Blondii Posted March 8, 2021 ID:1443365 Share Posted March 8, 2021 While living with the fiancé, I had come across some SD cards over this last year that I'd find sporadically on the floor while doing some cleaning. Before we got together I myself had 2 or 3 of them that were full of my kids pictures and 1 full of memories of my grandmother. I just wanted to see which ones were which so I didn't accidentally acquire his by mistake. Well the first one I connected to my PC it immediately notified me of errors being found but I didn't think anything of it right away and opted to fix and repair the thing. Almost immediately after repairing I got a notification from windows Controlled Folder Access that had blocked access from an explorer.exe twice and once from conhost.exe. (see attached screenshots) Already a little suspicious, tried skimming through the files to see if it was mine or his, and there's a lot on this card that I'm very confused by... I knew something was up with the SD when it was listed in my libraries twice with red lettering 'SD HC' over an image but curiosity got the best of me since he's been acting very very, off...., these last few months. Almost all the files on this card were zipped or in various formats(.zip_, .enc, .dthumb, .jpeg_), that I have no way of opening. I tried everything to unzip/open them with no success because windows would give me this notification While trying to figure out what these files were and why some files from some of my older pt 3 phones were listed on it as well; A new small window box that just had 'bing' labeled at the top popped up and asked for my credentials. Almost resembling a remote connection access window I guess? I immediately closed the window and that's when I received the second notification that blocked this explorer.exe from changing settings within my protected folders. Little things just keep getting added to the list so I'm going to just include what I have in the screenshots that can hopefully be of some use to get some answers. Id love to hand my pc and these sd cards off to someone that could dive into and help stop whatever he's done and has been doing over this last years to my devices, lol. Link to post Share on other sites More sharing options...
kevinf80 Posted March 8, 2021 ID:1443378 Share Posted March 8, 2021 Hello Blondii and welcome to Malwarebytes, Continue with the following: If you do not have Malwarebytes installed do the following: Download Malwarebytes version 4 from the following link:https://www.malwarebytes.com/mwb-download/thankyou/ Double click on the installer and follow the prompts. When the install completes or Malwarebytes is already installed do the following: Open Malwarebytes, select > small cog wheel top right hand corner, that will open "settings" from there select "Security" tab. Scroll down to "Scan Options" ensure Scan for Rootkits and Scan within Archives are both on.... Clsoe out the settings window, this will take you back to "DashBoard" select the Blue "Scan Now" tab...... When the scan completes quarantine any found entries... To get the log from Malwarebytes do the following: Click on the Detection History tab > from main interface. Then click on "History" that will open to a historical list Double click on the Scan log which shows the Date and time of the scan just performed. Click Export > From export you have two options:Copy to Clipboard - if seleted right click to your reply and select "Paste" log will be pasted to your replyText file (*.txt) - if selected you will have to name the file and save to a place of choice, recommend "Desktop" then attach to reply Please use "Copy to Clipboard, then Right click to your reply > select "Paste" that will copy the log to your reply… Next, Download AdwCleaner by Malwarebytes onto your Desktop. Or from this Mirror Right-click on AdwCleaner.exe and select http://i.imgur.com/Spcusrh.pngRun as Administrator (for Windows Vista, 7, 8, 8.1 and 10 users) Accept the EULA (I accept), then click on Scan Let the scan complete. Once it's done, make sure that every item listed in the different tabs is checked and click on the Quarantine button. This will kill all the active processes Once the cleaning process is complete, AdwCleaner will ask to restart your computer, do it After the restart, a log will open when logging in. Please copy/paste the content of that log in your next reply Next, Download Farbar Recovery Scan Tool and save it to your desktop. Alternative download option: http://www.techspot.com/downloads/6731-farbar-recovery-scan-tool.htmlNote: You need to run the version compatible with your system (32 bit or 64 bit). If you are not sure which version applies to your system download both of them and try to run them. Only one of them will run on your system, that will be the right version. If your security alerts to FRST either, accept the alert or turn your security off to allow FRST to run. It is not malicious or infected in any way... Be aware FRST must be run from an account with Administrator status... Double-click to run it. When the tool opens click Yes to disclaimer.(Windows 8/10 users will be prompted about Windows SmartScreen protection - click More information and Run.) Make sure Addition.txt is checkmarked under "Optional scans" Press Scan button to run the tool.... It will make a log (FRST.txt) in the same directory the tool is run. Please copy and paste it to your reply. The tool will also make a log named (Addition.txt) Please attach that log to your reply. Let me see those logs in your reply... Thank you, Kevin.... Link to post Share on other sites More sharing options...
kevinf80 Posted March 10, 2021 ID:1443759 Share Posted March 10, 2021 Any progress...? Link to post Share on other sites More sharing options...
Blondii Posted March 11, 2021 Author ID:1443908 Share Posted March 11, 2021 (edited) Sorry for the delayed reply! I’ve finally just been able to get back to my laptop. Listed below will be the logs you asked for. Malwarebytes scan summary -Log Details- Scan Date: 3/11/21 Scan Time: 12:19 AM Log File: 50f7e228-8229-11eb-8a30-000000000000.json -Software Information- Version: 4.3.0.98 Components Version: 1.0.1173 Update Package Version: 1.0.37981 License: Free -System Information- OS: Windows 10 (Build 19042.844) CPU: x64 File System: NTFS User: LimpedBiscuit\s_mar -Scan Summary- Scan Type: Threat Scan Scan Initiated By: Manual Result: Completed Objects Scanned: 281586 Threats Detected: 3 Threats Quarantined: 3 Time Elapsed: 3 min, 52 sec -Scan Options- Memory: Enabled Startup: Enabled Filesystem: Enabled Archives: Enabled Rootkits: Enabled Heuristics: Enabled PUP: Detect PUM: Detect -Scan Details- Process: 0 (No malicious items detected) Module: 0 (No malicious items detected) Registry Key: 3 PUP.Optional.Restoro, HKLM\SOFTWARE\CLASSES\Restoro.Engine.1, Quarantined, 818, 551619, 1.0.37981, , ame, , , PUP.Optional.Restoro, HKLM\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\APP PATHS\Restoro.exe, Quarantined, 818, 551617, 1.0.37981, , ame, , , PUP.Optional.Restoro, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\WINDOWS\CURRENTVERSION\APP PATHS\Restoro.exe, Quarantined, 818, 551617, 1.0.37981, , ame, , , Registry Value: 0 (No malicious items detected) Registry Data: 0 (No malicious items detected) Data Stream: 0 (No malicious items detected) Folder: 0 (No malicious items detected) File: 0 (No malicious items detected) Physical Sector: 0 (No malicious items detected) WMI: 0 (No malicious items detected) AdwCleaner LogFile # Build: 02-15-2021 # Database: 2021-01-11.1 (Local) # ------------------------------- # Mode: Clean # ------------------------------- # Start: 03-11-2021 # Duration: 00:00:02 # OS: Windows 10 Home # Cleaned: 5 # Awaiting reboot:2 # Failed: 0 ***** [ Services ] ***** No malicious services cleaned. ***** [ Folders ] ***** No malicious folders cleaned. ***** [ Files ] ***** No malicious files cleaned. ***** [ DLL ] ***** No malicious DLLs cleaned. ***** [ WMI ] ***** No malicious WMI cleaned. ***** [ Shortcuts ] ***** No malicious shortcuts cleaned. ***** [ Tasks ] ***** No malicious tasks cleaned. ***** [ Registry ] ***** No malicious registry entries cleaned. ***** [ Chromium (and derivatives) ] ***** No malicious Chromium entries cleaned. ***** [ Chromium URLs ] ***** No malicious Chromium URLs cleaned. ***** [ Firefox (and derivatives) ] ***** No malicious Firefox entries cleaned. ***** [ Firefox URLs ] ***** No malicious Firefox URLs cleaned. ***** [ Hosts File Entries ] ***** No malicious hosts file entries cleaned. ***** [ Preinstalled Software ] ***** Deleted Preinstalled.LenovoIMController Folder C:\ProgramData\LENOVO\IMCONTROLLER Deleted Preinstalled.LenovoIMController Folder C:\Windows\System32\Tasks\LENOVO\IMCONTROLLER Deleted Preinstalled.LenovoIMController Registry HKLM\Software\Wow6432Node\\Microsoft\Windows\CurrentVersion\Uninstall\Lenovo Dependency Package_is1 Needs Reboot Preinstalled.LenovoIMController Folder C:\Users\s_mar\AppData\Local\LENOVO\IMCONTROLLER Needs Reboot Preinstalled.LenovoIMController Folder C:\Windows\LENOVO\IMCONTROLLER ************************* [+] Delete Tracing Keys [+] Reset Windows Firewall [+] Reset TCP/IP [+] Reset Winsock ************************* ***** Reboot Required to Complete ***** ***** [ Folders ] ***** Cleaning failed C:\Users\s_mar\AppData\Local\LENOVO\IMCONTROLLER Cleaning failed C:\Windows\LENOVO\IMCONTROLLER ************************* AdwCleaner[S00].txt - [2386 octets] - [06/12/2020 22:24:03] AdwCleaner[S01].txt - [2447 octets] - [17/12/2020 21:21:19] AdwCleaner[S02].txt - [2508 octets] - [09/01/2021 15:52:49] AdwCleaner[S03].txt - [4116 octets] - [23/01/2021 14:58:23] AdwCleaner[C03].txt - [4084 octets] - [23/01/2021 14:59:54] AdwCleaner[S04].txt - [3095 octets] - [24/01/2021 07:58:21] AdwCleaner[C04].txt - [2249 octets] - [24/01/2021 08:04:59] AdwCleaner[S05].txt - [2401 octets] - [06/02/2021 10:53:41] AdwCleaner[S06].txt - [2462 octets] - [06/02/2021 10:57:14] AdwCleaner[S07].txt - [2522 octets] - [11/03/2021 00:40:42] FRST.TXT File Recovery Scan Tool (FRST) (x64) Version: 28-02-2021 Ran by s_mar (administrator) on LIMPEDBISCUIT (LENOVO 81UM) (11-03-2021 00:59:50) Running from C:\Users\s_mar\OneDrive\Desktop Loaded Profiles: s_mar Platform: Windows 10 Home Version 20H2 19042.844 (X64) Language: English (United States) Default browser: Edge Boot Mode: Normal ==================== Processes (Whitelisted) ================= (If an entry is included in the fixlist, the process will be closed. The file will not be moved.) (Arvato Digital Services Canada Inc -> arvato digital services llc) C:\Program Files (x86)\Common Files\Protexis\License Service\PsiService_2.exe (Conexant Systems LLC -> Conexant Systems, Inc.) C:\Windows\CxSvc\CxUtilSvc.exe (Dolby Laboratories, Inc. -> ) C:\Windows\System32\dolbyaposvc\DAX3API.exe <2> (INTEL CORP) C:\Program Files\WindowsApps\AppUp.IntelGraphicsExperience_1.100.3282.0_x64__8j3eq9eme6ctt\GCP.ML.BackgroundSysTray\IGCCTray.exe (INTEL CORP) C:\Program Files\WindowsApps\AppUp.IntelGraphicsExperience_1.100.3282.0_x64__8j3eq9eme6ctt\IGCC.exe (Intel Corporation -> Intel Corporation) C:\Windows\System32\DriverStore\FileRepository\dptf_cpu.inf_amd64_7ecc5be6ca7b3b0d\esif_uf.exe (Intel(R) Embedded Subsystems and IP Blocks Group -> Intel Corporation) C:\Windows\System32\DriverStore\FileRepository\dal.inf_amd64_ffc75848a6342fdf\jhi_service.exe (Intel(R) pGFX 2020 -> ) C:\Windows\System32\DriverStore\FileRepository\igcc_dch.inf_amd64_577475639d32bfed\OneApp.IGCC.WinService.exe (Intel(R) pGFX 2020 -> Intel Corporation) C:\Windows\System32\DriverStore\FileRepository\cui_dch.inf_amd64_d70b02a5a438df3c\igfxCUIService.exe (Intel(R) pGFX 2020 -> Intel Corporation) C:\Windows\System32\DriverStore\FileRepository\cui_dch.inf_amd64_d70b02a5a438df3c\igfxEM.exe (Intel(R) pGFX 2020 -> Intel Corporation) C:\Windows\System32\DriverStore\FileRepository\iigd_dch.inf_amd64_440392e76b44e849\IntelCpHDCPSvc.exe (Intel(R) pGFX 2020 -> Intel Corporation) C:\Windows\System32\DriverStore\FileRepository\iigd_dch.inf_amd64_440392e76b44e849\IntelCpHeciSvc.exe (Lenovo -> Lenovo Group Ltd.) C:\Program Files (x86)\Lenovo\VantageService\3.5.27.0\LenovoVantageService.exe (Lenovo -> Lenovo Group Ltd.) C:\Windows\Lenovo\IMCONTROLLER\Service\Lenovo.Modern.ImController.exe (Lenovo -> Lenovo(beijing) Limited) C:\Windows\System32\LNBITSSvc.exe (LENOVO INC) C:\Program Files\WindowsApps\E0469640.LenovoUtility_3.2.1.0_x64__5grkq8ppsgwt4\VFS\ProgramFilesX64\Lenovo\LenovoUtility\utility.exe (Malwarebytes Inc -> Malwarebytes) C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe (Malwarebytes Inc -> Malwarebytes) C:\Program Files\Malwarebytes\Anti-Malware\mbamtray.exe (McAfee, Inc. -> McAfee) C:\Windows\System32\DriverStore\FileRepository\mcafeeintegrationextension.inf_amd64_7f44bb1f2cd06bad\mcafeeintegrationservice.exe (Microsoft Corporation -> Microsoft Corporation) C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe <30> (Microsoft Corporation -> Microsoft Corporation) C:\Program Files\Common Files\microsoft shared\ClickToRun\OfficeClickToRun.exe (Microsoft Corporation -> Microsoft Corporation) C:\Program Files\Microsoft Office\root\Office16\WINWORD.EXE (Microsoft Corporation -> Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v3.0\WPF\PresentationFontCache.exe (Microsoft Corporation) C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_16005.13426.20688.0_x64__8wekyb3d8bbwe\HxOutlook.exe (Microsoft Corporation) C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_16005.13426.20688.0_x64__8wekyb3d8bbwe\HxTsr.exe (Microsoft Corporation) C:\Program Files\WindowsApps\Microsoft.WindowsStore_12011.1001.1.0_x64__8wekyb3d8bbwe\WinStore.App.exe (Microsoft Windows -> Microsoft Corporation) C:\Windows\ImmersiveControlPanel\SystemSettings.exe (Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\dllhost.exe <2> (Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\smartscreen.exe (Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\wlanext.exe (Microsoft Windows Publisher -> Microsoft Corporation) C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.2102.3-0\MsMpEng.exe (Microsoft Windows Publisher -> Microsoft Corporation) C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.2102.3-0\NisSrv.exe (Smart Sound Technology -> Intel) C:\Windows\System32\cAVS\Intel(R) Audio Service\IntelAudioService.exe (Synaptics Hong Kong Limited, Taiwan Branch (H.K.)) C:\Program Files\WindowsApps\22094SynapticsIncorporate.SmartAudio3_1.0.85.0_x64__qt57b6kdvhcfw\AFA\CAudioFilterAgent64.exe (Synaptics Hong Kong Limited, Taiwan Branch (H.K.)) C:\Program Files\WindowsApps\22094SynapticsIncorporate.SmartAudio3_1.0.85.0_x64__qt57b6kdvhcfw\Flow\Flow1\Flow.exe (Synaptics Hong Kong Limited, Taiwan Branch (H.K.)) C:\Program Files\WindowsApps\22094SynapticsIncorporate.SmartAudio3_1.0.85.0_x64__qt57b6kdvhcfw\SA3\SmartAudio3.exe (Synaptics Incorporated -> Conexant Systems Inc.) C:\Windows\System32\CxAudMsg64.exe (Synaptics Incorporated -> Conexant Systems LLC.) C:\Windows\CxSvc\CxAudioSvc.exe (Synaptics Incorporated -> Conexant Systems, Inc.) C:\Windows\System32\CxUIUSvc64.exe ==================== Registry (Whitelisted) =================== (If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.) HKLM\ DisallowedCertificates: A8C27332CCB4CA49554CE55D34062A7DD2850C02 (U) HKLM\ DisallowedCertificates: AF132AC65DE86FC4FB3FE51FD637EBA0FF0B12A9 (U) HKU\S-1-5-21-3789978303-2625929913-402014305-1001\...\Run: [electron.app.Fing] => C:\Program Files\Fing\Fing.exe --processStart "Fing.exe" --process-start-args "--hidden" HKU\S-1-5-21-3789978303-2625929913-402014305-1001\...\Run: [MicrosoftEdgeAutoLaunch_24E210A323D762E79AF98B912A8FD8D2] => "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --no-startup-window /prefetch:5 ==================== Scheduled Tasks (Whitelisted) ============ (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.) Task: {02DFF39B-548B-4034-8830-EFA8EF630598} - System32\Tasks\Microsoft\Windows\Windows Defender\Windows Defender Verification => C:\ProgramData\Microsoft\Windows Defender\platform\4.18.2102.3-0\MpCmdRun.exe [566376 2021-03-06] (Microsoft Windows Publisher -> Microsoft Corporation) Task: {051A4200-869B-4230-B6D5-455957E9F012} - System32\Tasks\Lenovo\Vantage\Lenovo.Vantage.ServiceMaintainance => %systemroot%\system32\sc.exe start LenovoVantageService Task: {08E896C5-FD49-4C5F-AF51-2178C9145F5C} - \Lenovo\ImController\TimeBasedEvents\e71b5cf1-e07a-4fe4-87aa-569c25b77b52 -> No File <==== ATTENTION Task: {0DC1FE58-6912-4D8C-8C17-E0543DED27A0} - System32\Tasks\McAfee Subscription job => C:\Program Files\McAfee\NexSJobs\McSubscriptionJob.exe Task: {1098883C-D4C6-47FA-AD71-DD8BF43F6653} - System32\Tasks\Microsoft\Windows\Windows Defender\Windows Defender Cleanup => C:\ProgramData\Microsoft\Windows Defender\platform\4.18.2102.3-0\MpCmdRun.exe [566376 2021-03-06] (Microsoft Windows Publisher -> Microsoft Corporation) Task: {10A47EF4-ED83-4E58-A2C7-B96D57A03386} - System32\Tasks\Git for Windows Updater => C:\Program Files\Git\git-bash.exe [152640 2021-02-09] (Johannes Schindelin -> The Git Development Community) Task: {21004A1B-B344-4EAB-95BF-9A1ACF40DB6B} - System32\Tasks\Microsoft\Office\Office 15 Subscription Heartbeat => C:\Program Files\Common Files\Microsoft Shared\Office16\OLicenseHeartbeat.exe [1510808 2002-02-01] (Microsoft Corporation -> Microsoft Corporation) Task: {2848CAA7-A40F-4286-8107-334C5E1E964F} - System32\Tasks\Microsoft\Office\Office ClickToRun Service Monitor => C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeC2RClient.exe [23080304 2021-02-18] (Microsoft Corporation -> Microsoft Corporation) Task: {40051AEA-E8A2-4CC1-9310-25290BD1F31D} - System32\Tasks\Microsoft\Office\OfficeTelemetryAgentFallBack2016 => C:\Program Files\Microsoft Office\root\Office16\msoia.exe [5260176 2021-03-05] (Microsoft Corporation -> Microsoft Corporation) Task: {4E8008E5-E825-4661-836C-B17B04AACAF5} - System32\Tasks\Microsoft\Office\Office Feature Updates Logon => C:\Program Files\Microsoft Office\root\Office16\sdxhelper.exe [141184 2021-03-05] (Microsoft Corporation -> Microsoft Corporation) Task: {53A04715-436E-469E-BAAB-93853613598D} - System32\Tasks\Lenovo\Vantage\Schedule\Lenovo.Vantage.SmartPerformance.SScan => C:\Program Files (x86)\Lenovo\VantageService\3.5.27.0\ScheduleEventAction.exe [24368 2020-12-29] (Lenovo -> Lenovo Group Ltd.) Task: {5BCC35E0-62C7-452E-9753-8828FEC6697C} - \Lenovo\ImController\TimeBasedEvents\0090b193-d8b2-4c89-9a4f-8b14e05b503e -> No File <==== ATTENTION Task: {63C6991D-198B-4285-A086-C5B5EF536B60} - \Lenovo\ImController\TimeBasedEvents\f713ddd9-3842-4885-a395-4931103ea05d -> No File <==== ATTENTION Task: {6B1D7B6A-17F5-4976-8973-971A96531076} - System32\Tasks\Microsoft\Office\Office Feature Updates => C:\Program Files\Microsoft Office\root\Office16\sdxhelper.exe [141184 2021-03-05] (Microsoft Corporation -> Microsoft Corporation) Task: {6DDCC103-DF1A-46FF-B4A2-3149E6234D12} - System32\Tasks\Mirkat => C:\Users\s_mar\AppData\Local\Microsoft\WindowsApps\MirkatService.exe Task: {87B842D0-AAA3-4E1A-A49E-95D18E329669} - System32\Tasks\LenovoUtility Startup => C:\Windows\explorer.exe lenovo-utility:// Task: {92A51CDD-4EFC-49BA-B177-5DC0E8F7769B} - \Lenovo\ImController\Lenovo iM Controller Monitor -> No File <==== ATTENTION Task: {9893E09A-E448-4BE1-9334-1BD9734F3B1A} - System32\Tasks\Lenovo\Vantage\Schedule\VantageTelemetryAddinTask => C:\Program Files (x86)\Lenovo\VantageService\3.5.27.0\ScheduleEventAction.exe [24368 2020-12-29] (Lenovo -> Lenovo Group Ltd.) Task: {B08F16BA-6E06-4F7F-96D0-64D10A5960C0} - System32\Tasks\Microsoft\Windows\Windows Defender\Windows Defender Cache Maintenance => C:\ProgramData\Microsoft\Windows Defender\platform\4.18.2102.3-0\MpCmdRun.exe [566376 2021-03-06] (Microsoft Windows Publisher -> Microsoft Corporation) Task: {B3875685-0210-4501-8775-CF5A3705F8FA} - System32\Tasks\CorelUpdateHelperTaskCore => c:\Program Files (x86)\Corel\CUH\v2\CUH.exe [3583264 2020-06-03] (Corel Corporation -> Corel Corporation) Task: {B58ABF87-9350-4D47-9989-7D33FFEB738B} - System32\Tasks\CorelUpdateHelperTask-518696FC34344A5C5A28D7B48D7607C6 => C:\Program Files (x86)\Corel\CUH\v2\CUH.exe [3583264 2020-06-03] (Corel Corporation -> Corel Corporation) Task: {BC88535A-12AC-46B3-8E4F-683BFCF407C9} - \Lenovo\ImController\Plugins\LenovoSystemUpdatePlugin_WeeklyTask -> No File <==== ATTENTION Task: {BE03F746-FF31-4062-93CB-ABFBE9E4BA26} - \Lenovo\ImController\Lenovo iM Controller Scheduled Maintenance -> No File <==== ATTENTION Task: {BE90FDD4-B175-4626-A8E4-C20B41F8A947} - \Lenovo\ImController\TimeBasedEvents\13547ebe-13c1-46b4-ba5e-ee7e1ba2b083 -> No File <==== ATTENTION Task: {C73C1E2C-6683-4FE4-9FDE-BD9C3E7BF62E} - System32\Tasks\Microsoft\Office\Office Automatic Updates 2.0 => C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeC2RClient.exe [23080304 2021-02-18] (Microsoft Corporation -> Microsoft Corporation) Task: {C8CE72CC-9BE9-40D6-91EB-02CAD63DB1BD} - System32\Tasks\Microsoft\Windows\Windows Defender\Windows Defender Scheduled Scan => C:\ProgramData\Microsoft\Windows Defender\platform\4.18.2102.3-0\MpCmdRun.exe [566376 2021-03-06] (Microsoft Windows Publisher -> Microsoft Corporation) Task: {EAD7AA3F-F899-43A2-8A9B-0652163F741A} - System32\Tasks\Microsoft\Office\OfficeTelemetryAgentLogOn2016 => C:\Program Files\Microsoft Office\root\Office16\msoia.exe [5260176 2021-03-05] (Microsoft Corporation -> Microsoft Corporation) (If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.) ==================== Internet (Whitelisted) ==================== (If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.) Tcpip\Parameters: [DhcpNameServer] 192.168.181.183 Tcpip\..\Interfaces\{4b643320-6218-4ea1-bf14-89e0e6e301d2}: [DhcpNameServer] 192.168.181.183 Tcpip\..\Interfaces\{f93441f5-2c85-4b05-825f-cee1d2ae7aa2}: [DhcpNameServer] 192.168.216.119 Edge: ======= Edge DefaultProfile: Default Edge Profile: C:\Users\s_mar\AppData\Local\Microsoft\Edge\User Data\Default [2021-03-11] Edge DownloadDir: C:\Users\s_mar\Downloads Edge HomePage: Default -> hxxp://lenovo17win10.msn.com/?pc=LCTE Edge DefaultSearchURL: Default -> {bing:baseURL}search?q={searchTerms}&{bing:cvid}{google:assistedQueryStats} Edge Session Restore: Default -> is enabled. Edge Extension: (Tampermonkey) - C:\Users\s_mar\AppData\Local\Microsoft\Edge\User Data\Default\Extensions\iikmkjmpaadaobahmlepeloendndfphd [2021-01-29] FireFox: ======== FF Plugin: @microsoft.com/SharePoint,version=14.0 -> C:\Program Files\Microsoft Office\root\Office16\NPSPWRAP.DLL [2021-03-05] (Microsoft Corporation -> Microsoft Corporation) FF Plugin-x32: @microsoft.com/Lync,version=15.0 -> C:\Program Files\Microsoft Office\root\VFS\ProgramFilesX86\Mozilla Firefox\plugins\npmeetingjoinpluginoc.dll [2021-03-05] (Microsoft Corporation -> Microsoft Corporation) FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\Program Files\Microsoft Office\root\VFS\ProgramFilesX86\Microsoft Office\Office16\NPSPWRAP.DLL [2021-03-05] (Microsoft Corporation -> Microsoft Corporation) ==================== Services (Whitelisted) =================== (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.) R2 ClickToRunSvc; C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exe [8988552 2021-02-22] (Microsoft Corporation -> Microsoft Corporation) R2 CxAudioSvc; C:\WINDOWS\CxSvc\CxAudioSvc.exe [93456 2020-12-06] (Synaptics Incorporated -> Conexant Systems LLC.) R2 CxAudMsg; C:\WINDOWS\System32\CxAudMsg64.exe [243472 2020-12-06] (Synaptics Incorporated -> Conexant Systems Inc.) R2 CxUIUSvc; C:\WINDOWS\System32\CxUIUSvc64.exe [122104 2020-12-06] (Synaptics Incorporated -> Conexant Systems, Inc.) R2 DolbyDAXAPI; C:\WINDOWS\system32\dolbyaposvc\DAX3API.exe [1633440 2019-07-07] (Dolby Laboratories, Inc. -> ) R2 ImControllerService; C:\WINDOWS\Lenovo\ImController\Service\Lenovo.Modern.ImController.exe [84920 2021-02-23] (Lenovo -> Lenovo Group Ltd.) R2 LenovoVantageService; C:\Program Files (x86)\Lenovo\VantageService\3.5.27.0\LenovoVantageService.exe [29488 2020-12-29] (Lenovo -> Lenovo Group Ltd.) R2 LITSSVC; C:\WINDOWS\System32\LNBITSSvc.exe [1643688 2019-05-06] (Lenovo -> Lenovo(beijing) Limited) R2 MBAMService; C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe [7456464 2021-03-11] (Malwarebytes Inc -> Malwarebytes) R2 mcafeeintegrationservice; C:\WINDOWS\System32\DriverStore\FileRepository\mcafeeintegrationextension.inf_amd64_7f44bb1f2cd06bad\mcafeeintegrationservice.exe [2578392 2018-12-11] (McAfee, Inc. -> McAfee) R2 PSI_SVC_2; c:\Program Files (x86)\Common Files\Protexis\License Service\PsiService_2.exe [277360 2014-04-30] (Arvato Digital Services Canada Inc -> arvato digital services llc) S3 ss_conn_launcher_service; C:\WINDOWS\System32\Samsung\EasySetup\ss_conn_launcher.exe [182128 2020-11-11] (Samsung Electronics Co., Ltd. -> Samsung Electronics Co., Ltd.) S3 VBoxSDS; C:\Program Files\Oracle\VirtualBox\VBoxSDS.exe [746944 2021-01-07] (Oracle Corporation -> Oracle Corporation) R3 WdNisSvc; C:\ProgramData\Microsoft\Windows Defender\platform\4.18.2102.3-0\NisSrv.exe [2483624 2021-03-06] (Microsoft Windows Publisher -> Microsoft Corporation) R2 WinDefend; C:\ProgramData\Microsoft\Windows Defender\platform\4.18.2102.3-0\MsMpEng.exe [128392 2021-03-06] (Microsoft Windows Publisher -> Microsoft Corporation) S2 Fing.Agent; C:\Program Files\Fing\resources\extraResources\fingagent.exe --servicemode Fing.Agent --agentroot "C:\Users\s_mar\AppData\Roaming" ===================== Drivers (Whitelisted) =================== (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.) S3 dg_ssudbus; C:\WINDOWS\system32\DRIVERS\ssudbus2.sys [159600 2020-11-11] (Samsung Electronics Co., Ltd. -> Samsung Electronics Co., Ltd.) R2 MBAMChameleon; C:\WINDOWS\System32\Drivers\MbamChameleon.sys [220616 2021-03-11] (Malwarebytes Inc -> Malwarebytes) S0 MbamElam; C:\WINDOWS\System32\DRIVERS\MbamElam.sys [19912 2021-03-11] (Microsoft Windows Early Launch Anti-malware Publisher -> Malwarebytes) R3 MBAMSwissArmy; C:\WINDOWS\System32\Drivers\mbamswissarmy.sys [248992 2021-03-11] (Malwarebytes Inc -> Malwarebytes) R3 McAfeeIntegrationDriver; C:\WINDOWS\System32\drivers\McAfeeIntegrationDriver.sys [48424 2018-12-11] (McAfee, Inc. -> McAfee) R3 MpKsl331a8b7e; C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{D197AEF0-AC2F-42ED-9AA1-D9F25A98DFEE}\MpKslDrv.sys [90360 2021-03-11] (Microsoft Windows -> Microsoft Corporation) S3 ssudmdm; C:\WINDOWS\system32\DRIVERS\ssudmdm.sys [167280 2020-11-11] (Samsung Electronics Co., Ltd. -> Samsung Electronics Co., Ltd.) S3 ss_conn_usb_driver; C:\WINDOWS\System32\Drivers\ss_conn_usb_driver.sys [43376 2020-06-25] (Samsung Electronics Co., Ltd. -> Samsung Electronics Co., Ltd.) S3 ss_conn_usb_driver2; C:\WINDOWS\System32\Drivers\ss_conn_usb_driver2.sys [43376 2020-11-11] (Samsung Electronics Co., Ltd. -> Samsung Electronics Co., Ltd.) S3 VBoxNetAdp; C:\WINDOWS\system32\DRIVERS\VBoxNetAdp6.sys [239872 2021-01-07] (Oracle Corporation -> Oracle Corporation) R1 VBoxNetLwf; C:\WINDOWS\system32\DRIVERS\VBoxNetLwf.sys [249776 2021-01-07] (Oracle Corporation -> Oracle Corporation) S0 WdBoot; C:\WINDOWS\System32\drivers\wd\WdBoot.sys [49544 2021-03-06] (Microsoft Windows Early Launch Anti-malware Publisher -> Microsoft Corporation) R0 WdFilter; C:\WINDOWS\System32\drivers\wd\WdFilter.sys [420088 2021-03-06] (Microsoft Windows -> Microsoft Corporation) R3 WdNisDrv; C:\WINDOWS\System32\drivers\wd\WdNisDrv.sys [72952 2021-03-06] (Microsoft Windows -> Microsoft Corporation) ==================== NetSvcs (Whitelisted) =================== (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.) ==================== One month (created) (Whitelisted) ========= (If an entry is included in the fixlist, the file/folder will be moved.) 2021-03-11 00:52 - 2021-03-11 01:00 - 000000000 ____D C:\FRST 2021-03-11 00:41 - 2021-03-11 00:41 - 000220616 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\MbamChameleon.sys 2021-03-11 00:16 - 2021-03-11 00:41 - 000248992 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\mbamswissarmy.sys 2021-03-11 00:16 - 2021-03-11 00:16 - 000153312 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\mbae64.sys 2021-03-11 00:16 - 2021-03-11 00:16 - 000002044 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes.lnk 2021-03-11 00:16 - 2021-03-11 00:16 - 000002032 _____ C:\Users\Public\Desktop\Malwarebytes.lnk 2021-03-11 00:16 - 2021-03-11 00:16 - 000002032 _____ C:\ProgramData\Desktop\Malwarebytes.lnk 2021-03-11 00:16 - 2021-03-11 00:16 - 000000000 ____D C:\ProgramData\Malwarebytes 2021-03-11 00:16 - 2021-03-11 00:15 - 000019912 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\MbamElam.sys 2021-03-11 00:14 - 2021-03-11 00:14 - 000000000 ____D C:\Program Files\Malwarebytes 2021-03-10 07:51 - 2021-03-10 07:51 - 002929873 _____ C:\WINDOWS\unins000.exe 2021-03-08 16:55 - 2021-03-08 16:55 - 000000000 ____D C:\Users\s_mar\AppData\Roaming\ADBDriverInstaller 2021-03-08 16:48 - 2021-03-08 16:48 - 000001459 _____ C:\Users\Public\Desktop\Free Android Data Recovery.lnk 2021-03-08 16:48 - 2021-03-08 16:48 - 000001459 _____ C:\ProgramData\Desktop\Free Android Data Recovery.lnk 2021-03-08 16:48 - 2021-03-08 16:48 - 000000000 ____D C:\Users\s_mar\AppData\Roaming\ThunderSoft Android Data Recovery 2021-03-08 16:48 - 2021-03-08 16:48 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ThunderSoft 2021-03-08 16:48 - 2021-03-08 16:48 - 000000000 ____D C:\Program Files (x86)\ThunderSoft 2021-03-08 15:32 - 2021-03-08 16:14 - 000000000 ____D C:\Users\s_mar\AppData\Roaming\Coolmuster 2021-03-08 15:31 - 2021-03-08 16:16 - 000000000 ____D C:\Users\s_mar\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Coolmuster 2021-03-08 15:31 - 2021-03-08 15:31 - 000000000 ____D C:\Program Files (x86)\Coolmuster 2021-03-08 13:42 - 2021-03-08 13:42 - 000000000 ____D C:\Users\s_mar\OneDrive\Documents\Samsung-Health Monitor 2021-03-08 11:11 - 2021-03-08 12:06 - 000000000 _____ C:\Users\s_mar\AppData\Local\SMS.txt 2021-03-08 11:05 - 2021-03-08 16:15 - 000000296 _____ C:\Users\s_mar\AppData\Local\config.ini 2021-03-05 18:42 - 2021-03-05 18:42 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\USB2.0 Card Reader Software 2021-03-05 18:22 - 2021-03-05 18:42 - 000002155 _____ C:\Users\Public\Desktop\SimEdit.lnk 2021-03-05 18:22 - 2021-03-05 18:42 - 000002155 _____ C:\ProgramData\Desktop\SimEdit.lnk 2021-03-05 18:22 - 2021-03-05 18:42 - 000000000 ____D C:\Program Files (x86)\Realtek 2021-03-05 18:22 - 2021-03-05 18:22 - 000000000 ___HD C:\Program Files (x86)\InstallShield Installation Information 2021-03-05 18:22 - 2015-10-27 14:35 - 000050176 _____ (Realtek Semiconductor Corp.) C:\WINDOWS\SysWOW64\Drivers\USBCcid.sys 2021-03-05 18:22 - 2015-10-27 14:35 - 000019968 _____ (Realtek Semiconductor Corp.) C:\WINDOWS\SysWOW64\Drivers\RtsUIr.sys 2021-03-05 02:52 - 2021-03-05 18:28 - 000000000 ____D C:\Users\s_mar\AppData\Local\DoD-PKE 2021-03-04 20:36 - 2021-03-04 20:39 - 000000506 _____ C:\WINDOWS\system32\Drivers\etc\hosts.ics 2021-02-27 17:48 - 2021-02-27 17:48 - 001822272 _____ (Microsoft Corporation) C:\WINDOWS\system32\winload.efi 2021-02-27 17:48 - 2021-02-27 17:48 - 001394024 _____ (Microsoft Corporation) C:\WINDOWS\system32\winresume.efi 2021-02-27 17:48 - 2021-02-27 17:48 - 001314128 _____ (Microsoft Corporation) C:\WINDOWS\system32\SecConfig.efi 2021-02-27 17:48 - 2021-02-27 17:48 - 000011002 _____ C:\WINDOWS\system32\DrtmAuthTxt.wim 2021-02-27 17:47 - 2021-02-27 17:47 - 000231248 _____ C:\WINDOWS\system32\containerdevicemanagement.dll 2021-02-27 17:47 - 2021-02-27 17:47 - 000091136 _____ C:\WINDOWS\system32\Drivers\cimfs.sys 2021-02-27 17:24 - 2021-02-27 17:24 - 000000053 _____ C:\Users\s_mar\.git-for-windows-updater 2021-02-23 19:55 - 2021-03-11 00:41 - 103546880 _____ C:\WINDOWS\system32\config\SOFTWARE 2021-02-23 17:15 - 2021-02-23 17:15 - 000002586 _____ C:\WINDOWS\system32\Tasks\Git for Windows Updater 2021-02-23 17:15 - 2021-02-23 17:15 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Git 2021-02-23 16:47 - 2021-02-23 16:47 - 000000000 ____D C:\Program Files\Microsoft Update Health Tools 2021-02-13 06:53 - 2021-02-13 06:53 - 000001369 _____ C:\Users\s_mar\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Git for Windows.lnk ==================== One month (modified) ================== (If an entry is included in the fixlist, the file/folder will be moved.) 2021-03-11 00:51 - 2019-12-07 04:14 - 000000000 ____D C:\ProgramData\regid.1991-06.com.microsoft 2021-03-11 00:46 - 2021-01-24 12:43 - 000934914 _____ C:\WINDOWS\system32\PerfStringBackup.INI 2021-03-11 00:46 - 2019-12-07 04:13 - 000000000 ____D C:\WINDOWS\INF 2021-03-11 00:41 - 2021-01-24 12:40 - 000000000 ____D C:\WINDOWS\system32\Tasks\Lenovo 2021-03-11 00:41 - 2021-01-24 12:34 - 000001607 _____ C:\WINDOWS\system32\config\VSMIDK 2021-03-11 00:41 - 2020-11-19 02:30 - 000000006 ____H C:\WINDOWS\Tasks\SA.DAT 2021-03-11 00:41 - 2020-11-12 22:29 - 000008192 ___SH C:\DumpStack.log.tmp 2021-03-11 00:41 - 2020-11-12 22:29 - 000000000 ____D C:\ProgramData\Lenovo 2021-03-11 00:41 - 2020-11-12 19:46 - 000000000 __SHD C:\Users\s_mar\IntelGraphicsProfiles 2021-03-11 00:41 - 2019-12-07 04:14 - 000000000 ____D C:\WINDOWS\ServiceState 2021-03-11 00:41 - 2019-12-07 04:03 - 000524288 _____ C:\WINDOWS\system32\config\BBI 2021-03-11 00:25 - 2020-11-19 02:32 - 000002449 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Edge.lnk 2021-03-11 00:25 - 2020-11-19 02:32 - 000002287 _____ C:\Users\Public\Desktop\Microsoft Edge.lnk 2021-03-11 00:25 - 2020-11-19 02:32 - 000002287 _____ C:\ProgramData\Desktop\Microsoft Edge.lnk 2021-03-11 00:25 - 2019-12-07 04:14 - 000000000 ___HD C:\Program Files\WindowsApps 2021-03-11 00:25 - 2019-12-07 04:14 - 000000000 ____D C:\WINDOWS\AppReadiness 2021-03-11 00:16 - 2019-12-07 04:14 - 000000000 ___HD C:\WINDOWS\ELAMBKUP 2021-03-10 23:54 - 2019-12-07 04:14 - 000000000 ____D C:\WINDOWS\system32\NDF 2021-03-10 23:48 - 2020-11-19 02:30 - 000000000 ____D C:\WINDOWS\system32\SleepStudy 2021-03-10 07:51 - 2021-01-29 13:28 - 000150630 _____ C:\WINDOWS\unins000.dat 2021-03-10 07:51 - 2021-01-29 13:28 - 000001133 _____ C:\Users\Public\Desktop\Lenovo Diagnostics Tool.lnk 2021-03-10 07:51 - 2021-01-29 13:28 - 000001133 _____ C:\ProgramData\Desktop\Lenovo Diagnostics Tool.lnk 2021-03-10 07:51 - 2020-11-21 16:08 - 000000000 ____D C:\WINDOWS\TempInst 2021-03-10 06:36 - 2021-01-24 12:34 - 000000000 ____D C:\Users\s_mar 2021-03-10 06:36 - 2020-11-25 20:29 - 131002368 ____C (Microsoft Corporation) C:\WINDOWS\system32\MRT.exe 2021-03-10 06:36 - 2019-12-07 04:03 - 000000000 ____D C:\WINDOWS\CbsTemp 2021-03-10 06:32 - 2019-12-07 04:14 - 000000000 ____D C:\WINDOWS\LiveKernelReports 2021-03-10 06:26 - 2020-11-12 19:49 - 000000000 ____D C:\Users\s_mar\AppData\Local\PlaceholderTileLogoFolder 2021-03-08 16:18 - 2020-11-12 19:46 - 000000000 ____D C:\Users\s_mar\AppData\Local\Packages 2021-03-08 14:14 - 2021-02-08 16:29 - 000000000 ____D C:\Users\s_mar\AppData\Roaming\Code 2021-03-08 13:42 - 2020-11-12 19:51 - 000000000 ____D C:\Users\s_mar\OneDrive\Documents\CarStuff 2021-03-08 13:42 - 2020-11-12 19:48 - 000000000 ___RD C:\Users\s_mar\OneDrive 2021-03-08 12:04 - 2020-12-22 21:38 - 000000000 ____D C:\Users\s_mar\AppData\LocalLow\Lenovo 2021-03-08 10:44 - 2020-12-06 16:56 - 000000000 ____D C:\Users\s_mar\AppData\Local\ElevatedDiagnostics 2021-03-08 10:38 - 2020-11-19 02:33 - 000000000 ____D C:\ProgramData\Packages 2021-03-06 15:33 - 2021-02-08 16:29 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Visual Studio Code 2021-03-06 15:33 - 2021-02-08 16:29 - 000000000 ____D C:\Program Files\Microsoft VS Code 2021-03-06 14:48 - 2020-11-19 02:30 - 000000000 ____D C:\WINDOWS\system32\Drivers\wd 2021-03-05 18:04 - 2020-04-02 20:12 - 000000000 ____D C:\Program Files\Microsoft Office 2021-03-05 18:04 - 2019-12-07 04:14 - 000000000 ____D C:\Program Files\Common Files\microsoft shared 2021-03-05 06:19 - 2020-11-19 02:32 - 000003480 _____ C:\WINDOWS\system32\Tasks\MicrosoftEdgeUpdateTaskMachineUA 2021-03-05 06:19 - 2020-11-19 02:32 - 000003356 _____ C:\WINDOWS\system32\Tasks\MicrosoftEdgeUpdateTaskMachineCore 2021-02-27 18:08 - 2020-11-19 02:30 - 000521216 _____ C:\WINDOWS\system32\FNTCACHE.DAT 2021-02-27 18:07 - 2019-12-07 04:14 - 000000000 ___RD C:\WINDOWS\ImmersiveControlPanel 2021-02-27 18:07 - 2019-12-07 04:14 - 000000000 ____D C:\WINDOWS\SysWOW64\Dism 2021-02-27 18:07 - 2019-12-07 04:14 - 000000000 ____D C:\WINDOWS\SystemResources 2021-02-27 18:07 - 2019-12-07 04:14 - 000000000 ____D C:\WINDOWS\system32\WinBioPlugIns 2021-02-27 18:07 - 2019-12-07 04:14 - 000000000 ____D C:\WINDOWS\system32\oobe 2021-02-27 18:07 - 2019-12-07 04:14 - 000000000 ____D C:\WINDOWS\system32\Dism 2021-02-27 18:07 - 2019-12-07 04:14 - 000000000 ____D C:\WINDOWS\Provisioning 2021-02-27 18:07 - 2019-12-07 04:14 - 000000000 ____D C:\WINDOWS\PolicyDefinitions 2021-02-27 18:07 - 2019-12-07 04:14 - 000000000 ____D C:\WINDOWS\bcastdvr 2021-02-23 19:55 - 2020-11-25 17:12 - 000000000 ____D C:\WINDOWS\Microsoft Antimalware 2021-02-23 18:24 - 2020-10-14 01:55 - 000107936 _____ (Lenovo Group Ltd.) C:\WINDOWS\system32\WudfUpdate_02000.dll 2021-02-23 18:24 - 2020-10-14 01:55 - 000062368 _____ (Lenovo Group Ltd.) C:\WINDOWS\system32\ImController.InfInstaller.exe 2021-02-23 18:24 - 2020-04-02 20:12 - 000107936 _____ (Lenovo Group Ltd.) C:\WINDOWS\system32\ImController.CoInstaller.dll 2021-02-23 18:23 - 2020-10-14 01:55 - 000429936 _____ (Lenovo Group Limited) C:\WINDOWS\system32\iMDriverHelper.dll 2021-02-23 17:15 - 2021-01-16 10:11 - 000000000 ____D C:\Program Files\Git 2021-02-19 02:30 - 2020-11-12 19:51 - 000000000 ____D C:\Users\s_mar\OneDrive\Documents\Benefits 2021-02-19 00:17 - 2021-01-23 18:07 - 000000000 ____D C:\Users\s_mar\OneDrive\Documents\EventLogs 2021-02-19 00:01 - 2019-12-07 04:14 - 000000000 ____D C:\WINDOWS\SysWOW64\lv-LV 2021-02-19 00:01 - 2019-12-07 04:14 - 000000000 ____D C:\WINDOWS\SysWOW64\lt-LT 2021-02-19 00:01 - 2019-12-07 04:14 - 000000000 ____D C:\WINDOWS\SysWOW64\et-EE 2021-02-19 00:01 - 2019-12-07 04:14 - 000000000 ____D C:\WINDOWS\SysWOW64\es-MX 2021-02-19 00:01 - 2019-12-07 04:14 - 000000000 ____D C:\WINDOWS\system32\lv-LV 2021-02-19 00:01 - 2019-12-07 04:14 - 000000000 ____D C:\WINDOWS\system32\lt-LT 2021-02-19 00:01 - 2019-12-07 04:14 - 000000000 ____D C:\WINDOWS\system32\et-EE 2021-02-19 00:01 - 2019-12-07 04:14 - 000000000 ____D C:\WINDOWS\system32\es-MX 2021-02-18 23:31 - 2019-12-07 04:14 - 000000000 ____D C:\WINDOWS\SysWOW64\inetsrv 2021-02-18 23:31 - 2019-12-07 04:14 - 000000000 ____D C:\WINDOWS\system32\inetsrv 2021-02-18 21:42 - 2021-01-24 12:40 - 000003374 _____ C:\WINDOWS\system32\Tasks\OneDrive Standalone Update Task-S-1-5-21-3789978303-2625929913-402014305-1001 2021-02-18 21:42 - 2021-01-24 12:34 - 000002374 _____ C:\Users\s_mar\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\OneDrive.lnk 2021-02-17 17:28 - 2020-11-28 13:45 - 000000000 ____D C:\Users\s_mar\AppData\Local\D3DSCache 2021-02-13 06:53 - 2021-01-24 11:39 - 000000000 ___DC C:\WINDOWS\Panther 2021-02-13 02:05 - 2019-12-07 04:14 - 000000000 ____D C:\Program Files\Common Files\System 2021-02-13 02:01 - 2020-11-25 20:29 - 000000000 ____D C:\WINDOWS\system32\MRT ==================== Files in the root of some directories ======== 2021-02-06 19:53 - 2021-02-06 19:56 - 011963448 _____ () C:\Program Files\cleanup_tool.exe 2021-03-08 11:05 - 2021-03-08 16:15 - 000000296 _____ () C:\Users\s_mar\AppData\Local\config.ini 2021-01-20 02:06 - 2021-01-20 02:06 - 000001751 _____ () C:\Users\s_mar\AppData\Local\recently-used.xbel 2020-12-02 16:39 - 2020-12-07 18:01 - 000007626 _____ () C:\Users\s_mar\AppData\Local\resmon.resmoncfg 2021-03-08 11:00 - 2021-03-08 16:14 - 000000000 _____ () C:\Users\s_mar\AppData\Local\simedit.log 2021-03-08 11:11 - 2021-03-08 12:06 - 000000000 _____ () C:\Users\s_mar\AppData\Local\SMS.txt 2020-11-26 21:02 - 2020-11-26 21:49 - 000057344 _____ () C:\Users\s_mar\AppData\Local\WebpageIcons.db 2021-01-20 00:18 - 2021-01-20 00:18 - 000000000 _____ () C:\Users\s_mar\AppData\Local\zenmap.exe.log ADDITION.TXT File Recovery Scan Tool (x64) Version: 28-02-2021 Ran by s_mar (11-03-2021 01:01:47) Running from C:\Users\s_mar\OneDrive\Desktop Windows 10 Home Version 20H2 19042.844 (X64) (2021-01-24 17:40:15) Boot Mode: Normal ========================================================== ==================== Accounts: ============================= Administrator (S-1-5-21-3789978303-2625929913-402014305-500 - Administrator - Disabled) DefaultAccount (S-1-5-21-3789978303-2625929913-402014305-503 - Limited - Disabled) Guest (S-1-5-21-3789978303-2625929913-402014305-501 - Limited - Disabled) Guest-Emul (S-1-5-21-3789978303-2625929913-402014305-1004 - Limited - Enabled) s_mar (S-1-5-21-3789978303-2625929913-402014305-1001 - Administrator - Enabled) => C:\Users\s_mar WDAGUtilityAccount (S-1-5-21-3789978303-2625929913-402014305-504 - Limited - Disabled) ==================== Security Center ======================== (If an entry is included in the fixlist, it will be removed.) AV: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46} ==================== Installed Programs ====================== (Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.) Android Studio (HKLM\...\Android Studio) (Version: 4.1 - Google LLC) BlueStacks (HyperV) Beta (HKLM\...\BlueStacks_bgp64_hyperv) (Version: 4.240.15.4204 - BlueStack Systems, Inc.) Corel Graphics - Windows Shell Extension (HKLM\...\_{4C191A96-E2E6-4902-85F7-D57BD13FDEA1}) (Version: 22.1.0.514 - Corel Corporation) Corel Graphics - Windows Shell Extension (HKLM\...\{4C191A96-E2E6-4902-85F7-D57BD13FDEA1}) (Version: 22.1.514 - Corel Corporation) Hidden Corel Graphics - Windows Shell Extension 32 Bit Keys (HKLM\...\{E640FF5E-9022-414D-B665-79C146EDCAA3}) (Version: 22.1.514 - Corel Corporation) Hidden Corel Update Manager (HKLM\...\{F30F96B6-EADE-44FF-B202-C8697BC088F8}) (Version: 2.13.594 - Corel corporation) Hidden CorelCAD 2020 x64 (HKLM\...\{91B9D739-3C1A-4FFA-8548-DC6CAAABC336}) (Version: 20.0.1074 - Corel Corporation) CorelDRAW Graphics Suite 2020 - Capture (x64) (HKLM\...\{74ADEA1C-2599-4B37-9914-6DEAF1ED8E8A}) (Version: 22.2 - Corel Corporation) Hidden CorelDRAW Graphics Suite 2020 - Common (x64) (HKLM\...\{DBF9D76B-1258-47F0-B098-3530B2260BA8}) (Version: 22.2 - Corel Corporation) Hidden CorelDRAW Graphics Suite 2020 - Connect (x64) (HKLM\...\{5F24AC64-1C0C-496F-AD5E-A13D79E1EC2F}) (Version: 22.1 - Corel Corporation) Hidden CorelDRAW Graphics Suite 2020 - Custom Data (x64) (HKLM\...\{257D40A3-02FA-4B0F-9EE9-4D225DEF836D}) (Version: 22.1 - Corel Corporation) Hidden CorelDRAW Graphics Suite 2020 - Discovery (x64) (HKLM\...\{0A8A5710-1769-42C8-ACB6-5B6F5F369FE0}) (Version: 22.0.1 - Corel Corporation) Hidden CorelDRAW Graphics Suite 2020 - Draw (x64) (HKLM\...\{0D490D76-C278-41A8-B586-EC9E668A95DA}) (Version: 22.2 - Corel Corporation) Hidden CorelDRAW Graphics Suite 2020 - EN (x64) (HKLM\...\{7A2135E5-52F9-4345-8785-EF5AC824CD8A}) (Version: 22.1 - Corel Corporation) Hidden CorelDRAW Graphics Suite 2020 - Filters (x64) (HKLM\...\{AED0D86F-111D-44F2-B398-346F6209D7BC}) (Version: 22.2 - Corel Corporation) Hidden CorelDRAW Graphics Suite 2020 - Font Manager (x64) (HKLM\...\{EAC3C1F2-2621-41F7-A3EC-749ADD074F43}) (Version: 22.2 - Corel Corporation) Hidden CorelDRAW Graphics Suite 2020 - IPM (x64) (HKLM\...\{0E0F6EBF-E2BA-4B1A-ADEC-CAF4612B2AC7}) (Version: 22.2 - Corel Corporation) Hidden CorelDRAW Graphics Suite 2020 - IPM Content EN (x64) (HKLM\...\{C796DB48-473A-4F12-998D-0D690570D633}) (Version: 22.1 - Corel Corporation) Hidden CorelDRAW Graphics Suite 2020 - Models (x64) (HKLM\...\{EB7FD97D-E7D4-4C0A-A867-8296304E3E77}) (Version: 22.0.1 - Corel Corporation) Hidden CorelDRAW Graphics Suite 2020 - PHOTO-PAINT (x64) (HKLM\...\{0FFD26AB-D457-4002-A91E-416973A46313}) (Version: 22.2 - Corel Corporation) Hidden CorelDRAW Graphics Suite 2020 - Setup Files (x64) (HKLM\...\{7FA269F4-59E4-4399-A239-E9A134D40BED}) (Version: 22.2 - Corel Corporation) Hidden CorelDRAW Graphics Suite 2020 - VBA (x64) (HKLM\...\{7C1FEC96-B556-4609-A426-40CDF2D13730}) (Version: 22.1 - Corel Corporation) Hidden CorelDRAW Graphics Suite 2020 - Workspaces (x64) (HKLM\...\{04329D14-C52B-4545-A12F-39FBF6A556C5}) (Version: 22.1 - Corel Corporation) Hidden CorelDRAW Graphics Suite 2020 - Writing Tools (x64) (HKLM\...\{F404C086-454C-4485-B5F1-F3C11B8DF452}) (Version: 22.1 - Corel Corporation) Hidden CorelDRAW Graphics Suite 2020 (64-Bit) (HKLM\...\_{7FA269F4-59E4-4399-A239-E9A134D40BED}) (Version: 22.1.1.523 - Corel Corporation) CorelDRAW Graphics Suite 2020 (HKLM\...\{C601467E-87E0-4BD0-ACA7-7AC34E9F0716}) (Version: 22.2 - Corel Corporation) Hidden Free Android Data Recovery version 1.6.6.8 (HKLM-x32\...\{ThunderAndroidRecovery}_is1) (Version: 1.6.6.8 - www.thundershare.net) Ghostscript GPL 8.64 (Msi Setup) (HKLM-x32\...\_{06CD45E6-FF5E-4D8E-BC01-B276A90DADF2}) (Version: 8.64 - Corel Corporation) Ghostscript GPL 8.64 (Msi Setup) (HKLM-x32\...\{06CD45E6-FF5E-4D8E-BC01-B276A90DADF2}) (Version: 8.64 - Corel Corporation) Hidden Git version 2.30.1 (HKLM\...\Git_is1) (Version: 2.30.1 - The Git Development Community) GitHub Desktop (HKU\S-1-5-21-3789978303-2625929913-402014305-1001\...\GitHubDesktop) (Version: 2.6.2 - GitHub, Inc.) Gravit Designer 3.5.41 (HKLM\...\73ce129c-e9ab-5027-8f0d-8b378da1411c) (Version: 3.5.41 - Gravit GmbH) Intel(R) Chipset Device Software (HKLM-x32\...\{4551f75f-3c54-4f09-8221-8c8a061bad00}) (Version: 10.1.18019.8144 - Intel(R) Corporation) Intel(R) Processor Graphics (HKLM-x32\...\{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}) (Version: 26.20.100.7985 - Intel Corporation) Hidden Lenovo Diagnostics Tool (HKLM\...\{01ADF966-E3BA-40DC-9037-E90BBA9ED50E}_is1) (Version: 4.37.0.209 - LENOVO (UNITED STATES) INC.) Lenovo Vantage Service (HKLM-x32\...\VantageSRV_is1) (Version: 3.5.27.0 - Lenovo Group Ltd.) Malwarebytes version 4.3.0.98 (HKLM\...\{35065F43-4BB2-439A-BFF7-0F1014F2E0CD}_is1) (Version: 4.3.0.98 - Malwarebytes) Microsoft 365 - en-us (HKLM\...\O365HomePremRetail - en-us) (Version: 16.0.13801.20266 - Microsoft Corporation) Microsoft Edge (HKLM-x32\...\Microsoft Edge) (Version: 89.0.774.50 - Microsoft Corporation) Microsoft Edge Update (HKLM-x32\...\Microsoft Edge Update) (Version: 1.3.141.63 - ) Microsoft Edge WebView2 Runtime (HKLM-x32\...\Microsoft EdgeWebView) (Version: 89.0.774.50 - Microsoft Corporation) Microsoft Office Professional Plus 2019 - en-us (HKLM\...\ProPlus2019Retail - en-us) (Version: 16.0.13801.20266 - Microsoft Corporation) Microsoft OneDrive (HKU\S-1-5-21-3789978303-2625929913-402014305-1001\...\OneDriveSetup.exe) (Version: 21.016.0124.0003 - Microsoft Corporation) Microsoft Update Health Tools (HKLM\...\{99FAF70F-9B61-4AB0-9EC0-B31F98FFDC4A}) (Version: 2.75.0.0 - Microsoft Corporation) Microsoft Visual C++ 2015-2019 Redistributable (x64) - 14.24.28127 (HKLM-x32\...\{282975d8-55fe-4991-bbbb-06a72581ce58}) (Version: 14.24.28127.4 - Microsoft Corporation) Microsoft Visual Studio Code (HKLM\...\{EA457B21-F73E-494C-ACAB-524FDE069978}_is1) (Version: 1.54.1 - Microsoft Corporation) Microsoft Visual Studio Tools for Applications 2019 (HKLM-x32\...\{1edcd8d2-905a-4e93-bfdf-92ed5601528a}) (Version: 16.0.28801 - Microsoft Corporation) Office 16 Click-to-Run Extensibility Component (HKLM\...\{90160000-008C-0000-1000-0000000FF1CE}) (Version: 16.0.13801.20182 - Microsoft Corporation) Hidden Office 16 Click-to-Run Licensing Component (HKLM\...\{90160000-007E-0000-1000-0000000FF1CE}) (Version: 16.0.13801.20182 - Microsoft Corporation) Hidden Office 16 Click-to-Run Localization Component (HKLM\...\{90160000-008C-0409-1000-0000000FF1CE}) (Version: 16.0.13801.20182 - Microsoft Corporation) Hidden Oracle VM VirtualBox 6.1.18 (HKLM\...\{A8F42E56-8D1F-4080-BD79-8375D3AD18BE}) (Version: 6.1.18 - Oracle Corporation) Realtek USB 2.0 Card Reader (HKLM-x32\...\{96AE7E41-E34E-47D0-AC07-1091A8127911}) (Version: 6.1.7600.00042 - Realtek Semiconductor Corp.) Windows Subsystem for Linux Update (HKLM\...\{8D646799-DB00-4000-AE7A-756A05A4F1D8}) (Version: 5.4.72 - Microsoft Corporation) Packages: ========= 7-Zip File Manager (Unofficial) -> C:\Program Files\WindowsApps\HaukeGtze.7-ZipFileManagerUnofficial_1.1900.3.0_x64__6bk20wvc8rfx2 [2020-12-25] (Hauke Hasselberg) Adobe Reader Touch -> C:\Program Files\WindowsApps\AdobeSystemsIncorporated.AdobeReader_3.1.8.7675_x86__ynb6jyjzte8ga [2020-11-12] (Adobe Systems Incorporated) Commercial Vantage -> C:\Program Files\WindowsApps\E046963F.LenovoSettingsforEnterprise_10.2102.10.0_x64__k1h2ywk1493x8 [2021-03-04] (LENOVO INC.) Diagnostic Data Viewer -> C:\Program Files\WindowsApps\Microsoft.DiagnosticDataViewer_4.2007.3014.0_x64__8wekyb3d8bbwe [2021-01-26] (Microsoft Corporation) Dolby Audio -> C:\Program Files\WindowsApps\dolbylaboratories.dolbyaudio_3.20402.409.0_x64__rz1tebttyb220 [2020-11-12] (Dolby Laboratories) Files Manager for Windows 10 -> C:\Program Files\WindowsApps\LLCSKYSPARKCORP.FilesManager2016_10.19041.38.0_x64__skhnmy5zxvp8t [2021-03-10] (LLC "SKYSPARK CORP") Intel® Graphics Command Center -> C:\Program Files\WindowsApps\AppUp.IntelGraphicsExperience_1.100.3282.0_x64__8j3eq9eme6ctt [2021-01-16] (INTEL CORP) [Startup Task] Intel® Graphics Control Panel -> C:\Program Files\WindowsApps\appup.intelgraphicscontrolpanel_3.3.0.0_x64__8j3eq9eme6ctt [2020-11-12] (INTEL CORP) iTunes -> C:\Program Files\WindowsApps\AppleInc.iTunes_12110.26.53016.0_x64__nzyj5cx40ttqa [2020-12-27] (Apple Inc.) [Startup Task] Kali Linux -> C:\Program Files\WindowsApps\KaliLinux.54290C8133FEE_1.7.0.0_x64__ey8k8hqnwqnmg [2021-03-04] (Kali Linux) Lenovo Vantage -> C:\Program Files\WindowsApps\E046963F.LenovoCompanion_10.2101.29.0_x64__k1h2ywk1493x8 [2021-01-24] (LENOVO INC.) LenovoUtility -> C:\Program Files\WindowsApps\E0469640.LenovoUtility_3.2.1.0_x64__5grkq8ppsgwt4 [2021-01-24] (LENOVO INC) [Startup Task] McLaren Senna Track Day -> C:\Program Files\WindowsApps\Microsoft.McLarenSennaTrackDay_1.0.0.0_neutral__8wekyb3d8bbwe [2020-12-22] (Microsoft Corporation) Microsoft Advertising SDK for XAML -> C:\Program Files\WindowsApps\Microsoft.Advertising.Xaml_10.1811.1.0_x64__8wekyb3d8bbwe [2021-01-24] (Microsoft Corporation) [MS Ad] Microsoft Advertising SDK for XAML -> C:\Program Files\WindowsApps\Microsoft.Advertising.Xaml_10.1811.1.0_x86__8wekyb3d8bbwe [2021-01-24] (Microsoft Corporation) [MS Ad] MPEG-2 Video Extension -> C:\Program Files\WindowsApps\microsoft.mpeg2videoextension_1.0.22661.0_x64__8wekyb3d8bbwe [2020-11-12] (Microsoft Corporation) PDF Reader - View, Edit, Share -> C:\Program Files\WindowsApps\0D9A1B2D.PDFReaderUWP_1.12.1.0_x64__jhretta7p24aw [2021-02-23] (Kdan Mobile Software Ltd.) Photos Add-on -> C:\Program Files\WindowsApps\Microsoft.Windows.Photos.DLC.Main_2017.39121.36610.0_x64__8wekyb3d8bbwe [2021-03-08] (Microsoft Corporation) Photos Media Engine Add-on -> C:\Program Files\WindowsApps\Microsoft.Photos.MediaEngineDLC_1.0.0.0_x64__8wekyb3d8bbwe [2020-11-12] (Microsoft Corporation) SmartAudio 3 -> C:\Program Files\WindowsApps\22094SynapticsIncorporate.SmartAudio3_1.0.85.0_x64__qt57b6kdvhcfw [2021-01-24] (Synaptics Hong Kong Limited, Taiwan Branch (H.K.)) Windows Terminal -> C:\Program Files\WindowsApps\Microsoft.WindowsTerminal_1.6.10571.0_x64__8wekyb3d8bbwe [2021-03-08] (Microsoft Corporation) [Startup Task] ==================== Custom CLSID (Whitelisted): ============== (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.) CustomCLSID: HKU\S-1-5-21-3789978303-2625929913-402014305-1001_Classes\CLSID\{018D5C66-4533-4307-9B53-224DE2ED1FE6} -> [OneDrive - Personal] => {a52bba46-e9e1-435f-b3d9-28daa648c0f6}0 CustomCLSID: HKU\S-1-5-21-3789978303-2625929913-402014305-1001_Classes\CLSID\{02E48FE5-9CE7-4D74-B273-F1378F2CE299}\InprocServer32 -> C:\Program Files\Corel\CorelCAD 2020\BIN\OdaX_4.03_14.dll (Open Design Alliance) [File not signed] CustomCLSID: HKU\S-1-5-21-3789978303-2625929913-402014305-1001_Classes\CLSID\{04271989-C4D2-A4FB-C599-B24AA55B5347} -> [OneDrive - Full Sail University] => C:\Users\s_mar\OneDrive - Full Sail University0 CustomCLSID: HKU\S-1-5-21-3789978303-2625929913-402014305-1001_Classes\CLSID\{054FEAFF-B076-4131-A0CE-27E7CE84750A}\InprocServer32 -> C:\Program Files\Corel\CorelCAD 2020\BIN\OdaX_4.03_14.dll (Open Design Alliance) [File not signed] CustomCLSID: HKU\S-1-5-21-3789978303-2625929913-402014305-1001_Classes\CLSID\{05D25DFB-0556-40D0-ACFA-4FDE911D68FE}\InprocServer32 -> C:\Program Files\Corel\CorelCAD 2020\BIN\OdaX_4.03_14.dll (Open Design Alliance) [File not signed] CustomCLSID: HKU\S-1-5-21-3789978303-2625929913-402014305-1001_Classes\CLSID\{0867BB28-CA34-4723-9AFB-3A3E9D0EABD6}\InprocServer32 -> C:\Program Files\Corel\CorelCAD 2020\BIN\OdaX_4.03_14.dll (Open Design Alliance) [File not signed] CustomCLSID: HKU\S-1-5-21-3789978303-2625929913-402014305-1001_Classes\CLSID\{094394A5-2986-45EA-ADAD-FBAD70E528C2}\InprocServer32 -> C:\Program Files\Corel\CorelCAD 2020\BIN\CorelCAD.exe (Corel Corporation -> ) CustomCLSID: HKU\S-1-5-21-3789978303-2625929913-402014305-1001_Classes\CLSID\{0A0CB728-B18C-4737-A848-E6B41F98B215}\InprocServer32 -> C:\Program Files\Corel\CorelCAD 2020\BIN\OdaX_4.03_14.dll (Open Design Alliance) [File not signed] CustomCLSID: HKU\S-1-5-21-3789978303-2625929913-402014305-1001_Classes\CLSID\{0CB12AE4-76FD-4E6A-B294-8D3E20F2E317}\InprocServer32 -> C:\Program Files\Corel\CorelCAD 2020\BIN\CorelCAD.exe (Corel Corporation -> ) CustomCLSID: HKU\S-1-5-21-3789978303-2625929913-402014305-1001_Classes\CLSID\{0FC2B5E7-992E-4B3F-94A0-FD0B0E0F3F29}\InprocServer32 -> C:\Program Files\Corel\CorelCAD 2020\BIN\OdaX_4.03_14.dll (Open Design Alliance) [File not signed] CustomCLSID: HKU\S-1-5-21-3789978303-2625929913-402014305-1001_Classes\CLSID\{11C0DF76-4FDF-44ED-B78B-C9D3283A3575}\InprocServer32 -> C:\Program Files\Corel\CorelCAD 2020\BIN\OdaX_4.03_14.dll (Open Design Alliance) [File not signed] CustomCLSID: HKU\S-1-5-21-3789978303-2625929913-402014305-1001_Classes\CLSID\{1269D788-F391-4EA4-AA77-8D8A8D684B04}\InprocServer32 -> C:\Program Files\Corel\CorelCAD 2020\BIN\OdaX_4.03_14.dll (Open Design Alliance) [File not signed] CustomCLSID: HKU\S-1-5-21-3789978303-2625929913-402014305-1001_Classes\CLSID\{18C71A28-3308-4EA3-9D9E-56CF15A3E2D9}\InprocServer32 -> C:\Program Files\Corel\CorelCAD 2020\BIN\OdaX_4.03_14.dll (Open Design Alliance) [File not signed] CustomCLSID: HKU\S-1-5-21-3789978303-2625929913-402014305-1001_Classes\CLSID\{1BF9217F-C4A1-4684-A755-DE81ABF3DFBD}\InprocServer32 -> C:\Program Files\Corel\CorelCAD 2020\BIN\OdaX_4.03_14.dll (Open Design Alliance) [File not signed] CustomCLSID: HKU\S-1-5-21-3789978303-2625929913-402014305-1001_Classes\CLSID\{1CDF6940-2F88-4C54-8B34-41C533701FF8}\InprocServer32 -> C:\Program Files\Corel\CorelCAD 2020\BIN\OdaX_4.03_14.dll (Open Design Alliance) [File not signed] CustomCLSID: HKU\S-1-5-21-3789978303-2625929913-402014305-1001_Classes\CLSID\{2039A230-8239-4E80-9911-5EBA0B3B0983}\InprocServer32 -> C:\Program Files\Corel\CorelCAD 2020\BIN\OdaX_4.03_14.dll (Open Design Alliance) [File not signed] CustomCLSID: HKU\S-1-5-21-3789978303-2625929913-402014305-1001_Classes\CLSID\{207EB69D-0074-4ED8-9000-16C21673BE4D}\InprocServer32 -> C:\Program Files\Corel\CorelCAD 2020\BIN\OdaX_4.03_14.dll (Open Design Alliance) [File not signed] CustomCLSID: HKU\S-1-5-21-3789978303-2625929913-402014305-1001_Classes\CLSID\{22A411B6-D36D-462E-91E0-B868B0CFEEE6}\InprocServer32 -> C:\Program Files\Corel\CorelCAD 2020\BIN\OdaX_4.03_14.dll (Open Design Alliance) [File not signed] CustomCLSID: HKU\S-1-5-21-3789978303-2625929913-402014305-1001_Classes\CLSID\{23EB1512-12C5-4EB9-A2AE-D3ADC89BD4AB}\InprocServer32 -> C:\Program Files\Corel\CorelCAD 2020\BIN\OdaX_4.03_14.dll (Open Design Alliance) [File not signed] CustomCLSID: HKU\S-1-5-21-3789978303-2625929913-402014305-1001_Classes\CLSID\{23EC0763-A168-4951-B49C-935AAC7A5965}\InprocServer32 -> C:\Program Files\Corel\CorelCAD 2020\BIN\OdaX_4.03_14.dll (Open Design Alliance) [File not signed] CustomCLSID: HKU\S-1-5-21-3789978303-2625929913-402014305-1001_Classes\CLSID\{2419C304-43A1-4276-9F54-998019E25E74}\InprocServer32 -> C:\Program Files\Corel\CorelCAD 2020\BIN\OdaX_4.03_14.dll (Open Design Alliance) [File not signed] CustomCLSID: HKU\S-1-5-21-3789978303-2625929913-402014305-1001_Classes\CLSID\{24242551-7DBD-4151-9A78-216CF5114C67}\InprocServer32 -> C:\Program Files\Corel\CorelCAD 2020\BIN\OdaX_4.03_14.dll (Open Design Alliance) [File not signed] CustomCLSID: HKU\S-1-5-21-3789978303-2625929913-402014305-1001_Classes\CLSID\{24FDF865-2944-407B-8D92-3F4220D6E99E}\InprocServer32 -> C:\Program Files\Corel\CorelCAD 2020\BIN\OdaX_4.03_14.dll (Open Design Alliance) [File not signed] CustomCLSID: HKU\S-1-5-21-3789978303-2625929913-402014305-1001_Classes\CLSID\{258C703C-D295-42C1-850D-D6FF50579AAF}\InprocServer32 -> C:\Program Files\Corel\CorelCAD 2020\BIN\OdaX_4.03_14.dll (Open Design Alliance) [File not signed] CustomCLSID: HKU\S-1-5-21-3789978303-2625929913-402014305-1001_Classes\CLSID\{2625E367-B1DC-4267-A96E-FFDA453A8A51}\InprocServer32 -> C:\Program Files\Corel\CorelCAD 2020\BIN\OdaX_4.03_14.dll (Open Design Alliance) [File not signed] CustomCLSID: HKU\S-1-5-21-3789978303-2625929913-402014305-1001_Classes\CLSID\{273B8D8C-579B-4E21-8934-CC6DFCEF0010}\InprocServer32 -> C:\Program Files\Corel\CorelCAD 2020\BIN\CorelCAD.exe (Corel Corporation -> ) CustomCLSID: HKU\S-1-5-21-3789978303-2625929913-402014305-1001_Classes\CLSID\{27BCD5ED-419B-4D0C-989C-601AF2BBA46A}\InprocServer32 -> C:\Program Files\Corel\CorelCAD 2020\BIN\CorelCAD.exe (Corel Corporation -> ) CustomCLSID: HKU\S-1-5-21-3789978303-2625929913-402014305-1001_Classes\CLSID\{291C00F8-7F2C-4681-8EF3-D169CDC7D4CA}\InprocServer32 -> C:\Program Files\Corel\CorelCAD 2020\BIN\OdaX_4.03_14.dll (Open Design Alliance) [File not signed] CustomCLSID: HKU\S-1-5-21-3789978303-2625929913-402014305-1001_Classes\CLSID\{29417B03-595E-4BEB-8D15-C5635BCE477B}\InprocServer32 -> C:\Program Files\Corel\CorelCAD 2020\BIN\OdaX_4.03_14.dll (Open Design Alliance) [File not signed] CustomCLSID: HKU\S-1-5-21-3789978303-2625929913-402014305-1001_Classes\CLSID\{2D5ACE61-FF2D-4748-A77C-EB9ACF9007CA}\InprocServer32 -> C:\Program Files\Corel\CorelCAD 2020\BIN\OdaX_4.03_14.dll (Open Design Alliance) [File not signed] CustomCLSID: HKU\S-1-5-21-3789978303-2625929913-402014305-1001_Classes\CLSID\{2F043D5C-3020-4A4E-8032-8F0C2028C593}\InprocServer32 -> C:\Program Files\Corel\CorelCAD 2020\BIN\OdaX_4.03_14.dll (Open Design Alliance) [File not signed] CustomCLSID: HKU\S-1-5-21-3789978303-2625929913-402014305-1001_Classes\CLSID\{2F0772E5-0F78-4438-8607-8C07DD781CE4}\InprocServer32 -> C:\Program Files\Corel\CorelCAD 2020\BIN\OdaX_4.03_14.dll (Open Design Alliance) [File not signed] CustomCLSID: HKU\S-1-5-21-3789978303-2625929913-402014305-1001_Classes\CLSID\{34A5FCA3-54FB-4FE7-91CA-11F07694AB63}\InprocServer32 -> C:\Program Files\Corel\CorelCAD 2020\BIN\CorelCAD.exe (Corel Corporation -> ) CustomCLSID: HKU\S-1-5-21-3789978303-2625929913-402014305-1001_Classes\CLSID\{3659116A-DA7B-48E1-9FF3-25F14AA6500A}\InprocServer32 -> C:\Program Files\Corel\CorelCAD 2020\BIN\CorelCAD.exe (Corel Corporation -> ) CustomCLSID: HKU\S-1-5-21-3789978303-2625929913-402014305-1001_Classes\CLSID\{383C4615-6C8A-4D20-BB6A-C67C2F5B0583}\InprocServer32 -> C:\Program Files\Corel\CorelCAD 2020\BIN\OdaX_4.03_14.dll (Open Design Alliance) [File not signed] CustomCLSID: HKU\S-1-5-21-3789978303-2625929913-402014305-1001_Classes\CLSID\{3B823AFC-AE18-4DEF-B28C-2670BA4BA1DE}\InprocServer32 -> C:\Program Files\Corel\CorelCAD 2020\BIN\OdaX_4.03_14.dll (Open Design Alliance) [File not signed] CustomCLSID: HKU\S-1-5-21-3789978303-2625929913-402014305-1001_Classes\CLSID\{3DBE1F3A-D28C-4964-B55C-7F426DD9FD24}\InprocServer32 -> C:\Program Files\Corel\CorelCAD 2020\BIN\OdaX_4.03_14.dll (Open Design Alliance) [File not signed] CustomCLSID: HKU\S-1-5-21-3789978303-2625929913-402014305-1001_Classes\CLSID\{3FF7FD3F-5329-4082-83B0-6A188A2ECBDE}\InprocServer32 -> C:\Program Files\Corel\CorelCAD 2020\BIN\OdaX_4.03_14.dll (Open Design Alliance) [File not signed] CustomCLSID: HKU\S-1-5-21-3789978303-2625929913-402014305-1001_Classes\CLSID\{43535CE9-B6E6-483C-8449-E294FFE1EF5D}\InprocServer32 -> C:\Program Files\Corel\CorelCAD 2020\BIN\OdaX_4.03_14.dll (Open Design Alliance) [File not signed] CustomCLSID: HKU\S-1-5-21-3789978303-2625929913-402014305-1001_Classes\CLSID\{444E5DC4-381D-4509-8848-3590CCFD2386}\InprocServer32 -> C:\Program Files\Corel\CorelCAD 2020\BIN\OdaX_4.03_14.dll (Open Design Alliance) [File not signed] CustomCLSID: HKU\S-1-5-21-3789978303-2625929913-402014305-1001_Classes\CLSID\{4479E2FA-5CA3-47E2-B850-1103F88638DD}\InprocServer32 -> C:\Program Files\Corel\CorelCAD 2020\BIN\OdaX_4.03_14.dll (Open Design Alliance) [File not signed] CustomCLSID: HKU\S-1-5-21-3789978303-2625929913-402014305-1001_Classes\CLSID\{4519E496-D3D1-4578-8613-BA54A36E409B}\InprocServer32 -> C:\Program Files\Corel\CorelCAD 2020\BIN\OdaX_4.03_14.dll (Open Design Alliance) [File not signed] CustomCLSID: HKU\S-1-5-21-3789978303-2625929913-402014305-1001_Classes\CLSID\{467B6429-B71F-4C18-B846-15FC2AF861E0}\InprocServer32 -> C:\Program Files\Corel\CorelCAD 2020\BIN\OdaX_4.03_14.dll (Open Design Alliance) [File not signed] CustomCLSID: HKU\S-1-5-21-3789978303-2625929913-402014305-1001_Classes\CLSID\{46892D98-E06F-4555-A015-39991B523EC5}\InprocServer32 -> C:\Program Files\Corel\CorelCAD 2020\BIN\CorelCAD.exe (Corel Corporation -> ) CustomCLSID: HKU\S-1-5-21-3789978303-2625929913-402014305-1001_Classes\CLSID\{4A953DA8-F394-405B-A701-64A8F10BB36C}\InprocServer32 -> C:\Program Files\Corel\CorelCAD 2020\BIN\OdaX_4.03_14.dll (Open Design Alliance) [File not signed] CustomCLSID: HKU\S-1-5-21-3789978303-2625929913-402014305-1001_Classes\CLSID\{5145A985-1AAA-4718-B24D-87489BCB8E6C}\InprocServer32 -> C:\Program Files\Corel\CorelCAD 2020\BIN\CorelCAD.exe (Corel Corporation -> ) CustomCLSID: HKU\S-1-5-21-3789978303-2625929913-402014305-1001_Classes\CLSID\{517E5BE5-995D-4C17-B586-FD9468AF41B9}\InprocServer32 -> C:\Program Files\Corel\CorelCAD 2020\BIN\OdaX_4.03_14.dll (Open Design Alliance) [File not signed] CustomCLSID: HKU\S-1-5-21-3789978303-2625929913-402014305-1001_Classes\CLSID\{541F4550-AFC3-4F3F-A160-6E3DA070141B}\InprocServer32 -> C:\Program Files\Corel\CorelCAD 2020\BIN\OdaX_4.03_14.dll (Open Design Alliance) [File not signed] CustomCLSID: HKU\S-1-5-21-3789978303-2625929913-402014305-1001_Classes\CLSID\{54FC1DB9-DCDF-4000-9680-ACE38E57B7C4}\InprocServer32 -> C:\Program Files\Corel\CorelCAD 2020\BIN\OdaX_4.03_14.dll (Open Design Alliance) [File not signed] CustomCLSID: HKU\S-1-5-21-3789978303-2625929913-402014305-1001_Classes\CLSID\{5608C248-BB9B-41A4-8693-E863C7D7DA7A}\InprocServer32 -> C:\Program Files\Corel\CorelCAD 2020\BIN\OdaX_4.03_14.dll (Open Design Alliance) [File not signed] CustomCLSID: HKU\S-1-5-21-3789978303-2625929913-402014305-1001_Classes\CLSID\{568E4C39-E230-48B5-9786-D5ED2BAC9826}\InprocServer32 -> C:\Program Files\Corel\CorelCAD 2020\BIN\OdaX_4.03_14.dll (Open Design Alliance) [File not signed] CustomCLSID: HKU\S-1-5-21-3789978303-2625929913-402014305-1001_Classes\CLSID\{591B76E3-74C0-45B6-97BC-3A251168DDE3}\InprocServer32 -> C:\Program Files\Corel\CorelCAD 2020\BIN\CorelCAD.exe (Corel Corporation -> ) CustomCLSID: HKU\S-1-5-21-3789978303-2625929913-402014305-1001_Classes\CLSID\{59B2ED19-2927-4672-9154-5DFAD3A0B976}\InprocServer32 -> C:\Program Files\Corel\CorelCAD 2020\BIN\OdaX_4.03_14.dll (Open Design Alliance) [File not signed] CustomCLSID: HKU\S-1-5-21-3789978303-2625929913-402014305-1001_Classes\CLSID\{5B3F53F5-75B1-4491-89E6-21C5EC0326D5}\InprocServer32 -> C:\Program Files\Corel\CorelCAD 2020\BIN\CorelCAD.exe (Corel Corporation -> ) CustomCLSID: HKU\S-1-5-21-3789978303-2625929913-402014305-1001_Classes\CLSID\{5B9CC72E-5A06-485C-928C-BC76625B1E6B}\InprocServer32 -> C:\Program Files\Corel\CorelCAD 2020\BIN\OdaX_4.03_14.dll (Open Design Alliance) [File not signed] CustomCLSID: HKU\S-1-5-21-3789978303-2625929913-402014305-1001_Classes\CLSID\{5BBD6C15-C89C-4804-A652-EE6D0D2F5231}\InprocServer32 -> C:\Program Files\Corel\CorelCAD 2020\BIN\OdaX_4.03_14.dll (Open Design Alliance) [File not signed] CustomCLSID: HKU\S-1-5-21-3789978303-2625929913-402014305-1001_Classes\CLSID\{60E1F230-535C-45c8-92D3-978F8FFB3273}\InprocServer32 -> C:\Program Files\Corel\CorelCAD 2020\BIN\FxVistaPreview.dll (Corel Corporation -> Graebert GmbH) CustomCLSID: HKU\S-1-5-21-3789978303-2625929913-402014305-1001_Classes\CLSID\{6219CD93-FF81-41DF-BE84-72F17E753075}\InprocServer32 -> C:\Program Files\Corel\CorelCAD 2020\BIN\OdaX_4.03_14.dll (Open Design Alliance) [File not signed] CustomCLSID: HKU\S-1-5-21-3789978303-2625929913-402014305-1001_Classes\CLSID\{6295D236-AA3B-415B-9362-A370961B9A34}\InprocServer32 -> C:\Program Files\Corel\CorelCAD 2020\BIN\OdaX_4.03_14.dll (Open Design Alliance) [File not signed] CustomCLSID: HKU\S-1-5-21-3789978303-2625929913-402014305-1001_Classes\CLSID\{6301373C-3137-4442-8DD7-474CB3C912C4}\InprocServer32 -> C:\Program Files\Corel\CorelCAD 2020\BIN\CorelCAD.exe (Corel Corporation -> ) CustomCLSID: HKU\S-1-5-21-3789978303-2625929913-402014305-1001_Classes\CLSID\{63D1FE9F-AA74-476E-8B1D-3279A439D8DD}\InprocServer32 -> C:\Program Files\Corel\CorelCAD 2020\BIN\OdaX_4.03_14.dll (Open Design Alliance) [File not signed] CustomCLSID: HKU\S-1-5-21-3789978303-2625929913-402014305-1001_Classes\CLSID\{6450CD4A-5ADF-4E4A-8BA0-E782810FB521}\InprocServer32 -> C:\Program Files\Corel\CorelCAD 2020\BIN\OdaX_4.03_14.dll (Open Design Alliance) [File not signed] CustomCLSID: HKU\S-1-5-21-3789978303-2625929913-402014305-1001_Classes\CLSID\{64AA620D-E267-4770-A0C0-7D5A3947F447}\InprocServer32 -> C:\Program Files\Corel\CorelCAD 2020\BIN\CorelCAD.exe (Corel Corporation -> ) CustomCLSID: HKU\S-1-5-21-3789978303-2625929913-402014305-1001_Classes\CLSID\{67DA5A8B-0835-4B1F-BF0E-7170272382E0}\InprocServer32 -> C:\Program Files\Corel\CorelCAD 2020\BIN\OdaX_4.03_14.dll (Open Design Alliance) [File not signed] CustomCLSID: HKU\S-1-5-21-3789978303-2625929913-402014305-1001_Classes\CLSID\{68AFF50D-35BA-4725-BEF9-B0EA4985CB07}\InprocServer32 -> C:\Program Files\Corel\CorelCAD 2020\BIN\OdaX_4.03_14.dll (Open Design Alliance) [File not signed] CustomCLSID: HKU\S-1-5-21-3789978303-2625929913-402014305-1001_Classes\CLSID\{68B8FE99-8FAF-463F-BD33-466018D73A59}\InprocServer32 -> C:\Program Files\Corel\CorelCAD 2020\BIN\OdaX_4.03_14.dll (Open Design Alliance) [File not signed] CustomCLSID: HKU\S-1-5-21-3789978303-2625929913-402014305-1001_Classes\CLSID\{68E1327E-C8C6-4B00-B205-7B315036B3B1}\localserver32 -> C:\Program Files\Corel\CorelCAD 2020\BIN\CorelCAD.exe (Corel Corporation -> ) CustomCLSID: HKU\S-1-5-21-3789978303-2625929913-402014305-1001_Classes\CLSID\{69C516E3-9AB8-425D-B89E-25C36231B36C}\InprocServer32 -> C:\Program Files\Corel\CorelCAD 2020\BIN\CorelCAD.exe (Corel Corporation -> ) CustomCLSID: HKU\S-1-5-21-3789978303-2625929913-402014305-1001_Classes\CLSID\{6AD4617F-D034-4d66-AE9E-143247611403}\InprocServer32 -> C:\Program Files\Corel\CorelCAD 2020\BIN\FxVistaPreview.dll (Corel Corporation -> Graebert GmbH) CustomCLSID: HKU\S-1-5-21-3789978303-2625929913-402014305-1001_Classes\CLSID\{6B9CB69A-E4E1-4384-9E3C-C818B2991CF9}\InprocServer32 -> C:\Program Files\Corel\CorelCAD 2020\BIN\CorelCAD.exe (Corel Corporation -> ) CustomCLSID: HKU\S-1-5-21-3789978303-2625929913-402014305-1001_Classes\CLSID\{6C2369D9-9018-43DD-A539-0FD09A4A2913}\InprocServer32 -> C:\Program Files\Corel\CorelCAD 2020\BIN\OdaX_4.03_14.dll (Open Design Alliance) [File not signed] CustomCLSID: HKU\S-1-5-21-3789978303-2625929913-402014305-1001_Classes\CLSID\{6C81F4AB-CDDD-4a9b-853C-42B63CF480AB}\InprocServer32 -> C:\Program Files\Corel\CorelCAD 2020\BIN\FxVistaPreview.dll (Corel Corporation -> Graebert GmbH) CustomCLSID: HKU\S-1-5-21-3789978303-2625929913-402014305-1001_Classes\CLSID\{6D2A742F-2A63-451D-BD3C-0E9DB4B4434F}\InprocServer32 -> C:\Program Files\Corel\CorelCAD 2020\BIN\OdaX_4.03_14.dll (Open Design Alliance) [File not signed] CustomCLSID: HKU\S-1-5-21-3789978303-2625929913-402014305-1001_Classes\CLSID\{6D535ECD-FF78-4D11-845D-B79B2C9033ED}\InprocServer32 -> C:\Program Files\Corel\CorelCAD 2020\BIN\CorelCAD.exe (Corel Corporation -> ) CustomCLSID: HKU\S-1-5-21-3789978303-2625929913-402014305-1001_Classes\CLSID\{6F295295-92A0-407B-92B7-0CB69C75C47A}\InprocServer32 -> C:\Program Files\Corel\CorelCAD 2020\BIN\OdaX_4.03_14.dll (Open Design Alliance) [File not signed] CustomCLSID: HKU\S-1-5-21-3789978303-2625929913-402014305-1001_Classes\CLSID\{75EFB026-E8B2-4573-8680-FBE63C2A4710}\InprocServer32 -> C:\Program Files\Corel\CorelCAD 2020\BIN\OdaX_4.03_14.dll (Open Design Alliance) [File not signed] CustomCLSID: HKU\S-1-5-21-3789978303-2625929913-402014305-1001_Classes\CLSID\{78BE0919-9C06-4065-AAFE-8F11732399E7}\InprocServer32 -> C:\Program Files\Corel\CorelCAD 2020\BIN\OdaX_4.03_14.dll (Open Design Alliance) [File not signed] CustomCLSID: HKU\S-1-5-21-3789978303-2625929913-402014305-1001_Classes\CLSID\{78E08CE0-8B13-4BEF-BE5F-03839269A44B}\InprocServer32 -> C:\Program Files\Corel\CorelCAD 2020\BIN\OdaX_4.03_14.dll (Open Design Alliance) [File not signed] CustomCLSID: HKU\S-1-5-21-3789978303-2625929913-402014305-1001_Classes\CLSID\{7A3B88A1-2FF6-4813-AF5B-5DF0F24A840B}\InprocServer32 -> C:\Program Files\Corel\CorelCAD 2020\BIN\OdaX_4.03_14.dll (Open Design Alliance) [File not signed] CustomCLSID: HKU\S-1-5-21-3789978303-2625929913-402014305-1001_Classes\CLSID\{7B562AE8-BBF2-447D-B54C-764BB5572127}\InprocServer32 -> C:\Program Files\Corel\CorelCAD 2020\BIN\OdaX_4.03_14.dll (Open Design Alliance) [File not signed] CustomCLSID: HKU\S-1-5-21-3789978303-2625929913-402014305-1001_Classes\CLSID\{7B804596-9F4A-4CEF-98DD-182CA31ABCF1}\InprocServer32 -> C:\Program Files\Corel\CorelCAD 2020\BIN\OdaX_4.03_14.dll (Open Design Alliance) [File not signed] CustomCLSID: HKU\S-1-5-21-3789978303-2625929913-402014305-1001_Classes\CLSID\{7DC97CD8-EBB1-4F7A-B2BE-A446AFCBD1F5}\InprocServer32 -> C:\Program Files\Corel\CorelCAD 2020\BIN\CorelCAD.exe (Corel Corporation -> ) CustomCLSID: HKU\S-1-5-21-3789978303-2625929913-402014305-1001_Classes\CLSID\{80E8639D-37DF-4517-85C7-662297370436}\InprocServer32 -> C:\Program Files\Corel\CorelCAD 2020\BIN\OdaX_4.03_14.dll (Open Design Alliance) [File not signed] CustomCLSID: HKU\S-1-5-21-3789978303-2625929913-402014305-1001_Classes\CLSID\{823652A7-AEBE-4ED8-B1B7-8C3E22EF183A}\InprocServer32 -> C:\Program Files\Corel\CorelCAD 2020\BIN\OdaX_4.03_14.dll (Open Design Alliance) [File not signed] CustomCLSID: HKU\S-1-5-21-3789978303-2625929913-402014305-1001_Classes\CLSID\{82EA1558-33C7-448A-8994-75FDB23655F0}\InprocServer32 -> C:\Program Files\Corel\CorelCAD 2020\BIN\OdaX_4.03_14.dll (Open Design Alliance) [File not signed] CustomCLSID: HKU\S-1-5-21-3789978303-2625929913-402014305-1001_Classes\CLSID\{8347B98C-1C6B-4D68-8088-3228AA3D2EA9}\InprocServer32 -> C:\Program Files\Corel\CorelCAD 2020\BIN\CorelCAD.exe (Corel Corporation -> ) CustomCLSID: HKU\S-1-5-21-3789978303-2625929913-402014305-1001_Classes\CLSID\{8AFD9632-DBD8-4255-9C35-40D398A7712A}\InprocServer32 -> C:\Program Files\Corel\CorelCAD 2020\BIN\OdaX_4.03_14.dll (Open Design Alliance) [File not signed] CustomCLSID: HKU\S-1-5-21-3789978303-2625929913-402014305-1001_Classes\CLSID\{8B810C99-7100-409E-B702-5BCCA27527DF}\InprocServer32 -> C:\Program Files\Corel\CorelCAD 2020\BIN\OdaX_4.03_14.dll (Open Design Alliance) [File not signed] CustomCLSID: HKU\S-1-5-21-3789978303-2625929913-402014305-1001_Classes\CLSID\{8F0AE15F-AD9F-453A-B312-12C08C620488}\InprocServer32 -> C:\Program Files\Corel\CorelCAD 2020\BIN\OdaX_4.03_14.dll (Open Design Alliance) [File not signed] CustomCLSID: HKU\S-1-5-21-3789978303-2625929913-402014305-1001_Classes\CLSID\{91BA8E6C-F458-44AB-B408-5A9CA333C0DC}\InprocServer32 -> C:\Program Files\Corel\CorelCAD 2020\BIN\OdaX_4.03_14.dll (Open Design Alliance) [File not signed] CustomCLSID: HKU\S-1-5-21-3789978303-2625929913-402014305-1001_Classes\CLSID\{922E58BA-4AD0-44F9-8B96-6418040E309A}\InprocServer32 -> C:\Program Files\Corel\CorelCAD 2020\BIN\CorelCAD.exe (Corel Corporation -> ) CustomCLSID: HKU\S-1-5-21-3789978303-2625929913-402014305-1001_Classes\CLSID\{94D765B9-C251-4614-84DC-B468267A7163}\localserver32 -> C:\Program Files\Corel\CorelCAD 2020\BIN\CorelCAD.exe (Corel Corporation -> ) CustomCLSID: HKU\S-1-5-21-3789978303-2625929913-402014305-1001_Classes\CLSID\{95A45AF4-74A8-4c77-8C91-71D50D730C2D}\InprocServer32 -> C:\Program Files\Corel\CorelCAD 2020\BIN\FxVistaPreview.dll (Corel Corporation -> Graebert GmbH) CustomCLSID: HKU\S-1-5-21-3789978303-2625929913-402014305-1001_Classes\CLSID\{9E5B902F-D859-4D8F-96B0-D11041134969}\InprocServer32 -> C:\Program Files\Corel\CorelCAD 2020\BIN\OdaX_4.03_14.dll (Open Design Alliance) [File not signed] CustomCLSID: HKU\S-1-5-21-3789978303-2625929913-402014305-1001_Classes\CLSID\{A0287443-B702-45C2-BEA7-AE15DADA0BAA}\InprocServer32 -> C:\Program Files\Corel\CorelCAD 2020\BIN\OdaX_4.03_14.dll (Open Design Alliance) [File not signed] CustomCLSID: HKU\S-1-5-21-3789978303-2625929913-402014305-1001_Classes\CLSID\{A02D8E58-603D-4EAC-8A30-D583D8B17428}\InprocServer32 -> C:\Program Files\Corel\CorelCAD 2020\BIN\CorelCAD.exe (Corel Corporation -> ) CustomCLSID: HKU\S-1-5-21-3789978303-2625929913-402014305-1001_Classes\CLSID\{A030AD7D-C543-48AD-B250-ED62C4AC5006}\InprocServer32 -> C:\Program Files\Corel\CorelCAD 2020\BIN\OdaX_4.03_14.dll (Open Design Alliance) [File not signed] CustomCLSID: HKU\S-1-5-21-3789978303-2625929913-402014305-1001_Classes\CLSID\{A0679B05-9305-4BED-8132-95337F1D4BEC}\InprocServer32 -> C:\Program Files\Corel\CorelCAD 2020\BIN\OdaX_4.03_14.dll (Open Design Alliance) [File not signed] CustomCLSID: HKU\S-1-5-21-3789978303-2625929913-402014305-1001_Classes\CLSID\{A4B60A01-A8C8-4E70-93F0-18263C328978}\InprocServer32 -> C:\Program Files\Corel\CorelCAD 2020\BIN\OdaX_4.03_14.dll (Open Design Alliance) [File not signed] CustomCLSID: HKU\S-1-5-21-3789978303-2625929913-402014305-1001_Classes\CLSID\{A4EA7661-2EB4-46CA-A707-EAC41053F9E6}\localserver32 -> C:\Program Files\Corel\CorelCAD 2020\BIN\CorelCAD.exe (Corel Corporation -> ) CustomCLSID: HKU\S-1-5-21-3789978303-2625929913-402014305-1001_Classes\CLSID\{A4FC8DCC-CF16-45E5-9526-522E637A1F50}\InprocServer32 -> C:\Program Files\Corel\CorelCAD 2020\BIN\OdaX_4.03_14.dll (Open Design Alliance) [File not signed] CustomCLSID: HKU\S-1-5-21-3789978303-2625929913-402014305-1001_Classes\CLSID\{A6F01AB2-A756-4D9E-8E8D-0F811B922C80}\InprocServer32 -> C:\Program Files\Corel\CorelCAD 2020\BIN\OdaX_4.03_14.dll (Open Design Alliance) [File not signed] CustomCLSID: HKU\S-1-5-21-3789978303-2625929913-402014305-1001_Classes\CLSID\{AADFA4C7-8631-4D89-8EA8-6ED933FEE725}\InprocServer32 -> C:\Program Files\Corel\CorelCAD 2020\BIN\OdaX_4.03_14.dll (Open Design Alliance) [File not signed] CustomCLSID: HKU\S-1-5-21-3789978303-2625929913-402014305-1001_Classes\CLSID\{AB3DF6A7-0979-4AFE-9CDF-4BD36CEE860B}\InprocServer32 -> C:\Program Files\Corel\CorelCAD 2020\BIN\OdaX_4.03_14.dll (Open Design Alliance) [File not signed] CustomCLSID: HKU\S-1-5-21-3789978303-2625929913-402014305-1001_Classes\CLSID\{ABD54DBD-95B4-417e-8B20-F2BBE4AC983C}\InprocServer32 -> C:\Program Files\Corel\CorelCAD 2020\BIN\FxVistaPreview.dll (Corel Corporation -> Graebert GmbH) CustomCLSID: HKU\S-1-5-21-3789978303-2625929913-402014305-1001_Classes\CLSID\{ADF4C28A-B344-466F-9FE5-ABFDCC622154}\InprocServer32 -> C:\Program Files\Corel\CorelCAD 2020\BIN\OdaX_4.03_14.dll (Open Design Alliance) [File not signed] CustomCLSID: HKU\S-1-5-21-3789978303-2625929913-402014305-1001_Classes\CLSID\{B500E62D-5CF9-43E0-87CF-FB5B59E622EB}\InprocServer32 -> C:\Program Files\Corel\CorelCAD 2020\BIN\OdaX_4.03_14.dll (Open Design Alliance) [File not signed] CustomCLSID: HKU\S-1-5-21-3789978303-2625929913-402014305-1001_Classes\CLSID\{B59D7E17-BFA5-48B7-B56E-CE122554E68F}\InprocServer32 -> C:\Program Files\Corel\CorelCAD 2020\BIN\OdaX_4.03_14.dll (Open Design Alliance) [File not signed] CustomCLSID: HKU\S-1-5-21-3789978303-2625929913-402014305-1001_Classes\CLSID\{B5E9C2D5-9D6C-4B7C-A29E-70C6064650DA}\InprocServer32 -> C:\Program Files\Corel\CorelCAD 2020\BIN\OdaX_4.03_14.dll (Open Design Alliance) [File not signed] CustomCLSID: HKU\S-1-5-21-3789978303-2625929913-402014305-1001_Classes\CLSID\{B6B8F6C4-D811-4A1E-B267-B259683E507B}\InprocServer32 -> C:\Program Files\Corel\CorelCAD 2020\BIN\OdaX_4.03_14.dll (Open Design Alliance) [File not signed] CustomCLSID: HKU\S-1-5-21-3789978303-2625929913-402014305-1001_Classes\CLSID\{B6E713F0-E8F6-49D9-966F-1EC45B8D4332}\InprocServer32 -> C:\Program Files\Corel\CorelCAD 2020\BIN\OdaX_4.03_14.dll (Open Design Alliance) [File not signed] CustomCLSID: HKU\S-1-5-21-3789978303-2625929913-402014305-1001_Classes\CLSID\{B876662F-2CA8-496A-B526-62F6434457F6}\InprocServer32 -> C:\Program Files\Corel\CorelCAD 2020\BIN\OdaX_4.03_14.dll (Open Design Alliance) [File not signed] CustomCLSID: HKU\S-1-5-21-3789978303-2625929913-402014305-1001_Classes\CLSID\{B87A6621-34D3-4E4B-B058-9CEC2806A3E9}\InprocServer32 -> C:\Program Files\Corel\CorelCAD 2020\BIN\CorelCAD.exe (Corel Corporation -> ) CustomCLSID: HKU\S-1-5-21-3789978303-2625929913-402014305-1001_Classes\CLSID\{B93EBCE8-36CD-43C3-A034-5DD8CA752787}\InprocServer32 -> C:\Program Files\Corel\CorelCAD 2020\BIN\OdaX_4.03_14.dll (Open Design Alliance) [File not signed] CustomCLSID: HKU\S-1-5-21-3789978303-2625929913-402014305-1001_Classes\CLSID\{BBC9073F-4C46-4A5B-B8CD-856238116447}\InprocServer32 -> C:\Program Files\Corel\CorelCAD 2020\BIN\CorelCAD.exe (Corel Corporation -> ) CustomCLSID: HKU\S-1-5-21-3789978303-2625929913-402014305-1001_Classes\CLSID\{BD70C645-9EF1-416E-A6D5-9B5EB65ABF43}\InprocServer32 -> C:\Program Files\Corel\CorelCAD 2020\BIN\OdaX_4.03_14.dll (Open Design Alliance) [File not signed] CustomCLSID: HKU\S-1-5-21-3789978303-2625929913-402014305-1001_Classes\CLSID\{BF3B725D-C7C3-4059-9AB8-9E039F52F152}\InprocServer32 -> C:\Program Files\Corel\CorelCAD 2020\BIN\OdaX_4.03_14.dll (Open Design Alliance) [File not signed] CustomCLSID: HKU\S-1-5-21-3789978303-2625929913-402014305-1001_Classes\CLSID\{C006EFCD-08C7-4E78-9642-4A269E6EB26C}\InprocServer32 -> C:\Program Files\Corel\CorelCAD 2020\BIN\OdaX_4.03_14.dll (Open Design Alliance) [File not signed] CustomCLSID: HKU\S-1-5-21-3789978303-2625929913-402014305-1001_Classes\CLSID\{C8D79FEA-04F0-4724-91F3-DDDCDF076AB2}\InprocServer32 -> C:\Program Files\Corel\CorelCAD 2020\BIN\OdaX_4.03_14.dll (Open Design Alliance) [File not signed] CustomCLSID: HKU\S-1-5-21-3789978303-2625929913-402014305-1001_Classes\CLSID\{C9363113-34E8-40A6-AB7C-A390F5435B72}\InprocServer32 -> C:\Program Files\Corel\CorelCAD 2020\BIN\OdaX_4.03_14.dll (Open Design Alliance) [File not signed] CustomCLSID: HKU\S-1-5-21-3789978303-2625929913-402014305-1001_Classes\CLSID\{CA143133-3AB5-4BAB-84F4-994804FC73EF}\InprocServer32 -> C:\Program Files\Corel\CorelCAD 2020\BIN\OdaX_4.03_14.dll (Open Design Alliance) [File not signed] CustomCLSID: HKU\S-1-5-21-3789978303-2625929913-402014305-1001_Classes\CLSID\{CA3291C6-806C-450C-B6BD-C2671DDF314C}\InprocServer32 -> C:\Program Files\Corel\CorelCAD 2020\BIN\OdaX_4.03_14.dll (Open Design Alliance) [File not signed] CustomCLSID: HKU\S-1-5-21-3789978303-2625929913-402014305-1001_Classes\CLSID\{CB7366BB-B519-4BFB-9E3C-034EB6CD9FE0}\InprocServer32 -> C:\Program Files\Corel\CorelCAD 2020\BIN\OdaX_4.03_14.dll (Open Design Alliance) [File not signed] CustomCLSID: HKU\S-1-5-21-3789978303-2625929913-402014305-1001_Classes\CLSID\{CE8B8A17-C60A-4250-AD65-D446726552D5}\InprocServer32 -> C:\Program Files\Corel\CorelCAD 2020\BIN\OdaX_4.03_14.dll (Open Design Alliance) [File not signed] CustomCLSID: HKU\S-1-5-21-3789978303-2625929913-402014305-1001_Classes\CLSID\{CFF5C4DB-8493-451E-861E-8F9CC17FE0CB}\InprocServer32 -> C:\Program Files\Corel\CorelCAD 2020\BIN\OdaX_4.03_14.dll (Open Design Alliance) [File not signed] CustomCLSID: HKU\S-1-5-21-3789978303-2625929913-402014305-1001_Classes\CLSID\{D13ED375-1E74-4159-AE7D-1A71B3E83E94}\InprocServer32 -> C:\Program Files\Corel\CorelCAD 2020\BIN\OdaX_4.03_14.dll (Open Design Alliance) [File not signed] CustomCLSID: HKU\S-1-5-21-3789978303-2625929913-402014305-1001_Classes\CLSID\{D1FDE975-7F84-4F84-8E91-99EB6DFB1A19}\InprocServer32 -> C:\Program Files\Corel\CorelCAD 2020\BIN\OdaX_4.03_14.dll (Open Design Alliance) [File not signed] CustomCLSID: HKU\S-1-5-21-3789978303-2625929913-402014305-1001_Classes\CLSID\{D2AB5673-7EB8-4C0A-B9CC-A4D1532959FA}\InprocServer32 -> C:\Program Files\Corel\CorelCAD 2020\BIN\CorelCAD.exe (Corel Corporation -> ) CustomCLSID: HKU\S-1-5-21-3789978303-2625929913-402014305-1001_Classes\CLSID\{D2BD2B42-B76D-4BE6-AD2D-18070EBDE953}\InprocServer32 -> C:\Program Files\Corel\CorelCAD 2020\BIN\OdaX_4.03_14.dll (Open Design Alliance) [File not signed] CustomCLSID: HKU\S-1-5-21-3789978303-2625929913-402014305-1001_Classes\CLSID\{D3C089FC-74E2-4B04-B5C5-0C1D81E8B22C}\InprocServer32 -> C:\Program Files\Corel\CorelCAD 2020\BIN\OdaX_4.03_14.dll (Open Design Alliance) [File not signed] CustomCLSID: HKU\S-1-5-21-3789978303-2625929913-402014305-1001_Classes\CLSID\{D6016D56-DFDB-4E61-BF80-750FCF4D7BEC}\InprocServer32 -> C:\Program Files\Corel\CorelCAD 2020\BIN\OdaX_4.03_14.dll (Open Design Alliance) [File not signed] CustomCLSID: HKU\S-1-5-21-3789978303-2625929913-402014305-1001_Classes\CLSID\{D6873B98-D95C-4828-8EEE-35144958185E}\InprocServer32 -> C:\Program Files\Corel\CorelCAD 2020\BIN\FxVistaPreview.dll (Corel Corporation -> Graebert GmbH) CustomCLSID: HKU\S-1-5-21-3789978303-2625929913-402014305-1001_Classes\CLSID\{D74FACFE-0D80-4D3E-B683-A27B7C89A6AA}\InprocServer32 -> C:\Program Files\Corel\CorelCAD 2020\BIN\OdaX_4.03_14.dll (Open Design Alliance) [File not signed] CustomCLSID: HKU\S-1-5-21-3789978303-2625929913-402014305-1001_Classes\CLSID\{DA8C1975-ECAC-4E4F-9FD6-D741517D2B97}\InprocServer32 -> C:\Program Files\Corel\CorelCAD 2020\BIN\OdaX_4.03_14.dll (Open Design Alliance) [File not signed] CustomCLSID: HKU\S-1-5-21-3789978303-2625929913-402014305-1001_Classes\CLSID\{DC807AA9-0534-421C-B88E-EF170ACC0863}\InprocServer32 -> C:\Program Files\Corel\CorelCAD 2020\BIN\OdaX_4.03_14.dll (Open Design Alliance) [File not signed] CustomCLSID: HKU\S-1-5-21-3789978303-2625929913-402014305-1001_Classes\CLSID\{DD31AD48-DA0A-448D-9B8E-46E8D30C7096}\InprocServer32 -> C:\Program Files\Corel\CorelCAD 2020\BIN\OdaX_4.03_14.dll (Open Design Alliance) [File not signed] CustomCLSID: HKU\S-1-5-21-3789978303-2625929913-402014305-1001_Classes\CLSID\{DD5057A6-B0D7-4C87-A0D0-23BF4F61FB81}\InprocServer32 -> C:\Program Files\Corel\CorelCAD 2020\BIN\OdaX_4.03_14.dll (Open Design Alliance) [File not signed] CustomCLSID: HKU\S-1-5-21-3789978303-2625929913-402014305-1001_Classes\CLSID\{DD78B27A-CF1A-4E8C-8CB4-C009FD86C3FB}\InprocServer32 -> C:\Program Files\Corel\CorelCAD 2020\BIN\CorelCAD.exe (Corel Corporation -> ) CustomCLSID: HKU\S-1-5-21-3789978303-2625929913-402014305-1001_Classes\CLSID\{DFEFA08C-E373-4831-BA66-1D5925C06DC5}\InprocServer32 -> C:\Program Files\Corel\CorelCAD 2020\BIN\OdaX_4.03_14.dll (Open Design Alliance) [File not signed] CustomCLSID: HKU\S-1-5-21-3789978303-2625929913-402014305-1001_Classes\CLSID\{E1165AD2-6EB2-4C1C-ADE2-62D0CB47BFCF}\InprocServer32 -> C:\Program Files\Corel\CorelCAD 2020\BIN\OdaX_4.03_14.dll (Open Design Alliance) [File not signed] CustomCLSID: HKU\S-1-5-21-3789978303-2625929913-402014305-1001_Classes\CLSID\{E139B37E-107E-4073-A81E-DA1E7B4D701D}\InprocServer32 -> C:\Program Files\Corel\CorelCAD 2020\BIN\OdaX_4.03_14.dll (Open Design Alliance) [File not signed] CustomCLSID: HKU\S-1-5-21-3789978303-2625929913-402014305-1001_Classes\CLSID\{E1AA84B4-CD4D-4331-8016-6A59EE7F7461}\InprocServer32 -> C:\Program Files\Corel\CorelCAD 2020\BIN\OdaX_4.03_14.dll (Open Design Alliance) [File not signed] CustomCLSID: HKU\S-1-5-21-3789978303-2625929913-402014305-1001_Classes\CLSID\{E4E56424-B90E-4E68-9A84-5CB72C2401C5}\InprocServer32 -> C:\Program Files\Corel\CorelCAD 2020\BIN\CorelCAD.exe (Corel Corporation -> ) CustomCLSID: HKU\S-1-5-21-3789978303-2625929913-402014305-1001_Classes\CLSID\{E6233BA0-287E-4B93-BE2C-399ADE223D86}\InprocServer32 -> C:\Program Files\Corel\CorelCAD 2020\BIN\OdaX_4.03_14.dll (Open Design Alliance) [File not signed] CustomCLSID: HKU\S-1-5-21-3789978303-2625929913-402014305-1001_Classes\CLSID\{E6874C19-21F4-454B-9D56-A62837DC0C95}\InprocServer32 -> C:\Program Files\Corel\CorelCAD 2020\BIN\OdaX_4.03_14.dll (Open Design Alliance) [File not signed] CustomCLSID: HKU\S-1-5-21-3789978303-2625929913-402014305-1001_Classes\CLSID\{E8BB26D7-0F99-449E-9DF0-332208B6438A}\InprocServer32 -> C:\Program Files\Corel\CorelCAD 2020\BIN\CorelCAD.exe (Corel Corporation -> ) CustomCLSID: HKU\S-1-5-21-3789978303-2625929913-402014305-1001_Classes\CLSID\{EA9805BC-8E46-4704-A1DB-408E303014B4}\InprocServer32 -> C:\Program Files\Corel\CorelCAD 2020\BIN\OdaX_4.03_14.dll (Open Design Alliance) [File not signed] CustomCLSID: HKU\S-1-5-21-3789978303-2625929913-402014305-1001_Classes\CLSID\{ECFD2D0C-E70F-407A-91C7-4719CB0A422A}\InprocServer32 -> C:\Program Files\Corel\CorelCAD 2020\BIN\CorelCAD.exe (Corel Corporation -> ) CustomCLSID: HKU\S-1-5-21-3789978303-2625929913-402014305-1001_Classes\CLSID\{F3AD289E-2AE1-4899-B6EE-D7AF3D616953}\InprocServer32 -> C:\Program Files\Corel\CorelCAD 2020\BIN\OdaX_4.03_14.dll (Open Design Alliance) [File not signed] CustomCLSID: HKU\S-1-5-21-3789978303-2625929913-402014305-1001_Classes\CLSID\{FC57D277-0CE9-4E4A-9665-794E7E31B976}\InprocServer32 -> C:\Program Files\Corel\CorelCAD 2020\BIN\OdaX_4.03_14.dll (Open Design Alliance) [File not signed] CustomCLSID: HKU\S-1-5-21-3789978303-2625929913-402014305-1001_Classes\CLSID\{FD5760F5-F3F7-4F50-ADA4-32EBC94E2247}\InprocServer32 -> C:\Program Files\Corel\CorelCAD 2020\BIN\OdaX_4.03_14.dll (Open Design Alliance) [File not signed] ContextMenuHandlers3: [MBAMShlExt] -> {57CE581A-0CB6-4266-9CA0-19364C90A0B3} => C:\Program Files\Malwarebytes\Anti-Malware\mbshlext.dll [2021-03-11] (Malwarebytes Corporation -> Malwarebytes) ContextMenuHandlers6: [MBAMShlExt] -> {57CE581A-0CB6-4266-9CA0-19364C90A0B3} => C:\Program Files\Malwarebytes\Anti-Malware\mbshlext.dll [2021-03-11] (Malwarebytes Corporation -> Malwarebytes) ==================== Codecs (Whitelisted) ==================== ==================== Shortcuts & WMI ======================== ==================== Loaded Modules (Whitelisted) ============= 2021-01-16 11:12 - 2021-01-16 11:23 - 042499072 _____ (Intel Corporation) [File not signed] C:\Program Files\WindowsApps\AppUp.IntelGraphicsExperience_1.100.3282.0_x64__8j3eq9eme6ctt\IGCC.dll 2020-04-02 20:12 - 2020-04-02 20:12 - 000000000 ____L (Microsoft Corporation) C:\Program Files\Microsoft Office\root\Office16\AppVIsvSubsystems64.dll 2020-04-02 20:12 - 2020-04-02 20:12 - 000000000 ____L (Microsoft Corporation) C:\Program Files\Microsoft Office\root\Office16\c2r64.dll 2020-04-02 20:25 - 2020-04-02 20:25 - 001460224 _____ (Robert Simpson, et al.) [File not signed] C:\Program Files\WindowsApps\22094SynapticsIncorporate.SmartAudio3_1.0.85.0_x64__qt57b6kdvhcfw\Flow\Flow1\x64\SQLite.Interop.dll ==================== Alternate Data Streams (Whitelisted) ======== ==================== Safe Mode (Whitelisted) ================== (If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.) HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MBAMService => ""="Service" HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\MBAMService => ""="Service" ==================== Association (Whitelisted) ================= ==================== Internet Explorer (Whitelisted) ========== HKU\S-1-5-21-3789978303-2625929913-402014305-1001\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://lenovo17win10.msn.com/?pc=LCTE HKU\S-1-5-21-3789978303-2625929913-402014305-1001\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://lenovo17win10.msn.com/?pc=LCTE HKU\S-1-5-21-3789978303-2625929913-402014305-1001\Software\Microsoft\Internet Explorer\Main,Secondary Start Pages = hxxp://mystart.lenovo.com/ SearchScopes: HKU\S-1-5-21-3789978303-2625929913-402014305-1001 -> DefaultScope {C8820BD1-963A-443F-BA89-DA224E30B08F} URL = SearchScopes: HKU\S-1-5-21-3789978303-2625929913-402014305-1001 -> {C8820BD1-963A-443F-BA89-DA224E30B08F} URL = BHO: Skype for Business Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files\Microsoft Office\root\Office16\OCHelper.dll [2021-03-05] (Microsoft Corporation -> Microsoft Corporation) BHO-x32: Skype for Business Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files\Microsoft Office\root\VFS\ProgramFilesX86\Microsoft Office\Office16\OCHelper.dll [2021-03-05] (Microsoft Corporation -> Microsoft Corporation) Handler: mso-minsb-roaming.16 - {83C25742-A9F7-49FB-9138-434302C88D07} - C:\Program Files\Microsoft Office\root\Office16\MSOSB.DLL [2021-03-05] (Microsoft Corporation -> Microsoft Corporation) Handler-x32: mso-minsb-roaming.16 - {83C25742-A9F7-49FB-9138-434302C88D07} - C:\Program Files\Microsoft Office\root\VFS\ProgramFilesX86\Microsoft Office\Office16\MSOSB.DLL [2021-03-05] (Microsoft Corporation -> Microsoft Corporation) Handler: mso-minsb.16 - {42089D2D-912D-4018-9087-2B87803E93FB} - C:\Program Files\Microsoft Office\root\Office16\MSOSB.DLL [2021-03-05] (Microsoft Corporation -> Microsoft Corporation) Handler-x32: mso-minsb.16 - {42089D2D-912D-4018-9087-2B87803E93FB} - C:\Program Files\Microsoft Office\root\VFS\ProgramFilesX86\Microsoft Office\Office16\MSOSB.DLL [2021-03-05] (Microsoft Corporation -> Microsoft Corporation) Handler: osf-roaming.16 - {42089D2D-912D-4018-9087-2B87803E93FB} - C:\Program Files\Microsoft Office\root\Office16\MSOSB.DLL [2021-03-05] (Microsoft Corporation -> Microsoft Corporation) Handler-x32: osf-roaming.16 - {42089D2D-912D-4018-9087-2B87803E93FB} - C:\Program Files\Microsoft Office\root\VFS\ProgramFilesX86\Microsoft Office\Office16\MSOSB.DLL [2021-03-05] (Microsoft Corporation -> Microsoft Corporation) Handler: osf.16 - {5504BE45-A83B-4808-900A-3A5C36E7F77A} - C:\Program Files\Microsoft Office\root\Office16\MSOSB.DLL [2021-03-05] (Microsoft Corporation -> Microsoft Corporation) Handler-x32: osf.16 - {5504BE45-A83B-4808-900A-3A5C36E7F77A} - C:\Program Files\Microsoft Office\root\VFS\ProgramFilesX86\Microsoft Office\Office16\MSOSB.DLL [2021-03-05] (Microsoft Corporation -> Microsoft Corporation) (If an entry is included in the fixlist, it will be removed from the registry.) IE trusted site: HKU\S-1-5-21-3789978303-2625929913-402014305-1001\...\live.com -> hxxps://officeapps.live.com IE trusted site: HKU\S-1-5-21-3789978303-2625929913-402014305-1001\...\militarycac.com -> hxxps://militarycac.com IE trusted site: HKU\S-1-5-21-3789978303-2625929913-402014305-1001\...\sharepoint.com -> hxxps://fullsailedu-files.sharepoint.com ==================== Hosts content: ========================= (If needed Hosts: directive could be included in the fixlist to reset Hosts.) 2019-03-18 23:49 - 2019-03-18 23:49 - 000000824 _____ C:\WINDOWS\system32\drivers\etc\hosts 2021-03-04 20:36 - 2021-03-04 20:39 - 000000506 _____ C:\WINDOWS\system32\drivers\etc\hosts.ics ==================== Other Areas =========================== (Currently there is no automatic fix for this section.) HKU\S-1-5-21-3789978303-2625929913-402014305-1001\Control Panel\Desktop\\Wallpaper -> C:\Users\s_mar\AppData\Roaming\Microsoft\Windows\Themes\TranscodedWallpaper DNS Servers: 192.168.181.183 HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 0) HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer => (SmartScreenEnabled: ) Windows Firewall is enabled. Network Binding: ============= VirtualBox Host-Only Network: VirtualBox NDIS6 Bridged Networking Driver -> oracle_VBoxNetLwf (enabled) Wi-Fi: VirtualBox NDIS6 Bridged Networking Driver -> oracle_VBoxNetLwf (disabled) ==================== MSCONFIG/TASK MANAGER disabled items == (If an entry is included in the fixlist, it will be removed.) HKLM\...\StartupApproved\Run: => "Acronis Scheduler2 Service" HKLM\...\StartupApproved\Run32: => "AcronisTibMounterMonitor" HKLM\...\StartupApproved\Run32: => "TrueImageMonitor.exe" HKLM\...\StartupApproved\Run32: => "vmware-tray.exe" HKU\S-1-5-21-3789978303-2625929913-402014305-1001\...\StartupApproved\Run: => "electron.app.Fing" ==================== FirewallRules (Whitelisted) ================ (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.) FirewallRules: [TCP Query User{569E9883-668D-4BCB-B354-B5C03B33BA81}C:\program files (x86)\microsoft\edge\application\msedge.exe] => (Block) C:\program files (x86)\microsoft\edge\application\msedge.exe (Microsoft Corporation -> Microsoft Corporation) FirewallRules: [UDP Query User{2F3589A2-021A-490B-9EA1-CBEB306A03DC}C:\program files (x86)\microsoft\edge\application\msedge.exe] => (Block) C:\program files (x86)\microsoft\edge\application\msedge.exe (Microsoft Corporation -> Microsoft Corporation) ==================== Restore Points ========================= 17-02-2021 15:24:08 Windows Modules Installer 18-02-2021 23:30:54 Windows Modules Installer 27-02-2021 17:39:23 Windows Modules Installer 04-03-2021 23:54:52 Windows Modules Installer 08-03-2021 16:17:06 Removed InstallRoot 10-03-2021 06:36:03 Windows Modules Installer 11-03-2021 00:41:00 AdwCleaner_BeforeCleaning_11/03/2021_00:40:59 ==================== Faulty Device Manager Devices ============ Name: VirtualBox Host-Only Ethernet Adapter Description: VirtualBox Host-Only Ethernet Adapter Class Guid: {4d36e972-e325-11ce-bfc1-08002be10318} Manufacturer: Oracle Corporation Service: VBoxNetAdp Problem: : This device is disabled. (Code 22) Resolution: In Device Manager, click "Action", and then click "Enable Device". This starts the Enable Device wizard. Follow the instructions. Name: Microsoft Wi-Fi Direct Virtual Adapter #4 Description: Microsoft Wi-Fi Direct Virtual Adapter Class Guid: {4d36e972-e325-11ce-bfc1-08002be10318} Manufacturer: Microsoft Service: vwifimp Problem: : This device is disabled. (Code 22) Resolution: In Device Manager, click "Action", and then click "Enable Device". This starts the Enable Device wizard. Follow the instructions. ==================== Event log errors: ======================== Application errors: ================== Error: (03/11/2021 12:31:17 AM) (Source: Application Error) (EventID: 1000) (User: ) Description: Faulting application name: OLicenseHeartbeat.exe, version: 16.0.13801.20182, time stamp: 0x602dd932 Faulting module name: KERNELBASE.dll, version: 10.0.19041.804, time stamp: 0x0e9c5eae Exception code: 0xc06d007e Fault offset: 0x000000000002d759 Faulting process id: 0xbfc Faulting application start time: 0x01d71637c289991e Faulting application path: C:\Program Files\Common Files\Microsoft Shared\Office16\OLicenseHeartbeat.exe Faulting module path: C:\WINDOWS\System32\KERNELBASE.dll Report Id: 46b4791f-b0a6-4869-8134-eab3da2f0d27 Faulting package full name: Faulting package-relative application ID: Error: (03/10/2021 06:36:31 AM) (Source: VSS) (EventID: 8193) (User: ) Description: Volume Shadow Copy Service error: Unexpected error calling routine CoCreateInstance. hr = 0x8007045b, A system shutdown is in progress. . Error: (03/10/2021 06:36:31 AM) (Source: VSS) (EventID: 13) (User: ) Description: Volume Shadow Copy Service information: The COM Server with CLSID {4e14fba2-2e22-11d1-9964-00c04fbbb345} and name CEventSystem cannot be started. [0x8007045b, A system shutdown is in progress. ] Error: (03/10/2021 06:14:12 AM) (Source: Application Error) (EventID: 1000) (User: ) Description: Faulting application name: OLicenseHeartbeat.exe, version: 16.0.13801.20182, time stamp: 0x602dd932 Faulting module name: KERNELBASE.dll, version: 10.0.19041.804, time stamp: 0x0e9c5eae Exception code: 0xc06d007e Fault offset: 0x000000000002d759 Faulting process id: 0x1880 Faulting application start time: 0x01d7159e7fc12af2 Faulting application path: C:\Program Files\Common Files\Microsoft Shared\Office16\OLicenseHeartbeat.exe Faulting module path: C:\WINDOWS\System32\KERNELBASE.dll Report Id: 2bf23c97-8096-40f5-857f-259ffb69e87c Faulting package full name: Faulting package-relative application ID: Error: (03/08/2021 02:12:52 PM) (Source: Application Error) (EventID: 1000) (User: ) Description: Faulting application name: Microsoft.Photos.exe, version: 2020.20120.4004.0, time stamp: 0x5fcaab3d Faulting module name: KERNELBASE.dll, version: 10.0.19041.804, time stamp: 0x0e9c5eae Exception code: 0xc000027b Fault offset: 0x000000000010bd5c Faulting process id: 0x2008 Faulting application start time: 0x01d7144ac01dc020 Faulting application path: C:\Program Files\WindowsApps\Microsoft.Windows.Photos_2020.20120.4004.0_x64__8wekyb3d8bbwe\Microsoft.Photos.exe Faulting module path: C:\WINDOWS\System32\KERNELBASE.dll Report Id: 44c8f2d1-a53a-40d4-a6d7-f8f4b62d41c7 Faulting package full name: Microsoft.Windows.Photos_2020.20120.4004.0_x64__8wekyb3d8bbwe Faulting package-relative application ID: App Error: (03/08/2021 01:14:11 PM) (Source: Application Hang) (EventID: 1002) (User: ) Description: The program notepad.exe version 10.0.19041.746 stopped interacting with Windows and was closed. To see if more information about the problem is available, check the problem history in the Security and Maintenance control panel. Process ID: 1a0c Start Time: 01d71446bac700f6 Termination Time: 7 Application Path: C:\Windows\System32\notepad.exe Report Id: 31f31752-572d-447d-bfc8-c1bf2b170f41 Faulting package full name: Faulting package-relative application ID: Hang type: Unknown Error: (03/08/2021 10:44:37 AM) (Source: ESENT) (EventID: 455) (User: ) Description: svchost (9516,R,98) Error -1023 (0xfffffc01) occurred while opening logfile C:\ProgramData\Microsoft\SmsRouter\MessageStore\edb.log. Error: (03/08/2021 10:44:37 AM) (Source: ESENT) (EventID: 413) (User: ) Description: svchost (9516,R,98) Unable to create a new logfile because the database cannot write to the log drive. The drive may be read-only, out of disk space, misconfigured, or corrupted. Error -1032. System errors: ============= Error: (03/11/2021 12:41:39 AM) (Source: Service Control Manager) (EventID: 7000) (User: ) Description: The Fing.Agent service failed to start due to the following error: The system cannot find the file specified. Error: (03/11/2021 12:41:38 AM) (Source: Service Control Manager) (EventID: 7000) (User: ) Description: The luafv service failed to start due to the following error: This driver has been blocked from loading Error: (03/11/2021 12:41:39 AM) (Source: SNMP) (EventID: 1500) (User: ) Description: The SNMP Service encountered an error while accessing the registry key SYSTEM\CurrentControlSet\Services\SNMP\Parameters\TrapConfiguration. Error: (03/11/2021 12:41:20 AM) (Source: Microsoft-Windows-WLAN-AutoConfig) (EventID: 10003) (User: NT AUTHORITY) Description: WLAN Extensibility Module has stopped unexpectedly. Module Path: C:\WINDOWS\system32\IntelIHVRouter08.dll Error: (03/11/2021 12:41:20 AM) (Source: Microsoft-Windows-WLAN-AutoConfig) (EventID: 10003) (User: NT AUTHORITY) Description: WLAN Extensibility Module has stopped unexpectedly. Module Path: C:\WINDOWS\system32\IntelIHVRouter08.dll Error: (03/11/2021 12:41:17 AM) (Source: Microsoft-Windows-WLAN-AutoConfig) (EventID: 10003) (User: NT AUTHORITY) Description: WLAN Extensibility Module has stopped unexpectedly. Module Path: C:\WINDOWS\system32\IntelIHVRouter08.dll Error: (03/11/2021 12:41:11 AM) (Source: Service Control Manager) (EventID: 7034) (User: ) Description: The System Interface Foundation Service service terminated unexpectedly. It has done this 1 time(s). Error: (03/11/2021 12:41:11 AM) (Source: Service Control Manager) (EventID: 7034) (User: ) Description: The LenovoVantageService service terminated unexpectedly. It has done this 1 time(s). Windows Defender: ================ Date: 2021-03-11 00:59:00 Description: C:\Windows\System32\notepad.exe has been blocked from modifying %userprofile%\OneDrive\Desktop\ by Controlled Folder Access. Detection time: 2021-03-11T05:59:00.463Z Path: %userprofile%\OneDrive\Desktop\ Process Name: C:\Windows\System32\notepad.exe Security intelligence Version: 1.333.151.0 Engine Version: 1.1.17900.7 Product Version: 4.18.2102.3 Date: 2021-03-11 00:59:00 Description: C:\Windows\System32\notepad.exe has been blocked from modifying %userprofile%\OneDrive\Desktop\ by Controlled Folder Access. Detection time: 2021-03-11T05:59:00.462Z Path: %userprofile%\OneDrive\Desktop\ Process Name: C:\Windows\System32\notepad.exe Security intelligence Version: 1.333.151.0 Engine Version: 1.1.17900.7 Product Version: 4.18.2102.3 Date: 2021-03-11 00:52:33 Description: C:\Users\s_mar\OneDrive\Desktop\FRST64.exe has been blocked from modifying %userprofile%\OneDrive\Desktop\ by Controlled Folder Access. Detection time: 2021-03-11T05:52:33.144Z Path: %userprofile%\OneDrive\Desktop\ Process Name: C:\Users\s_mar\OneDrive\Desktop\FRST64.exe Security intelligence Version: 1.333.151.0 Engine Version: 1.1.17900.7 Product Version: 4.18.2102.3 Date: 2021-03-10 12:05:01 Description: Microsoft Defender Antivirus scan has been stopped before completion. Scan Type: Antimalware Scan Parameters: Quick Scan Date: 2021-03-10 06:28:42 Description: Controlled Folder Access blocked C:\ProgramData\Lenovo\IMCONTROLLER\Plugins\LenovoHardwareScanPlugin\x64\LSCDiags\LenovoDiagnosticsCLI.exe from making changes to memory. Detection time: 2021-03-10T11:28:42.680Z Path: \Device\Harddisk0\DR0 Process Name: C:\ProgramData\Lenovo\IMCONTROLLER\Plugins\LenovoHardwareScanPlugin\x64\LSCDiags\LenovoDiagnosticsCLI.exe Security intelligence Version: 1.333.98.0 Engine Version: 1.1.17900.7 Product Version: 4.18.2102.3 CodeIntegrity: =============== Date: 2021-02-06 17:34:31 Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume3\Program Files\Acronis\CyberProtect\remediation.exe because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source. Date: 2021-02-05 17:17:19 Description: Code Integrity determined that a process (\Device\HarddiskVolume3\Windows\System32\svchost.exe) attempted to load \Device\HarddiskVolume3\Program Files\Bonjour\mdnsNSP.dll that did not meet the Windows signing level requirements. ==================== Memory info =========================== BIOS: LENOVO BZCN21WW(V2.03) 01/13/2021 Motherboard: LENOVO LNVNB161216 Processor: Intel(R) Core(TM) i5-10210U CPU @ 1.60GHz Percentage of memory in use: 63% Total physical RAM: 8056.55 MB Available physical RAM: 2934 MB Total Virtual: 16248.55 MB Available Virtual: 10645.56 MB ==================== Drives ================================ Drive c: (Windows-SSD) (Fixed) (Total:237.23 GB) (Free:127.96 GB) NTFS \\?\Volume{90174393-30ac-4889-b9de-b215d9aa1539}\ (WINRE_DRV) (Fixed) (Total:0.98 GB) (Free:0.32 GB) NTFS \\?\Volume{43040eb6-5967-4e8c-a5ad-f1cc0a66ece2}\ (SYSTEM_DRV) (Fixed) (Total:0.25 GB) (Free:0.2 GB) FAT32 ==================== MBR & Partition Table ==================== ========================================================== Disk: 0 (Size: 238.5 GB) (Disk ID: 071FD7E8) Partition: GPT. Edited March 11, 2021 by AdvancedSetup corrected font issue Link to post Share on other sites More sharing options...
Solution kevinf80 Posted March 11, 2021 Solution ID:1443934 Share Posted March 11, 2021 Hiya Blondii, Thanks for those logs, continue: Please download the attached fixlist.txt file and save it to the Desktop or location where you ran FRST from.NOTE. It's important that both files, FRST or FRSTEnglish, and fixlist.txt are in the same location or the fix will not work.NOTICE: This script was written specifically for this user, for use on this particular machine. Running this on another machine may cause damage to your operating system that cannot be undone. Run FRST or FRST64 and press the Fix button just once and wait. If the tool needs a restart please make sure you let the system restart normally and let the tool complete its run after restart. The tool will make a log on the Desktop (Fixlog.txt) or wherever you ran FRST from. Please attach or post it to your next reply.Note: If the tool warned you about an outdated version please download and run the updated version.NOTE-1: This fix will run a scan to check that all Microsoft operating system files are valid and not corrupt and attempt to correct any invalid files.NOTE-2: As part of this fix all temporary files will be removed. If you have any open web pages that have not been bookmarked please make sure you bookmark them now as all open applications will be automatically closed. Also, make sure you know the passwords for all websites as cookies will also be removed. The following directories are emptied: Windows Temp Users Temp folders Edge, IE, FF, Chrome and Opera caches, HTML5 storages, Cookies and History Recently opened files cache Flash Player cache Java cache Steam HTML cache Explorer thumbnail and icon cache BITS transfer queue (qmgr*.dat files) Recycle Bin Important: items are permanently deleted. They are not moved to quarantine. If you have any questions or concerns please ask before running this fix. The system will be rebooted after the fix has run. Next, Download "Microsoft's Safety Scanner" and save direct to the desktop Ensure to get the correct version for your system....https://docs.microsoft.com/en-us/windows/security/threat-protection/intelligence/safety-scanner-download Right click on the Tool, select Run as Administrator the tool will expand to the options Window In the "Scan Type" window, select Quick Scan Perform a scan and Click Finish when the scan is done. Retrieve the MSRT log as follows, and post it in your next reply: 1) Select the Windows key and R key together to open the "Run" function 2) Type or Copy/Paste the following command to the "Run Line" and Press Enter: notepad c:\windows\debug\msert.log The log will include log details for each time MSRT has run, we only need the most recent log by date and time.... Let me see those logs in your reply... Thank you, Kevin.. fixlist.txt Link to post Share on other sites More sharing options...
Blondii Posted March 15, 2021 Author ID:1444775 Share Posted March 15, 2021 Here is the FixLog: Result of scheduled files to move (Boot Mode: Normal) (Date&Time: 15-03-2021 00:09:15) C:\Windows\Temp\LIMPEDBISCUIT-20210315-0001.log => Is moved successfully C:\Windows\Temp\officeclicktorun.exe_streamserver(20210315000148334C).log => Is moved successfully ==== End of Fixlog 00:09:15 ==== --------------------------------------------------------------------------------------- Log from Microsoft Safety Scanner: Microsoft Safety Scanner v1.333, (build 1.333.438.0) Started On Mon Mar 15 00:15:24 2021 Engine: 1.1.17900.7 Signatures: 1.333.438.0 MpGear: 1.1.16330.1 Run Mode: Interactive Graphical Mode Results Summary: ---------------- No infection found. Successfully Submitted Heartbeat Report Microsoft Safety Scanner Finished On Mon Mar 15 00:45:27 2021 Return code: 0 (0x0) --------------------------------------------------------------------------------------- I also would like to get your opinion on the only other Log that apparently was ran just back on Jan.27th that has a bunch of Scan Error results for a resource file called swapfile.sys. This is the first time I'm actually seeing this. I'll wait for your reply though before posting it. Link to post Share on other sites More sharing options...
kevinf80 Posted March 15, 2021 ID:1444785 Share Posted March 15, 2021 I cannot really comment without seeing the log. Also the Fix log from FRST is not complete, you`ve only posted a small section. Link to post Share on other sites More sharing options...
kevinf80 Posted March 19, 2021 ID:1445810 Share Posted March 19, 2021 Due to the lack of feedback, this topic is closed to prevent others from posting here. If you need this topic reopened, please send a Private Message to any one of the moderating team members. Please include a link to this topic with your request. This applies only to the originator of this topic. Other members who need assistance please start your own topic in a new thread. Tips to help protect from infection Thanks Link to post Share on other sites More sharing options...
kevinf80 Posted August 16, 2021 ID:1475031 Share Posted August 16, 2021 Topic has been reopened per request. Thanks Link to post Share on other sites More sharing options...
kevinf80 Posted August 16, 2021 ID:1475033 Share Posted August 16, 2021 Hello again Blondii, Continue with the following: Lets grab some logs and see whats going on, continue with the following: If you do not have Malwarebytes installed do the following: Download Malwarebytes version 4 from the following link:https://www.malwarebytes.com/mwb-download/thankyou/ Double click on the installer and follow the prompts. When the install completes or Malwarebytes is already installed do the following: Open Malwarebytes, select > small cog wheel top right hand corner, that will open "settings" from there select "Security" tab. Scroll down to "Scan Options" ensure Scan for Rootkits and Scan within Archives are both on.... Close out the settings window, this will take you back to "DashBoard" select the Blue "Scan Now" tab...... When the scan completes quarantine any found entries... To get the log from Malwarebytes do the following: Open Malwarebytes Click on the Detection History tab > from main interface. Then click on "History" that will open to a historical list Double click on the Scan log which shows the Date and time of the scan just performed. Click Export > From export you have two options:Copy to Clipboard - if seleted right click to your reply and select "Paste" log will be pasted to your replyText file (*.txt) - if selected you will have to name the file and save to a place of choice, recommend "Desktop" then attach to reply Please use "Text file (*.txt), then name the file and save to a place of choice, recommend "Desktop" then attach to reply Next, Download AdwCleaner by Malwarebytes onto your Desktop. Or from this Mirror Right-click on AdwCleaner.exe and select http://i.imgur.com/Spcusrh.pngRun as Administrator (for Windows Vista, 7, 8, 8.1 and 10 users) Accept the EULA (I accept), then click on Scan Let the scan complete. Once it's done, make sure that every item listed in the different tabs is checked and click on the Quarantine button. This will kill all the active processes Once the cleaning process is complete, AdwCleaner will ask to restart your computer, do it After the restart, a log will open when logging in. Please copy/paste the content of that log in your next reply Next, Download Farbar Recovery Scan Tool and save it to your desktop. Alternative download option: http://www.techspot.com/downloads/6731-farbar-recovery-scan-tool.htmlNote: You need to run the version compatible with your system (32 bit or 64 bit). If you are not sure which version applies to your system download both of them and try to run them. Only one of them will run on your system, that will be the right version. If your security alerts to FRST either, accept the alert or turn your security off to allow FRST to run. It is not malicious or infected in any way... Be aware FRST must be run from an account with Administrator status... If English is not your primary language Right click on FRST/FRST64 and rename FRSTEnglish/FRST64English Double-click to run it. When the tool opens click Yes to disclaimer.(Windows 8/10 users will be prompted about Windows SmartScreen protection - click More information and Run.) Make sure Addition.txt is checkmarked under "Optional scans" Press Scan button to run the tool.... It will make a log (FRST.txt) in the same directory the tool is run. Please copy and paste it to your reply. The tool will also make a log named (Addition.txt) Please attach that log to your reply. Let me see those logs in your reply... If our tools do not run because of windows smart screen or your security, consider the following: Disable smart screen if it interferes with software we may have to use:https://support.microsoft.com/en-us/microsoft-edge/what-is-smartscreen-and-how-can-it-help-protect-me-1c9a874a-6826-be5e-45b1-67fa445a74c8 Please remember to enable when we are finished.... Next, Disable any Anti-virus software you have installed if it stops software we may use from working:https://www.bleepingcomputer.com/forums/t/114351/how-to-temporarily-disable-your-anti-virus-firewall-and-anti-malware-programs/ Please remember to enable AV software when we are finished running scans.... Thank you, Kevin.... Link to post Share on other sites More sharing options...
Blondii_- Posted August 17, 2021 ID:1475262 Share Posted August 17, 2021 Attached are all the logs requested. Thanks again for re-opening for me. 😊 Mbytes Scan.txt AdwCleaner[C16].txt FRST.txt Addition.txt Link to post Share on other sites More sharing options...
kevinf80 Posted August 17, 2021 ID:1475295 Share Posted August 17, 2021 Hello Blondii_-, Thanks for the attached logs, not seeing any obvious malware or infection in those logs. One file does need to be checked... Upload a File to Virustotal Go to http://www.virustotal.com/ Click the Choose file button Navigate to the file C:\Program Files (x86)\kesx7j77cu.dat Click the Scan it tab If you get a message saying File has already been analyzed: click Reanalyze file now Copy and paste the URL address back here please. Thank you, Kevin. Link to post Share on other sites More sharing options...
Blondii_- Posted August 21, 2021 ID:1476047 Share Posted August 21, 2021 Virus Total | kesx7j77cu.dat 1 Link to post Share on other sites More sharing options...
kevinf80 Posted August 21, 2021 ID:1476077 Share Posted August 21, 2021 Hiya Blondii_- Thanks for the VT log, file is listed as clean... Your previous logs were also not showing any infection or malware. Do you have any remaining issues or concerns..? Thank you, Kevin. Link to post Share on other sites More sharing options...
Blondii_- Posted August 21, 2021 ID:1476133 Share Posted August 21, 2021 I do have 2 Quarantined items that Malwarebytes caught, (Exploit.Agent)(Malware.AI), is there anyway to know/find out how they infected the files they attached too? I guess so I can be sure that they doesn't happen to find their way onto my laptop again. And do you by chance know where I can find like a complete tear down of my laptop? I've googled, binged, duckduckgo'd and tor'd my little heart out and for some reason I just cannot find anywhere any video or step-by-step teardown of my laptops model. Even checked IFIXIT.COM and even they had every Lenovo model except mine. 🤔 I just wanted to be sure that nothing internally was tampered with or replaced, ya know? Link to post Share on other sites More sharing options...
kevinf80 Posted August 21, 2021 ID:1476165 Share Posted August 21, 2021 For your Lenovo use the community website, register you`ll get all of the help ypu`ll ever need: https://forums.lenovo.com/t5/English-Community/ct-p/Community-EN regarding the quarantined items, can I see the log showing when scan results... Link to post Share on other sites More sharing options...
kevinf80 Posted August 24, 2021 ID:1476498 Share Posted August 24, 2021 Due to the lack of feedback, this topic is closed to prevent others from posting here. If you need this topic reopened, please send a Private Message to any one of the moderating team members. Please include a link to this topic with your request. This applies only to the originator of this topic. Other members who need assistance please start your own topic in a new thread. Tips to help protect from infection Thanks Link to post Share on other sites More sharing options...
Recommended Posts