Inactive Please help: Infected-or-not?

Status
Not open for further replies.
Hello,

seems that my system is infected with malware or so. It is very very slow. Only in safe mode it is workable. Who can help me to clean my system ?

These steps have been taken so far:
1. installed comodo vriusscanner and scanned the system . . . no viruses found so far.
2. downloaded FRST64.exe from https://www.bleepingcomputer.com and tried to run it, but every time when starting the application, it says it cannot update and closes. So booted the system into safe mode (with network connection).

Hereby the results of FRST.TXT and ADDITIONAL.TXT. Please advise into the next steps.

Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 25-03-2022
Ran by Lenovo (administrator) on LAPTOP-4GMS9R3D (LENOVO 81D0) (28-03-2022 15:32:15)
Running from E:\
Loaded Profiles: Lenovo
Platform: Microsoft Windows 10 Home Single Language Version 21H2 19044.1466 (X64) Language: English (United States)
Default browser: Chrome
Boot Mode: Safe Mode (with Networking)

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(svchost.exe ->) (Microsoft Windows -> Microsoft Corporation) C:\Windows\HelpPane.exe
(svchost.exe ->) (Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\dllhost.exe <2>
(svchost.exe ->) (Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\smartscreen.exe

==================== Registry (Whitelisted) ===================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [RtkAudUService] => C:\WINDOWS\System32\RtkAudUService64.exe [971256 2019-09-11] (Realtek Semiconductor Corp. -> Realtek Semiconductor)
HKLM\...\Run: [COMODO Autostart {D5EFF3B3-E126-4AF6-BCE9-852A72129E10}] => C:\Program Files\COMODO\COMODO Internet Security\cis.exe [13190952 2021-01-22] (Comodo Security Solutions, Inc. -> COMODO)
HKU\S-1-5-21-2575895730-1785380193-1639384506-1001\...\Run: [com.squirrel.Teams.Teams] => C:\Users\Lenovo\AppData\Local\Microsoft\Teams\Update.exe [2454184 2021-06-16] (Microsoft 3rd Party Application Component -> Microsoft Corporation)
HKLM\Software\Microsoft\Active Setup\Installed Components: [OpenVPN_UserSetup] -> reg delete HKCU\Software\Microsoft\Windows\CurrentVersion\Run /v OPENVPN-GUI /f
HKLM\Software\Microsoft\Active Setup\Installed Components: [{8A69D345-D564-463c-AFF1-A69D9E530F96}] -> C:\Program Files (x86)\Google\Chrome\Application\99.0.4844.84\Installer\chrmstp.exe [2022-03-28] (Google LLC -> Google LLC)

==================== Scheduled Tasks (Whitelisted) ============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

Task: {02F94DC9-3E6B-483A-A018-06D84BE395E2} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [153168 2019-07-23] (Google Inc -> Google Inc.)
Task: {06FD82B6-07C8-4CD6-B2D8-02891D1EBD01} - System32\Tasks\Lenovo\Vantage\Schedule\LenovoSystemUpdateAddin_WeeklyTask => C:\Program Files (x86)\Lenovo\VantageService\3.11.20.0\ScheduleEventAction.exe [25344 2022-01-20] (Lenovo -> Lenovo Group Ltd.)
Task: {204357E3-EB3C-4295-8FD4-54DFDBCDF2D4} - System32\Tasks\COMODO\COMODO Signature Update {B9D5C6F9-17D2-4917-8BD0-614BAA1C6A59} => C:\Program Files\COMODO\COMODO Internet Security\cfpconfg.exe [5758488 2021-01-22] (Comodo Security Solutions, Inc. -> COMODO)
Task: {2A84A84B-446D-43C4-90F0-CC612078C2E6} - System32\Tasks\Lenovo\ImController\Lenovo iM Controller Scheduled Maintenance => "%windir%\system32\sc.exe" START ImControllerService
Task: {2F6A6360-9BA5-4A10-B8FE-7205706B92DB} - System32\Tasks\Lenovo\Vantage\Schedule\DailyTelemetryTransmission => C:\Program Files (x86)\Lenovo\VantageService\3.11.20.0\ScheduleEventAction.exe [25344 2022-01-20] (Lenovo -> Lenovo Group Ltd.)
Task: {3129D7A2-A22B-4CE1-A1D6-4F7BFEA573E7} - System32\Tasks\COMODO\COMODO Autostart {D5EFF3B3-E126-4AF6-BCE9-852A72129E10} => C:\Program Files\COMODO\COMODO Internet Security\cis.exe [13190952 2021-01-22] (Comodo Security Solutions, Inc. -> COMODO)
Task: {4CCACE4E-8049-4531-8178-7912646FAA7F} - System32\Tasks\Lenovo\ImController\TimeBasedEvents\96535b3f-22b0-4bb4-a630-7b6b5c88e695 => C:\WINDOWS\Lenovo\ImController\Service\Lenovo.Modern.ImController.exe [84240 2022-01-28] (Lenovo -> Lenovo Group Ltd.)
Task: {5BB1BBE9-D2F6-444C-A380-903DE6827257} - System32\Tasks\Lenovo\ImController\TimeBasedEvents\6511f1db-e9d7-4e97-ba6f-ec5bbaeaaa66 => C:\WINDOWS\Lenovo\ImController\Service\Lenovo.Modern.ImController.exe [84240 2022-01-28] (Lenovo -> Lenovo Group Ltd.)
Task: {601CA010-32AA-4608-B14A-0461466A662E} - System32\Tasks\COMODO\COMODO Maintenance {947247B5-026A-4437-9371-770782BE839D} => C:\Program Files\COMODO\COMODO Internet Security\cfpconfg.exe [5758488 2021-01-22] (Comodo Security Solutions, Inc. -> COMODO)
Task: {6791C349-2115-42DF-9126-41E294524941} - System32\Tasks\Lenovo\Vantage\Schedule\HeartbeatAddinDailyScheduleTask => C:\Program Files (x86)\Lenovo\VantageService\3.11.20.0\ScheduleEventAction.exe [25344 2022-01-20] (Lenovo -> Lenovo Group Ltd.)
Task: {6DA40FBD-0F9A-468A-A312-9732B49F5DD6} - System32\Tasks\Lenovo\ImController\TimeBasedEvents\382a45ea-9a44-4b7f-ab0d-977f57d7bc9f => C:\WINDOWS\Lenovo\ImController\Service\Lenovo.Modern.ImController.exe [84240 2022-01-28] (Lenovo -> Lenovo Group Ltd.)
Task: {829F98B7-927B-4DF0-ADE2-F2D51122B597} - System32\Tasks\COMODO\COMODO CMC {06A09C0F-DD9C-4191-A670-71115CD78627} => C:\Program Files\COMODO\COMODO Internet Security\cfpconfg.exe [5758488 2021-01-22] (Comodo Security Solutions, Inc. -> COMODO)
Task: {844104D4-362B-4CEA-9F50-C59A6A9C2847} - System32\Tasks\Lenovo\Vantage\Schedule\GenericMessagingAddin => C:\Program Files (x86)\Lenovo\VantageService\3.11.20.0\ScheduleEventAction.exe [25344 2022-01-20] (Lenovo -> Lenovo Group Ltd.)
Task: {8E19075A-B1E7-485C-A73E-8CB216E5C853} - System32\Tasks\App Explorer => C:\Users\Lenovo\AppData\Local\Host App Service\Engine\HostAppServiceUpdater.exe [7822896 2021-12-16] (SweetLabs Inc. -> SweetLabs, Inc) <==== ATTENTION
Task: {8F876B15-5866-468C-8C97-CA4A295AAAB3} - System32\Tasks\COMODO\COMODO Telemetry {18AD3DFA-30C0-4B5F-84F7-F1870B1A4921} => C:\Program Files\COMODO\COMODO Internet Security\cis.exe [13190952 2021-01-22] (Comodo Security Solutions, Inc. -> COMODO)
Task: {972F90C9-6098-43C3-AF93-4F3D63A46AF0} - System32\Tasks\OneDrive Standalone Update Task v2 => C:\Users\Lenovo\AppData\Local\Microsoft\OneDrive\OneDriveStandaloneUpdater.exe (No File)
Task: {A1CD62C0-D7F1-4116-B3DF-B432C180663E} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [153168 2019-07-23] (Google Inc -> Google Inc.)
Task: {ADDAFFD8-20F3-44FF-8C54-34B817970541} - System32\Tasks\Lenovo\ImController\Plugins\LenovoSystemUpdatePlugin_WeeklyTask => %windir%\System32\reg.exe add hklm\SOFTWARE\Lenovo\SystemUpdatePlugin\scheduler /v start /t reg_dword /d 1 /f /reg:32
Task: {C9CA0739-37C4-4433-80B7-E5F5A49AF8E4} - System32\Tasks\LenovoUtility Startup => C:\Windows\explorer.exe lenovo-utility://
Task: {CB71071C-F909-445F-952A-2E96D20DE349} - System32\Tasks\Lenovo\ImController\Lenovo iM Controller Monitor => C:\WINDOWS\system32\ImController.InfInstaller.exe [64256 2022-01-28] (Lenovo -> Lenovo Group Ltd.)
Task: {D6025930-4798-4DC9-8432-9484957DB381} - System32\Tasks\Adobe Acrobat Update Task => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [1195544 2018-12-16] (Adobe Systems, Incorporated -> Adobe Systems Incorporated)
Task: {D877BFE3-ECEF-49F4-B2D9-26AE4C429B8A} - System32\Tasks\Lenovo\ImController\TimeBasedEvents\bbcf6eea-6ca0-42ae-a097-4e5a3b0c279b => C:\WINDOWS\Lenovo\ImController\Service\Lenovo.Modern.ImController.exe [84240 2022-01-28] (Lenovo -> Lenovo Group Ltd.)
Task: {D89FBD80-4334-4CF6-A046-FBF89A283AE8} - System32\Tasks\COMODO\COMODO Update {A6D52E4F-569B-4756-B3D8-DF217313DA85} => C:\Program Files\COMODO\COMODO Internet Security\cfpconfg.exe [5758488 2021-01-22] (Comodo Security Solutions, Inc. -> COMODO)
Task: {DBEDB171-1377-4C0B-9F96-39DEA789A778} - System32\Tasks\Lenovo\Vantage\Lenovo.Vantage.ServiceMaintainance => %systemroot%\system32\sc.exe start LenovoVantageService
Task: {E09A3729-0A18-4415-B93A-D919D162DC15} - System32\Tasks\Lenovo\Vantage\Schedule\VantageTelemetryAddinTask => C:\Program Files (x86)\Lenovo\VantageService\3.6.15.0\ScheduleEventAction.exe VantageTelemetryAddinTask (No File)
Task: {E779D963-2B90-45FB-AEC5-26968FF70CD6} - System32\Tasks\Lenovo\BatteryGauge\BatteryGaugeMaintenance => C:\ProgramData\Lenovo\ImController\Plugins\LenovoBatteryGaugePackage\x64\BGHelper.exe [145480 2021-09-09] (Lenovo -> Lenovo Group Ltd.)
Task: {EECF4CB1-A634-45E4-AB6C-19B6FA15FE2B} - System32\Tasks\COMODO\COMODO Scan {F140D794-60B6-4F00-9235-D6457AA25B22} => C:\Program Files\COMODO\COMODO Internet Security\cfpconfg.exe [5758488 2021-01-22] (Comodo Security Solutions, Inc. -> COMODO)
Task: {F83E1C0B-D142-42CC-B834-A6BBE71F43B2} - System32\Tasks\Lenovo\ImController\TimeBasedEvents\14ba12a5-20c6-4c5c-a1bd-a27666da6e33 => C:\WINDOWS\Lenovo\ImController\Service\Lenovo.Modern.ImController.exe [84240 2022-01-28] (Lenovo -> Lenovo Group Ltd.)

(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)
Task: C:\WINDOWS\Tasks\CreateExplorerShellUnelevatedTask.job => C:\WINDOWS\explorer.exe

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

Tcpip\Parameters: [DhcpNameServer] 192.168.254.254
Tcpip\..\Interfaces\{8af583ae-4539-4038-ad1b-c17fa9aa29e6}: [NameServer] 156.154.70.22,156.154.71.22
Tcpip\..\Interfaces\{8af583ae-4539-4038-ad1b-c17fa9aa29e6}: [DhcpNameServer] 192.168.1.1
Tcpip\..\Interfaces\{e5a347ad-e481-44b2-a05d-c0a422217d96}: [DhcpNameServer] 192.168.254.254

Edge:
=======
Edge Extension: (No Name) -> AutoFormFill_5ED10D46BD7E47DEB1F3685D2C0FCE08 => C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\Assets\HostExtensions\AutoFormFill [not found]
Edge Extension: (No Name) -> BookReader_B171F20233094AC88D05A8EF7B9763E8 => C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\Assets\BookViewer [not found]
Edge Extension: (No Name) -> LearningTools_7706F933-971C-41D1-9899-8A026EB5D824 => C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\Assets\HostExtensions\LearningTools [not found]
Edge Extension: (No Name) -> PinJSAPI_EC01B57063BE468FAB6DB7EBFC3BF368 => C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\Assets\HostExtensions\PinJSAPI [not found]
Edge DefaultProfile: Profile 1
Edge Profile: C:\Users\Lenovo\AppData\Local\Microsoft\Edge\User Data\Profile 1 [2022-03-03]
Edge Profile: C:\Users\Lenovo\AppData\Local\Microsoft\Edge\User Data\Profile 2 [2021-09-25]
Edge Profile: C:\Users\Lenovo\AppData\Local\Microsoft\Edge\User Data\Profile 3 [2021-09-25]

FireFox:
========
FF Plugin: @videolan.org/vlc,version=3.0.6 -> C:\Program Files\VideoLAN\VLC\npvlc.dll [2019-01-10] (VideoLAN -> VideoLAN)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AIR\nppdf32.dll [2019-02-19] (Adobe Systems, Incorporated -> Adobe Systems Inc.)

Chrome:
=======
CHR DefaultProfile: Guest Profile
CHR Profile: C:\Users\Lenovo\AppData\Local\Google\Chrome\User Data\Guest Profile [2022-03-28]
CHR Profile: C:\Users\Lenovo\AppData\Local\Google\Chrome\User Data\Profile 2 [2022-03-25]
CHR Notifications: Profile 2 -> hxxps://meet.google.com
CHR Extension: (Slides) - C:\Users\Lenovo\AppData\Local\Google\Chrome\User Data\Profile 2\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2021-08-08]
CHR Extension: (Docs) - C:\Users\Lenovo\AppData\Local\Google\Chrome\User Data\Profile 2\Extensions\aohghmighlieiainnegkcijnfilokake [2021-08-08]
CHR Extension: (Google Drive) - C:\Users\Lenovo\AppData\Local\Google\Chrome\User Data\Profile 2\Extensions\apdfllckaahabafndbhieahigkjlhalf [2021-08-08]
CHR Extension: (YouTube) - C:\Users\Lenovo\AppData\Local\Google\Chrome\User Data\Profile 2\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2021-08-08]
CHR Extension: (Avira Password Manager) - C:\Users\Lenovo\AppData\Local\Google\Chrome\User Data\Profile 2\Extensions\caljgklbbfbcjjanaijlacgncafpegll [2022-03-25]
CHR Extension: (Avira Safe Shopping) - C:\Users\Lenovo\AppData\Local\Google\Chrome\User Data\Profile 2\Extensions\ccbpbkebodcjkknkfkpmfeciinhidaeh [2022-03-25]
CHR Extension: (Sheets) - C:\Users\Lenovo\AppData\Local\Google\Chrome\User Data\Profile 2\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2021-08-08]
CHR Extension: (Google Docs Offline) - C:\Users\Lenovo\AppData\Local\Google\Chrome\User Data\Profile 2\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2022-03-25]
CHR Extension: (Chrome Web Store Payments) - C:\Users\Lenovo\AppData\Local\Google\Chrome\User Data\Profile 2\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2021-08-08]
CHR Extension: (Gmail) - C:\Users\Lenovo\AppData\Local\Google\Chrome\User Data\Profile 2\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2021-08-08]
CHR Profile: C:\Users\Lenovo\AppData\Local\Google\Chrome\User Data\Profile 3 [2022-03-24]
CHR Extension: (Slides) - C:\Users\Lenovo\AppData\Local\Google\Chrome\User Data\Profile 3\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2021-09-21]
CHR Extension: (Docs) - C:\Users\Lenovo\AppData\Local\Google\Chrome\User Data\Profile 3\Extensions\aohghmighlieiainnegkcijnfilokake [2021-09-21]
CHR Extension: (Google Drive) - C:\Users\Lenovo\AppData\Local\Google\Chrome\User Data\Profile 3\Extensions\apdfllckaahabafndbhieahigkjlhalf [2021-09-21]
CHR Extension: (YouTube) - C:\Users\Lenovo\AppData\Local\Google\Chrome\User Data\Profile 3\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2021-09-21]
CHR Extension: (Avira Password Manager) - C:\Users\Lenovo\AppData\Local\Google\Chrome\User Data\Profile 3\Extensions\caljgklbbfbcjjanaijlacgncafpegll [2022-03-15]
CHR Extension: (Avira Safe Shopping) - C:\Users\Lenovo\AppData\Local\Google\Chrome\User Data\Profile 3\Extensions\ccbpbkebodcjkknkfkpmfeciinhidaeh [2022-03-15]
CHR Extension: (Sheets) - C:\Users\Lenovo\AppData\Local\Google\Chrome\User Data\Profile 3\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2021-09-21]
CHR Extension: (Google Docs Offline) - C:\Users\Lenovo\AppData\Local\Google\Chrome\User Data\Profile 3\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2022-03-15]
CHR Extension: (Chrome Web Store Payments) - C:\Users\Lenovo\AppData\Local\Google\Chrome\User Data\Profile 3\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2021-09-21]
CHR Extension: (Gmail) - C:\Users\Lenovo\AppData\Local\Google\Chrome\User Data\Profile 3\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2021-09-21]
CHR Profile: C:\Users\Lenovo\AppData\Local\Google\Chrome\User Data\Profile 4 [2022-01-17]
CHR Extension: (Slides) - C:\Users\Lenovo\AppData\Local\Google\Chrome\User Data\Profile 4\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2021-12-27]
CHR Extension: (Docs) - C:\Users\Lenovo\AppData\Local\Google\Chrome\User Data\Profile 4\Extensions\aohghmighlieiainnegkcijnfilokake [2021-12-27]
CHR Extension: (Google Drive) - C:\Users\Lenovo\AppData\Local\Google\Chrome\User Data\Profile 4\Extensions\apdfllckaahabafndbhieahigkjlhalf [2021-12-27]
CHR Extension: (YouTube) - C:\Users\Lenovo\AppData\Local\Google\Chrome\User Data\Profile 4\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2021-12-27]
CHR Extension: (Sheets) - C:\Users\Lenovo\AppData\Local\Google\Chrome\User Data\Profile 4\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2021-12-27]
CHR Extension: (Google Docs Offline) - C:\Users\Lenovo\AppData\Local\Google\Chrome\User Data\Profile 4\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2021-12-27]
CHR Extension: (Chrome Web Store Payments) - C:\Users\Lenovo\AppData\Local\Google\Chrome\User Data\Profile 4\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2021-12-27]
CHR Extension: (Gmail) - C:\Users\Lenovo\AppData\Local\Google\Chrome\User Data\Profile 4\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2021-12-27]
CHR Profile: C:\Users\Lenovo\AppData\Local\Google\Chrome\User Data\System Profile [2022-03-28]
CHR HKLM\...\Chrome\Extension: [caljgklbbfbcjjanaijlacgncafpegll]
CHR HKLM\...\Chrome\Extension: [ccbpbkebodcjkknkfkpmfeciinhidaeh]
CHR HKLM-x32\...\Chrome\Extension: [caljgklbbfbcjjanaijlacgncafpegll]
CHR HKLM-x32\...\Chrome\Extension: [ccbpbkebodcjkknkfkpmfeciinhidaeh]

==================== Services (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

S2 AdobeARMservice; C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe [83984 2018-12-16] (Adobe Systems, Incorporated -> Adobe Systems Incorporated)
S2 CmdAgent; C:\Program Files\COMODO\COMODO Internet Security\cmdagent.exe [11334144 2021-01-22] (Comodo Security Solutions, Inc. -> COMODO)
S2 CmdAgentProt; C:\Program Files\COMODO\COMODO Internet Security\cmdagent.exe [11334144 2021-01-22] (Comodo Security Solutions, Inc. -> COMODO)
S3 cmdvirth; C:\Program Files\COMODO\COMODO Internet Security\cmdvirth.exe [2675504 2021-01-22] (Comodo Security Solutions, Inc. -> COMODO)
S2 DolbyDAXAPI; C:\WINDOWS\system32\dolbyaposvc\DAX3API.exe [1926600 2019-09-02] (Dolby Laboratories, Inc. -> )
S2 FMAPOService; C:\WINDOWS\System32\FMService64.exe [359808 2019-08-16] (Microsoft Windows Hardware Compatibility Publisher -> Fortemedia)
S2 ImControllerService; C:\WINDOWS\Lenovo\ImController\Service\Lenovo.Modern.ImController.exe [84240 2022-01-28] (Lenovo -> Lenovo Group Ltd.)
S2 LenovoVantageService; C:\Program Files (x86)\Lenovo\VantageService\3.11.20.0\LenovoVantageService.exe [28928 2022-01-20] (Lenovo -> Lenovo Group Ltd.)
S3 WdNisSvc; C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.2202.4-0\NisSrv.exe [3046608 2022-03-15] (Microsoft Windows Publisher -> Microsoft Corporation)
S3 WinDefend; C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.2202.4-0\MsMpEng.exe [132504 2022-03-15] (Microsoft Windows Publisher -> Microsoft Corporation)

===================== Drivers (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

S0 cmdboot; C:\WINDOWS\System32\DRIVERS\cmdboot.sys [17576 2019-10-22] (Microsoft Windows Early Launch Anti-malware Publisher -> COMODO)
R1 cmderd; C:\WINDOWS\System32\DRIVERS\cmderd.sys [38880 2021-01-22] (Comodo Security Solutions, Inc. -> COMODO)
S1 cmdGuard; C:\WINDOWS\System32\DRIVERS\cmdguard.sys [844000 2021-01-22] (Comodo Security Solutions, Inc. -> COMODO)
R1 cmdhlp; C:\WINDOWS\system32\DRIVERS\cmdhlp.sys [47104 2021-01-22] (Comodo Security Solutions, Inc. -> COMODO)
R1 inspect; C:\WINDOWS\system32\DRIVERS\inspect.sys [130256 2021-01-22] (Comodo Security Solutions, Inc. -> COMODO)
S3 ssudmdm; C:\WINDOWS\system32\DRIVERS\ssudmdm.sys [166752 2019-07-09] (Samsung Electronics Co., Ltd. -> Samsung Electronics Co., Ltd.)
S3 tap0901; C:\WINDOWS\System32\drivers\tap0901.sys [27136 2016-04-21] (OpenVPN Technologies, Inc. -> The OpenVPN Project)
S3 WdBoot; C:\WINDOWS\system32\drivers\wd\WdBoot.sys [49600 2022-03-15] (Microsoft Windows Early Launch Anti-malware Publisher -> Microsoft Corporation)
S3 WdFilter; C:\WINDOWS\system32\drivers\wd\WdFilter.sys [439544 2022-03-15] (Microsoft Windows -> Microsoft Corporation)
S3 WdNisDrv; C:\WINDOWS\System32\drivers\wd\WdNisDrv.sys [90360 2022-03-15] (Microsoft Windows -> Microsoft Corporation)

==================== NetSvcs (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)


==================== One month (created) (Whitelisted) =========

(If an entry is included in the fixlist, the file/folder will be moved.)

2022-03-28 14:59 - 2022-03-28 15:32 - 000000000 ____D C:\FRST
2022-03-28 14:58 - 2022-03-28 14:58 - 000000214 _____ C:\WINDOWS\Tasks\CreateExplorerShellUnelevatedTask.job
2022-03-28 14:56 - 2022-03-28 14:56 - 000000000 ____D C:\WINDOWS\pss
2022-03-28 14:46 - 2022-03-28 14:46 - 000000000 ___HD C:\$WinREAgent
2022-03-28 14:42 - 2022-03-28 14:42 - 000000000 ____D C:\WINDOWS\Panther
2022-03-28 13:40 - 2022-03-28 14:31 - 000010570 _____ C:\WINDOWS\system32\Drivers\fvstore.dat
2022-03-28 13:40 - 2022-03-28 13:40 - 000000000 ___HD C:\VTRoot
2022-03-28 13:22 - 2022-03-28 13:22 - 000002145 _____ C:\Users\Public\Desktop\COMODO Internet Security Premium.lnk
2022-03-28 13:22 - 2022-03-28 13:22 - 000000000 ____D C:\WINDOWS\system32\Tasks\COMODO
2022-03-28 13:22 - 2022-03-28 13:22 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\COMODO
2022-03-28 13:21 - 2022-03-28 14:56 - 000692385 _____ C:\WINDOWS\system32\Drivers\sfi.dat
2022-03-28 13:21 - 2019-10-22 18:02 - 000017576 _____ (COMODO) C:\WINDOWS\system32\Drivers\cmdboot.sys
2022-03-28 13:20 - 2022-03-28 13:20 - 000000000 ____D C:\Program Files\COMODO
2022-03-28 13:18 - 2022-03-28 13:18 - 000000000 ____D C:\ProgramData\Shared Space
2022-03-28 13:18 - 2022-03-28 13:18 - 000000000 ____D C:\ProgramData\Comodo
2022-03-28 13:17 - 2022-03-28 13:17 - 071575144 _____ (COMODO) C:\Users\Lenovo\Downloads\cispremium_only_installer.exe
2022-03-28 13:15 - 2022-03-28 13:15 - 000000106 _____ C:\Users\Lenovo\Desktop\New Text Document.txt
2022-03-25 21:23 - 2022-03-25 21:24 - 000000000 ____D C:\Users\Lenovo\AppData\Local\Adobe
2022-03-25 21:23 - 2022-03-25 21:23 - 000000000 ____D C:\Users\Lenovo\AppData\Roaming\Adobe
2022-03-25 21:23 - 2022-03-25 21:23 - 000000000 ____D C:\Users\Lenovo\AppData\LocalLow\Adobe
2022-03-07 22:28 - 2022-03-07 22:28 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\7-Zip
2022-03-07 22:28 - 2022-03-07 22:28 - 000000000 ____D C:\Program Files\7-Zip

==================== One month (modified) ==================

(If an entry is included in the fixlist, the file/folder will be moved.)

2022-03-29 06:40 - 2019-12-07 17:13 - 000000000 ____D C:\WINDOWS\INF
2022-03-28 15:16 - 2021-03-26 00:40 - 000000000 ____D C:\Users\Lenovo
2022-03-28 14:58 - 2021-03-26 00:33 - 000008192 ___SH C:\DumpStack.log.tmp
2022-03-28 14:58 - 2019-12-07 17:14 - 000000000 ____D C:\WINDOWS\ServiceState
2022-03-28 14:57 - 2019-12-07 17:03 - 000786432 _____ C:\WINDOWS\system32\config\BBI
2022-03-28 14:56 - 2021-03-26 01:03 - 000000006 ____H C:\WINDOWS\Tasks\SA.DAT
2022-03-28 14:56 - 2019-12-07 17:14 - 000000000 ____D C:\ProgramData\regid.1991-06.com.microsoft
2022-03-28 14:46 - 2019-07-23 03:24 - 000000000 ____D C:\Program Files (x86)\Google
2022-03-28 14:43 - 2019-07-23 03:14 - 000000000 __SHD C:\Users\Lenovo\IntelGraphicsProfiles
2022-03-28 14:42 - 2021-03-26 00:33 - 000000000 ____D C:\WINDOWS\system32\SleepStudy
2022-03-28 14:42 - 2020-08-08 23:58 - 000000134 _____ C:\WINDOWS\system32\regtest.txt
2022-03-28 14:42 - 2018-12-08 01:28 - 000000000 ___HD C:\Intel
2022-03-28 14:41 - 2021-03-26 00:33 - 000440728 _____ C:\WINDOWS\system32\FNTCACHE.DAT
2022-03-28 13:59 - 2019-12-07 17:14 - 000000000 ___HD C:\Program Files\WindowsApps
2022-03-28 13:59 - 2019-12-07 17:14 - 000000000 ____D C:\WINDOWS\AppReadiness
2022-03-28 13:51 - 2021-03-26 01:03 - 000004562 _____ C:\WINDOWS\system32\Tasks\Adobe Acrobat Update Task
2022-03-28 13:24 - 2020-06-03 16:04 - 000002445 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Edge.lnk
2022-03-28 13:24 - 2020-06-03 16:04 - 000002283 _____ C:\Users\Public\Desktop\Microsoft Edge.lnk
2022-03-28 13:23 - 2019-07-23 03:31 - 000000000 ____D C:\Users\Lenovo\AppData\Local\D3DSCache
2022-03-28 13:21 - 2019-12-07 17:14 - 000000000 ___HD C:\WINDOWS\ELAMBKUP
2022-03-28 13:14 - 2019-07-23 03:14 - 000000000 ____D C:\Users\Lenovo\AppData\Local\Host App Service
2022-03-28 13:07 - 2019-07-23 03:25 - 000002308 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk
2022-03-28 13:07 - 2019-07-23 03:25 - 000002267 _____ C:\Users\Public\Desktop\Google Chrome.lnk
2022-03-28 13:03 - 2021-03-26 00:51 - 000795738 _____ C:\WINDOWS\system32\PerfStringBackup.INI
2022-03-25 23:10 - 2019-07-23 03:19 - 000000000 __RDL C:\Users\Lenovo\OneDrive
2022-03-25 23:08 - 2019-12-07 17:03 - 000000000 ____D C:\WINDOWS\CbsTemp
2022-03-25 21:32 - 2019-07-23 03:27 - 000002457 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Acrobat Reader DC.lnk
2022-03-25 21:22 - 2020-01-14 22:24 - 000000000 ____D C:\Users\Lenovo\AppData\Local\GrammarlyForWindows
2022-03-15 16:02 - 2021-11-11 09:18 - 000001592 _____ C:\WINDOWS\storelibdebug.txt
2022-03-15 13:53 - 2020-10-02 01:49 - 000000000 ____D C:\Program Files\Microsoft Update Health Tools
2022-03-15 13:52 - 2019-08-06 23:48 - 000000000 ____D C:\WINDOWS\system32\MRT
2022-03-15 13:48 - 2018-04-18 03:02 - 000000000 ____D C:\WINDOWS\system32\Drivers\wd
2022-03-11 22:27 - 2019-08-06 23:48 - 145666720 ____C (Microsoft Corporation) C:\WINDOWS\system32\MRT.exe
2022-03-10 12:40 - 2021-04-26 20:09 - 000003386 _____ C:\WINDOWS\system32\Tasks\MicrosoftEdgeUpdateTaskMachineCore1d72196a2e30599
2022-03-10 12:40 - 2021-03-26 01:03 - 000003480 _____ C:\WINDOWS\system32\Tasks\MicrosoftEdgeUpdateTaskMachineUA
2022-03-09 16:52 - 2019-07-23 03:14 - 000000000 ____D C:\Users\Lenovo\AppData\Local\Packages
2022-03-07 23:09 - 2019-07-23 03:22 - 000000000 ____D C:\Program Files\WinRAR
2022-03-07 22:46 - 2021-04-23 21:25 - 000000000 ____D C:\Users\Lenovo\AppData\LocalLow\Temp
2022-03-03 12:40 - 2019-07-25 22:07 - 000000000 ____D C:\Program Files\CUAssistant

==================== SigCheck ============================

(There is no automatic fix for files that do not pass verification.)



safeboot: Network => The system is configured to boot to Safe Mode <==== ATTENTION

==================== BCD ================================

Firmware Boot Manager
---------------------
identifier {fwbootmgr}
displayorder {bootmgr}
{f29fb2c7-fa45-11e8-86b9-806e6f6e6963}
{f29fb2c9-fa45-11e8-86b9-806e6f6e6963}
{f29fb2ca-fa45-11e8-86b9-806e6f6e6963}
timeout 0

Windows Boot Manager
--------------------
identifier {bootmgr}
device partition=\Device\HarddiskVolume1
path \EFI\Microsoft\Boot\bootmgfw.efi
description Windows Boot Manager
locale en-US
inherit {globalsettings}
default {current}
resumeobject {d6b6f6b6-8e0d-11eb-b7f5-9ce6f921bac2}
displayorder {current}
toolsdisplayorder {memdiag}
timeout 0

Firmware Application (101fffff)
-------------------------------
identifier {f29fb2c7-fa45-11e8-86b9-806e6f6e6963}
description EFI USB Device

Firmware Application (101fffff)
-------------------------------
identifier {f29fb2c9-fa45-11e8-86b9-806e6f6e6963}
description EFI DVD/CDROM

Firmware Application (101fffff)
-------------------------------
identifier {f29fb2ca-fa45-11e8-86b9-806e6f6e6963}
description EFI Network

Windows Boot Loader
-------------------
identifier {current}
device partition=C:
path \WINDOWS\system32\winload.efi
description Windows 10
locale en-US
inherit {bootloadersettings}
recoverysequence {d6b6f6b8-8e0d-11eb-b7f5-9ce6f921bac2}
displaymessageoverride Recovery
recoveryenabled Yes
isolatedcontext Yes
allowedinmemorysettings 0x15000075
osdevice partition=C:
systemroot \WINDOWS
resumeobject {d6b6f6b6-8e0d-11eb-b7f5-9ce6f921bac2}
nx OptIn
safeboot Network
bootmenupolicy Standard

Windows Boot Loader
-------------------
identifier {d6b6f6b8-8e0d-11eb-b7f5-9ce6f921bac2}
device ramdisk=[\Device\HarddiskVolume5]\Recovery\WindowsRE\Winre.wim,{d6b6f6b9-8e0d-11eb-b7f5-9ce6f921bac2}
path \windows\system32\winload.efi
description Windows Recovery Environment
locale en-US
inherit {bootloadersettings}
displaymessage Recovery
osdevice ramdisk=[\Device\HarddiskVolume5]\Recovery\WindowsRE\Winre.wim,{d6b6f6b9-8e0d-11eb-b7f5-9ce6f921bac2}
systemroot \windows
nx OptIn
bootmenupolicy Standard
winpe Yes

Resume from Hibernate
---------------------
identifier {d6b6f6b6-8e0d-11eb-b7f5-9ce6f921bac2}
device partition=C:
path \WINDOWS\system32\winresume.efi
description Windows Resume Application
locale en-US
inherit {resumeloadersettings}
recoverysequence {d6b6f6b8-8e0d-11eb-b7f5-9ce6f921bac2}
recoveryenabled Yes
isolatedcontext Yes
allowedinmemorysettings 0x15000075
filedevice partition=C:
filepath \hiberfil.sys
bootmenupolicy Standard
debugoptionenabled No

Windows Memory Tester
---------------------
identifier {memdiag}
device partition=\Device\HarddiskVolume1
path \EFI\Microsoft\Boot\memtest.efi
description Windows Memory Diagnostic
locale en-US
inherit {globalsettings}
badmemoryaccess Yes

EMS Settings
------------
identifier {emssettings}
bootems No

Debugger Settings
-----------------
identifier {dbgsettings}
debugtype Local

RAM Defects
-----------
identifier {badmemory}

Global Settings
---------------
identifier {globalsettings}
inherit {dbgsettings}
{emssettings}
{badmemory}

Boot Loader Settings
--------------------
identifier {bootloadersettings}
inherit {globalsettings}
{hypervisorsettings}

Hypervisor Settings
-------------------
identifier {hypervisorsettings}
hypervisordebugtype Serial
hypervisordebugport 1
hypervisorbaudrate 115200

Resume Loader Settings
----------------------
identifier {resumeloadersettings}
inherit {globalsettings}

Device options
--------------
identifier {d6b6f6b9-8e0d-11eb-b7f5-9ce6f921bac2}
description Windows Recovery
ramdisksdidevice partition=\Device\HarddiskVolume5
ramdisksdipath \Recovery\WindowsRE\boot.sdi

==================== End of FRST.txt ========================
 
Hereby the additional.txt

Additional scan result of Farbar Recovery Scan Tool (x64) Version: 25-03-2022
Ran by Lenovo (28-03-2022 15:37:53)
Running from E:\
Microsoft Windows 10 Home Single Language Version 21H2 19044.1466 (X64) (2021-03-25 17:05:01)
Boot Mode: Safe Mode (with Networking)
==========================================================


==================== Accounts: =============================


(If an entry is included in the fixlist, it will be removed.)

Administrator (S-1-5-21-2575895730-1785380193-1639384506-500 - Administrator - Disabled)
DefaultAccount (S-1-5-21-2575895730-1785380193-1639384506-503 - Limited - Disabled)
Guest (S-1-5-21-2575895730-1785380193-1639384506-501 - Limited - Disabled)
Lenovo (S-1-5-21-2575895730-1785380193-1639384506-1001 - Administrator - Enabled) => C:\Users\Lenovo
test (S-1-5-21-2575895730-1785380193-1639384506-1002 - Administrator - Enabled)
WDAGUtilityAccount (S-1-5-21-2575895730-1785380193-1639384506-504 - Limited - Disabled)

==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AV: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AV: COMODO Antivirus (Enabled - Up to date) {05BC7AB5-FF0E-71EC-1054-15DA19B62DC7}
AS: Avira Antivirus (Enabled - Up to date) {33CF8AA2-FA06-4AD4-98AB-332D53DD7FFB}
AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
FW: COMODO Firewall (Enabled) {3D87FB90-B561-70B4-3B0B-BCEFE7656ABC}

==================== Installed Programs ======================

(Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

7-Zip 21.07 (x64) (HKLM\...\7-Zip) (Version: 21.07 - Igor Pavlov)
Adobe Acrobat Reader DC (HKLM-x32\...\{AC76BA86-7AD7-1033-7B44-AC0F074E4100}) (Version: 19.010.20098 - Adobe Systems Incorporated)
COMODO Internet Security Premium (HKLM\...\{529CC629-B436-4886-B322-4BE75B97783D}) (Version: 12.2.2.8012 - COMODO Security Solutions Inc.) Hidden
COMODO Internet Security Premium (HKLM\...\COMODO Internet Security) (Version: 12.2.2.8012 - COMODO Security Solutions Inc.)
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 99.0.4844.84 - Google LLC)
Intel(R) Chipset Device Software (HKLM-x32\...\{198ea563-6afd-48b8-a6dc-ae82370decaf}) (Version: 10.1.17673.8084 - Intel(R) Corporation) Hidden
Intel(R) Trusted Connect Service Client x86 (HKLM-x32\...\{C9552825-7BF2-4344-BA91-D3CD46F4C441}) (Version: 1.49.213.1 - Intel Corporation) Hidden
Intel(R) Trusted Connect Services Client (HKLM-x32\...\{3b132227-4567-48a1-9f85-0d0dad4346ee}) (Version: 1.49.213.1 - Intel Corporation) Hidden
Intel(R) Trusted Execution Engine (HKLM\...\{176E2755-0A17-42C6-88E2-192AB2131278}) (Version: 1824.4.0.1008 - Intel Corporation)
Lenovo App Explorer (HKU\S-1-5-21-2575895730-1785380193-1639384506-1001\...\Host App Service) (Version: 0.273.4.369 - SweetLabs for Lenovo) <==== ATTENTION
Lenovo Vantage Service (HKLM-x32\...\VantageSRV_is1) (Version: 3.11.20.0 - Lenovo Group Ltd.)
Microsoft Edge (HKLM-x32\...\Microsoft Edge) (Version: 99.0.1150.55 - Microsoft Corporation)
Microsoft Edge WebView2 Runtime (HKLM-x32\...\Microsoft EdgeWebView) (Version: 99.0.1150.52 - Microsoft Corporation)
Microsoft Update Health Tools (HKLM\...\{5016990D-7F61-4A20-9451-A915D6616DD9}) (Version: 3.66.0.0 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x64) - 12.0.30501 (HKLM-x32\...\{050d4fc8-5d48-4b8f-8972-47c82c46020f}) (Version: 12.0.30501.0 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.30501 (HKLM-x32\...\{f65db027-aff3-4070-886a-0d87064aabb1}) (Version: 12.0.30501.0 - Microsoft Corporation)
Update for Windows 10 for x64-based Systems (KB4023057) (HKLM\...\{32DC821E-4A7D-4878-BEE8-337FA153D7F2}) (Version: 2.63.0.0 - Microsoft Corporation) Hidden
Update for Windows 10 for x64-based Systems (KB4480730) (HKLM\...\{2E8B8BDD-03DF-4C1C-8C99-E6A4BCBF43CE}) (Version: 2.51.0.0 - Microsoft Corporation)
VLC media player (HKLM\...\VLC media player) (Version: 3.0.6 - VideoLAN)
Zoom (HKU\S-1-5-21-2575895730-1785380193-1639384506-1001\...\ZoomUMX) (Version: 5.8.0 (1324) - Zoom Video Communications, Inc.)

Packages:
=========
Candy Crush Friends -> C:\Program Files\WindowsApps\king.com.CandyCrushFriends_1.76.6.0_x64__kgqvnymyfvs32 [2022-03-25] (king.com)
Candy Crush Saga -> C:\Program Files\WindowsApps\king.com.CandyCrushSaga_1.2231.1.0_x64__kgqvnymyfvs32 [2022-03-25] (king.com)
Dolby Audio -> C:\Program Files\WindowsApps\DolbyLaboratories.DolbyAudio_3.20500.501.0_x64__rz1tebttyb220 [2021-12-10] (Dolby Laboratories)
Intel® Graphics Command Center -> C:\Program Files\WindowsApps\AppUp.IntelGraphicsExperience_1.100.3407.0_x64__8j3eq9eme6ctt [2021-12-10] (INTEL CORP) [Startup Task]
Intel® Graphics Control Panel -> C:\Program Files\WindowsApps\AppUp.IntelGraphicsControlPanel_3.3.0.0_x64__8j3eq9eme6ctt [2021-12-01] (INTEL CORP)
Lenovo Hotkeys -> C:\Program Files\WindowsApps\E0469640.LenovoUtility_4.2.33.0_x64__5grkq8ppsgwt4 [2022-02-22] (LENOVO INC) [Startup Task]
Lenovo Vantage -> C:\Program Files\WindowsApps\E046963F.LenovoCompanion_10.2202.9.0_x64__k1h2ywk1493x8 [2022-03-04] (LENOVO INC.)
LinkedIn -> C:\Program Files\WindowsApps\7EE7776C.LinkedInforWindows_2.1.7098.0_neutral__w1wdnht996qgy [2019-08-11] (LinkedIn)
Microsoft Advertising SDK for XAML -> C:\Program Files\WindowsApps\Microsoft.Advertising.Xaml_10.1811.1.0_x64__8wekyb3d8bbwe [2021-03-26] (Microsoft Corporation) [MS Ad]
Microsoft Advertising SDK for XAML -> C:\Program Files\WindowsApps\Microsoft.Advertising.Xaml_10.1811.1.0_x86__8wekyb3d8bbwe [2021-03-26] (Microsoft Corporation) [MS Ad]
Microsoft Solitaire Collection -> C:\Program Files\WindowsApps\Microsoft.MicrosoftSolitaireCollection_4.12.3171.0_x64__8wekyb3d8bbwe [2022-03-28] (Microsoft Studios) [MS Ad]
MPEG-2 Video Extension -> C:\Program Files\WindowsApps\Microsoft.MPEG2VideoExtension_1.0.42152.0_x64__8wekyb3d8bbwe [2021-08-25] (Microsoft Corporation)
Photos Media Engine Add-on -> C:\Program Files\WindowsApps\Microsoft.Photos.MediaEngineDLC_1.0.0.0_x64__8wekyb3d8bbwe [2020-06-13] (Microsoft Corporation)
Realtek Audio Control -> C:\Program Files\WindowsApps\RealtekSemiconductorCorp.RealtekAudioControl_1.5.192.0_x64__dt26b99r8h8gj [2021-12-06] (Realtek Semiconductor Corp)
Spotify Music -> C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.181.604.0_x86__zpdnekdrzrea0 [2022-03-25] (Spotify AB) [Startup Task]

==================== Custom CLSID (Whitelisted): ==============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

CustomCLSID: HKU\S-1-5-21-2575895730-1785380193-1639384506-1001_Classes\CLSID\{d1b22d3d-8585-53a6-acb3-0e803c7e8d2a}\localserver32 -> "C:\Users\Lenovo\AppData\Local\Microsoft\Teams\current\Teams.exe" --toast => No File
ContextMenuHandlers1: [7-Zip] -> {23170F69-40C1-278A-1000-000100020000} => C:\Program Files\7-Zip\7-zip.dll [2021-12-26] (Igor Pavlov) [File not signed]
ContextMenuHandlers1: [Comodo Antivirus] -> {4255A182-CAD9-4214-A19B-7BA7FB633BBD} => C:\Program Files\COMODO\COMODO Internet Security\cavshell.dll [2021-01-22] (Comodo Security Solutions, Inc. -> COMODO)
ContextMenuHandlers2: [Comodo Antivirus] -> {4255A182-CAD9-4214-A19B-7BA7FB633BBD} => C:\Program Files\COMODO\COMODO Internet Security\cavshell.dll [2021-01-22] (Comodo Security Solutions, Inc. -> COMODO)
ContextMenuHandlers4: [7-Zip] -> {23170F69-40C1-278A-1000-000100020000} => C:\Program Files\7-Zip\7-zip.dll [2021-12-26] (Igor Pavlov) [File not signed]
ContextMenuHandlers6: [7-Zip] -> {23170F69-40C1-278A-1000-000100020000} => C:\Program Files\7-Zip\7-zip.dll [2021-12-26] (Igor Pavlov) [File not signed]
ContextMenuHandlers6: [Comodo Antivirus] -> {4255A182-CAD9-4214-A19B-7BA7FB633BBD} => C:\Program Files\COMODO\COMODO Internet Security\cavshell.dll [2021-01-22] (Comodo Security Solutions, Inc. -> COMODO)

==================== Codecs (Whitelisted) ====================

==================== Shortcuts & WMI ========================

(The entries could be listed to be restored or removed.)

ShortcutWithArgument: C:\Users\Lenovo\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\ImplicitAppShortcuts\d249d9ddd424b688\Google Chrome.lnk -> C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google LLC) -> --profile-directory=Default
ShortcutWithArgument: C:\Users\Lenovo\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\ImplicitAppShortcuts\9501e18d7c2ab92e\Google Chrome.lnk -> C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google LLC) -> --profile-directory="Profile 2"
ShortcutWithArgument: C:\Users\Lenovo\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\ImplicitAppShortcuts\69639df789022856\Google Chrome.lnk -> C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google LLC) -> --profile-directory="Profile 1"
ShortcutWithArgument: C:\Users\Lenovo\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\ImplicitAppShortcuts\48499db33039e897\Graze - Chrome.lnk -> C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google LLC) -> --profile-directory="Profile 4"

==================== Loaded Modules (Whitelisted) =============

==================== Alternate Data Streams (Whitelisted) ========

==================== Safe Mode (Whitelisted) ==================

(If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)

HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Option => "OptionValue"="2"

==================== Association (Whitelisted) =================

==================== Internet Explorer (Whitelisted) ==========

HKU\S-1-5-21-2575895730-1785380193-1639384506-1001\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://lenovo17win10.msn.com/?pc=LCTE
HKU\S-1-5-21-2575895730-1785380193-1639384506-1001\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://lenovo17win10.msn.com/?pc=LCTE
HKU\S-1-5-21-2575895730-1785380193-1639384506-1001\Software\Microsoft\Internet Explorer\Main,Secondary Start Pages = hxxp://mystart.lenovo.com/

==================== Hosts content: =========================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2018-04-12 07:38 - 2020-04-29 22:04 - 000000822 _____ C:\WINDOWS\system32\drivers\etc\hosts

==================== Other Areas ===========================

(Currently there is no automatic fix for this section.)

HKLM\System\CurrentControlSet\Control\Session Manager\Environment\\Path -> C:\ProgramData\Oracle\Java\javapath;C:\Program Files (x86)\Intel\TXE Components\iCLS\;C:\Program Files\Intel\TXE Components\iCLS\;%SystemRoot%\system32;%SystemRoot%;%SystemRoot%\System32\Wbem;%SYSTEMROOT%\System32\WindowsPowerShell\v1.0\;%SYSTEMROOT%\System32\OpenSSH\;C:\Program Files\Intel\TXE Components\DAL\;C:\Program Files (x86)\Intel\TXE Components\DAL\;C:\Program Files\Intel\TXE Components\IPT\;C:\Program Files (x86)\Intel\TXE Components\IPT\
HKU\S-1-5-21-2575895730-1785380193-1639384506-1001\Control Panel\Desktop\\Wallpaper -> c:\windows\web\wallpaper\theme1\img13.jpg
DNS Servers: Media is not connected to internet.
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1)
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer => (SmartScreenEnabled: )
Windows Firewall is enabled.

Network Binding:
=============
Wi-Fi: COMODO Internet Security Firewall Driver -> inspect (enabled)
Ethernet: COMODO Internet Security Firewall Driver -> inspect (enabled)

==================== MSCONFIG/TASK MANAGER disabled items ==

(If an entry is included in the fixlist, it will be removed.)

HKLM\...\StartupApproved\Run32: => "Avira SystrayStartTrigger"
HKLM\...\StartupApproved\Run32: => "SunJavaUpdateSched"
HKU\S-1-5-21-2575895730-1785380193-1639384506-1001\...\StartupApproved\Run: => "OneDrive"
HKU\S-1-5-21-2575895730-1785380193-1639384506-1001\...\StartupApproved\Run: => "Skype for Desktop"
HKU\S-1-5-21-2575895730-1785380193-1639384506-1001\...\StartupApproved\Run: => "com.squirrel.Teams.Teams"
HKU\S-1-5-21-2575895730-1785380193-1639384506-1001\...\StartupApproved\Run: => "Opera Browser Assistant"
HKU\S-1-5-21-2575895730-1785380193-1639384506-1001\...\StartupApproved\Run: => "Grammarly"

==================== FirewallRules (Whitelisted) ================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

FirewallRules: [{9F466C4D-A059-4D5D-AA66-2A00CDA638B2}] => (Allow) C:\Program Files (x86)\Microsoft\Skype for Desktop\Skype.exe => No File
FirewallRules: [{13FE4A86-5267-47E9-A898-B47B1972103B}] => (Allow) C:\Program Files (x86)\Microsoft\Skype for Desktop\Skype.exe => No File
FirewallRules: [{BE369EF3-5ABB-4036-8A60-94EF42FF6175}] => (Block) C:\users\lenovo\appdata\local\slack\app-4.3.4\slack.exe => No File
FirewallRules: [{D75F1F8B-9AF4-44DF-BF08-1A7A18BA9D11}] => (Block) C:\users\lenovo\appdata\local\slack\app-4.3.4\slack.exe => No File
FirewallRules: [UDP Query User{1B02B903-C9EA-4A60-8BE5-9D61C54D1FF3}C:\users\lenovo\appdata\local\slack\app-4.3.4\slack.exe] => (Allow) C:\users\lenovo\appdata\local\slack\app-4.3.4\slack.exe => No File
FirewallRules: [TCP Query User{E5C84F2A-1F81-4D86-A763-794D1376D8BD}C:\users\lenovo\appdata\local\slack\app-4.3.4\slack.exe] => (Allow) C:\users\lenovo\appdata\local\slack\app-4.3.4\slack.exe => No File
FirewallRules: [UDP Query User{AB1A9EAF-EA14-4789-A314-959C4083C48E}C:\program files (x86)\conectys voip softphone\conectys voip softphone.exe] => (Allow) C:\program files (x86)\conectys voip softphone\conectys voip softphone.exe => No File
FirewallRules: [TCP Query User{743B718C-BA58-46DE-A878-439C50F15855}C:\program files (x86)\conectys voip softphone\conectys voip softphone.exe] => (Allow) C:\program files (x86)\conectys voip softphone\conectys voip softphone.exe => No File
FirewallRules: [UDP Query User{29A6D1D9-EDA3-41CE-9EDD-EDD31A87A552}C:\users\lenovo\appdata\local\microsoft\teams\current\teams.exe] => (Allow) C:\users\lenovo\appdata\local\microsoft\teams\current\teams.exe => No File
FirewallRules: [TCP Query User{11FF4097-E3D4-4D03-9421-648F05644F85}C:\users\lenovo\appdata\local\microsoft\teams\current\teams.exe] => (Allow) C:\users\lenovo\appdata\local\microsoft\teams\current\teams.exe => No File
FirewallRules: [{417E4433-71AB-45B4-9A11-42CFE37D01D0}] => (Allow) C:\Program Files\Mozilla Firefox\firefox.exe => No File
FirewallRules: [{BDD9015D-832B-4B34-B4A6-AFC690C0655E}] => (Allow) C:\Program Files (x86)\Microsoft Office\root\Office16\Lync.exe => No File
FirewallRules: [{DD5A0802-FADD-4563-88F4-F8C60C4E86DC}] => (Allow) C:\Program Files (x86)\Microsoft Office\root\Office16\UcMapi.exe => No File
FirewallRules: [{7CD51812-8F60-4CE0-9649-88B88FDBBA1C}] => (Block) C:\Program Files (x86)\Avira\SoftwareUpdater\avirasoftwareupdatertoastnotificationsbridge.exe => No File
FirewallRules: [{B4DB6731-FDAD-4CFC-9E43-6EFFBF65BB20}] => (Allow) C:\Program Files (x86)\Avira\SoftwareUpdater\avirasoftwareupdatertoastnotificationsbridge.exe => No File
FirewallRules: [{7492D8C2-DC67-4AE4-AB6C-3E16B10D44FA}] => (Allow) C:\Program Files (x86)\Avira\SoftwareUpdater\avirasoftwareupdatertoastnotificationsbridge.exe => No File
FirewallRules: [{AF8EE877-BF9A-4DCB-8EE4-946BE7A2449E}] => (Allow) C:\Users\Lenovo\AppData\Roaming\Zoom\bin\Zoom.exe (Zoom Video Communications, Inc. -> Zoom Video Communications, Inc.)
FirewallRules: [{46709AFD-E676-464B-AEFB-A22449CF2029}] => (Allow) C:\Users\Lenovo\AppData\Roaming\Zoom\bin\airhost.exe => No File
FirewallRules: [{20CA9675-6CD9-40A5-829E-A5B33AC3DF7E}] => (Allow) C:\Users\Lenovo\AppData\Roaming\Zoom\bin_00\Zoom.exe => No File
FirewallRules: [{524A65F6-D513-49B6-B33A-818221A1DB39}] => (Allow) C:\Users\Lenovo\AppData\Roaming\Zoom\bin_00\airhost.exe => No File
FirewallRules: [{8B2DBB50-F011-4D65-B7F9-54C33AC98E2F}] => (Allow) C:\Users\Lenovo\AppData\Roaming\Zoom\bin_00\airhost.exe => No File
FirewallRules: [TCP Query User{45455ADB-AF28-4EA1-8529-B41514789FBF}C:\users\lenovo\appdata\roaming\.tlauncher\jvms\jre1.8.0_281\bin\javaw.exe] => (Allow) C:\users\lenovo\appdata\roaming\.tlauncher\jvms\jre1.8.0_281\bin\javaw.exe => No File
FirewallRules: [UDP Query User{765ECC37-0157-42AE-877F-E9C06EFF334C}C:\users\lenovo\appdata\roaming\.tlauncher\jvms\jre1.8.0_281\bin\javaw.exe] => (Allow) C:\users\lenovo\appdata\roaming\.tlauncher\jvms\jre1.8.0_281\bin\javaw.exe => No File
FirewallRules: [TCP Query User{055546AB-F8DA-47AE-8043-71C0B241321C}C:\users\lenovo\appdata\roaming\.minecraft\runtime\java-runtime-alpha\windows\java-runtime-alpha\bin\javaw.exe] => (Allow) C:\users\lenovo\appdata\roaming\.minecraft\runtime\java-runtime-alpha\windows\java-runtime-alpha\bin\javaw.exe => No File
FirewallRules: [UDP Query User{6EE191F1-9B47-42D2-9FEF-FAFF4CE7AD3B}C:\users\lenovo\appdata\roaming\.minecraft\runtime\java-runtime-alpha\windows\java-runtime-alpha\bin\javaw.exe] => (Allow) C:\users\lenovo\appdata\roaming\.minecraft\runtime\java-runtime-alpha\windows\java-runtime-alpha\bin\javaw.exe => No File
FirewallRules: [TCP Query User{1F11E9BB-BCD2-4115-96F3-E4CB297633E4}C:\users\lenovo\appdata\roaming\.minecraft\runtime\java-runtime-beta\windows\java-runtime-beta\bin\javaw.exe] => (Block) C:\users\lenovo\appdata\roaming\.minecraft\runtime\java-runtime-beta\windows\java-runtime-beta\bin\javaw.exe => No File
FirewallRules: [UDP Query User{8C3B6724-6188-4E12-A293-B50A37D5BD93}C:\users\lenovo\appdata\roaming\.minecraft\runtime\java-runtime-beta\windows\java-runtime-beta\bin\javaw.exe] => (Block) C:\users\lenovo\appdata\roaming\.minecraft\runtime\java-runtime-beta\windows\java-runtime-beta\bin\javaw.exe => No File
FirewallRules: [{24AB4C15-95CB-489F-BBCA-2A345B9203F1}] => (Allow) C:\Program Files\WindowsApps\Microsoft.SkypeApp_15.82.404.0_x86__kzf8qxf38zg5c\Skype\Skype.exe (Skype Software Sarl -> Skype Technologies S.A.)
FirewallRules: [{E6BE3C35-56E8-498C-A7EF-6CB5D2EC8166}] => (Allow) C:\Program Files\WindowsApps\Microsoft.SkypeApp_15.82.404.0_x86__kzf8qxf38zg5c\Skype\Skype.exe (Skype Software Sarl -> Skype Technologies S.A.)
FirewallRules: [{0E64CDB1-E0AD-4DCD-B94C-43F08DA3C4ED}] => (Allow) C:\Program Files\WindowsApps\Microsoft.SkypeApp_15.82.404.0_x86__kzf8qxf38zg5c\Skype\Skype.exe (Skype Software Sarl -> Skype Technologies S.A.)
FirewallRules: [{EBEEBE1A-CD76-415F-BA14-8FEA5A8464E0}] => (Allow) C:\Program Files\WindowsApps\Microsoft.SkypeApp_15.82.404.0_x86__kzf8qxf38zg5c\Skype\Skype.exe (Skype Software Sarl -> Skype Technologies S.A.)
FirewallRules: [{461539BE-19BA-4A4C-B735-6B0DA3D783E6}] => (Allow) C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.181.604.0_x86__zpdnekdrzrea0\Spotify.exe (Spotify AB -> Spotify Ltd)
FirewallRules: [{F5D308D5-0E96-4530-B2C5-BAB77F50F30A}] => (Allow) C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.181.604.0_x86__zpdnekdrzrea0\Spotify.exe (Spotify AB -> Spotify Ltd)
FirewallRules: [{D5E1B75D-F9E9-4DF6-8034-93ACB146426F}] => (Allow) C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.181.604.0_x86__zpdnekdrzrea0\Spotify.exe (Spotify AB -> Spotify Ltd)
FirewallRules: [{C963DBF9-314F-4161-8D03-C9F476CDCFBA}] => (Allow) C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.181.604.0_x86__zpdnekdrzrea0\Spotify.exe (Spotify AB -> Spotify Ltd)
FirewallRules: [{9A717539-E167-4FFE-9095-327F16EDF9BF}] => (Allow) C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.181.604.0_x86__zpdnekdrzrea0\Spotify.exe (Spotify AB -> Spotify Ltd)
FirewallRules: [{5F8CC322-6429-4CD5-9AA0-1C13F20756AA}] => (Allow) C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.181.604.0_x86__zpdnekdrzrea0\Spotify.exe (Spotify AB -> Spotify Ltd)
FirewallRules: [{C1B56218-9EF7-4C70-848A-D464C455F7AC}] => (Allow) C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.181.604.0_x86__zpdnekdrzrea0\Spotify.exe (Spotify AB -> Spotify Ltd)
FirewallRules: [{A3F58D6C-2EE2-4B20-97DB-BA32BAFECC4C}] => (Allow) C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.181.604.0_x86__zpdnekdrzrea0\Spotify.exe (Spotify AB -> Spotify Ltd)
FirewallRules: [{6FF44086-054B-482A-8F59-56F8C7DC6899}] => (Allow) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google LLC -> Google LLC)
FirewallRules: [{BD1857A3-BAC8-43A3-A928-54AF1D167030}] => (Allow) C:\Program Files (x86)\Microsoft\EdgeWebView\Application\99.0.1150.52\msedgewebview2.exe (Microsoft Corporation -> Microsoft Corporation)

==================== Restore Points =========================

ATTENTION: System Restore is disabled (Total:233.31 GB) (Free:198.99 GB) (85%)
Check "VSS" service


==================== Faulty Device Manager Devices ============

Name: System Interface Foundation V2 Device
Description: System Interface Foundation V2 Device
Class Guid: {4d36e97d-e325-11ce-bfc1-08002be10318}
Manufacturer: Lenovo
Service: WUDFRd
Problem: : This device is not working properly because Windows cannot load the drivers required for this device. (Code 31)
Resolution: Update the driver

Name: Qualcomm Atheros QCA9377 Wireless Network Adapter
Description: Qualcomm Atheros QCA9377 Wireless Network Adapter
Class Guid: {4d36e972-e325-11ce-bfc1-08002be10318}
Manufacturer: Qualcomm Atheros Communications Inc.
Service: Qcamain10x64
Problem: : Windows cannot initialize the device driver for this hardware. (Code 37)
Resolution: The driver returned failure from its DriverEntry routine. Uninstall the driver, and then click "Scan for hardware changes" to reinstall or upgrade the driver.


==================== Event log errors: ========================

Application errors:
==================
Error: (03/28/2022 01:20:15 PM) (Source: System Restore) (EventID: 8193) (User: )
Description: Failed to create restore point (Process = msiexec.exe; Description = CIS Installer; Error = System Restore service is disabled.).

Error: (03/25/2022 04:13:24 PM) (Source: Microsoft-Windows-Defrag) (EventID: 264) (User: )
Description: The storage optimizer couldn't complete retrim on DATA (D:) because: The operation requested is not supported by the hardware backing the volume. (0x8900002A)

Error: (03/25/2022 04:13:23 PM) (Source: Microsoft-Windows-Defrag) (EventID: 264) (User: )
Description: The storage optimizer couldn't complete retrim on Windows (C:) because: The operation requested is not supported by the hardware backing the volume. (0x8900002A)

Error: (03/15/2022 01:48:56 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: OfficeC2RClient.exe, version: 16.0.14931.20120, time stamp: 0x6219ca73
Faulting module name: OfficeC2RClient.exe, version: 16.0.14931.20120, time stamp: 0x6219ca73
Exception code: 0xc0000005
Fault offset: 0x00000000004724e3
Faulting process id: 0x3f18
Faulting application start time: 0x01d8382e1fbb4147
Faulting application path: C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeC2RClient.exe
Faulting module path: C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeC2RClient.exe
Report Id: 92c5116b-c78c-463d-b5ae-b603056e0025
Faulting package full name:
Faulting package-relative application ID:

Error: (03/15/2022 01:33:54 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: GameBar.exe, version: 5.721.12013.0, time stamp: 0x61a7f69b
Faulting module name: KERNELBASE.dll, version: 10.0.19041.1466, time stamp: 0xe01c7650
Exception code: 0xc0000409
Fault offset: 0x000000000010b362
Faulting process id: 0x1a9c
Faulting application start time: 0x01d8382e2701edf8
Faulting application path: C:\Program Files\WindowsApps\Microsoft.XboxGamingOverlay_5.721.12013.0_x64__8wekyb3d8bbwe\GameBar.exe
Faulting module path: C:\WINDOWS\System32\KERNELBASE.dll
Report Id: af8ead5d-e4c9-440b-9448-6862a87d8d50
Faulting package full name: Microsoft.XboxGamingOverlay_5.721.12013.0_x64__8wekyb3d8bbwe
Faulting package-relative application ID: App

Error: (03/15/2022 01:31:27 PM) (Source: Microsoft-Windows-AppModel-State) (EventID: 12) (User: LAPTOP-4GMS9R3D)
Description: Microsoft.AAD.BrokerPlugin_cw5n1h2txyewy-2147023878

Error: (03/11/2022 07:54:26 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: OfficeC2RClient.exe, version: 16.0.14931.20120, time stamp: 0x6219ca73
Faulting module name: OfficeC2RClient.exe, version: 16.0.14931.20120, time stamp: 0x6219ca73
Exception code: 0xc0000005
Fault offset: 0x00000000004724e3
Faulting process id: 0x1c08
Faulting application start time: 0x01d834d8d711a40c
Faulting application path: C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeC2RClient.exe
Faulting module path: C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeC2RClient.exe
Report Id: cc83844d-c8a2-408c-bb2d-7207d251405b
Faulting package full name:
Faulting package-relative application ID:

Error: (03/09/2022 08:44:27 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: OfficeC2RClient.exe, version: 16.0.14931.20120, time stamp: 0x6219ca73
Faulting module name: OfficeC2RClient.exe, version: 16.0.14931.20120, time stamp: 0x6219ca73
Exception code: 0xc0000005
Fault offset: 0x00000000004724e3
Faulting process id: 0x65c
Faulting application start time: 0x01d833b303bc73d6
Faulting application path: C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeC2RClient.exe
Faulting module path: C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeC2RClient.exe
Report Id: 83bbbd0d-f55d-49b4-b3c7-49ca8e966cf1
Faulting package full name:
Faulting package-relative application ID:


System errors:
=============
Error: (03/28/2022 03:39:23 PM) (Source: DCOM) (EventID: 10005) (User: NT AUTHORITY)
Description: DCOM got error "1084" attempting to start the service EventSystem with arguments "Unavailable" in order to run the server:
{1BE1F766-5536-11D1-B726-00C04FB926AF}

Error: (03/28/2022 03:39:05 PM) (Source: DCOM) (EventID: 10005) (User: LAPTOP-4GMS9R3D)
Description: DCOM got error "1084" attempting to start the service BITS with arguments "Unavailable" in order to run the server:
{4991D34B-80A1-4291-83B6-3328366B9097}

Error: (03/28/2022 03:39:05 PM) (Source: DCOM) (EventID: 10005) (User: LAPTOP-4GMS9R3D)
Description: DCOM got error "1084" attempting to start the service BITS with arguments "Unavailable" in order to run the server:
{F087771F-D74F-4C1A-BB8A-E16ACA9124EA}

Error: (03/28/2022 03:39:05 PM) (Source: DCOM) (EventID: 10005) (User: LAPTOP-4GMS9R3D)
Description: DCOM got error "1084" attempting to start the service BITS with arguments "Unavailable" in order to run the server:
{6D18AD12-BDE3-4393-B311-099C346E6DF9}

Error: (03/28/2022 03:39:05 PM) (Source: DCOM) (EventID: 10005) (User: LAPTOP-4GMS9R3D)
Description: DCOM got error "1084" attempting to start the service BITS with arguments "Unavailable" in order to run the server:
{03CA98D6-FF5D-49B8-ABC6-03DD84127020}

Error: (03/28/2022 03:39:05 PM) (Source: DCOM) (EventID: 10005) (User: LAPTOP-4GMS9R3D)
Description: DCOM got error "1084" attempting to start the service BITS with arguments "Unavailable" in order to run the server:
{659CDEA7-489E-11D9-A9CD-000D56965251}

Error: (03/28/2022 03:39:05 PM) (Source: DCOM) (EventID: 10005) (User: LAPTOP-4GMS9R3D)
Description: DCOM got error "1084" attempting to start the service BITS with arguments "Unavailable" in order to run the server:
{BB6DF56B-CACE-11DC-9992-0019B93A3A84}

Error: (03/28/2022 03:39:05 PM) (Source: DCOM) (EventID: 10005) (User: LAPTOP-4GMS9R3D)
Description: DCOM got error "1084" attempting to start the service BITS with arguments "Unavailable" in order to run the server:
{1ECCA34C-E88A-44E3-8D6A-8921BDE9E452}


Windows Defender:
================
Date: 2022-03-11 09:27:26
Description:
Microsoft Defender Antivirus scan has been stopped before completion.
Scan Type: Antimalware
Scan Parameters: Quick Scan

Date: 2022-03-09 21:38:14
Description:
Microsoft Defender Antivirus scan has been stopped before completion.
Scan Type: Antimalware
Scan Parameters: Quick Scan

Date: 2022-03-09 20:46:04
Description:
Microsoft Defender Antivirus scan has been stopped before completion.
Scan Type: Antimalware
Scan Parameters: Quick Scan

Date: 2022-03-09 20:45:18
Description:
Microsoft Defender Antivirus scan has been stopped before completion.
Scan Type: Antimalware
Scan Parameters: Quick Scan

Date: 2022-03-09 16:14:17
Description:
Microsoft Defender Antivirus scan has been stopped before completion.
Scan Type: Antimalware
Scan Parameters: Quick Scan
Event[0]:

Date: 2022-03-24 21:31:11
Description:
Microsoft Defender Antivirus has encountered an error trying to update security intelligence.
New security intelligence Version:
Previous security intelligence Version: 1.361.14.0
Update Source: Microsoft Malware Protection Center
Security intelligence Type: AntiVirus
Update Type: Full
Current Engine Version:
Previous Engine Version: 1.1.19000.8
Error code: 0x80070102
Error description: The wait operation timed out.

Date: 2022-03-15 14:05:12
Description:
Microsoft Defender Antivirus has encountered an error trying to update security intelligence.
New security intelligence Version:
Previous security intelligence Version: 1.359.1779.0
Update Source: Microsoft Update Server
Security intelligence Type: AntiVirus
Update Type: Full
Current Engine Version:
Previous Engine Version: 1.1.18900.3
Error code: 0x80070102
Error description: The wait operation timed out.

Date: 2022-03-15 14:05:12
Description:
Microsoft Defender Antivirus has encountered an error trying to update security intelligence.
New security intelligence Version:
Previous security intelligence Version: 1.359.1779.0
Update Source: Microsoft Update Server
Security intelligence Type: AntiVirus
Update Type: Full
Current Engine Version:
Previous Engine Version: 1.1.18900.3
Error code: 0x80070102
Error description: The wait operation timed out.

Date: 2022-03-06 18:01:30
Description:
Microsoft Defender Antivirus has encountered an error trying to update security intelligence.
New security intelligence Version:
Previous security intelligence Version: 1.359.1323.0
Update Source: Microsoft Malware Protection Center
Security intelligence Type: AntiVirus
Update Type: Full
Current Engine Version:
Previous Engine Version: 1.1.18900.3
Error code: 0x80070102
Error description: The wait operation timed out.

Date: 2022-03-02 09:22:11
Description:
Microsoft Defender Antivirus has encountered an error trying to update security intelligence.
New security intelligence Version:
Previous security intelligence Version: 1.359.727.0
Update Source: Microsoft Malware Protection Center
Security intelligence Type: AntiVirus
Update Type: Full
Current Engine Version:
Previous Engine Version: 1.1.18900.3
Error code: 0x80070020
Error description: The process cannot access the file because it is being used by another process.

CodeIntegrity:
===============
Date: 2022-03-28 14:56:37
Description:
Windows is unable to verify the image integrity of the file \Device\HarddiskVolume3\Windows\System32\guard64.dll because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

Date: 2022-03-28 14:46:19
Description:
Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume3\Windows\System32\guard64.dll because the set of per-page image hashes could not be found on the system.


==================== Memory info ===========================

BIOS: LENOVO 7XCN41WW 06/17/2021
Motherboard: LENOVO LNVNB161216
Processor: Intel(R) Celeron(R) N4100 CPU @ 1.10GHz
Percentage of memory in use: 38%
Total physical RAM: 3918.57 MB
Available physical RAM: 2411.52 MB
Total Virtual: 6862.57 MB
Available Virtual: 5621.45 MB

==================== Drives ================================

Drive c: (Windows) (Fixed) (Total:233.31 GB) (Free:198.99 GB) NTFS
Drive d: (DATA) (Fixed) (Total:231.21 GB) (Free:231.11 GB) NTFS
Drive e: () (Removable) (Total:1.85 GB) (Free:1.58 GB) FAT32

\\?\Volume{13e4f9b3-2fa4-4f98-b223-8d2e17574be3}\ (WINRE_DRV) (Fixed) (Total:0.98 GB) (Free:0.48 GB) NTFS
\\?\Volume{925a2a59-b5f0-475c-9fb3-7083b0159abb}\ (SYSTEM_DRV) (Fixed) (Total:0.25 GB) (Free:0.22 GB) FAT32

==================== MBR & Partition Table ====================

==========================================================
Disk: 0 (Size: 465.8 GB) (Disk ID: F58E5000)

Partition: GPT.

==========================================================
Disk: 1 (Protective MBR) (Size: 1.9 GB) (Disk ID: 00000000)

Partition: GPT.

==================== End of Addition.txt =======================
 
Please, observe following rules:
  • Read all of my instructions very carefully. Your mistakes during cleaning process may have very serious consequences, like unbootable computer.
  • If you're stuck, or you're not sure about certain step, always ask before doing anything else.
  • Please refrain from running any tools, fixes or applying any changes to your computer other than those I suggest.
  • Never run more than one scan at a time.
  • Keep updating me regarding your computer behavior, good, or bad.
  • The cleaning process, once started, has to be completed. Even if your computer appears to act better, it may still be infected. Once the computer is totally clean, I'll certainly let you know.
  • If you leave the topic without explanation in the middle of a cleaning process, you may not be eligible to receive any more help in malware removal forum.
  • I close my topics if you have not replied in 5 days. If you need more time, simply let me know. If I closed your topic and you need it to be reopened, simply PM me.

====================================

I don't see much there, so far.

redtarget.gif
Download RogueKiller from one of the following links and save it to your Desktop:

Link 1
Link 2
  • Close all the running programs
  • Double click on downloaded setup.exe file to install the program.
  • Click on Start Scan button.
  • Click on another Start Scan button.
  • Wait until the Status box shows Scan Finished
  • Click on Remove Selected.
  • Wait until the Status box shows Deleting Finished.
  • Click on Report and copy/paste the content of the Notepad into your next reply.
  • RKreport.txt could also be found on your desktop.
  • If more than one log is produced post all logs.
redtarget.gif
Please download Malwarebytes to your desktop.
  • Double-click mb3-setup-consumer-{version}.exe and follow the prompts to install the program.
  • Then click Finish.
  • Once the program has fully updated, select Scan Now on the Dashboard. Or select the Threat Scan from the Scan menu.
  • If another update of the definitions is available, it will be implemented before the rest of the scanning procedure.
  • When the scan is complete, make sure that all Threats are selected, and click Remove Selected.
  • Restart your computer when prompted to do so.
  • The Scan log is available throughout History ->Application logs. Please post it contents in your next reply.
redtarget.gif
Please download AdwCleaner by Xplode and save to your Desktop.
  • Double click on AdwCleaner.exe to run the tool.
    Vista/Windows 7/8/10 users right-click and select Run As Administrator
  • The tool will start to update the database if one is required.
  • Click on the Scan button.
  • AdwCleaner will begin...be patient as the scan may take some time to complete.
  • After the scan has finished, click on the Logfile button.
  • A window will open which lists the logs of your scans.
  • Click on the Scan tab.
  • Double-click the most recent scan which will be at the top of the list....the log will appear.
  • Review the results...see note below
  • After reviewing the log, click on the Clean button.
  • Press OK when asked to close all programs and follow the onscreen prompts.
  • Press OK again to allow AdwCleaner to restart the computer and complete the removal process.
  • After rebooting, a logfile report (AdwCleaner[CX].txt) will open automatically (where the largest value of X represents the most recent report).
  • To open a Cleaning log, launch AdwareClearer, click on the Logfile button, click on the Cleaning tab and double-click the log at the top of the list.
  • Copy and paste the contents of AdwCleaner[CX].txt in your next reply.
  • A copy of all logfiles are saved to C:\AdwCleaner.
-- Note: The contents of the AdwCleaner log file may be confusing. Unless you see a program name or entry that you recognize and know should not be removed, don't worry about it. If you see an entry you want to keep, return to AdwCleaner before cleaning...all detected items will be listed (and checked) in each tab. Click on and uncheck any items you want to keep.
 
Status
Not open for further replies.
Back