Hello,
seems that my system is infected with malware or so. It is very very slow. Only in safe mode it is workable. Who can help me to clean my system ?
These steps have been taken so far:
1. installed comodo vriusscanner and scanned the system . . . no viruses found so far.
2. downloaded FRST64.exe from https://www.bleepingcomputer.com and tried to run it, but every time when starting the application, it says it cannot update and closes. So booted the system into safe mode (with network connection).
Hereby the results of FRST.TXT and ADDITIONAL.TXT. Please advise into the next steps.
Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 25-03-2022
Ran by Lenovo (administrator) on LAPTOP-4GMS9R3D (LENOVO 81D0) (28-03-2022 15:32:15)
Running from E:\
Loaded Profiles: Lenovo
Platform: Microsoft Windows 10 Home Single Language Version 21H2 19044.1466 (X64) Language: English (United States)
Default browser: Chrome
Boot Mode: Safe Mode (with Networking)
==================== Processes (Whitelisted) =================
(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
(svchost.exe ->) (Microsoft Windows -> Microsoft Corporation) C:\Windows\HelpPane.exe
(svchost.exe ->) (Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\dllhost.exe <2>
(svchost.exe ->) (Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\smartscreen.exe
==================== Registry (Whitelisted) ===================
(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
HKLM\...\Run: [RtkAudUService] => C:\WINDOWS\System32\RtkAudUService64.exe [971256 2019-09-11] (Realtek Semiconductor Corp. -> Realtek Semiconductor)
HKLM\...\Run: [COMODO Autostart {D5EFF3B3-E126-4AF6-BCE9-852A72129E10}] => C:\Program Files\COMODO\COMODO Internet Security\cis.exe [13190952 2021-01-22] (Comodo Security Solutions, Inc. -> COMODO)
HKU\S-1-5-21-2575895730-1785380193-1639384506-1001\...\Run: [com.squirrel.Teams.Teams] => C:\Users\Lenovo\AppData\Local\Microsoft\Teams\Update.exe [2454184 2021-06-16] (Microsoft 3rd Party Application Component -> Microsoft Corporation)
HKLM\Software\Microsoft\Active Setup\Installed Components: [OpenVPN_UserSetup] -> reg delete HKCU\Software\Microsoft\Windows\CurrentVersion\Run /v OPENVPN-GUI /f
HKLM\Software\Microsoft\Active Setup\Installed Components: [{8A69D345-D564-463c-AFF1-A69D9E530F96}] -> C:\Program Files (x86)\Google\Chrome\Application\99.0.4844.84\Installer\chrmstp.exe [2022-03-28] (Google LLC -> Google LLC)
==================== Scheduled Tasks (Whitelisted) ============
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
Task: {02F94DC9-3E6B-483A-A018-06D84BE395E2} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [153168 2019-07-23] (Google Inc -> Google Inc.)
Task: {06FD82B6-07C8-4CD6-B2D8-02891D1EBD01} - System32\Tasks\Lenovo\Vantage\Schedule\LenovoSystemUpdateAddin_WeeklyTask => C:\Program Files (x86)\Lenovo\VantageService\3.11.20.0\ScheduleEventAction.exe [25344 2022-01-20] (Lenovo -> Lenovo Group Ltd.)
Task: {204357E3-EB3C-4295-8FD4-54DFDBCDF2D4} - System32\Tasks\COMODO\COMODO Signature Update {B9D5C6F9-17D2-4917-8BD0-614BAA1C6A59} => C:\Program Files\COMODO\COMODO Internet Security\cfpconfg.exe [5758488 2021-01-22] (Comodo Security Solutions, Inc. -> COMODO)
Task: {2A84A84B-446D-43C4-90F0-CC612078C2E6} - System32\Tasks\Lenovo\ImController\Lenovo iM Controller Scheduled Maintenance => "%windir%\system32\sc.exe" START ImControllerService
Task: {2F6A6360-9BA5-4A10-B8FE-7205706B92DB} - System32\Tasks\Lenovo\Vantage\Schedule\DailyTelemetryTransmission => C:\Program Files (x86)\Lenovo\VantageService\3.11.20.0\ScheduleEventAction.exe [25344 2022-01-20] (Lenovo -> Lenovo Group Ltd.)
Task: {3129D7A2-A22B-4CE1-A1D6-4F7BFEA573E7} - System32\Tasks\COMODO\COMODO Autostart {D5EFF3B3-E126-4AF6-BCE9-852A72129E10} => C:\Program Files\COMODO\COMODO Internet Security\cis.exe [13190952 2021-01-22] (Comodo Security Solutions, Inc. -> COMODO)
Task: {4CCACE4E-8049-4531-8178-7912646FAA7F} - System32\Tasks\Lenovo\ImController\TimeBasedEvents\96535b3f-22b0-4bb4-a630-7b6b5c88e695 => C:\WINDOWS\Lenovo\ImController\Service\Lenovo.Modern.ImController.exe [84240 2022-01-28] (Lenovo -> Lenovo Group Ltd.)
Task: {5BB1BBE9-D2F6-444C-A380-903DE6827257} - System32\Tasks\Lenovo\ImController\TimeBasedEvents\6511f1db-e9d7-4e97-ba6f-ec5bbaeaaa66 => C:\WINDOWS\Lenovo\ImController\Service\Lenovo.Modern.ImController.exe [84240 2022-01-28] (Lenovo -> Lenovo Group Ltd.)
Task: {601CA010-32AA-4608-B14A-0461466A662E} - System32\Tasks\COMODO\COMODO Maintenance {947247B5-026A-4437-9371-770782BE839D} => C:\Program Files\COMODO\COMODO Internet Security\cfpconfg.exe [5758488 2021-01-22] (Comodo Security Solutions, Inc. -> COMODO)
Task: {6791C349-2115-42DF-9126-41E294524941} - System32\Tasks\Lenovo\Vantage\Schedule\HeartbeatAddinDailyScheduleTask => C:\Program Files (x86)\Lenovo\VantageService\3.11.20.0\ScheduleEventAction.exe [25344 2022-01-20] (Lenovo -> Lenovo Group Ltd.)
Task: {6DA40FBD-0F9A-468A-A312-9732B49F5DD6} - System32\Tasks\Lenovo\ImController\TimeBasedEvents\382a45ea-9a44-4b7f-ab0d-977f57d7bc9f => C:\WINDOWS\Lenovo\ImController\Service\Lenovo.Modern.ImController.exe [84240 2022-01-28] (Lenovo -> Lenovo Group Ltd.)
Task: {829F98B7-927B-4DF0-ADE2-F2D51122B597} - System32\Tasks\COMODO\COMODO CMC {06A09C0F-DD9C-4191-A670-71115CD78627} => C:\Program Files\COMODO\COMODO Internet Security\cfpconfg.exe [5758488 2021-01-22] (Comodo Security Solutions, Inc. -> COMODO)
Task: {844104D4-362B-4CEA-9F50-C59A6A9C2847} - System32\Tasks\Lenovo\Vantage\Schedule\GenericMessagingAddin => C:\Program Files (x86)\Lenovo\VantageService\3.11.20.0\ScheduleEventAction.exe [25344 2022-01-20] (Lenovo -> Lenovo Group Ltd.)
Task: {8E19075A-B1E7-485C-A73E-8CB216E5C853} - System32\Tasks\App Explorer => C:\Users\Lenovo\AppData\Local\Host App Service\Engine\HostAppServiceUpdater.exe [7822896 2021-12-16] (SweetLabs Inc. -> SweetLabs, Inc) <==== ATTENTION
Task: {8F876B15-5866-468C-8C97-CA4A295AAAB3} - System32\Tasks\COMODO\COMODO Telemetry {18AD3DFA-30C0-4B5F-84F7-F1870B1A4921} => C:\Program Files\COMODO\COMODO Internet Security\cis.exe [13190952 2021-01-22] (Comodo Security Solutions, Inc. -> COMODO)
Task: {972F90C9-6098-43C3-AF93-4F3D63A46AF0} - System32\Tasks\OneDrive Standalone Update Task v2 => C:\Users\Lenovo\AppData\Local\Microsoft\OneDrive\OneDriveStandaloneUpdater.exe (No File)
Task: {A1CD62C0-D7F1-4116-B3DF-B432C180663E} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [153168 2019-07-23] (Google Inc -> Google Inc.)
Task: {ADDAFFD8-20F3-44FF-8C54-34B817970541} - System32\Tasks\Lenovo\ImController\Plugins\LenovoSystemUpdatePlugin_WeeklyTask => %windir%\System32\reg.exe add hklm\SOFTWARE\Lenovo\SystemUpdatePlugin\scheduler /v start /t reg_dword /d 1 /f /reg:32
Task: {C9CA0739-37C4-4433-80B7-E5F5A49AF8E4} - System32\Tasks\LenovoUtility Startup => C:\Windows\explorer.exe lenovo-utility://
Task: {CB71071C-F909-445F-952A-2E96D20DE349} - System32\Tasks\Lenovo\ImController\Lenovo iM Controller Monitor => C:\WINDOWS\system32\ImController.InfInstaller.exe [64256 2022-01-28] (Lenovo -> Lenovo Group Ltd.)
Task: {D6025930-4798-4DC9-8432-9484957DB381} - System32\Tasks\Adobe Acrobat Update Task => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [1195544 2018-12-16] (Adobe Systems, Incorporated -> Adobe Systems Incorporated)
Task: {D877BFE3-ECEF-49F4-B2D9-26AE4C429B8A} - System32\Tasks\Lenovo\ImController\TimeBasedEvents\bbcf6eea-6ca0-42ae-a097-4e5a3b0c279b => C:\WINDOWS\Lenovo\ImController\Service\Lenovo.Modern.ImController.exe [84240 2022-01-28] (Lenovo -> Lenovo Group Ltd.)
Task: {D89FBD80-4334-4CF6-A046-FBF89A283AE8} - System32\Tasks\COMODO\COMODO Update {A6D52E4F-569B-4756-B3D8-DF217313DA85} => C:\Program Files\COMODO\COMODO Internet Security\cfpconfg.exe [5758488 2021-01-22] (Comodo Security Solutions, Inc. -> COMODO)
Task: {DBEDB171-1377-4C0B-9F96-39DEA789A778} - System32\Tasks\Lenovo\Vantage\Lenovo.Vantage.ServiceMaintainance => %systemroot%\system32\sc.exe start LenovoVantageService
Task: {E09A3729-0A18-4415-B93A-D919D162DC15} - System32\Tasks\Lenovo\Vantage\Schedule\VantageTelemetryAddinTask => C:\Program Files (x86)\Lenovo\VantageService\3.6.15.0\ScheduleEventAction.exe VantageTelemetryAddinTask (No File)
Task: {E779D963-2B90-45FB-AEC5-26968FF70CD6} - System32\Tasks\Lenovo\BatteryGauge\BatteryGaugeMaintenance => C:\ProgramData\Lenovo\ImController\Plugins\LenovoBatteryGaugePackage\x64\BGHelper.exe [145480 2021-09-09] (Lenovo -> Lenovo Group Ltd.)
Task: {EECF4CB1-A634-45E4-AB6C-19B6FA15FE2B} - System32\Tasks\COMODO\COMODO Scan {F140D794-60B6-4F00-9235-D6457AA25B22} => C:\Program Files\COMODO\COMODO Internet Security\cfpconfg.exe [5758488 2021-01-22] (Comodo Security Solutions, Inc. -> COMODO)
Task: {F83E1C0B-D142-42CC-B834-A6BBE71F43B2} - System32\Tasks\Lenovo\ImController\TimeBasedEvents\14ba12a5-20c6-4c5c-a1bd-a27666da6e33 => C:\WINDOWS\Lenovo\ImController\Service\Lenovo.Modern.ImController.exe [84240 2022-01-28] (Lenovo -> Lenovo Group Ltd.)
(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)
Task: C:\WINDOWS\Tasks\CreateExplorerShellUnelevatedTask.job => C:\WINDOWS\explorer.exe
==================== Internet (Whitelisted) ====================
(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
Tcpip\Parameters: [DhcpNameServer] 192.168.254.254
Tcpip\..\Interfaces\{8af583ae-4539-4038-ad1b-c17fa9aa29e6}: [NameServer] 156.154.70.22,156.154.71.22
Tcpip\..\Interfaces\{8af583ae-4539-4038-ad1b-c17fa9aa29e6}: [DhcpNameServer] 192.168.1.1
Tcpip\..\Interfaces\{e5a347ad-e481-44b2-a05d-c0a422217d96}: [DhcpNameServer] 192.168.254.254
Edge:
=======
Edge Extension: (No Name) -> AutoFormFill_5ED10D46BD7E47DEB1F3685D2C0FCE08 => C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\Assets\HostExtensions\AutoFormFill [not found]
Edge Extension: (No Name) -> BookReader_B171F20233094AC88D05A8EF7B9763E8 => C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\Assets\BookViewer [not found]
Edge Extension: (No Name) -> LearningTools_7706F933-971C-41D1-9899-8A026EB5D824 => C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\Assets\HostExtensions\LearningTools [not found]
Edge Extension: (No Name) -> PinJSAPI_EC01B57063BE468FAB6DB7EBFC3BF368 => C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\Assets\HostExtensions\PinJSAPI [not found]
Edge DefaultProfile: Profile 1
Edge Profile: C:\Users\Lenovo\AppData\Local\Microsoft\Edge\User Data\Profile 1 [2022-03-03]
Edge Profile: C:\Users\Lenovo\AppData\Local\Microsoft\Edge\User Data\Profile 2 [2021-09-25]
Edge Profile: C:\Users\Lenovo\AppData\Local\Microsoft\Edge\User Data\Profile 3 [2021-09-25]
FireFox:
========
FF Plugin: @videolan.org/vlc,version=3.0.6 -> C:\Program Files\VideoLAN\VLC\npvlc.dll [2019-01-10] (VideoLAN -> VideoLAN)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AIR\nppdf32.dll [2019-02-19] (Adobe Systems, Incorporated -> Adobe Systems Inc.)
Chrome:
=======
CHR DefaultProfile: Guest Profile
CHR Profile: C:\Users\Lenovo\AppData\Local\Google\Chrome\User Data\Guest Profile [2022-03-28]
CHR Profile: C:\Users\Lenovo\AppData\Local\Google\Chrome\User Data\Profile 2 [2022-03-25]
CHR Notifications: Profile 2 -> hxxps://meet.google.com
CHR Extension: (Slides) - C:\Users\Lenovo\AppData\Local\Google\Chrome\User Data\Profile 2\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2021-08-08]
CHR Extension: (Docs) - C:\Users\Lenovo\AppData\Local\Google\Chrome\User Data\Profile 2\Extensions\aohghmighlieiainnegkcijnfilokake [2021-08-08]
CHR Extension: (Google Drive) - C:\Users\Lenovo\AppData\Local\Google\Chrome\User Data\Profile 2\Extensions\apdfllckaahabafndbhieahigkjlhalf [2021-08-08]
CHR Extension: (YouTube) - C:\Users\Lenovo\AppData\Local\Google\Chrome\User Data\Profile 2\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2021-08-08]
CHR Extension: (Avira Password Manager) - C:\Users\Lenovo\AppData\Local\Google\Chrome\User Data\Profile 2\Extensions\caljgklbbfbcjjanaijlacgncafpegll [2022-03-25]
CHR Extension: (Avira Safe Shopping) - C:\Users\Lenovo\AppData\Local\Google\Chrome\User Data\Profile 2\Extensions\ccbpbkebodcjkknkfkpmfeciinhidaeh [2022-03-25]
CHR Extension: (Sheets) - C:\Users\Lenovo\AppData\Local\Google\Chrome\User Data\Profile 2\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2021-08-08]
CHR Extension: (Google Docs Offline) - C:\Users\Lenovo\AppData\Local\Google\Chrome\User Data\Profile 2\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2022-03-25]
CHR Extension: (Chrome Web Store Payments) - C:\Users\Lenovo\AppData\Local\Google\Chrome\User Data\Profile 2\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2021-08-08]
CHR Extension: (Gmail) - C:\Users\Lenovo\AppData\Local\Google\Chrome\User Data\Profile 2\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2021-08-08]
CHR Profile: C:\Users\Lenovo\AppData\Local\Google\Chrome\User Data\Profile 3 [2022-03-24]
CHR Extension: (Slides) - C:\Users\Lenovo\AppData\Local\Google\Chrome\User Data\Profile 3\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2021-09-21]
CHR Extension: (Docs) - C:\Users\Lenovo\AppData\Local\Google\Chrome\User Data\Profile 3\Extensions\aohghmighlieiainnegkcijnfilokake [2021-09-21]
CHR Extension: (Google Drive) - C:\Users\Lenovo\AppData\Local\Google\Chrome\User Data\Profile 3\Extensions\apdfllckaahabafndbhieahigkjlhalf [2021-09-21]
CHR Extension: (YouTube) - C:\Users\Lenovo\AppData\Local\Google\Chrome\User Data\Profile 3\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2021-09-21]
CHR Extension: (Avira Password Manager) - C:\Users\Lenovo\AppData\Local\Google\Chrome\User Data\Profile 3\Extensions\caljgklbbfbcjjanaijlacgncafpegll [2022-03-15]
CHR Extension: (Avira Safe Shopping) - C:\Users\Lenovo\AppData\Local\Google\Chrome\User Data\Profile 3\Extensions\ccbpbkebodcjkknkfkpmfeciinhidaeh [2022-03-15]
CHR Extension: (Sheets) - C:\Users\Lenovo\AppData\Local\Google\Chrome\User Data\Profile 3\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2021-09-21]
CHR Extension: (Google Docs Offline) - C:\Users\Lenovo\AppData\Local\Google\Chrome\User Data\Profile 3\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2022-03-15]
CHR Extension: (Chrome Web Store Payments) - C:\Users\Lenovo\AppData\Local\Google\Chrome\User Data\Profile 3\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2021-09-21]
CHR Extension: (Gmail) - C:\Users\Lenovo\AppData\Local\Google\Chrome\User Data\Profile 3\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2021-09-21]
CHR Profile: C:\Users\Lenovo\AppData\Local\Google\Chrome\User Data\Profile 4 [2022-01-17]
CHR Extension: (Slides) - C:\Users\Lenovo\AppData\Local\Google\Chrome\User Data\Profile 4\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2021-12-27]
CHR Extension: (Docs) - C:\Users\Lenovo\AppData\Local\Google\Chrome\User Data\Profile 4\Extensions\aohghmighlieiainnegkcijnfilokake [2021-12-27]
CHR Extension: (Google Drive) - C:\Users\Lenovo\AppData\Local\Google\Chrome\User Data\Profile 4\Extensions\apdfllckaahabafndbhieahigkjlhalf [2021-12-27]
CHR Extension: (YouTube) - C:\Users\Lenovo\AppData\Local\Google\Chrome\User Data\Profile 4\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2021-12-27]
CHR Extension: (Sheets) - C:\Users\Lenovo\AppData\Local\Google\Chrome\User Data\Profile 4\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2021-12-27]
CHR Extension: (Google Docs Offline) - C:\Users\Lenovo\AppData\Local\Google\Chrome\User Data\Profile 4\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2021-12-27]
CHR Extension: (Chrome Web Store Payments) - C:\Users\Lenovo\AppData\Local\Google\Chrome\User Data\Profile 4\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2021-12-27]
CHR Extension: (Gmail) - C:\Users\Lenovo\AppData\Local\Google\Chrome\User Data\Profile 4\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2021-12-27]
CHR Profile: C:\Users\Lenovo\AppData\Local\Google\Chrome\User Data\System Profile [2022-03-28]
CHR HKLM\...\Chrome\Extension: [caljgklbbfbcjjanaijlacgncafpegll]
CHR HKLM\...\Chrome\Extension: [ccbpbkebodcjkknkfkpmfeciinhidaeh]
CHR HKLM-x32\...\Chrome\Extension: [caljgklbbfbcjjanaijlacgncafpegll]
CHR HKLM-x32\...\Chrome\Extension: [ccbpbkebodcjkknkfkpmfeciinhidaeh]
==================== Services (Whitelisted) ===================
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
S2 AdobeARMservice; C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe [83984 2018-12-16] (Adobe Systems, Incorporated -> Adobe Systems Incorporated)
S2 CmdAgent; C:\Program Files\COMODO\COMODO Internet Security\cmdagent.exe [11334144 2021-01-22] (Comodo Security Solutions, Inc. -> COMODO)
S2 CmdAgentProt; C:\Program Files\COMODO\COMODO Internet Security\cmdagent.exe [11334144 2021-01-22] (Comodo Security Solutions, Inc. -> COMODO)
S3 cmdvirth; C:\Program Files\COMODO\COMODO Internet Security\cmdvirth.exe [2675504 2021-01-22] (Comodo Security Solutions, Inc. -> COMODO)
S2 DolbyDAXAPI; C:\WINDOWS\system32\dolbyaposvc\DAX3API.exe [1926600 2019-09-02] (Dolby Laboratories, Inc. -> )
S2 FMAPOService; C:\WINDOWS\System32\FMService64.exe [359808 2019-08-16] (Microsoft Windows Hardware Compatibility Publisher -> Fortemedia)
S2 ImControllerService; C:\WINDOWS\Lenovo\ImController\Service\Lenovo.Modern.ImController.exe [84240 2022-01-28] (Lenovo -> Lenovo Group Ltd.)
S2 LenovoVantageService; C:\Program Files (x86)\Lenovo\VantageService\3.11.20.0\LenovoVantageService.exe [28928 2022-01-20] (Lenovo -> Lenovo Group Ltd.)
S3 WdNisSvc; C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.2202.4-0\NisSrv.exe [3046608 2022-03-15] (Microsoft Windows Publisher -> Microsoft Corporation)
S3 WinDefend; C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.2202.4-0\MsMpEng.exe [132504 2022-03-15] (Microsoft Windows Publisher -> Microsoft Corporation)
===================== Drivers (Whitelisted) ===================
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
S0 cmdboot; C:\WINDOWS\System32\DRIVERS\cmdboot.sys [17576 2019-10-22] (Microsoft Windows Early Launch Anti-malware Publisher -> COMODO)
R1 cmderd; C:\WINDOWS\System32\DRIVERS\cmderd.sys [38880 2021-01-22] (Comodo Security Solutions, Inc. -> COMODO)
S1 cmdGuard; C:\WINDOWS\System32\DRIVERS\cmdguard.sys [844000 2021-01-22] (Comodo Security Solutions, Inc. -> COMODO)
R1 cmdhlp; C:\WINDOWS\system32\DRIVERS\cmdhlp.sys [47104 2021-01-22] (Comodo Security Solutions, Inc. -> COMODO)
R1 inspect; C:\WINDOWS\system32\DRIVERS\inspect.sys [130256 2021-01-22] (Comodo Security Solutions, Inc. -> COMODO)
S3 ssudmdm; C:\WINDOWS\system32\DRIVERS\ssudmdm.sys [166752 2019-07-09] (Samsung Electronics Co., Ltd. -> Samsung Electronics Co., Ltd.)
S3 tap0901; C:\WINDOWS\System32\drivers\tap0901.sys [27136 2016-04-21] (OpenVPN Technologies, Inc. -> The OpenVPN Project)
S3 WdBoot; C:\WINDOWS\system32\drivers\wd\WdBoot.sys [49600 2022-03-15] (Microsoft Windows Early Launch Anti-malware Publisher -> Microsoft Corporation)
S3 WdFilter; C:\WINDOWS\system32\drivers\wd\WdFilter.sys [439544 2022-03-15] (Microsoft Windows -> Microsoft Corporation)
S3 WdNisDrv; C:\WINDOWS\System32\drivers\wd\WdNisDrv.sys [90360 2022-03-15] (Microsoft Windows -> Microsoft Corporation)
==================== NetSvcs (Whitelisted) ===================
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
==================== One month (created) (Whitelisted) =========
(If an entry is included in the fixlist, the file/folder will be moved.)
2022-03-28 14:59 - 2022-03-28 15:32 - 000000000 ____D C:\FRST
2022-03-28 14:58 - 2022-03-28 14:58 - 000000214 _____ C:\WINDOWS\Tasks\CreateExplorerShellUnelevatedTask.job
2022-03-28 14:56 - 2022-03-28 14:56 - 000000000 ____D C:\WINDOWS\pss
2022-03-28 14:46 - 2022-03-28 14:46 - 000000000 ___HD C:\$WinREAgent
2022-03-28 14:42 - 2022-03-28 14:42 - 000000000 ____D C:\WINDOWS\Panther
2022-03-28 13:40 - 2022-03-28 14:31 - 000010570 _____ C:\WINDOWS\system32\Drivers\fvstore.dat
2022-03-28 13:40 - 2022-03-28 13:40 - 000000000 ___HD C:\VTRoot
2022-03-28 13:22 - 2022-03-28 13:22 - 000002145 _____ C:\Users\Public\Desktop\COMODO Internet Security Premium.lnk
2022-03-28 13:22 - 2022-03-28 13:22 - 000000000 ____D C:\WINDOWS\system32\Tasks\COMODO
2022-03-28 13:22 - 2022-03-28 13:22 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\COMODO
2022-03-28 13:21 - 2022-03-28 14:56 - 000692385 _____ C:\WINDOWS\system32\Drivers\sfi.dat
2022-03-28 13:21 - 2019-10-22 18:02 - 000017576 _____ (COMODO) C:\WINDOWS\system32\Drivers\cmdboot.sys
2022-03-28 13:20 - 2022-03-28 13:20 - 000000000 ____D C:\Program Files\COMODO
2022-03-28 13:18 - 2022-03-28 13:18 - 000000000 ____D C:\ProgramData\Shared Space
2022-03-28 13:18 - 2022-03-28 13:18 - 000000000 ____D C:\ProgramData\Comodo
2022-03-28 13:17 - 2022-03-28 13:17 - 071575144 _____ (COMODO) C:\Users\Lenovo\Downloads\cispremium_only_installer.exe
2022-03-28 13:15 - 2022-03-28 13:15 - 000000106 _____ C:\Users\Lenovo\Desktop\New Text Document.txt
2022-03-25 21:23 - 2022-03-25 21:24 - 000000000 ____D C:\Users\Lenovo\AppData\Local\Adobe
2022-03-25 21:23 - 2022-03-25 21:23 - 000000000 ____D C:\Users\Lenovo\AppData\Roaming\Adobe
2022-03-25 21:23 - 2022-03-25 21:23 - 000000000 ____D C:\Users\Lenovo\AppData\LocalLow\Adobe
2022-03-07 22:28 - 2022-03-07 22:28 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\7-Zip
2022-03-07 22:28 - 2022-03-07 22:28 - 000000000 ____D C:\Program Files\7-Zip
==================== One month (modified) ==================
(If an entry is included in the fixlist, the file/folder will be moved.)
2022-03-29 06:40 - 2019-12-07 17:13 - 000000000 ____D C:\WINDOWS\INF
2022-03-28 15:16 - 2021-03-26 00:40 - 000000000 ____D C:\Users\Lenovo
2022-03-28 14:58 - 2021-03-26 00:33 - 000008192 ___SH C:\DumpStack.log.tmp
2022-03-28 14:58 - 2019-12-07 17:14 - 000000000 ____D C:\WINDOWS\ServiceState
2022-03-28 14:57 - 2019-12-07 17:03 - 000786432 _____ C:\WINDOWS\system32\config\BBI
2022-03-28 14:56 - 2021-03-26 01:03 - 000000006 ____H C:\WINDOWS\Tasks\SA.DAT
2022-03-28 14:56 - 2019-12-07 17:14 - 000000000 ____D C:\ProgramData\regid.1991-06.com.microsoft
2022-03-28 14:46 - 2019-07-23 03:24 - 000000000 ____D C:\Program Files (x86)\Google
2022-03-28 14:43 - 2019-07-23 03:14 - 000000000 __SHD C:\Users\Lenovo\IntelGraphicsProfiles
2022-03-28 14:42 - 2021-03-26 00:33 - 000000000 ____D C:\WINDOWS\system32\SleepStudy
2022-03-28 14:42 - 2020-08-08 23:58 - 000000134 _____ C:\WINDOWS\system32\regtest.txt
2022-03-28 14:42 - 2018-12-08 01:28 - 000000000 ___HD C:\Intel
2022-03-28 14:41 - 2021-03-26 00:33 - 000440728 _____ C:\WINDOWS\system32\FNTCACHE.DAT
2022-03-28 13:59 - 2019-12-07 17:14 - 000000000 ___HD C:\Program Files\WindowsApps
2022-03-28 13:59 - 2019-12-07 17:14 - 000000000 ____D C:\WINDOWS\AppReadiness
2022-03-28 13:51 - 2021-03-26 01:03 - 000004562 _____ C:\WINDOWS\system32\Tasks\Adobe Acrobat Update Task
2022-03-28 13:24 - 2020-06-03 16:04 - 000002445 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Edge.lnk
2022-03-28 13:24 - 2020-06-03 16:04 - 000002283 _____ C:\Users\Public\Desktop\Microsoft Edge.lnk
2022-03-28 13:23 - 2019-07-23 03:31 - 000000000 ____D C:\Users\Lenovo\AppData\Local\D3DSCache
2022-03-28 13:21 - 2019-12-07 17:14 - 000000000 ___HD C:\WINDOWS\ELAMBKUP
2022-03-28 13:14 - 2019-07-23 03:14 - 000000000 ____D C:\Users\Lenovo\AppData\Local\Host App Service
2022-03-28 13:07 - 2019-07-23 03:25 - 000002308 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk
2022-03-28 13:07 - 2019-07-23 03:25 - 000002267 _____ C:\Users\Public\Desktop\Google Chrome.lnk
2022-03-28 13:03 - 2021-03-26 00:51 - 000795738 _____ C:\WINDOWS\system32\PerfStringBackup.INI
2022-03-25 23:10 - 2019-07-23 03:19 - 000000000 __RDL C:\Users\Lenovo\OneDrive
2022-03-25 23:08 - 2019-12-07 17:03 - 000000000 ____D C:\WINDOWS\CbsTemp
2022-03-25 21:32 - 2019-07-23 03:27 - 000002457 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Acrobat Reader DC.lnk
2022-03-25 21:22 - 2020-01-14 22:24 - 000000000 ____D C:\Users\Lenovo\AppData\Local\GrammarlyForWindows
2022-03-15 16:02 - 2021-11-11 09:18 - 000001592 _____ C:\WINDOWS\storelibdebug.txt
2022-03-15 13:53 - 2020-10-02 01:49 - 000000000 ____D C:\Program Files\Microsoft Update Health Tools
2022-03-15 13:52 - 2019-08-06 23:48 - 000000000 ____D C:\WINDOWS\system32\MRT
2022-03-15 13:48 - 2018-04-18 03:02 - 000000000 ____D C:\WINDOWS\system32\Drivers\wd
2022-03-11 22:27 - 2019-08-06 23:48 - 145666720 ____C (Microsoft Corporation) C:\WINDOWS\system32\MRT.exe
2022-03-10 12:40 - 2021-04-26 20:09 - 000003386 _____ C:\WINDOWS\system32\Tasks\MicrosoftEdgeUpdateTaskMachineCore1d72196a2e30599
2022-03-10 12:40 - 2021-03-26 01:03 - 000003480 _____ C:\WINDOWS\system32\Tasks\MicrosoftEdgeUpdateTaskMachineUA
2022-03-09 16:52 - 2019-07-23 03:14 - 000000000 ____D C:\Users\Lenovo\AppData\Local\Packages
2022-03-07 23:09 - 2019-07-23 03:22 - 000000000 ____D C:\Program Files\WinRAR
2022-03-07 22:46 - 2021-04-23 21:25 - 000000000 ____D C:\Users\Lenovo\AppData\LocalLow\Temp
2022-03-03 12:40 - 2019-07-25 22:07 - 000000000 ____D C:\Program Files\CUAssistant
==================== SigCheck ============================
(There is no automatic fix for files that do not pass verification.)
safeboot: Network => The system is configured to boot to Safe Mode <==== ATTENTION
==================== BCD ================================
Firmware Boot Manager
---------------------
identifier {fwbootmgr}
displayorder {bootmgr}
{f29fb2c7-fa45-11e8-86b9-806e6f6e6963}
{f29fb2c9-fa45-11e8-86b9-806e6f6e6963}
{f29fb2ca-fa45-11e8-86b9-806e6f6e6963}
timeout 0
Windows Boot Manager
--------------------
identifier {bootmgr}
device partition=\Device\HarddiskVolume1
path \EFI\Microsoft\Boot\bootmgfw.efi
description Windows Boot Manager
locale en-US
inherit {globalsettings}
default {current}
resumeobject {d6b6f6b6-8e0d-11eb-b7f5-9ce6f921bac2}
displayorder {current}
toolsdisplayorder {memdiag}
timeout 0
Firmware Application (101fffff)
-------------------------------
identifier {f29fb2c7-fa45-11e8-86b9-806e6f6e6963}
description EFI USB Device
Firmware Application (101fffff)
-------------------------------
identifier {f29fb2c9-fa45-11e8-86b9-806e6f6e6963}
description EFI DVD/CDROM
Firmware Application (101fffff)
-------------------------------
identifier {f29fb2ca-fa45-11e8-86b9-806e6f6e6963}
description EFI Network
Windows Boot Loader
-------------------
identifier {current}
device partition=C:
path \WINDOWS\system32\winload.efi
description Windows 10
locale en-US
inherit {bootloadersettings}
recoverysequence {d6b6f6b8-8e0d-11eb-b7f5-9ce6f921bac2}
displaymessageoverride Recovery
recoveryenabled Yes
isolatedcontext Yes
allowedinmemorysettings 0x15000075
osdevice partition=C:
systemroot \WINDOWS
resumeobject {d6b6f6b6-8e0d-11eb-b7f5-9ce6f921bac2}
nx OptIn
safeboot Network
bootmenupolicy Standard
Windows Boot Loader
-------------------
identifier {d6b6f6b8-8e0d-11eb-b7f5-9ce6f921bac2}
device ramdisk=[\Device\HarddiskVolume5]\Recovery\WindowsRE\Winre.wim,{d6b6f6b9-8e0d-11eb-b7f5-9ce6f921bac2}
path \windows\system32\winload.efi
description Windows Recovery Environment
locale en-US
inherit {bootloadersettings}
displaymessage Recovery
osdevice ramdisk=[\Device\HarddiskVolume5]\Recovery\WindowsRE\Winre.wim,{d6b6f6b9-8e0d-11eb-b7f5-9ce6f921bac2}
systemroot \windows
nx OptIn
bootmenupolicy Standard
winpe Yes
Resume from Hibernate
---------------------
identifier {d6b6f6b6-8e0d-11eb-b7f5-9ce6f921bac2}
device partition=C:
path \WINDOWS\system32\winresume.efi
description Windows Resume Application
locale en-US
inherit {resumeloadersettings}
recoverysequence {d6b6f6b8-8e0d-11eb-b7f5-9ce6f921bac2}
recoveryenabled Yes
isolatedcontext Yes
allowedinmemorysettings 0x15000075
filedevice partition=C:
filepath \hiberfil.sys
bootmenupolicy Standard
debugoptionenabled No
Windows Memory Tester
---------------------
identifier {memdiag}
device partition=\Device\HarddiskVolume1
path \EFI\Microsoft\Boot\memtest.efi
description Windows Memory Diagnostic
locale en-US
inherit {globalsettings}
badmemoryaccess Yes
EMS Settings
------------
identifier {emssettings}
bootems No
Debugger Settings
-----------------
identifier {dbgsettings}
debugtype Local
RAM Defects
-----------
identifier {badmemory}
Global Settings
---------------
identifier {globalsettings}
inherit {dbgsettings}
{emssettings}
{badmemory}
Boot Loader Settings
--------------------
identifier {bootloadersettings}
inherit {globalsettings}
{hypervisorsettings}
Hypervisor Settings
-------------------
identifier {hypervisorsettings}
hypervisordebugtype Serial
hypervisordebugport 1
hypervisorbaudrate 115200
Resume Loader Settings
----------------------
identifier {resumeloadersettings}
inherit {globalsettings}
Device options
--------------
identifier {d6b6f6b9-8e0d-11eb-b7f5-9ce6f921bac2}
description Windows Recovery
ramdisksdidevice partition=\Device\HarddiskVolume5
ramdisksdipath \Recovery\WindowsRE\boot.sdi
==================== End of FRST.txt ========================
seems that my system is infected with malware or so. It is very very slow. Only in safe mode it is workable. Who can help me to clean my system ?
These steps have been taken so far:
1. installed comodo vriusscanner and scanned the system . . . no viruses found so far.
2. downloaded FRST64.exe from https://www.bleepingcomputer.com and tried to run it, but every time when starting the application, it says it cannot update and closes. So booted the system into safe mode (with network connection).
Hereby the results of FRST.TXT and ADDITIONAL.TXT. Please advise into the next steps.
Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 25-03-2022
Ran by Lenovo (administrator) on LAPTOP-4GMS9R3D (LENOVO 81D0) (28-03-2022 15:32:15)
Running from E:\
Loaded Profiles: Lenovo
Platform: Microsoft Windows 10 Home Single Language Version 21H2 19044.1466 (X64) Language: English (United States)
Default browser: Chrome
Boot Mode: Safe Mode (with Networking)
==================== Processes (Whitelisted) =================
(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
(svchost.exe ->) (Microsoft Windows -> Microsoft Corporation) C:\Windows\HelpPane.exe
(svchost.exe ->) (Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\dllhost.exe <2>
(svchost.exe ->) (Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\smartscreen.exe
==================== Registry (Whitelisted) ===================
(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
HKLM\...\Run: [RtkAudUService] => C:\WINDOWS\System32\RtkAudUService64.exe [971256 2019-09-11] (Realtek Semiconductor Corp. -> Realtek Semiconductor)
HKLM\...\Run: [COMODO Autostart {D5EFF3B3-E126-4AF6-BCE9-852A72129E10}] => C:\Program Files\COMODO\COMODO Internet Security\cis.exe [13190952 2021-01-22] (Comodo Security Solutions, Inc. -> COMODO)
HKU\S-1-5-21-2575895730-1785380193-1639384506-1001\...\Run: [com.squirrel.Teams.Teams] => C:\Users\Lenovo\AppData\Local\Microsoft\Teams\Update.exe [2454184 2021-06-16] (Microsoft 3rd Party Application Component -> Microsoft Corporation)
HKLM\Software\Microsoft\Active Setup\Installed Components: [OpenVPN_UserSetup] -> reg delete HKCU\Software\Microsoft\Windows\CurrentVersion\Run /v OPENVPN-GUI /f
HKLM\Software\Microsoft\Active Setup\Installed Components: [{8A69D345-D564-463c-AFF1-A69D9E530F96}] -> C:\Program Files (x86)\Google\Chrome\Application\99.0.4844.84\Installer\chrmstp.exe [2022-03-28] (Google LLC -> Google LLC)
==================== Scheduled Tasks (Whitelisted) ============
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
Task: {02F94DC9-3E6B-483A-A018-06D84BE395E2} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [153168 2019-07-23] (Google Inc -> Google Inc.)
Task: {06FD82B6-07C8-4CD6-B2D8-02891D1EBD01} - System32\Tasks\Lenovo\Vantage\Schedule\LenovoSystemUpdateAddin_WeeklyTask => C:\Program Files (x86)\Lenovo\VantageService\3.11.20.0\ScheduleEventAction.exe [25344 2022-01-20] (Lenovo -> Lenovo Group Ltd.)
Task: {204357E3-EB3C-4295-8FD4-54DFDBCDF2D4} - System32\Tasks\COMODO\COMODO Signature Update {B9D5C6F9-17D2-4917-8BD0-614BAA1C6A59} => C:\Program Files\COMODO\COMODO Internet Security\cfpconfg.exe [5758488 2021-01-22] (Comodo Security Solutions, Inc. -> COMODO)
Task: {2A84A84B-446D-43C4-90F0-CC612078C2E6} - System32\Tasks\Lenovo\ImController\Lenovo iM Controller Scheduled Maintenance => "%windir%\system32\sc.exe" START ImControllerService
Task: {2F6A6360-9BA5-4A10-B8FE-7205706B92DB} - System32\Tasks\Lenovo\Vantage\Schedule\DailyTelemetryTransmission => C:\Program Files (x86)\Lenovo\VantageService\3.11.20.0\ScheduleEventAction.exe [25344 2022-01-20] (Lenovo -> Lenovo Group Ltd.)
Task: {3129D7A2-A22B-4CE1-A1D6-4F7BFEA573E7} - System32\Tasks\COMODO\COMODO Autostart {D5EFF3B3-E126-4AF6-BCE9-852A72129E10} => C:\Program Files\COMODO\COMODO Internet Security\cis.exe [13190952 2021-01-22] (Comodo Security Solutions, Inc. -> COMODO)
Task: {4CCACE4E-8049-4531-8178-7912646FAA7F} - System32\Tasks\Lenovo\ImController\TimeBasedEvents\96535b3f-22b0-4bb4-a630-7b6b5c88e695 => C:\WINDOWS\Lenovo\ImController\Service\Lenovo.Modern.ImController.exe [84240 2022-01-28] (Lenovo -> Lenovo Group Ltd.)
Task: {5BB1BBE9-D2F6-444C-A380-903DE6827257} - System32\Tasks\Lenovo\ImController\TimeBasedEvents\6511f1db-e9d7-4e97-ba6f-ec5bbaeaaa66 => C:\WINDOWS\Lenovo\ImController\Service\Lenovo.Modern.ImController.exe [84240 2022-01-28] (Lenovo -> Lenovo Group Ltd.)
Task: {601CA010-32AA-4608-B14A-0461466A662E} - System32\Tasks\COMODO\COMODO Maintenance {947247B5-026A-4437-9371-770782BE839D} => C:\Program Files\COMODO\COMODO Internet Security\cfpconfg.exe [5758488 2021-01-22] (Comodo Security Solutions, Inc. -> COMODO)
Task: {6791C349-2115-42DF-9126-41E294524941} - System32\Tasks\Lenovo\Vantage\Schedule\HeartbeatAddinDailyScheduleTask => C:\Program Files (x86)\Lenovo\VantageService\3.11.20.0\ScheduleEventAction.exe [25344 2022-01-20] (Lenovo -> Lenovo Group Ltd.)
Task: {6DA40FBD-0F9A-468A-A312-9732B49F5DD6} - System32\Tasks\Lenovo\ImController\TimeBasedEvents\382a45ea-9a44-4b7f-ab0d-977f57d7bc9f => C:\WINDOWS\Lenovo\ImController\Service\Lenovo.Modern.ImController.exe [84240 2022-01-28] (Lenovo -> Lenovo Group Ltd.)
Task: {829F98B7-927B-4DF0-ADE2-F2D51122B597} - System32\Tasks\COMODO\COMODO CMC {06A09C0F-DD9C-4191-A670-71115CD78627} => C:\Program Files\COMODO\COMODO Internet Security\cfpconfg.exe [5758488 2021-01-22] (Comodo Security Solutions, Inc. -> COMODO)
Task: {844104D4-362B-4CEA-9F50-C59A6A9C2847} - System32\Tasks\Lenovo\Vantage\Schedule\GenericMessagingAddin => C:\Program Files (x86)\Lenovo\VantageService\3.11.20.0\ScheduleEventAction.exe [25344 2022-01-20] (Lenovo -> Lenovo Group Ltd.)
Task: {8E19075A-B1E7-485C-A73E-8CB216E5C853} - System32\Tasks\App Explorer => C:\Users\Lenovo\AppData\Local\Host App Service\Engine\HostAppServiceUpdater.exe [7822896 2021-12-16] (SweetLabs Inc. -> SweetLabs, Inc) <==== ATTENTION
Task: {8F876B15-5866-468C-8C97-CA4A295AAAB3} - System32\Tasks\COMODO\COMODO Telemetry {18AD3DFA-30C0-4B5F-84F7-F1870B1A4921} => C:\Program Files\COMODO\COMODO Internet Security\cis.exe [13190952 2021-01-22] (Comodo Security Solutions, Inc. -> COMODO)
Task: {972F90C9-6098-43C3-AF93-4F3D63A46AF0} - System32\Tasks\OneDrive Standalone Update Task v2 => C:\Users\Lenovo\AppData\Local\Microsoft\OneDrive\OneDriveStandaloneUpdater.exe (No File)
Task: {A1CD62C0-D7F1-4116-B3DF-B432C180663E} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [153168 2019-07-23] (Google Inc -> Google Inc.)
Task: {ADDAFFD8-20F3-44FF-8C54-34B817970541} - System32\Tasks\Lenovo\ImController\Plugins\LenovoSystemUpdatePlugin_WeeklyTask => %windir%\System32\reg.exe add hklm\SOFTWARE\Lenovo\SystemUpdatePlugin\scheduler /v start /t reg_dword /d 1 /f /reg:32
Task: {C9CA0739-37C4-4433-80B7-E5F5A49AF8E4} - System32\Tasks\LenovoUtility Startup => C:\Windows\explorer.exe lenovo-utility://
Task: {CB71071C-F909-445F-952A-2E96D20DE349} - System32\Tasks\Lenovo\ImController\Lenovo iM Controller Monitor => C:\WINDOWS\system32\ImController.InfInstaller.exe [64256 2022-01-28] (Lenovo -> Lenovo Group Ltd.)
Task: {D6025930-4798-4DC9-8432-9484957DB381} - System32\Tasks\Adobe Acrobat Update Task => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [1195544 2018-12-16] (Adobe Systems, Incorporated -> Adobe Systems Incorporated)
Task: {D877BFE3-ECEF-49F4-B2D9-26AE4C429B8A} - System32\Tasks\Lenovo\ImController\TimeBasedEvents\bbcf6eea-6ca0-42ae-a097-4e5a3b0c279b => C:\WINDOWS\Lenovo\ImController\Service\Lenovo.Modern.ImController.exe [84240 2022-01-28] (Lenovo -> Lenovo Group Ltd.)
Task: {D89FBD80-4334-4CF6-A046-FBF89A283AE8} - System32\Tasks\COMODO\COMODO Update {A6D52E4F-569B-4756-B3D8-DF217313DA85} => C:\Program Files\COMODO\COMODO Internet Security\cfpconfg.exe [5758488 2021-01-22] (Comodo Security Solutions, Inc. -> COMODO)
Task: {DBEDB171-1377-4C0B-9F96-39DEA789A778} - System32\Tasks\Lenovo\Vantage\Lenovo.Vantage.ServiceMaintainance => %systemroot%\system32\sc.exe start LenovoVantageService
Task: {E09A3729-0A18-4415-B93A-D919D162DC15} - System32\Tasks\Lenovo\Vantage\Schedule\VantageTelemetryAddinTask => C:\Program Files (x86)\Lenovo\VantageService\3.6.15.0\ScheduleEventAction.exe VantageTelemetryAddinTask (No File)
Task: {E779D963-2B90-45FB-AEC5-26968FF70CD6} - System32\Tasks\Lenovo\BatteryGauge\BatteryGaugeMaintenance => C:\ProgramData\Lenovo\ImController\Plugins\LenovoBatteryGaugePackage\x64\BGHelper.exe [145480 2021-09-09] (Lenovo -> Lenovo Group Ltd.)
Task: {EECF4CB1-A634-45E4-AB6C-19B6FA15FE2B} - System32\Tasks\COMODO\COMODO Scan {F140D794-60B6-4F00-9235-D6457AA25B22} => C:\Program Files\COMODO\COMODO Internet Security\cfpconfg.exe [5758488 2021-01-22] (Comodo Security Solutions, Inc. -> COMODO)
Task: {F83E1C0B-D142-42CC-B834-A6BBE71F43B2} - System32\Tasks\Lenovo\ImController\TimeBasedEvents\14ba12a5-20c6-4c5c-a1bd-a27666da6e33 => C:\WINDOWS\Lenovo\ImController\Service\Lenovo.Modern.ImController.exe [84240 2022-01-28] (Lenovo -> Lenovo Group Ltd.)
(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)
Task: C:\WINDOWS\Tasks\CreateExplorerShellUnelevatedTask.job => C:\WINDOWS\explorer.exe
==================== Internet (Whitelisted) ====================
(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
Tcpip\Parameters: [DhcpNameServer] 192.168.254.254
Tcpip\..\Interfaces\{8af583ae-4539-4038-ad1b-c17fa9aa29e6}: [NameServer] 156.154.70.22,156.154.71.22
Tcpip\..\Interfaces\{8af583ae-4539-4038-ad1b-c17fa9aa29e6}: [DhcpNameServer] 192.168.1.1
Tcpip\..\Interfaces\{e5a347ad-e481-44b2-a05d-c0a422217d96}: [DhcpNameServer] 192.168.254.254
Edge:
=======
Edge Extension: (No Name) -> AutoFormFill_5ED10D46BD7E47DEB1F3685D2C0FCE08 => C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\Assets\HostExtensions\AutoFormFill [not found]
Edge Extension: (No Name) -> BookReader_B171F20233094AC88D05A8EF7B9763E8 => C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\Assets\BookViewer [not found]
Edge Extension: (No Name) -> LearningTools_7706F933-971C-41D1-9899-8A026EB5D824 => C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\Assets\HostExtensions\LearningTools [not found]
Edge Extension: (No Name) -> PinJSAPI_EC01B57063BE468FAB6DB7EBFC3BF368 => C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\Assets\HostExtensions\PinJSAPI [not found]
Edge DefaultProfile: Profile 1
Edge Profile: C:\Users\Lenovo\AppData\Local\Microsoft\Edge\User Data\Profile 1 [2022-03-03]
Edge Profile: C:\Users\Lenovo\AppData\Local\Microsoft\Edge\User Data\Profile 2 [2021-09-25]
Edge Profile: C:\Users\Lenovo\AppData\Local\Microsoft\Edge\User Data\Profile 3 [2021-09-25]
FireFox:
========
FF Plugin: @videolan.org/vlc,version=3.0.6 -> C:\Program Files\VideoLAN\VLC\npvlc.dll [2019-01-10] (VideoLAN -> VideoLAN)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AIR\nppdf32.dll [2019-02-19] (Adobe Systems, Incorporated -> Adobe Systems Inc.)
Chrome:
=======
CHR DefaultProfile: Guest Profile
CHR Profile: C:\Users\Lenovo\AppData\Local\Google\Chrome\User Data\Guest Profile [2022-03-28]
CHR Profile: C:\Users\Lenovo\AppData\Local\Google\Chrome\User Data\Profile 2 [2022-03-25]
CHR Notifications: Profile 2 -> hxxps://meet.google.com
CHR Extension: (Slides) - C:\Users\Lenovo\AppData\Local\Google\Chrome\User Data\Profile 2\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2021-08-08]
CHR Extension: (Docs) - C:\Users\Lenovo\AppData\Local\Google\Chrome\User Data\Profile 2\Extensions\aohghmighlieiainnegkcijnfilokake [2021-08-08]
CHR Extension: (Google Drive) - C:\Users\Lenovo\AppData\Local\Google\Chrome\User Data\Profile 2\Extensions\apdfllckaahabafndbhieahigkjlhalf [2021-08-08]
CHR Extension: (YouTube) - C:\Users\Lenovo\AppData\Local\Google\Chrome\User Data\Profile 2\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2021-08-08]
CHR Extension: (Avira Password Manager) - C:\Users\Lenovo\AppData\Local\Google\Chrome\User Data\Profile 2\Extensions\caljgklbbfbcjjanaijlacgncafpegll [2022-03-25]
CHR Extension: (Avira Safe Shopping) - C:\Users\Lenovo\AppData\Local\Google\Chrome\User Data\Profile 2\Extensions\ccbpbkebodcjkknkfkpmfeciinhidaeh [2022-03-25]
CHR Extension: (Sheets) - C:\Users\Lenovo\AppData\Local\Google\Chrome\User Data\Profile 2\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2021-08-08]
CHR Extension: (Google Docs Offline) - C:\Users\Lenovo\AppData\Local\Google\Chrome\User Data\Profile 2\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2022-03-25]
CHR Extension: (Chrome Web Store Payments) - C:\Users\Lenovo\AppData\Local\Google\Chrome\User Data\Profile 2\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2021-08-08]
CHR Extension: (Gmail) - C:\Users\Lenovo\AppData\Local\Google\Chrome\User Data\Profile 2\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2021-08-08]
CHR Profile: C:\Users\Lenovo\AppData\Local\Google\Chrome\User Data\Profile 3 [2022-03-24]
CHR Extension: (Slides) - C:\Users\Lenovo\AppData\Local\Google\Chrome\User Data\Profile 3\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2021-09-21]
CHR Extension: (Docs) - C:\Users\Lenovo\AppData\Local\Google\Chrome\User Data\Profile 3\Extensions\aohghmighlieiainnegkcijnfilokake [2021-09-21]
CHR Extension: (Google Drive) - C:\Users\Lenovo\AppData\Local\Google\Chrome\User Data\Profile 3\Extensions\apdfllckaahabafndbhieahigkjlhalf [2021-09-21]
CHR Extension: (YouTube) - C:\Users\Lenovo\AppData\Local\Google\Chrome\User Data\Profile 3\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2021-09-21]
CHR Extension: (Avira Password Manager) - C:\Users\Lenovo\AppData\Local\Google\Chrome\User Data\Profile 3\Extensions\caljgklbbfbcjjanaijlacgncafpegll [2022-03-15]
CHR Extension: (Avira Safe Shopping) - C:\Users\Lenovo\AppData\Local\Google\Chrome\User Data\Profile 3\Extensions\ccbpbkebodcjkknkfkpmfeciinhidaeh [2022-03-15]
CHR Extension: (Sheets) - C:\Users\Lenovo\AppData\Local\Google\Chrome\User Data\Profile 3\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2021-09-21]
CHR Extension: (Google Docs Offline) - C:\Users\Lenovo\AppData\Local\Google\Chrome\User Data\Profile 3\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2022-03-15]
CHR Extension: (Chrome Web Store Payments) - C:\Users\Lenovo\AppData\Local\Google\Chrome\User Data\Profile 3\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2021-09-21]
CHR Extension: (Gmail) - C:\Users\Lenovo\AppData\Local\Google\Chrome\User Data\Profile 3\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2021-09-21]
CHR Profile: C:\Users\Lenovo\AppData\Local\Google\Chrome\User Data\Profile 4 [2022-01-17]
CHR Extension: (Slides) - C:\Users\Lenovo\AppData\Local\Google\Chrome\User Data\Profile 4\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2021-12-27]
CHR Extension: (Docs) - C:\Users\Lenovo\AppData\Local\Google\Chrome\User Data\Profile 4\Extensions\aohghmighlieiainnegkcijnfilokake [2021-12-27]
CHR Extension: (Google Drive) - C:\Users\Lenovo\AppData\Local\Google\Chrome\User Data\Profile 4\Extensions\apdfllckaahabafndbhieahigkjlhalf [2021-12-27]
CHR Extension: (YouTube) - C:\Users\Lenovo\AppData\Local\Google\Chrome\User Data\Profile 4\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2021-12-27]
CHR Extension: (Sheets) - C:\Users\Lenovo\AppData\Local\Google\Chrome\User Data\Profile 4\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2021-12-27]
CHR Extension: (Google Docs Offline) - C:\Users\Lenovo\AppData\Local\Google\Chrome\User Data\Profile 4\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2021-12-27]
CHR Extension: (Chrome Web Store Payments) - C:\Users\Lenovo\AppData\Local\Google\Chrome\User Data\Profile 4\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2021-12-27]
CHR Extension: (Gmail) - C:\Users\Lenovo\AppData\Local\Google\Chrome\User Data\Profile 4\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2021-12-27]
CHR Profile: C:\Users\Lenovo\AppData\Local\Google\Chrome\User Data\System Profile [2022-03-28]
CHR HKLM\...\Chrome\Extension: [caljgklbbfbcjjanaijlacgncafpegll]
CHR HKLM\...\Chrome\Extension: [ccbpbkebodcjkknkfkpmfeciinhidaeh]
CHR HKLM-x32\...\Chrome\Extension: [caljgklbbfbcjjanaijlacgncafpegll]
CHR HKLM-x32\...\Chrome\Extension: [ccbpbkebodcjkknkfkpmfeciinhidaeh]
==================== Services (Whitelisted) ===================
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
S2 AdobeARMservice; C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe [83984 2018-12-16] (Adobe Systems, Incorporated -> Adobe Systems Incorporated)
S2 CmdAgent; C:\Program Files\COMODO\COMODO Internet Security\cmdagent.exe [11334144 2021-01-22] (Comodo Security Solutions, Inc. -> COMODO)
S2 CmdAgentProt; C:\Program Files\COMODO\COMODO Internet Security\cmdagent.exe [11334144 2021-01-22] (Comodo Security Solutions, Inc. -> COMODO)
S3 cmdvirth; C:\Program Files\COMODO\COMODO Internet Security\cmdvirth.exe [2675504 2021-01-22] (Comodo Security Solutions, Inc. -> COMODO)
S2 DolbyDAXAPI; C:\WINDOWS\system32\dolbyaposvc\DAX3API.exe [1926600 2019-09-02] (Dolby Laboratories, Inc. -> )
S2 FMAPOService; C:\WINDOWS\System32\FMService64.exe [359808 2019-08-16] (Microsoft Windows Hardware Compatibility Publisher -> Fortemedia)
S2 ImControllerService; C:\WINDOWS\Lenovo\ImController\Service\Lenovo.Modern.ImController.exe [84240 2022-01-28] (Lenovo -> Lenovo Group Ltd.)
S2 LenovoVantageService; C:\Program Files (x86)\Lenovo\VantageService\3.11.20.0\LenovoVantageService.exe [28928 2022-01-20] (Lenovo -> Lenovo Group Ltd.)
S3 WdNisSvc; C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.2202.4-0\NisSrv.exe [3046608 2022-03-15] (Microsoft Windows Publisher -> Microsoft Corporation)
S3 WinDefend; C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.2202.4-0\MsMpEng.exe [132504 2022-03-15] (Microsoft Windows Publisher -> Microsoft Corporation)
===================== Drivers (Whitelisted) ===================
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
S0 cmdboot; C:\WINDOWS\System32\DRIVERS\cmdboot.sys [17576 2019-10-22] (Microsoft Windows Early Launch Anti-malware Publisher -> COMODO)
R1 cmderd; C:\WINDOWS\System32\DRIVERS\cmderd.sys [38880 2021-01-22] (Comodo Security Solutions, Inc. -> COMODO)
S1 cmdGuard; C:\WINDOWS\System32\DRIVERS\cmdguard.sys [844000 2021-01-22] (Comodo Security Solutions, Inc. -> COMODO)
R1 cmdhlp; C:\WINDOWS\system32\DRIVERS\cmdhlp.sys [47104 2021-01-22] (Comodo Security Solutions, Inc. -> COMODO)
R1 inspect; C:\WINDOWS\system32\DRIVERS\inspect.sys [130256 2021-01-22] (Comodo Security Solutions, Inc. -> COMODO)
S3 ssudmdm; C:\WINDOWS\system32\DRIVERS\ssudmdm.sys [166752 2019-07-09] (Samsung Electronics Co., Ltd. -> Samsung Electronics Co., Ltd.)
S3 tap0901; C:\WINDOWS\System32\drivers\tap0901.sys [27136 2016-04-21] (OpenVPN Technologies, Inc. -> The OpenVPN Project)
S3 WdBoot; C:\WINDOWS\system32\drivers\wd\WdBoot.sys [49600 2022-03-15] (Microsoft Windows Early Launch Anti-malware Publisher -> Microsoft Corporation)
S3 WdFilter; C:\WINDOWS\system32\drivers\wd\WdFilter.sys [439544 2022-03-15] (Microsoft Windows -> Microsoft Corporation)
S3 WdNisDrv; C:\WINDOWS\System32\drivers\wd\WdNisDrv.sys [90360 2022-03-15] (Microsoft Windows -> Microsoft Corporation)
==================== NetSvcs (Whitelisted) ===================
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
==================== One month (created) (Whitelisted) =========
(If an entry is included in the fixlist, the file/folder will be moved.)
2022-03-28 14:59 - 2022-03-28 15:32 - 000000000 ____D C:\FRST
2022-03-28 14:58 - 2022-03-28 14:58 - 000000214 _____ C:\WINDOWS\Tasks\CreateExplorerShellUnelevatedTask.job
2022-03-28 14:56 - 2022-03-28 14:56 - 000000000 ____D C:\WINDOWS\pss
2022-03-28 14:46 - 2022-03-28 14:46 - 000000000 ___HD C:\$WinREAgent
2022-03-28 14:42 - 2022-03-28 14:42 - 000000000 ____D C:\WINDOWS\Panther
2022-03-28 13:40 - 2022-03-28 14:31 - 000010570 _____ C:\WINDOWS\system32\Drivers\fvstore.dat
2022-03-28 13:40 - 2022-03-28 13:40 - 000000000 ___HD C:\VTRoot
2022-03-28 13:22 - 2022-03-28 13:22 - 000002145 _____ C:\Users\Public\Desktop\COMODO Internet Security Premium.lnk
2022-03-28 13:22 - 2022-03-28 13:22 - 000000000 ____D C:\WINDOWS\system32\Tasks\COMODO
2022-03-28 13:22 - 2022-03-28 13:22 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\COMODO
2022-03-28 13:21 - 2022-03-28 14:56 - 000692385 _____ C:\WINDOWS\system32\Drivers\sfi.dat
2022-03-28 13:21 - 2019-10-22 18:02 - 000017576 _____ (COMODO) C:\WINDOWS\system32\Drivers\cmdboot.sys
2022-03-28 13:20 - 2022-03-28 13:20 - 000000000 ____D C:\Program Files\COMODO
2022-03-28 13:18 - 2022-03-28 13:18 - 000000000 ____D C:\ProgramData\Shared Space
2022-03-28 13:18 - 2022-03-28 13:18 - 000000000 ____D C:\ProgramData\Comodo
2022-03-28 13:17 - 2022-03-28 13:17 - 071575144 _____ (COMODO) C:\Users\Lenovo\Downloads\cispremium_only_installer.exe
2022-03-28 13:15 - 2022-03-28 13:15 - 000000106 _____ C:\Users\Lenovo\Desktop\New Text Document.txt
2022-03-25 21:23 - 2022-03-25 21:24 - 000000000 ____D C:\Users\Lenovo\AppData\Local\Adobe
2022-03-25 21:23 - 2022-03-25 21:23 - 000000000 ____D C:\Users\Lenovo\AppData\Roaming\Adobe
2022-03-25 21:23 - 2022-03-25 21:23 - 000000000 ____D C:\Users\Lenovo\AppData\LocalLow\Adobe
2022-03-07 22:28 - 2022-03-07 22:28 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\7-Zip
2022-03-07 22:28 - 2022-03-07 22:28 - 000000000 ____D C:\Program Files\7-Zip
==================== One month (modified) ==================
(If an entry is included in the fixlist, the file/folder will be moved.)
2022-03-29 06:40 - 2019-12-07 17:13 - 000000000 ____D C:\WINDOWS\INF
2022-03-28 15:16 - 2021-03-26 00:40 - 000000000 ____D C:\Users\Lenovo
2022-03-28 14:58 - 2021-03-26 00:33 - 000008192 ___SH C:\DumpStack.log.tmp
2022-03-28 14:58 - 2019-12-07 17:14 - 000000000 ____D C:\WINDOWS\ServiceState
2022-03-28 14:57 - 2019-12-07 17:03 - 000786432 _____ C:\WINDOWS\system32\config\BBI
2022-03-28 14:56 - 2021-03-26 01:03 - 000000006 ____H C:\WINDOWS\Tasks\SA.DAT
2022-03-28 14:56 - 2019-12-07 17:14 - 000000000 ____D C:\ProgramData\regid.1991-06.com.microsoft
2022-03-28 14:46 - 2019-07-23 03:24 - 000000000 ____D C:\Program Files (x86)\Google
2022-03-28 14:43 - 2019-07-23 03:14 - 000000000 __SHD C:\Users\Lenovo\IntelGraphicsProfiles
2022-03-28 14:42 - 2021-03-26 00:33 - 000000000 ____D C:\WINDOWS\system32\SleepStudy
2022-03-28 14:42 - 2020-08-08 23:58 - 000000134 _____ C:\WINDOWS\system32\regtest.txt
2022-03-28 14:42 - 2018-12-08 01:28 - 000000000 ___HD C:\Intel
2022-03-28 14:41 - 2021-03-26 00:33 - 000440728 _____ C:\WINDOWS\system32\FNTCACHE.DAT
2022-03-28 13:59 - 2019-12-07 17:14 - 000000000 ___HD C:\Program Files\WindowsApps
2022-03-28 13:59 - 2019-12-07 17:14 - 000000000 ____D C:\WINDOWS\AppReadiness
2022-03-28 13:51 - 2021-03-26 01:03 - 000004562 _____ C:\WINDOWS\system32\Tasks\Adobe Acrobat Update Task
2022-03-28 13:24 - 2020-06-03 16:04 - 000002445 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Edge.lnk
2022-03-28 13:24 - 2020-06-03 16:04 - 000002283 _____ C:\Users\Public\Desktop\Microsoft Edge.lnk
2022-03-28 13:23 - 2019-07-23 03:31 - 000000000 ____D C:\Users\Lenovo\AppData\Local\D3DSCache
2022-03-28 13:21 - 2019-12-07 17:14 - 000000000 ___HD C:\WINDOWS\ELAMBKUP
2022-03-28 13:14 - 2019-07-23 03:14 - 000000000 ____D C:\Users\Lenovo\AppData\Local\Host App Service
2022-03-28 13:07 - 2019-07-23 03:25 - 000002308 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk
2022-03-28 13:07 - 2019-07-23 03:25 - 000002267 _____ C:\Users\Public\Desktop\Google Chrome.lnk
2022-03-28 13:03 - 2021-03-26 00:51 - 000795738 _____ C:\WINDOWS\system32\PerfStringBackup.INI
2022-03-25 23:10 - 2019-07-23 03:19 - 000000000 __RDL C:\Users\Lenovo\OneDrive
2022-03-25 23:08 - 2019-12-07 17:03 - 000000000 ____D C:\WINDOWS\CbsTemp
2022-03-25 21:32 - 2019-07-23 03:27 - 000002457 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Acrobat Reader DC.lnk
2022-03-25 21:22 - 2020-01-14 22:24 - 000000000 ____D C:\Users\Lenovo\AppData\Local\GrammarlyForWindows
2022-03-15 16:02 - 2021-11-11 09:18 - 000001592 _____ C:\WINDOWS\storelibdebug.txt
2022-03-15 13:53 - 2020-10-02 01:49 - 000000000 ____D C:\Program Files\Microsoft Update Health Tools
2022-03-15 13:52 - 2019-08-06 23:48 - 000000000 ____D C:\WINDOWS\system32\MRT
2022-03-15 13:48 - 2018-04-18 03:02 - 000000000 ____D C:\WINDOWS\system32\Drivers\wd
2022-03-11 22:27 - 2019-08-06 23:48 - 145666720 ____C (Microsoft Corporation) C:\WINDOWS\system32\MRT.exe
2022-03-10 12:40 - 2021-04-26 20:09 - 000003386 _____ C:\WINDOWS\system32\Tasks\MicrosoftEdgeUpdateTaskMachineCore1d72196a2e30599
2022-03-10 12:40 - 2021-03-26 01:03 - 000003480 _____ C:\WINDOWS\system32\Tasks\MicrosoftEdgeUpdateTaskMachineUA
2022-03-09 16:52 - 2019-07-23 03:14 - 000000000 ____D C:\Users\Lenovo\AppData\Local\Packages
2022-03-07 23:09 - 2019-07-23 03:22 - 000000000 ____D C:\Program Files\WinRAR
2022-03-07 22:46 - 2021-04-23 21:25 - 000000000 ____D C:\Users\Lenovo\AppData\LocalLow\Temp
2022-03-03 12:40 - 2019-07-25 22:07 - 000000000 ____D C:\Program Files\CUAssistant
==================== SigCheck ============================
(There is no automatic fix for files that do not pass verification.)
safeboot: Network => The system is configured to boot to Safe Mode <==== ATTENTION
==================== BCD ================================
Firmware Boot Manager
---------------------
identifier {fwbootmgr}
displayorder {bootmgr}
{f29fb2c7-fa45-11e8-86b9-806e6f6e6963}
{f29fb2c9-fa45-11e8-86b9-806e6f6e6963}
{f29fb2ca-fa45-11e8-86b9-806e6f6e6963}
timeout 0
Windows Boot Manager
--------------------
identifier {bootmgr}
device partition=\Device\HarddiskVolume1
path \EFI\Microsoft\Boot\bootmgfw.efi
description Windows Boot Manager
locale en-US
inherit {globalsettings}
default {current}
resumeobject {d6b6f6b6-8e0d-11eb-b7f5-9ce6f921bac2}
displayorder {current}
toolsdisplayorder {memdiag}
timeout 0
Firmware Application (101fffff)
-------------------------------
identifier {f29fb2c7-fa45-11e8-86b9-806e6f6e6963}
description EFI USB Device
Firmware Application (101fffff)
-------------------------------
identifier {f29fb2c9-fa45-11e8-86b9-806e6f6e6963}
description EFI DVD/CDROM
Firmware Application (101fffff)
-------------------------------
identifier {f29fb2ca-fa45-11e8-86b9-806e6f6e6963}
description EFI Network
Windows Boot Loader
-------------------
identifier {current}
device partition=C:
path \WINDOWS\system32\winload.efi
description Windows 10
locale en-US
inherit {bootloadersettings}
recoverysequence {d6b6f6b8-8e0d-11eb-b7f5-9ce6f921bac2}
displaymessageoverride Recovery
recoveryenabled Yes
isolatedcontext Yes
allowedinmemorysettings 0x15000075
osdevice partition=C:
systemroot \WINDOWS
resumeobject {d6b6f6b6-8e0d-11eb-b7f5-9ce6f921bac2}
nx OptIn
safeboot Network
bootmenupolicy Standard
Windows Boot Loader
-------------------
identifier {d6b6f6b8-8e0d-11eb-b7f5-9ce6f921bac2}
device ramdisk=[\Device\HarddiskVolume5]\Recovery\WindowsRE\Winre.wim,{d6b6f6b9-8e0d-11eb-b7f5-9ce6f921bac2}
path \windows\system32\winload.efi
description Windows Recovery Environment
locale en-US
inherit {bootloadersettings}
displaymessage Recovery
osdevice ramdisk=[\Device\HarddiskVolume5]\Recovery\WindowsRE\Winre.wim,{d6b6f6b9-8e0d-11eb-b7f5-9ce6f921bac2}
systemroot \windows
nx OptIn
bootmenupolicy Standard
winpe Yes
Resume from Hibernate
---------------------
identifier {d6b6f6b6-8e0d-11eb-b7f5-9ce6f921bac2}
device partition=C:
path \WINDOWS\system32\winresume.efi
description Windows Resume Application
locale en-US
inherit {resumeloadersettings}
recoverysequence {d6b6f6b8-8e0d-11eb-b7f5-9ce6f921bac2}
recoveryenabled Yes
isolatedcontext Yes
allowedinmemorysettings 0x15000075
filedevice partition=C:
filepath \hiberfil.sys
bootmenupolicy Standard
debugoptionenabled No
Windows Memory Tester
---------------------
identifier {memdiag}
device partition=\Device\HarddiskVolume1
path \EFI\Microsoft\Boot\memtest.efi
description Windows Memory Diagnostic
locale en-US
inherit {globalsettings}
badmemoryaccess Yes
EMS Settings
------------
identifier {emssettings}
bootems No
Debugger Settings
-----------------
identifier {dbgsettings}
debugtype Local
RAM Defects
-----------
identifier {badmemory}
Global Settings
---------------
identifier {globalsettings}
inherit {dbgsettings}
{emssettings}
{badmemory}
Boot Loader Settings
--------------------
identifier {bootloadersettings}
inherit {globalsettings}
{hypervisorsettings}
Hypervisor Settings
-------------------
identifier {hypervisorsettings}
hypervisordebugtype Serial
hypervisordebugport 1
hypervisorbaudrate 115200
Resume Loader Settings
----------------------
identifier {resumeloadersettings}
inherit {globalsettings}
Device options
--------------
identifier {d6b6f6b9-8e0d-11eb-b7f5-9ce6f921bac2}
description Windows Recovery
ramdisksdidevice partition=\Device\HarddiskVolume5
ramdisksdipath \Recovery\WindowsRE\boot.sdi
==================== End of FRST.txt ========================