Noticed my PC was a little sluggish, so I ran SAS, which said I was clean (but I don't think SAS is working anymore -- it doesn't even detect cookies any longer, which is WEIRD).
Then I suddenly couldn't click anything in my browser, so I knew something was up for sure...but before i could do anything, I got an Avast pop-up that said it stopped a redirect "URL: Restoro." I didn't think to screen cap it, but there's a SIMILAR image attached. See more below...
I ran Malware Bytes, which found several things & Quarantined them (later deleted). See attached Malware Bytes History.txt file.
So the problem stopped occurring in Chrome and in the Avast browser.
I ran CCleaner just to see if that helped things as well (Saw "Restoro" in an Hkey).
However, then I decided to check Edge (which I almost never actually use anyway), and EVERY time I try to go to ANY site w/in Edge, I get the Avast warning pop-up in the attached image, "Avast Screen Cap." The warning here differs from the "URL:Restoro" one above, but the redirect it describes is what was happening in Chrome and Avast browsers.
I then DL'd RogueKiller. That found THREE MORE things, deleted them. See image, "RogueK screen cap.jpg."
But the issue is still occurring. Please advise. My FRST files are pasted; my other files attached. THANK YOU!
-Pbot
==============
NOTE: For privacy, I replaced my user name with “XXXX” throughout.
Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 28-03-2022
Ran by [XXXX] (administrator) on [XX-XX] (LENOVO 82BH) (28-03-2022 23:57:51)
Running from C:\Users\XXXX\Desktop
Loaded Profiles: XXXX
Platform: Microsoft Windows 11 Home Version 21H2 22000.556 (X64) Language: English (United States)
Default browser: Opera
Boot Mode: Normal
==================== Processes (Whitelisted) =================
(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
(Avast Software s.r.o. -> AVAST Software) C:\Program Files (x86)\AVAST Software\Browser\Update\1.8.1189.1\AvastBrowserCrashHandler.exe
(Avast Software s.r.o. -> AVAST Software) C:\Program Files (x86)\AVAST Software\Browser\Update\1.8.1189.1\AvastBrowserCrashHandler64.exe
(Avast Software s.r.o. -> AVAST Software) C:\Program Files\Avast Software\Avast\AvastUI.exe <4>
(C:\Program Files (x86)\Lenovo\Smart Note\SmartNote.Service.exe ->) (Lenovo -> Lenovo) C:\Program Files (x86)\Lenovo\Smart Note\LenovoSmartNote.exe
(C:\Program Files (x86)\Lenovo\VantageService\3.11.20.0\LenovoVantageService.exe ->) (Lenovo -> Lenovo Group Ltd.) C:\Program Files (x86)\Lenovo\VantageService\3.11.20.0\LenovoVantage-(DeviceSettingsHeartbeatAddin).exe
(C:\Program Files (x86)\Lenovo\VantageService\3.11.20.0\LenovoVantageService.exe ->) (Lenovo -> Lenovo Group Ltd.) C:\Program Files (x86)\Lenovo\VantageService\3.11.20.0\LenovoVantage-(DeviceSettingsSystemAddin).exe
(C:\Program Files (x86)\Lenovo\VantageService\3.11.20.0\LenovoVantageService.exe ->) (Lenovo -> Lenovo Group Ltd.) C:\Program Files (x86)\Lenovo\VantageService\3.11.20.0\LenovoVantage-(GenericMessagingAddin).exe
(C:\Program Files (x86)\Lenovo\VantageService\3.11.20.0\LenovoVantageService.exe ->) (Lenovo -> Lenovo Group Ltd.) C:\Program Files (x86)\Lenovo\VantageService\3.11.20.0\LenovoVantage-(LenovoBoostAddin).exe
(C:\Program Files (x86)\Lenovo\VantageService\3.11.20.0\LenovoVantageService.exe ->) (Lenovo -> Lenovo Group Ltd.) C:\Program Files (x86)\Lenovo\VantageService\3.11.20.0\LenovoVantage-(LenovoBoostSystemAddin).exe
(C:\Program Files (x86)\Lenovo\VantageService\3.11.20.0\LenovoVantageService.exe ->) (Lenovo -> Lenovo Group Ltd.) C:\Program Files (x86)\Lenovo\VantageService\3.11.20.0\LenovoVantage-(LenovoSecurityAddin).exe
(C:\Program Files (x86)\Lenovo\VantageService\3.11.20.0\LenovoVantageService.exe ->) (Lenovo -> Lenovo Group Ltd.) C:\Program Files (x86)\Lenovo\VantageService\3.11.20.0\LenovoVantage-(LenovoServiceBridgeAddin).exe
(C:\Program Files (x86)\Lenovo\VantageService\3.11.20.0\LenovoVantageService.exe ->) (Lenovo -> Lenovo Group Ltd.) C:\Program Files (x86)\Lenovo\VantageService\3.11.20.0\LenovoVantage-(SmartInteractAddin).exe
(C:\Program Files (x86)\Lenovo\VantageService\3.11.20.0\LenovoVantageService.exe ->) (Lenovo -> Lenovo Group Ltd.) C:\Program Files (x86)\Lenovo\VantageService\3.11.20.0\LenovoVantage-(SmartPrivacyAddin).exe
(C:\Program Files (x86)\Lenovo\VantageService\3.11.20.0\LenovoVantageService.exe ->) (Lenovo -> Lenovo Group Ltd.) C:\Program Files (x86)\Lenovo\VantageService\3.11.20.0\LenovoVantage-(VantageCoreAddin).exe
(C:\Program Files\Avast Software\Avast\AvastSvc.exe ->) (Avast Software s.r.o. -> AVAST Software) C:\Program Files\Avast Software\Avast\aswEngSrv.exe
(C:\Program Files\Common Files\microsoft shared\ClickToRun\OfficeClickToRun.exe ->) (Microsoft Corporation -> Microsoft Corporation) C:\Program Files\Common Files\microsoft shared\ClickToRun\AppVShNotify.exe
(C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe ->) (Malwarebytes Inc -> Malwarebytes) C:\Program Files\Malwarebytes\Anti-Malware\mbamtray.exe
(C:\Program Files\RogueKiller\RogueKillerSvc.exe ->) (ADLICE -> ) C:\Program Files\RogueKiller\RogueKiller64.exe
(C:\Users\XXXX\AppData\Local\Programs\Opera\opera.exe ->) (Opera Software AS -> Opera Software) C:\Users\XXXX\AppData\Local\Programs\Opera\84.0.4316.42\opera_crashreporter.exe
(C:\Windows\Lenovo\ImController\Service\Lenovo.Modern.ImController.exe ->) (Lenovo -> Lenovo Group Ltd.) C:\Windows\Lenovo\ImController\PluginHost\Lenovo.Modern.ImController.PluginHost.SettingsApp.exe <3>
(C:\Windows\Lenovo\ImController\Service\Lenovo.Modern.ImController.exe ->) (Lenovo -> Lenovo Group Ltd.) C:\Windows\Lenovo\ImController\PluginHost86\Lenovo.Modern.ImController.PluginHost.Device.exe
(cmd.exe ->) (Avast Software s.r.o. -> AVAST Software) C:\Program Files\Avast Software\Avast\AvastNM.exe
(cmd.exe ->) (Avast Software s.r.o. -> AVAST Software) C:\Program Files\Avast Software\SecureLine VPN\VpnNM.exe
(cmd.exe ->) (Lenovo (Beijing) Limited -> Lenovo Group Limited) C:\Users\XXXX\AppData\Local\Programs\Lenovo\Lenovo Service Bridge\LSB.exe
(DriverStore\FileRepository\cui_dch.inf_amd64_baf36d4852e8e257\igfxCUIServiceN.exe ->) (Intel Corporation -> Intel Corporation) C:\Windows\System32\DriverStore\FileRepository\cui_dch.inf_amd64_baf36d4852e8e257\igfxEMN.exe
(DriverStore\FileRepository\lenovofnandfunctionkeys.inf_amd64_5ce88e30ad5362fb\LenovoUtilityService.exe ->) (Lenovo -> Lenovo(beijing) Limited) C:\Windows\System32\DriverStore\FileRepository\lenovofnandfunctionkeys.inf_amd64_5ce88e30ad5362fb\FnHotkeyUtility.exe
(explorer.exe ->) (Avast Software s.r.o. -> AVAST Software) C:\Program Files (x86)\AVAST Software\Browser\Application\AvastBrowser.exe <26>
(explorer.exe ->) (Microsoft Corporation -> Microsoft Corporation) C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe <7>
(explorer.exe ->) (Support.com, Inc. -> SUPERAntiSpyware) C:\Program Files\SUPERAntiSpyware\SUPERANTISPYWARE.EXE
(Google LLC -> Google LLC) C:\Program Files (x86)\Google\Update\1.3.36.122\GoogleCrashHandler.exe
(Google LLC -> Google LLC) C:\Program Files (x86)\Google\Update\1.3.36.122\GoogleCrashHandler64.exe
(LNBITSSvc.exe ->) (Lenovo -> Lenovo(beijing) Limited) C:\Windows\System32\AutoModeDetect.exe
(Microsoft Windows -> Microsoft Corporation) C:\Windows\splwow64.exe
(Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\cmd.exe <3>
(Opera Software AS -> Opera Software) C:\Users\XXXX\AppData\Local\Programs\Opera\opera.exe <22>
(services.exe ->) (ADLICE -> ) C:\Program Files\RogueKiller\RogueKillerSvc.exe
(services.exe ->) (Arvato Digital Services Canada Inc -> arvato digital services llc) C:\Program Files\Common Files\Protexis\License Service\PsiService_2.exe
(services.exe ->) (Avast Software s.r.o. -> AVAST Software) C:\Program Files\Avast Software\Avast\afwServ.exe
(services.exe ->) (Avast Software s.r.o. -> AVAST Software) C:\Program Files\Avast Software\Avast\aswidsagent.exe
(services.exe ->) (Avast Software s.r.o. -> AVAST Software) C:\Program Files\Avast Software\Avast\aswToolsSvc.exe
(services.exe ->) (Avast Software s.r.o. -> AVAST Software) C:\Program Files\Avast Software\Avast\AvastSvc.exe
(services.exe ->) (Avast Software s.r.o. -> AVAST Software) C:\Program Files\Avast Software\Avast\wsc_proxy.exe
(services.exe ->) (Avast Software s.r.o. -> AVAST Software) C:\Program Files\Avast Software\Cleanup\TuneupSvc.exe
(services.exe ->) (Avast Software s.r.o. -> AVAST Software) C:\Program Files\Avast Software\Driver Updater\DriverUpdSvc.exe
(services.exe ->) (Avast Software s.r.o. -> AVAST Software) C:\Program Files\Avast Software\SecureLine VPN\VpnSvc.exe
(services.exe ->) (Dolby Laboratories, Inc. -> Dolby Laboratories) C:\Windows\System32\DriverStore\FileRepository\dax3_swc_aposvc.inf_amd64_771d64c55bc6db71\DAX3API.exe <2>
(services.exe ->) (Intel Corporation -> Intel Corporation) C:\Windows\System32\DriverStore\FileRepository\cui_dch.inf_amd64_baf36d4852e8e257\igfxCUIServiceN.exe
(services.exe ->) (Intel Corporation -> Intel Corporation) C:\Windows\System32\DriverStore\FileRepository\dptf_cpu.inf_amd64_897ea327b3fe52f7\esif_uf.exe
(services.exe ->) (Intel Corporation -> Intel Corporation) C:\Windows\System32\DriverStore\FileRepository\iastorvd.inf_amd64_a5ea1b1d8db1527e\RstMwService.exe
(services.exe ->) (Intel Corporation -> Intel Corporation) C:\Windows\System32\DriverStore\FileRepository\igcc_dch.inf_amd64_a439e07c373809e2\OneApp.IGCC.WinService.exe
(services.exe ->) (Intel Corporation -> Intel Corporation) C:\Windows\System32\DriverStore\FileRepository\iigd_dch.inf_amd64_cd926c8ec2d5c22c\IntelCpHDCPSvc.exe
(services.exe ->) (Intel Corporation -> Intel Corporation) C:\Windows\System32\DriverStore\FileRepository\lms.inf_amd64_fddb643595e0b8d0\LMS.exe
(services.exe ->) (Intel Corporation -> Intel Corporation) C:\Windows\TbtP2pShortcutService.exe
(services.exe ->) (Intel Corporation -> Intel) C:\Windows\System32\DriverStore\FileRepository\intcoed.inf_amd64_dd6a7ef14d856351\AS\IAS\IntelAudioService.exe
(services.exe ->) (Intel® Embedded Subsystems and IP Blocks Group -> Intel Corporation) C:\Windows\System32\DriverStore\FileRepository\dal.inf_amd64_b5484efd38adbe8d\jhi_service.exe
(services.exe ->) (Lenovo -> Lenovo Group Ltd.) C:\Program Files (x86)\Lenovo\VantageService\3.11.20.0\LenovoVantageService.exe
(services.exe ->) (Lenovo -> Lenovo Group Ltd.) C:\Windows\Lenovo\ImController\Service\Lenovo.Modern.ImController.exe
(services.exe ->) (Lenovo -> Lenovo Group Ltd.) C:\Windows\System32\drivers\Lenovo\udc\Service\UDClientService.exe
(services.exe ->) (Lenovo -> Lenovo Group Ltd.) C:\Windows\System32\YMC.exe
(services.exe ->) (Lenovo -> Lenovo(beijing) Limited) C:\Windows\System32\DriverStore\FileRepository\lenovofnandfunctionkeys.inf_amd64_5ce88e30ad5362fb\LenovoUtilityService.exe
(services.exe ->) (Lenovo -> Lenovo(beijing) Limited) C:\Windows\System32\LNBITSSvc.exe
(services.exe ->) (Lenovo -> Lenovo) C:\Program Files (x86)\Lenovo\Smart Note\SmartNote.Service.exe
(services.exe ->) (Malwarebytes Inc -> Malwarebytes) C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe
(services.exe ->) (Microsoft Corporation -> Microsoft Corporation) C:\Program Files\Common Files\microsoft shared\ClickToRun\OfficeClickToRun.exe
(services.exe ->) (Microsoft Corporation -> Microsoft Corporation) C:\Program Files\Common Files\microsoft shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE
(services.exe ->) (Microsoft Corporation -> Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v3.0\WPF\PresentationFontCache.exe
(services.exe ->) (Microsoft Windows Hardware Compatibility Publisher -> Fortemedia) C:\Windows\System32\FMService64.exe
(services.exe ->) (Realtek Semiconductor Corp. -> Realtek Semiconductor) C:\Windows\System32\DriverStore\FileRepository\realtekservice.inf_amd64_a1020546271138b9\RtkAudUService64.exe <2>
(services.exe ->) (SUPERAntiSpyware.com -> SUPERAntiSpyware.com) C:\Program Files\SUPERAntiSpyware\SASCore64.exe
(services.exe ->) (Texas Instruments Inc. -> Texas Instuments) C:\Windows\System32\TISmartAmpService.exe <2>
(services.exe ->) (Tonalio GmbH -> sandboxie-plus.com) C:\Program Files\Sandboxie-Plus\SbieSvc.exe
(services.exe ->) (Wacom Co., Ltd. -> Wacom Technology, Corp.) C:\Windows\System32\DriverStore\FileRepository\wtabletserviceisd.inf_amd64_e8b279f14c8318f9\WTabletServiceISD.exe <2>
(sihost.exe ->) (INTEL CORP) C:\Program Files\WindowsApps\appup.intelgraphicsexperience_1.100.3407.0_x64__8j3eq9eme6ctt\GCP.ML.BackgroundSysTray\IGCCTray.exe
(svchost.exe ->) (Lenovo -> ) C:\Program Files (x86)\Lenovo\Smart Note\LSNUpdater.exe
(svchost.exe ->) (Microsoft Corporation -> Microsoft Corporation) C:\Program Files\Microsoft Office\root\Office16\SDXHelper.exe
(svchost.exe ->) (Microsoft Corporation -> Microsoft Corporation) C:\Program Files\Microsoft Office\root\Office16\WINWORD.EXE
(svchost.exe ->) (Microsoft Windows -> Microsoft Corporation) C:\Windows\ImmersiveControlPanel\SystemSettings.exe
(svchost.exe ->) (Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\DataExchangeHost.exe
(svchost.exe ->) (Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\dllhost.exe <4>
(svchost.exe ->) (Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\smartscreen.exe
(svchost.exe ->) (Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\wlanext.exe
==================== Registry (Whitelisted) ===================
(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
HKLM\...\Run: [RtkAudUService] => C:\WINDOWS\System32\DriverStore\FileRepository\realtekservice.inf_amd64_a1020546271138b9\RtkAudUService64.exe [1343072 2021-08-26] (Realtek Semiconductor Corp. -> Realtek Semiconductor)
HKLM\...\Run: [AvastUI.exe] => C:\Program Files\Avast Software\Avast\AvLaunch.exe [157464 2022-02-17] (Avast Software s.r.o. -> AVAST Software)
HKLM-x32\...\Run: [Adobe ARM] => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [932288 2010-10-25] (Adobe Systems, Incorporated -> Adobe Systems Incorporated)
HKLM-x32\...\Run: [] => [X]
HKLM-x32\...\Run: [Adobe Acrobat Speed Launcher] => C:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat\Acrobat_sl.exe [36760 2010-10-25] (Adobe Systems, Incorporated -> Adobe Systems Incorporated)
HKLM-x32\...\Run: [Acrobat Assistant 8.0] => C:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat\Acrotray.exe [821144 2010-10-25] (Adobe Systems, Incorporated -> Adobe Systems Inc.)
HKU\S-1-5-21-264392141-483231010-3487555609-1001\...\Run: [SUPERAntiSpyware] => C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe [10988848 2022-02-22] (Support.com, Inc. -> SUPERAntiSpyware)
HKU\S-1-5-21-264392141-483231010-3487555609-1001\...\Run: [Adobe Acrobat Synchronizer] => C:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat\AdobeCollabSync.exe [1216416 2010-10-25] (Adobe Systems, Incorporated -> Adobe Systems Incorporated)
HKU\S-1-5-21-264392141-483231010-3487555609-1001\...\Run: [LenovoVantageToolbar] => C:\ProgramData\Lenovo\ImController\Plugins\LenovoBatteryGaugePackage\x64\QSHelper.exe [96840 2021-09-09] (Lenovo -> Lenovo Group Ltd.)
HKU\S-1-5-21-264392141-483231010-3487555609-1001\...\Run: [CCleaner Smart Cleaning] => C:\Program Files\CCleaner\CCleaner64.exe [35888256 2022-03-10] (Piriform Software Ltd -> Piriform Software Ltd)
HKLM\...\Print\Monitors\Adobe PDF Port Monitor: C:\WINDOWS\system32\AdobePDF.dll [53656 2010-10-25] (Adobe Systems, Incorporated -> Adobe Systems Inc)
HKLM\Software\Microsoft\Active Setup\Installed Components: [{8A69D345-D564-463c-AFF1-A69D9E530F96}] -> C:\Program Files\Google\Chrome\Application\99.0.4844.82\Installer\chrmstp.exe [2022-03-22] (Google LLC -> Google LLC)
HKLM\Software\Microsoft\Active Setup\Installed Components: [{A8504530-742B-42BC-895D-2BAD6406F698}] -> C:\Program Files (x86)\AVAST Software\Browser\Application\99.0.15185.75\Installer\chrmstp.exe [2022-03-24] (Avast Software s.r.o. -> AVAST Software)
HKLM\SOFTWARE\Policies\Mozilla\Firefox: Restriction <==== ATTENTION
==================== Scheduled Tasks (Whitelisted) ============
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
Task: {08930BC0-60E0-4EA2-B9FB-5D070723BFD5} - System32\Tasks\Opera scheduled Autoupdate 1642995656 => C:\Users\XXXX\AppData\Local\Programs\Opera\launcher.exe [2470608 2022-03-16] (Opera Software AS -> Opera Software)
Task: {0A0205A3-D409-4AAF-82F6-99B8090014D8} - System32\Tasks\Lenovo\ImController\Lenovo iM Controller Monitor => C:\WINDOWS\system32\ImController.InfInstaller.exe [64256 2022-01-28] (Lenovo -> Lenovo Group Ltd.)
Task: {163459E2-6C2A-4D96-8A42-63212FA5EFD7} - System32\Tasks\Lenovo\Lenovo Service Bridge\S-1-5-21-264392141-483231010-3487555609-1001 => C:\Users\XXXX\AppData\Local\Programs\Lenovo\Lenovo Service Bridge\LSBUpdater.exe [88408 2021-12-29] (Lenovo (Beijing) Limited -> Lenovo Group Limited)
Task: {16A2F05C-64B1-498A-939D-17D25881165D} - System32\Tasks\AvastUpdateTaskMachineUA => C:\Program Files (x86)\AVAST Software\Browser\Update\AvastBrowserUpdate.exe [193872 2022-01-22] (Avast Software s.r.o. -> AVAST Software)
Task: {1A609E60-3795-412F-8F68-F3C5A60BFEBA} - System32\Tasks\CCleanerSkipUAC - XXXX => C:\Program Files\CCleaner\CCleaner.exe [30053504 2022-03-10] (Piriform Software Ltd -> Piriform Software Ltd)
Task: {1B6A7256-2D93-408E-B653-56AA02EA25C4} - System32\Tasks\Avast Software\Avast Cleanup BugReport => C:\Program Files\Avast Software\Cleanup\AvBugReport.exe [4791064 2022-03-23] (Avast Software s.r.o. -> AVAST Software) -> --send "dumps|report" --silent --product 62 --programpath "C:\Program Files\Avast Software\Cleanup\Setup\.." --configpath "C:\Program Files\Avast Software\Cleanup\Setup" --path "C:\ProgramData\Avast Software\Cleanup\log" --path "C:\ProgramData\Avast Software\Icarus\Logs" --guid 6b24bc54-21da-428e-802e-aee15b5b1943
Task: {1DD64958-5ED6-4309-967D-A6B1888CEF79} - System32\Tasks\Lenovo\Vantage\Schedule\HeartbeatAddinDailyScheduleTask => C:\Program Files (x86)\Lenovo\VantageService\3.11.20.0\ScheduleEventAction.exe [25344 2022-01-20] (Lenovo -> Lenovo Group Ltd.)
Task: {2250E0A7-E47F-4F00-88C6-7A0CDB3C0F78} - System32\Tasks\Avast Emergency Update => C:\Program Files\Avast Software\Avast\AvEmUpdate.exe [4992280 2022-03-25] (Avast Software s.r.o. -> AVAST Software)
Task: {2347407B-FE01-4293-99BF-5B30E83CABDB} - System32\Tasks\Lenovo\ImController\TimeBasedEvents\bfabaada-2e3d-4fda-9b27-cf6a4fdb859b => C:\WINDOWS\Lenovo\ImController\Service\Lenovo.Modern.ImController.exe [84240 2022-01-28] (Lenovo -> Lenovo Group Ltd.)
Task: {264A0D9B-85DD-4173-9B12-75B4F7BB3206} - System32\Tasks\Avast Software\Avast SecureLine VPN Bug Report => C:\Program Files\Avast Software\SecureLine VPN\AvBugReport.exe [4688664 2022-03-06] (Avast Software s.r.o. -> AVAST Software) -> --send "dumps|report" --silent --product 11 --programpath "C:\Program Files\Avast Software\SecureLine VPN" --configpath "C:\ProgramData\Avast Software\SecureLine VPN" --path "C:\ProgramData\Avast Software\SecureLine VPN\log" --path "C:\ProgramData\Avast Software\Icarus\Logs" --logpath "C:\ProgramData\Avast Software\SecureLine VPN\log" --guid cbb060ff-0140-4da3-99e7-7246b4ab1a23
Task: {29DC5983-7E45-40A8-8A56-E1AC2239E11B} - System32\Tasks\Avast Secure Browser Heartbeat Task (Logon) => C:\Program Files (x86)\AVAST Software\Browser\Application\AvastBrowser.exe [2724952 2022-03-16] (Avast Software s.r.o. -> AVAST Software)
Task: {416E4D84-F938-4CB5-B29B-D05F1882871E} - System32\Tasks\Lenovo\Vantage\Schedule\LenovoSystemUpdateAddin_WeeklyTask => C:\Program Files (x86)\Lenovo\VantageService\3.11.20.0\ScheduleEventAction.exe [25344 2022-01-20] (Lenovo -> Lenovo Group Ltd.)
Task: {465F3871-A402-49E2-91BD-64581D13FC4B} - System32\Tasks\Microsoft\Office\Office Automatic Updates 2.0 => C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeC2RClient.exe [22580696 2022-03-15] (Microsoft Corporation -> Microsoft Corporation)
Task: {46A3B7B7-79B9-4FBF-8EDC-CDED6AAE3E08} - System32\Tasks\Lenovo\BatteryGauge\BatteryGaugeMaintenance => C:\ProgramData\Lenovo\ImController\Plugins\LenovoBatteryGaugePackage\x64\BGHelper.exe [145480 2021-09-09] (Lenovo -> Lenovo Group Ltd.)
Task: {518A7CDE-E610-42E5-81F0-D0A9E2F54EA5} - System32\Tasks\Lenovo\UDC\Lenovo UDC Monitor => C:\WINDOWS\system32\drivers\lenovo\udc\data\InfBackup\UdcInfInstaller.exe [179952 2021-12-19] (Lenovo -> Lenovo Group Ltd.)
Task: {5564B138-7CF3-4589-9389-E1C4A29F22EF} - System32\Tasks\Avast Secure Browser Heartbeat Task (Hourly) => C:\Program Files (x86)\AVAST Software\Browser\Application\AvastBrowser.exe [2724952 2022-03-16] (Avast Software s.r.o. -> AVAST Software)
Task: {565629C8-E3D8-4F54-AE85-3154FA0AFCE5} - System32\Tasks\Microsoft\Office\Office ClickToRun Service Monitor => C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeC2RClient.exe [22580696 2022-03-15] (Microsoft Corporation -> Microsoft Corporation)
Task: {59B96151-B60C-4906-9D78-C5336893A8F7} - System32\Tasks\Avast Software\Avast Driver Updater BugReport => C:\Program Files\Avast Software\Driver Updater\AvBugReport.exe [4791064 2022-03-17] (Avast Software s.r.o. -> AVAST Software) -> --send "dumps|report" --silent --product 148 --programpath "C:\Program Files\Avast Software\Driver Updater\Setup\.." --configpath "C:\Program Files\Avast Software\Driver Updater\Setup" --path "C:\ProgramData\Avast Software\Driver Updater\log" --path "C:\ProgramData\Avast Software\Icarus\Logs" --guid 8f8577e7-686d-4c73-af64-4bb53c91d727
Task: {6466C244-A130-42AE-8120-7F3ADF8801D7} - \Lenovo\Vantage\Lenovo.Vantage.ServiceMaintainance -> No File <==== ATTENTION
Task: {6A980F5D-4068-4D6B-9AA9-5F6587C110FD} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [156232 2022-01-21] (Google LLC -> Google LLC)
Task: {6CF18D37-3805-4C37-BB4E-10D92B4BC732} - System32\Tasks\Lenovo\ImController\TimeBasedEvents\4d03b3cf-1246-4a20-9b40-a8328b8ab47f => C:\WINDOWS\Lenovo\ImController\Service\Lenovo.Modern.ImController.exe [84240 2022-01-28] (Lenovo -> Lenovo Group Ltd.)
Task: {7B20C6E0-35B2-4F8F-B65F-FBC29BCE9736} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [156232 2022-01-21] (Google LLC -> Google LLC)
Task: {7CD846B5-13C6-4AAF-8A33-C27B06AB66AE} - System32\Tasks\Avast Software\Avast Driver Updater Update => C:\Program Files\Common Files\Avast Software\Icarus\avast-du\icarus.exe [6475544 2022-03-14] (Avast Software s.r.o. -> Avast Software)
Task: {7E1049D0-CF43-4762-8A87-D7AFF5AEEDC2} - System32\Tasks\Lenovo\ImController\TimeBasedEvents\d390506b-a86d-4650-90d9-e52f9e156983 => C:\WINDOWS\Lenovo\ImController\Service\Lenovo.Modern.ImController.exe [84240 2022-01-28] (Lenovo -> Lenovo Group Ltd.)
Task: {85026557-9115-48AB-B98B-B9035ADF21BD} - System32\Tasks\Lenovo\ImController\Plugins\LenovoSystemUpdatePlugin_WeeklyTask => %windir%\System32\reg.exe add hklm\SOFTWARE\Lenovo\SystemUpdatePlugin\scheduler /v start /t reg_dword /d 1 /f /reg:32
Task: {88F3FFF2-DE24-415B-BA21-BBFDBDBABAD8} - System32\Tasks\LSNUpdater => C:\Program Files (x86)\Lenovo\Smart Note\LSNUpdater.exe [31760 2021-03-05] (Lenovo -> )
Task: {8CC8698E-0921-43A6-AD3A-3720BB94139A} - System32\Tasks\Avast Software\Overseer => C:\Program Files\Common Files\Avast Software\Overseer\overseer.exe [2296088 2022-03-07] (Avast Software s.r.o. -> Avast Software)
Task: {95E5372D-94F6-4963-BC7D-900598EFF4A1} - System32\Tasks\AvastUpdateTaskMachineCore => C:\Program Files (x86)\AVAST Software\Browser\Update\AvastBrowserUpdate.exe [193872 2022-01-22] (Avast Software s.r.o. -> AVAST Software)
Task: {9FA42018-A42B-4B71-A1FC-AF3786F2FC37} - \Microsoft\Windows\UpdateOrchestrator\Schedule Maintenance Work -> No File <==== ATTENTION
Task: {A217CE82-0B29-4565-A2EB-0C02A4DFBBC1} - System32\Tasks\Lenovo\Vantage\Schedule\DailyTelemetryTransmission => C:\Program Files (x86)\Lenovo\VantageService\3.11.20.0\ScheduleEventAction.exe [25344 2022-01-20] (Lenovo -> Lenovo Group Ltd.)
Task: {A7C3CD83-3F2B-4A2F-9467-9C762C057480} - System32\Tasks\Lenovo\ImController\Lenovo iM Controller Scheduled Maintenance => "%windir%\system32\sc.exe" START ImControllerService
Task: {AB530204-6402-4C0D-BEFA-D9F7739FA2CC} - System32\Tasks\CCleaner Update => C:\Program Files\CCleaner\CCUpdate.exe [684976 2022-03-10] (Piriform Software Ltd -> Piriform)
Task: {B17810E8-E30D-4F92-B43E-8856DBFBD768} - System32\Tasks\Avast Software\Avast Cleanup Update => C:\Program Files\Common Files\Avast Software\Icarus\avast-tu\icarus.exe [6475544 2022-03-22] (Avast Software s.r.o. -> Avast Software)
Task: {B853C3A0-939C-44F4-8435-D35630AAC759} - System32\Tasks\Lenovo\ImController\TimeBasedEvents\eeb2f5e0-7100-4712-a973-89f4501f90d2 => C:\WINDOWS\Lenovo\ImController\Service\Lenovo.Modern.ImController.exe [84240 2022-01-28] (Lenovo -> Lenovo Group Ltd.)
Task: {B9A17207-0752-4331-AECF-C4C4FAE46D0C} - System32\Tasks\Lenovo\ImController\TimeBasedEvents\5187d69d-09ae-459c-9848-5f07ff737e45 => C:\WINDOWS\Lenovo\ImController\Service\Lenovo.Modern.ImController.exe [84240 2022-01-28] (Lenovo -> Lenovo Group Ltd.)
Task: {BDAE0F2A-9B6D-4F57-B5D6-1BB17A448B34} - System32\Tasks\Avast Software\Avast SecureLine VPN Update => C:\Program Files\Common Files\Avast Software\Icarus\avast-vpn\icarus.exe [6592792 2022-02-23] (Avast Software s.r.o. -> Avast Software)
Task: {C1CD9090-4A7C-4F2B-A355-39CDF27DE0EE} - System32\Tasks\Microsoft\Office\Office Feature Updates Logon => C:\Program Files\Microsoft Office\root\Office16\sdxhelper.exe [137072 2022-03-15] (Microsoft Corporation -> Microsoft Corporation)
Task: {C68D20C3-2A9F-4B70-A923-280DFFD59508} - \Microsoft\Windows\Management\Provisioning\PostResetBoot -> No File <==== ATTENTION
Task: {CA08CCBE-57AD-45B8-9E9D-2B84060061E2} - System32\Tasks\Lenovo\Vantage\Schedule\GenericMessagingAddin => C:\Program Files (x86)\Lenovo\VantageService\3.11.20.0\ScheduleEventAction.exe [25344 2022-01-20] (Lenovo -> Lenovo Group Ltd.)
Task: {D0BB6E08-DA37-4D13-BA12-13DF1C3A5857} - System32\Tasks\Avast SecureLine VPN Update => C:\Program Files\Avast Software\SecureLine VPN\VpnUpdate.exe [1227032 2022-03-06] (Avast Software s.r.o. -> AVAST Software)
Task: {DE3E0799-D027-47E9-8BBA-31776482EF77} - System32\Tasks\Lenovo\UDC\Lenovo UDC Idle Monitor => C:\windows\system32\drivers\Lenovo\udc\Service\UDCUserAgent.exe [89840 2021-12-19] (Lenovo -> Lenovo Group Ltd.)
Task: {E8CA8CF4-078C-4366-8C28-A296D2C5532F} - System32\Tasks\Microsoft\Office\Office Performance Monitor => C:\Program Files\Microsoft Office\root\VFS\ProgramFilesCommonX64\Microsoft Shared\Office16\operfmon.exe [59232 2022-03-05] (Microsoft Corporation -> Microsoft Corporation)
Task: {F68A7037-E8CE-4594-9DFC-BC37EAB927B0} - System32\Tasks\MicrosoftEdgeShadowStackRollbackTask => C:\Program Files (x86)\Microsoft\Edge\Application\99.0.1150.55\Installer\setup.exe [3192224 2022-03-28] (Microsoft Corporation -> Microsoft Corporation)
Task: {FF311213-6BFE-41A9-A40F-FA291A92CFB7} - System32\Tasks\Microsoft\Office\Office Feature Updates => C:\Program Files\Microsoft Office\root\Office16\sdxhelper.exe [137072 2022-03-15] (Microsoft Corporation -> Microsoft Corporation)
(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)
Task: C:\WINDOWS\Tasks\CreateExplorerShellUnelevatedTask.job => C:\WINDOWS\explorer.exe
==================== Internet (Whitelisted) ====================
(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
Tcpip\Parameters: [DhcpNameServer] 192.168.0.1
Tcpip\..\Interfaces\{44d38fb4-3ecd-43ed-88c1-90b88040cfd0}: [DhcpNameServer] 192.168.0.1
Tcpip\..\Interfaces\{4c55599d-b36c-4934-a3b9-e0376570c99c}: [DhcpNameServer] 192.168.0.1
Tcpip\..\Interfaces\{7a58ad0e-463f-4b4a-bcf3-a8e5f08c128c}: [DhcpNameServer] 150.214.1.4
Edge:
=======
Edge Profile: C:\Users\XXXX\AppData\Local\Microsoft\Edge\User Data\Default [2022-03-28]
Edge DownloadDir: Default -> C:\Users\XXXX\OneDrive\Desktop
Edge Session Restore: Default -> is enabled.
FireFox:
========
FF HKLM-x32\...\Firefox\Extensions: [[email protected]] - C:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat\Browser\WCFirefoxExtn
FF Extension: (Adobe Acrobat - Create PDF) - C:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat\Browser\WCFirefoxExtn [2022-01-25] [Legacy] [not signed]
FF Plugin: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~1\MICROS~2\Office14\NPAUTHZ.DLL [2010-01-10] (Microsoft Corporation -> Microsoft Corporation)
FF Plugin: @microsoft.com/SharePoint,version=14.0 -> C:\Program Files\Microsoft Office\root\Office16\NPSPWRAP.DLL [2022-03-05] (Microsoft Corporation -> Microsoft Corporation)
FF Plugin-x32: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~2\MICROS~2\Office14\NPAUTHZ.DLL [2010-01-10] (Microsoft Corporation -> Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\Program Files\Microsoft Office\root\VFS\ProgramFilesX86\Microsoft Office\Office16\NPSPWRAP.DLL [2022-03-05] (Microsoft Corporation -> Microsoft Corporation)
FF Plugin-x32: @update.avastbrowser.com/Avast Browser;version=3 -> C:\Program Files (x86)\AVAST Software\Browser\Update\1.8.1189.1\npAvastBrowserUpdate3.dll [2022-01-22] (Avast Software s.r.o. -> AVAST Software)
FF Plugin-x32: @update.avastbrowser.com/Avast Browser;version=9 -> C:\Program Files (x86)\AVAST Software\Browser\Update\1.8.1189.1\npAvastBrowserUpdate3.dll [2022-01-22] (Avast Software s.r.o. -> AVAST Software)
Chrome:
=======
CHR Profile: C:\Users\XXXX\AppData\Local\Google\Chrome\User Data\Default [2022-03-28]
CHR DownloadDir: C:\Users\XXXX\OneDrive\Desktop
CHR Session Restore: Default -> is enabled.
CHR Extension: (Slides) - C:\Users\XXXX\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2022-01-21]
CHR Extension: (Popup Blocker (strict)) - C:\Users\XXXX\AppData\Local\Google\Chrome\User Data\Default\Extensions\aefkmifgmaafnojlojpnekbpbmjiiogg [2022-01-22]
CHR Extension: (Docs) - C:\Users\XXXX\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2022-01-21]
CHR Extension: (Google Drive) - C:\Users\XXXX\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2022-01-21]
CHR Extension: (YouTube) - C:\Users\XXXX\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2022-01-21]
CHR Extension: (Adblock Plus - free ad blocker) - C:\Users\XXXX\AppData\Local\Google\Chrome\User Data\Default\Extensions\cfhdojbkjhnklbpkdaibdccddilifddb [2022-01-22]
CHR Extension: (Sheets) - C:\Users\XXXX\AppData\Local\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2022-01-21]
CHR Extension: (Google Docs Offline) - C:\Users\XXXX\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2022-03-18]
CHR Extension: (Google Hangouts) - C:\Users\XXXX\AppData\Local\Google\Chrome\User Data\Default\Extensions\nckgahadagoaajjgafhacjanaoiihapd [2022-01-25]
CHR Extension: (Chrome Web Store Payments) - C:\Users\XXXX\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2022-01-21]
CHR Extension: (Web Video Downloader) - C:\Users\XXXX\AppData\Local\Google\Chrome\User Data\Default\Extensions\odecbmmehabeloobkgokmfgldaegiflc [2022-01-22]
CHR Extension: (Gmail) - C:\Users\XXXX\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2022-01-21]
Opera:
=======
OPR Profile: C:\Users\XXXX\AppData\Roaming\Opera Software\Opera Stable [2022-03-28]
OPR DownloadDir: C:\Users\XXXX\Desktop
OPR DefaultSuggestURL: Opera Stable -> hxxps://www.google.com/complete/search?client=opera&q={searchTerms}&ie={inputEncoding}&oe={outputEncoding}
OPR Extension: (Video Downloader Prime) - C:\Users\XXXX\AppData\Roaming\Opera Software\Opera Stable\Extensions\diefijfleiebcgdkmaefbjehgcokpdjl [2022-01-24]
OPR Extension: (Rich Hints Agent) - C:\Users\XXXX\AppData\Roaming\Opera Software\Opera Stable\Extensions\enegjkbbakeegngfapepobipndnebkdk [2022-02-22]
OPR Extension: (Popup Blocker (strict)) - C:\Users\XXXX\AppData\Roaming\Opera Software\Opera Stable\Extensions\jabcemjkhjfpkhakphioakkhcnbgeomm [2022-01-24]
OPR Extension: (Amazon Assistant Promotion) - C:\Users\XXXX\AppData\Roaming\Opera Software\Opera Stable\Extensions\kbmoiomgmchbpihhdpabemajcbjpcijk [2022-01-23]
OPR Extension: (Adblock Plus - free ad blocker) - C:\Users\XXXX\AppData\Roaming\Opera Software\Opera Stable\Extensions\oidhhegpmlfpoeialbgcdocjalghfpkp [2022-01-24]
==================== Services (Whitelisted) ===================
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
R2 !SASCORE; C:\Program Files\SUPERAntiSpyware\SASCORE64.EXE [173472 2017-01-30] (SUPERAntiSpyware.com -> SUPERAntiSpyware.com)
R3 aswbIDSAgent; C:\Program Files\Avast Software\Avast\aswidsagent.exe [8482384 2022-02-17] (Avast Software s.r.o. -> AVAST Software)
S2 avast; C:\Program Files (x86)\AVAST Software\Browser\Update\AvastBrowserUpdate.exe [193872 2022-01-22] (Avast Software s.r.o. -> AVAST Software)
R2 avast! Antivirus; C:\Program Files\Avast Software\Avast\AvastSvc.exe [563992 2022-02-17] (Avast Software s.r.o. -> AVAST Software)
R2 avast! Firewall; C:\Program Files\Avast Software\Avast\afwServ.exe [1874200 2022-02-17] (Avast Software s.r.o. -> AVAST Software)
R2 avast! Tools; C:\Program Files\Avast Software\Avast\aswToolsSvc.exe [563992 2022-02-17] (Avast Software s.r.o. -> AVAST Software)
S3 avastm; C:\Program Files (x86)\AVAST Software\Browser\Update\AvastBrowserUpdate.exe [193872 2022-01-22] (Avast Software s.r.o. -> AVAST Software)
S3 AvastSecureBrowserElevationService; C:\Program Files (x86)\AVAST Software\Browser\Application\99.0.15185.75\elevation_service.exe [1876832 2022-03-16] (Avast Software s.r.o. -> AVAST Software)
R2 AvastWscReporter; C:\Program Files\Avast Software\Avast\wsc_proxy.exe [56912 2022-01-22] (Avast Software s.r.o. -> AVAST Software)
R2 CleanupPSvc; C:\Program Files\Avast Software\Cleanup\TuneupSvc.exe [15442712 2022-03-23] (Avast Software s.r.o. -> AVAST Software)
R2 ClickToRunSvc; C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exe [11649952 2022-03-05] (Microsoft Corporation -> Microsoft Corporation)
R2 DolbyDAXAPI; C:\WINDOWS\System32\DriverStore\FileRepository\dax3_swc_aposvc.inf_amd64_771d64c55bc6db71\DAX3API.exe [2141832 2021-07-22] (Dolby Laboratories, Inc. -> Dolby Laboratories)
R2 DriverUpdSvc; C:\Program Files\Avast Software\Driver Updater\DriverUpdSvc.exe [7475480 2022-03-17] (Avast Software s.r.o. -> AVAST Software)
R2 FMAPOService; C:\WINDOWS\System32\FMService64.exe [423304 2021-10-03] (Microsoft Windows Hardware Compatibility Publisher -> Fortemedia)
R2 ImControllerService; C:\WINDOWS\Lenovo\ImController\Service\Lenovo.Modern.ImController.exe [84240 2022-01-28] (Lenovo -> Lenovo Group Ltd.)
R2 IntelAudioService; C:\WINDOWS\System32\DriverStore\FileRepository\intcoed.inf_amd64_dd6a7ef14d856351\\AS\\IAS\\IntelAudioService.exe [539816 2021-09-01] (Intel Corporation -> Intel)
R2 LenovoFnAndFunctionKeys; C:\WINDOWS\System32\DriverStore\FileRepository\lenovofnandfunctionkeys.inf_amd64_5ce88e30ad5362fb\LenovoUtilityService.exe [394536 2022-01-17] (Lenovo -> Lenovo(beijing) Limited)
R2 LenovoVantageService; C:\Program Files (x86)\Lenovo\VantageService\3.11.20.0\LenovoVantageService.exe [28928 2022-01-20] (Lenovo -> Lenovo Group Ltd.)
R2 LITSSVC; C:\WINDOWS\System32\LNBITSSvc.exe [1832944 2021-08-12] (Lenovo -> Lenovo(beijing) Limited)
R2 MBAMService; C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe [8019640 2022-03-10] (Malwarebytes Inc -> Malwarebytes)
R2 PSI_SVC_2_x64; c:\Program Files\Common Files\Protexis\License Service\PsiService_2.exe [337776 2014-04-30] (Arvato Digital Services Canada Inc -> arvato digital services llc)
R3 rkrtservice; C:\Program Files\RogueKiller\RogueKillerSvc.exe [14419440 2022-03-07] (ADLICE -> )
R2 SbieSvc; C:\Program Files\Sandboxie-Plus\SbieSvc.exe [362000 2022-01-07] (Tonalio GmbH -> sandboxie-plus.com)
R2 SecureLine; C:\Program Files\Avast Software\SecureLine VPN\VpnSvc.exe [9608984 2022-03-06] (Avast Software s.r.o. -> AVAST Software)
R2 SmartNoteService; C:\Program Files (x86)\Lenovo\Smart Note\SmartNote.Service.exe [78864 2021-03-05] (Lenovo -> Lenovo)
R2 TbtP2pShortcutService; C:\WINDOWS\TbtP2pShortcutService.exe [254112 2021-07-14] (Intel Corporation -> Intel Corporation)
R2 TISmartAmpService; C:\WINDOWS\System32\TISmartAmpService.exe [537056 2020-09-07] (Texas Instruments Inc. -> Texas Instuments)
R2 UDCService; C:\WINDOWS\System32\drivers\Lenovo\udc\Service\UDClientService.exe [69368 2021-12-19] (Lenovo -> Lenovo Group Ltd.)
S3 WdNisSvc; C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.2111.5-0\NisSrv.exe [2876152 2022-01-22] (Microsoft Windows Publisher -> Microsoft Corporation)
S3 WinDefend; C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.2111.5-0\MsMpEng.exe [128360 2022-01-22] (Microsoft Windows Publisher -> Microsoft Corporation)
R2 YMC; C:\WINDOWS\System32\YMC.exe [856920 2020-06-16] (Lenovo -> Lenovo Group Ltd.)
===================== Drivers (Whitelisted) ===================
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
S3 AcxHdAudio; C:\WINDOWS\System32\drivers\AcxHdAudio.sys [557056 2022-01-21] (Microsoft Windows -> Microsoft Corporation)
S3 AppleKmdfFilter; C:\WINDOWS\System32\drivers\AppleKmdfFilter.sys [20032 2020-10-09] (WDKTestCert build,132303256403278908 -> Apple Inc.)
S3 AppleLowerFilter; C:\WINDOWS\System32\drivers\AppleLowerFilter.sys [35976 2020-10-09] (WDKTestCert build,132303256403278908 -> Apple Inc.)
R0 aswArDisk; C:\WINDOWS\System32\drivers\aswArDisk.sys [36784 2022-03-25] (Avast Software s.r.o. -> AVAST Software)
R1 aswArPot; C:\WINDOWS\System32\drivers\aswArPot.sys [228928 2022-03-25] (Avast Software s.r.o. -> AVAST Software)
R1 aswbidsdriver; C:\WINDOWS\System32\drivers\aswbidsdriver.sys [370752 2022-03-25] (Avast Software s.r.o. -> AVAST Software)
R0 aswbidsh; C:\WINDOWS\System32\drivers\aswbidsh.sys [252992 2022-03-25] (Avast Software s.r.o. -> AVAST Software)
R0 aswbuniv; C:\WINDOWS\System32\drivers\aswbuniv.sys [100416 2022-03-25] (Avast Software s.r.o. -> AVAST Software)
R0 aswElam; C:\WINDOWS\System32\drivers\aswElam.sys [21936 2022-01-22] (Microsoft Windows Early Launch Anti-malware Publisher -> AVAST Software)
R1 aswKbd; C:\WINDOWS\System32\drivers\aswKbd.sys [42416 2022-03-25] (Avast Software s.r.o. -> AVAST Software)
R1 aswMonFlt; C:\WINDOWS\System32\drivers\aswMonFlt.sys [269440 2022-03-25] (Avast Software s.r.o. -> AVAST Software)
R1 aswNetHub; C:\WINDOWS\System32\drivers\aswNetHub.sys [546320 2022-03-25] (Avast Software s.r.o. -> AVAST Software)
R1 aswRdr; C:\WINDOWS\System32\drivers\aswRdr2.sys [108912 2022-03-25] (Avast Software s.r.o. -> AVAST Software)
R0 aswRvrt; C:\WINDOWS\System32\drivers\aswRvrt.sys [83976 2022-03-25] (Avast Software s.r.o. -> AVAST Software)
R1 aswSnx; C:\WINDOWS\System32\drivers\aswSnx.sys [855336 2022-03-25] (Avast Software s.r.o. -> AVAST Software)
R1 aswSP; C:\WINDOWS\System32\drivers\aswSP.sys [551920 2022-03-25] (Avast Software s.r.o. -> AVAST Software)
R2 aswStm; C:\WINDOWS\System32\drivers\aswStm.sys [215920 2022-02-17] (Avast Software s.r.o. -> AVAST Software)
R0 aswVmm; C:\WINDOWS\System32\drivers\aswVmm.sys [318760 2022-03-25] (Avast Software s.r.o. -> AVAST Software)
S3 aswVpnRdr; C:\WINDOWS\System32\drivers\aswVpnRdr.sys [59008 2022-01-31] (Avast Software s.r.o. -> Avast Software)
R1 ESProtectionDriver; C:\WINDOWS\system32\drivers\mbae64.sys [160176 2022-02-01] (Microsoft Windows Hardware Compatibility Publisher -> Malwarebytes)
S3 GSCAuxDriver; C:\WINDOWS\System32\DriverStore\FileRepository\gscauxdriver.inf_amd64_47dea9773e9dfab7\GSCAuxDriverx64.sys [78856 2021-05-26] (Intel Corporation -> Intel Corporation)
S3 GSCx64; C:\WINDOWS\System32\DriverStore\FileRepository\gscheci.inf_amd64_ce09d58896876eb1\TeeDriverGSCW8x64.sys [258056 2021-05-26] (Intel Corporation -> Intel Corporation)
S3 Hsp; C:\WINDOWS\System32\drivers\Hsp.sys [110904 2022-02-10] (Microsoft Windows -> Microsoft Corporation)
R3 iaLPSS2_GPIO2_TGL; C:\WINDOWS\System32\DriverStore\FileRepository\ialpss2_gpio2_tgl.inf_amd64_2546dafe2183e972\iaLPSS2_GPIO2_TGL.sys [131224 2021-07-20] (Intel Corporation -> Intel Corporation)
R3 iaLPSS2_I2C_TGL; C:\WINDOWS\System32\DriverStore\FileRepository\ialpss2_i2c_tgl.inf_amd64_1308f85f1b0adf27\iaLPSS2_I2C_TGL.sys [204440 2021-07-20] (Intel Corporation -> Intel Corporation)
R3 iaLPSS2_SPI_TGL; C:\WINDOWS\System32\DriverStore\FileRepository\ialpss2_spi_tgl.inf_amd64_fc1ed3a5a1d514f2\iaLPSS2_SPI_TGL.sys [158352 2021-07-20] (Intel Corporation -> Intel Corporation)
R3 iaLPSS2_UART2_TGL; C:\WINDOWS\System32\DriverStore\FileRepository\ialpss2_uart2_tgl.inf_amd64_cd8c3a141c1b1284\iaLPSS2_UART2_TGL.sys [313504 2021-07-20] (Intel Corporation -> Intel Corporation)
R0 iaStorVD; C:\WINDOWS\System32\drivers\iaStorVD.sys [1544912 2021-08-26] (Intel Corporation -> Intel Corporation)
R3 IntcUSB; C:\WINDOWS\System32\DriverStore\FileRepository\intcusb.inf_amd64_8dd4e6dd6061449d\IntcUSB.sys [1684544 2021-09-01] (Intel Corporation -> Intel® Corporation)
S3 IntelGNA; C:\WINDOWS\System32\DriverStore\FileRepository\gna.inf_amd64_689d3d5fefeef458\gna.sys [84880 2020-11-04] (Gaussian Mixture Models and Neural Networks Accelerator -> Intel Corporation)
R2 MBAMChameleon; C:\WINDOWS\System32\Drivers\MbamChameleon.sys [221096 2022-03-14] (Microsoft Windows Hardware Compatibility Publisher -> Malwarebytes)
S0 MbamElam; C:\WINDOWS\System32\DRIVERS\MbamElam.sys [19912 2022-02-01] (Microsoft Windows Early Launch Anti-malware Publisher -> Malwarebytes)
R3 MBAMFarflt; C:\WINDOWS\System32\DRIVERS\farflt.sys [194480 2022-03-28] (Microsoft Windows Hardware Compatibility Publisher -> Malwarebytes)
R3 MBAMProtection; C:\WINDOWS\system32\DRIVERS\mbam.sys [69040 2022-03-28] (Microsoft Windows Hardware Compatibility Publisher -> Malwarebytes)
R3 MBAMSwissArmy; C:\WINDOWS\System32\Drivers\mbamswissarmy.sys [248992 2022-02-03] (Malwarebytes Inc -> Malwarebytes)
R3 MBAMWebProtection; C:\WINDOWS\system32\DRIVERS\mwac.sys [156792 2022-03-28] (Malwarebytes Inc -> Malwarebytes)
U3 RkFlt; C:\Windows\System32\drivers\rkflt.sys [42056 2022-03-28] (Adlice -> )
S3 rtux64w10; C:\WINDOWS\System32\DriverStore\FileRepository\rtux64w10.inf_amd64_a39ece60dbc76c55\rtux64w10.sys [683520 2021-06-05] (Microsoft Windows -> Realtek Corporation)
R1 SASDIFSV; C:\Program Files\SUPERAntiSpyware\SASDIFSV64.SYS [14928 2011-07-22] (Support.com, Inc. -> SUPERAdBlocker.com and SUPERAntiSpyware.com)
R1 SASKUTIL; C:\Program Files\SUPERAntiSpyware\SASKUTIL64.SYS [12368 2011-07-12] (Support.com, Inc. -> SUPERAdBlocker.com and SUPERAntiSpyware.com)
R3 SbieDrv; C:\Program Files\Sandboxie-Plus\SbieDrv.sys [244720 2022-01-07] (Microsoft Windows Hardware Compatibility Publisher -> sandboxie-plus.com)
U3 TrueSight; C:\Windows\System32\drivers\truesight.sys [38032 2022-03-28] (Adlice -> )
S3 VBoxUSB; C:\WINDOWS\System32\Drivers\VBoxUSB.sys [174752 2021-10-18] (Oracle Corporation -> Oracle Corporation)
S3 WacHIDFilterISD; C:\WINDOWS\System32\drivers\WacHIDRouterISDU.sys [115592 2021-06-03] (Wacom Co., Ltd. -> Wacom Technology, Corp.)
R3 WacHIDRouterISDF; C:\WINDOWS\System32\drivers\WacHIDRouterISDF.sys [116536 2021-08-05] (Wacom Co., Ltd. -> Wacom Technology, Corp.)
S3 WacHIDRouterISDFV; C:\WINDOWS\System32\drivers\WacHIDRouterISDF.sys [116536 2021-08-05] (Wacom Co., Ltd. -> Wacom Technology, Corp.)
S3 WdBoot; C:\WINDOWS\system32\drivers\wd\WdBoot.sys [48536 2022-01-22] (Microsoft Windows Early Launch Anti-malware Publisher -> Microsoft Corporation)
S3 WdFilter; C:\WINDOWS\system32\drivers\wd\WdFilter.sys [435432 2022-01-22] (Microsoft Windows -> Microsoft Corporation)
S3 WdNisDrv; C:\WINDOWS\System32\drivers\wd\WdNisDrv.sys [86248 2022-01-22] (Microsoft Windows -> Microsoft Corporation)
==================== NetSvcs (Whitelisted) ===================
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
==================== One month (created) (Whitelisted) =========
(If an entry is included in the fixlist, the file/folder will be moved.)
2022-03-28 23:57 - 2022-03-28 23:58 - 000043420 _____ C:\Users\XXXX\Desktop\FRST.txt
2022-03-28 23:57 - 2022-03-28 23:58 - 000000000 ____D C:\FRST
2022-03-28 23:57 - 2022-03-28 23:57 - 000000000 ____D C:\Users\XXXX\Desktop\FRST-OlderVersion
2022-03-28 23:56 - 2022-03-28 23:57 - 002365440 _____ (Farbar) C:\Users\XXXX\Desktop\FRST64.exe
2022-03-28 23:29 - 2022-03-28 23:29 - 000042056 _____ C:\WINDOWS\system32\Drivers\rkflt.sys
2022-03-28 23:28 - 2022-03-28 23:48 - 000000000 ____D C:\ProgramData\RogueKiller
2022-03-28 23:28 - 2022-03-28 23:28 - 042624352 _____ (Adlice Software ) C:\Users\XXXX\Desktop\RogueKiller_setup.exe
2022-03-28 23:28 - 2022-03-28 23:28 - 000038032 _____ C:\WINDOWS\system32\Drivers\truesight.sys
2022-03-28 23:28 - 2022-03-28 23:28 - 000000910 _____ C:\Users\Public\Desktop\RogueKiller.lnk
2022-03-28 23:28 - 2022-03-28 23:28 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\RogueKiller
2022-03-28 23:28 - 2022-03-28 23:28 - 000000000 ____D C:\Program Files\RogueKiller
2022-03-28 18:53 - 2022-03-28 23:21 - 000000000 ____D C:\Program Files\CCleaner
2022-03-28 18:53 - 2022-03-28 18:53 - 000003936 _____ C:\WINDOWS\system32\Tasks\CCleaner Update
2022-03-28 18:53 - 2022-03-28 18:53 - 000002884 _____ C:\WINDOWS\system32\Tasks\CCleanerSkipUAC - XXXX
2022-03-28 18:53 - 2022-03-28 18:53 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CCleaner
2022-03-28 18:24 - 2022-03-28 18:32 - 000651277 _____ C:\Users\XXXX\Desktop\GENERAL sf RELEASE PLANIT 35 Hillside Avenue Apt. 6L AbatementSCAN.pdf
2022-03-28 18:24 - 2022-03-28 18:24 - 000332182 _____ C:\Users\XXXX\Desktop\GENERAL sf RELEASE PLANIT 35 Hillside Avenue Apt. 6L Abatement111.pdf
2022-03-28 16:42 - 2022-03-28 16:42 - 000097544 _____ C:\Users\XXXX\Desktop\photo.htm
2022-03-28 15:55 - 2022-03-28 15:55 - 000322347 _____ C:\Users\XXXX\Desktop\GENERAL sf RELEASE PLANIT 35 Hillside Avenue Apt. 6L Abatement65.pdf
2022-03-28 12:56 - 2022-03-28 23:52 - 000000000 ____D C:\Users\XXXX\AppData\LocalLow\IGDump
2022-03-28 12:56 - 2022-03-28 12:56 - 000194480 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\farflt.sys
2022-03-28 12:56 - 2022-03-28 12:56 - 000156792 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\mwac.sys
2022-03-28 12:56 - 2022-03-28 12:56 - 000069040 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\mbam.sys
2022-03-27 17:23 - 2022-03-28 18:24 - 000927252 _____ C:\Users\XXXX\Desktop\GENERAL sf RELEASE PLANIT 35 Hillside Avenue Apt. 6L Abatement1.pdf
2022-03-27 17:23 - 2022-03-27 17:23 - 000300783 _____ C:\Users\XXXX\Desktop\GENERAL sf RELEASE PLANIT 35 Hillside Avenue Apt. 6L Abatement12.pdf
2022-03-27 17:01 - 2022-03-27 17:20 - 001761170 _____ C:\Users\XXXX\Desktop\GENERAL RELEASE PLANIT 35 Hillside Avenue Apt. 6L Abatement_Page_2.cpt
2022-03-27 15:52 - 2022-03-27 15:52 - 000130747 _____ C:\Users\XXXX\Desktop\GENERAL RELEASE PLANIT 35 Hillside Avenue Apt. 6L Abatement.pdf
2022-03-27 15:43 - 2022-03-27 15:43 - 000000000 ____D C:\ProgramData\Protexis
2022-03-27 15:43 - 2022-03-27 15:43 - 000000000 ____D C:\Program Files\Common Files\Corel
2022-03-27 15:42 - 2022-03-27 15:42 - 000000000 ____D C:\Users\XXXX\Documents\My Palettes
2022-03-27 15:41 - 2022-03-27 15:47 - 000000000 ____D C:\Users\XXXX\Documents\Corel
2022-03-27 15:28 - 2022-03-27 15:28 - 000000000 ____D C:\Users\XXXX\AppData\Roaming\Corel
2022-03-27 15:28 - 2022-03-27 15:28 - 000000000 ____D C:\ProgramData\Protexis64
2022-03-27 15:26 - 2022-03-27 15:25 - 000002974 _____ C:\Users\Public\Desktop\Corel PHOTO-PAINT X7 (64-Bit).lnk
2022-03-27 15:26 - 2022-03-27 15:25 - 000002942 _____ C:\Users\Public\Desktop\CorelDRAW X7 (64-Bit).lnk
2022-03-27 15:25 - 2022-03-27 15:44 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CorelDRAW Graphics Suite X7 (64-bit)
2022-03-27 15:25 - 2022-03-27 15:25 - 000000000 ____D C:\Users\Public\Documents\Corel
2022-03-27 15:25 - 2022-03-27 15:25 - 000000000 ____D C:\Program Files\Common Files\Protexis
2022-03-27 15:24 - 2022-03-27 15:25 - 000000000 ____D C:\ProgramData\Corel
2022-03-27 15:24 - 2022-03-27 15:24 - 000000000 ____D C:\Program Files\Corel
2022-03-27 15:19 - 2022-03-27 15:27 - 000000000 ____D C:\ProgramData\CorelDRAW Graphics Suite X7 x64
2022-03-25 10:34 - 2022-03-25 10:34 - 000340760 _____ (AVAST Software) C:\WINDOWS\system32\aswBoot.exe
2022-03-25 10:34 - 2022-03-25 10:34 - 000215920 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\asw8501865b1817b427.tmp
2022-03-24 03:11 - 2022-03-24 03:11 - 000083366 _____ C:\Users\XXXX\Desktop\xena_network_pitch_12.9.15.pdf
2022-03-23 16:31 - 2022-03-23 16:37 - 000000000 ____D C:\Users\XXXX\Documents\Sound recordings
2022-03-22 00:13 - 2022-03-22 00:13 - 000000000 ____D C:\WINDOWS\LastGood
2022-03-18 02:29 - 2022-03-18 02:29 - 023579142 _____ C:\Users\XXXX\Desktop\vdoc.pub_the-groucho-letters.pdf
2022-03-14 08:59 - 2022-03-14 08:59 - 000221096 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\MbamChameleon.sys
2022-03-11 13:59 - 2022-03-11 13:59 - 000000000 ____D C:\Users\XXXX\Documents\Zoom
2022-03-11 02:09 - 2022-03-11 02:09 - 000210432 _____ C:\WINDOWS\system32\CloudIdWxhExtension.dll
2022-03-11 02:09 - 2022-03-11 02:09 - 000015016 _____ C:\WINDOWS\system32\DrtmAuthTxt.wim
2022-03-11 02:06 - 2022-03-11 02:06 - 000000000 ___HD C:\$WinREAgent
2022-03-10 12:12 - 2022-03-10 12:12 - 000002032 _____ C:\Users\Public\Desktop\Malwarebytes.lnk
2022-03-07 13:40 - 2022-03-07 13:41 - 015819296 _____ C:\Users\XXXX\Downloads\Unconfirmed 142020.crdownload
2022-03-05 23:00 - 2022-03-05 23:00 - 000000000 ____D C:\Users\XXXX\AppData\LocalLow\webviewdata
2022-03-02 14:51 - 2022-03-02 14:51 - 000008243 _____ C:\Users\XXXX\Desktop\transcript.txt
==================== One month (modified) ==================
(If an entry is included in the fixlist, the file/folder will be moved.)
2022-03-28 23:56 - 2021-12-24 14:14 - 000000000 ____D C:\ProgramData\regid.1991-06.com.microsoft
2022-03-28 23:29 - 2021-12-24 14:14 - 000000000 ____D C:\WINDOWS\SystemTemp
2022-03-28 23:08 - 2022-01-18 21:37 - 000000000 ____D C:\Program Files (x86)\Google
2022-03-28 18:57 - 2021-12-24 14:18 - 000000000 ____D C:\WINDOWS\Panther
2022-03-28 14:32 - 2021-12-24 14:19 - 000000000 ____D C:\WINDOWS\system32\SleepStudy
2022-03-28 10:57 - 2022-02-17 19:26 - 000000000 ____D C:\Users\XXXX\AppData\LocalLow\Mozilla
2022-03-28 00:04 - 2022-01-17 01:27 - 000004782 _____ C:\WINDOWS\system32\Tasks\MicrosoftEdgeShadowStackRollbackTask
2022-03-28 00:04 - 2021-12-24 14:19 - 000002449 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Edge.lnk
2022-03-28 00:04 - 2021-12-24 14:14 - 000000000 ___HD C:\Program Files\WindowsApps
2022-03-28 00:04 - 2021-12-24 14:14 - 000000000 ____D C:\WINDOWS\AppReadiness
2022-03-27 22:14 - 2022-01-22 23:17 - 000000000 ___RD C:\Users\XXXX\Winword
2022-03-27 15:25 - 2022-02-23 02:32 - 000000000 ____D C:\ProgramData\Package Cache
2022-03-27 15:25 - 2021-12-24 14:14 - 000000000 ____D C:\Program Files\Common Files\microsoft shared
2022-03-25 10:38 - 2021-09-29 04:22 - 000000000 ____D C:\WINDOWS\TempInst
2022-03-25 10:34 - 2022-01-22 23:04 - 000855336 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswSnx.sys
2022-03-25 10:34 - 2022-01-22 23:04 - 000551920 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswSP.sys
2022-03-25 10:34 - 2022-01-22 23:04 - 000546320 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswNetHub.sys
2022-03-25 10:34 - 2022-01-22 23:04 - 000370752 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswbidsdriver.sys
2022-03-25 10:34 - 2022-01-22 23:04 - 000318760 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswVmm.sys
2022-03-25 10:34 - 2022-01-22 23:04 - 000269440 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswMonFlt.sys
2022-03-25 10:34 - 2022-01-22 23:04 - 000252992 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswbidsh.sys
2022-03-25 10:34 - 2022-01-22 23:04 - 000228928 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswArPot.sys
2022-03-25 10:34 - 2022-01-22 23:04 - 000108912 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswRdr2.sys
2022-03-25 10:34 - 2022-01-22 23:04 - 000100416 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswbuniv.sys
2022-03-25 10:34 - 2022-01-22 23:04 - 000083976 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswRvrt.sys
2022-03-25 10:34 - 2022-01-22 23:04 - 000042416 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswKbd.sys
2022-03-25 10:34 - 2022-01-22 23:04 - 000036784 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswArDisk.sys
2022-03-25 10:34 - 2022-01-22 23:04 - 000003990 _____ C:\WINDOWS\system32\Tasks\Avast Emergency Update
2022-03-25 10:34 - 2021-12-24 14:14 - 000000000 ___HD C:\WINDOWS\ELAMBKUP
2022-03-24 09:52 - 2022-01-22 23:06 - 000002509 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Avast Secure Browser.lnk
2022-03-24 09:47 - 2022-01-17 01:35 - 000000000 ____D C:\Users\XXXX\AppData\Local\D3DSCache
2022-03-24 09:44 - 2022-01-17 01:34 - 000000000 __SHD C:\Users\XXXX\IntelGraphicsProfiles
2022-03-23 16:34 - 2021-12-24 14:28 - 000848788 _____ C:\WINDOWS\system32\PerfStringBackup.INI
2022-03-23 16:34 - 2021-12-24 14:13 - 000000000 ____D C:\WINDOWS\INF
2022-03-23 16:19 - 2021-12-24 14:14 - 000000000 ____D C:\WINDOWS\LiveKernelReports
2022-03-23 11:15 - 2022-01-17 01:35 - 000000000 ____D C:\ProgramData\Packages
2022-03-22 20:11 - 2022-01-21 23:52 - 000002258 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk
2022-03-18 13:17 - 2022-01-17 01:36 - 000000000 ____D C:\Users\XXXX\AppData\Local\VirtualStore
2022-03-18 12:32 - 2022-01-23 23:41 - 000004146 _____ C:\WINDOWS\system32\Tasks\Opera scheduled Autoupdate 1642995656
2022-03-18 12:32 - 2022-01-23 23:40 - 000001416 _____ C:\Users\XXXX\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Opera Browser.lnk
2022-03-16 14:48 - 2022-01-21 23:56 - 000009404 _____ C:\WINDOWS\storelibdebug.txt
2022-03-15 09:43 - 2021-09-29 04:13 - 000000000 ____D C:\Program Files\Microsoft Office
2022-03-14 08:59 - 2022-01-22 23:04 - 000004028 _____ C:\WINDOWS\system32\Tasks\Avast SecureLine VPN Update
2022-03-14 08:59 - 2022-01-22 23:03 - 000000000 ____D C:\ProgramData\Avast Software
2022-03-14 08:59 - 2021-12-24 14:19 - 000012288 ___SH C:\DumpStack.log.tmp
2022-03-14 08:59 - 2021-12-24 14:19 - 000000006 ____H C:\WINDOWS\Tasks\SA.DAT
2022-03-14 08:59 - 2021-12-24 14:19 - 000000000 ____D C:\Intel
2022-03-14 08:59 - 2021-12-24 14:14 - 000000000 ____D C:\WINDOWS\ServiceState
2022-03-14 01:53 - 2021-12-24 14:11 - 000524288 _____ C:\WINDOWS\system32\config\BBI
2022-03-14 01:52 - 2021-12-24 14:19 - 000484976 _____ C:\WINDOWS\system32\FNTCACHE.DAT
2022-03-14 01:50 - 2021-12-24 14:14 - 000000000 ___RD C:\WINDOWS\ImmersiveControlPanel
2022-03-14 01:50 - 2021-12-24 14:14 - 000000000 ____D C:\WINDOWS\SysWOW64\Dism
2022-03-14 01:50 - 2021-12-24 14:14 - 000000000 ____D C:\WINDOWS\SystemResources
2022-03-14 01:50 - 2021-12-24 14:14 - 000000000 ____D C:\WINDOWS\system32\oobe
2022-03-14 01:50 - 2021-12-24 14:14 - 000000000 ____D C:\WINDOWS\system32\Dism
2022-03-14 01:50 - 2021-12-24 14:14 - 000000000 ____D C:\WINDOWS\system32\appraiser
2022-03-14 01:50 - 2021-12-24 14:14 - 000000000 ____D C:\WINDOWS\PolicyDefinitions
2022-03-14 01:50 - 2021-12-24 14:14 - 000000000 ____D C:\WINDOWS\bcastdvr
2022-03-12 17:38 - 2022-02-10 22:55 - 000000000 ____D C:\Users\XXXX\AppData\Local\ElevatedDiagnostics
2022-03-11 02:18 - 2022-01-22 00:05 - 000000000 ____D C:\Program Files\Microsoft Update Health Tools
2022-03-11 02:18 - 2022-01-21 23:53 - 000000000 ____D C:\WINDOWS\system32\MRT
2022-03-11 02:16 - 2022-01-21 23:53 - 145666720 ____C (Microsoft Corporation) C:\WINDOWS\system32\MRT.exe
2022-03-11 02:16 - 2021-12-24 14:12 - 000000000 ____D C:\WINDOWS\CbsTemp
2022-03-11 02:09 - 2021-12-24 14:21 - 003102208 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\PrintConfig.dll
2022-03-10 12:12 - 2022-02-01 19:28 - 000002044 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes.lnk
2022-03-10 12:11 - 2022-02-01 19:27 - 000000000 ____D C:\ProgramData\Malwarebytes
2022-03-10 12:11 - 2022-02-01 19:27 - 000000000 ____D C:\Program Files\Malwarebytes
2022-03-08 21:58 - 2021-12-24 14:19 - 000003480 _____ C:\WINDOWS\system32\Tasks\MicrosoftEdgeUpdateTaskMachineUA
2022-03-08 21:58 - 2021-12-24 14:19 - 000003356 _____ C:\WINDOWS\system32\Tasks\MicrosoftEdgeUpdateTaskMachineCore
2022-03-06 15:05 - 2022-01-22 23:04 - 000036120 _____ (Avast Software) C:\WINDOWS\system32\icarus_rvrt.exe
2022-03-06 05:31 - 2022-01-24 04:36 - 000000000 ____D C:\Users\XXXX\AppData\Roaming\CDisplayEx
2022-03-05 17:51 - 2022-01-22 23:06 - 000000000 ____D C:\Users\XXXX\AppData\Local\CrashDumps
2022-03-03 12:32 - 2022-01-22 23:04 - 000550376 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\asw4b38ecbb736ab372.tmp
2022-03-01 01:36 - 2022-01-22 00:05 - 000504136 _____ (Microsoft Corporation) C:\WINDOWS\system32\QualityUpdateAssistant.dll
2022-03-01 01:36 - 2022-01-22 00:05 - 000491848 _____ (Microsoft Corporation) C:\WINDOWS\system32\sedplugins.dll
2022-02-26 23:58 - 2022-01-23 02:38 - 000000000 ____D C:\Program Files\SUPERAntiSpyware
==================== SigCheck ============================
(There is no automatic fix for files that do not pass verification.)
==================== End of FRST.txt ========================
Additional scan result of Farbar Recovery Scan Tool (x64) Version: 28-03-2022
Ran by XXXX (28-03-2022 23:59:50)
Running from C:\Users\XXXX\Desktop
Microsoft Windows 11 Home Version 21H2 22000.556 (X64) (2021-12-24 18:25:43)
Boot Mode: Normal
==========================================================
==================== Accounts: =============================
(If an entry is included in the fixlist, it will be removed.)
Administrator (S-1-5-21-264392141-483231010-3487555609-500 - Administrator - Disabled)
DefaultAccount (S-1-5-21-264392141-483231010-3487555609-503 - Limited - Disabled)
Guest (S-1-5-21-264392141-483231010-3487555609-501 - Limited - Disabled)
XXXX (S-1-5-21-264392141-483231010-3487555609-1001 - Administrator - Enabled) => C:\Users\XXXX
WDAGUtilityAccount (S-1-5-21-264392141-483231010-3487555609-504 - Limited - Disabled)
==================== Security Center ========================
(If an entry is included in the fixlist, it will be removed.)
AV: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AV: Avast Antivirus (Enabled - Up to date) {EB19B86E-3998-C706-90EF-92B41EB091AF}
AV: Malwarebytes (Enabled - Up to date) {23007AD3-69FE-687C-2629-D584AFFAF72B}
FW: Avast Antivirus (Enabled) {D322394B-73F7-C65E-BBB0-3B81E063D6D4}
==================== Installed Programs ======================
(Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)
7-Zip 21.07 (x64) (HKLM\...\7-Zip) (Version: 21.07 - Igor Pavlov)
Adobe Acrobat X Pro - English, Français, Deutsch (HKLM-x32\...\{AC76BA86-1033-F400-7760-000000000005}) (Version: 10.0.0 - Adobe Systems)
Avast One (HKLM\...\Avast Antivirus) (Version: 22.2.6003 - Avast Software)
Avast Secure Browser (HKLM-x32\...\Avast Secure Browser) (Version: 99.0.15185.75 - AVAST Software)
Avast Update Helper (HKLM-x32\...\{19C3AB22-3718-4E4D-B203-242F5001565B}) (Version: 1.8.1189.1 - AVAST Software) Hidden
CCleaner (HKLM\...\CCleaner) (Version: 5.91 - Piriform)
CDisplayEx 1.10.29 (HKLM\...\CDisplayEx_is1) (Version: - Progdigy Software S.A.R.L.)
Corel Graphics - Windows Shell Extension (HKLM\...\_{78FFFA60-B301-4897-8054-D5D0CD5A6AE0}) (Version: 17.2.0.688 - Corel Corporation)
Corel Graphics - Windows Shell Extension (HKLM\...\{78FFFA60-B301-4897-8054-D5D0CD5A6AE0}) (Version: 17.2.688 - Corel Corporation) Hidden
Corel Graphics - Windows Shell Extension 32 Bit (HKLM\...\{F47CD095-D317-4D30-9082-C26AD5A33359}) (Version: 17.2.688 - Corel Corporation) Hidden
CorelDRAW Graphics Suite X7 - IPM Content (x64) (HKLM\...\{EF44BCCD-13F9-4974-862C-CCFAF43EE082}) (Version: 17.0 - Corel Corporation) Hidden
CorelDRAW Graphics Suite X7 - IPM T (x64) (HKLM\...\{13179AB2-69FD-459B-800F-81865A501AD4}) (Version: 17.2 - Corel Corporation) Hidden
CorelDRAW Graphics Suite X7 - Writing Tools (x64) (HKLM\...\{D63404AC-C2F1-4B3D-96EA-9727AC9D994C}) (Version: 17.2 - Corel Corporation) Hidden
CorelDRAW Graphics Suite X7 (64-Bit) (HKLM\...\_{5CB73140-806C-42C6-A05A-1AFD0E92DEB5}) (Version: 17.2.0.688 - Corel Corporation)
FastStone Image Viewer 7.5 (HKLM-x32\...\FastStone Image Viewer) (Version: 7.5 - FastStone Soft)
Final Draft 7 (HKLM-x32\...\{78D62D17-D970-42DA-B8CF-5E5576293B33}) (Version: 7.1.3.42 - Final Draft, Inc.)
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 99.0.4844.82 - Google LLC)
Intel® C++ Redistributables for Windows* on Intel® 64 (HKLM-x32\...\{D2437C5C-2D8C-40D2-8059-689AD7239FA3}) (Version: 11.1.048 - Intel Corporation)
Lenovo Diagnostics Tool (HKLM\...\{01ADF966-E3BA-40DC-9037-E90BBA9ED50E}_is1) (Version: 4.42.0.155 - LENOVO (UNITED STATES) INC.)
Lenovo Service Bridge (HKU\S-1-5-21-264392141-483231010-3487555609-1001\...\{2C74547D-EF88-47F4-85F5-BE46A31E26B7}_is1) (Version: 5.0.2.9 - Lenovo)
Lenovo Vantage Service (HKLM-x32\...\VantageSRV_is1) (Version: 3.11.20.0 - Lenovo Group Ltd.)
Malwarebytes version 4.5.5.175 (HKLM\...\{35065F43-4BB2-439A-BFF7-0F1014F2E0CD}_is1) (Version: 4.5.5.175 - Malwarebytes)
Microsoft 365 - en-us (HKLM\...\O365HomePremRetail - en-us) (Version: 16.0.14931.20132 - Microsoft Corporation)
Microsoft Edge (HKLM-x32\...\Microsoft Edge) (Version: 99.0.1150.55 - Microsoft Corporation)
Microsoft Edge WebView2 Runtime (HKLM-x32\...\Microsoft EdgeWebView) (Version: 99.0.1150.52 - Microsoft Corporation)
Microsoft Office Home and Student 2010 (HKLM-x32\...\Office14.SingleImage) (Version: 14.0.7015.1000 - Microsoft Corporation)
Microsoft OneNote - en-us (HKLM\...\OneNoteFreeRetail - en-us) (Version: 16.0.14931.20132 - Microsoft Corporation)
Microsoft Update Health Tools (HKLM\...\{4812E2CC-BAA9-49AE-B310-DA845882322B}) (Version: 4.66.0.0 - Microsoft Corporation)
Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2015-2019 Redistributable (x64) - 14.27.29016 (HKLM-x32\...\{40d3fee2-b257-46c2-bdc0-cb1088d97327}) (Version: 14.27.29016.0 - Microsoft Corporation)
Microsoft Visual Studio 2010 Tools for Office Runtime (x64) (HKLM\...\Microsoft Visual Studio 2010 Tools for Office Runtime (x64)) (Version: 10.0.50903 - Microsoft Corporation)
Microsoft Visual Studio Tools for Applications 2012 (HKLM-x32\...\{89ca2a32-2b52-4595-8dfd-6fe4757958d0}) (Version: 11.0.51108 - Microsoft Corporation)
Office 16 Click-to-Run Extensibility Component (HKLM\...\{90160000-008C-0000-1000-0000000FF1CE}) (Version: 16.0.14931.20010 - Microsoft Corporation) Hidden
Office 16 Click-to-Run Licensing Component (HKLM\...\{90160000-007E-0000-1000-0000000FF1CE}) (Version: 16.0.14931.20094 - Microsoft Corporation) Hidden
Office 16 Click-to-Run Localization Component (HKLM\...\{90160000-008C-0409-1000-0000000FF1CE}) (Version: 16.0.14026.20302 - Microsoft Corporation) Hidden
Opera Stable 84.0.4316.42 (HKU\S-1-5-21-264392141-483231010-3487555609-1001\...\Opera 84.0.4316.42) (Version: 84.0.4316.42 - Opera Software)
Pacote de Idiomas do Microsoft Visual Studio Tools for Applications 2012 x64 Hosting Support - PTB (HKLM\...\{E237254B-36A1-3D27-815E-B37C13BE0796}) (Version: 11.0.51108 - Microsoft Corporation) Hidden
Pacote de Idiomas do Microsoft Visual Studio Tools for Applications 2012 x86 Hosting Support - PTB (HKLM-x32\...\{03077B58-6ACF-32CA-B42A-EAA458C295A1}) (Version: 11.0.51108 - Microsoft Corporation) Hidden
RogueKiller version 15.4.0.0 (HKLM\...\8B3D7924-ED89-486B-8322-E8594065D5CB_is1) (Version: 15.4.0.0 - Adlice Software)
Sandboxie-Plus v1.0.7 (HKLM\...\Sandboxie-Plus_is1) (Version: 1.0.7 - hxxp://xanasoft.com/)
Service Pack 2 for Microsoft Office 2010 (KB2687455) 32-Bit Edition (HKLM-x32\...\{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{DE28B448-32E8-4E8F-84F0-A52B21A49B5B}) (Version: - Microsoft)
Smart Note (HKLM\...\{E2715359-FAFC-4C28-8064-526EB44096AD}_is1) (Version: 1.0.13.1118 - Lenovo Group Limited)
SUPERAntiSpyware (HKLM\...\{CDDCBBF1-2703-46BC-938B-BCC81A1EEAAA}) (Version: 8.0.1052 - SUPERAntiSpyware.com)
Zoom (HKU\S-1-5-21-264392141-483231010-3487555609-1001\...\ZoomUMX) (Version: 5.9.1 (2581) - Zoom Video Communications, Inc.)
Языковой пакет для поддержки размещения набора средств Microsoft Visual Studio Tools для работы с приложениями 2012 (x64) - RUS (HKLM\...\{25FB53C5-BE4C-3B6C-A0C9-D49A39227E1E}) (Version: 11.0.51108 - Microsoft Corporation) Hidden
Языковой пакет для поддержки размещения набора средств Microsoft Visual Studio Tools для работы с приложениями 2012 (x86) - RUS (HKLM-x32\...\{68DC347D-C1C0-3DE2-A53E-CCC71DA53E57}) (Version: 11.0.51108 - Microsoft Corporation) Hidden
Packages:
=========
Amazon Alexa -> C:\Program Files\WindowsApps\57540AMZNMobileLLC.AmazonAlexa_3.24.1129.0_x64__22t9g3sebte08 [2022-02-07] (AMZN Mobile LLC.) [Startup Task]
AV1 Video Extension -> C:\Program Files\WindowsApps\microsoft.av1videoextension_1.1.41601.0_x64__8wekyb3d8bbwe [2022-01-17] (Microsoft Corporation)
Dolby Atmos Speaker System -> C:\Program Files\WindowsApps\dolbylaboratories.dolbyatmosspeakersystem_3.30100.101.0_x64__rz1tebttyb220 [2022-01-17] (Dolby Laboratories)
Dolby Vision -> C:\Program Files\WindowsApps\DolbyLaboratories.DolbyVisionHDR_2.1.5712.0_x64__rz1tebttyb220 [2022-01-17] (Dolby Laboratories)
GestureSign -> C:\Program Files\WindowsApps\41908Transpy.GestureSign_8.1.0.0_neutral__f441wk0cxr8zc [2022-02-03] (TransposonY) [Startup Task]
Glance by Mirametrix -> C:\Program Files\WindowsApps\mirametrixinc.glancebymirametrix_8.20.2269.0_x64__17mer8kcn3j54 [2022-01-17] (Mirametrix Inc.) [Startup Task]
Intel® Graphics Command Center -> C:\Program Files\WindowsApps\AppUp.IntelGraphicsExperience_1.100.3407.0_x64__8j3eq9eme6ctt [2022-03-10] (INTEL CORP) [Startup Task]
Lenovo Hotkeys -> C:\Program Files\WindowsApps\E0469640.LenovoUtility_4.2.33.0_x64__5grkq8ppsgwt4 [2022-02-18] (LENOVO INC) [Startup Task]
Lenovo Pen Settings -> C:\Program Files\WindowsApps\WacomTechnologyCorp.157535B83C264_7.7.35.0_neutral__ss941bf8mfs8a [2022-01-17] (Wacom Technology Corp.)
Lenovo Vantage -> C:\Program Files\WindowsApps\E046963F.LenovoCompanion_10.2202.9.0_x64__k1h2ywk1493x8 [2022-02-21] (LENOVO INC.)
Microsoft To Do -> C:\Program Files\WindowsApps\Microsoft.Todos_2.66.5751.0_x64__8wekyb3d8bbwe [2022-03-23] (Microsoft Corporation) [Startup Task]
Microsoft Whiteboard -> C:\Program Files\WindowsApps\Microsoft.Whiteboard_52.10201.5809.0_x64__8wekyb3d8bbwe [2022-02-03] (Microsoft Corporation)
MPEG-2 Video Extension -> C:\Program Files\WindowsApps\microsoft.mpeg2videoextension_1.0.42152.0_x64__8wekyb3d8bbwe [2022-01-17] (Microsoft Corporation)
Realtek Audio Control -> C:\Program Files\WindowsApps\RealtekSemiconductorCorp.RealtekAudioControl_1.27.254.0_x64__dt26b99r8h8gj [2022-02-11] (Realtek Semiconductor Corp)
Smart Microphone Setting -> C:\Program Files\WindowsApps\4505Fortemedia.FMAPOControl_1.0.38.0_x64__4pejv7q2gmsnr [2022-01-17] (Fortemedia)
Thunderbolt™ Control Center -> C:\Program Files\WindowsApps\appup.thunderboltcontrolcenter_1.0.34.0_x64__8j3eq9eme6ctt [2022-01-17] (INTEL CORP)
==================== Custom CLSID (Whitelisted): ==============
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
ShellIconOverlayIdentifiers: [00asw] -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Program Files\Avast Software\Avast\ashShell.dll [2022-02-17] (Avast Software s.r.o. -> AVAST Software)
ShellIconOverlayIdentifiers-x32: [00asw] -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Program Files\Avast Software\Avast\ashShell.dll [2022-02-17] (Avast Software s.r.o. -> AVAST Software)
ContextMenuHandlers1: [7-Zip] -> {23170F69-40C1-278A-1000-000100020000} => C:\Program Files\7-Zip\7-zip.dll [2021-12-26] (Igor Pavlov) [File not signed]
ContextMenuHandlers1: [Adobe.Acrobat.ContextMenu] -> {D25B2CAB-8A9A-4517-A9B2-CB5F68A5A802} => C:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat\..\Acrobat Elements\ContextMenu64.dll [2010-10-25] (Adobe Systems, Incorporated -> Adobe Systems Inc.)
ContextMenuHandlers1: [avast] -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Program Files\Avast Software\Avast\ashShell.dll [2022-02-17] (Avast Software s.r.o. -> AVAST Software)
ContextMenuHandlers3: [00asw] -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Program Files\Avast Software\Avast\ashShell.dll [2022-02-17] (Avast Software s.r.o. -> AVAST Software)
ContextMenuHandlers3: [MBAMShlExt] -> {57CE581A-0CB6-4266-9CA0-19364C90A0B3} => C:\Program Files\Malwarebytes\Anti-Malware\mbshlext.dll [2022-02-01] (Malwarebytes Corporation -> Malwarebytes)
ContextMenuHandlers4: [7-Zip] -> {23170F69-40C1-278A-1000-000100020000} => C:\Program Files\7-Zip\7-zip.dll [2021-12-26] (Igor Pavlov) [File not signed]
ContextMenuHandlers6: [7-Zip] -> {23170F69-40C1-278A-1000-000100020000} => C:\Program Files\7-Zip\7-zip.dll [2021-12-26] (Igor Pavlov) [File not signed]
ContextMenuHandlers6: [Adobe.Acrobat.ContextMenu] -> {D25B2CAB-8A9A-4517-A9B2-CB5F68A5A802} => C:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat\..\Acrobat Elements\ContextMenu64.dll [2010-10-25] (Adobe Systems, Incorporated -> Adobe Systems Inc.)
ContextMenuHandlers6: [avast] -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Program Files\Avast Software\Avast\ashShell.dll [2022-02-17] (Avast Software s.r.o. -> AVAST Software)
ContextMenuHandlers6: [MBAMShlExt] -> {57CE581A-0CB6-4266-9CA0-19364C90A0B3} => C:\Program Files\Malwarebytes\Anti-Malware\mbshlext.dll [2022-02-01] (Malwarebytes Corporation -> Malwarebytes)
==================== Codecs (Whitelisted) ====================
==================== Shortcuts & WMI ========================
==================== Loaded Modules (Whitelisted) =============
2022-02-03 23:19 - 2021-12-26 10:00 - 000093696 _____ (Igor Pavlov) [File not signed] C:\Program Files\7-Zip\7-zip.dll
2021-09-29 04:13 - 2021-09-29 04:13 - 000000000 ____L (Microsoft Corporation) [simlink -> C:\Program Files\Common Files\Microsoft Shared\ClickToRun\AppvIsvSubsystems64.dll] C:\Program Files\Microsoft Office\Root\Office16\AppVIsvSubsystems64.dll
2021-09-29 04:13 - 2021-09-29 04:13 - 000000000 ____L (Microsoft Corporation) [simlink -> C:\Program Files\Common Files\Microsoft Shared\ClickToRun\C2R64.dll] C:\Program Files\Microsoft Office\Root\Office16\c2r64.dll
==================== Alternate Data Streams (Whitelisted) ========
==================== Safe Mode (Whitelisted) ==================
(If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\aswSP.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MBAMService => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\aswSP.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\MBAMService => ""="Service"
==================== Association (Whitelisted) =================
==================== Internet Explorer (Whitelisted) ==========
HKU\S-1-5-21-264392141-483231010-3487555609-1001\Software\Microsoft\Internet Explorer\Main,Start Page =
BHO: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL [2013-03-06] (Microsoft Corporation -> Microsoft Corporation)
BHO-x32: Adobe PDF Link Helper -> {18DF081C-E8AD-4283-A596-FA578C2EBDC3} -> C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll [2010-10-25] (Adobe Systems, Incorporated -> Adobe Systems Incorporated)
BHO-x32: Skype for Business Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files\Microsoft Office\root\VFS\ProgramFilesX86\Microsoft Office\Office16\OCHelper.dll [2022-03-05] (Microsoft Corporation -> Microsoft Corporation)
BHO-x32: Adobe PDF Conversion Toolbar Helper -> {AE7CD045-E861-484f-8273-0445EE161910} -> C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll [2010-10-25] (Adobe Systems, Incorporated -> Adobe Systems Incorporated)
BHO-x32: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files (x86)\Microsoft Office\Office14\URLREDIR.DLL [2013-03-06] (Microsoft Corporation -> Microsoft Corporation)
BHO-x32: SmartSelect Class -> {F4971EE7-DAA0-4053-9964-665D8EE6A077} -> C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll [2010-10-25] (Adobe Systems, Incorporated -> Adobe Systems Incorporated)
Toolbar: HKLM-x32 - Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll [2010-10-25] (Adobe Systems, Incorporated -> Adobe Systems Incorporated)
Handler: mso-minsb-roaming.16 - {83C25742-A9F7-49FB-9138-434302C88D07} - C:\Program Files\Microsoft Office\root\Office16\MSOSB.DLL [2022-03-05] (Microsoft Corporation -> Microsoft Corporation)
Handler-x32: mso-minsb-roaming.16 - {83C25742-A9F7-49FB-9138-434302C88D07} - C:\Program Files\Microsoft Office\root\VFS\ProgramFilesX86\Microsoft Office\Office16\MSOSB.DLL [2022-03-05] (Microsoft Corporation -> Microsoft Corporation)
Handler: mso-minsb.16 - {42089D2D-912D-4018-9087-2B87803E93FB} - C:\Program Files\Microsoft Office\root\Office16\MSOSB.DLL [2022-03-05] (Microsoft Corporation -> Microsoft Corporation)
Handler-x32: mso-minsb.16 - {42089D2D-912D-4018-9087-2B87803E93FB} - C:\Program Files\Microsoft Office\root\VFS\ProgramFilesX86\Microsoft Office\Office16\MSOSB.DLL [2022-03-05] (Microsoft Corporation -> Microsoft Corporation)
Handler: osf-roaming.16 - {42089D2D-912D-4018-9087-2B87803E93FB} - C:\Program Files\Microsoft Office\root\Office16\MSOSB.DLL [2022-03-05] (Microsoft Corporation -> Microsoft Corporation)
Handler-x32: osf-roaming.16 - {42089D2D-912D-4018-9087-2B87803E93FB} - C:\Program Files\Microsoft Office\root\VFS\ProgramFilesX86\Microsoft Office\Office16\MSOSB.DLL [2022-03-05] (Microsoft Corporation -> Microsoft Corporation)
Handler: osf.16 - {5504BE45-A83B-4808-900A-3A5C36E7F77A} - C:\Program Files\Microsoft Office\root\Office16\MSOSB.DLL [2022-03-05] (Microsoft Corporation -> Microsoft Corporation)
Handler-x32: osf.16 - {5504BE45-A83B-4808-900A-3A5C36E7F77A} - C:\Program Files\Microsoft Office\root\VFS\ProgramFilesX86\Microsoft Office\Office16\MSOSB.DLL [2022-03-05] (Microsoft Corporation -> Microsoft Corporation)
==================== Hosts content: =========================
(If needed Hosts: directive could be included in the fixlist to reset Hosts.)
2021-06-05 08:08 - 2021-06-05 08:08 - 000000824 _____ C:\WINDOWS\system32\drivers\etc\hosts
==================== Other Areas ===========================
(Currently there is no automatic fix for this section.)
HKLM\System\CurrentControlSet\Control\Session Manager\Environment\\Path -> %C_EM64T_REDIST11%bin\Intel64;%SystemRoot%\system32;%SystemRoot%;%SystemRoot%\System32\Wbem;%SYSTEMROOT%\System32\WindowsPowerShell\v1.0\;%SYSTEMROOT%\System32\OpenSSH\
HKU\S-1-5-21-264392141-483231010-3487555609-1001\Control Panel\Desktop\\Wallpaper -> C:\WINDOWS\Web\Wallpaper\Lenovo\LenovoWallPaper.jpg
DNS Servers: 192.168.0.1
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1)
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer => (SmartScreenEnabled: )
Windows Firewall is enabled.
==================== MSCONFIG/TASK MANAGER disabled items ==
(If an entry is included in the fixlist, it will be removed.)
HKLM\...\StartupApproved\StartupFolder: => "Update Notifier.lnk"
HKLM\...\StartupApproved\StartupFolder: => "WinZip Preloader.lnk"
HKLM\...\StartupApproved\Run32: => "Acrobat Assistant 8.0"
HKLM\...\StartupApproved\Run32: => "Adobe Acrobat Speed Launcher"
HKLM\...\StartupApproved\Run32: => "Adobe ARM"
HKU\S-1-5-21-264392141-483231010-3487555609-1001\...\StartupApproved\Run: => "MicrosoftEdgeAutoLaunch_B1A5538A31B294E0E0CF496FFD0D7D37"
HKU\S-1-5-21-264392141-483231010-3487555609-1001\...\StartupApproved\Run: => "OneDrive"
HKU\S-1-5-21-264392141-483231010-3487555609-1001\...\StartupApproved\Run: => "LenovoVantageToolbar"
==================== FirewallRules (Whitelisted) ================
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
FirewallRules: [{624A595D-0748-407A-9ACC-3795BB15EC7A}] => (Allow) C:\Program Files\Microsoft Office\root\Office16\outlook.exe (Microsoft Corporation -> Microsoft Corporation)
FirewallRules: [{0F353800-A3ED-4B53-A19E-6DF3402AF842}] => (Block) C:\Program Files\Avast Software\Avast\AvastUI.exe (Avast Software s.r.o. -> AVAST Software)
FirewallRules: [{5CD0199A-CE04-4277-ACC1-892D7138F949}] => (Block) C:\Program Files\Avast Software\Avast\AvastUI.exe (Avast Software s.r.o. -> AVAST Software)
FirewallRules: [{94DD908E-9626-4792-B49D-F9DE97E8BCDD}] => (Allow) C:\Users\XXXX\AppData\Roaming\Zoom\bin\Zoom.exe (Zoom Video Communications, Inc. -> Zoom Video Communications, Inc.)
FirewallRules: [{A2D0E221-E70C-461F-B5F0-536939D8AC28}] => (Block) C:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat () <==== ATTENTION [zero byte File/Folder]
FirewallRules: [{5EC080CC-D683-4D29-8FA7-A66D827B8C57}] => (Block) C:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat Elements () <==== ATTENTION [zero byte File/Folder]
FirewallRules: [{F0C7AA48-F468-4403-A186-55482B63601C}] => (Block) C:\Program Files (x86)\Final Draft 7\Final Draft.exe (Final Draft Inc.) [File not signed]
FirewallRules: [{0DC0DE75-8C0B-4553-8FDB-50CD090F3402}] => (Block) C:\Program Files\Avast Software\Avast\AvastUI.exe (Avast Software s.r.o. -> AVAST Software)
FirewallRules: [{3E710B2D-4CAA-434E-995A-03DE7D2E7DFD}] => (Block) C:\Program Files\Avast Software\Avast\AvastUI.exe (Avast Software s.r.o. -> AVAST Software)
FirewallRules: [{AF80F6FE-B398-4CF2-9298-4996BD266FD1}] => (Allow) C:\Program Files\WindowsApps\MicrosoftTeams_22042.702.1226.2352_x64__8wekyb3d8bbwe\msteams.exe (Microsoft Corporation -> Microsoft Corporation)
FirewallRules: [{E5C6880D-126D-41D5-B97A-79F36298252C}] => (Allow) C:\Program Files\WindowsApps\MicrosoftTeams_22042.702.1226.2352_x64__8wekyb3d8bbwe\msteams.exe (Microsoft Corporation -> Microsoft Corporation)
FirewallRules: [{0FCF1BAB-8A4C-41AF-B7F0-FFCA0E1B1543}] => (Allow) C:\Program Files\WindowsApps\Microsoft.SkypeApp_15.82.404.0_x86__kzf8qxf38zg5c\Skype\Skype.exe (Skype Software Sarl -> Skype Technologies S.A.)
FirewallRules: [{6959B954-A8AA-492F-99BA-BA877A097984}] => (Allow) C:\Program Files\WindowsApps\Microsoft.SkypeApp_15.82.404.0_x86__kzf8qxf38zg5c\Skype\Skype.exe (Skype Software Sarl -> Skype Technologies S.A.)
FirewallRules: [{CF89CA2A-E55B-4843-93AD-9193254C0EC8}] => (Allow) C:\Program Files\WindowsApps\Microsoft.SkypeApp_15.82.404.0_x86__kzf8qxf38zg5c\Skype\Skype.exe (Skype Software Sarl -> Skype Technologies S.A.)
FirewallRules: [{E800914F-515D-41C8-94A7-9B585E11DDF3}] => (Allow) C:\Program Files\WindowsApps\Microsoft.SkypeApp_15.82.404.0_x86__kzf8qxf38zg5c\Skype\Skype.exe (Skype Software Sarl -> Skype Technologies S.A.)
FirewallRules: [{6217B2BE-181B-4369-ACC6-68D34B26EC7E}] => (Allow) C:\Program Files\Google\Chrome\Application\chrome.exe (Google LLC -> Google LLC)
FirewallRules: [{58CCD75C-75AF-4B52-A114-0AE54B73DFB4}] => (Allow) C:\Program Files (x86)\AVAST Software\Browser\Application\AvastBrowser.exe (Avast Software s.r.o. -> AVAST Software)
FirewallRules: [{3B022FA2-DB40-40F5-93F9-25D21AF0C9F3}] => (Block) C:\Program Files\Avast Software\Avast\AvastUI.exe (Avast Software s.r.o. -> AVAST Software)
FirewallRules: [{686DBAEF-C672-42BA-92AD-2FBA607AA7F5}] => (Block) C:\Program Files\Avast Software\Avast\AvastUI.exe (Avast Software s.r.o. -> AVAST Software)
FirewallRules: [{26624A53-FA1E-42D1-B535-6979BDB496D3}] => (Allow) C:\Program Files (x86)\Microsoft\EdgeWebView\Application\99.0.1150.52\msedgewebview2.exe (Microsoft Corporation -> Microsoft Corporation)
FirewallRules: [{717325FE-E2BE-40AD-89F7-63CA2EE90FB3}] => (Block) c:\Program Files\Corel\CorelDRAW Graphics Suite X7\Programs64\CorelDrw.exe (Corel Corporation -> Corel Corporation)
FirewallRules: [{35F7DB6C-B468-4093-B9F1-828D8CAF96E6}] => (Block) c:\Program Files\Corel\CorelDRAW Graphics Suite X7\Programs64\CorelPP.exe (Corel Corporation -> Corel Corporation)
==================== Restore Points =========================
11-03-2022 02:06:08 Windows Modules Installer
19-03-2022 15:06:13 Scheduled Checkpoint
27-03-2022 15:25:44 Microsoft Visual Studio Tools for Applications 2012
==================== Faulty Device Manager Devices ============
==================== Event log errors: ========================
Application errors:
==================
Error: (03/15/2022 09:43:32 AM) (Source: Microsoft-Windows-RestartManager) (EventID: 10006) (User: KP-OK)
Description: Application or service 'Microsoft Office SDX Helper' could not be shut down.
Error: (03/14/2022 01:52:53 AM) (Source: VSS) (EventID: 8193) (User: )
Description: Volume Shadow Copy Service error: Unexpected error calling routine CoCreateInstance. hr = 0x8007045b, A system shutdown is in progress.
.
Error: (03/14/2022 01:52:53 AM) (Source: VSS) (EventID: 13) (User: )
Description: Volume Shadow Copy Service information: The COM Server with CLSID {4e14fba2-2e22-11d1-9964-00c04fbbb345} and name CEventSystem cannot be started. [0x8007045b, A system shutdown is in progress.
]
Error: (03/14/2022 01:52:53 AM) (Source: VSS) (EventID: 8193) (User: )
Description: Volume Shadow Copy Service error: Unexpected error calling routine CoCreateInstance. hr = 0x8007045b, A system shutdown is in progress.
.
Error: (03/14/2022 01:52:53 AM) (Source: VSS) (EventID: 13) (User: )
Description: Volume Shadow Copy Service information: The COM Server with CLSID {4e14fba2-2e22-11d1-9964-00c04fbbb345} and name CEventSystem cannot be started. [0x8007045b, A system shutdown is in progress.
]
Error: (03/14/2022 01:51:00 AM) (Source: VSS) (EventID: 13) (User: )
Description: Volume Shadow Copy Service information: The COM Server with CLSID {4e14fba2-2e22-11d1-9964-00c04fbbb345} and name CEventSystem cannot be started. [0x8007045b, A system shutdown is in progress.
]
Error: (03/05/2022 05:51:09 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: LenovoSmartNote.exe, version: 1.0.13.1118, time stamp: 0xa1fcd08f
Faulting module name: unknown, version: 0.0.0.0, time stamp: 0x00000000
Exception code: 0xc0000005
Fault offset: 0x00007ffb47194dbe
Faulting process id: 0x2938
Faulting application start time: 0x01d83031c4ab0e8f
Faulting application path: C:\Program Files (x86)\Lenovo\Smart Note\LenovoSmartNote.exe
Faulting module path: unknown
Report Id: 855df5f8-f4f7-41d5-a2d6-dd9344975c23
Faulting package full name:
Faulting package-relative application ID:
Error: (03/05/2022 05:51:09 PM) (Source: .NET Runtime) (EventID: 1026) (User: )
Description: Application: LenovoSmartNote.exe
Framework Version: v4.0.30319
Description: The process was terminated due to an unhandled exception.
Exception Info: System.NullReferenceException
at LSN.Panes.DrawingPane.UserControl_Loaded(System.Object, System.Windows.RoutedEventArgs)
at System.Windows.EventRoute.InvokeHandlersImpl(System.Object, System.Windows.RoutedEventArgs, Boolean)
at System.Windows.UIElement.RaiseEventImpl(System.Windows.DependencyObject, System.Windows.RoutedEventArgs)
at System.Windows.BroadcastEventHelper.BroadcastEvent(System.Windows.DependencyObject, System.Windows.RoutedEvent)
at System.Windows.BroadcastEventHelper.BroadcastLoadedEvent(System.Object)
at MS.Internal.LoadedOrUnloadedOperation.DoWork()
at System.Windows.Media.MediaContext.FireLoadedPendingCallbacks()
at System.Windows.Media.MediaContext.FireInvokeOnRenderCallbacks()
at System.Windows.Media.MediaContext.RenderMessageHandlerCore(System.Object)
at System.Windows.Media.MediaContext.RenderMessageHandler(System.Object)
at System.Windows.Threading.ExceptionWrapper.InternalRealCall(System.Delegate, System.Object, Int32)
at System.Windows.Threading.ExceptionWrapper.TryCatchWhen(System.Object, System.Delegate, System.Object, Int32, System.Delegate)
at System.Windows.Threading.DispatcherOperation.InvokeImpl()
at MS.Internal.CulturePreservingExecutionContext.CallbackWrapper(System.Object)
at System.Threading.ExecutionContext.RunInternal(System.Threading.ExecutionContext, System.Threading.ContextCallback, System.Object, Boolean)
at System.Threading.ExecutionContext.Run(System.Threading.ExecutionContext, System.Threading.ContextCallback, System.Object, Boolean)
at System.Threading.ExecutionContext.Run(System.Threading.ExecutionContext, System.Threading.ContextCallback, System.Object)
at MS.Internal.CulturePreservingExecutionContext.Run(MS.Internal.CulturePreservingExecutionContext, System.Threading.ContextCallback, System.Object)
at System.Windows.Threading.DispatcherOperation.Invoke()
at System.Windows.Threading.Dispatcher.ProcessQueue()
at System.Windows.Threading.Dispatcher.WndProcHook(IntPtr, Int32, IntPtr, IntPtr, Boolean ByRef)
at MS.Win32.HwndWrapper.WndProc(IntPtr, Int32, IntPtr, IntPtr, Boolean ByRef)
at MS.Win32.HwndSubclass.DispatcherCallbackOperation(System.Object)
at System.Windows.Threading.ExceptionWrapper.InternalRealCall(System.Delegate, System.Object, Int32)
at System.Windows.Threading.ExceptionWrapper.TryCatchWhen(System.Object, System.Delegate, System.Object, Int32, System.Delegate)
at System.Windows.Threading.Dispatcher.LegacyInvokeImpl(System.Windows.Threading.DispatcherPriority, System.TimeSpan, System.Delegate, System.Object, Int32)
at MS.Win32.HwndSubclass.SubclassWndProc(IntPtr, Int32, IntPtr, IntPtr)
at MS.Win32.UnsafeNativeMethods.DispatchMessage(System.Windows.Interop.MSG ByRef)
at System.Windows.Threading.Dispatcher.PushFrameImpl(System.Windows.Threading.DispatcherFrame)
at System.Windows.Application.RunDispatcher(System.Object)
at System.Windows.Application.RunInternal(System.Windows.Window)
at LSN.App.Main()
System errors:
=============
Error: (03/28/2022 11:28:50 PM) (Source: disk) (EventID: 11) (User: )
Description: The driver detected a controller error on \Device\Harddisk1\DR7.
Error: (03/28/2022 10:50:57 PM) (Source: Server) (EventID: 2505) (User: )
Description: The server could not bind to the transport \Device\NetBT_Tcpip_{4C55599D-B36C-4934-A3B9-E0376570C99C} because another computer on the network has the same name. The server could not start.
Error: (03/28/2022 10:50:47 PM) (Source: Server) (EventID: 2505) (User: )
Description: The server could not bind to the transport \Device\NetBT_Tcpip_{4C55599D-B36C-4934-A3B9-E0376570C99C} because another computer on the network has the same name. The server could not start.
Error: (03/28/2022 10:50:44 PM) (Source: Microsoft-Windows-NDIS) (EventID: 10317) (User: )
Description: Miniport Microsoft Wi-Fi Direct Virtual Adapter #4, {22414ecf-bf34-4b71-acd8-829dfff275a4}, had event 74
Error: (03/28/2022 06:27:06 PM) (Source: disk) (EventID: 11) (User: )
Description: The driver detected a controller error on \Device\Harddisk1\DR7.
Error: (03/28/2022 02:52:26 PM) (Source: Server) (EventID: 2505) (User: )
Description: The server could not bind to the transport \Device\NetBT_Tcpip_{4C55599D-B36C-4934-A3B9-E0376570C99C} because another computer on the network has the same name. The server could not start.
Error: (03/28/2022 02:49:59 PM) (Source: Server) (EventID: 2505) (User: )
Description: The server could not bind to the transport \Device\NetBT_Tcpip_{4C55599D-B36C-4934-A3B9-E0376570C99C} because another computer on the network has the same name. The server could not start.
Error: (03/28/2022 02:49:46 PM) (Source: Server) (EventID: 2505) (User: )
Description: The server could not bind to the transport \Device\NetBT_Tcpip_{4C55599D-B36C-4934-A3B9-E0376570C99C} because another computer on the network has the same name. The server could not start.
Windows Defender:
================
Date: 2021-12-24 14:59:28
Description:
Microsoft Defender Antivirus scan has been stopped before completion.
Scan Type: Antimalware
Scan Parameters: Quick Scan
CodeIntegrity:
===============
Date: 2022-03-25 10:34:28
Description:
Code Integrity determined that a process (\Device\HarddiskVolume3\Windows\System32\svchost.exe) attempted to load \Device\HarddiskVolume3\Program Files\Avast Software\Avast\aswAMSI.dll that did not meet the Windows signing level requirements.
Date: 2022-03-25 10:33:13
Description:
Code Integrity determined that a process (\Device\HarddiskVolume3\Windows\System32\SIHClient.exe) attempted to load \Device\HarddiskVolume3\Program Files\Avast Software\Avast\aswAMSI.dll that did not meet the Windows signing level requirements.
==================== Memory info ===========================
BIOS: LENOVO F5CN52WW 10/08/2021
Motherboard: LENOVO LNVNB161216
Processor: 11th Gen Intel® Core i5-1135G7 @ 2.40GHz
Percentage of memory in use: 92%
Total physical RAM: 12087.3 MB
Available physical RAM: 894.48 MB
Total Virtual: 27761 MB
Available Virtual: 7704.92 MB
==================== Drives ================================
Drive c: (Windows-SSD) (Fixed) (Total:475.69 GB) (Free:362.48 GB) (Protected) NTFS
Drive d: () (Removable) (Total:114.53 GB) (Free:20.08 GB) FAT32
\\?\Volume{fb51b19b-7616-48a8-947b-732895ebf4ef}\ (WINRE_DRV) (Fixed) (Total:0.98 GB) (Free:0.43 GB) NTFS
\\?\Volume{c2223c3a-3cf5-4778-89fc-63c81c28bbc6}\ (SYSTEM_DRV) (Fixed) (Total:0.25 GB) (Free:0.19 GB) FAT32
==================== MBR & Partition Table ====================
==========================================================
Disk: 0 (Size: 476.9 GB) (Disk ID: 4780F879)
Partition: GPT.
==========================================================
Disk: 1 (Protective MBR) (Size: 114.6 GB) (Disk ID: 00000000)
Partition: GPT.
==================== End of Addition.txt =======================