Hi,
There is a virus in my computer. I realized that there are 3 pop ups when opening my computer. I saw 2 programs that I think are part of this virus. 1.lenovo Solution Center 2. lenovo utilities. the program finishes in exe. and when I wanted to unistall it, it wanted to install in my computer. Let me know if there is any more info I can provide.
Thanks
Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 15-07-2019 01
Ran by Rifka (administrator) on LAPTOP-KLLUT3VL (LENOVO 80E5) (22-07-2019 21:10:06)
Running from C:\Users\Rifka\Downloads
Loaded Profiles: Rifka (Available Profiles: Rifka)
Platform: Windows 10 Home Version 1803 17134.829 (X64) Language: English (United States)
Default browser: Edge
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: FRST Tutorial - How to use Farbar Recovery Scan Tool - Malware Removal Guides and Tutorials
==================== Processes (Whitelisted) =================
(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
() [File not signed] C:\Program Files\WindowsApps\Microsoft.SkypeApp_14.48.51.0_x64__kzf8qxf38zg5c\SkypeBackgroundHost.exe
() [File not signed] C:\Program Files\WindowsApps\Microsoft.Windows.Photos_2019.19051.16210.0_x64__8wekyb3d8bbwe\Microsoft.Photos.exe
() [File not signed] C:\Program Files\WindowsApps\Microsoft.WindowsCalculator_10.1905.28.0_x64__8wekyb3d8bbwe\Calculator.exe
() [File not signed] C:\Program Files\WindowsApps\Microsoft.ZuneMusic_10.19031.11411.0_x64__8wekyb3d8bbwe\Music.UI.exe
() [File not signed] C:\Program Files\WindowsApps\Microsoft.ZuneVideo_10.19031.11411.0_x64__8wekyb3d8bbwe\Video.UI.exe
(AVAST Software s.r.o. -> AVAST Software) C:\Program Files (x86)\AVAST Software\Browser\Update\1.4.154.333\AvastBrowserCrashHandler.exe
(AVAST Software s.r.o. -> AVAST Software) C:\Program Files (x86)\AVAST Software\Browser\Update\1.4.154.333\AvastBrowserCrashHandler64.exe
(AVAST Software s.r.o. -> AVAST Software) C:\Program Files\AVAST Software\Avast\afwServ.exe
(AVAST Software s.r.o. -> AVAST Software) C:\Program Files\AVAST Software\Avast\aswidsagent.exe
(AVAST Software s.r.o. -> AVAST Software) C:\Program Files\AVAST Software\Avast\AvastSvc.exe
(AVAST Software s.r.o. -> AVAST Software) C:\Program Files\AVAST Software\Avast\AvastUI.exe
(Conexant Systems, Inc. -> Conexant Systems Inc.) C:\Windows\System32\CxAudMsg64.exe
(Conexant Systems, Inc. -> Conexant Systems, Inc.) C:\Program Files\CONEXANT\cAudioFilterAgent\CAudioFilterAgent64.exe
(Conexant Systems, Inc. -> Conexant Systems, Inc.) C:\Windows\SysWOW64\SASrv.exe
(CyberLink Corp. -> CyberLink) C:\Program Files (x86)\Lenovo\Power2Go\CLMLSvc_P2G8.exe
(ELAN Microelectronics Corporation -> ELAN Microelectronics Corp.) C:\Program Files\Elantech\ETDCtrl.exe
(ELAN Microelectronics Corporation -> ELAN Microelectronics Corp.) C:\Program Files\Elantech\ETDCtrlHelper.exe
(ELAN Microelectronics Corporation -> ELAN Microelectronics Corp.) C:\Program Files\Elantech\ETDIntelligent.exe
(ELAN Microelectronics Corporation -> ELAN Microelectronics Corp.) C:\Program Files\Elantech\ETDService.exe
(Fortemedia Inc -> ) C:\Program Files\CONEXANT\ForteConfig\fmapp.exe
(Google Inc -> Google LLC) C:\Program Files (x86)\Google\Update\1.3.34.11\GoogleCrashHandler.exe
(Google Inc -> Google LLC) C:\Program Files (x86)\Google\Update\1.3.34.11\GoogleCrashHandler64.exe
(Google LLC -> Google LLC) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google LLC -> Google LLC) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google LLC -> Google LLC) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google LLC -> Google LLC) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google LLC -> Google LLC) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google LLC -> Google LLC) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google LLC -> Google LLC) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google LLC -> Google LLC) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google LLC -> Google LLC) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google LLC -> Google LLC) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google LLC -> Google LLC) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google LLC -> Google LLC) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google LLC -> Google LLC) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google LLC -> Google LLC) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google LLC -> Google LLC) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google LLC -> Google LLC) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google LLC -> Google LLC) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google LLC -> Google LLC) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google LLC -> Google LLC) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google LLC -> Google LLC) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google LLC -> Google LLC) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Intel Corporation - Rapid Storage Technology -> Intel Corporation) C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe
(Intel Corporation - Rapid Storage Technology -> Intel Corporation) C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe
(Intel Corporation-Wireless Connectivity Solutions -> Intel(R) Corporation) C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe
(Intel Corporation-Wireless Connectivity Solutions -> Intel(R) Corporation) C:\Program Files\Intel\WiFi\bin\EvtEng.exe
(Intel Corporation-Wireless Connectivity Solutions -> Intel® Corporation) C:\Program Files\Intel\WiFi\bin\ZeroConfigService.exe
(Intel(R) pGFX -> ) C:\Windows\System32\igfxTray.exe
(Intel(R) pGFX -> Intel Corporation) C:\Windows\System32\igfxCUIService.exe
(Intel(R) pGFX -> Intel Corporation) C:\Windows\System32\igfxEM.exe
(Intel(R) pGFX -> Intel Corporation) C:\Windows\System32\igfxHK.exe
(LENOVO -> ) C:\Program Files\update\UpdateAgent.exe
(LENOVO -> Lenovo) C:\Program Files (x86)\Lenovo\CCSDK\CCSDK.exe
(LENOVO -> Lenovo) C:\Program Files (x86)\Lenovo\CCSDK\WinGather.exe
(Lenovo) [File not signed] C:\Program Files (x86)\Lenovo\LenovoPortal\FastBoot\FbService.exe
(Malwarebytes Corporation -> Malwarebytes) C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe
(Malwarebytes Corporation -> Malwarebytes) C:\Program Files\Malwarebytes\Anti-Malware\mbamtray.exe
(Microsoft Corporation -> Microsoft Corporation) C:\Users\Rifka\AppData\Local\Microsoft\OneDrive\OneDrive.exe
(Microsoft Corporation -> Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v3.0\WPF\PresentationFontCache.exe
(Microsoft Corporation -> Microsoft Corporation) C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe
(Microsoft Corporation -> Microsoft Corporation) C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe
(Microsoft Corporation -> Microsoft Corporation) C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe
(Microsoft Corporation) [File not signed] C:\Program Files\WindowsApps\Microsoft.SkypeApp_14.48.51.0_x64__kzf8qxf38zg5c\SkypeApp.exe
(Microsoft Windows -> Microsoft Corporation) C:\Program Files\Windows Defender\MSASCuiL.exe
(Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\browser_broker.exe
(Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\rundll32.exe
(Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\wlanext.exe
(Microsoft Windows -> Microsoft Corporation) C:\Windows\SysWOW64\wbem\WmiPrvSE.exe
(Microsoft Windows Publisher -> Microsoft Corporation) C:\Windows\SysWOW64\svchost.exe
(TeamViewer GmbH -> TeamViewer GmbH) C:\Program Files (x86)\TeamViewer\TeamViewer.exe
(TeamViewer GmbH -> TeamViewer GmbH) C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe
(TeamViewer GmbH -> TeamViewer GmbH) C:\Program Files (x86)\TeamViewer\tv_w32.exe
(TeamViewer GmbH -> TeamViewer GmbH) C:\Program Files (x86)\TeamViewer\tv_x64.exe
==================== Registry (Whitelisted) ===========================
(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
HKLM\...\Run: [SecurityHealth] => C:\Program Files\Windows Defender\MSASCuiL.exe [638872 2018-04-11] (Microsoft Windows -> Microsoft Corporation)
HKLM\...\Run: [LenovoUtility] => C:\Program Files\Lenovo\LenovoUtility\utility.exe [791848 2015-10-10] (LENOVO -> )
HKLM\...\Run: [IAStorIcon] => C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe [322472 2015-07-22] (Intel Corporation - Rapid Storage Technology -> Intel Corporation)
HKLM\...\Run: [ForteConfig] => C:\Program Files\Conexant\ForteConfig\fmapp.exe [49056 2010-10-26] (Fortemedia Inc -> )
HKLM\...\Run: [cAudioFilterAgent] => C:\Program Files\Conexant\cAudioFilterAgent\cAudioFilterAgent64.exe [919768 2014-11-20] (Conexant Systems, Inc. -> Conexant Systems, Inc.)
HKLM\...\Run: [SmartAudio] => C:\Program Files\CONEXANT\SAII\SACpl.exe [1830616 2014-04-10] (Conexant Systems, Inc. -> Conexant Systems, Inc.)
HKLM\...\Run: [ETDCtrl] => C:\Program Files\Elantech\ETDCtrl.exe [3814624 2018-02-07] (ELAN Microelectronics Corporation -> ELAN Microelectronics Corp.)
HKLM\...\Run: [AvastUI.exe] => C:\Program Files\AVAST Software\Avast\AvLaunch.exe [262024 2019-05-28] (AVAST Software s.r.o. -> AVAST Software)
HKLM-x32\...\Run: [CLMLServer_For_P2G8] => C:\Program Files (x86)\Lenovo\Power2Go\CLMLSvc_P2G8.exe [110344 2014-09-09] (CyberLink Corp. -> CyberLink)
HKLM-x32\...\Run: [CLVirtualDrive] => C:\Program Files (x86)\Lenovo\Power2Go\VirtualDrive.exe [492808 2014-09-09] (CyberLink Corp. -> CyberLink Corp.)
HKU\S-1-5-21-1936064907-1069411923-2261509573-1001\...\RunOnce: [Delete Cached Update Binary] => C:\WINDOWS\system32\cmd.exe /q /c del /q "C:\Users\Rifka\AppData\Local\Microsoft\OneDrive\Update\OneDriveSetup.exe"
HKU\S-1-5-21-1936064907-1069411923-2261509573-1001\...\RunOnce: [Delete Cached Standalone Update Binary] => C:\WINDOWS\system32\cmd.exe /q /c del /q "C:\Users\Rifka\AppData\Local\Microsoft\OneDrive\StandaloneUpdater\OneDriveSetup.exe"
HKU\S-1-5-21-1936064907-1069411923-2261509573-1001\...\RunOnce: [Uninstall 19.086.0502.0006\amd64] => C:\WINDOWS\system32\cmd.exe /q /c rmdir /s /q "C:\Users\Rifka\AppData\Local\Microsoft\OneDrive\19.086.0502.0006\amd64"
HKU\S-1-5-21-1936064907-1069411923-2261509573-1001\...\RunOnce: [Uninstall 19.086.0502.0006] => C:\WINDOWS\system32\cmd.exe /q /c rmdir /s /q "C:\Users\Rifka\AppData\Local\Microsoft\OneDrive\19.086.0502.0006"
HKLM\...\Drivers32-x32: [vidc.mjpg] => pvmjpg30.dll
HKLM\...\Drivers32-x32: [vidc.pDAD] => prodad-codec.dll
HKLM\Software\Microsoft\Active Setup\Installed Components: [{8A69D345-D564-463c-AFF1-A69D9E530F96}] -> C:\Program Files (x86)\Google\Chrome\Application\75.0.3770.142\Installer\chrmstp.exe [2019-07-17] (Google LLC -> Google LLC)
HKLM\Software\Wow6432Node\Microsoft\Active Setup\Installed Components: [{A8504530-742B-42BC-895D-2BAD6406F698}] -> C:\Program Files (x86)\AVAST Software\Browser\Application\75.0.1447.81\Installer\chrmstp.exe [2019-07-02] (AVAST Software s.r.o. -> AVAST Software)
GroupPolicy: Restriction - Chrome <==== ATTENTION
GroupPolicy\User: Restriction ? <==== ATTENTION
FF HKLM\SOFTWARE\Policies\Mozilla\Firefox: Restriction <==== ATTENTION
==================== Scheduled Tasks (Whitelisted) =============
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
Task: {026EC50A-F2D6-4228-AAE2-87D94F0736CA} - System32\Tasks\Microsoft\Office\OfficeTelemetryAgentFallBack => C:\Program Files\Microsoft Office\Office15\msoia.exe [376496 2014-01-22] (Microsoft Corporation -> Microsoft Corporation)
Task: {20414A01-6033-4FF8-BCE3-265A58B3AE6F} - System32\Tasks\Lenovo\Lenovo Solution Center Launcher => C:\Program Files\lenovo\lenovo solution center\App\LSCService.exe [270272 2015-08-07] (LENOVO -> Lenovo)
Task: {2FDDC4DF-0FA5-499E-BA85-32D3ACBD64A2} - System32\Tasks\Lenovo\ImController\Lenovo iM Controller Scheduled Maintenance => %windir%\system32\sc.exe START ImControllerService
Task: {3BA2DBE8-07C1-476E-AEE0-9F5C0D2411C6} - System32\Tasks\Lenovo\REACHit Agent Update => C:\Program Files (x86)\Lenovo\REACHit\REACHitAgent.exe [674760 2016-02-22] (LENOVO -> Lenovo)
Task: {4312E1B3-370E-4B9E-8A53-870122A5DDCA} - System32\Tasks\Avast Secure Browser Heartbeat Task (Logon) => C:\Program Files (x86)\AVAST Software\Browser\Application\AvastBrowser.exe [1808504 2019-06-11] (AVAST Software s.r.o. -> AVAST Software)
Task: {49BB1901-394D-43FB-BADC-E58089F19840} - System32\Tasks\LivigentICUpgradeTask => C:\WINDOWS\Lvgic10u.exe [570216 2019-04-15] (Rnd Software Group Inc. -> )
Task: {4E015032-99F1-40D9-A9C2-C60117DA6D64} - System32\Tasks\AvastUpdateTaskMachineUA => C:\Program Files (x86)\AVAST Software\Browser\Update\AvastBrowserUpdate.exe [164984 2019-05-28] (AVAST Software s.r.o. -> AVAST Software)
Task: {55B8C7F4-3FCE-45E8-99F0-8E0863EC1D8D} - System32\Tasks\Lenovo\Lenovo Customer Feedback Program 64 => C:\Program Files (x86)\Lenovo\Customer Feedback Program\Lenovo.TVT.CustomerFeedback.Agent.exe [16832 2015-07-08] (LENOVO -> Lenovo)
Task: {60C4C661-3629-401E-BF93-E0321D8CE590} - System32\Tasks\Lenovo\REACHit Agent Startup => C:\Program Files (x86)\Lenovo\REACHit\REACHitAgent.exe [674760 2016-02-22] (LENOVO -> Lenovo)
Task: {647B581C-8CA5-4999-8CFE-02EABE7DBE53} - System32\Tasks\Lenovo\ImController\Plugins\LenovoSystemUpdatePlugin_TVSUUpdateTask => reg.exe add hklm\SOFTWARE\Lenovo\SystemUpdatePlugin\scheduler /v start /t reg_dword /d 1 /f /reg:32
Task: {664B1697-D559-4723-9D04-1967A1E10F35} - System32\Tasks\Lenovo\SHUpdate => C:\Program Files (x86)\Lenovo\SHAREit\ShareitUpdater.exe [808352 2015-07-12] (LENOVO -> )
Task: {6F0E7FFE-E30F-4907-ABC2-610CD61F2158} - System32\Tasks\Microsoft\Windows\RemovalTools\MRT_ERROR_HB => C:\WINDOWS\system32\MRT.exe [136618864 2019-07-17] (Microsoft Corporation -> Microsoft Corporation)
Task: {71C0AC35-4970-46FB-8C6D-CB89C24B78DC} - System32\Tasks\Lenovo\SHPrompt => C:\Program Files (x86)\Lenovo\SHAREit\ShareitPrompt.exe [829344 2015-07-12] (LENOVO -> )
Task: {7E5777E0-F0D5-49FB-AAC0-58FE2DA9FC6D} - System32\Tasks\Avast Emergency Update => C:\Program Files\AVAST Software\Avast\AvEmUpdate.exe [2934152 2019-05-28] (AVAST Software s.r.o. -> AVAST Software)
Task: {87169BD9-2A8C-40A2-AA18-2EBF4E97DB61} - \Microsoft\Windows\SMB\UninstallSMB1ClientTask -> No File <==== ATTENTION
Task: {8A1C898E-78A7-4A0D-97D8-DD54AEB3ED7D} - \Microsoft\Windows\SMB\UninstallSMB1ServerTask -> No File <==== ATTENTION
Task: {8BEAF689-FA90-4A62-AEFE-484EE0BE985F} - System32\Tasks\Microsoft\Windows\PLA\LSC Memory => C:\Windows\system32\rundll32.exe C:\Windows\system32\pla.dll,PlaHost "LSC Memory" "$(Arg0)"
Task: {8C69E7A3-945C-4BD9-9EAB-D59CE70A4C44} - System32\Tasks\Avast Software\Overseer => C:\Program Files\Common Files\AVAST Software\Overseer\overseer.exe [2281944 2019-06-04] (AVAST Software s.r.o. -> AVAST Software)
Task: {92EE847B-C711-4C89-9BF1-E6D4C3A39FBA} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [153752 2016-11-30] (Google Inc -> Google Inc.)
Task: {960DACF7-D03A-452C-BB44-FA9E5DE41506} - System32\Tasks\Lenovo\Experience Improvement => C:\Program Files\Lenovo\ExperienceImprovement\LenovoExperienceImprovement.exe [287688 2015-12-09] (LENOVO -> Lenovo)
Task: {96CC4AC4-B01B-4F2C-82D2-8656DFCD4C81} - System32\Tasks\Microsoft\Windows\Setup\EOSNotify => C:\WINDOWS\system32\EOSNotify.exe
Task: {97F9E520-EFCF-43F2-A091-89A6476F53F5} - System32\Tasks\Avast Secure Browser Heartbeat Task (Hourly) => C:\Program Files (x86)\AVAST Software\Browser\Application\AvastBrowser.exe [1808504 2019-06-11] (AVAST Software s.r.o. -> AVAST Software)
Task: {9B50C0AE-67A6-45AD-9605-9C74D32C5E52} - System32\Tasks\Microsoft\Office\OfficeTelemetryAgentLogOn => C:\Program Files\Microsoft Office\Office15\msoia.exe [376496 2014-01-22] (Microsoft Corporation -> Microsoft Corporation)
Task: {A4D4CDC5-5EC9-4B8C-BAFE-BC52DE0673AD} - System32\Tasks\PDVDServ12 Task => C:\Program Files (x86)\Lenovo\PowerDVD12\PDVD12Serv.exe [85432 2015-05-28] (CyberLink Corp. -> CyberLink Corp.)
Task: {A6C95E1A-028F-40E5-AE93-5E25F54CA147} - System32\Tasks\Lenovo\LSC\LSCHardwareScanPostpone => C:\Program Files\Lenovo\Lenovo Solution Center\LSC.exe [9476544 2015-08-07] (LENOVO -> )
Task: {A91B3760-F77E-4C31-A041-507F0D925F4A} - System32\Tasks\Lenovo\LSC\Lenovo Solution Center Notifications => C:\Program Files\Lenovo\Lenovo Solution Center\LSCNotify.exe [1320384 2015-08-07] (LENOVO -> Lenovo)
Task: {AFF0EFDA-9B0F-4CDB-AA11-98078E6E7651} - System32\Tasks\Microsoft\Office\Office 15 Subscription Heartbeat => C:\Program Files\Common Files\Microsoft Shared\Office15\OLicenseHeartbeat.exe
Task: {B88A5CD1-5AE5-4175-A369-FE0BF5C97EE8} - System32\Tasks\Lenovo\LSC\LSCHardwareScan => C:\Program Files\Lenovo\Lenovo Solution Center\LSC.exe [9476544 2015-08-07] (LENOVO -> )
Task: {C8556EA1-FF3B-4709-AF65-BB3CD0303413} - System32\Tasks\Lenovo\QuickOptimizer => C:\Program Files\lenovo\QuickOptimizer\QuickOptimizerIcon.exe [1149344 2015-07-10] (LENOVO -> Lenovo)
Task: {C8ADD3D0-3082-458F-9DF4-F7EA1A61EE01} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [153752 2016-11-30] (Google Inc -> Google Inc.)
Task: {F8A7A70E-3592-42EE-8913-7B3C4FF6ACD2} - System32\Tasks\AvastUpdateTaskMachineCore => C:\Program Files (x86)\AVAST Software\Browser\Update\AvastBrowserUpdate.exe [164984 2019-05-28] (AVAST Software s.r.o. -> AVAST Software)
(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)
==================== Internet (Whitelisted) ====================
(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
Tcpip\Parameters: [DhcpNameServer] 209.18.47.61 209.18.47.62
Tcpip\..\Interfaces\{c1348638-2fbd-4861-9436-169088fb0f1e}: [DhcpNameServer] 150.208.1.3
Tcpip\..\Interfaces\{eb25a60a-35cb-4a6d-a41d-0de9d46e32bf}: [DhcpNameServer] 209.18.47.61 209.18.47.62
Internet Explorer:
==================
HKU\S-1-5-21-1936064907-1069411923-2261509573-1001\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://lenovo15.msn.com/?pc=LCTE
HKU\S-1-5-21-1936064907-1069411923-2261509573-1001\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://lenovo15.msn.com/?pc=LCTE
HKU\S-1-5-21-1936064907-1069411923-2261509573-1001\Software\Microsoft\Internet Explorer\Main,Secondary Start Pages = hxxp://mystart.lenovo.com
SearchScopes: HKU\S-1-5-21-1936064907-1069411923-2261509573-1001 -> DefaultScope {325FD0EC-F0D4-436F-B73A-D45053D825AF} URL =
SearchScopes: HKU\S-1-5-21-1936064907-1069411923-2261509573-1001 -> {325FD0EC-F0D4-436F-B73A-D45053D825AF} URL =
BHO: Skype for Business Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files\Microsoft Office\Office15\OCHelper.dll [2019-06-25] (Microsoft Corporation -> Microsoft Corporation)
BHO: Microsoft SkyDrive Pro Browser Helper -> {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} -> C:\Program Files\Microsoft Office\Office15\GROOVEEX.DLL [2018-05-15] (Microsoft Corporation -> Microsoft Corporation)
BHO-x32: Skype for Business Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files (x86)\Microsoft Office\Office15\OCHelper.dll [2019-06-25] (Microsoft Corporation -> Microsoft Corporation)
BHO-x32: Microsoft SkyDrive Pro Browser Helper -> {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} -> C:\Program Files (x86)\Microsoft Office\Office15\GROOVEEX.DLL [2018-05-15] (Microsoft Corporation -> Microsoft Corporation)
FireFox:
========
FF DefaultProfile: 0enx8hcf.default
FF ProfilePath: C:\Users\Rifka\AppData\Roaming\Mozilla\Firefox\Profiles\0enx8hcf.default [2019-07-22]
FF Plugin: @microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.50918.0\npctrl.dll [2018-10-23] (Microsoft Corporation -> Microsoft Corporation)
FF Plugin-x32: @microsoft.com/Lync,version=15.0 -> C:\Program Files (x86)\Mozilla Firefox\plugins\npmeetingjoinpluginoc.dll [2017-09-12] (Microsoft Corporation -> Microsoft Corporation)
FF Plugin-x32: @microsoft.com/NpCtrl,version=1.0 -> c:\Program Files (x86)\Microsoft Silverlight\5.1.50918.0\npctrl.dll [2018-10-23] (Microsoft Corporation -> Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~2\MICROS~1\Office15\NPSPWRAP.DLL [2014-01-23] (Microsoft Corporation -> Microsoft Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.34.11\npGoogleUpdate3.dll [2019-05-15] (Google Inc -> Google LLC)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.34.11\npGoogleUpdate3.dll [2019-05-15] (Google Inc -> Google LLC)
Chrome:
=======
CHR Profile: C:\Users\Rifka\AppData\Local\Google\Chrome\User Data\Default [2019-07-22]
CHR Extension: (Slides) - C:\Users\Rifka\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2017-12-24]
CHR Extension: (Docs) - C:\Users\Rifka\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2017-12-24]
CHR Extension: (Google Drive) - C:\Users\Rifka\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2018-10-18]
CHR Extension: (YouTube) - C:\Users\Rifka\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2016-11-30]
CHR Extension: (Avast SafePrice | Comparison, deals, coupons) - C:\Users\Rifka\AppData\Local\Google\Chrome\User Data\Default\Extensions\eofcbnmajmjmplflapaojjnihcjkigck [2019-07-17]
CHR Extension: (Sheets) - C:\Users\Rifka\AppData\Local\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2017-12-24]
CHR Extension: (Google Docs Offline) - C:\Users\Rifka\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2018-08-29]
CHR Extension: (Avast Online Security) - C:\Users\Rifka\AppData\Local\Google\Chrome\User Data\Default\Extensions\gomekmidlodglbbmalcneegieacbdmki [2019-07-17]
CHR Extension: (DS Amazon Quick View) - C:\Users\Rifka\AppData\Local\Google\Chrome\User Data\Default\Extensions\jkompbllimaoekaogchhkmkdogpkhojg [2019-07-17]
CHR Extension: (Grammarly for Chrome) - C:\Users\Rifka\AppData\Local\Google\Chrome\User Data\Default\Extensions\kbfnbcaeplbcioakkpcpgfkobkghlhen [2019-07-17]
CHR Extension: (Keepa - Amazon Price Tracker) - C:\Users\Rifka\AppData\Local\Google\Chrome\User Data\Default\Extensions\neebplgakaahbhdphmkckjjcegoiijjo [2019-03-04]
CHR Extension: (Chrome Web Store Payments) - C:\Users\Rifka\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2018-04-17]
CHR Extension: (Gmail) - C:\Users\Rifka\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2019-04-29]
CHR Extension: (Chrome Media Router) - C:\Users\Rifka\AppData\Local\Google\Chrome\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm [2019-06-16]
CHR Profile: C:\Users\Rifka\AppData\Local\Google\Chrome\User Data\System Profile [2018-12-06]
CHR HKLM-x32\...\Chrome\Extension: [bfegkegffcbgpfmemahhkgnbkocmbain] - <no Path/update_url>
CHR HKLM-x32\...\Chrome\Extension: [eofcbnmajmjmplflapaojjnihcjkigck] - hxxps://clients2.google.com/service/update2/crx
CHR HKLM-x32\...\Chrome\Extension: [gomekmidlodglbbmalcneegieacbdmki] - hxxps://clients2.google.com/service/update2/crx
==================== Services (Whitelisted) ====================
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
R3 aswbIDSAgent; C:\Program Files\AVAST Software\Avast\aswidsagent.exe [6844776 2019-05-28] (AVAST Software s.r.o. -> AVAST Software)
S2 avast; C:\Program Files (x86)\AVAST Software\Browser\Update\AvastBrowserUpdate.exe [164984 2019-05-28] (AVAST Software s.r.o. -> AVAST Software)
R2 avast! Antivirus; C:\Program Files\AVAST Software\Avast\AvastSvc.exe [409224 2019-05-28] (AVAST Software s.r.o. -> AVAST Software)
R2 avast! Firewall; C:\Program Files\AVAST Software\Avast\afwServ.exe [416512 2019-05-28] (AVAST Software s.r.o. -> AVAST Software)
S3 avastm; C:\Program Files (x86)\AVAST Software\Browser\Update\AvastBrowserUpdate.exe [164984 2019-05-28] (AVAST Software s.r.o. -> AVAST Software)
S3 AvastSecureBrowserElevationService; C:\Program Files (x86)\AVAST Software\Browser\Application\75.0.1447.81\elevation_service.exe [978720 2019-06-11] (AVAST Software s.r.o. -> AVAST Software)
S3 AvastWscReporter; C:\Program Files\AVAST Software\Avast\wsc_proxy.exe [57504 2019-05-28] (AVAST Software s.r.o. -> AVAST Software)
R2 CCSDK; C:\Program Files (x86)\Lenovo\CCSDK\CCSDK.exe [650680 2015-07-29] (LENOVO -> Lenovo)
U2 DispatcherIC; C:\WINDOWS\LvgIC555\Dispatcher\DispatcherIC.dll [3284328 2019-04-15] (Rnd Software Group Inc. -> )
R2 ETDService; C:\Program Files\Elantech\ETDService.exe [143584 2018-02-07] (ELAN Microelectronics Corporation -> ELAN Microelectronics Corp.)
R2 FastbootService; C:\Program Files (x86)\Lenovo\LenovoPortal\FastBoot\FbService.exe [288768 2015-10-10] (Lenovo) [File not signed]
S2 GDCAgent; C:\Program Files (x86)\Lenovo\GDCAgentSetupRed\GDCAgent.exe [1155512 2015-07-29] (LENOVO -> Lenovo)
S2 ibtsiva; C:\WINDOWS\system32\ibtsiva.exe [190208 2018-10-08] (Intel Corporation-Wireless Connectivity Solutions -> Intel Corporation)
R2 igfxCUIService2.0.0.0; C:\WINDOWS\system32\igfxCUIService.exe [373680 2018-02-07] (Intel(R) pGFX -> Intel Corporation)
S2 ImControllerService; c:\Program Files\Lenovo\ImController\Service\Lenovo.Modern.ImController.exe [62792 2016-11-16] () [File not signed]
S2 LenovoPortalService; C:\Program Files (x86)\Lenovo\LenovoPortal\LenovoPortalService.exe [24312 2015-10-10] (LENOVO -> )
S3 LSCWinService; C:\Program Files\Lenovo\Lenovo Solution Center\App\LSCWinService.exe [271296 2015-08-07] (LENOVO -> Lenovo)
U2 MainIC; C:\WINDOWS\LvgIC555\IC.dll [12319080 2019-04-15] (Rnd Software Group Inc. -> )
R2 MBAMService; C:\Program Files\Malwarebytes\Anti-Malware\mbamservice.exe [6562472 2019-02-01] (Malwarebytes Corporation -> Malwarebytes)
S3 MyWiFiDHCPDNS; C:\Program Files\Intel\WiFi\bin\PanDhcpDns.exe [268704 2016-10-06] (Intel Corporation-Wireless Connectivity Solutions -> )
R2 TeamViewer; C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe [11969880 2019-07-03] (TeamViewer GmbH -> TeamViewer GmbH)
R2 UpdateAgentService; C:\Program Files\update\UpdateAgent.exe [226216 2015-10-10] (LENOVO -> )
U2 WatchdogIC; C:\WINDOWS\LvgIC555\ICWatchdog.dll [5047144 2019-04-15] (Rnd Software Group Inc. -> )
S3 WdNisSvc; C:\ProgramData\Microsoft\Windows Defender\platform\4.18.1904.1-0\NisSrv.exe [3851264 2019-04-28] (Microsoft Corporation -> Microsoft Corporation)
S3 WinDefend; C:\ProgramData\Microsoft\Windows Defender\platform\4.18.1904.1-0\MsMpEng.exe [118144 2019-04-28] (Microsoft Corporation -> Microsoft Corporation)
R2 ZeroConfigService; C:\Program Files\Intel\WiFi\bin\ZeroConfigService.exe [3732896 2016-10-06] (Intel Corporation-Wireless Connectivity Solutions -> Intel® Corporation)
===================== Drivers (Whitelisted) ======================
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
R1 aswArPot; C:\WINDOWS\System32\drivers\aswArPot.sys [207448 2019-05-28] (AVAST Software s.r.o. -> AVAST Software)
R1 aswbidsdriver; C:\WINDOWS\System32\drivers\aswbidsdriver.sys [262496 2019-05-28] (AVAST Software s.r.o. -> AVAST Software)
R0 aswbidsh; C:\WINDOWS\System32\drivers\aswbidsh.sys [205848 2019-05-28] (AVAST Software s.r.o. -> AVAST Software)
R0 aswbuniv; C:\WINDOWS\System32\drivers\aswbuniv.sys [61472 2019-05-28] (AVAST Software s.r.o. -> AVAST Software)
R0 aswElam; C:\WINDOWS\System32\drivers\aswElam.sys [15488 2019-05-28] (Microsoft Windows Early Launch Anti-malware Publisher -> AVAST Software)
R1 aswKbd; C:\WINDOWS\System32\drivers\aswKbd.sys [42288 2019-05-28] (AVAST Software s.r.o. -> AVAST Software)
R2 aswMonFlt; C:\WINDOWS\System32\drivers\aswMonFlt.sys [168104 2019-06-20] (AVAST Software s.r.o. -> AVAST Software)
R1 aswNetSec; C:\WINDOWS\System32\drivers\aswNetSec.sys [549200 2019-05-28] (AVAST Software s.r.o. -> AVAST Software)
R1 aswRdr; C:\WINDOWS\System32\drivers\aswRdr2.sys [112312 2019-05-28] (AVAST Software s.r.o. -> AVAST Software)
R0 aswRvrt; C:\WINDOWS\System32\drivers\aswRvrt.sys [87944 2019-05-28] (AVAST Software s.r.o. -> AVAST Software)
R1 aswSnx; C:\WINDOWS\System32\drivers\aswSnx.sys [1030784 2019-05-28] (AVAST Software s.r.o. -> AVAST Software)
R1 aswSP; C:\WINDOWS\System32\drivers\aswSP.sys [477584 2019-05-28] (AVAST Software s.r.o. -> AVAST Software)
R2 aswStm; C:\WINDOWS\System32\drivers\aswStm.sys [225600 2019-06-17] (AVAST Software s.r.o. -> AVAST Software)
R0 aswVmm; C:\WINDOWS\System32\drivers\aswVmm.sys [385880 2019-05-30] (AVAST Software s.r.o. -> AVAST Software)
S3 dg_ssudbus; C:\WINDOWS\system32\DRIVERS\ssudbus.sys [131712 2018-02-25] (Samsung Electronics CO., LTD. -> Samsung Electronics Co., Ltd.)
R3 ETDSMBus; C:\WINDOWS\system32\DRIVERS\ETDSMBus.sys [41040 2018-02-07] (ELAN MICROELECTRONICS CORPORATION -> ELAN Microelectronic Corp.)
R0 Fastboot; C:\WINDOWS\System32\DRIVERS\Fastboot.sys [67608 2015-10-10] (New Horizon DataSys Inc. -> Windows (R) Win 7 DDK provider) [File not signed]
R0 FBFsmon; C:\WINDOWS\System32\DRIVERS\FBFsmon.sys [39448 2015-10-10] (New Horizon DataSys Inc. -> Windows (R) Win 7 DDK provider) [File not signed]
R3 ibtusb; C:\WINDOWS\system32\DRIVERS\ibtusb.sys [230144 2018-10-08] (Intel Corporation-Wireless Connectivity Solutions -> Intel Corporation)
R2 ICHFilter; C:\WINDOWS\LvgIC555\ICHFilter.sys [43000 2019-04-15] (Rnd Software Group Inc. -> )
S3 ldiagio_uefi; C:\Program Files\Lenovo\Lenovo Solution Center\App\ldiag\x64\ldiagio_uefi.sys [24808 2015-04-02] (Lenovo Information Products (Shenzhen) Co.,Ltd -> Lenovo Group Limited (R))
S0 MbamElam; C:\WINDOWS\System32\DRIVERS\MbamElam.sys [20936 2019-02-01] (Microsoft Windows Early Launch Anti-malware Publisher -> Malwarebytes)
R3 MBAMSwissArmy; C:\WINDOWS\System32\Drivers\mbamswissarmy.sys [275232 2019-07-10] (Malwarebytes Corporation -> Malwarebytes)
R3 NETwNb64; C:\WINDOWS\system32\DRIVERS\Netwbw02.sys [3525896 2018-10-08] (Intel Corporation-Wireless Connectivity Solutions -> Intel Corporation)
R3 rt640x64; C:\WINDOWS\System32\drivers\rt640x64.sys [886528 2015-05-28] (Realtek Semiconductor Corp -> Realtek )
R3 RTSUER; C:\WINDOWS\system32\Drivers\RtsUer.sys [410880 2015-11-04] (Realtek Semiconductor Corp -> Realsil Semiconductor Corporation)
R3 rtsuvc; C:\WINDOWS\system32\DRIVERS\rtsuvc.sys [3059416 2015-06-11] (Realtek Semiconductor Corp -> Realtek Semiconductor Corp.)
S3 ssudmdm; C:\WINDOWS\system32\DRIVERS\ssudmdm.sys [165504 2018-02-25] (Samsung Electronics CO., LTD. -> Samsung Electronics Co., Ltd.)
S3 WdBoot; C:\WINDOWS\system32\drivers\wd\WdBoot.sys [46472 2019-04-28] (Microsoft Windows Early Launch Anti-malware Publisher -> Microsoft Corporation)
S3 WdFilter; C:\WINDOWS\system32\drivers\wd\WdFilter.sys [344544 2019-04-28] (Microsoft Windows -> Microsoft Corporation)
S3 WdNisDrv; C:\WINDOWS\System32\drivers\wd\WdNisDrv.sys [60896 2019-04-28] (Microsoft Windows -> Microsoft Corporation)
R1 wfpliv; C:\WINDOWS\LvgIC555\wfpliv.sys [96840 2019-04-15] (Rnd Software Group Inc. -> Windows (R) Win 7 DDK provider)
S3 wsvd; C:\WINDOWS\system32\DRIVERS\wsvd.sys [102376 2012-06-13] (CyberLink -> "CyberLink)
==================== NetSvcs (Whitelisted) ===================
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
==================== One month (created) ========
(If an entry is included in the fixlist, the file/folder will be moved.)
2019-07-22 21:11 - 2019-07-22 21:11 - 022648171 _____ C:\WINDOWS\lc45fvm58jd
2019-07-22 21:10 - 2019-07-22 21:11 - 000032211 _____ C:\Users\Rifka\Downloads\FRST.txt
2019-07-22 21:09 - 2019-07-22 21:10 - 000000000 ____D C:\FRST
2019-07-22 21:09 - 2019-07-22 21:09 - 002095104 _____ (Farbar) C:\Users\Rifka\Downloads\FRST64.exe
2019-07-22 21:08 - 2019-07-22 21:08 - 001446912 _____ (Farbar) C:\Users\Rifka\Downloads\FRST.exe
==================== One month (modified) ========
(If an entry is included in the fixlist, the file/folder will be moved.)
2019-07-22 21:11 - 2018-10-12 09:39 - 000015080 _____ C:\WINDOWS\System32\Tasks\LivigentICUpgradeTask
2019-07-22 21:10 - 2018-04-11 19:38 - 000000000 ____D C:\ProgramData\regid.1991-06.com.microsoft
2019-07-22 20:34 - 2018-10-12 09:13 - 000000000 ____D C:\WINDOWS\system32\SleepStudy
2019-07-20 23:27 - 2018-04-11 19:38 - 000000000 ___HD C:\Program Files\WindowsApps
2019-07-20 23:27 - 2018-04-11 19:38 - 000000000 ____D C:\WINDOWS\AppReadiness
2019-07-20 23:20 - 2016-06-29 11:37 - 000000000 ____D C:\Program Files (x86)\TeamViewer
2019-07-19 00:38 - 2019-03-01 13:00 - 000001047 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\TeamViewer 14.lnk
2019-07-19 00:38 - 2019-03-01 13:00 - 000001035 _____ C:\Users\Public\Desktop\TeamViewer 14.lnk
2019-07-19 00:30 - 2018-04-11 19:30 - 000000000 ____D C:\WINDOWS\CbsTemp
2019-07-19 00:16 - 2019-05-28 17:13 - 000004264 _____ C:\WINDOWS\System32\Tasks\Avast Emergency Update
2019-07-17 05:10 - 2015-11-22 13:55 - 000000000 ____D C:\WINDOWS\system32\MRT
2019-07-17 04:53 - 2016-05-03 20:40 - 000000000 ___RD C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Office 2013
2019-07-17 04:53 - 2015-12-07 12:40 - 136618864 ____C (Microsoft Corporation) C:\WINDOWS\system32\MRT.exe
2019-07-17 04:52 - 2015-07-10 07:04 - 000000167 _____ C:\WINDOWS\win.ini
2019-07-17 04:51 - 2016-11-30 15:20 - 000002308 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk
2019-07-17 04:51 - 2016-11-30 15:20 - 000002267 _____ C:\Users\Public\Desktop\Google Chrome.lnk
2019-07-15 15:17 - 2018-10-12 09:39 - 000003380 _____ C:\WINDOWS\System32\Tasks\OneDrive Standalone Update Task-S-1-5-21-1936064907-1069411923-2261509573-1001
2019-07-15 15:17 - 2018-10-12 09:26 - 000002374 _____ C:\Users\Rifka\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\OneDrive.lnk
2019-07-15 15:17 - 2015-11-05 07:34 - 000000000 ___RD C:\Users\Rifka\OneDrive
2019-07-15 15:14 - 2015-11-05 07:31 - 000000000 __SHD C:\Users\Rifka\IntelGraphicsProfiles
2019-07-15 15:14 - 2015-11-05 07:15 - 000000180 _____ C:\WINDOWS\system32\{A6D608F0-0BDE-491A-97AE-5C4B05D86E01}.bat
2019-07-15 15:13 - 2018-11-28 23:55 - 000001751 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\LivigentIC.lnk
2019-07-14 15:30 - 2018-10-12 09:26 - 000000000 ____D C:\Users\Rifka
2019-07-10 12:46 - 2019-06-20 22:03 - 000275232 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\mbamswissarmy.sys
2019-07-10 12:44 - 2018-10-12 09:39 - 000000006 ____H C:\WINDOWS\Tasks\SA.DAT
2019-07-02 00:19 - 2019-05-28 17:23 - 000003856 _____ C:\WINDOWS\System32\Tasks\Avast Secure Browser Heartbeat Task (Hourly)
2019-07-02 00:19 - 2019-05-28 17:23 - 000003272 _____ C:\WINDOWS\System32\Tasks\Avast Secure Browser Heartbeat Task (Logon)
2019-07-02 00:19 - 2019-05-28 17:23 - 000002505 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Avast Secure Browser.lnk
2019-07-02 00:19 - 2019-05-28 17:23 - 000002470 _____ C:\Users\Public\Desktop\Avast Secure Browser.lnk
2019-06-26 03:12 - 2016-06-29 11:37 - 000000000 ____D C:\Users\Rifka\AppData\Roaming\TeamViewer
2019-06-25 10:17 - 2019-05-28 17:13 - 000000000 ____D C:\WINDOWS\System32\Tasks\Avast Software
2019-06-25 10:17 - 2018-10-12 09:39 - 000003346 _____ C:\WINDOWS\System32\Tasks\GoogleUpdateTaskMachineUA
2019-06-25 10:17 - 2018-10-12 09:39 - 000003310 _____ C:\WINDOWS\System32\Tasks\User_Feed_Synchronization-{C8796CCF-A5E6-4530-800C-B76C2D3644AE}
2019-06-25 10:17 - 2018-10-12 09:39 - 000003122 _____ C:\WINDOWS\System32\Tasks\GoogleUpdateTaskMachineCore
2019-06-25 10:17 - 2018-10-12 09:39 - 000002212 _____ C:\WINDOWS\System32\Tasks\PDVDServ12 Task
2019-06-25 09:57 - 2019-06-13 18:04 - 000000000 ____D C:\Users\Rifka\AppData\Local\CrashDumps
2019-06-23 04:33 - 2018-02-07 22:34 - 000000000 ____D C:\Program Files\rempl
==================== Files in the root of some directories ================
2018-01-30 23:17 - 2018-01-31 01:07 - 000000381 _____ () C:\Users\Rifka\AppData\Roaming\LAPTOP-KLLUT3VL.MTBF.txt
2018-01-30 23:17 - 2018-01-31 01:17 - 000001612 _____ () C:\Users\Rifka\AppData\Roaming\__AvidCloudManager.log
2018-01-30 23:17 - 2018-01-30 23:17 - 000001610 _____ () C:\Users\Rifka\AppData\Roaming\__AvidCloudManagerPrevious.log
2018-01-31 01:09 - 2018-01-31 01:09 - 000003584 _____ () C:\Users\Rifka\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
2019-04-01 10:53 - 2019-04-01 10:53 - 000000000 _____ () C:\Users\Rifka\AppData\Local\{8BE4CA16-7CD1-4252-8715-13F7CB39C32A}
==================== FLock ================
2018-10-15 14:12 C:\OSRSS
==================== SigCheck ===============================
(There is no automatic fix for files that do not pass verification.)
BCD (recoveryenabled=No -> recoveryenabled=Yes) <==== restored successfully
==================== End of FRST.txt ============================
There is a virus in my computer. I realized that there are 3 pop ups when opening my computer. I saw 2 programs that I think are part of this virus. 1.lenovo Solution Center 2. lenovo utilities. the program finishes in exe. and when I wanted to unistall it, it wanted to install in my computer. Let me know if there is any more info I can provide.
Thanks
Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 15-07-2019 01
Ran by Rifka (administrator) on LAPTOP-KLLUT3VL (LENOVO 80E5) (22-07-2019 21:10:06)
Running from C:\Users\Rifka\Downloads
Loaded Profiles: Rifka (Available Profiles: Rifka)
Platform: Windows 10 Home Version 1803 17134.829 (X64) Language: English (United States)
Default browser: Edge
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: FRST Tutorial - How to use Farbar Recovery Scan Tool - Malware Removal Guides and Tutorials
==================== Processes (Whitelisted) =================
(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
() [File not signed] C:\Program Files\WindowsApps\Microsoft.SkypeApp_14.48.51.0_x64__kzf8qxf38zg5c\SkypeBackgroundHost.exe
() [File not signed] C:\Program Files\WindowsApps\Microsoft.Windows.Photos_2019.19051.16210.0_x64__8wekyb3d8bbwe\Microsoft.Photos.exe
() [File not signed] C:\Program Files\WindowsApps\Microsoft.WindowsCalculator_10.1905.28.0_x64__8wekyb3d8bbwe\Calculator.exe
() [File not signed] C:\Program Files\WindowsApps\Microsoft.ZuneMusic_10.19031.11411.0_x64__8wekyb3d8bbwe\Music.UI.exe
() [File not signed] C:\Program Files\WindowsApps\Microsoft.ZuneVideo_10.19031.11411.0_x64__8wekyb3d8bbwe\Video.UI.exe
(AVAST Software s.r.o. -> AVAST Software) C:\Program Files (x86)\AVAST Software\Browser\Update\1.4.154.333\AvastBrowserCrashHandler.exe
(AVAST Software s.r.o. -> AVAST Software) C:\Program Files (x86)\AVAST Software\Browser\Update\1.4.154.333\AvastBrowserCrashHandler64.exe
(AVAST Software s.r.o. -> AVAST Software) C:\Program Files\AVAST Software\Avast\afwServ.exe
(AVAST Software s.r.o. -> AVAST Software) C:\Program Files\AVAST Software\Avast\aswidsagent.exe
(AVAST Software s.r.o. -> AVAST Software) C:\Program Files\AVAST Software\Avast\AvastSvc.exe
(AVAST Software s.r.o. -> AVAST Software) C:\Program Files\AVAST Software\Avast\AvastUI.exe
(Conexant Systems, Inc. -> Conexant Systems Inc.) C:\Windows\System32\CxAudMsg64.exe
(Conexant Systems, Inc. -> Conexant Systems, Inc.) C:\Program Files\CONEXANT\cAudioFilterAgent\CAudioFilterAgent64.exe
(Conexant Systems, Inc. -> Conexant Systems, Inc.) C:\Windows\SysWOW64\SASrv.exe
(CyberLink Corp. -> CyberLink) C:\Program Files (x86)\Lenovo\Power2Go\CLMLSvc_P2G8.exe
(ELAN Microelectronics Corporation -> ELAN Microelectronics Corp.) C:\Program Files\Elantech\ETDCtrl.exe
(ELAN Microelectronics Corporation -> ELAN Microelectronics Corp.) C:\Program Files\Elantech\ETDCtrlHelper.exe
(ELAN Microelectronics Corporation -> ELAN Microelectronics Corp.) C:\Program Files\Elantech\ETDIntelligent.exe
(ELAN Microelectronics Corporation -> ELAN Microelectronics Corp.) C:\Program Files\Elantech\ETDService.exe
(Fortemedia Inc -> ) C:\Program Files\CONEXANT\ForteConfig\fmapp.exe
(Google Inc -> Google LLC) C:\Program Files (x86)\Google\Update\1.3.34.11\GoogleCrashHandler.exe
(Google Inc -> Google LLC) C:\Program Files (x86)\Google\Update\1.3.34.11\GoogleCrashHandler64.exe
(Google LLC -> Google LLC) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google LLC -> Google LLC) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google LLC -> Google LLC) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google LLC -> Google LLC) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google LLC -> Google LLC) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google LLC -> Google LLC) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google LLC -> Google LLC) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google LLC -> Google LLC) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google LLC -> Google LLC) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google LLC -> Google LLC) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google LLC -> Google LLC) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google LLC -> Google LLC) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google LLC -> Google LLC) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google LLC -> Google LLC) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google LLC -> Google LLC) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google LLC -> Google LLC) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google LLC -> Google LLC) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google LLC -> Google LLC) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google LLC -> Google LLC) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google LLC -> Google LLC) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google LLC -> Google LLC) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Intel Corporation - Rapid Storage Technology -> Intel Corporation) C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe
(Intel Corporation - Rapid Storage Technology -> Intel Corporation) C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe
(Intel Corporation-Wireless Connectivity Solutions -> Intel(R) Corporation) C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe
(Intel Corporation-Wireless Connectivity Solutions -> Intel(R) Corporation) C:\Program Files\Intel\WiFi\bin\EvtEng.exe
(Intel Corporation-Wireless Connectivity Solutions -> Intel® Corporation) C:\Program Files\Intel\WiFi\bin\ZeroConfigService.exe
(Intel(R) pGFX -> ) C:\Windows\System32\igfxTray.exe
(Intel(R) pGFX -> Intel Corporation) C:\Windows\System32\igfxCUIService.exe
(Intel(R) pGFX -> Intel Corporation) C:\Windows\System32\igfxEM.exe
(Intel(R) pGFX -> Intel Corporation) C:\Windows\System32\igfxHK.exe
(LENOVO -> ) C:\Program Files\update\UpdateAgent.exe
(LENOVO -> Lenovo) C:\Program Files (x86)\Lenovo\CCSDK\CCSDK.exe
(LENOVO -> Lenovo) C:\Program Files (x86)\Lenovo\CCSDK\WinGather.exe
(Lenovo) [File not signed] C:\Program Files (x86)\Lenovo\LenovoPortal\FastBoot\FbService.exe
(Malwarebytes Corporation -> Malwarebytes) C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe
(Malwarebytes Corporation -> Malwarebytes) C:\Program Files\Malwarebytes\Anti-Malware\mbamtray.exe
(Microsoft Corporation -> Microsoft Corporation) C:\Users\Rifka\AppData\Local\Microsoft\OneDrive\OneDrive.exe
(Microsoft Corporation -> Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v3.0\WPF\PresentationFontCache.exe
(Microsoft Corporation -> Microsoft Corporation) C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe
(Microsoft Corporation -> Microsoft Corporation) C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe
(Microsoft Corporation -> Microsoft Corporation) C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe
(Microsoft Corporation) [File not signed] C:\Program Files\WindowsApps\Microsoft.SkypeApp_14.48.51.0_x64__kzf8qxf38zg5c\SkypeApp.exe
(Microsoft Windows -> Microsoft Corporation) C:\Program Files\Windows Defender\MSASCuiL.exe
(Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\browser_broker.exe
(Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\rundll32.exe
(Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\wlanext.exe
(Microsoft Windows -> Microsoft Corporation) C:\Windows\SysWOW64\wbem\WmiPrvSE.exe
(Microsoft Windows Publisher -> Microsoft Corporation) C:\Windows\SysWOW64\svchost.exe
(TeamViewer GmbH -> TeamViewer GmbH) C:\Program Files (x86)\TeamViewer\TeamViewer.exe
(TeamViewer GmbH -> TeamViewer GmbH) C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe
(TeamViewer GmbH -> TeamViewer GmbH) C:\Program Files (x86)\TeamViewer\tv_w32.exe
(TeamViewer GmbH -> TeamViewer GmbH) C:\Program Files (x86)\TeamViewer\tv_x64.exe
==================== Registry (Whitelisted) ===========================
(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
HKLM\...\Run: [SecurityHealth] => C:\Program Files\Windows Defender\MSASCuiL.exe [638872 2018-04-11] (Microsoft Windows -> Microsoft Corporation)
HKLM\...\Run: [LenovoUtility] => C:\Program Files\Lenovo\LenovoUtility\utility.exe [791848 2015-10-10] (LENOVO -> )
HKLM\...\Run: [IAStorIcon] => C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe [322472 2015-07-22] (Intel Corporation - Rapid Storage Technology -> Intel Corporation)
HKLM\...\Run: [ForteConfig] => C:\Program Files\Conexant\ForteConfig\fmapp.exe [49056 2010-10-26] (Fortemedia Inc -> )
HKLM\...\Run: [cAudioFilterAgent] => C:\Program Files\Conexant\cAudioFilterAgent\cAudioFilterAgent64.exe [919768 2014-11-20] (Conexant Systems, Inc. -> Conexant Systems, Inc.)
HKLM\...\Run: [SmartAudio] => C:\Program Files\CONEXANT\SAII\SACpl.exe [1830616 2014-04-10] (Conexant Systems, Inc. -> Conexant Systems, Inc.)
HKLM\...\Run: [ETDCtrl] => C:\Program Files\Elantech\ETDCtrl.exe [3814624 2018-02-07] (ELAN Microelectronics Corporation -> ELAN Microelectronics Corp.)
HKLM\...\Run: [AvastUI.exe] => C:\Program Files\AVAST Software\Avast\AvLaunch.exe [262024 2019-05-28] (AVAST Software s.r.o. -> AVAST Software)
HKLM-x32\...\Run: [CLMLServer_For_P2G8] => C:\Program Files (x86)\Lenovo\Power2Go\CLMLSvc_P2G8.exe [110344 2014-09-09] (CyberLink Corp. -> CyberLink)
HKLM-x32\...\Run: [CLVirtualDrive] => C:\Program Files (x86)\Lenovo\Power2Go\VirtualDrive.exe [492808 2014-09-09] (CyberLink Corp. -> CyberLink Corp.)
HKU\S-1-5-21-1936064907-1069411923-2261509573-1001\...\RunOnce: [Delete Cached Update Binary] => C:\WINDOWS\system32\cmd.exe /q /c del /q "C:\Users\Rifka\AppData\Local\Microsoft\OneDrive\Update\OneDriveSetup.exe"
HKU\S-1-5-21-1936064907-1069411923-2261509573-1001\...\RunOnce: [Delete Cached Standalone Update Binary] => C:\WINDOWS\system32\cmd.exe /q /c del /q "C:\Users\Rifka\AppData\Local\Microsoft\OneDrive\StandaloneUpdater\OneDriveSetup.exe"
HKU\S-1-5-21-1936064907-1069411923-2261509573-1001\...\RunOnce: [Uninstall 19.086.0502.0006\amd64] => C:\WINDOWS\system32\cmd.exe /q /c rmdir /s /q "C:\Users\Rifka\AppData\Local\Microsoft\OneDrive\19.086.0502.0006\amd64"
HKU\S-1-5-21-1936064907-1069411923-2261509573-1001\...\RunOnce: [Uninstall 19.086.0502.0006] => C:\WINDOWS\system32\cmd.exe /q /c rmdir /s /q "C:\Users\Rifka\AppData\Local\Microsoft\OneDrive\19.086.0502.0006"
HKLM\...\Drivers32-x32: [vidc.mjpg] => pvmjpg30.dll
HKLM\...\Drivers32-x32: [vidc.pDAD] => prodad-codec.dll
HKLM\Software\Microsoft\Active Setup\Installed Components: [{8A69D345-D564-463c-AFF1-A69D9E530F96}] -> C:\Program Files (x86)\Google\Chrome\Application\75.0.3770.142\Installer\chrmstp.exe [2019-07-17] (Google LLC -> Google LLC)
HKLM\Software\Wow6432Node\Microsoft\Active Setup\Installed Components: [{A8504530-742B-42BC-895D-2BAD6406F698}] -> C:\Program Files (x86)\AVAST Software\Browser\Application\75.0.1447.81\Installer\chrmstp.exe [2019-07-02] (AVAST Software s.r.o. -> AVAST Software)
GroupPolicy: Restriction - Chrome <==== ATTENTION
GroupPolicy\User: Restriction ? <==== ATTENTION
FF HKLM\SOFTWARE\Policies\Mozilla\Firefox: Restriction <==== ATTENTION
==================== Scheduled Tasks (Whitelisted) =============
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
Task: {026EC50A-F2D6-4228-AAE2-87D94F0736CA} - System32\Tasks\Microsoft\Office\OfficeTelemetryAgentFallBack => C:\Program Files\Microsoft Office\Office15\msoia.exe [376496 2014-01-22] (Microsoft Corporation -> Microsoft Corporation)
Task: {20414A01-6033-4FF8-BCE3-265A58B3AE6F} - System32\Tasks\Lenovo\Lenovo Solution Center Launcher => C:\Program Files\lenovo\lenovo solution center\App\LSCService.exe [270272 2015-08-07] (LENOVO -> Lenovo)
Task: {2FDDC4DF-0FA5-499E-BA85-32D3ACBD64A2} - System32\Tasks\Lenovo\ImController\Lenovo iM Controller Scheduled Maintenance => %windir%\system32\sc.exe START ImControllerService
Task: {3BA2DBE8-07C1-476E-AEE0-9F5C0D2411C6} - System32\Tasks\Lenovo\REACHit Agent Update => C:\Program Files (x86)\Lenovo\REACHit\REACHitAgent.exe [674760 2016-02-22] (LENOVO -> Lenovo)
Task: {4312E1B3-370E-4B9E-8A53-870122A5DDCA} - System32\Tasks\Avast Secure Browser Heartbeat Task (Logon) => C:\Program Files (x86)\AVAST Software\Browser\Application\AvastBrowser.exe [1808504 2019-06-11] (AVAST Software s.r.o. -> AVAST Software)
Task: {49BB1901-394D-43FB-BADC-E58089F19840} - System32\Tasks\LivigentICUpgradeTask => C:\WINDOWS\Lvgic10u.exe [570216 2019-04-15] (Rnd Software Group Inc. -> )
Task: {4E015032-99F1-40D9-A9C2-C60117DA6D64} - System32\Tasks\AvastUpdateTaskMachineUA => C:\Program Files (x86)\AVAST Software\Browser\Update\AvastBrowserUpdate.exe [164984 2019-05-28] (AVAST Software s.r.o. -> AVAST Software)
Task: {55B8C7F4-3FCE-45E8-99F0-8E0863EC1D8D} - System32\Tasks\Lenovo\Lenovo Customer Feedback Program 64 => C:\Program Files (x86)\Lenovo\Customer Feedback Program\Lenovo.TVT.CustomerFeedback.Agent.exe [16832 2015-07-08] (LENOVO -> Lenovo)
Task: {60C4C661-3629-401E-BF93-E0321D8CE590} - System32\Tasks\Lenovo\REACHit Agent Startup => C:\Program Files (x86)\Lenovo\REACHit\REACHitAgent.exe [674760 2016-02-22] (LENOVO -> Lenovo)
Task: {647B581C-8CA5-4999-8CFE-02EABE7DBE53} - System32\Tasks\Lenovo\ImController\Plugins\LenovoSystemUpdatePlugin_TVSUUpdateTask => reg.exe add hklm\SOFTWARE\Lenovo\SystemUpdatePlugin\scheduler /v start /t reg_dword /d 1 /f /reg:32
Task: {664B1697-D559-4723-9D04-1967A1E10F35} - System32\Tasks\Lenovo\SHUpdate => C:\Program Files (x86)\Lenovo\SHAREit\ShareitUpdater.exe [808352 2015-07-12] (LENOVO -> )
Task: {6F0E7FFE-E30F-4907-ABC2-610CD61F2158} - System32\Tasks\Microsoft\Windows\RemovalTools\MRT_ERROR_HB => C:\WINDOWS\system32\MRT.exe [136618864 2019-07-17] (Microsoft Corporation -> Microsoft Corporation)
Task: {71C0AC35-4970-46FB-8C6D-CB89C24B78DC} - System32\Tasks\Lenovo\SHPrompt => C:\Program Files (x86)\Lenovo\SHAREit\ShareitPrompt.exe [829344 2015-07-12] (LENOVO -> )
Task: {7E5777E0-F0D5-49FB-AAC0-58FE2DA9FC6D} - System32\Tasks\Avast Emergency Update => C:\Program Files\AVAST Software\Avast\AvEmUpdate.exe [2934152 2019-05-28] (AVAST Software s.r.o. -> AVAST Software)
Task: {87169BD9-2A8C-40A2-AA18-2EBF4E97DB61} - \Microsoft\Windows\SMB\UninstallSMB1ClientTask -> No File <==== ATTENTION
Task: {8A1C898E-78A7-4A0D-97D8-DD54AEB3ED7D} - \Microsoft\Windows\SMB\UninstallSMB1ServerTask -> No File <==== ATTENTION
Task: {8BEAF689-FA90-4A62-AEFE-484EE0BE985F} - System32\Tasks\Microsoft\Windows\PLA\LSC Memory => C:\Windows\system32\rundll32.exe C:\Windows\system32\pla.dll,PlaHost "LSC Memory" "$(Arg0)"
Task: {8C69E7A3-945C-4BD9-9EAB-D59CE70A4C44} - System32\Tasks\Avast Software\Overseer => C:\Program Files\Common Files\AVAST Software\Overseer\overseer.exe [2281944 2019-06-04] (AVAST Software s.r.o. -> AVAST Software)
Task: {92EE847B-C711-4C89-9BF1-E6D4C3A39FBA} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [153752 2016-11-30] (Google Inc -> Google Inc.)
Task: {960DACF7-D03A-452C-BB44-FA9E5DE41506} - System32\Tasks\Lenovo\Experience Improvement => C:\Program Files\Lenovo\ExperienceImprovement\LenovoExperienceImprovement.exe [287688 2015-12-09] (LENOVO -> Lenovo)
Task: {96CC4AC4-B01B-4F2C-82D2-8656DFCD4C81} - System32\Tasks\Microsoft\Windows\Setup\EOSNotify => C:\WINDOWS\system32\EOSNotify.exe
Task: {97F9E520-EFCF-43F2-A091-89A6476F53F5} - System32\Tasks\Avast Secure Browser Heartbeat Task (Hourly) => C:\Program Files (x86)\AVAST Software\Browser\Application\AvastBrowser.exe [1808504 2019-06-11] (AVAST Software s.r.o. -> AVAST Software)
Task: {9B50C0AE-67A6-45AD-9605-9C74D32C5E52} - System32\Tasks\Microsoft\Office\OfficeTelemetryAgentLogOn => C:\Program Files\Microsoft Office\Office15\msoia.exe [376496 2014-01-22] (Microsoft Corporation -> Microsoft Corporation)
Task: {A4D4CDC5-5EC9-4B8C-BAFE-BC52DE0673AD} - System32\Tasks\PDVDServ12 Task => C:\Program Files (x86)\Lenovo\PowerDVD12\PDVD12Serv.exe [85432 2015-05-28] (CyberLink Corp. -> CyberLink Corp.)
Task: {A6C95E1A-028F-40E5-AE93-5E25F54CA147} - System32\Tasks\Lenovo\LSC\LSCHardwareScanPostpone => C:\Program Files\Lenovo\Lenovo Solution Center\LSC.exe [9476544 2015-08-07] (LENOVO -> )
Task: {A91B3760-F77E-4C31-A041-507F0D925F4A} - System32\Tasks\Lenovo\LSC\Lenovo Solution Center Notifications => C:\Program Files\Lenovo\Lenovo Solution Center\LSCNotify.exe [1320384 2015-08-07] (LENOVO -> Lenovo)
Task: {AFF0EFDA-9B0F-4CDB-AA11-98078E6E7651} - System32\Tasks\Microsoft\Office\Office 15 Subscription Heartbeat => C:\Program Files\Common Files\Microsoft Shared\Office15\OLicenseHeartbeat.exe
Task: {B88A5CD1-5AE5-4175-A369-FE0BF5C97EE8} - System32\Tasks\Lenovo\LSC\LSCHardwareScan => C:\Program Files\Lenovo\Lenovo Solution Center\LSC.exe [9476544 2015-08-07] (LENOVO -> )
Task: {C8556EA1-FF3B-4709-AF65-BB3CD0303413} - System32\Tasks\Lenovo\QuickOptimizer => C:\Program Files\lenovo\QuickOptimizer\QuickOptimizerIcon.exe [1149344 2015-07-10] (LENOVO -> Lenovo)
Task: {C8ADD3D0-3082-458F-9DF4-F7EA1A61EE01} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [153752 2016-11-30] (Google Inc -> Google Inc.)
Task: {F8A7A70E-3592-42EE-8913-7B3C4FF6ACD2} - System32\Tasks\AvastUpdateTaskMachineCore => C:\Program Files (x86)\AVAST Software\Browser\Update\AvastBrowserUpdate.exe [164984 2019-05-28] (AVAST Software s.r.o. -> AVAST Software)
(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)
==================== Internet (Whitelisted) ====================
(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
Tcpip\Parameters: [DhcpNameServer] 209.18.47.61 209.18.47.62
Tcpip\..\Interfaces\{c1348638-2fbd-4861-9436-169088fb0f1e}: [DhcpNameServer] 150.208.1.3
Tcpip\..\Interfaces\{eb25a60a-35cb-4a6d-a41d-0de9d46e32bf}: [DhcpNameServer] 209.18.47.61 209.18.47.62
Internet Explorer:
==================
HKU\S-1-5-21-1936064907-1069411923-2261509573-1001\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://lenovo15.msn.com/?pc=LCTE
HKU\S-1-5-21-1936064907-1069411923-2261509573-1001\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://lenovo15.msn.com/?pc=LCTE
HKU\S-1-5-21-1936064907-1069411923-2261509573-1001\Software\Microsoft\Internet Explorer\Main,Secondary Start Pages = hxxp://mystart.lenovo.com
SearchScopes: HKU\S-1-5-21-1936064907-1069411923-2261509573-1001 -> DefaultScope {325FD0EC-F0D4-436F-B73A-D45053D825AF} URL =
SearchScopes: HKU\S-1-5-21-1936064907-1069411923-2261509573-1001 -> {325FD0EC-F0D4-436F-B73A-D45053D825AF} URL =
BHO: Skype for Business Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files\Microsoft Office\Office15\OCHelper.dll [2019-06-25] (Microsoft Corporation -> Microsoft Corporation)
BHO: Microsoft SkyDrive Pro Browser Helper -> {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} -> C:\Program Files\Microsoft Office\Office15\GROOVEEX.DLL [2018-05-15] (Microsoft Corporation -> Microsoft Corporation)
BHO-x32: Skype for Business Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files (x86)\Microsoft Office\Office15\OCHelper.dll [2019-06-25] (Microsoft Corporation -> Microsoft Corporation)
BHO-x32: Microsoft SkyDrive Pro Browser Helper -> {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} -> C:\Program Files (x86)\Microsoft Office\Office15\GROOVEEX.DLL [2018-05-15] (Microsoft Corporation -> Microsoft Corporation)
FireFox:
========
FF DefaultProfile: 0enx8hcf.default
FF ProfilePath: C:\Users\Rifka\AppData\Roaming\Mozilla\Firefox\Profiles\0enx8hcf.default [2019-07-22]
FF Plugin: @microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.50918.0\npctrl.dll [2018-10-23] (Microsoft Corporation -> Microsoft Corporation)
FF Plugin-x32: @microsoft.com/Lync,version=15.0 -> C:\Program Files (x86)\Mozilla Firefox\plugins\npmeetingjoinpluginoc.dll [2017-09-12] (Microsoft Corporation -> Microsoft Corporation)
FF Plugin-x32: @microsoft.com/NpCtrl,version=1.0 -> c:\Program Files (x86)\Microsoft Silverlight\5.1.50918.0\npctrl.dll [2018-10-23] (Microsoft Corporation -> Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~2\MICROS~1\Office15\NPSPWRAP.DLL [2014-01-23] (Microsoft Corporation -> Microsoft Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.34.11\npGoogleUpdate3.dll [2019-05-15] (Google Inc -> Google LLC)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.34.11\npGoogleUpdate3.dll [2019-05-15] (Google Inc -> Google LLC)
Chrome:
=======
CHR Profile: C:\Users\Rifka\AppData\Local\Google\Chrome\User Data\Default [2019-07-22]
CHR Extension: (Slides) - C:\Users\Rifka\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2017-12-24]
CHR Extension: (Docs) - C:\Users\Rifka\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2017-12-24]
CHR Extension: (Google Drive) - C:\Users\Rifka\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2018-10-18]
CHR Extension: (YouTube) - C:\Users\Rifka\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2016-11-30]
CHR Extension: (Avast SafePrice | Comparison, deals, coupons) - C:\Users\Rifka\AppData\Local\Google\Chrome\User Data\Default\Extensions\eofcbnmajmjmplflapaojjnihcjkigck [2019-07-17]
CHR Extension: (Sheets) - C:\Users\Rifka\AppData\Local\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2017-12-24]
CHR Extension: (Google Docs Offline) - C:\Users\Rifka\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2018-08-29]
CHR Extension: (Avast Online Security) - C:\Users\Rifka\AppData\Local\Google\Chrome\User Data\Default\Extensions\gomekmidlodglbbmalcneegieacbdmki [2019-07-17]
CHR Extension: (DS Amazon Quick View) - C:\Users\Rifka\AppData\Local\Google\Chrome\User Data\Default\Extensions\jkompbllimaoekaogchhkmkdogpkhojg [2019-07-17]
CHR Extension: (Grammarly for Chrome) - C:\Users\Rifka\AppData\Local\Google\Chrome\User Data\Default\Extensions\kbfnbcaeplbcioakkpcpgfkobkghlhen [2019-07-17]
CHR Extension: (Keepa - Amazon Price Tracker) - C:\Users\Rifka\AppData\Local\Google\Chrome\User Data\Default\Extensions\neebplgakaahbhdphmkckjjcegoiijjo [2019-03-04]
CHR Extension: (Chrome Web Store Payments) - C:\Users\Rifka\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2018-04-17]
CHR Extension: (Gmail) - C:\Users\Rifka\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2019-04-29]
CHR Extension: (Chrome Media Router) - C:\Users\Rifka\AppData\Local\Google\Chrome\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm [2019-06-16]
CHR Profile: C:\Users\Rifka\AppData\Local\Google\Chrome\User Data\System Profile [2018-12-06]
CHR HKLM-x32\...\Chrome\Extension: [bfegkegffcbgpfmemahhkgnbkocmbain] - <no Path/update_url>
CHR HKLM-x32\...\Chrome\Extension: [eofcbnmajmjmplflapaojjnihcjkigck] - hxxps://clients2.google.com/service/update2/crx
CHR HKLM-x32\...\Chrome\Extension: [gomekmidlodglbbmalcneegieacbdmki] - hxxps://clients2.google.com/service/update2/crx
==================== Services (Whitelisted) ====================
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
R3 aswbIDSAgent; C:\Program Files\AVAST Software\Avast\aswidsagent.exe [6844776 2019-05-28] (AVAST Software s.r.o. -> AVAST Software)
S2 avast; C:\Program Files (x86)\AVAST Software\Browser\Update\AvastBrowserUpdate.exe [164984 2019-05-28] (AVAST Software s.r.o. -> AVAST Software)
R2 avast! Antivirus; C:\Program Files\AVAST Software\Avast\AvastSvc.exe [409224 2019-05-28] (AVAST Software s.r.o. -> AVAST Software)
R2 avast! Firewall; C:\Program Files\AVAST Software\Avast\afwServ.exe [416512 2019-05-28] (AVAST Software s.r.o. -> AVAST Software)
S3 avastm; C:\Program Files (x86)\AVAST Software\Browser\Update\AvastBrowserUpdate.exe [164984 2019-05-28] (AVAST Software s.r.o. -> AVAST Software)
S3 AvastSecureBrowserElevationService; C:\Program Files (x86)\AVAST Software\Browser\Application\75.0.1447.81\elevation_service.exe [978720 2019-06-11] (AVAST Software s.r.o. -> AVAST Software)
S3 AvastWscReporter; C:\Program Files\AVAST Software\Avast\wsc_proxy.exe [57504 2019-05-28] (AVAST Software s.r.o. -> AVAST Software)
R2 CCSDK; C:\Program Files (x86)\Lenovo\CCSDK\CCSDK.exe [650680 2015-07-29] (LENOVO -> Lenovo)
U2 DispatcherIC; C:\WINDOWS\LvgIC555\Dispatcher\DispatcherIC.dll [3284328 2019-04-15] (Rnd Software Group Inc. -> )
R2 ETDService; C:\Program Files\Elantech\ETDService.exe [143584 2018-02-07] (ELAN Microelectronics Corporation -> ELAN Microelectronics Corp.)
R2 FastbootService; C:\Program Files (x86)\Lenovo\LenovoPortal\FastBoot\FbService.exe [288768 2015-10-10] (Lenovo) [File not signed]
S2 GDCAgent; C:\Program Files (x86)\Lenovo\GDCAgentSetupRed\GDCAgent.exe [1155512 2015-07-29] (LENOVO -> Lenovo)
S2 ibtsiva; C:\WINDOWS\system32\ibtsiva.exe [190208 2018-10-08] (Intel Corporation-Wireless Connectivity Solutions -> Intel Corporation)
R2 igfxCUIService2.0.0.0; C:\WINDOWS\system32\igfxCUIService.exe [373680 2018-02-07] (Intel(R) pGFX -> Intel Corporation)
S2 ImControllerService; c:\Program Files\Lenovo\ImController\Service\Lenovo.Modern.ImController.exe [62792 2016-11-16] () [File not signed]
S2 LenovoPortalService; C:\Program Files (x86)\Lenovo\LenovoPortal\LenovoPortalService.exe [24312 2015-10-10] (LENOVO -> )
S3 LSCWinService; C:\Program Files\Lenovo\Lenovo Solution Center\App\LSCWinService.exe [271296 2015-08-07] (LENOVO -> Lenovo)
U2 MainIC; C:\WINDOWS\LvgIC555\IC.dll [12319080 2019-04-15] (Rnd Software Group Inc. -> )
R2 MBAMService; C:\Program Files\Malwarebytes\Anti-Malware\mbamservice.exe [6562472 2019-02-01] (Malwarebytes Corporation -> Malwarebytes)
S3 MyWiFiDHCPDNS; C:\Program Files\Intel\WiFi\bin\PanDhcpDns.exe [268704 2016-10-06] (Intel Corporation-Wireless Connectivity Solutions -> )
R2 TeamViewer; C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe [11969880 2019-07-03] (TeamViewer GmbH -> TeamViewer GmbH)
R2 UpdateAgentService; C:\Program Files\update\UpdateAgent.exe [226216 2015-10-10] (LENOVO -> )
U2 WatchdogIC; C:\WINDOWS\LvgIC555\ICWatchdog.dll [5047144 2019-04-15] (Rnd Software Group Inc. -> )
S3 WdNisSvc; C:\ProgramData\Microsoft\Windows Defender\platform\4.18.1904.1-0\NisSrv.exe [3851264 2019-04-28] (Microsoft Corporation -> Microsoft Corporation)
S3 WinDefend; C:\ProgramData\Microsoft\Windows Defender\platform\4.18.1904.1-0\MsMpEng.exe [118144 2019-04-28] (Microsoft Corporation -> Microsoft Corporation)
R2 ZeroConfigService; C:\Program Files\Intel\WiFi\bin\ZeroConfigService.exe [3732896 2016-10-06] (Intel Corporation-Wireless Connectivity Solutions -> Intel® Corporation)
===================== Drivers (Whitelisted) ======================
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
R1 aswArPot; C:\WINDOWS\System32\drivers\aswArPot.sys [207448 2019-05-28] (AVAST Software s.r.o. -> AVAST Software)
R1 aswbidsdriver; C:\WINDOWS\System32\drivers\aswbidsdriver.sys [262496 2019-05-28] (AVAST Software s.r.o. -> AVAST Software)
R0 aswbidsh; C:\WINDOWS\System32\drivers\aswbidsh.sys [205848 2019-05-28] (AVAST Software s.r.o. -> AVAST Software)
R0 aswbuniv; C:\WINDOWS\System32\drivers\aswbuniv.sys [61472 2019-05-28] (AVAST Software s.r.o. -> AVAST Software)
R0 aswElam; C:\WINDOWS\System32\drivers\aswElam.sys [15488 2019-05-28] (Microsoft Windows Early Launch Anti-malware Publisher -> AVAST Software)
R1 aswKbd; C:\WINDOWS\System32\drivers\aswKbd.sys [42288 2019-05-28] (AVAST Software s.r.o. -> AVAST Software)
R2 aswMonFlt; C:\WINDOWS\System32\drivers\aswMonFlt.sys [168104 2019-06-20] (AVAST Software s.r.o. -> AVAST Software)
R1 aswNetSec; C:\WINDOWS\System32\drivers\aswNetSec.sys [549200 2019-05-28] (AVAST Software s.r.o. -> AVAST Software)
R1 aswRdr; C:\WINDOWS\System32\drivers\aswRdr2.sys [112312 2019-05-28] (AVAST Software s.r.o. -> AVAST Software)
R0 aswRvrt; C:\WINDOWS\System32\drivers\aswRvrt.sys [87944 2019-05-28] (AVAST Software s.r.o. -> AVAST Software)
R1 aswSnx; C:\WINDOWS\System32\drivers\aswSnx.sys [1030784 2019-05-28] (AVAST Software s.r.o. -> AVAST Software)
R1 aswSP; C:\WINDOWS\System32\drivers\aswSP.sys [477584 2019-05-28] (AVAST Software s.r.o. -> AVAST Software)
R2 aswStm; C:\WINDOWS\System32\drivers\aswStm.sys [225600 2019-06-17] (AVAST Software s.r.o. -> AVAST Software)
R0 aswVmm; C:\WINDOWS\System32\drivers\aswVmm.sys [385880 2019-05-30] (AVAST Software s.r.o. -> AVAST Software)
S3 dg_ssudbus; C:\WINDOWS\system32\DRIVERS\ssudbus.sys [131712 2018-02-25] (Samsung Electronics CO., LTD. -> Samsung Electronics Co., Ltd.)
R3 ETDSMBus; C:\WINDOWS\system32\DRIVERS\ETDSMBus.sys [41040 2018-02-07] (ELAN MICROELECTRONICS CORPORATION -> ELAN Microelectronic Corp.)
R0 Fastboot; C:\WINDOWS\System32\DRIVERS\Fastboot.sys [67608 2015-10-10] (New Horizon DataSys Inc. -> Windows (R) Win 7 DDK provider) [File not signed]
R0 FBFsmon; C:\WINDOWS\System32\DRIVERS\FBFsmon.sys [39448 2015-10-10] (New Horizon DataSys Inc. -> Windows (R) Win 7 DDK provider) [File not signed]
R3 ibtusb; C:\WINDOWS\system32\DRIVERS\ibtusb.sys [230144 2018-10-08] (Intel Corporation-Wireless Connectivity Solutions -> Intel Corporation)
R2 ICHFilter; C:\WINDOWS\LvgIC555\ICHFilter.sys [43000 2019-04-15] (Rnd Software Group Inc. -> )
S3 ldiagio_uefi; C:\Program Files\Lenovo\Lenovo Solution Center\App\ldiag\x64\ldiagio_uefi.sys [24808 2015-04-02] (Lenovo Information Products (Shenzhen) Co.,Ltd -> Lenovo Group Limited (R))
S0 MbamElam; C:\WINDOWS\System32\DRIVERS\MbamElam.sys [20936 2019-02-01] (Microsoft Windows Early Launch Anti-malware Publisher -> Malwarebytes)
R3 MBAMSwissArmy; C:\WINDOWS\System32\Drivers\mbamswissarmy.sys [275232 2019-07-10] (Malwarebytes Corporation -> Malwarebytes)
R3 NETwNb64; C:\WINDOWS\system32\DRIVERS\Netwbw02.sys [3525896 2018-10-08] (Intel Corporation-Wireless Connectivity Solutions -> Intel Corporation)
R3 rt640x64; C:\WINDOWS\System32\drivers\rt640x64.sys [886528 2015-05-28] (Realtek Semiconductor Corp -> Realtek )
R3 RTSUER; C:\WINDOWS\system32\Drivers\RtsUer.sys [410880 2015-11-04] (Realtek Semiconductor Corp -> Realsil Semiconductor Corporation)
R3 rtsuvc; C:\WINDOWS\system32\DRIVERS\rtsuvc.sys [3059416 2015-06-11] (Realtek Semiconductor Corp -> Realtek Semiconductor Corp.)
S3 ssudmdm; C:\WINDOWS\system32\DRIVERS\ssudmdm.sys [165504 2018-02-25] (Samsung Electronics CO., LTD. -> Samsung Electronics Co., Ltd.)
S3 WdBoot; C:\WINDOWS\system32\drivers\wd\WdBoot.sys [46472 2019-04-28] (Microsoft Windows Early Launch Anti-malware Publisher -> Microsoft Corporation)
S3 WdFilter; C:\WINDOWS\system32\drivers\wd\WdFilter.sys [344544 2019-04-28] (Microsoft Windows -> Microsoft Corporation)
S3 WdNisDrv; C:\WINDOWS\System32\drivers\wd\WdNisDrv.sys [60896 2019-04-28] (Microsoft Windows -> Microsoft Corporation)
R1 wfpliv; C:\WINDOWS\LvgIC555\wfpliv.sys [96840 2019-04-15] (Rnd Software Group Inc. -> Windows (R) Win 7 DDK provider)
S3 wsvd; C:\WINDOWS\system32\DRIVERS\wsvd.sys [102376 2012-06-13] (CyberLink -> "CyberLink)
==================== NetSvcs (Whitelisted) ===================
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
==================== One month (created) ========
(If an entry is included in the fixlist, the file/folder will be moved.)
2019-07-22 21:11 - 2019-07-22 21:11 - 022648171 _____ C:\WINDOWS\lc45fvm58jd
2019-07-22 21:10 - 2019-07-22 21:11 - 000032211 _____ C:\Users\Rifka\Downloads\FRST.txt
2019-07-22 21:09 - 2019-07-22 21:10 - 000000000 ____D C:\FRST
2019-07-22 21:09 - 2019-07-22 21:09 - 002095104 _____ (Farbar) C:\Users\Rifka\Downloads\FRST64.exe
2019-07-22 21:08 - 2019-07-22 21:08 - 001446912 _____ (Farbar) C:\Users\Rifka\Downloads\FRST.exe
==================== One month (modified) ========
(If an entry is included in the fixlist, the file/folder will be moved.)
2019-07-22 21:11 - 2018-10-12 09:39 - 000015080 _____ C:\WINDOWS\System32\Tasks\LivigentICUpgradeTask
2019-07-22 21:10 - 2018-04-11 19:38 - 000000000 ____D C:\ProgramData\regid.1991-06.com.microsoft
2019-07-22 20:34 - 2018-10-12 09:13 - 000000000 ____D C:\WINDOWS\system32\SleepStudy
2019-07-20 23:27 - 2018-04-11 19:38 - 000000000 ___HD C:\Program Files\WindowsApps
2019-07-20 23:27 - 2018-04-11 19:38 - 000000000 ____D C:\WINDOWS\AppReadiness
2019-07-20 23:20 - 2016-06-29 11:37 - 000000000 ____D C:\Program Files (x86)\TeamViewer
2019-07-19 00:38 - 2019-03-01 13:00 - 000001047 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\TeamViewer 14.lnk
2019-07-19 00:38 - 2019-03-01 13:00 - 000001035 _____ C:\Users\Public\Desktop\TeamViewer 14.lnk
2019-07-19 00:30 - 2018-04-11 19:30 - 000000000 ____D C:\WINDOWS\CbsTemp
2019-07-19 00:16 - 2019-05-28 17:13 - 000004264 _____ C:\WINDOWS\System32\Tasks\Avast Emergency Update
2019-07-17 05:10 - 2015-11-22 13:55 - 000000000 ____D C:\WINDOWS\system32\MRT
2019-07-17 04:53 - 2016-05-03 20:40 - 000000000 ___RD C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Office 2013
2019-07-17 04:53 - 2015-12-07 12:40 - 136618864 ____C (Microsoft Corporation) C:\WINDOWS\system32\MRT.exe
2019-07-17 04:52 - 2015-07-10 07:04 - 000000167 _____ C:\WINDOWS\win.ini
2019-07-17 04:51 - 2016-11-30 15:20 - 000002308 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk
2019-07-17 04:51 - 2016-11-30 15:20 - 000002267 _____ C:\Users\Public\Desktop\Google Chrome.lnk
2019-07-15 15:17 - 2018-10-12 09:39 - 000003380 _____ C:\WINDOWS\System32\Tasks\OneDrive Standalone Update Task-S-1-5-21-1936064907-1069411923-2261509573-1001
2019-07-15 15:17 - 2018-10-12 09:26 - 000002374 _____ C:\Users\Rifka\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\OneDrive.lnk
2019-07-15 15:17 - 2015-11-05 07:34 - 000000000 ___RD C:\Users\Rifka\OneDrive
2019-07-15 15:14 - 2015-11-05 07:31 - 000000000 __SHD C:\Users\Rifka\IntelGraphicsProfiles
2019-07-15 15:14 - 2015-11-05 07:15 - 000000180 _____ C:\WINDOWS\system32\{A6D608F0-0BDE-491A-97AE-5C4B05D86E01}.bat
2019-07-15 15:13 - 2018-11-28 23:55 - 000001751 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\LivigentIC.lnk
2019-07-14 15:30 - 2018-10-12 09:26 - 000000000 ____D C:\Users\Rifka
2019-07-10 12:46 - 2019-06-20 22:03 - 000275232 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\mbamswissarmy.sys
2019-07-10 12:44 - 2018-10-12 09:39 - 000000006 ____H C:\WINDOWS\Tasks\SA.DAT
2019-07-02 00:19 - 2019-05-28 17:23 - 000003856 _____ C:\WINDOWS\System32\Tasks\Avast Secure Browser Heartbeat Task (Hourly)
2019-07-02 00:19 - 2019-05-28 17:23 - 000003272 _____ C:\WINDOWS\System32\Tasks\Avast Secure Browser Heartbeat Task (Logon)
2019-07-02 00:19 - 2019-05-28 17:23 - 000002505 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Avast Secure Browser.lnk
2019-07-02 00:19 - 2019-05-28 17:23 - 000002470 _____ C:\Users\Public\Desktop\Avast Secure Browser.lnk
2019-06-26 03:12 - 2016-06-29 11:37 - 000000000 ____D C:\Users\Rifka\AppData\Roaming\TeamViewer
2019-06-25 10:17 - 2019-05-28 17:13 - 000000000 ____D C:\WINDOWS\System32\Tasks\Avast Software
2019-06-25 10:17 - 2018-10-12 09:39 - 000003346 _____ C:\WINDOWS\System32\Tasks\GoogleUpdateTaskMachineUA
2019-06-25 10:17 - 2018-10-12 09:39 - 000003310 _____ C:\WINDOWS\System32\Tasks\User_Feed_Synchronization-{C8796CCF-A5E6-4530-800C-B76C2D3644AE}
2019-06-25 10:17 - 2018-10-12 09:39 - 000003122 _____ C:\WINDOWS\System32\Tasks\GoogleUpdateTaskMachineCore
2019-06-25 10:17 - 2018-10-12 09:39 - 000002212 _____ C:\WINDOWS\System32\Tasks\PDVDServ12 Task
2019-06-25 09:57 - 2019-06-13 18:04 - 000000000 ____D C:\Users\Rifka\AppData\Local\CrashDumps
2019-06-23 04:33 - 2018-02-07 22:34 - 000000000 ____D C:\Program Files\rempl
==================== Files in the root of some directories ================
2018-01-30 23:17 - 2018-01-31 01:07 - 000000381 _____ () C:\Users\Rifka\AppData\Roaming\LAPTOP-KLLUT3VL.MTBF.txt
2018-01-30 23:17 - 2018-01-31 01:17 - 000001612 _____ () C:\Users\Rifka\AppData\Roaming\__AvidCloudManager.log
2018-01-30 23:17 - 2018-01-30 23:17 - 000001610 _____ () C:\Users\Rifka\AppData\Roaming\__AvidCloudManagerPrevious.log
2018-01-31 01:09 - 2018-01-31 01:09 - 000003584 _____ () C:\Users\Rifka\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
2019-04-01 10:53 - 2019-04-01 10:53 - 000000000 _____ () C:\Users\Rifka\AppData\Local\{8BE4CA16-7CD1-4252-8715-13F7CB39C32A}
==================== FLock ================
2018-10-15 14:12 C:\OSRSS
==================== SigCheck ===============================
(There is no automatic fix for files that do not pass verification.)
BCD (recoveryenabled=No -> recoveryenabled=Yes) <==== restored successfully
==================== End of FRST.txt ============================