-21-458231350-2704687506-1668943915-1001Control PanelDesktop\Wallpaper ->
DNS Servers: 192.168.50.1
HKLMSOFTWAREMicrosoftWindowsCurrentVersionPoliciesSystem => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1)
HKLMSOFTWAREMicrosoftWindowsCurrentVersionExplorer => (SmartScreenEnabled: RequireAdmin)
Windows Firewall is enabled.
==================== MSCONFIG/TASK MANAGER disabled items ==
(If an entry is included in the fixlist, it will be removed.)
HKUS-1-5-21-458231350-2704687506-1668943915-1001…StartupApprovedRun: => “com.squirrel.Teams.Teams”
HKUS-1-5-21-458231350-2704687506-1668943915-1001…StartupApprovedRun: => “com.squirrel.Smallpdf.Smallpdf”
==================== FirewallRules (Whitelisted) ================
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
FirewallRules: [UDP Query User{9AB67A26-D61F-4888-987E-7B0E7994CAE9}C:program files (x86)ostotosoftdrivertalentdrivertalent.exe] => (Allow) C:program files (x86)ostotosoftdrivertalentdrivertalent.exe => No File
FirewallRules: [TCP Query User{D9EB4A07-663B-4AB1-BE19-B5274A3A8F36}C:program files (x86)ostotosoftdrivertalentdrivertalent.exe] => (Allow) C:program files (x86)ostotosoftdrivertalentdrivertalent.exe => No File
FirewallRules: [{1DE7BEF6-6018-40CD-961F-6AB3A5DFC986}] => (Allow) C:Program Files (x86)LenovoLenovo Photo MastersubsysAdvPhotoEditorPhotoDirector5.exe (CyberLink Corp. -> CyberLink Corp.)
FirewallRules: [{C362B07E-9D40-4386-8D8A-7557D6215621}] => (Allow) C:Program Files (x86)LenovoLenovo Photo MasterPhotoPlus.exe => No File
FirewallRules: [{EE4F0617-106F-40EA-93CF-9B5C1416FD51}] => (Allow) C:Program Files (x86)LenovoConnect2Connect2.exe (Lenovo -> Lenovo)
FirewallRules: [{37235502-B8AF-4993-8C3D-48AED56F6A82}] => (Allow) C:Program Files (x86)LenovoConnect2Connect2.exe (Lenovo -> Lenovo)
FirewallRules: [{EA5EC6E1-4128-4C2F-846B-5519FE9A0F0E}] => (Allow) C:Program Files (x86)LenovoConnect2Connect2.exe (Lenovo -> Lenovo)
FirewallRules: [{D9C6C132-2C20-4C65-851D-040691F8874E}] => (Allow) C:Program FilesMozilla Firefoxfirefox.exe => No File
FirewallRules: [{CE8DEE97-7B35-4DCD-906D-5F959A44008A}] => (Allow) C:Program Files (x86)SteamSteam.exe => No File
FirewallRules: [{53C36396-1DE0-4C0D-8094-6998161DFE1D}] => (Allow) C:Program Files (x86)SteamSteam.exe => No File
FirewallRules: [{1AB38BBD-68FC-40CE-A4B1-FD48A05D9B3B}] => (Allow) C:Program Files (x86)Steambincefcef.win7steamwebhelper.exe => No File
FirewallRules: [{911E86FA-98F2-4538-9171-1E3D0A3DB3C1}] => (Allow) C:Program Files (x86)Steambincefcef.win7steamwebhelper.exe => No File
FirewallRules: [{3CF743DC-C073-475D-9EA2-2CD6925F0F48}] => (Allow) C:Program Files (x86)SteamsteamappscommonMirrorgame.exe => No File
FirewallRules: [{C93BF56B-F0EC-4D56-B683-40809920E00C}] => (Allow) C:Program Files (x86)SteamsteamappscommonMirrorgame.exe => No File
FirewallRules: [{1CF0B98E-2782-4DDE-89F7-076D8C24BC9D}] => (Allow) C:Program Files (x86)SteamsteamappscommonBaba Is YouBaba Is You.exe => No File
FirewallRules: [{5C35F010-8FDB-4B03-9D99-AB01BBA00D2A}] => (Allow) C:Program Files (x86)SteamsteamappscommonBaba Is YouBaba Is You.exe => No File
FirewallRules: [{4161D28C-2E4D-421F-9DC9-F5EB2979F866}] => (Allow) C:Program Files (x86)SteamsteamappscommonUndertaleUNDERTALE.exe => No File
FirewallRules: [{7397B2E3-8562-4560-B06E-D6B88D7A1AAA}] => (Allow) C:Program Files (x86)SteamsteamappscommonUndertaleUNDERTALE.exe => No File
FirewallRules: [{F2CF8520-9B06-4CB4-BCD4-D096E3F28095}] => (Allow) C:Program Files (x86)SteamsteamappscommonWest of LoathingWest of Loathing.exe => No File
FirewallRules: [{36EE5FB2-6BE4-428F-9F49-291508713F9D}] => (Allow) C:Program Files (x86)SteamsteamappscommonWest of LoathingWest of Loathing.exe => No File
FirewallRules: [{A7CE1A55-D5E0-4702-9172-E5E93E7AAB88}] => (Allow) C:Program Files (x86)SteamsteamappscommonStardew ValleyStardew Valley.exe => No File
FirewallRules: [{279F6DFC-6C79-4719-A503-32D58923F172}] => (Allow) C:Program Files (x86)SteamsteamappscommonStardew ValleyStardew Valley.exe => No File
FirewallRules: [{8BE4AF0F-66D9-406C-AC39-127DF33F0C2C}] => (Allow) C:Program Files (x86)SteamsteamappscommonBastionBastion.exe => No File
FirewallRules: [{56103204-BB3C-4C07-82CB-D57CF47076DF}] => (Allow) C:Program Files (x86)SteamsteamappscommonBastionBastion.exe => No File
FirewallRules: [{CE5A19E8-01F2-49B5-B233-D1C5A02F51AA}] => (Allow) C:Program Files (x86)SteamsteamappscommonFTL Faster Than LightFTLGame.exe => No File
FirewallRules: [{AC131A7B-B0D0-46E7-A730-36A7A50CC2E1}] => (Allow) C:Program Files (x86)SteamsteamappscommonFTL Faster Than LightFTLGame.exe => No File
FirewallRules: [{A93C567A-9C2C-4792-BC2A-F25C07B87967}] => (Allow) C:Program Files (x86)SteamsteamappscommonTricolour LovestoryTricolourLovestory_chs.exe => No File
FirewallRules: [{5B9EE1A9-D74E-4723-B603-A890821729B9}] => (Allow) C:Program Files (x86)SteamsteamappscommonTricolour LovestoryTricolourLovestory_chs.exe => No File
FirewallRules: [{3EB58CD1-A757-4F28-8E67-5927F0017837}] => (Allow) C:Program Files (x86)SteamsteamappscommonTricolour LovestoryTricolourLovestory_en.exe => No File
FirewallRules: [{4AF5ABE5-033A-474A-9618-878E8C665311}] => (Allow) C:Program Files (x86)SteamsteamappscommonTricolour LovestoryTricolourLovestory_en.exe => No File
FirewallRules: [{A2EC642B-B2B3-40D4-80AC-A094D6F6CBE3}] => (Allow) C:Program Files (x86)Steambincefcef.win7x64steamwebhelper.exe => No File
FirewallRules: [{8E5F5A9D-1AC5-4CE8-871E-ADDC3E07B67B}] => (Allow) C:Program Files (x86)Steambincefcef.win7x64steamwebhelper.exe => No File
FirewallRules: [{519AC4FD-6974-49FD-A2FC-13D5E01E1836}] => (Allow) C:Program Files (x86)Microsoft OfficerootOffice16Lync.exe (Microsoft Corporation -> Microsoft Corporation)
FirewallRules: [{2CCB0A02-E0FB-4904-977C-D074244BA6E4}] => (Allow) C:Program Files (x86)Microsoft OfficerootOffice16UcMapi.exe (Microsoft Corporation -> Microsoft Corporation)
FirewallRules: [{D5BA78CF-E686-4F7D-B90F-B6EAA3CF93E0}] => (Allow) C:UsersmilosAppDataRoamingZoombinZoom.exe => No File
FirewallRules: [{D7171810-8860-43AC-978F-2BAC599C21EC}] => (Allow) C:UsersmilosAppDataRoamingZoombinairhost.exe => No File
FirewallRules: [{C1528E9D-4778-4470-839E-05C5042FE7B5}] => (Allow) C:Program Files (x86)Microsoft OfficerootOffice16Lync.exe (Microsoft Corporation -> Microsoft Corporation)
FirewallRules: [{8C3B5C7B-F971-43BD-9F9C-200E51C7B8FF}] => (Allow) C:Program Files (x86)Microsoft OfficerootOffice16UcMapi.exe (Microsoft Corporation -> Microsoft Corporation)
FirewallRules: [{8DAF2225-5945-4A4E-A3D8-1AE95CC481C8}] => (Allow) C:Program Files (x86)SteamsteamappscommonAmong UsAmong Us.exe => No File
FirewallRules: [{487AC1A6-B22D-46E9-90BC-6A1719EBBD72}] => (Allow) C:Program Files (x86)SteamsteamappscommonAmong UsAmong Us.exe => No File
FirewallRules: [TCP Query User{7B18E515-876B-47EB-9C9E-6A4547624DB6}C:usersmilosappdatalocalviberviber.exe] => (Allow) C:usersmilosappdatalocalviberviber.exe (Viber Media S.à r.l. -> Viber Media S.Ã r.l.)
FirewallRules: [UDP Query User{F18D7C8E-F8EE-4B6E-8793-40DE142D31F6}C:usersmilosappdatalocalviberviber.exe] => (Allow) C:usersmilosappdatalocalviberviber.exe (Viber Media S.à r.l. -> Viber Media S.Ã r.l.)
FirewallRules: [{7921FE58-676A-4BE5-9A1E-4D8ED9A9A720}] => (Allow) C:UsersmilosAppDataRoaminguTorrentuTorrent.exe => No File
FirewallRules: [{0AF4DF74-597C-4AE2-BAE3-AD314FA1D6F7}] => (Allow) C:UsersmilosAppDataRoaminguTorrentuTorrent.exe => No File
FirewallRules: [{4E1967D4-A856-4493-B075-D2E4F640A7C6}] => (Allow) C:UsersmilosAppDataLocalProgramsOpera78.0.4093.184opera.exe => No File
FirewallRules: [TCP Query User{CFC3C161-7359-4D5C-92C0-765A3A216FD3}C:usersmilosappdatalocalviberviber.exe] => (Allow) C:usersmilosappdatalocalviberviber.exe (Viber Media S.à r.l. -> Viber Media S.Ã r.l.)
FirewallRules: [UDP Query User{D6F54E30-BB63-4879-B4ED-42F9CFC8DCF1}C:usersmilosappdatalocalviberviber.exe] => (Allow) C:usersmilosappdatalocalviberviber.exe (Viber Media S.à r.l. -> Viber Media S.Ã r.l.)
FirewallRules: [TCP Query User{86D6C39E-F947-4977-9886-9618385D55E2}C:program filesvideolanvlcvlc.exe] => (Allow) C:program filesvideolanvlcvlc.exe (VideoLAN -> VideoLAN)
FirewallRules: [UDP Query User{4DAC31F4-69C1-43CF-A778-FAA2EE44ED27}C:program filesvideolanvlcvlc.exe] => (Allow) C:program filesvideolanvlcvlc.exe (VideoLAN -> VideoLAN)
FirewallRules: [{BC5A17B4-CE4E-40B4-B85B-52105D807AB4}] => (Allow) C:Program Files (x86)Microsoft OfficerootOffice16outlook.exe (Microsoft Corporation -> Microsoft Corporation)
FirewallRules: [{018733AA-5680-4B5D-BC2A-F432205DC505}] => (Allow) C:Program Files (x86)LenovoSystem Updateuncserver.exe (Lenovo -> )
FirewallRules: [{125C5922-C9F6-4B83-B555-8C31C1903B89}] => (Allow) C:Program Files (x86)LenovoSystem Updateuncserver.exe (Lenovo -> )
FirewallRules: [{0E337B60-ABAA-418D-97B7-6A965733A755}] => (Allow) C:Program FilesqBittorrentqbittorrent.exe (The qBittorrent Project) [File not signed]
FirewallRules: [{89CE77DF-C62B-4DA1-94DB-1DE5ED2D22D3}] => (Allow) C:Program FilesqBittorrentqbittorrent.exe (The qBittorrent Project) [File not signed]
FirewallRules: [{A87B79C7-F511-458A-8FF3-23A2C0CBBD11}] => (Allow) C:Program FilesWindowsAppsMicrosoft.SkypeApp_15.78.159.0_x86__kzf8qxf38zg5cSkypeSkype.exe (Skype Software Sarl -> Skype Technologies S.A.)
FirewallRules: [{558EB439-D5C5-42ED-A3F8-9D326564281E}] => (Allow) C:Program FilesWindowsAppsMicrosoft.SkypeApp_15.78.159.0_x86__kzf8qxf38zg5cSkypeSkype.exe (Skype Software Sarl -> Skype Technologies S.A.)
FirewallRules: [{42A7BCAE-62AC-40EE-8E55-F35FBA0E7C20}] => (Allow) C:Program FilesWindowsAppsMicrosoft.SkypeApp_15.78.159.0_x86__kzf8qxf38zg5cSkypeSkype.exe (Skype Software Sarl -> Skype Technologies S.A.)
FirewallRules: [{82BA6B00-1E71-4635-8868-CA87B6E4D171}] => (Allow) C:Program FilesWindowsAppsMicrosoft.SkypeApp_15.78.159.0_x86__kzf8qxf38zg5cSkypeSkype.exe (Skype Software Sarl -> Skype Technologies S.A.)
FirewallRules: [{39334ED0-658A-48E1-A85A-28D547AE0835}] => (Allow) C:Program FilesCold TurkeyCold Turkey Blocker.exe (Cold Turkey Software, Inc. -> Cold Turkey Software Inc.)
FirewallRules: [{2A40B867-FAB1-4C4C-BBA7-A123A692F1C5}] => (Allow) C:Program FilesCold TurkeyCold Turkey Blocker.exe (Cold Turkey Software, Inc. -> Cold Turkey Software Inc.)
FirewallRules: [TCP Query User{A55DD912-8EF0-49F9-8970-C47EB713EC00}C:program filesvideolanvlcvlc.exe] => (Allow) C:program filesvideolanvlcvlc.exe (VideoLAN -> VideoLAN)
FirewallRules: [UDP Query User{0724F62B-22B5-4FF1-AE19-00A325468B40}C:program filesvideolanvlcvlc.exe] => (Allow) C:program filesvideolanvlcvlc.exe (VideoLAN -> VideoLAN)
FirewallRules: [TCP Query User{7EA6A9BE-F7A2-4FF4-B856-BB18789D6F0F}C:program filesqbittorrentqbittorrent.exe] => (Allow) C:program filesqbittorrentqbittorrent.exe (The qBittorrent Project) [File not signed]
FirewallRules: [UDP Query User{4835B719-7A3A-47E5-9B8D-351E809921EE}C:program filesqbittorrentqbittorrent.exe] => (Allow) C:program filesqbittorrentqbittorrent.exe (The qBittorrent Project) [File not signed]
FirewallRules: [{E04C44ED-43DA-4AC7-8F19-FBE5C992DBC4}] => (Allow) C:Program Files (x86)GoogleChromeApplicationchrome.exe (Google LLC -> Google LLC)
FirewallRules: [{387A02E7-61F5-488C-BDC2-FB4F4A0F1CBD}] => (Allow) C:Program Files (x86)MicrosoftEdgeWebViewApplication96.0.1054.34msedgewebview2.exe (Microsoft Corporation -> Microsoft Corporation)
==================== Restore Points =========================
20-11-2021 13:40:59 Scheduled Checkpoint
27-11-2021 15:11:21 Windows Modules Installer
30-11-2021 15:44:06 Removed Microsoft Visual C++ 2005 Redistributable
==================== Faulty Device Manager Devices ============
==================== Event log errors: ========================
Application errors:
==================
Error: (11/30/2021 03:48:30 PM) (Source: SideBySide) (EventID: 33) (User: )
Description: Activation context generation failed for “C:Program Files (x86)LenovoLenovo Photo MasterPhotoMasterWorker.exe.Manifest”.
Dependent Assembly Microsoft.VC80.MFC,processorArchitecture=”x86″,publicKeyToken=”1fc8b3b9a1e18e3b”,type=”win32″,version=”8.0.50608.0″ could not be found.
Please use sxstrace.exe for detailed diagnosis.
Error: (11/29/2021 10:49:33 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: GDCAgent.exe, version: 1.0.1.6, time stamp: 0x55b8998c
Faulting module name: GDCAgent.exe, version: 1.0.1.6, time stamp: 0x55b8998c
Exception code: 0xc0000409
Fault offset: 0x000ab97a
Faulting process id: 0x2edc
Faulting application start time: 0x01d7e56aa55e7275
Faulting application path: C:Program Files (x86)LenovoGDCAgentSetupRedGDCAgent.exe
Faulting module path: C:Program Files (x86)LenovoGDCAgentSetupRedGDCAgent.exe
Report Id: 5c2e77c2-1775-45b5-8a42-94be50419eb6
Faulting package full name:
Faulting package-relative application ID:
Error: (11/29/2021 02:12:25 PM) (Source: Application Hang) (EventID: 1002) (User: )
Description: The program LenovoVantage.exe version 10.2110.17.0 stopped interacting with Windows and was closed. To see if more information about the problem is available, check the problem history in the Security and Maintenance control panel.
Process ID: 2a54
Start Time: 01d7e5223ea13281
Termination Time: 4294967295
Application Path: C:Program FilesWindowsAppsE046963F.LenovoCompanion_10.2110.17.0_x64__k1h2ywk1493x8LenovoVantage.exe
Report Id: cf63a91e-45d5-48b8-a6c0-48826c87cb8d
Faulting package full name: E046963F.LenovoCompanion_10.2110.17.0_x64__k1h2ywk1493x8
Faulting package-relative application ID: App
Hang type: Quiesce
Error: (11/29/2021 02:09:53 PM) (Source: Office 2016 Licensing Service) (EventID: 0) (User: )
Description: Event-ID 0
Error: (11/29/2021 01:57:32 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: GDCAgent.exe, version: 1.0.1.6, time stamp: 0x55b8998c
Faulting module name: GDCAgent.exe, version: 1.0.1.6, time stamp: 0x55b8998c
Exception code: 0xc0000409
Fault offset: 0x000ab97a
Faulting process id: 0x1d9c
Faulting application start time: 0x01d7e51d9ff5c42e
Faulting application path: C:Program Files (x86)LenovoGDCAgentSetupRedGDCAgent.exe
Faulting module path: C:Program Files (x86)LenovoGDCAgentSetupRedGDCAgent.exe
Report Id: 752e1369-72c8-4228-8f69-4ba7e8454206
Faulting package full name:
Faulting package-relative application ID:
Error: (11/28/2021 11:55:55 AM) (Source: Office 2016 Licensing Service) (EventID: 0) (User: )
Description: Event-ID 0
Error: (11/28/2021 10:54:33 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: GDCAgent.exe, version: 1.0.1.6, time stamp: 0x55b8998c
Faulting module name: GDCAgent.exe, version: 1.0.1.6, time stamp: 0x55b8998c
Exception code: 0xc0000409
Fault offset: 0x000ab97a
Faulting process id: 0x1034
Faulting application start time: 0x01d7e43db5bfa5b7
Faulting application path: C:Program Files (x86)LenovoGDCAgentSetupRedGDCAgent.exe
Faulting module path: C:Program Files (x86)LenovoGDCAgentSetupRedGDCAgent.exe
Report Id: 4d55be41-f181-4bf3-823b-fc5fa637ddba
Faulting package full name:
Faulting package-relative application ID:
Error: (11/28/2021 10:41:04 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: GDCAgent.exe, version: 1.0.1.6, time stamp: 0x55b8998c
Faulting module name: GDCAgent.exe, version: 1.0.1.6, time stamp: 0x55b8998c
Exception code: 0xc0000409
Fault offset: 0x000ab97a
Faulting process id: 0x2198
Faulting application start time: 0x01d7e43bcb648824
Faulting application path: C:Program Files (x86)LenovoGDCAgentSetupRedGDCAgent.exe
Faulting module path: C:Program Files (x86)LenovoGDCAgentSetupRedGDCAgent.exe
Report Id: f55f5bf3-3aef-4524-9f31-cb9fdcade561
Faulting package full name:
Faulting package-relative application ID:
System errors:
=============
Error: (11/29/2021 10:49:36 PM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: The GDCAgent service terminated unexpectedly. It has done this 1 time(s).
Error: (11/29/2021 10:42:37 PM) (Source: DCOM) (EventID: 10010) (User: MILOSYOGA)
Description: The server {A463FCB9-6B1C-4E0D-A80B-A2CA7999E25D} did not register with DCOM within the required timeout.
Error: (11/29/2021 10:42:37 PM) (Source: DCOM) (EventID: 10010) (User: MILOSYOGA)
Description: The server {A463FCB9-6B1C-4E0D-A80B-A2CA7999E25D} did not register with DCOM within the required timeout.
Error: (11/29/2021 10:42:34 PM) (Source: DCOM) (EventID: 10010) (User: NT AUTHORITY)
Description: The server {338B40F9-9D68-4B53-A793-6B9AA0C5F63B} did not register with DCOM within the required timeout.
Error: (11/29/2021 10:42:32 PM) (Source: DCOM) (EventID: 10010) (User: MILOSYOGA)
Description: The server Microsoft.Windows.ContentDeliveryManager_10.0.19041.1023_neutral_neutral_cw5n1h2txyewy!App.AppXw3qcpc7p849541dp39vvqd01bn7z9ybh.mca did not register with DCOM within the required timeout.
Error: (11/29/2021 10:42:32 PM) (Source: DCOM) (EventID: 10010) (User: MILOSYOGA)
Description: The server Microsoft.Windows.ContentDeliveryManager_10.0.19041.1023_neutral_neutral_cw5n1h2txyewy!Windows.Networking.BackgroundTransfer.Internal.NetworkChangeTask.ClassId.1 did not register with DCOM within the required timeout.
Error: (11/29/2021 10:42:27 PM) (Source: DCOM) (EventID: 10010) (User: MILOSYOGA)
Description: The server microsoft.windowscommunicationsapps_16005.14326.20544.0_x64__8wekyb3d8bbwe!microsoft.windowslive.calendar.AppXwkn9j84yh1kvnt49k5r8h6y1ecsv09hs.mca did not register with DCOM within the required timeout.
Error: (11/29/2021 10:42:27 PM) (Source: DCOM) (EventID: 10010) (User: MILOSYOGA)
Description: The server Microsoft.Windows.Search_1.14.2.19041_neutral_neutral_cw5n1h2txyewy!CortanaUI.AppX49we79s9ab0xp8xpjb6t6g31ep03r71y.mca did not register with DCOM within the required timeout.
Windows Defender:
================
Date: 2021-11-30 14:58:55
Description:
Microsoft Defender Antivirus scan has been stopped before completion.
Scan Type: Antimalware
Scan Parameters: Quick Scan
Date: 2021-11-30 14:00:47
Description:
Microsoft Defender Antivirus scan has been stopped before completion.
Scan Type: Antimalware
Scan Parameters: Quick Scan
Date: 2021-11-28 15:12:10
Description:
Microsoft Defender Antivirus scan has been stopped before completion.
Scan Type: Antimalware
Scan Parameters: Quick Scan
Date: 2021-11-25 17:05:14
Description:
Microsoft Defender Antivirus scan has been stopped before completion.
Scan Type: Antimalware
Scan Parameters: Quick Scan
Date: 2021-11-23 13:45:01
Description:
Microsoft Defender Antivirus scan has been stopped before completion.
Scan Type: Antimalware
Scan Parameters: Quick Scan
Event[0]:
Date: 2021-11-23 22:57:31
Description:
Microsoft Defender Antivirus Real-Time Protection feature has encountered an error and failed.
Feature: Behavior Monitoring
Error Code: 0x80004005
Error description: Unspecified error
Reason: Antimalware security intelligence has stopped functioning for an unknown reason. In some instances, restarting the service may resolve the problem.
Date: 2021-11-23 22:57:30
Description:
Microsoft Defender Antivirus Real-Time Protection feature has encountered an error and failed.
Feature: Behavior Monitoring
Error Code: 0x80004005
Error description: Unspecified error
Reason: Real-time protection has stopped functioning for an unknown reason. Restart the service in order to recover.
CodeIntegrity:
===============
Date: 2021-10-11 12:10:10
Description:
Code Integrity is unable to verify the image integrity of the file DeviceHarddiskVolume3WindowsSystem32aepic.dll because the set of per-page image hashes could not be found on the system.
Date: 2021-09-14 05:14:50
Description:
Code Integrity determined that a process (DeviceHarddiskVolume3WindowsSystem32MDEServer.exe) attempted to load DeviceHarddiskVolume3Program FilesLenovoBluetooth SoftwareBtMmHook.dll that did not meet the Microsoft signing level requirements.
Date: 2021-03-27 16:19:18
Description:
Code Integrity determined that a process (DeviceHarddiskVolume3Program Files (x86)GoogleChromeApplicationchrome.exe) attempted to load DeviceHarddiskVolume3Program Files (x86)GoogleChromeApplication89.0.4389.90chrome.dll that did not meet the Microsoft signing level requirements.
Date: 2021-03-12 06:31:04
Description:
Code Integrity determined that a process (DeviceHarddiskVolume3WindowsSystem32browser_broker.exe) attempted to load DeviceHarddiskVolume3Program FilesLenovoBluetooth SoftwareBTNCopy.dll that did not meet the Microsoft signing level requirements.
==================== Memory info ===========================
BIOS: LENOVO E1CN47WW 10/10/2016
Motherboard: LENOVO VIUU4
Processor: Intel® Core m7-6Y75 CPU @ 1.20GHz
Percentage of memory in use: 84%
Total physical RAM: 8104.91 MB
Available physical RAM: 1263.48 MB
Total Virtual: 12968.91 MB
Available Virtual: 4410.74 MB
==================== Drives ================================
Drive c: (Windows) (Fixed) (Total:198.15 GB) (Free:97.71 GB) NTFS
Drive d: (LENOVO) (Fixed) (Total:25 GB) (Free:21.32 GB) NTFS
\?Volume{0040a137-e92d-4eb1-bd34-b8ed293b9ef4} (WINRE_DRV) (Fixed) (Total:0.98 GB) (Free:0.47 GB) NTFS
\?Volume{22107e92-c055-4186-9a99-e4c480ae6ada} (LENOVO_PART) (Fixed) (Total:13.1 GB) (Free:2.26 GB) NTFS
\?Volume{6461fcc8-fef2-41da-bf2d-045db10b2dbb} (SYSTEM_DRV) (Fixed) (Total:0.25 GB) (Free:0.22 GB) FAT32
==================== MBR & Partition Table ====================
==========================================================
Disk: 0 (Size: 238.5 GB) (Disk ID: 3E97A5A3)
Partition: GPT.
==================== End of Addition.txt =======================
