Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 11-01-2023 Ran by Joao Paulo (administrator) on LAPTOP-G8GJENNS (LENOVO 80XN) (17-01-2023 13:09:38) Running from C:\Users\Joao Paulo\Desktop Loaded Profiles: Joao Paulo Platform: Microsoft Windows 10 Home Version 21H2 19044.2364 (X64) Language: English (United States) Default browser: Chrome Boot Mode: Normal ==================== Processes (Whitelisted) ================= (If an entry is included in the fixlist, the process will be closed. The file will not be moved.) (C:\Program Files (x86)\Google\Update\Install\{9F63EF68-3780-40EA-86F4-BC185809C61A}\108.0.5359.126_108.0.5359.125_chrome_updater.exe ->) (Google LLC -> Google LLC) C:\Program Files (x86)\Google\Update\Install\{9F63EF68-3780-40EA-86F4-BC185809C61A}\CR_C0360.tmp\setup.exe <2> (C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{26A53421-DB1D-4134-AF11-2E9170619908}\MicrosoftEdge_X64_109.0.1518.52_108.0.1462.76.exe ->) (Microsoft Corporation -> Microsoft Corporation) C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{26A53421-DB1D-4134-AF11-2E9170619908}\EDGEMITMP_AB46A.tmp\setup.exe (C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe ->) (Microsoft Corporation -> Microsoft Corporation) C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{26A53421-DB1D-4134-AF11-2E9170619908}\MicrosoftEdge_X64_109.0.1518.52_108.0.1462.76.exe (C:\Program Files\Realtek\Audio\HDA\RtkAudioService64.exe ->) (Realtek Semiconductor Corp. -> Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe <3> (C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.2211.5-0\MsMpEng.exe ->) (Microsoft Windows Publisher -> Microsoft Corporation) C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.2211.5-0\MpCopyAccelerator.exe (C:\Users\Joao Paulo\Desktop\adwcleaner.exe ->) (Microsoft Windows -> Microsoft Corporation) C:\Windows\SysWOW64\notepad.exe (cmd.exe ->) (Lenovo (Beijing) Limited -> Lenovo Group Limited) C:\Users\Joao Paulo\AppData\Local\Programs\Lenovo\Lenovo Service Bridge\LSB.exe (explorer.exe ->) (Google LLC -> Google LLC) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe <53> (explorer.exe ->) (Malwarebytes Inc. -> Malwarebytes) C:\Users\Joao Paulo\Desktop\adwcleaner.exe (Google LLC -> Google LLC) C:\Program Files (x86)\Google\Update\Install\{9F63EF68-3780-40EA-86F4-BC185809C61A}\108.0.5359.126_108.0.5359.125_chrome_updater.exe (Lenovo -> ) C:\Program Files (x86)\Lenovo\System Update\TvsuCommandLauncher.exe <2> (Lenovo -> ) C:\Program Files (x86)\Lenovo\System Update\UNCServer.exe (Microsoft Corporation -> Microsoft Corporation) C:\Users\Joao Paulo\AppData\Local\Microsoft\OneDrive\StandaloneUpdater\OneDriveSetup.exe <2> (Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\cmd.exe (Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\SrTasks.exe (Microsoft Windows -> Microsoft Corporation) C:\Windows\SysWOW64\dllhost.exe (Microsoft Windows Publisher -> Microsoft Corporation) C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.2211.5-0\MpCmdRun.exe <2> (services.exe ->) (Lenovo -> ) C:\Program Files (x86)\Lenovo\System Update\SUService.exe (services.exe ->) (Microsoft Corporation -> Microsoft Corporation) C:\Program Files\Common Files\microsoft shared\ClickToRun\OfficeClickToRun.exe (services.exe ->) (Microsoft Corporation -> Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v3.0\WPF\PresentationFontCache.exe (services.exe ->) (Microsoft Windows Publisher -> Microsoft Corporation) C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.2211.5-0\MsMpEng.exe (services.exe ->) (Microsoft Windows Publisher -> Microsoft Corporation) C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.2211.5-0\NisSrv.exe (services.exe ->) (Realtek Semiconductor Corp. -> Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RtkAudioService64.exe (svchost.exe ->) (Adobe Inc. -> Adobe Inc.) C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe (svchost.exe ->) (Google Inc -> Google Inc.) C:\Program Files (x86)\Google\Update\GoogleUpdate.exe (svchost.exe ->) (Intel(R) System Usage Report -> Intel Corporation) C:\Program Files\Intel\SUR\QUEENCREEK\Updater\bin\IntelSoftwareAssetManagerService.exe (svchost.exe ->) (Lenovo (Beijing) Limited -> Lenovo Group Limited) C:\Users\Joao Paulo\AppData\Local\Programs\Lenovo\Lenovo Service Bridge\LSBUpdater.exe (svchost.exe ->) (Lenovo -> Lenovo Group Ltd.) C:\Program Files (x86)\Lenovo\VantageService\3.9.23.0\ScheduleEventAction.exe <3> (svchost.exe ->) (Microsoft Corporation -> Microsoft Corporation) C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe <3> (svchost.exe ->) (Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\CompatTelRunner.exe <2> (svchost.exe ->) (Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\DeviceCensus.exe (svchost.exe ->) (Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\dllhost.exe (svchost.exe ->) (Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\MoUsoCoreWorker.exe (svchost.exe ->) (Microsoft Windows -> Microsoft Corporation) C:\Windows\WinSxS\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_10.0.19041.2300_none_7e14edbc7c88b7d5\TiWorker.exe ==================== Registry (Whitelisted) =================== (If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.) HKLM\...\Run: [LenovoUtility] => C:\Program Files\Lenovo\LenovoUtility\utility.exe [791848 2017-05-19] (LENOVO -> ) HKLM\...\Run: [RTHDVCPL] => C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [18391088 2018-10-18] (Realtek Semiconductor Corp. -> Realtek Semiconductor) HKLM\...\Run: [RtHDVBg_Dolby] => C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe [1506376 2018-10-18] (Realtek Semiconductor Corp. -> Realtek Semiconductor) HKLM\...\Run: [RtHDVBg_LENOVO_DOLBYDRAGON] => C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe [1506376 2018-10-18] (Realtek Semiconductor Corp. -> Realtek Semiconductor) HKLM\...\Run: [IAStorIcon] => C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe [321112 2019-07-29] (Intel(R) Rapid Storage Technology -> Intel Corporation) HKLM\...\Run: [DAX2_APP] => C:\Program Files\Dolby\Dolby DAX2\DAX2_APP\DolbyDAX2TrayIcon.exe [829632 2016-06-24] (Dolby Laboratories, Inc. -> ) HKLM-x32\...\Run: [Backup] => C:\Program Files (x86)\Wondershare\drfone\Addins\Backup\DrFoneBackup.exe [1481736 2022-03-03] (Wondershare Technology Co.,Ltd -> Wondershare) HKLM-x32\...\Run: [Intel Driver & Support Assistant] => C:\Program Files (x86)\Intel\Driver and Support Assistant\DSATray.exe [292120 2022-10-26] (Intel Corporation -> Intel) HKLM\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate: Restriction <==== ATTENTION HKU\S-1-5-21-967556649-2745294871-1311300776-1001\...\Run: [com.squirrel.Teams.Teams] => C:\Users\Joao Paulo\AppData\Local\Microsoft\Teams\Update.exe [2585824 2022-12-07] (Microsoft 3rd Party Application Component -> Microsoft Corporation) HKU\S-1-5-21-967556649-2745294871-1311300776-1001\...\Run: [MicrosoftEdgeAutoLaunch_BF969105AA6EFC316474474FBDA0F7DB] => "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --no-startup-window --win-session-start /prefetch:5 [4188616 2023-01-15] (Microsoft Corporation -> Microsoft Corporation) HKLM\Software\Microsoft\Active Setup\Installed Components: [{8A69D345-D564-463c-AFF1-A69D9E530F96}] -> C:\Program Files (x86)\Google\Chrome\Application\108.0.5359.125\Installer\chrmstp.exe [2022-12-23] (Google LLC -> Google LLC) ==================== Scheduled Tasks (Whitelisted) ============ (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.) Task: {06DC0CE5-7129-4957-B699-8B610CAFF65A} - System32\Tasks\Lenovo\Lenovo Service Bridge\S-1-5-21-967556649-2745294871-1311300776-1001 => C:\Users\Joao Paulo\AppData\Local\Programs\Lenovo\Lenovo Service Bridge\LSBUpdater.exe [89096 2022-10-19] (Lenovo (Beijing) Limited -> Lenovo Group Limited) Task: {075D8673-4864-4A4F-B758-4ACC84F89568} - System32\Tasks\CLMLSvc_P2G8 => C:\Program Files (x86)\Lenovo\Power2Go\CLMLSvc_P2G8.exe [190744 2016-10-07] (CyberLink Corp. -> CyberLink) Task: {160635D2-ACC3-4860-9A9D-66B7097C81B9} - System32\Tasks\Lenovo\Vantage\Schedule\DailyTelemetryTransmission => C:\Program Files (x86)\Lenovo\VantageService\3.9.23.0\ScheduleEventAction.exe [26656 2021-09-16] (Lenovo -> Lenovo Group Ltd.) Task: {1718FD9E-B4F3-45DE-BB10-862508392086} - System32\Tasks\Adobe Acrobat Update Task => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [1552376 2022-09-26] (Adobe Inc. -> Adobe Inc.) Task: {1A0802ED-D01D-465F-A33E-2DDCB04FDFE7} - System32\Tasks\IntelSURQC-Upgrade-86621605-2a0b-4128-8ffc-15514c247132-Logon => C:\Program Files\Intel\SUR\QUEENCREEK\Updater\bin\IntelSoftwareAssetManagerService.exe [3098912 2020-11-05] (Intel(R) System Usage Report -> Intel Corporation) Task: {23FC0427-7D29-41E6-AC21-E3EF90F83843} - System32\Tasks\Lenovo\ImController\Lenovo iM Controller Scheduled Maintenance => "%windir%\system32\sc.exe" START ImControllerService Task: {38C55568-1F89-45A4-BEC0-D29CC006A811} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [153168 2018-02-21] (Google Inc -> Google Inc.) Task: {3C792BD9-CF82-4DFF-B643-FFFE31F340C1} - System32\Tasks\Lenovo\Vantage\Lenovo.Vantage.ServiceMaintainance => %systemroot%\system32\sc.exe start LenovoVantageService Task: {4103613B-CE03-4677-B3B5-931B4BDF1D97} - System32\Tasks\Lenovo\BatteryGauge\BatteryGaugeMaintenance => C:\ProgramData\Lenovo\ImController\Plugins\LenovoBatteryGaugePackage\x64\BGHelper.exe [149280 2022-09-23] (Lenovo -> Lenovo Group Ltd.) Task: {52CE1D07-18C9-4369-B02B-234E5EA6512C} - System32\Tasks\Microsoft\Windows\Windows Defender\Windows Defender Scheduled Scan => C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.2211.5-0\MpCmdRun.exe [1592184 2022-12-09] (Microsoft Windows Publisher -> Microsoft Corporation) Task: {5381F3BB-9B66-4A9F-999A-C3F906F66277} - System32\Tasks\Microsoft\Windows\Windows Defender\Windows Defender Verification => C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.2211.5-0\MpCmdRun.exe [1592184 2022-12-09] (Microsoft Windows Publisher -> Microsoft Corporation) Task: {55CA1C27-0612-4083-A856-7348AFE69E21} - System32\Tasks\Microsoft\Office\Office Automatic Updates 2.0 => C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeC2RClient.exe [26308584 2022-12-13] (Microsoft Corporation -> Microsoft Corporation) Task: {59DF6D7D-F78E-409F-8589-3FECC81C60A7} - System32\Tasks\Mozilla\Firefox Default Browser Agent 308046B0AF4A39CB => C:\Program Files\Mozilla Firefox\default-browser-agent.exe do-task "308046B0AF4A39CB" Task: {6A7CBA0F-BA78-4D7B-9B59-A187CFAC3A05} - System32\Tasks\Lenovo\ImController\TimeBasedEvents\b725a58a-a554-4691-a0d2-baad0fedbefe => C:\WINDOWS\Lenovo\ImController\Service\Lenovo.Modern.ImController.exe [84240 2022-01-28] (Lenovo -> Lenovo Group Ltd.) Task: {6F918C58-17CE-4BD7-94F2-5BD54D4F8D16} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [153168 2018-02-21] (Google Inc -> Google Inc.) Task: {6FB14A92-C6C9-4305-93BE-6E7D21B33AEB} - System32\Tasks\CLVDLauncher => C:\Program Files (x86)\Lenovo\Power2Go\CLVDLauncher.exe [347416 2016-09-20] (CyberLink Corp. -> CyberLink Corp.) Task: {76BB19AA-3D3C-4193-8AB5-B0B7AE8F3359} - System32\Tasks\Microsoft\Office\Office ClickToRun Service Monitor => C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeC2RClient.exe [26308584 2022-12-13] (Microsoft Corporation -> Microsoft Corporation) Task: {826386E4-6EE5-424A-AC73-CEDB6AA28D17} - System32\Tasks\Mozilla\Firefox Background Update 308046B0AF4A39CB => C:\Program Files\Mozilla Firefox\firefox.exe --MOZ_LOG sync,prependheader,timestamp,append,maxsize:1,Dump:5 --MOZ_LOG_FILE C:\ProgramData\Mozilla-1de4eec8-1241-4177-a864-e594e8d1fb38\updates\308046B0AF4A39CB\backgroundupdate.moz_log --backgroundtask backgroundupdate Task: {8435CE91-D02F-49FF-8C7E-FF3F4EDC82E3} - System32\Tasks\Lenovo\ImController\Lenovo iM Controller Monitor => C:\WINDOWS\system32\ImController.InfInstaller.exe [64256 2022-01-28] (Lenovo -> Lenovo Group Ltd.) Task: {87BA84DF-290B-42CD-AB41-1E559BB2F682} - System32\Tasks\RtHDVBg_LENOVO_DOLBYDRAGON => C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe [1506376 2018-10-18] (Realtek Semiconductor Corp. -> Realtek Semiconductor) Task: {9434C3B9-BE69-4022-9510-95220233202D} - System32\Tasks\Lenovo\ImController\Plugins\LenovoSystemUpdatePlugin_WeeklyTask => %windir%\System32\reg.exe add hklm\SOFTWARE\Lenovo\SystemUpdatePlugin\scheduler /v start /t reg_dword /d 1 /f /reg:32 Task: {9B12D483-BBEA-4732-9D2F-38180A80D757} - System32\Tasks\Lenovo\Vantage\Schedule\HeartbeatAddinDailyScheduleTask => C:\Program Files (x86)\Lenovo\VantageService\3.9.23.0\ScheduleEventAction.exe [26656 2021-09-16] (Lenovo -> Lenovo Group Ltd.) Task: {A9377849-5810-450D-AA1E-165567A37855} - System32\Tasks\RTKCPL => C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe [1506376 2018-10-18] (Realtek Semiconductor Corp. -> Realtek Semiconductor) Task: {AA2A7309-5C95-4D43-BE91-2DDCBDCB7F34} - System32\Tasks\Lenovo\ImController\TimeBasedEvents\f121ba81-4883-4e4d-aea1-ec97c41be3b4 => C:\WINDOWS\Lenovo\ImController\Service\Lenovo.Modern.ImController.exe [84240 2022-01-28] (Lenovo -> Lenovo Group Ltd.) Task: {AB5B9185-B25C-4597-B503-AFF2064A3F9A} - System32\Tasks\Lenovo\ImController\TimeBasedEvents\ec194495-742c-4a57-a32a-e0666c4dd654 => C:\WINDOWS\Lenovo\ImController\Service\Lenovo.Modern.ImController.exe [84240 2022-01-28] (Lenovo -> Lenovo Group Ltd.) Task: {AFF4551E-2C05-4217-A2BC-9F3C9C828B39} - System32\Tasks\Microsoft\Office\Office Feature Updates => C:\Program Files (x86)\Microsoft Office\root\Office16\sdxhelper.exe [114656 2022-12-13] (Microsoft Corporation -> Microsoft Corporation) Task: {B03B038B-648F-4AA1-B097-3171B49489FD} - System32\Tasks\PDVDServ14 Task => C:\Program Files (x86)\CyberLink\PowerDVD14\PDVD14Serv.exe [88344 2016-09-29] (CyberLink Corp. -> CyberLink Corp.) Task: {BAB3A5E5-E0C9-43B3-916A-E74DDC96C634} - System32\Tasks\Lenovo\Vantage\Schedule\LenovoSystemUpdateAddin_WeeklyTask => C:\Program Files (x86)\Lenovo\VantageService\3.9.23.0\ScheduleEventAction.exe [26656 2021-09-16] (Lenovo -> Lenovo Group Ltd.) Task: {CB3136C5-38A0-482A-9C30-365CE1154B76} - System32\Tasks\Lenovo\ImController\TimeBasedEvents\93eea8e4-0028-4525-b6f9-84e865977da7 => C:\WINDOWS\Lenovo\ImController\Service\Lenovo.Modern.ImController.exe [84240 2022-01-28] (Lenovo -> Lenovo Group Ltd.) Task: {DE4433A9-91F5-4778-9BB1-106CB31DE537} - System32\Tasks\IntelSURQC-Upgrade-86621605-2a0b-4128-8ffc-15514c247132 => C:\Program Files\Intel\SUR\QUEENCREEK\Updater\bin\IntelSoftwareAssetManagerService.exe [3098912 2020-11-05] (Intel(R) System Usage Report -> Intel Corporation) Task: {DF8B1850-B50E-417F-9F79-96A932F90F5E} - System32\Tasks\TVT\TVSUUpdateTask_UserLogOn => C:\Program Files (x86)\Lenovo\System Update\tvsuShim.exe [1900320 2022-09-29] (Lenovo -> ) Task: {E71BA277-A98F-4454-A716-A98A466C1B8F} - System32\Tasks\USER_ESRV_SVC_QUEENCREEK => "C:\WINDOWS\System32\Wscript.exe" //B //NoLogo "C:\Program Files\Intel\SUR\QUEENCREEK\x64\task.vbs" Task: {EBB05E31-333D-4087-BB58-5EC65F6B01F2} - System32\Tasks\RtHDVBg_Dolby => C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe [1506376 2018-10-18] (Realtek Semiconductor Corp. -> Realtek Semiconductor) Task: {F1EFDA1B-A98E-4E76-8795-D33A10744345} - System32\Tasks\Microsoft\Windows\Windows Defender\Windows Defender Cache Maintenance => C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.2211.5-0\MpCmdRun.exe [1592184 2022-12-09] (Microsoft Windows Publisher -> Microsoft Corporation) Task: {F27DF891-0DE5-4305-9151-2DABAA5B7399} - System32\Tasks\TVT\TVSUUpdateTask => C:\Program Files (x86)\Lenovo\System Update\tvsuShim.exe [1900320 2022-09-29] (Lenovo -> ) Task: {F8A27A36-7F0A-4BF8-BFDC-DECECCCE623A} - System32\Tasks\Microsoft\Office\Office Feature Updates Logon => C:\Program Files (x86)\Microsoft Office\root\Office16\sdxhelper.exe [114656 2022-12-13] (Microsoft Corporation -> Microsoft Corporation) Task: {FE677045-F9D0-4111-9AF1-87FB14FFEE0C} - System32\Tasks\Microsoft\Windows\Windows Defender\Windows Defender Cleanup => C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.2211.5-0\MpCmdRun.exe [1592184 2022-12-09] (Microsoft Windows Publisher -> Microsoft Corporation) (If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.) Task: C:\WINDOWS\Tasks\CreateExplorerShellUnelevatedTask.job => C:\WINDOWS\explorer.exe ==================== Internet (Whitelisted) ==================== (If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.) Tcpip\Parameters: [DhcpNameServer] 192.168.101.1 Tcpip\..\Interfaces\{21d9c648-867d-44cc-a8ee-b4c7a37f5f59}: [DhcpNameServer] 150.201.1.2 Tcpip\..\Interfaces\{2505d16f-0de9-46ad-bcde-abbbf6f21395}: [NameServer] 8.8.8.8,8.8.4.4 Tcpip\..\Interfaces\{2505d16f-0de9-46ad-bcde-abbbf6f21395}: [DhcpNameServer] 192.168.101.1 Edge: ======= Edge Extension: (No Name) -> AutoFormFill_5ED10D46BD7E47DEB1F3685D2C0FCE08 => C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\Assets\HostExtensions\AutoFormFill [not found] Edge Extension: (No Name) -> BookReader_B171F20233094AC88D05A8EF7B9763E8 => C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\Assets\BookViewer [not found] Edge Extension: (No Name) -> LearningTools_7706F933-971C-41D1-9899-8A026EB5D824 => C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\Assets\HostExtensions\LearningTools [not found] Edge Extension: (No Name) -> PinJSAPI_EC01B57063BE468FAB6DB7EBFC3BF368 => C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\Assets\HostExtensions\PinJSAPI [not found] Edge DefaultProfile: Default Edge Profile: C:\Users\Joao Paulo\AppData\Local\Microsoft\Edge\User Data\Default [2022-12-09]