Solved Connection issue regarding certificate

  • Hi there and welcome to PC Help Forum (PCHF), a more effective way to get the Tech Support you need!
    We have Experts in all areas of Tech, including Malware Removal, Crash Fixing and BSOD's , Microsoft Windows, Computer DIY and PC Hardware, Networking, Gaming, Tablets and iPads, General and Specific Software Support and so much more.

    Why not Click Here To Sign Up and start enjoying great FREE Tech Support.

    This site uses cookies. By continuing to use this site, you are agreeing to our use of cookies. Learn More.
Welcome to our Community
Wanting to join the rest of our members? Feel free to sign up today.
Sign up
Status
Not open for further replies.

Baroona

PCHF Member
PCHF Member
Apr 18, 2019
27
1
23
Hi guys/girls, my connection seems to have trouble with certificate. I am unable to access any website for unknown reasons. I have attached picture to further elaborate my issues.




I have tried different browser from my default ( currently chrome ) it works just fine before, however after doing stuff here and there ( such as ignoring error on chrome ) now my chrome can browse however it is not secure while all other browser not working now. This picture below shows my current chrome situation.




I hope it is not too confusing and thanks in advance for the helps.

Regards,
Baroona
 

jmarket

PCHF's Almighty Ruler
PCHF Owner
Support Team
Security Team
Jan 10, 2015
2,154
499
PCHF Bunker
pchelpforum.net
Hi @Baroona and welcome to PCHF :)

Please download the FRST 32 bit or FRST 64bit version to suit your operating system. It is important FRST is downloaded to your desktop.

If you are unsure if your operating system is 32 or 64 Bit please go HERE.

Once downloaded right click the FRST desktop icon and select "Run as administrator" from the menu.



If you receive any security warnings, or the User Account Control warning opens at any time whilst using FRST you can safely allow FRST to proceed.
Frst will open with two dialogue boxes, accept the disclaimer.


Accept the default whitelist options,
If the additions.txt options box is not checked please select it.
Then select "Scan"



Frst will take a few minutes to scan your computer, and when finished will produce two log files on your desktop, FRST.txt, and Addition.txt. They will display immediately on the desktop, but can be reopened later as a notepad file.



Please Copy and Paste the contents of these logs in your next post for review by our Security Team
 
  • Like
Reactions: Baroona

Baroona

PCHF Member
PCHF Member
Apr 18, 2019
27
1
23
@jmarket i somehow fix it by downloading adlock, do you think it will impact negatively instead of doing your suggested way?

Thanks in advance
 

Baroona

PCHF Member
PCHF Member
Apr 18, 2019
27
1
23
one thing to note though, as far as i remember, the https should be green colour isnt it? mine is just gray

4610



this gray colour is only on chrome however, opera comes out green just fine. is there any logic behind it maybe?
 

Baroona

PCHF Member
PCHF Member
Apr 18, 2019
27
1
23
well i decided to do your advises,

content on addition

Additional scan result of Farbar Recovery Scan Tool (x64) Version: 17.04.2019
Ran by Lenovo (19-04-2019 02:14:38)
Running from C:\Users\Lenovo\Downloads
Windows 10 Pro Version 1803 17134.706 (X64) (2018-05-26 07:41:06)
Boot Mode: Normal
==========================================================


==================== Accounts: =============================

Administrator (S-1-5-21-1925601759-1010797402-2804155008-500 - Administrator - Disabled)
DefaultAccount (S-1-5-21-1925601759-1010797402-2804155008-503 - Limited - Disabled)
Guest (S-1-5-21-1925601759-1010797402-2804155008-501 - Limited - Disabled)
HomeGroupUser$ (S-1-5-21-1925601759-1010797402-2804155008-1002 - Limited - Enabled)
Lenovo (S-1-5-21-1925601759-1010797402-2804155008-1000 - Administrator - Enabled) => C:\Users\Lenovo
WDAGUtilityAccount (S-1-5-21-1925601759-1010797402-2804155008-504 - Limited - Disabled)

==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AV: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AV: Malwarebytes (Disabled - Up to date) {23007AD3-69FE-687C-2629-D584AFFAF72B}
AV: 360 Total Security (Enabled - Up to date) {0371CA44-3F80-A1D3-BECE-910620B58D50}
AS: Malwarebytes (Disabled - Up to date) {98619B37-4FC4-67F2-1C99-EEF6D47DBD96}
AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: 360 Total Security (Enabled - Up to date) {B8102BA0-19BA-AE5D-847E-AA745B32C7ED}

==================== Installed Programs ======================

(Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

. . (HKLM\...\{3D383E25-72E7-4F09-AA1C-9ADE6A2EF42F}) (Version: 7.1 - Intel) Hidden
. . . (HKLM-x32\...\{0C9A6167-6560-4085-9C35-EDB1AE105328}) (Version: 3.2.0.9 - Intel) Hidden
360 Total Security (HKLM-x32\...\360TotalSecurity) (Version: 10.2.0.1180 - 360 Security Center)
3DP Chip Lite v17.11.1 (HKLM-x32\...\3DP Chip Lite) (Version: v17.11.1 - 3DP)
ACDSee Pro 3 (HKLM-x32\...\{1B280FAF-AE10-4E31-A41A-DB3917D651DC}) (Version: 3.0.355 - ACD Systems International Inc.)
Active Directory Authentication Library for SQL Server (HKLM\...\{32C0D7B2-1046-43AC-98AD-B748E1910916}) (Version: 13.0.1601.5 - Microsoft Corporation) Hidden
Active Directory Authentication Library for SQL Server (x86) (HKLM-x32\...\{F40FA676-46B1-4609-85EF-D2F1F79E0C0E}) (Version: 13.0.1601.5 - Microsoft Corporation) Hidden
AdLock (HKLM\...\{26D2159D-4BE2-43A4-9E68-F0594DF0295C}) (Version: 1.0.2.2 - Hankuper) Hidden
Adobe Flash Player 29 NPAPI (HKLM-x32\...\Adobe Flash Player NPAPI) (Version: 29.0.0.113 - Adobe Systems Incorporated)
Adobe Flash Player 29 PPAPI (HKLM-x32\...\Adobe Flash Player PPAPI) (Version: 29.0.0.113 - Adobe Systems Incorporated)
AMD Settings (HKLM\...\WUCCCApp) (Version: 2016.0628.2138.37120 - Advanced Micro Devices, Inc.)
AMD Software (HKLM\...\AMD Catalyst Install Manager) (Version: 18.2.1 - Advanced Micro Devices, Inc.)
Anathena (HKU\S-1-5-21-1925601759-1010797402-2804155008-1000\...\242cfcc8731b6ee3) (Version: 3.3.8.0 - Anathena)
Any Video Converter 6.2.5 (HKLM-x32\...\Any Video Converter) (Version: 6.2.5 - Anvsoft)
Apple Application Support (32-bit) (HKLM-x32\...\{D4C80B0C-CF67-43A7-90C3-466853543B54}) (Version: 6.3 - Apple Inc.)
Apple Application Support (64-bit) (HKLM\...\{B2A2E8AF-BC48-4191-B2C4-3846A19835CA}) (Version: 6.3 - Apple Inc.)
Apple Application Support (HKLM-x32\...\{46F044A5-CE8B-4196-984E-5BD6525E361D}) (Version: 2.3.6 - Apple Inc.)
Apple Mobile Device Support (HKLM\...\{AA7D90D2-2387-4FA5-A3AF-96811BE49BFD}) (Version: 11.0.5.14 - Apple Inc.)
Apple Software Update (HKLM-x32\...\{19589375-5C58-4AFA-842F-8B34744CCEAD}) (Version: 2.5.0.1 - Apple Inc.)
Apple Software Update (HKLM-x32\...\{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}) (Version: 2.1.3.127 - Apple Inc.)
ArcSoft WebCam Companion 3 (HKLM-x32\...\{34985F59-8F6F-46F4-9AD5-53E2714294D2}) (Version: 3.0.189 - ArcSoft)
AVG 2015 (HKLM\...\{6E4BAAF0-7F23-41E5-B16B-4727B6FC0C6F}) (Version: 15.0.6081 - AVG Technologies) Hidden
AVG Web TuneUp (HKLM-x32\...\AVG Web TuneUp) (Version: 4.3.6.255 - AVG Technologies)
Battle.net (HKLM-x32\...\Battle.net) (Version: - Blizzard Entertainment)
BattlePing (HKLM-x32\...\{DB480AC3-1578-B8DC-3F8F-786A2A4E3BC7}) (Version: 1.3.7.1 - BattlePing)
Bonjour (HKLM\...\{56DDDFB8-7F79-4480-89D5-25E1F52AB28F}) (Version: 3.1.0.1 - Apple Inc.)
Catalyst Control Center Next Localization BR (HKLM\...\{15EEB07A-3FB9-FA4C-8EFF-697728CB1E5C}) (Version: 2016.0628.2138.37120 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization CHS (HKLM\...\{A63E3031-0522-18C6-F18F-7EE80973315F}) (Version: 2016.0628.2138.37120 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization CHT (HKLM\...\{A2966D0F-43BB-116D-C9C7-49612FBFD0AE}) (Version: 2016.0628.2138.37120 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization CS (HKLM\...\{4C608ED2-535B-2119-3661-9E6F7DDB600F}) (Version: 2016.0628.2138.37120 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization DA (HKLM\...\{9005C809-497A-FD45-CB96-76A3338E35B9}) (Version: 2016.0628.2138.37120 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization DE (HKLM\...\{D84300A6-72F1-5771-B3B1-8FC71184AB38}) (Version: 2016.0628.2138.37120 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization EL (HKLM\...\{56D13277-FA9F-2842-682D-DD7298973585}) (Version: 2016.0628.2138.37120 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization ES (HKLM\...\{8D0C7788-D519-7B65-36F6-D0D21296F173}) (Version: 2016.0628.2138.37120 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization FI (HKLM\...\{930FD2C7-D026-197D-94E4-CB5917CE7420}) (Version: 2016.0628.2138.37120 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization FR (HKLM\...\{086D11E3-9CA4-DBEF-2B48-5A2EFFD53145}) (Version: 2016.0628.2138.37120 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization HU (HKLM\...\{D0C1EAB6-92F1-EE91-04C2-5947EE150593}) (Version: 2016.0628.2138.37120 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization IT (HKLM\...\{57EAA61A-CD02-DF34-0839-2549F57A334C}) (Version: 2016.0628.2138.37120 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization JA (HKLM\...\{AA477FD2-347B-1732-5D8C-AF35AF1B9703}) (Version: 2016.0628.2138.37120 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization KO (HKLM\...\{BBFC5953-2CB9-5932-1D47-52E4AA99737B}) (Version: 2016.0628.2138.37120 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization NL (HKLM\...\{01E7D692-D785-743F-5A55-F00162D26A1C}) (Version: 2016.0628.2138.37120 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization NO (HKLM\...\{5D8BA452-1264-7D13-E4EC-8236EC5B83FE}) (Version: 2016.0628.2138.37120 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization PL (HKLM\...\{F49BA906-83DA-3F5A-5B24-03C8DE2A3936}) (Version: 2016.0628.2138.37120 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization RU (HKLM\...\{5A466CAA-F071-D9EF-A799-EF63552DBE70}) (Version: 2016.0628.2138.37120 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization SV (HKLM\...\{D7DC4DDB-3E0D-6F79-4258-4A461654B689}) (Version: 2016.0628.2138.37120 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization TH (HKLM\...\{ACDFF800-6015-BEEC-8A27-7B1A80915273}) (Version: 2016.0628.2138.37120 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization TR (HKLM\...\{A28B1FC5-3947-9D39-7FE5-A3CB18E16358}) (Version: 2016.0628.2138.37120 - Advanced Micro Devices, Inc.) Hidden
CCleaner (HKLM\...\CCleaner) (Version: 5.41 - Piriform)
Cheat Engine 6.6 (HKLM-x32\...\Cheat Engine 6.6_is1) (Version: - Cheat Engine)
Cisco EAP-FAST Module (HKLM-x32\...\{64BF0187-F3D2-498B-99EA-163AF9AE6EC9}) (Version: 2.2.14 - Cisco Systems, Inc.)
Cisco LEAP Module (HKLM-x32\...\{AF312B06-5C5C-468E-89B3-BE6DE2645722}) (Version: 1.0.19 - Cisco Systems, Inc.)
Cisco PEAP Module (HKLM-x32\...\{0A4EF0E6-A912-4CDE-A7F3-6E56E7C13A2F}) (Version: 1.1.6 - Cisco Systems, Inc.)
Conexant HD Audio (HKLM\...\CNXT_AUDIO_HDA) (Version: 8.66.16.50 - Conexant)
CyberLink PowerDVD 11 (HKLM-x32\...\InstallShield_{F232C87C-6E92-4775-8210-DFE90B7777D9}) (Version: 11.0.1620.51 - CyberLink Corp.)
D3DX10 (HKLM-x32\...\{E09C4DB7-630C-4F06-A631-8EA7239923AF}) (Version: 15.4.2368.0902 - Microsoft) Hidden
DivX H.264 decoder 8.2.0.26 (HKLM-x32\...\divxh264_is1) (Version: 8.2.0.26 - )
DivX Setup (HKLM-x32\...\DivX Setup) (Version: 2.7.0.93 - DivX, LLC)
Dolby Digital Plus Advanced Audio (HKLM\...\{B0BFC63F-EA07-419E-960B-3FB2ED5DD0B2}) (Version: 7.6.5.1 - Dolby Laboratories Inc)
Dolby Digital Plus Home Theater (HKLM\...\{7E3D8FA1-6092-469A-955B-68FC4A2C67CA}) (Version: 7.6.5.1 - Dolby Laboratories Inc)
Driver Easy 5.6.1 (HKLM\...\DriverEasy_is1) (Version: 5.6.1 - Easeware)
Dropbox (HKLM-x32\...\Dropbox) (Version: 45.4.92 - Dropbox, Inc.)
Dropbox Update Helper (HKLM-x32\...\{099218A5-A723-43DC-8DB5-6173656A1E94}) (Version: 1.3.59.1 - Dropbox, Inc.) Hidden
Energy Management (HKLM-x32\...\{D0956C11-0F60-43FE-99AD-524E833471BB}) (Version: 7.0.3.9 - Lenovo) Hidden
Energy Management (HKLM-x32\...\InstallShield_{D0956C11-0F60-43FE-99AD-524E833471BB}) (Version: 7.0.3.9 - Lenovo)
eNexia version 749.0 (HKLM-x32\...\{8C3EC8A8-70A1-4298-BD7D-3CD7DAE20D64}_is1) (Version: 749.0 - eNexiaTK)
Free Download Manager (HKLM\...\{43781dff-e0df-49ce-a6d2-47da96a485e7}}_is1) (Version: - FreeDownloadManager.ORG)
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 73.0.3683.103 - Google Inc.)
Google Update Helper (HKLM-x32\...\{60EC980A-BDA2-4CB6-A427-B07A5498B4CA}) (Version: 1.3.34.7 - Google LLC) Hidden
GRF Editor version 1.7.9 (HKLM-x32\...\GRF Editor_is1) (Version: 1.7.9 - )
Hearthstone (HKLM-x32\...\Hearthstone) (Version: - Blizzard Entertainment)
Hearthstone Deck Tracker (HKU\S-1-5-21-1925601759-1010797402-2804155008-1000\...\HearthstoneDeckTracker) (Version: 1.7.6 - HearthSim)
Hotspot Shield 7.6.4 (HKLM-x32\...\{AF599C42-A2E5-4251-B7EE-4925C187EDD1}) (Version: 7.6.4.10926 - AnchorFree Inc.) Hidden
Hotspot Shield 7.6.4 (HKLM-x32\...\{f0473374-de13-4075-b4ef-5847e91e1d6a}) (Version: 7.6.4.10926 - AnchorFree Inc.)
Hotspot Shield 7.6.4 (HKLM-x32\...\HotspotShield) (Version: 7.6.4 - AnchorFree Inc.) Hidden
HxD Hex Editor version 1.7.7.0 (HKLM-x32\...\HxD Hex Editor_is1) (Version: 1.7.7.0 - Maël Hörz)
IIS 10.0 Express (HKLM\...\{13FD7E30-D2F1-498D-ABC2-A4242DB6610E}) (Version: 10.0.1736 - Microsoft Corporation)
Intel(R) Chipset Device Software (HKLM-x32\...\{17408817-d415-4768-a160-ae6d46d6bdb0}) (Version: 10.1.1.44 - Intel(R) Corporation) Hidden
Intel(R) Computing Improvement Program (HKLM\...\{699E6891-25C3-443A-9B8E-80C74F0172C8}) (Version: 2.1.03413 - Intel Corporation)
Intel(R) Management Engine Components (HKLM-x32\...\{65153EA5-8B6E-43B6-857B-C6E4FC25798A}) (Version: 9.5.15.1730 - Intel Corporation)
Intel(R) Processor Graphics (HKLM-x32\...\{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}) (Version: 20.19.15.4531 - Intel Corporation)
Intel(R) Rapid Storage Technology (HKLM\...\{409CB30E-E457-4008-9B1A-ED1B9EA21140}) (Version: 12.9.0.1001 - Intel Corporation)
Intel(R) USB 3.0 eXtensible Host Controller Driver (HKLM-x32\...\{240C3DDD-C5E9-4029-9DF7-95650D040CF2}) (Version: 2.5.3.34 - Intel Corporation)
Intel® Driver & Support Assistant (HKLM-x32\...\{4d839fe1-a8d3-4edc-b0ca-844394309856}) (Version: 3.2.0.9 - Intel)
IObit Uninstaller 8 (HKLM-x32\...\IObitUninstall) (Version: 8.4.0.8 - IObit)
iTunes (HKLM\...\{1D7D1271-5258-4F5A-B8C1-7176BF398782}) (Version: 12.7.3.46 - Apple Inc.)
Java 8 Update 161 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F32180161F0}) (Version: 8.0.1610.12 - Oracle Corporation)
K-Lite Mega Codec Pack 14.0.5 (HKLM-x32\...\KLiteCodecPack_is1) (Version: 14.0.5 - KLCP)
Lenovo EasyCamera (HKLM-x32\...\{E399A5B3-ED53-4DEA-AF04-8011E1EB1EAC}) (Version: 6.3.9600.11105 - Realtek Semiconductor Corp.)
Logitech Gaming Software 8.57 (HKLM\...\Logitech Gaming Software) (Version: 8.57.145 - Logitech Inc.)
Magic Bullet Suite 64-bit (HKLM\...\{93488C33-D8D6-472A-83BB-F71603355CF0}) (Version: 11.1.0 - Red Giant Software) Hidden
Magic Bullet Suite 64-bit (HKLM-x32\...\InstallShield_{93488C33-D8D6-472A-83BB-F71603355CF0}) (Version: 11.1.0 - Red Giant Software)
Malwarebytes version 3.4.4.2398 (HKLM\...\{35065F43-4BB2-439A-BFF7-0F1014F2E0CD}_is1) (Version: 3.4.4.2398 - Malwarebytes)
McAfee True Key (HKLM\...\TrueKey) (Version: 5.2.167.1 - McAfee, LLC)
mHotspot version 7.8.8.0 (HKLM-x32\...\{beeb7906-9268-4520-8850-8d8af9b1c7c8}_is1) (Version: 7.8.8.0 - 1BN Software & IT Solutions Pvt. Ltd.)
Microsoft .NET Framework 4 Multi-Targeting Pack (HKLM-x32\...\{CFEF48A8-BFB8-3EAC-8BA5-DE4F8AA267CE}) (Version: 4.0.30319 - Microsoft Corporation)
Microsoft .NET Framework 4.5.1 Multi-Targeting Pack (ENU) (HKLM-x32\...\{D3517C62-68A5-37CF-92F7-93C029A89681}) (Version: 4.5.50932 - Microsoft Corporation)
Microsoft .NET Framework 4.5.1 Multi-Targeting Pack (HKLM-x32\...\{6A0C6700-EA93-372C-8871-DCCF13D160A4}) (Version: 4.5.50932 - Microsoft Corporation)
Microsoft .NET Framework 4.6.1 SDK (HKLM-x32\...\{2F0ECC80-B9E4-4485-8083-CD32F22ABD92}) (Version: 4.6.01055 - Microsoft Corporation)
Microsoft .NET Framework 4.6.1 SDK (日本語) (HKLM-x32\...\{9A330858-0CD6-4FB3-8C57-0F1BB58012B0}) (Version: 4.6.01055 - Microsoft Corporation)
Microsoft .NET Framework 4.6.1 Targeting Pack (ENU) (HKLM-x32\...\{8EEB28EE-5141-411C-9CF0-9952264FE4AF}) (Version: 4.6.01055 - Microsoft Corporation)
Microsoft .NET Framework 4.6.1 Targeting Pack (HKLM-x32\...\{8BC3EEC9-090F-4C53-A8DA-1BEC913040F9}) (Version: 4.6.01055 - Microsoft Corporation)
Microsoft .NET Framework 4.6.1 Targeting Pack (日本語) (HKLM-x32\...\{903C5477-BA28-4CFC-8BE4-62E3C328D4DD}) (Version: 4.6.01055 - Microsoft Corporation)
Microsoft Chart Controls for Microsoft .NET Framework 3.5 (HKLM-x32\...\{41785C66-90F2-40CE-8CB5-1C94BFC97280}) (Version: 3.5.0.0 - Microsoft Corporation)
Microsoft Help Viewer 1.1 (HKLM\...\Microsoft Help Viewer 1.1) (Version: 1.1.40219 - Microsoft Corporation)
Microsoft Help Viewer 2.2 (HKLM-x32\...\Microsoft Help Viewer 2.2) (Version: 2.2.25420 - Microsoft Corporation)
Microsoft Office 2007 Service Pack 3 (SP3) (HKLM-x32\...\{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{6E107EB7-8B55-48BF-ACCB-199F86A2CD93}) (Version: - Microsoft)
Microsoft Office Enterprise 2007 (HKLM-x32\...\ENTERPRISE) (Version: 12.0.6612.1000 - Microsoft Corporation)
Microsoft Office File Validation Add-In (HKLM-x32\...\{90140000-2005-0000-0000-0000000FF1CE}) (Version: 14.0.5130.5003 - Microsoft Corporation)
Microsoft OneDrive (HKU\S-1-5-21-1925601759-1010797402-2804155008-1000\...\OneDriveSetup.exe) (Version: 18.025.0204.0009 - Microsoft Corporation)
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.50918.0 - Microsoft Corporation)
Microsoft SQL Server 2005 Compact Edition [ENU] (HKLM-x32\...\{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}) (Version: 3.1.0000 - Microsoft Corporation)
Microsoft SQL Server 2008 (64-bit) (HKLM\...\Microsoft SQL Server 10 Release) (Version: - Microsoft Corporation)
Microsoft SQL Server 2008 Browser (HKLM-x32\...\{C688457E-03FD-4941-923B-A27F4D42A7DD}) (Version: 10.1.2531.0 - Microsoft Corporation)
Microsoft SQL Server 2008 Native Client (HKLM\...\{BBDE8A3D-64A2-43A6-95F3-C27B87DF7AC1}) (Version: 10.1.2531.0 - Microsoft Corporation)
Microsoft SQL Server 2008 Setup Support Files (HKLM\...\{B40EE88B-400A-4266-A17B-E3DE64E94431}) (Version: 10.1.2731.0 - Microsoft Corporation)
Microsoft SQL Server 2012 Command Line Utilities (HKLM\...\{9D573E71-1077-4C7E-B4DB-4E22A5D2B48B}) (Version: 11.0.2100.60 - Microsoft Corporation)
Microsoft SQL Server 2012 Native Client (HKLM\...\{49D665A2-4C2A-476E-9AB8-FCC425F526FC}) (Version: 11.0.2100.60 - Microsoft Corporation)
Microsoft SQL Server 2014 Management Objects (HKLM-x32\...\{2774595F-BC2A-4B12-A25B-0C37A37049B0}) (Version: 12.0.2000.8 - Microsoft Corporation)
Microsoft SQL Server 2014 Management Objects (x64) (HKLM\...\{1F9EB3B6-AED7-4AA7-B8F1-8E314B74B2A5}) (Version: 12.0.2000.8 - Microsoft Corporation)
Microsoft SQL Server 2014 Transact-SQL ScriptDom (HKLM\...\{020CDFE0-C127-4047-B571-37C82396B662}) (Version: 12.0.2000.8 - Microsoft Corporation)
Microsoft SQL Server 2014 T-SQL Language Service (HKLM-x32\...\{47D08E7A-92A1-489B-B0BF-415516497BCE}) (Version: 12.0.2000.8 - Microsoft Corporation)
Microsoft SQL Server 2016 LocalDB (HKLM\...\{E359515A-92E6-4FA3-A2C9-E1BA02D8DE6E}) (Version: 13.0.1601.5 - Microsoft Corporation)
Microsoft SQL Server 2016 Management Objects (HKLM-x32\...\{0F1C8E2F-199A-4946-B3BF-0906DACFD032}) (Version: 13.0.1601.5 - Microsoft Corporation)
Microsoft SQL Server 2016 Management Objects (x64) (HKLM\...\{20EA85AA-2A1D-4F11-B09F-4BA2BF3C8989}) (Version: 13.0.1601.5 - Microsoft Corporation)
Microsoft SQL Server 2016 T-SQL Language Service (HKLM-x32\...\{8BFDE775-C5B8-46DB-84EF-43FFC8A2E8AD}) (Version: 13.0.14500.10 - Microsoft Corporation)
Microsoft SQL Server 2016 T-SQL ScriptDom (HKLM\...\{D091DE8C-EA0F-49AF-8DE3-BD6C79737C6E}) (Version: 13.0.1601.5 - Microsoft Corporation)
Microsoft SQL Server Compact 3.5 SP2 ENU (HKLM-x32\...\{3A9FC03D-C685-4831-94CF-4EDFD3749497}) (Version: 3.5.8080.0 - Microsoft Corporation)
Microsoft SQL Server Compact 3.5 SP2 x64 ENU (HKLM\...\{D4AD39AD-091E-4D33-BB2B-59F6FCB8ADC3}) (Version: 3.5.8080.0 - Microsoft Corporation)
Microsoft SQL Server Compact 4.0 SP1 x64 ENU (HKLM\...\{78909610-D229-459C-A936-25D92283D3FD}) (Version: 4.0.8876.1 - Microsoft Corporation)
Microsoft SQL Server Data Tools - enu (14.0.60519.0) (HKLM-x32\...\{4E27B0EF-7BAB-432A-AF3D-3FC8F3F7353F}) (Version: 14.0.60519.0 - Microsoft Corporation)
Microsoft SQL Server VSS Writer (HKLM\...\{0826F9E4-787E-481D-83E0-BC6A57B056D5}) (Version: 10.1.2531.0 - Microsoft Corporation)
Microsoft Sync Framework 2.1 Core Components (x86) ENU (HKLM-x32\...\{7AC8EF88-D996-4D47-B40C-4DD93E307481}) (Version: 2.1.1648.0 - Microsoft Corporation)
Microsoft Sync Framework 2.1 Database Providers (x86) ENU (HKLM-x32\...\{296E293F-C481-4DDE-9ED2-3F79FCF38731}) (Version: 3.1.1648.0 - Microsoft Corporation)
Microsoft System CLR Types for SQL Server 2014 (HKLM\...\{FC3BB979-AA54-4B60-BBA3-2C4DA6E08D80}) (Version: 12.0.2402.29 - Microsoft Corporation)
Microsoft System CLR Types for SQL Server 2014 (HKLM-x32\...\{091CE6AA-2753-4F6E-AD1C-0E875744EB54}) (Version: 12.0.2402.29 - Microsoft Corporation)
Microsoft System CLR Types for SQL Server 2016 (HKLM\...\{96EB5054-C775-4BEF-B7B9-AA96A295EDCD}) (Version: 13.0.1601.5 - Microsoft Corporation)
Microsoft System CLR Types for SQL Server 2016 (HKLM-x32\...\{84C23ECA-FE4D-494F-9247-3EBAD57E7F0C}) (Version: 13.0.1601.5 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022 (HKLM-x32\...\{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}) (Version: 9.0.21022 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010 x64 Runtime - 10.0.40219 (HKLM\...\{1C7C8AAF-A16D-32E8-89E5-F6D165DE0BCE}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010 x86 Runtime - 10.0.40219 (HKLM-x32\...\{5D9ED403-94DE-3BA0-B1D6-71F4BDA412E6}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.61030 (HKLM-x32\...\{ca67548a-5ebe-413a-b50c-4b9ceb6d66c6}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.61030 (HKLM-x32\...\{33d1fd90-4274-48a1-9bc1-97e33d9c2d6f}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x64) - 12.0.30501 (HKLM-x32\...\{050d4fc8-5d48-4b8f-8972-47c82c46020f}) (Version: 12.0.30501.0 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.30501 (HKLM-x32\...\{f65db027-aff3-4070-886a-0d87064aabb1}) (Version: 12.0.30501.0 - Microsoft Corporation)
Microsoft Visual C++ 2017 Redistributable (x64) - 14.10.25008 (HKLM-x32\...\{f1e7e313-06df-4c56-96a9-99fdfd149c51}) (Version: 14.10.25008.0 - Microsoft Corporation)
Microsoft Visual C++ 2017 Redistributable (x86) - 14.10.25008 (HKLM-x32\...\{c239cea1-d49e-4e16-8e87-8c055765f7ec}) (Version: 14.10.25008.0 - Microsoft Corporation)
Microsoft Visual Studio 2010 Express Prerequisites x64 - ENU (HKLM\...\{BCA26999-EC22-3007-BB79-638913079C9A}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual Studio 2010 Service Pack 1 (HKLM-x32\...\Microsoft Visual Studio 2010 Service Pack 1) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual Studio 2010 Tools for Office Runtime (x64) (HKLM\...\Microsoft Visual Studio 2010 Tools for Office Runtime (x64)) (Version: 10.0.50903 - Microsoft Corporation)
Microsoft Web Deploy 3.6 (HKLM\...\{94E1227C-08A9-4962-B388-1F05D89AEA75}) (Version: 3.1238.1962 - Microsoft Corporation)
Modem AC2726 UI (HKLM\...\ZTEWireless-101_is1) (Version: - )
MornaTK Installer (HKLM-x32\...\{BCD1C4AD-EB1A-40DF-A838-2AF8C45B5942}) (Version: 1.0 - MornaTales)
Movavi Video Converter 18 Premium (HKLM-x32\...\Movavi Video Converter 18 Premium) (Version: 18.3.0 - Movavi)
Movie Maker (HKLM-x32\...\{38F03569-A636-4CF3-BDDE-032C8C251304}) (Version: 16.4.3528.0331 - Microsoft Corporation) Hidden
Movie Maker (HKLM-x32\...\{DD67BE4B-7E62-4215-AFA3-F123A800A389}) (Version: 16.4.3528.0331 - Microsoft Corporation) Hidden
Mozilla Firefox 63.0.3 (x64 en-US) (HKLM\...\Mozilla Firefox 63.0.3 (x64 en-US)) (Version: 63.0.3 - Mozilla)
Mozilla Maintenance Service (HKLM\...\MozillaMaintenanceService) (Version: 59.0.1 - Mozilla)
Mumble 1.2.19 (HKLM-x32\...\{F62A874F-2354-49B1-87BE-CAAD7C8FA084}) (Version: 1.2.19 - Thorvald Natvig)
MYOB AccountRight Plus v19.12.0 ED (HKLM-x32\...\{27D4F4A7-5A34-4657-9E78-D6B1E87C8A90}) (Version: 19.12.0 - MYOB Technology Pty Ltd) Hidden
MYOB AccountRight Plus v19.12.0 ED (HKLM-x32\...\InstallShield_{27D4F4A7-5A34-4657-9E78-D6B1E87C8A90}) (Version: 19.12.0 - MYOB Technology Pty Ltd)
MYOB ODBC Direct v10 AUS (HKLM-x32\...\{55D5A77E-FAAA-4358-B3E5-6565E024F78B}) (Version: 10.1.0 - MYOB Technology Pty Ltd) Hidden
MYOB ODBC Direct v10 AUS (HKLM-x32\...\InstallShield_{55D5A77E-FAAA-4358-B3E5-6565E024F78B}) (Version: 10.1.0 - MYOB Technology Pty Ltd)
MySQL Installer - Community (HKLM-x32\...\{4553E209-560C-451E-9DE9-E6B812D32B8C}) (Version: 1.4.8.0 - Oracle Corporation)
MySQL Server 5.0 (HKLM-x32\...\{2FEB25F8-C3CB-49A2-AE79-DE17FFAFB5D9}) (Version: 5.0.45 - MySQL AB)
MySQL Tools for 5.0 (HKLM-x32\...\{EC561602-C0B9-4FAA-A175-1B3273639AC3}) (Version: 5.0.12 - MySQL AB)
Notepad++ (32-bit x86) (HKLM-x32\...\Notepad++) (Version: 7.5.6 - Notepad++ Team)
NovaRO (HKLM-x32\...\NovaRO_is1) (Version: 6.0.0 - NovaRO)
Nox APP Player (HKLM-x32\...\Nox) (Version: 6.0.1.1 - Duodian Technology Co. Ltd.)
OBS Studio (HKLM-x32\...\OBS Studio) (Version: 21.1.2 - OBS Project)
OEM Application Profile (HKLM-x32\...\{70D5F822-F4C4-33D9-7EEC-2A4AF4EA7BDC}) (Version: 1.00.0000 - Advanced Micro Devices, Inc.) Hidden
Opera Stable 58.0.3135.127 (HKU\S-1-5-21-1925601759-1010797402-2804155008-1000\...\Opera 58.0.3135.127) (Version: 58.0.3135.127 - Opera Software)
Pingzapper version 2.1.2 (HKLM-x32\...\{7FD61982-5436-439B-B5D0-36F0536FF8BF}_is1) (Version: 2.1.2 - Pingzapper)
PlayNexia II (HKLM-x32\...\PlayNexia II) (Version: - )
PlaysTV (HKLM-x32\...\PlaysTV) (Version: 1.13.1-r115223-release - Plays.tv, LLC)
Pokémon World Online Uninstaller (HKLM-x32\...\{6B67E1A1-1D62-4BDC-8C60-07FDF25CA975}_is1) (Version: 1.97 - PWO Team)
Prerequisites for SSDT (HKLM-x32\...\{21373064-AD95-48DB-A32E-0D9E08EF7355}) (Version: 12.0.2000.8 - Microsoft Corporation)
Prerequisites for SSDT (HKLM-x32\...\{B7E94916-7AE6-4F7F-A377-7A410A42BA19}) (Version: 13.0.1601.5 - Microsoft Corporation)
PX Profile Update (HKLM-x32\...\{230C6C56-D930-2D7A-CF62-9BE26FAEE260}) (Version: 1.00.1. - AMD) Hidden
QuickTime 7 (HKLM-x32\...\{80CEEB1E-0A6C-45B9-A312-37A1D25FDEBC}) (Version: 7.78.80.95 - Apple Inc.)
Ragnarok Online (HKLM-x32\...\{181579B5-0028-4E01-AC27-97ED80352279}) (Version: 14.2.5 - Gravity Interactive, Inc.)
Raptr (HKLM-x32\...\Raptr) (Version: 5.1.1-r111306-release - Raptr, Inc)
Razer Game Booster (HKLM-x32\...\Razer Game Booster_is1) (Version: 4.1.59.0 - Razer Inc.)
Realtek Card Reader (HKLM-x32\...\{5BC2B5AB-80DE-4E83-B8CF-426902051D0A}) (Version: 6.2.9200.39052 - Realtek Semiconductor Corp.)
Realtek Ethernet Controller Driver (HKLM-x32\...\{8833FFB6-5B0C-4764-81AA-06DFEED9A476}) (Version: 7.75.827.2013 - Realtek)
Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.8186 - Realtek Semiconductor Corp.)
REALTEK Wireless LAN Driver (HKLM-x32\...\{9DAABC60-A5EF-41FF-B2B9-17329590CD5}) (Version: 1.30.0239 - REALTEK Semiconductor Corp.)
Roslyn Language Services - x86 (HKLM-x32\...\{6970C7E1-F99D-388D-8903-DF8FCE677FED}) (Version: 14.0.25431 - Microsoft Corporation) Hidden
Safari (HKLM-x32\...\{A08BAD08-9AA3-410F-98F3-C92C8EE37218}) (Version: 5.34.54.16 - Apple Inc.)
Service Pack 1 for SQL Server 2008 (KB968369) (64-bit) (HKLM\...\KB968369) (Version: 10.1.2531.0 - Microsoft Corporation)
Skype™ 7.26 (HKLM-x32\...\{FC965A47-4839-40CA-B618-18F486F042C6}) (Version: 7.26.101 - Skype Technologies S.A.)
Speccy (HKLM\...\Speccy) (Version: 1.31 - Piriform)
Spotify (HKU\S-1-5-21-1925601759-1010797402-2804155008-1000\...\Spotify) (Version: 1.0.70.388.g8e1ed5af - Spotify AB)
Sql Server Customer Experience Improvement Program (HKLM\...\{2F14965D-567B-4E59-ADEB-0A2CC1E3ADDF}) (Version: 10.1.2531.0 - Microsoft Corporation) Hidden
Team Explorer for Microsoft Visual Studio 2015 Update 3.1 (HKLM-x32\...\{7A95671A-759E-3B83-B763-4289D1D24D73}) (Version: 14.102.25619 - Microsoft) Hidden
TeamSpeak 3 Client (HKU\S-1-5-21-1925601759-1010797402-2804155008-1000\...\TeamSpeak 3 Client) (Version: 3.0.16 - TeamSpeak Systems GmbH)
TeamViewer 14 (HKLM-x32\...\TeamViewer) (Version: 14.2.8352 - TeamViewer)
TypeScript Tools for Microsoft Visual Studio 2015 (HKLM-x32\...\{BA5762C7-D35F-4725-A4BD-525854127018}) (Version: 1.8.36.0 - Microsoft Corporation) Hidden
Update for 2007 Microsoft Office System (KB967642) (HKLM-x32\...\{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{C444285D-5E4F-48A4-91DD-47AAAA68E92D}) (Version: - Microsoft)
Update for Windows 10 for x64-based Systems (KB4023057) (HKLM\...\{B2E25355-C24E-4E7D-8AD3-455D59810838}) (Version: 2.57.0.0 - Microsoft Corporation)
VC80CRTRedist - 8.0.50727.6195 (HKLM-x32\...\{933B4015-4618-4716-A828-5289FC03165F}) (Version: 1.2.0 - DivX, Inc) Hidden
Vegas Pro 12.0 (64-bit) (HKLM\...\{BD422D00-5232-11E3-A6F3-F04DA23A5C58}) (Version: 12.0.770 - Sony)
Vegas Pro 13.0 (64-bit) (HKLM-x32\...\Vegas Pro 13.0 (64-bit)) (Version: 13.0 (64-bit) - Exµs ™)
Visual Studio 2012 x64 Redistributables (HKLM\...\{8C775E70-A791-4DA8-BCC3-6AB7136F4484}) (Version: 14.0.0.1 - AVG Technologies)
Visual Studio 2012 x86 Redistributables (HKLM-x32\...\{98EFF19A-30AB-4E4B-B943-F06B1C63EBF8}) (Version: 14.0.0.1 - AVG Technologies CZ, s.r.o.)
VLC media player (HKLM-x32\...\VLC media player) (Version: 3.0.1 - VideoLAN)
Vulkan Run Time Libraries 1.0.26.0 (HKLM\...\VulkanRT1.0.26.0) (Version: 1.0.26.0 - LunarG, Inc.)
Vulkan Run Time Libraries 1.0.65.0 (HKLM\...\VulkanRT1.0.65.0) (Version: 1.0.65.0 - LunarG, Inc.) Hidden
Winamp (HKLM-x32\...\Winamp) (Version: 5.666 - Nullsoft, Inc)
Windows Driver Package - Lenovo (ACPIVPC) System (12/15/2011 7.1.0.1) (HKLM\...\99841829BE839365AA67B2AD0E50D371F59F8A1E) (Version: 12/15/2011 7.1.0.1 - Lenovo)
Windows Live Essentials (HKLM-x32\...\WinLiveSuite) (Version: 16.4.3528.0331 - Microsoft Corporation)
WinPcap 4.1.3 (HKLM-x32\...\WinPcapInst) (Version: 4.1.0.2980 - Riverbed Technology, Inc.)
WinRAR 5.70 (64-bit) (HKLM\...\WinRAR archiver) (Version: 5.70.0 - win.rar GmbH)
Wondershare Filmora(Build 8.7.0) (HKLM\...\Wondershare Filmora_is1) (Version: - Wondershare Software)
Wondershare Helper Compact 2.6.0 (HKLM-x32\...\{5363CE84-5F09-48A1-8B6C-6BB590FFEDF2}_is1) (Version: 2.6.0 - Wondershare)
Wondershare PDFelement 6 Pro(Build 6.8.6) (HKLM-x32\...\{B026557A-EF19-4812-8A79-B30F94AA0A78}_is1) (Version: 6.8.6.4121 - Wondershare Software Co.,Ltd.)
Wondershare Video Converter Ultimate(Build 10.3.0.178) (HKLM-x32\...\Video Converter Ultimate_is1) (Version: 10.3.0.178 - Wondershare Software)
World of Warcraft (HKLM-x32\...\World of Warcraft) (Version: - Blizzard Entertainment)
XAMPP (HKLM-x32\...\xampp) (Version: 7.1.1-0 - Bitnami)
Zoom (HKU\S-1-5-21-1925601759-1010797402-2804155008-1000\...\ZoomUMX) (Version: 4.1 - Zoom Video Communications, Inc.)

==================== Custom CLSID (Whitelisted): ==========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

CustomCLSID: HKU\S-1-5-21-1925601759-1010797402-2804155008-1000_Classes\CLSID\{00020420-0000-0000-C000-000000000046}\InprocServer32 -> C:\WINDOWS\system32\oleaut32.dll (Microsoft Windows -> Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-1925601759-1010797402-2804155008-1000_Classes\CLSID\{00020424-0000-0000-C000-000000000046}\InprocServer32 -> C:\WINDOWS\system32\oleaut32.dll (Microsoft Windows -> Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-1925601759-1010797402-2804155008-1000_Classes\CLSID\{018D5C66-4533-4307-9B53-224DE2ED1FE6} -> [OneDrive] => {a52bba46-e9e1-435f-b3d9-28daa648c0f6} [0000-00-00 00:00]
CustomCLSID: HKU\S-1-5-21-1925601759-1010797402-2804155008-1000_Classes\CLSID\{E31EA727-12ED-4702-820C-4B6445F28E1A} -> [Dropbox] => C:\Users\Lenovo\Dropbox [2015-07-07 16:17]
CustomCLSID: HKU\S-1-5-21-1925601759-1010797402-2804155008-1000_Classes\CLSID\{f1d8036a-7f48-43e4-8045-dbcb4e742507}\InprocServer32 -> C:\WINDOWS\system32\dfshim.dll (Microsoft Windows -> Microsoft Corporation)
ShellExecuteHooks-x32: Groove GFS Stub Execution Hook - {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\Program Files (x86)\Microsoft Office\Office12\GrooveShellExtensions.dll [2217832 2009-02-26] (Microsoft Corporation -> Microsoft Corporation)
ShellIconOverlayIdentifiers: [ DropboxExt01] -> {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.19.0.dll [2018-03-15] (Dropbox, Inc -> Dropbox, Inc.)
ShellIconOverlayIdentifiers: [ DropboxExt02] -> {FB314EDF-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.19.0.dll [2018-03-15] (Dropbox, Inc -> Dropbox, Inc.)
ShellIconOverlayIdentifiers: [ DropboxExt03] -> {FB314EE1-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.19.0.dll [2018-03-15] (Dropbox, Inc -> Dropbox, Inc.)
ShellIconOverlayIdentifiers: [ DropboxExt04] -> {FB314EDB-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.19.0.dll [2018-03-15] (Dropbox, Inc -> Dropbox, Inc.)
ShellIconOverlayIdentifiers: [ DropboxExt05] -> {FB314EDA-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.19.0.dll [2018-03-15] (Dropbox, Inc -> Dropbox, Inc.)
ShellIconOverlayIdentifiers: [ DropboxExt06] -> {FB314EDC-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.19.0.dll [2018-03-15] (Dropbox, Inc -> Dropbox, Inc.)
ShellIconOverlayIdentifiers: [ DropboxExt07] -> {FB314EDD-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.19.0.dll [2018-03-15] (Dropbox, Inc -> Dropbox, Inc.)
ShellIconOverlayIdentifiers: [ DropboxExt08] -> {FB314EE0-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.19.0.dll [2018-03-15] (Dropbox, Inc -> Dropbox, Inc.)
ShellIconOverlayIdentifiers: [ DropboxExt09] -> {FB314EE2-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.19.0.dll [2018-03-15] (Dropbox, Inc -> Dropbox, Inc.)
ShellIconOverlayIdentifiers: [ DropboxExt10] -> {FB314EDE-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.19.0.dll [2018-03-15] (Dropbox, Inc -> Dropbox, Inc.)
ShellIconOverlayIdentifiers: [ OneDrive7] -> {C5FF006E-2AE9-408C-B85B-2DFDD5449D9C} => -> No File
ShellIconOverlayIdentifiers: [00asw] -> {472083B0-C522-11CF-8763-00608CC02F24} => -> No File
ShellIconOverlayIdentifiers: [00avg] -> {472083B0-C522-11CF-8763-00608CC02F24} => -> No File
ShellIconOverlayIdentifiers-x32: [ DropboxExt01] -> {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.19.0.dll [2018-03-15] (Dropbox, Inc -> Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [ DropboxExt02] -> {FB314EDF-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.19.0.dll [2018-03-15] (Dropbox, Inc -> Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [ DropboxExt03] -> {FB314EE1-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.19.0.dll [2018-03-15] (Dropbox, Inc -> Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [ DropboxExt04] -> {FB314EDB-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.19.0.dll [2018-03-15] (Dropbox, Inc -> Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [ DropboxExt05] -> {FB314EDA-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.19.0.dll [2018-03-15] (Dropbox, Inc -> Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [ DropboxExt06] -> {FB314EDC-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.19.0.dll [2018-03-15] (Dropbox, Inc -> Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [ DropboxExt07] -> {FB314EDD-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.19.0.dll [2018-03-15] (Dropbox, Inc -> Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [ DropboxExt08] -> {FB314EE0-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.19.0.dll [2018-03-15] (Dropbox, Inc -> Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [ DropboxExt09] -> {FB314EE2-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.19.0.dll [2018-03-15] (Dropbox, Inc -> Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [ DropboxExt10] -> {FB314EDE-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.19.0.dll [2018-03-15] (Dropbox, Inc -> Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [ OneDrive7] -> {C5FF006E-2AE9-408C-B85B-2DFDD5449D9C} => -> No File
ContextMenuHandlers1: [ANotepad++64] -> {B298D29A-A6ED-11DE-BA8C-A68E55D89593} => C:\Program Files (x86)\Notepad++\NppShell_06.dll [2018-03-19] (Notepad++ -> )
ContextMenuHandlers1: [DropboxExt] -> {ECD97DE5-3C8F-4ACB-AEEE-CCAB78F7711C} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.19.0.dll [2018-03-15] (Dropbox, Inc -> Dropbox, Inc.)
ContextMenuHandlers1: [IObitUnstaler] -> {836AB26C-2DE4-41D3-AC24-4C6C2699B960} => C:\Program Files (x86)\IObit\IObit Uninstaller\IUMenuRight.dll [2018-07-21] (IObit Information Technology -> IObit)
ContextMenuHandlers1: [SD360] -> {086F171D-5ED1-4ED2-B736-CFF3AD6A128E} => C:\Program Files (x86)\360\Total Security\MenuEx64.dll [2018-09-28] (QIHU 360 SOFTWARE CO. LIMITED -> )
ContextMenuHandlers1: [WinRAR] -> {B41DB860-64E4-11D2-9906-E49FADC173CA} => D:\Program Files\WinRAR\rarext.dll [2019-02-25] (win.rar GmbH -> Alexander Roshal)
ContextMenuHandlers1-x32: [WinRAR32] -> {B41DB860-8EE4-11D2-9906-E49FADC173CA} => D:\Program Files\WinRAR\rarext32.dll [2019-02-25] (win.rar GmbH -> Alexander Roshal)
ContextMenuHandlers3: [MBAMShlExt] -> {57CE581A-0CB6-4266-9CA0-19364C90A0B3} => C:\Program Files\Malwarebytes\Anti-Malware\mbshlext.dll [2018-03-03] (Malwarebytes Corporation -> Malwarebytes)
ContextMenuHandlers4: [DropboxExt] -> {ECD97DE5-3C8F-4ACB-AEEE-CCAB78F7711C} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.19.0.dll [2018-03-15] (Dropbox, Inc -> Dropbox, Inc.)
ContextMenuHandlers4: [IObitUnstaler] -> {836AB26C-2DE4-41D3-AC24-4C6C2699B960} => C:\Program Files (x86)\IObit\IObit Uninstaller\IUMenuRight.dll [2018-07-21] (IObit Information Technology -> IObit)
ContextMenuHandlers4: [SD360] -> {086F171D-5ED1-4ED2-B736-CFF3AD6A128E} => C:\Program Files (x86)\360\Total Security\MenuEx64.dll [2018-09-28] (QIHU 360 SOFTWARE CO. LIMITED -> )
ContextMenuHandlers5: [ACE] -> {5E2121EE-0300-11D4-8D3B-444553540000} => C:\Program Files\AMD\CNext\CNext\atiacm64.dll [2016-06-28] (Advanced Micro Devices, Inc. -> Advanced Micro Devices, Inc.)
ContextMenuHandlers5: [DropboxExt] -> {ECD97DE5-3C8F-4ACB-AEEE-CCAB78F7711C} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.19.0.dll [2018-03-15] (Dropbox, Inc -> Dropbox, Inc.)
ContextMenuHandlers5: [Gadgets] -> {6B9228DA-9C15-419e-856C-19E768A13BDC} => -> No File
ContextMenuHandlers5: [igfxcui] -> {3AB1675A-CCFF-11D2-8B20-00A0C93CB1F4} => -> No File
ContextMenuHandlers5: [igfxDTCM] -> {9B5F5829-A529-4B12-814A-E81BCB8D93FC} => C:\WINDOWS\system32\igfxDTCM.dll [2017-06-12] (Microsoft Windows Hardware Compatibility Publisher -> Intel Corporation)
ContextMenuHandlers6: [IObitUnstaler] -> {836AB26C-2DE4-41D3-AC24-4C6C2699B960} => C:\Program Files (x86)\IObit\IObit Uninstaller\IUMenuRight.dll [2018-07-21] (IObit Information Technology -> IObit)
ContextMenuHandlers6: [MBAMShlExt] -> {57CE581A-0CB6-4266-9CA0-19364C90A0B3} => C:\Program Files\Malwarebytes\Anti-Malware\mbshlext.dll [2018-03-03] (Malwarebytes Corporation -> Malwarebytes)
ContextMenuHandlers6: [SD360] -> {086F171D-5ED1-4ED2-B736-CFF3AD6A128E} => C:\Program Files (x86)\360\Total Security\MenuEx64.dll [2018-09-28] (QIHU 360 SOFTWARE CO. LIMITED -> )
ContextMenuHandlers6: [WinRAR] -> {B41DB860-64E4-11D2-9906-E49FADC173CA} => D:\Program Files\WinRAR\rarext.dll [2019-02-25] (win.rar GmbH -> Alexander Roshal)
ContextMenuHandlers6-x32: [WinRAR32] -> {B41DB860-8EE4-11D2-9906-E49FADC173CA} => D:\Program Files\WinRAR\rarext32.dll [2019-02-25] (win.rar GmbH -> Alexander Roshal)

==================== Scheduled Tasks (Whitelisted) =============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

Task: {012A6F59-87D6-44E0-A91E-4191C44105EE} - System32\Tasks\Microsoft\Windows\Media Center\PvrRecoveryTask => C:\WINDOWS\ehome\mcupdate.exe
Task: {02E9EE88-8B2A-45A8-B237-293AF930C0D8} - System32\Tasks\CCleanerSkipUAC => C:\Program Files\CCleaner\CCleaner.exe (Piriform Ltd -> Piriform Ltd)
Task: {06B7B6A5-89CC-4D81-B982-3F531F29F6A9} - System32\Tasks\Avast Emergency Update => C:\Program Files\AVAST Software\Avast\AvEmUpdate.exe (AVAST Software s.r.o. -> AVAST Software)
Task: {07375CF8-C1FF-492B-8278-0396D0245D6F} - System32\Tasks\DropboxUpdateTaskMachineCore1d1719f65cee02e => C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe (Dropbox, Inc -> Dropbox, Inc.)
Task: {08DE182E-4B30-4A1E-B2FD-C6EB7895D4FF} - System32\Tasks\0915tbUpdateInfo => C:\ProgramData\Avg_Update_0915tb\0915tb_{25635FAF-00C4-4CFA-B296-FCEF7A02AE64}.exe
Task: {0F9B47A5-A3A5-4CC4-9CF4-6FCF47A1FB9F} - System32\Tasks\Microsoft\Windows\Media Center\ActivateWindowsSearch => C:\WINDOWS\ehome\ehPrivJob.exe
Task: {115F90B7-1231-4FF1-AB5B-92FEF3694B20} - System32\Tasks\Driver Easy Scheduled Scan => C:\Program Files\Easeware\DriverEasy\DriverEasy.exe (Easeware Technology Limited -> Easeware)
Task: {159448A5-F558-4572-8A16-6E303989186A} - System32\Tasks\Microsoft\Windows\Media Center\OCURActivate => C:\WINDOWS\ehome\ehPrivJob.exe
Task: {19946D02-33AE-4E60-81DF-5092DEB8F277} - System32\Tasks\Microsoft\VisualStudio\VSIX Auto Update 14 => D:\Program Files (x86)\Microsoft Visual Studio 14.0\Common7\IDE\VSIXAutoUpdate.exe
Task: {1AE784A5-A8C1-469D-ACDC-69A2BD7FEE8A} - System32\Tasks\DropboxUpdateTaskMachineUA1d1719f66008e5b => C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe (Dropbox, Inc -> Dropbox, Inc.)
Task: {1C48C1BE-378A-4BD4-9CBC-1EE169FA27A9} - System32\Tasks\FreeDownloadManagerNetworkMonitor => D:\Program Files\FreeDownloadManager.ORG\Free Download Manager\winwfpmonitor.exe (Softdeluxe Ltd. -> FreeDownloadManager.org)
Task: {1DA9B645-13DA-4059-A3CB-D56C3971092C} - System32\Tasks\Microsoft\Windows\Media Center\ObjectStoreRecoveryTask => C:\WINDOWS\ehome\mcupdate.exe
Task: {21BE9597-704B-4669-B98E-367AC00D234B} - System32\Tasks\Microsoft\Windows\Media Center\PBDADiscoveryW1 => C:\WINDOWS\ehome\ehPrivJob.exe
Task: {24672617-0A93-4BB5-8559-4012CEDFDF08} - System32\Tasks\{61E32EBD-8E77-4D1B-9D4E-DFB440A9AB05} => C:\Windows\system32\pcalua.exe -a "D:\game\Gravity\openkore\Ragnarok Online\Setup.exe" -d "D:\game\Gravity\openkore\Ragnarok Online"
Task: {25C72C5E-A5A2-4F4B-BD37-3E4477093B5A} - System32\Tasks\Microsoft\Windows\Media Center\SqlLiteRecoveryTask => C:\WINDOWS\ehome\mcupdate.exe
Task: {297450E0-6ABB-427D-BB1C-BB2872268E11} - System32\Tasks\Microsoft\Windows\Media Center\MediaCenterRecoveryTask => C:\WINDOWS\ehome\mcupdate.exe
Task: {31709D69-4FCE-4D4D-821C-94E1E6D6B831} - System32\Tasks\Microsoft\Windows\Media Center\DispatchRecoveryTasks => C:\WINDOWS\ehome\ehPrivJob.exe
Task: {36512371-A906-4CBA-8D6E-CCCA8F25E12E} - System32\Tasks\IntelSURQC-Upgrade-86621605-2a0b-4128-8ffc-15514c247132-Logon => C:\Program Files\Intel\SUR\QUEENCREEK\Updater\bin\IntelSoftwareAssetManagerService.exe (Intel(R) Software Asset Manager -> Intel Corporation)
Task: {3BB917BA-28B7-4433-B3E7-7EFBADC9BF05} - System32\Tasks\Avast Software\Overseer => C:\Program Files\Common Files\AVAST Software\Overseer\overseer.exe (AVAST Software s.r.o. -> AVAST Software)
Task: {3BB99F43-80C7-4010-9269-058CFC43E873} - System32\Tasks\Microsoft\Windows\Media Center\OCURDiscovery => C:\WINDOWS\ehome\ehPrivJob.exe
Task: {3C199C18-45CD-429D-B193-E25CBD0D0253} - System32\Tasks\Microsoft\Windows\Media Center\mcupdate_scheduled => C:\WINDOWS\ehome\mcupdate.exe
Task: {4B4D8E7B-0A5F-40FC-BBCD-29A82DE55E1E} - System32\Tasks\AVG-SSU_0117avz_DELETE => C:\ProgramData\Avg_Update_0117avz\AVG-Secure-Search-Update_0117avz.exe
Task: {4D4F0449-FE30-4BDD-871D-BC436EDB0421} - System32\Tasks\Microsoft\Windows\Media Center\ConfigureInternetTimeService => C:\WINDOWS\ehome\ehPrivJob.exe
Task: {508A340E-5F91-492E-ABB0-B98532F80480} - System32\Tasks\USER_ESRV_SVC_QUEENCREEK => "C:\WINDOWS\System32\Wscript.exe" //B //NoLogo "C:\Program Files\Intel\SUR\QUEENCREEK\task.vbs"
Task: {522525D9-3E35-4CED-9B07-86DCF48846B4} - System32\Tasks\S-1-5-21-1925601759-1010797402-2804155008-1000\DataSenseLiveTileTask => C:\WINDOWS\System32\DataUsageLiveTileTask.exe (Microsoft Windows -> Microsoft Corporation)
Task: {547C6C01-5708-4D14-AA13-ACA0C447A4A6} - System32\Tasks\StartCN => C:\Program Files\AMD\CNext\CNext\cncmd.exe (Advanced Micro Devices, Inc. -> Advanced Micro Devices, Inc.)
Task: {57DFC5D9-A460-4BFF-B8E3-7B32AFB8CF85} - System32\Tasks\CommView for WiFi Update => C:\Program Files (x86)\CommViewWiFi\Updater.exe
Task: {5A1FB4EE-EE0E-4270-9E75-684F0AF09C07} - System32\Tasks\Microsoft\Windows\Media Center\ehDRMInit => C:\WINDOWS\ehome\ehPrivJob.exe
Task: {621144B0-DE22-4BA5-8091-E7C4827BEF4F} - System32\Tasks\Microsoft\Windows\Media Center\RecordingRestart => C:\WINDOWS\ehome\ehrec.exe
Task: {67DA1BE8-90A4-4CF2-A274-8747F431E302} - System32\Tasks\Microsoft\Windows\Media Center\RegisterSearch => C:\WINDOWS\ehome\ehPrivJob.exe
Task: {728F5E94-6E39-4D9D-BDDF-15FE8F3796DB} - \cFos\Registration Tasks\Open Browser -> No File <==== ATTENTION
Task: {754E8E88-D223-42F3-9481-B9A6C2933CF3} - \Microsoft\Windows\UNP\RunCampaignManager -> No File <==== ATTENTION
Task: {789B54F6-B496-4419-97FF-B9199F07696D} - System32\Tasks\Apple\AppleSoftwareUpdate => C:\Program Files (x86)\Apple Software Update\SoftwareUpdate.exe (Apple Inc. -> Apple Inc.)
Task: {807DE444-D371-423B-899D-8236EA7A416B} - System32\Tasks\Uninstaller_SkipUac_Lenovo => C:\Program Files (x86)\IObit\IObit Uninstaller\IObitUninstaler.exe (IObit Information Technology -> IObit)
Task: {875ACF9F-41FC-404C-9502-1B189212FDFC} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe (Google Inc -> Google LLC)
Task: {909165E7-58B7-40A8-BAD4-06369AE44715} - System32\Tasks\Microsoft\Windows\Flighting\FeatureConfig\ReconcileFeatures
Task: {9C7FF83C-4028-4C31-9DA7-4814BF4DD82A} - System32\Tasks\Microsoft\Windows\Media Center\ReindexSearchRoot => C:\WINDOWS\ehome\ehPrivJob.exe
Task: {9EA7EA19-87D5-4A05-90A2-77FAC5CAFED8} - System32\Tasks\CCleaner Update => C:\Program Files\CCleaner\CCUpdate.exe (Piriform Ltd -> Piriform Ltd)
Task: {A1E768A1-C621-44E3-9D8D-0B31A7AA6480} - System32\Tasks\Intel\Intel Telemetry 2 => C:\Program Files\Intel\Telemetry 2.0\lrio.exe (Intel(R) Software -> Intel Corporation)
Task: {A2BC51F7-A5A5-4583-BCFC-07D102EFC8B5} - System32\Tasks\McAfee Remediation (Prepare) => C:\Program Files\Common Files\AV\McAfee VirusScan\upgrade.exe (McAfee, Inc. -> McAfee, Inc.)
Task: {A3F7EA55-63E8-472B-BD18-E4C82C33D682} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe (Adobe Systems Incorporated -> Adobe Systems Incorporated)
Task: {A61D04AD-6E7A-4DD5-B7E7-A8E75622266A} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe (Google Inc -> Google LLC)
Task: {A65C2727-BF46-4882-A619-716BB2E10EE3} - System32\Tasks\Microsoft\Windows\Media Center\PeriodicScanRetry => C:\WINDOWS\ehome\MCUpdate.exe
Task: {A9744BF1-B3BE-485E-8CED-C8A112DB42C9} - System32\Tasks\Microsoft\Windows\Media Center\PBDADiscoveryW2 => C:\WINDOWS\ehome\ehPrivJob.exe
Task: {B170E593-7A4A-42ED-8E5E-FE91C524223A} - System32\Tasks\Adobe Flash Player PPAPI Notifier => C:\WINDOWS\SysWOW64\Macromed\Flash\FlashUtil32_29_0_0_113_pepper.exe (Adobe Systems Incorporated -> Adobe Systems Incorporated)
Task: {B79C1E15-BBAE-4901-8144-CA6499E7F7BD} - System32\Tasks\Microsoft\Windows\Media Center\PBDADiscovery => C:\WINDOWS\ehome\ehPrivJob.exe
Task: {BAB0F865-1900-4889-B5E2-E00F083B9AC6} - System32\Tasks\Opera scheduled assistant Autoupdate 1550324909 => C:\Users\Lenovo\AppData\Local\Programs\Opera\launcher.exe (Opera Software AS -> Opera Software)
Task: {C14A101B-90DF-4EA6-814A-49BE72CAD1BA} - System32\Tasks\AVG-SSU_0117avz => C:\ProgramData\Avg_Update_0117avz\AVG-Secure-Search-Update_0117avz.exe
Task: {C35EAC49-C654-4AD2-A8E0-13BB4B538500} - System32\Tasks\Microsoft\Windows\Media Center\mcupdate => C:\WINDOWS\ehome\mcupdate.exe
Task: {CB120083-D139-490E-ABC1-9711116BDE86} - System32\Tasks\Adobe Flash Player NPAPI Notifier => C:\WINDOWS\SysWOW64\Macromed\Flash\FlashUtil32_29_0_0_113_Plugin.exe (Adobe Systems Incorporated -> Adobe Systems Incorporated)
Task: {D841F08B-9CC5-4DE4-8780-B48A4D247CC3} - System32\Tasks\Microsoft\Windows\Media Center\InstallPlayReady => C:\WINDOWS\ehome\ehPrivJob.exe
Task: {DA3CD105-1C40-4F31-B596-534277F311B7} - System32\Tasks\Microsoft\Windows\Media Center\StartRecording => C:\WINDOWS\ehome\ehrec.exe
Task: {DEBAD4D3-2F39-4C63-9561-762021145015} - System32\Tasks\MySQL\Installer\ManifestUpdate => C:\Program Files (x86)\MySQL\MySQL Installer for Windows\MySQLInstallerConsole.exe
Task: {ECF63DBD-0D24-4258-861D-7F5BDFA4C73D} - System32\Tasks\Microsoft\Windows\Media Center\PvrScheduleTask => C:\WINDOWS\ehome\mcupdate.exe
Task: {F73979B7-3B5E-4FBF-AF56-473DC86B90CE} - System32\Tasks\Opera scheduled Autoupdate 1521719234 => C:\Users\Lenovo\AppData\Local\Programs\Opera\launcher.exe (Opera Software AS -> Opera Software)
Task: {F8A429FB-D075-49EE-91B6-D247866AD4A6} - System32\Tasks\IntelSURQC-Upgrade-86621605-2a0b-4128-8ffc-15514c247132 => C:\Program Files\Intel\SUR\QUEENCREEK\Updater\bin\IntelSoftwareAssetManagerService.exe (Intel(R) Software Asset Manager -> Intel Corporation)
Task: {FEB657CD-087C-4664-B5E8-D03BBC23E1CF} - System32\Tasks\Microsoft\Windows\Media Center\UpdateRecordPath => C:\WINDOWS\ehome\ehPrivJob.exe

(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)

Task: C:\WINDOWS\Tasks\0915tbUpdateInfo.job => C:\ProgramData\Avg_Update_0915tb\0915tb_{25635FAF-00C4-4CFA-B296-FCEF7A02AE64}.exe
Task: C:\WINDOWS\Tasks\Driver Easy Scheduled Scan.job => C:\Program Files\Easeware\DriverEasy\DriverEasy.exe
Task: C:\WINDOWS\Tasks\DropboxUpdateTaskMachineCore1d1719f65cee02e.job => C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe
Task: C:\WINDOWS\Tasks\DropboxUpdateTaskMachineUA1d1719f66008e5b.job => C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe
Task: C:\WINDOWS\Tasks\Synaptics TouchPad Enhancements.job => C:\Program Files\Synaptics\SynTP\SynTPEnh.exe

==================== Shortcuts & WMI ========================

(The entries could be listed to be restored or removed.)


ShortcutWithArgument: C:\Users\Lenovo\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\ImplicitAppShortcuts\69639df789022856\Google Chrome.lnk -> C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) -> --profile-directory="Profile 1"

==================== Loaded Modules (Whitelisted) ==============

2018-12-18 14:31 - 2017-10-19 09:17 - 000271360 _____ (Wondershare Software) [File not signed] C:\WINDOWS\System32\WSPDFelementMonitor.dll
2007-07-06 12:14 - 2007-07-06 12:14 - 005730304 _____ () [File not signed] C:\Program Files (x86)\MySQL\MySQL Server 5.0\bin\mysqld-nt.exe
2013-08-27 17:32 - 2013-08-27 17:32 - 000747520 _____ (Intel(R) Corporation) [File not signed] C:\Program Files\Intel\iCLS Client\HeciServer.exe
2016-06-28 21:38 - 2016-06-28 21:38 - 000138752 _____ () [File not signed] C:\Program Files\ATI Technologies\ATI.ACE\A4\AdaptiveSleepService.exe
2018-01-31 17:49 - 2018-01-31 17:49 - 000009216 _____ () [File not signed] C:\Program Files (x86)\AMD\Performance Profile Client\AUEPLauncher.exe
2018-01-31 17:49 - 2018-01-31 17:49 - 000077312 _____ () [File not signed] C:\Program Files (x86)\AMD\Performance Profile Client\AUEPMaster.exe
2018-01-31 17:49 - 2018-01-31 17:49 - 000060928 _____ () [File not signed] C:\Program Files (x86)\AMD\Performance Profile Client\AUEPDU.exe
2018-01-31 17:49 - 2018-01-31 17:49 - 000011264 _____ () [File not signed] C:\Program Files (x86)\AMD\Performance Profile Client\AUEPUF.exe
2016-06-28 21:36 - 2016-06-28 21:36 - 000004608 _____ (Advanced Micro Devices, Inc.) [File not signed] C:\Program Files\AMD\CNext\CNext\atiamenu.dll
2015-11-25 06:49 - 2015-11-25 06:49 - 002257408 _____ (ActiveState Software Inc) [File not signed] C:\Program Files (x86)\Raptr Inc\PlaysTV\python26.dll
2015-11-25 06:48 - 2015-11-25 06:48 - 000028160 _____ () [File not signed] C:\Program Files (x86)\Raptr Inc\PlaysTV\servicemanager.pyd
2015-11-25 06:46 - 2015-11-25 06:46 - 000110592 _____ () [File not signed] C:\Program Files (x86)\Raptr Inc\PlaysTV\pywintypes26.dll
2015-11-25 06:48 - 2015-11-25 06:48 - 000041472 _____ () [File not signed] C:\Program Files (x86)\Raptr Inc\PlaysTV\win32service.pyd
2015-11-25 06:48 - 2015-11-25 06:48 - 000096256 _____ () [File not signed] C:\Program Files (x86)\Raptr Inc\PlaysTV\win32api.pyd
2015-11-25 06:43 - 2015-11-25 06:43 - 000356864 _____ () [File not signed] C:\Program Files (x86)\Raptr Inc\PlaysTV\_hashlib.pyd
2015-11-25 06:48 - 2015-11-25 06:48 - 000017920 _____ () [File not signed] C:\Program Files (x86)\Raptr Inc\PlaysTV\win32event.pyd
2015-11-25 06:48 - 2015-11-25 06:48 - 000019968 _____ () [File not signed] C:\Program Files (x86)\Raptr Inc\PlaysTV\win32evtlog.pyd
2015-11-25 06:48 - 2015-11-25 06:48 - 000036352 _____ () [File not signed] C:\Program Files (x86)\Raptr Inc\PlaysTV\win32process.pyd
2015-11-25 06:43 - 2015-11-25 06:43 - 000043008 _____ () [File not signed] C:\Program Files (x86)\Raptr Inc\PlaysTV\_socket.pyd
2015-11-25 06:43 - 2015-11-25 06:43 - 000805376 _____ () [File not signed] C:\Program Files (x86)\Raptr Inc\PlaysTV\_ssl.pyd
2015-11-25 06:43 - 2015-11-25 06:43 - 000087040 _____ () [File not signed] C:\Program Files (x86)\Raptr Inc\PlaysTV\_ctypes.pyd
2015-11-25 06:46 - 2015-11-25 06:46 - 000354304 _____ () [File not signed] C:\Program Files (x86)\Raptr Inc\PlaysTV\pythoncom26.dll
2015-11-25 06:48 - 2015-11-25 06:48 - 000167936 _____ () [File not signed] C:\Program Files (x86)\Raptr Inc\PlaysTV\win32gui.pyd
2015-11-25 06:47 - 2015-11-25 06:47 - 001980928 _____ () [File not signed] C:\Program Files (x86)\Raptr Inc\PlaysTV\PyQt5.QtGui.pyd
2015-11-25 07:02 - 2015-11-25 07:02 - 004604416 _____ (Digia Plc and/or its subsidiary(-ies)) [File not signed] C:\Program Files (x86)\Raptr Inc\PlaysTV\Qt5Gui.dll
2015-11-25 07:01 - 2015-11-25 07:01 - 004088320 _____ (Digia Plc and/or its subsidiary(-ies)) [File not signed] C:\Program Files (x86)\Raptr Inc\PlaysTV\Qt5Core.dll
2015-11-25 07:02 - 2015-11-25 07:02 - 001316352 _____ (The ICU Project) [File not signed] C:\Program Files (x86)\Raptr Inc\PlaysTV\icuuc53.dll
2015-11-25 07:01 - 2015-11-25 07:01 - 001961472 _____ (The ICU Project) [File not signed] C:\Program Files (x86)\Raptr Inc\PlaysTV\icuin53.dll
2015-11-25 07:01 - 2015-11-25 07:01 - 021529088 _____ (The ICU Project) [File not signed] C:\Program Files (x86)\Raptr Inc\PlaysTV\icudt53.dll
2015-12-08 06:57 - 2015-12-08 06:57 - 000077824 _____ () [File not signed] C:\Program Files (x86)\Raptr Inc\PlaysTV\sip.pyd
2015-11-25 06:47 - 2015-11-25 06:47 - 001862144 _____ () [File not signed] C:\Program Files (x86)\Raptr Inc\PlaysTV\PyQt5.QtCore.pyd
2015-11-25 06:47 - 2015-11-25 06:47 - 000516608 _____ () [File not signed] C:\Program Files (x86)\Raptr Inc\PlaysTV\PyQt5.QtNetwork.pyd
2015-11-25 07:02 - 2015-11-25 07:02 - 000839680 _____ (Digia Plc and/or its subsidiary(-ies)) [File not signed] C:\Program Files (x86)\Raptr Inc\PlaysTV\Qt5Network.dll
2015-11-25 06:47 - 2015-11-25 06:47 - 004060160 _____ () [File not signed] C:\Program Files (x86)\Raptr Inc\PlaysTV\PyQt5.QtWidgets.pyd
2015-11-25 07:01 - 2015-11-25 07:01 - 004468736 _____ (Digia Plc and/or its subsidiary(-ies)) [File not signed] C:\Program Files (x86)\Raptr Inc\PlaysTV\Qt5Widgets.dll
2015-11-25 06:43 - 2015-11-25 06:43 - 000010240 _____ () [File not signed] C:\Program Files (x86)\Raptr Inc\PlaysTV\select.pyd
2013-11-21 11:31 - 2013-11-21 11:31 - 000286720 _____ (Intel Corporation) [File not signed] C:\Program Files\Intel\Intel(R) Rapid Storage Technology\PsiData.dll
2013-11-21 11:31 - 2013-11-21 11:31 - 000499200 _____ (Intel Corporation) [File not signed] C:\Program Files\Intel\Intel(R) Rapid Storage Technology\ISDI2.dll

==================== Alternate Data Streams (Whitelisted) =========

(If an entry is included in the fixlist, only the ADS will be removed.)

AlternateDataStreams: C:\ProgramData\Temp:56E2E879 [135]

==================== Safe Mode (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)


==================== Association (Whitelisted) ===============

(If an entry is included in the fixlist, the registry item will be restored to default or removed.)


==================== Internet Explorer trusted/restricted ===============

(If an entry is included in the fixlist, it will be removed from the registry.)


==================== Hosts content: ==========================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2016-11-15 03:41 - 2018-03-22 23:07 - 000001595 _____ C:\WINDOWS\system32\drivers\etc\hosts

127.0.0.1 bandicam.com
127.0.0.1 ssl.bandisoft.com
127.0.0.1 localhost
127.0.0.1 tonec.com
127.0.0.1 www.tonec.com
127.0.0.1 registeridm.com
127.0.0.1 www.registeridm.com
127.0.0.1 secure.registeridm.com
127.0.0.1 internetdownloadmanager.com
127.0.0.1 www.internetdownloadmanager.com
127.0.0.1 secure.internetdownloadmanager.com
127.0.0.1 www.secure.internetdownloadmanager.com
127.0.0.1 mirror.internetdownloadmanager.com
127.0.0.1 www.mirror.internetdownloadmanager.com
127.0.0.1 mirror2.internetdownloadmanager.com
127.0.0.1 www.mirror2.internetdownloadmanager.com
127.0.0.1 mirror3.internetdownloadmanager.com
127.0.0.1 www.mirror3.internetdownloadmanager.com
127.0.0.1 174.133.70.98

2016-11-07 03:29 - 2016-11-07 03:29 - 000000499 _____ C:\WINDOWS\system32\drivers\etc\hosts.ics

192.168.137.70 iPhone.mshome.net # 2016 11 0 13 17 29 46 813
192.168.137.1 Lenovo-PC.mshome.net # 2021 11 5 5 17 29 46 813

==================== Other Areas ============================

(Currently there is no automatic fix for this section.)

HKLM\System\CurrentControlSet\Control\Session Manager\Environment\\Path: C:\ProgramData\Oracle\Java\javapath;C:\Program Files\Common Files\Microsoft Shared\Windows Live;C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live;C:\Program Files (x86)\Intel\iCLS Client\;C:\Program Files\Intel\iCLS Client\;%SystemRoot%\system32;%SystemRoot%;%SystemRoot%\System32\Wbem;%SYSTEMROOT%\System32\WindowsPowerShell\v1.0\;C:\Program Files\Intel\Intel(R) Management Engine Components\DAL;C:\Program Files\Intel\Intel(R) Management Engine Components\IPT;C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL;C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT;C:\Program Files (x86)\Windows Live\Shared;D:\Program Files (x86)\QuickTime\QTSystem\;C:\Program Files (x86)\Skype\Phone\;C:\Program Files\Microsoft SQL Server\130\Tools\Binn\;C:\Program Files (x86)\Microsoft SQL Server\100\Tools\Binn\;C:\Program Files\Microsoft SQL Server\100\Tools\Binn\;C:\Program Files\Microsoft SQL Server\100\DTS\Binn\;%SYSTEMROOT%\System32\OpenSSH\
HKU\S-1-5-21-1925601759-1010797402-2804155008-1000\Control Panel\Desktop\\Wallpaper -> C:\Windows\Web\Wallpaper\Windows\img0.jpg
DNS Servers: 192.168.0.1
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1)
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer => (SmartScreenEnabled: Off)
HKLM\software\microsoft\Windows\CurrentVersion\Telephony\Providers => ProviderFileName2 -> ndptsp.tsp (No File)
Windows Firewall is enabled.

==================== MSCONFIG/TASK MANAGER disabled items ==

If an entry is included in the fixlist, it will be removed.

MSCONFIG\Services: ACDaemon => 3
MSCONFIG\Services: CLHNServiceForPowerDVD => 2
MSCONFIG\Services: CxAudMsg => 2
MSCONFIG\Services: CyberLink PowerDVD 11.0 Monitor Service => 2
MSCONFIG\Services: CyberLink PowerDVD 11.0 Service => 2
MSCONFIG\Services: dbupdate => 2
MSCONFIG\Services: dbupdatem => 3
MSCONFIG\Services: ETDService => 2
MSCONFIG\Services: gusvc => 3
MSCONFIG\Services: hmevpnsvc => 2
MSCONFIG\Services: iPod Service => 3
MSCONFIG\Services: MozillaMaintenance => 3
MSCONFIG\Services: OverwolfUpdater => 3
MSCONFIG\Services: PingzapperSvc => 2
MSCONFIG\Services: Razer Game Scanner Service => 2
MSCONFIG\Services: SkypeUpdate => 2
MSCONFIG\Services: TeamViewer => 2
MSCONFIG\Services: UDisk Monitor => 2
MSCONFIG\Services: WtuSystemSupport => 2
MSCONFIG\startupfolder: C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^McAfee Security Scan Plus.lnk => C:\Windows\pss\McAfee Security Scan Plus.lnk.CommonStartup
MSCONFIG\startupfolder: C:^Users^Lenovo^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^MYOB Add-On Connector.lnk => C:\Windows\pss\MYOB Add-On Connector.lnk.Startup
MSCONFIG\startupreg: Adobe ARM => "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
MSCONFIG\startupreg: AdobeAAMUpdater-1.0 => "C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe"
MSCONFIG\startupreg: APSDaemon => "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe"
MSCONFIG\startupreg: AVG-Secure-Search-Update_0715tb => "C:\ProgramData\Avg_Update_0715tb\AVG-Secure-Search-Update_0715tb.exe" /PROMPT /CMPID=0715tb
MSCONFIG\startupreg: BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA} => "C:\Program Files (x86)\Common Files\Ahead\Lib\NMBgMonitor.exe"
MSCONFIG\startupreg: cAudioFilterAgent => C:\Program Files\Conexant\cAudioFilterAgent\cAudioFilterAgent64.exe
MSCONFIG\startupreg: cFosSpeed => C:\Program Files\cFosSpeed\cFosSpeed.exe
MSCONFIG\startupreg: Dropbox => "C:\Program Files (x86)\Dropbox\Client\Dropbox.exe" /systemstartup
MSCONFIG\startupreg: Energy Management => C:\Program Files (x86)\Lenovo\Energy Management\Energy Management.exe
MSCONFIG\startupreg: EnergyUtility => C:\Program Files (x86)\Lenovo\Energy Management\Utility.exe
MSCONFIG\startupreg: ForteConfig => C:\Program Files\Conexant\ForteConfig\fmapp.exe
MSCONFIG\startupreg: Google Update => "C:\Users\Lenovo\AppData\Local\Google\Update\GoogleUpdate.exe" /c
MSCONFIG\startupreg: GrooveMonitor => "C:\Program Files (x86)\Microsoft Office\Office12\GrooveMonitor.exe"
MSCONFIG\startupreg: HotKeysCmds => "C:\Windows\system32\hkcmd.exe"
MSCONFIG\startupreg: IAStorIcon => "C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorIconLaunch.exe" "C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe" 60
MSCONFIG\startupreg: IgfxTray => "C:\Windows\system32\igfxtray.exe"
MSCONFIG\startupreg: Launch LCore => C:\Program Files\Logitech Gaming Software\LCore.exe /minimized
MSCONFIG\startupreg: Overwolf => C:\Program Files (x86)\Overwolf\Overwolf.exe -silent
MSCONFIG\startupreg: Persistence => "C:\Windows\system32\igfxpers.exe"
MSCONFIG\startupreg: QuickTime Task => "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime
MSCONFIG\startupreg: Raptr => C:\Program Files (x86)\Raptr\RAPTRS~1.EXE --startup
MSCONFIG\startupreg: Razer Synapse => "C:\Program Files (x86)\Razer\Synapse\RzSynapse.exe"
MSCONFIG\startupreg: RemoteControl11 => "C:\Program Files (x86)\CyberLink\PowerDVD11\PDVD11Serv.exe"
MSCONFIG\startupreg: Sidebar => C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
MSCONFIG\startupreg: SmartAudio => C:\Program Files\CONEXANT\SAII\SACpl.exe /t
MSCONFIG\startupreg: Spotify => "C:\Users\Lenovo\AppData\Roaming\Spotify\Spotify.exe" -autostart -minimized
MSCONFIG\startupreg: Spotify Web Helper => "C:\Users\Lenovo\AppData\Roaming\Spotify\SpotifyWebHelper.exe"
MSCONFIG\startupreg: StartCCC => "C:\Program Files (x86)\AMD\ATI.ACE\Core-Static\amd64\CLIStart.exe" MSRun
MSCONFIG\startupreg: Steam => "C:\Program Files (x86)\Steam\steam.exe" -silent
MSCONFIG\startupreg: SynLenovoGestureMgr => %ProgramFiles%\Synaptics\SynTP\SynLenovoGestureMgr.exe
MSCONFIG\startupreg: SynTPEnh => %ProgramFiles%\Synaptics\SynTP\SynTPEnh.exe
MSCONFIG\startupreg: USB3MON => "C:\Program Files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe"
MSCONFIG\startupreg: vProt => "C:\Program Files (x86)\AVG Web TuneUp\vprot.exe"
MSCONFIG\startupreg: WTFast Tray => "D:\Program Files (x86)\WTFast\WTFast.exe" trayonly
HKLM\...\StartupApproved\Run: => "cAudioFilterAgent"
HKLM\...\StartupApproved\Run: => "ForteConfig"
HKLM\...\StartupApproved\Run: => "iTunesHelper"
HKLM\...\StartupApproved\Run: => "StartCN"
HKLM\...\StartupApproved\Run32: => "DivXUpdate"
HKLM\...\StartupApproved\Run32: => "DivXMediaServer"
HKLM\...\StartupApproved\Run32: => "Dropbox"
HKLM\...\StartupApproved\Run32: => "AVG_UI"
HKLM\...\StartupApproved\Run32: => "QuickTime Task"
HKLM\...\StartupApproved\Run32: => "Raptr"
HKLM\...\StartupApproved\Run32: => "vProt"
HKLM\...\StartupApproved\Run32: => "PlaysTV"
HKLM\...\StartupApproved\Run32: => "Wondershare Helper Compact.exe"
HKLM\...\StartupApproved\Run32: => "SunJavaUpdateSched"
HKLM\...\StartupApproved\Run32: => "SecurityHealth"
HKLM\...\StartupApproved\Run32: => "SmartAudio"
HKLM\...\StartupApproved\Run32: => "ETDCtrl"
HKLM\...\StartupApproved\Run32: => "DSATray"
HKU\S-1-5-21-1925601759-1010797402-2804155008-1000\...\StartupApproved\StartupFolder: => "hide.me VPN.lnk"
HKU\S-1-5-21-1925601759-1010797402-2804155008-1000\...\StartupApproved\StartupFolder: => "Bitcoin.lnk"
HKU\S-1-5-21-1925601759-1010797402-2804155008-1000\...\StartupApproved\Run: => "Discord"
HKU\S-1-5-21-1925601759-1010797402-2804155008-1000\...\StartupApproved\Run: => "OneDrive"
HKU\S-1-5-21-1925601759-1010797402-2804155008-1000\...\StartupApproved\Run: => "Spotify Web Helper"
HKU\S-1-5-21-1925601759-1010797402-2804155008-1000\...\StartupApproved\Run: => "WTFast Tray"
HKU\S-1-5-21-1925601759-1010797402-2804155008-1000\...\StartupApproved\Run: => "CCleaner Monitoring"
HKU\S-1-5-21-1925601759-1010797402-2804155008-1000\...\StartupApproved\Run: => "Free Download Manager"
HKU\S-1-5-21-1925601759-1010797402-2804155008-1000\...\StartupApproved\Run: => "Adguard"
HKU\S-1-5-21-1925601759-1010797402-2804155008-1000\...\StartupApproved\Run: => "DownloadAccelerator"

==================== FirewallRules (Whitelisted) ===============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

FirewallRules: [{7CA842ED-FDC9-4D33-B694-62CC7F8B7B47}] => (Allow) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google LLC -> Google Inc.)
FirewallRules: [{4EE071C0-A61C-4D56-B8AC-530BE82152B7}] => (Allow) C:\Program Files (x86)\360\Total Security\safemon\QHSafeTray.exe (QIHU 360 SOFTWARE CO. LIMITED -> Qihoo 360 Technology Co. Ltd.)
FirewallRules: [{16DC2830-7CDC-4D9A-AF4A-3D0EF4F2249D}] => (Allow) C:\Program Files (x86)\360\Total Security\safemon\QHSafeTray.exe (QIHU 360 SOFTWARE CO. LIMITED -> Qihoo 360 Technology Co. Ltd.)
FirewallRules: [{C85BB459-5825-465E-9C64-4F6D04295ECA}] => (Allow) D:\Steam\Steam.exe (Valve -> Valve Corporation)
FirewallRules: [{56B248C4-51C0-4881-A3DF-FFE49495D7A2}] => (Allow) D:\Steam\Steam.exe (Valve -> Valve Corporation)
FirewallRules: [{384A9A9E-27F1-4EEA-8FB8-BE8AA17306FB}] => (Allow) D:\Steam\bin\cef\cef.win7x64\steamwebhelper.exe (Valve -> Valve Corporation)
FirewallRules: [{8F158D42-D729-46B6-B6CB-533F4AC05185}] => (Allow) D:\Steam\bin\cef\cef.win7x64\steamwebhelper.exe (Valve -> Valve Corporation)
FirewallRules: [{435422B9-07FA-46DF-A741-237F7C2210F3}] => (Allow) D:\Steam\SteamApps\common\dota 2 beta\game\bin\win64\dota2.exe (Valve -> )
FirewallRules: [{22F62F48-C02A-4790-A6F5-8B890C3CCB15}] => (Allow) D:\Steam\SteamApps\common\dota 2 beta\game\bin\win64\dota2.exe (Valve -> )
FirewallRules: [{B4DEDF6A-1421-40E0-8BAF-84376A31421B}] => (Allow) D:\Steam\SteamApps\common\dota 2 beta\game\bin\win64\dota2cfg.exe (Valve -> )
FirewallRules: [{08045740-3153-41A2-9A22-8AAD96F532E8}] => (Allow) D:\Steam\SteamApps\common\dota 2 beta\game\bin\win64\dota2cfg.exe (Valve -> )
FirewallRules: [{2C9C57C3-E3E0-4550-87ED-D230BE7E01BA}] => (Allow) D:\Steam\SteamApps\common\dota 2 beta\game\bin\win64\dota2.exe (Valve -> )
FirewallRules: [{2F0F5E82-9854-4FF2-8036-7472B1B31AFD}] => (Allow) D:\Steam\SteamApps\common\dota 2 beta\game\bin\win64\dota2.exe (Valve -> )

==================== Restore Points =========================


==================== Faulty Device Manager Devices =============


==================== Event log errors: =========================

Application errors:
==================
Error: (04/19/2019 12:18:09 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: AvLaunch.exe, version: 19.3.4241.0, time stamp: 0x5c82677e
Faulting module name: ucrtbase.dll, version: 10.0.17134.677, time stamp: 0x9f346d3f
Exception code: 0xc0000409
Fault offset: 0x000000000006e14e
Faulting process id: 0x34a4
Faulting application start time: 0x01d4f5f17b91dedb
Faulting application path: C:\Program Files\AVAST Software\Avast\AvLaunch.exe
Faulting module path: C:\WINDOWS\System32\ucrtbase.dll
Report Id: 5e740d30-457e-4478-918d-4c2fc62c2872
Faulting package full name:
Faulting package-relative application ID:

Error: (04/18/2019 03:53:49 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: AvLaunch.exe, version: 19.3.4241.0, time stamp: 0x5c82677e
Faulting module name: ucrtbase.dll, version: 10.0.17134.677, time stamp: 0x9f346d3f
Exception code: 0xc0000409
Fault offset: 0x000000000006e14e
Faulting process id: 0x7c8
Faulting application start time: 0x01d4f5aafef2d94d
Faulting application path: C:\Program Files\AVAST Software\Avast\AvLaunch.exe
Faulting module path: C:\WINDOWS\System32\ucrtbase.dll
Report Id: 7f26122a-19e9-4d19-ab28-3751a9678530
Faulting package full name:
Faulting package-relative application ID:

Error: (04/18/2019 11:18:25 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: AvLaunch.exe, version: 19.3.4241.0, time stamp: 0x5c82677e
Faulting module name: ucrtbase.dll, version: 10.0.17134.677, time stamp: 0x9f346d3f
Exception code: 0xc0000409
Fault offset: 0x000000000006e14e
Faulting process id: 0x2e88
Faulting application start time: 0x01d4f5847f2e9a20
Faulting application path: C:\Program Files\AVAST Software\Avast\AvLaunch.exe
Faulting module path: C:\WINDOWS\System32\ucrtbase.dll
Report Id: 88217f84-4c3b-4f25-ab64-88d999f6e834
Faulting package full name:
Faulting package-relative application ID:

Error: (04/18/2019 10:57:21 AM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 62438

Error: (04/18/2019 10:57:21 AM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledEvent 62438

Error: (04/18/2019 10:57:21 AM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: Continuously busy for more than a second

Error: (04/18/2019 10:57:05 AM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 46813

Error: (04/18/2019 10:57:05 AM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledEvent 46813


System errors:
=============
Error: (04/19/2019 02:08:23 AM) (Source: DCOM) (EventID: 10016) (User: Lenovo-PC)
Description: The application-specific permission settings do not grant Local Activation permission for the COM Server application with CLSID
{D63B10C5-BB46-4990-A94F-E40B9D520160}
and APPID
{9CA88EE3-ACB7-47C8-AFC4-AB702511C276}
to the user Lenovo-PC\Lenovo SID (S-1-5-21-1925601759-1010797402-2804155008-1000) from address LocalHost (Using LRPC) running in the application container Unavailable SID (Unavailable). This security permission can be modified using the Component Services administrative tool.

Error: (04/19/2019 01:55:45 AM) (Source: DCOM) (EventID: 10016) (User: Lenovo-PC)
Description: The application-specific permission settings do not grant Local Activation permission for the COM Server application with CLSID
{D63B10C5-BB46-4990-A94F-E40B9D520160}
and APPID
{9CA88EE3-ACB7-47C8-AFC4-AB702511C276}
to the user Lenovo-PC\Lenovo SID (S-1-5-21-1925601759-1010797402-2804155008-1000) from address LocalHost (Using LRPC) running in the application container Unavailable SID (Unavailable). This security permission can be modified using the Component Services administrative tool.

Error: (04/19/2019 01:42:15 AM) (Source: DCOM) (EventID: 10016) (User: Lenovo-PC)
Description: The application-specific permission settings do not grant Local Activation permission for the COM Server application with CLSID
{D63B10C5-BB46-4990-A94F-E40B9D520160}
and APPID
{9CA88EE3-ACB7-47C8-AFC4-AB702511C276}
to the user Lenovo-PC\Lenovo SID (S-1-5-21-1925601759-1010797402-2804155008-1000) from address LocalHost (Using LRPC) running in the application container Unavailable SID (Unavailable). This security permission can be modified using the Component Services administrative tool.

Error: (04/19/2019 01:40:52 AM) (Source: DCOM) (EventID: 10016) (User: Lenovo-PC)
Description: The application-specific permission settings do not grant Local Activation permission for the COM Server application with CLSID
{D63B10C5-BB46-4990-A94F-E40B9D520160}
and APPID
{9CA88EE3-ACB7-47C8-AFC4-AB702511C276}
to the user Lenovo-PC\Lenovo SID (S-1-5-21-1925601759-1010797402-2804155008-1000) from address LocalHost (Using LRPC) running in the application container Unavailable SID (Unavailable). This security permission can be modified using the Component Services administrative tool.

Error: (04/19/2019 01:40:26 AM) (Source: DCOM) (EventID: 10016) (User: Lenovo-PC)
Description: The application-specific permission settings do not grant Local Activation permission for the COM Server application with CLSID
{D63B10C5-BB46-4990-A94F-E40B9D520160}
and APPID
{9CA88EE3-ACB7-47C8-AFC4-AB702511C276}
to the user Lenovo-PC\Lenovo SID (S-1-5-21-1925601759-1010797402-2804155008-1000) from address LocalHost (Using LRPC) running in the application container Unavailable SID (Unavailable). This security permission can be modified using the Component Services administrative tool.

Error: (04/19/2019 12:27:14 AM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The Steam Client Service service failed to start due to the following error:
The service did not respond to the start or control request in a timely fashion.

Error: (04/19/2019 12:27:14 AM) (Source: Service Control Manager) (EventID: 7009) (User: )
Description: A timeout was reached (120000 milliseconds) while waiting for the Steam Client Service service to connect.

Error: (04/19/2019 12:27:13 AM) (Source: DCOM) (EventID: 10016) (User: Lenovo-PC)
Description: The application-specific permission settings do not grant Local Activation permission for the COM Server application with CLSID
{D63B10C5-BB46-4990-A94F-E40B9D520160}
and APPID
{9CA88EE3-ACB7-47C8-AFC4-AB702511C276}
to the user Lenovo-PC\Lenovo SID (S-1-5-21-1925601759-1010797402-2804155008-1000) from address LocalHost (Using LRPC) running in the application container Unavailable SID (Unavailable). This security permission can be modified using the Component Services administrative tool.


CodeIntegrity:
===================================

Date: 2019-04-19 01:13:02.168
Description:
Code Integrity determined that a process (\Device\HarddiskVolume2\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe) attempted to load \Device\HarddiskVolume2\Program Files (x86)\360\Total Security\I18N64.dll that did not meet the Store signing level requirements.

Date: 2019-04-19 01:13:02.159
Description:
Code Integrity determined that a process (\Device\HarddiskVolume2\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe) attempted to load \Device\HarddiskVolume2\Program Files (x86)\360\Total Security\I18N64.dll that did not meet the Store signing level requirements.

Date: 2019-04-18 16:19:07.501
Description:
Code Integrity determined that a process (\Device\HarddiskVolume2\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe) attempted to load \Device\HarddiskVolume2\Program Files (x86)\360\Total Security\I18N64.dll that did not meet the Store signing level requirements.

Date: 2019-04-18 16:19:07.324
Description:
Code Integrity determined that a process (\Device\HarddiskVolume2\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe) attempted to load \Device\HarddiskVolume2\Program Files (x86)\360\Total Security\I18N64.dll that did not meet the Store signing level requirements.

Date: 2019-04-18 15:23:03.317
Description:
Code Integrity determined that a process (\Device\HarddiskVolume2\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe) attempted to load \Device\HarddiskVolume2\Program Files (x86)\360\Total Security\I18N64.dll that did not meet the Store signing level requirements.

Date: 2019-04-18 15:23:03.050
Description:
Code Integrity determined that a process (\Device\HarddiskVolume2\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe) attempted to load \Device\HarddiskVolume2\Program Files (x86)\360\Total Security\I18N64.dll that did not meet the Store signing level requirements.

Date: 2019-04-18 15:22:56.436
Description:
Code Integrity determined that a process (\Device\HarddiskVolume2\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe) attempted to load \Device\HarddiskVolume2\Program Files (x86)\360\Total Security\I18N64.dll that did not meet the Store signing level requirements.

Date: 2019-04-18 15:22:55.885
Description:
Code Integrity determined that a process (\Device\HarddiskVolume2\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe) attempted to load \Device\HarddiskVolume2\Program Files (x86)\360\Total Security\I18N64.dll that did not meet the Store signing level requirements.

==================== Memory info ===========================

Processor: Intel(R) Core(TM) i7-4510U CPU @ 2.00GHz
Percentage of memory in use: 47%
Total physical RAM: 8088.36 MB
Available physical RAM: 4219.35 MB
Total Virtual: 20220.36 MB
Available Virtual: 16059.62 MB

==================== Drives ================================

Drive c: (OS) (Fixed) (Total:151.27 GB) (Free:17.17 GB) NTFS
Drive d: (Data) (Fixed) (Total:584.83 GB) (Free:275.71 GB) NTFS
Drive f: (Bandicam) (Fixed) (Total:195.31 GB) (Free:179.55 GB) NTFS

\\?\Volume{c05dd144-747f-11e4-9d1a-806e6f6e6963}\ (System Reserved) (Fixed) (Total:0.1 GB) (Free:0.05 GB) NTFS

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (MBR Code: Windows 7/8/10) (Size: 931.5 GB) (Disk ID: D9FA2484)
Partition 1: (Active) - (Size=100 MB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=151.3 GB) - (Type=07 NTFS)
Partition 3: (Not Active) - (Size=584.8 GB) - (Type=07 NTFS)
Partition 4: (Not Active) - (Size=195.3 GB) - (Type=0F Extended)

==================== End of Addition.txt ============================


content of FRST:

Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 17.04.2019
Ran by Lenovo (administrator) on LENOVO-PC (19-04-2019 02:10:45)
Running from C:\Users\Lenovo\Downloads
Loaded Profiles: Lenovo (Available Profiles: Lenovo & DefaultAppPool)
Platform: Windows 10 Pro Version 1803 17134.706 (X64) Language: English (United States)
Default browser: Chrome
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(AVG Technologies CZ, s.r.o. -> ) C:\Program Files (x86)\AVG Web TuneUp\WtuSystemSupport.exe
(QIHU 360 SOFTWARE CO. LIMITED -> Qihoo 360 Technology Co. Ltd.) C:\Program Files (x86)\360\Total Security\safemon\QHActiveDefense.exe
(Apple Inc. -> Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(AnchorFree Inc -> AnchorFree Inc.) C:\Program Files (x86)\Hotspot Shield\bin\cmw_srv.exe
(Conexant Systems, Inc. -> Conexant Systems Inc.) C:\Windows\System32\CxAudMsg64.exe
(Intel(R) Driver & Support Assistant -> Intel) C:\Program Files (x86)\Intel Driver and Support Assistant\DSAService.exe
() [File not signed] C:\Program Files (x86)\MySQL\MySQL Server 5.0\bin\mysqld-nt.exe
(Plays.tv, LLC -> Plays.tv, LLC) C:\Program Files (x86)\Raptr Inc\PlaysTV\plays_service.exe
(ELAN Microelectronics Corporation -> ELAN Microelectronics Corp.) C:\Program Files\Elantech\ETDService.exe
(Intel(R) Corporation) [File not signed] C:\Program Files\Intel\iCLS Client\HeciServer.exe
(McAfee, Inc. -> McAfee, LLC.) C:\Program Files\McAfee\TrueKey\McAfee.TrueKey.Service.exe
(McAfee, Inc. -> McAfee, LLC.) C:\Program Files\McAfee\TrueKey\McAfee.TrueKey.ServiceHelper.exe
(McAfee, Inc. -> McAfee, LLC.) C:\Program Files\McAfee\TrueKey\McTkSchedulerService.exe
(Microsoft Corporation -> Microsoft Corporation) C:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe
(Microsoft Corporation -> Microsoft Corporation) C:\Program Files\Microsoft SQL Server\MSSQL10.SQLEXPRESS\MSSQL\Binn\sqlservr.exe
(Apple Inc. -> Apple Inc.) C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(Razer Inc. -> Razer Inc.) D:\Program Files (x86)\Razer\Razer Game Booster\RzKLService.exe
(QIHU 360 SOFTWARE CO. LIMITED -> QIHU 360 SOFTWARE CO. LIMITED) C:\Program Files (x86)\360\Total Security\safemon\QHWatchdog.exe
(Intel Corporation - Intel® Management Engine Firmware -> Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe
() [File not signed] C:\Program Files\ATI Technologies\ATI.ACE\a4\AdaptiveSleepService.exe
() [File not signed] C:\Program Files (x86)\AMD\Performance Profile Client\AUEPLauncher.exe
() [File not signed] C:\Program Files (x86)\AMD\Performance Profile Client\AUEPMaster.exe
(Intel Corporation - Intel® Rapid Storage Technology -> Intel Corporation) C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe
(Microsoft Windows -> Microsoft Corporation) C:\Program Files\rempl\sedsvc.exe
(Microsoft Windows -> Microsoft Corporation) C:\Windows\SysWOW64\wbem\WmiPrvSE.exe
() [File not signed] C:\Program Files (x86)\AMD\Performance Profile Client\AUEPDU.exe
(Microsoft Windows -> Microsoft Corporation) C:\Windows\SysWOW64\wbem\WmiPrvSE.exe
(TeamViewer GmbH -> TeamViewer GmbH) C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe
(Google Inc -> Google LLC) C:\Program Files (x86)\Google\Update\1.3.34.7\GoogleCrashHandler.exe
(Google Inc -> Google LLC) C:\Program Files (x86)\Google\Update\1.3.34.7\GoogleCrashHandler64.exe
(ELAN Microelectronics Corporation -> ELAN Microelectronics Corp.) C:\Program Files\Elantech\ETDCtrl.exe
() [File not signed] C:\Program Files (x86)\AMD\Performance Profile Client\AUEPUF.exe
(McAfee, Inc. -> McAfee, LLC.) C:\Program Files\McAfee\TrueKey\McAfee.TrueKey.SmartMonitor.exe
(ELAN Microelectronics Corporation -> ELAN Microelectronics Corp.) C:\Program Files\Elantech\ETDCtrlHelper.exe
(Microsoft Corporation) [File not signed] C:\Program Files\WindowsApps\Microsoft.SkypeApp_14.42.60.0_x64__kzf8qxf38zg5c\SkypeApp.exe
() [File not signed] C:\Program Files\WindowsApps\Microsoft.SkypeApp_14.42.60.0_x64__kzf8qxf38zg5c\SkypeBackgroundHost.exe
(Microsoft Windows -> Microsoft Corporation) C:\Program Files\Windows Defender\MSASCuiL.exe
(QIHU 360 SOFTWARE CO. LIMITED -> Qihoo 360 Technology Co. Ltd.) C:\Program Files (x86)\360\Total Security\safemon\QHSafeTray.exe
(Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\dllhost.exe
() [File not signed] C:\Program Files\WindowsApps\Microsoft.Windows.Photos_2019.19021.18010.0_x64__8wekyb3d8bbwe\Microsoft.Photos.exe
(Microsoft Windows -> Microsoft Corporation) C:\Windows\ImmersiveControlPanel\SystemSettings.exe
(Microsoft Corporation -> Microsoft Corporation) C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe
(Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\browser_broker.exe
(Microsoft Corporation -> Microsoft Corporation) C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe
(Microsoft Corporation -> Microsoft Corporation) C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe
(Google LLC -> Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google LLC -> Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google LLC -> Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google LLC -> Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google LLC -> Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google LLC -> Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google LLC -> Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google LLC -> Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google LLC -> Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Opera Software AS -> Opera Software) C:\Users\Lenovo\AppData\Local\Programs\Opera\58.0.3135.127\opera.exe
(Opera Software AS -> Opera Software) C:\Users\Lenovo\AppData\Local\Programs\Opera\58.0.3135.127\opera_crashreporter.exe
(Opera Software AS -> Opera Software) C:\Users\Lenovo\AppData\Local\Programs\Opera\58.0.3135.127\opera.exe
(Opera Software AS -> Opera Software) C:\Users\Lenovo\AppData\Local\Programs\Opera\58.0.3135.127\opera.exe
(Opera Software AS -> Opera Software) C:\Users\Lenovo\AppData\Local\Programs\Opera\58.0.3135.127\opera.exe
(Opera Software AS -> Opera Software) C:\Users\Lenovo\AppData\Local\Programs\Opera\58.0.3135.127\opera.exe
(Opera Software AS -> Opera Software) C:\Users\Lenovo\AppData\Local\Programs\Opera\58.0.3135.127\opera.exe
(Opera Software AS -> Opera Software) C:\Users\Lenovo\AppData\Local\Programs\Opera\58.0.3135.127\opera.exe
(Opera Software AS -> Opera Software) C:\Users\Lenovo\AppData\Local\Programs\Opera\58.0.3135.127\opera.exe
(Google LLC -> Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google LLC -> Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe

==================== Registry (Whitelisted) ===========================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [SecurityHealth] => C:\Program Files\Windows Defender\MSASCuiL.exe [638872 2018-04-12] (Microsoft Windows -> Microsoft Corporation)
HKLM\...\Run: [ETDCtrl] => C:\Program Files\Elantech\ETDCtrl.exe [3242696 2015-10-07] (ELAN Microelectronics Corporation -> ELAN Microelectronics Corp.)
HKLM\...\Run: [ForteConfig] => C:\Program Files\Conexant\ForteConfig\fmapp.exe [49056 2010-10-26] (Fortemedia Inc -> )
HKLM\...\Run: [cAudioFilterAgent] => C:\Program Files\Conexant\cAudioFilterAgent\cAudioFilterAgent64.exe [935104 2014-11-25] (Conexant Systems, Inc. -> Conexant Systems, Inc.)
HKLM\...\Run: [iTunesHelper] => D:\Program Files\iTunes\iTunesHelper.exe [298296 2018-01-22] (Apple Inc. -> Apple Inc.)
HKLM-x32\...\Run: [vProt] => C:\Program Files (x86)\AVG Web TuneUp\vprot.exe [2180680 2016-10-02] (AVG Technologies CZ, s.r.o. -> )
HKLM-x32\...\Run: [Dropbox] => C:\Program Files (x86)\Dropbox\Client\Dropbox.exe [3567936 2018-03-15] (Dropbox, Inc -> Dropbox, Inc.)
HKLM-x32\...\Run: [PlaysTV] => C:\Program Files (x86)\Raptr Inc\PlaysTV\playstv_launcher.exe [71440 2016-08-10] (Plays.tv, LLC -> Plays.tv, LLC)
HKLM-x32\...\Run: [Raptr] => C:\Program Files (x86)\Raptr Inc\Raptr\raptrstub.exe [58640 2016-04-01] (Raptr, Inc -> Raptr, Inc)
HKLM-x32\...\Run: [QHSafeTray] => C:\Program Files (x86)\360\Total Security\safemon\360Tray.exe [669248 2018-09-28] (QIHU 360 SOFTWARE CO. LIMITED -> Qihoo 360 Technology Co. Ltd.)
HKLM-x32\...\Run: [DSATray] => C:\Program Files (x86)\Intel Driver and Support Assistant\DsaTray.exe [135968 2018-03-15] (Intel(R) Driver & Support Assistant -> Intel)
HKLM-x32\...\Run: [AvastUI.exe] => C:\Program Files\AVAST Software\Avast\AvLaunch.exe [260488 2019-03-18] (AVAST Software s.r.o. -> AVAST Software)
HKLM\SOFTWARE\Policies\Microsoft\Windows Defender: Restriction <==== ATTENTION
HKU\S-1-5-19\...\RunOnce: [WAB Migrate] => C:\Program Files\Windows Mail\wab.exe [518144 2018-04-12] (Microsoft Windows -> Microsoft Corporation)
HKU\S-1-5-20\...\RunOnce: [WAB Migrate] => C:\Program Files\Windows Mail\wab.exe [518144 2018-04-12] (Microsoft Windows -> Microsoft Corporation)
HKU\S-1-5-21-1925601759-1010797402-2804155008-1000\...\Run: [CCleaner Monitoring] => C:\Program Files\CCleaner\CCleaner64.exe [17074688 2018-03-07] (Piriform Ltd -> Piriform Ltd)
HKU\S-1-5-21-1925601759-1010797402-2804155008-1000\...\Run: [Opera Browser Assistant] => C:\Users\Lenovo\AppData\Local\Programs\Opera\assistant\browser_assistant.exe [2480216 2019-02-12] (Opera Software AS -> Opera Software)
HKU\S-1-5-21-1925601759-1010797402-2804155008-1000\...\Policies\Explorer: [NoLowDiskSpaceChecks] 1
HKLM\...\Drivers32: [VIDC.FPS1] => C:\WINDOWS\system32\frapsv64.dll [105984 2015-09-05] (Beepa P/L) [File not signed]
HKLM\...\Drivers32: [VIDC.HFYU] => C:\WINDOWS\system32\huffyuv.dll [55296 2005-01-22] () [File not signed]
HKLM\...\Drivers32: [VIDC.LAGS] => C:\WINDOWS\system32\lagarith.dll [148992 2011-12-08] ( ) [File not signed]
HKLM\...\Drivers32: [VIDC.X264] => C:\WINDOWS\system32\x264vfw64.dll [3799552 2017-07-30] (x264vfw project) [File not signed]
HKLM\...\Drivers32: [VIDC.XVID] => C:\WINDOWS\system32\xvidvfw.dll [311296 2018-01-28] () [File not signed]
HKLM\...\Drivers32: [VIDC.FFDS] => C:\WINDOWS\system32\ff_vfw.dll [126976 2015-08-25] () [File not signed]
HKLM\...\Drivers32: [msacm.ac3acm] => C:\WINDOWS\system32\ac3acm.acm [180736 2012-07-21] (fccHandler) [File not signed]
HKLM\...\Drivers32: [VIDC.FPS1] => C:\Windows\SysWOW64\frapsvid.dll [94208 2015-09-05] (Beepa P/L) [File not signed]
HKLM\...\Drivers32: [VIDC.HFYU] => C:\WINDOWS\SysWOW64\huffyuv.dll [39936 2004-05-19] (Disappearing Inc.) [File not signed]
HKLM\...\Drivers32: [VIDC.LAGS] => C:\WINDOWS\SysWOW64\lagarith.dll [216064 2011-12-08] ( ) [File not signed]
HKLM\...\Drivers32: [VIDC.X264] => C:\Windows\SysWOW64\x264vfw.dll [3850240 2017-07-30] (x264vfw project) [File not signed]
HKLM\...\Drivers32: [VIDC.XVID] => C:\WINDOWS\SysWOW64\xvidvfw.dll [284672 2018-01-28] () [File not signed]
HKLM\...\Drivers32: [msacm.ac3acm] => C:\WINDOWS\SysWOW64\ac3acm.acm [122880 2012-07-21] (fccHandler) [File not signed]
HKLM\...\Drivers32: [msacm.lameacm] => C:\Windows\SysWOW64\lameACM.acm [473088 2015-02-26] (hxxp://www.mp3dev.org/) [File not signed]
HKLM\...\Drivers32: [VIDC.FFDS] => C:\WINDOWS\SysWOW64\ff_vfw.dll [112128 2015-08-25] () [File not signed]
HKLM\Software\Microsoft\Active Setup\Installed Components: [{8A69D345-D564-463c-AFF1-A69D9E530F96}] -> C:\Program Files (x86)\Google\Chrome\Application\73.0.3683.103\Installer\chrmstp.exe [2019-04-18] (Google LLC -> Google Inc.)
HKLM\Software\...\Authentication\Credential Providers: [{503739d0-4c5e-4cfd-b3ba-d881334f0df2}] ->
HKLM\Software\...\Authentication\Credential Providers: [{B7724AE5-1135-4889-8A5F-CA98BE6CA1ED}] -> C:\Program Files\McAfee\TrueKey\McAfee.TrueKey.CredentialProvider.dll [2018-11-27] (McAfee, Inc. -> McAfee, LLC.)
Lsa: [Notification Packages] scecli C:\Program Files\TrueKey\McAfeeTrueKeyPasswordFilter "C:\Program Files\TrueKey\McAfeeTrueKeyPasswordFilter" "C:\Program Files\McAfee\TrueKey\McAfeeTrueKeyPasswordFilter"
GroupPolicy: Restriction ? <==== ATTENTION

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

Hosts: There are more than one entry in Hosts. See Hosts section of Addition.txt
Tcpip\Parameters: [DhcpNameServer] 192.168.0.1
Tcpip\..\Interfaces\{2e5093be-ec30-45b1-a0b7-0a9388c176f1}: [DhcpNameServer] 172.20.10.1
Tcpip\..\Interfaces\{8d45d7f2-23ec-402e-ba7c-d7e2681ab43c}: [DhcpNameServer] 192.168.0.1

Internet Explorer:
==================
HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer: Restriction <==== ATTENTION
HKLM\Software\Microsoft\Internet Explorer\Main,Search Page =
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Search Page =
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL =
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Page_URL =
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL =
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Search_URL =
HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Local Page =
HKU\S-1-5-21-1925601759-1010797402-2804155008-1000\Software\Microsoft\Internet Explorer\Main,Start Page = hxxps://mysearch.avg.com/?cid=%7BE644F638-8B1F-47E6-B698-D3DB372E9EFA%7D&mid=f4d66996aa8347cda0658ddae406f9fb-55d4ec08cd7e853dfbd9c9b5e6cb009adb67b172&lang=en&ds=AVG&coid=avgtbavg&cmpid=1214tb&pr=fr&d=2014-11-26%2017:29:01&v=4.1.6.294&pid=wtu&sg=&sap=hp
HKU\S-1-5-21-1925601759-1010797402-2804155008-1000\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = hxxp://www.google.com/ie
SearchScopes: HKU\S-1-5-21-1925601759-1010797402-2804155008-1000 -> {6A1806CD-94D4-4689-BA73-E35EA1EA9990} URL = hxxp://www.google.com/search?q={sear
BHO: True Key Helper -> {0F4B8786-5502-4803-8EBC-F652A1153BB6} -> C:\Program Files\McAfee\TrueKey\MSIE\truekey_ie64.dll [2018-04-23] (McAfee, Inc. -> Intel Security)
BHO: ExplorerWnd Helper -> {10921475-03CE-4E04-90CE-E2E7EF20C814} -> C:\Program Files (x86)\IObit\IObit Uninstaller\UninstallExplorer.dll [2018-07-19] (IObit Information Technology -> IObit)
BHO: No Name -> {13D67BB7-DB5F-48AA-884D-7A5D94168509} -> No File
BHO-x32: True Key Helper -> {0F4B8786-5502-4803-8EBC-F652A1153BB6} -> C:\Program Files\McAfee\TrueKey\MSIE\truekey_ie.dll [2018-04-23] (McAfee, Inc. -> Intel Security)
BHO-x32: Groove GFS Browser Helper -> {72853161-30C5-4D22-B7F9-0BBC1D38A37E} -> C:\Program Files (x86)\Microsoft Office\Office12\GrooveShellExtensions.dll [2009-02-26] (Microsoft Corporation -> Microsoft Corporation)
BHO-x32: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre1.8.0_161\bin\jp2ssv.dll [2018-03-22] (Oracle America, Inc. -> Oracle Corporation)
Toolbar: HKLM - True Key - {4BAAC1B8-0800-42C9-8FA6-08B211F356B8} - C:\Program Files\McAfee\TrueKey\MSIE\truekey_ie64.dll [2018-04-23] (McAfee, Inc. -> Intel Security)
Toolbar: HKLM-x32 - True Key - {4BAAC1B8-0800-42C9-8FA6-08B211F356B8} - C:\Program Files\McAfee\TrueKey\MSIE\truekey_ie.dll [2018-04-23] (McAfee, Inc. -> Intel Security)
Handler-x32: viprotocol - {B658800C-F66E-4EF3-AB85-6C0C227862A9} - C:\Program Files (x86)\Common Files\AVG Secure Search\ViProtocolInstaller\18.2.0\ViProtocol.dll [2014-12-10] (AVG Technologies -> AVG Secure Search)

FireFox:
========
FF ProfilePath: C:\Users\Lenovo\AppData\Roaming\Mozilla\Firefox\Profiles\yyjwfhm6.default [2019-04-18]
FF Homepage: Mozilla\Firefox\Profiles\yyjwfhm6.default -> hxxps://mysearch.avg.com/?cid={E644F638-8B1F-47E6-B698-D3DB372E9EFA}&mid=f4d66996aa8347cda0658ddae406f9fb-55d4ec08cd7e853dfbd9c9b5e6cb009adb67b172&lang=en&ds=AVG&coid=avgtbavg&cmpid=1215tb&pr=fr&d=2014-11-26 17:29:01&v=4.2.1.951&pid=wtu&sg=&sap=hp
FF Extension: (AVG Web TuneUp) - C:\Users\Lenovo\AppData\Roaming\Mozilla\Firefox\Profiles\yyjwfhm6.default\Extensions\[email protected] [2018-03-31] [UpdateUrl:hxxps://firefoxext.avcdn.net/firefoxext/avg/wtu/update.json]
FF Extension: (360 Internet Protection) - C:\Users\Lenovo\AppData\Roaming\Mozilla\Firefox\Profiles\yyjwfhm6.default\Extensions\[email protected] [2018-12-06]
FF Extension: (Avast SafePrice | Comparison, deals, coupons) - C:\Users\Lenovo\AppData\Roaming\Mozilla\Firefox\Profiles\yyjwfhm6.default\Extensions\[email protected] [2019-03-18]
FF Extension: (Avast Online Security) - C:\Users\Lenovo\AppData\Roaming\Mozilla\Firefox\Profiles\yyjwfhm6.default\Extensions\[email protected] [2019-03-18]
FF Extension: (Video DownloadHelper) - C:\Users\Lenovo\AppData\Roaming\Mozilla\Firefox\Profiles\yyjwfhm6.default\Extensions\{b9db16a4-6edc-47ec-a1f4-b86292ed211d}.xpi [2018-08-13]
FF Extension: (Adblock Plus) - C:\Users\Lenovo\AppData\Roaming\Mozilla\Firefox\Profiles\yyjwfhm6.default\Extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi [2018-12-06]
FF Extension: (Telemetry coverage) - C:\Users\Lenovo\AppData\Roaming\Mozilla\Firefox\Profiles\yyjwfhm6.default\features\{540a6ceb-17d1-4e61-b926-2fb91d73dcb2}\[email protected] [2018-12-06] [Legacy]
FF SearchPlugin: C:\Users\Lenovo\AppData\Roaming\Mozilla\Firefox\Profiles\yyjwfhm6.default\searchplugins\avg-secure-search.xml [2016-10-02]
FF HKLM-x32\...\Firefox\Extensions: [[email protected]] - D:\Program Files (x86)\DAP\daplinkchecker
FF Extension: (DAP Link Checker) - D:\Program Files (x86)\DAP\daplinkchecker [2017-11-12] [Legacy] [not signed]
FF HKU\S-1-5-21-1925601759-1010797402-2804155008-1000\...\Firefox\Extensions: [{F17C1572-C9EC-4e5c-A542-D05CBB5C5A08}] - D:\Program Files (x86)\DAP\DAPFireFox
FF Extension: (Download Accelerator Plus (DAP) extension) - D:\Program Files (x86)\DAP\DAPFireFox [2017-11-12] [Legacy] [not signed]
FF HKU\S-1-5-21-1925601759-1010797402-2804155008-1000\...\SeaMonkey\Extensions: [[email protected]] - C:\Program Files (x86)\Internet Download Manager\idmmzcc2.xpi => not found
FF Plugin: @adobe.com/FlashPlayer -> C:\WINDOWS\system32\Macromed\Flash\NPSWF64_29_0_0_113.dll [2018-03-22] (Adobe Systems Incorporated -> )
FF Plugin: @divx.com/DivX VOD Helper,version=1.0.0 -> C:\Program Files\DivX\DivX OVS Helper\npovshelper.dll [2014-05-22] (DivX, LLC -> DivX, LLC.)
FF Plugin: @java.com/DTPlugin,version=10.40.2 -> C:\WINDOWS\system32\npDeployJava1.dll [2014-11-25] (Oracle America, Inc. -> Oracle Corporation)
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files\Microsoft Silverlight\5.1.50918.0\npctrl.dll [2018-10-23] (Microsoft Corporation -> Microsoft Corporation)
FF Plugin: adobe.com/AdobeAAMDetect -> C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\CCM\Utilities\npAdobeAAMDetect64.dll [2014-04-28] (Adobe Systems Incorporated -> Adobe Systems)
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\WINDOWS\SysWOW64\Macromed\Flash\NPSWF32_29_0_0_113.dll [2018-03-22] (Adobe Systems Incorporated -> )
FF Plugin-x32: @avg.com/AVG SiteSafety plugin,version=11.0.0.1,application/x-avg-sitesafety-plugin -> C:\Program Files (x86)\Common Files\AVG Secure Search\SiteSafetyInstaller\40.3.6\\npsitesafety.dll [No File]
FF Plugin-x32: @divx.com/DivX VOD Helper,version=1.0.0 -> C:\Program Files (x86)\DivX\DivX OVS Helper\npovshelper.dll [2014-05-22] (DivX, LLC -> DivX, LLC.)
FF Plugin-x32: @divx.com/DivX Web Player Plug-In,version=1.0.0 -> C:\Program Files (x86)\DivX\DivX Web Player\npdivx32.dll [2015-09-02] (DivX, LLC -> DivX, LLC)
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI ipt;version=4.0.5 -> C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIIPT.dll [2013-09-16] (Intel® Identity Protection Technology Software -> Intel Corporation)
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI updater -> C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIUpdater.dll [2013-09-16] (Intel® Identity Protection Technology Software -> Intel Corporation)
FF Plugin-x32: @java.com/DTPlugin,version=11.161.2 -> C:\Program Files (x86)\Java\jre1.8.0_161\bin\dtplugin\npDeployJava1.dll [2018-03-22] (Oracle America, Inc. -> Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=11.161.2 -> C:\Program Files (x86)\Java\jre1.8.0_161\bin\plugin2\npjp2.dll [2018-03-22] (Oracle America, Inc. -> Oracle Corporation)
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files (x86)\Microsoft Silverlight\5.1.50918.0\npctrl.dll [2018-10-23] (Microsoft Corporation -> Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=16.4.3528.0331 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll [2014-04-01] (Microsoft Corporation -> Microsoft Corporation)
FF Plugin-x32: @raidcall.en/RCplugin -> C:\Users\Lenovo\AppData\Roaming\raidcall\plugins\nprcplugin.dll [2014-05-27] (Raidcall) [File not signed]
FF Plugin-x32: @softnyxNpruntime -> D:\Game\SoftnyxGame\NyxLauncherIS\npSoftnyx.dll [No File]
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.34.7\npGoogleUpdate3.dll [2019-04-18] (Google Inc -> Google LLC)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.34.7\npGoogleUpdate3.dll [2019-04-18] (Google Inc -> Google LLC)
FF Plugin-x32: @videolan.org/vlc,version=2.2.4 -> D:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [2018-02-27] (VideoLAN -> VideoLAN)
FF Plugin-x32: @videolan.org/vlc,version=3.0.1 -> D:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [2018-02-27] (VideoLAN -> VideoLAN)
FF Plugin HKU\S-1-5-21-1925601759-1010797402-2804155008-1000: @zoom.us/ZoomVideoPlugin -> C:\Users\Lenovo\AppData\Roaming\Zoom\bin\npzoomplugin.dll [2017-11-14] (Zoom Video Communications, Inc. -> Zoom Video Communications, Inc.)

Chrome:
=======
CHR DefaultProfile: Profile 1
CHR DefaultSearchURL: Profile 1 -> hxxps://boq.carolgames.com/assets/img/en_ns/new_favicon.ico
CHR Profile: C:\Users\Lenovo\AppData\Local\Google\Chrome\User Data\Profile 1 [2019-04-19]
CHR Extension: (AdLock ad blocker) - C:\Users\Lenovo\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\aemffjkmgcepimloclpkecifcnipnodh [2019-04-19]
CHR Extension: (S70 Star Porch_Queen of Blade - Carol...) - C:\Users\Lenovo\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\aibmialmanhplgcccnndpkophfoaaafj [2017-05-26]
CHR Extension: (Google Docs Offline) - C:\Users\Lenovo\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2018-08-21]
CHR Extension: (AdBlock) - C:\Users\Lenovo\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\gighmmpiobklfepjocnamgkkbiglidom [2019-04-19]
CHR Extension: (Chrome Media Router) - C:\Users\Lenovo\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm [2019-04-08]
CHR HKLM\...\Chrome\Extension: [ngpampappnmepgilojfohadhhmbhlaek] - C:\Program Files (x86)\Internet Download Manager\IDMGCExt.crx <not found>

Opera:
=======
OPR Extension: (Adblock Plus - free ad blocker) - C:\Users\Lenovo\AppData\Roaming\Opera Software\Opera Stable\Extensions\oidhhegpmlfpoeialbgcdocjalghfpkp [2019-04-18]

==================== Services (Whitelisted) ====================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

HKLM\SYSTEM\CurrentControlSet\Services\aswSP <==== ATTENTION (Rootkit!)
HKLM\SYSTEM\CurrentControlSet\Services\aswMonFlt <==== ATTENTION (Rootkit!)

S4 ACDaemon; C:\Program Files (x86)\Common Files\ArcSoft\Connection Service\Bin\ACService.exe [109056 2009-02-06] (ArcSoft, Inc. -> ArcSoft Inc.)
R2 AdaptiveSleepService; C:\Program Files\ATI Technologies\ATI.ACE\A4\AdaptiveSleepService.exe [138752 2016-06-28] () [File not signed]
S3 AMD External Events Utility; C:\WINDOWS\system32\atiesrxx.exe [287264 2016-08-04] (Microsoft Windows Hardware Compatibility Publisher -> AMD)
R2 Apple Mobile Device Service; C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe [83768 2018-01-05] (Apple Inc. -> Apple Inc.)
R2 AUEPLauncher; C:\Program Files (x86)\AMD\Performance Profile Client\AUEPLauncher.exe [9216 2018-01-31] () [File not signed]
S4 CLHNServiceForPowerDVD; C:\Program Files (x86)\CyberLink\PowerDVD11\Kernel\DMP\CLHNServiceForPowerDVD.exe [83240 2011-04-20] (CyberLink -> )
S4 CyberLink PowerDVD 11.0 Monitor Service; C:\Program Files (x86)\CyberLink\PowerDVD11\Common\MediaServer\CLMSMonitorService.exe [70952 2011-03-31] (CyberLink -> CyberLink)
S4 CyberLink PowerDVD 11.0 Service; C:\Program Files (x86)\CyberLink\PowerDVD11\Common\MediaServer\CLMSServer.exe [312616 2011-03-31] (CyberLink -> CyberLink)
S3 dbupdate; C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe [143144 2016-02-28] (Dropbox, Inc -> Dropbox, Inc.)
S3 dbupdatem; C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe [143144 2016-02-28] (Dropbox, Inc -> Dropbox, Inc.)
S3 DbxSvc; C:\WINDOWS\system32\DbxSvc.exe [51024 2018-03-15] (Dropbox, Inc -> Dropbox, Inc.)
R2 DSAService; C:\Program Files (x86)\Intel Driver and Support Assistant\DSAService.exe [22816 2018-03-15] (Intel(R) Driver & Support Assistant -> Intel)
S3 ESRV_SVC_QUEENCREEK; C:\Program Files\Intel\SUR\QUEENCREEK\esrv_svc.exe [805632 2016-11-17] (Intel(R) Software Development Products -> )
R2 ETDService; C:\Program Files\Elantech\ETDService.exe [144072 2015-10-07] (ELAN Microelectronics Corporation -> ELAN Microelectronics Corp.)
R2 hshld; C:\Program Files (x86)\Hotspot Shield\bin\cmw_srv.exe [53120 2018-04-10] (AnchorFree Inc -> AnchorFree Inc.)
R2 IAStorDataMgrSvc; C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe [15720 2013-11-21] (Intel Corporation - Intel® Rapid Storage Technology -> Intel Corporation)
S3 igfxCUIService2.0.0.0; C:\WINDOWS\system32\igfxCUIService.exe [373688 2017-06-12] (Intel(R) pGFX -> Intel Corporation)
R2 Intel(R) Capability Licensing Service Interface; C:\Program Files\Intel\iCLS Client\HeciServer.exe [747520 2013-08-27] (Intel(R) Corporation) [File not signed]
S3 Intel(R) Capability Licensing Service TCP IP Interface; C:\Program Files\Intel\iCLS Client\SocketHeciServer.exe [828376 2013-08-27] (Intel® Trusted Connect Service -> Intel(R) Corporation)
S3 Intel(R) SUR QC SAM; C:\Program Files\Intel\SUR\QUEENCREEK\Updater\bin\IntelSoftwareAssetManagerService.exe [18168 2017-07-13] (Intel(R) Software Asset Manager -> Intel Corporation)
S2 IObitUnSvr; C:\Program Files (x86)\IObit\IObit Uninstaller\IUService.exe [153360 2018-09-25] (IObit Information Technology -> IObit)
R2 jhi_service; C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe [169432 2013-09-16] (Intel Corporation - Intel® Management Engine Firmware -> Intel Corporation)
S3 MBAMService; C:\Program Files\Malwarebytes\Anti-Malware\mbamservice.exe [6440736 2018-03-03] (Malwarebytes Corporation -> Malwarebytes)
R2 MSSQL$SQLEXPRESS; C:\Program Files\Microsoft SQL Server\MSSQL10.SQLEXPRESS\MSSQL\Binn\sqlservr.exe [57617752 2009-03-30] (Microsoft Corporation -> Microsoft Corporation)
R2 MySQL; C:\Program Files (x86)\MySQL\MySQL Server 5.0\my.ini [9263 2017-02-03] () [File not signed]
S3 npggsvc; C:\WINDOWS\SysWOW64\GameMon.des [7780848 2017-11-29] (INCA Internet Co.,Ltd. -> INCA Internet Co., Ltd.)
R2 PlaysService; C:\Program Files (x86)\Raptr Inc\PlaysTV\plays_service.exe [32528 2016-08-10] (Plays.tv, LLC -> Plays.tv, LLC)
R2 QHActiveDefense; C:\Program Files (x86)\360\Total Security\safemon\QHActiveDefense.exe [965184 2018-09-28] (QIHU 360 SOFTWARE CO. LIMITED -> Qihoo 360 Technology Co. Ltd.)
S3 rpcapd; C:\Program Files (x86)\WinPcap\rpcapd.exe [118520 2013-03-01] (Riverbed Technology, Inc. -> Riverbed Technology, Inc.)
R2 RzKLService; D:\Program Files (x86)\Razer\Razer Game Booster\RzKLService.exe [105448 2013-11-22] (Razer Inc. -> Razer Inc.)
S3 Sense; C:\Program Files\Windows Defender Advanced Threat Protection\MsSense.exe [5074120 2019-03-15] (Microsoft Windows Publisher -> Microsoft Corporation)
S4 SQLAgent$SQLEXPRESS; C:\Program Files\Microsoft SQL Server\MSSQL10.SQLEXPRESS\MSSQL\Binn\SQLAGENT.EXE [427880 2009-03-30] (Microsoft Corporation -> Microsoft Corporation)
R2 TeamViewer; C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe [11795800 2019-04-15] (TeamViewer GmbH -> TeamViewer GmbH)
R2 TrueKey; C:\Program Files\McAfee\TrueKey\McAfee.TrueKey.Service.exe [352688 2018-11-27] (McAfee, Inc. -> McAfee, LLC.)
R2 TrueKeyScheduler; C:\Program Files\McAfee\TrueKey\McTkSchedulerService.exe [352688 2018-11-27] (McAfee, Inc. -> McAfee, LLC.)
R2 TrueKeyServiceHelper; C:\Program Files\McAfee\TrueKey\McAfee.TrueKey.ServiceHelper.exe [194168 2018-11-27] (McAfee, Inc. -> McAfee, LLC.)
S4 UDisk Monitor; D:\Program Files\Modem AC2726 UI\bin\MonServiceUDisk64.exe [407040 2009-09-23] () [File not signed]
S3 USER_ESRV_SVC_QUEENCREEK; C:\Program Files\Intel\SUR\QUEENCREEK\esrv_svc.exe [805632 2016-11-17] (Intel(R) Software Development Products -> )
S3 VSStandardCollectorService140; D:\Program Files (x86)\Microsoft Visual Studio 14.0\Team Tools\DiagnosticsHub\Collector\StandardCollector.Service.exe [108776 2016-09-06] (Microsoft Corporation -> Microsoft Corporation)
S3 WdNisSvc; C:\Program Files\Windows Defender\NisSrv.exe [4413440 2019-03-14] (Microsoft Corporation -> Microsoft Corporation)
S3 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [107160 2019-02-16] (Microsoft Corporation -> Microsoft Corporation)
S3 WsDrvInst; C:\Program Files (x86)\Wondershare\Wondershare Video Converter Ultimate\Transfer\DriverInstall.exe [105064 2018-07-25] (Wondershare Technology Co.,Ltd -> Wondershare)
R2 WtuSystemSupport; C:\Program Files (x86)\AVG Web TuneUp\WtuSystemSupport.exe [980552 2016-10-02] (AVG Technologies CZ, s.r.o. -> )

===================== Drivers (Whitelisted) ======================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R1 360AntiHacker; C:\WINDOWS\System32\Drivers\360AntiHacker64.sys [192600 2018-09-28] (Qihoo 360 Software (Beijing) Company Limited -> 360.cn)
R3 360AvFlt; C:\WINDOWS\System32\DRIVERS\360AvFlt.sys [95232 2018-03-13] (Qihoo 360 Software (Beijing) Company Limited -> 360.cn)
R3 360AvFlt; C:\Windows\SysWOW64\DRIVERS\360AvFlt.sys [95232 2018-09-28] (Qihoo 360 Software (Beijing) Company Limited -> 360.cn)
R1 360Box64; C:\WINDOWS\System32\DRIVERS\360Box64.sys [340568 2018-09-28] (Qihoo 360 Software (Beijing) Company Limited -> 360.cn)
R1 360Camera; C:\WINDOWS\System32\Drivers\360Camera64.sys [57848 2018-03-13] (Qihoo 360 Software (Beijing) Company Limited -> 360.cn)
R1 360FsFlt; C:\WINDOWS\System32\DRIVERS\360FsFlt.sys [443992 2018-09-28] (Qihoo 360 Software (Beijing) Company Limited -> 360.cn)
R1 360netmon; C:\WINDOWS\System32\DRIVERS\360netmon.sys [96424 2018-03-13] (Qihoo 360 Software (Beijing) Company Limited -> 360.cn)
R3 AFTrafMgr1.4; C:\Program Files (x86)\Hotspot Shield\bin\TrafMgr_1_4_64.sys [56840 2018-04-04] (AnchorFree Inc -> AnchorFree Inc.)
R3 amdkmdag; C:\WINDOWS\system32\DRIVERS\atikmdag.sys [26706464 2016-08-04] (Microsoft Windows Hardware Compatibility Publisher -> Advanced Micro Devices, Inc.)
R3 amdkmdap; C:\WINDOWS\system32\DRIVERS\atikmpag.sys [518176 2016-08-04] (Microsoft Windows Hardware Compatibility Publisher -> Advanced Micro Devices, Inc.)
R0 amdkmpfd; C:\WINDOWS\System32\drivers\amdkmpfd.sys [73976 2015-06-04] (Advanced Micro Devices, Inc. -> Advanced Micro Devices, Inc.)
R3 athr; C:\WINDOWS\System32\drivers\athw8x.sys [4233728 2018-04-12] (Microsoft Windows -> Qualcomm Atheros Communications, Inc.)
R1 BAPIDRV; C:\WINDOWS\System32\DRIVERS\BAPIDRV64.sys [211160 2018-12-21] (Beijing Qihu Technology Co., Ltd. -> 360.cn)
R3 BtFilter; C:\WINDOWS\system32\DRIVERS\btfilter.sys [610336 2016-07-13] (Microsoft Windows Hardware Compatibility Publisher -> Qualcomm Atheros)
S3 CYUSB3; C:\WINDOWS\System32\Drivers\CYUSB3.sys [90536 2018-08-12] (Cypress Semiconductor Corporation -> Cypress Semiconductor)
S3 GunBod; C:\WINDOWS\system32\gunbod64.sys [84384 2017-02-09] (Beijing Apex Weifeng Technology Co.,Ltd. -> )
R3 IUProcessFilter; C:\Program Files (x86)\IObit\IObit Uninstaller\drivers\win10_amd64\IUProcessFilter.sys [37184 2018-10-16] (IObit Information Technology -> IObit)
R3 IURegistryFilter; C:\Program Files (x86)\IObit\IObit Uninstaller\drivers\win10_amd64\IURegistryFilter.sys [43392 2018-10-16] (IObit Information Technology -> IObit)
S3 LGSHidFilt; C:\WINDOWS\system32\DRIVERS\LGSHidFilt.Sys [64280 2013-05-31] (Logitech -> Logitech Inc.)
R3 MEIx64; C:\WINDOWS\system32\DRIVERS\TeeDriverx64.sys [99288 2013-09-16] (Intel Corporation - Intel® Management Engine Firmware -> Intel Corporation)
S3 Netaapl; C:\WINDOWS\System32\drivers\netaapl64.sys [23040 2014-08-15] (Microsoft Windows Hardware Compatibility Publisher -> Apple Inc.)
R2 NPF; C:\WINDOWS\System32\drivers\npf.sys [36600 2013-03-01] (Riverbed Technology, Inc. -> Riverbed Technology, Inc.)
R3 rt640x64; C:\WINDOWS\System32\drivers\rt640x64.sys [886528 2015-07-22] (Realtek Semiconductor Corp -> Realtek )
R3 RTSUER; C:\WINDOWS\system32\Drivers\RtsUer.sys [410880 2015-07-03] (Realtek Semiconductor Corp -> Realsil Semiconductor Corporation)
R3 rtsuvc; C:\WINDOWS\system32\DRIVERS\rtsuvc.sys [3068160 2015-06-16] (Realtek Semiconductor Corp -> Realtek Semiconductor Corp.)
S3 rzendpt; C:\WINDOWS\System32\drivers\rzendpt.sys [50392 2015-08-14] (Razer Inc. -> Razer Inc)
S3 semav6msr64; C:\WINDOWS\system32\drivers\semav6msr64.sys [21984 2016-10-18] (Intel(R) Code Signing External -> )
R3 taphss6; C:\WINDOWS\System32\drivers\taphss6.sys [42064 2016-08-23] (AnchorFree Inc -> Anchorfree Inc.)
S3 USBAAPL64; C:\WINDOWS\System32\Drivers\usbaapl64.sys [54784 2015-06-17] (Microsoft Windows Hardware Compatibility Publisher -> Apple, Inc.)
S3 VBAudioVMVAIOMME; C:\WINDOWS\system32\DRIVERS\vbaudio_vmvaio64_win7.sys [41192 2015-11-07] (Vincent Burel -> Windows (R) Win 7 DDK provider)
S3 WdBoot; C:\WINDOWS\system32\drivers\WdBoot.sys [44616 2018-04-12] (Microsoft Windows Early Launch Anti-malware Publisher -> Microsoft Corporation)
S3 WdFilter; C:\WINDOWS\system32\drivers\WdFilter.sys [331680 2018-04-12] (Microsoft Windows -> Microsoft Corporation)
S3 WdNisDrv; C:\WINDOWS\System32\Drivers\WdNisDrv.sys [44032 2018-04-12] (Microsoft Windows -> Microsoft Corporation)
R2 WtfEngineDrv; C:\WINDOWS\system32\DRIVERS\WtfEngineDrv.sys [37872 2016-05-20] (Initex, OOO -> AAA Internet Publishing, Inc.)
R1 YSDrv; C:\Program Files (x86)\Bignox\BigNoxVM\RT\YSDrv.sys [270608 2017-12-21] (Beijing Duodian Online Science and Technology Co.,Ltd -> BigNox Corporation)
R2 {329F96B6-DF1E-4328-BFDA-39EA953C1312}; C:\Program Files (x86)\CyberLink\PowerDVD11\Common\NavFilter\000.fcl [148976 2011-04-12] (CyberLink -> CyberLink Corp.)
U3 aswbdisk; no ImagePath
U3 idsvc; no ImagePath

==================== NetSvcs (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)


==================== One month (created) ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2019-04-19 02:10 - 2019-04-19 02:13 - 000035979 _____ C:\Users\Lenovo\Downloads\FRST.txt
2019-04-19 02:10 - 2019-04-19 02:10 - 002434048 _____ (Farbar) C:\Users\Lenovo\Downloads\FRST64.exe
2019-04-19 02:10 - 2019-04-19 02:10 - 000000000 ____D C:\FRST
2019-04-19 01:58 - 2019-04-19 01:58 - 037133296 _____ (Hankuper s.r.o.) C:\Users\Lenovo\Downloads\Adlock_Installer (2).exe
2019-04-19 01:24 - 2019-04-19 01:24 - 037133296 _____ (Hankuper s.r.o.) C:\Users\Lenovo\Downloads\Adlock_Installer (1).exe
2019-04-18 13:16 - 2019-04-19 01:40 - 000002338 _____ C:\Users\Public\Desktop\Google Chrome.lnk
2019-04-18 13:16 - 2019-04-18 13:16 - 000002379 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk
2019-04-18 13:15 - 2019-04-18 13:16 - 000000000 ____D C:\Users\Lenovo\AppData\Local\Google clean
2019-04-18 13:15 - 2019-04-18 13:15 - 000003416 _____ C:\WINDOWS\System32\Tasks\GoogleUpdateTaskMachineUA
2019-04-18 13:15 - 2019-04-18 13:15 - 000003292 _____ C:\WINDOWS\System32\Tasks\GoogleUpdateTaskMachineCore
2019-04-18 13:15 - 2019-04-18 13:15 - 000000000 ____D C:\Program Files (x86)\Google
2019-04-18 12:52 - 2019-04-18 12:52 - 000030494 _____ C:\Users\Lenovo\Desktop\bookmarks_4_18_19.html
2019-04-18 12:52 - 2019-04-18 12:52 - 000000000 ____D C:\WINDOWS\Tasks\ImCleanDisabled
2019-04-18 12:50 - 2019-04-18 12:55 - 000000000 ____D C:\ProgramData\ProductData
2019-04-18 12:50 - 2019-04-18 12:51 - 000000000 ____D C:\Users\Lenovo\AppData\LocalLow\IObit
2019-04-18 12:50 - 2019-04-18 12:50 - 000002950 _____ C:\WINDOWS\System32\Tasks\Uninstaller_SkipUac_Lenovo
2019-04-18 12:49 - 2019-04-18 12:55 - 000000000 ____D C:\Users\Lenovo\AppData\Roaming\IObit
2019-04-18 12:49 - 2019-04-18 12:54 - 000000000 ____D C:\ProgramData\IObit
2019-04-18 12:49 - 2019-04-18 12:49 - 000001430 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\IObit Uninstaller.lnk
2019-04-18 12:49 - 2019-04-18 12:49 - 000001418 _____ C:\Users\Public\Desktop\IObit Uninstaller.lnk
2019-04-18 12:49 - 2019-04-18 12:49 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\IObit Uninstaller
2019-04-18 12:49 - 2019-04-18 12:49 - 000000000 ____D C:\Program Files (x86)\IObit
2019-04-18 12:48 - 2019-04-18 12:48 - 019349752 _____ (IObit ) C:\Users\Lenovo\Desktop\iobituninstaller.exe
2019-04-18 12:30 - 2019-04-18 13:38 - 000000000 ____D C:\Program Files (x86)\TeamViewer
2019-04-18 12:30 - 2019-04-18 12:30 - 000001118 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\TeamViewer 14.lnk
2019-04-18 12:30 - 2019-04-18 12:30 - 000001106 _____ C:\Users\Public\Desktop\TeamViewer 14.lnk
2019-04-18 12:20 - 2019-04-18 12:20 - 022796808 _____ (TeamViewer GmbH) C:\Users\Lenovo\Desktop\TeamViewer_Setup.exe
2019-04-18 12:13 - 2019-04-18 12:13 - 001214008 _____ (Google LLC) C:\Users\Lenovo\Desktop\ChromeSetup.exe
2019-04-13 05:25 - 2019-04-13 05:25 - 000000077 _____ C:\WINDOWS\system32\Drivers\aswSP.sys.sum
2019-04-10 09:53 - 2019-04-02 14:40 - 000534016 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\vbscript.dll
2019-04-10 09:53 - 2019-03-15 00:34 - 000127488 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppxSysprep.dll
2019-04-10 09:53 - 2019-03-14 18:17 - 002258944 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mssrch.dll
2019-04-10 09:53 - 2019-03-14 18:17 - 000288768 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Search.ProtocolHandler.MAPI2.dll
2019-04-10 09:53 - 2019-03-14 18:14 - 000345088 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\SearchProtocolHost.exe
2019-04-10 09:53 - 2019-03-14 18:14 - 000138240 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\smartscreenps.dll
2019-04-10 09:53 - 2019-03-14 18:13 - 000145408 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mssph.dll
2019-04-10 09:53 - 2019-03-14 17:58 - 000150016 _____ (Microsoft Corporation) C:\WINDOWS\system32\fcon.dll
2019-04-10 09:53 - 2019-03-14 17:56 - 000055296 _____ (Microsoft Corporation) C:\WINDOWS\system32\msscntrs.dll
2019-04-10 09:53 - 2019-03-14 17:54 - 000227328 _____ (Microsoft Corporation) C:\WINDOWS\system32\SearchFilterHost.exe
2019-04-10 09:52 - 2019-04-02 22:38 - 000094008 _____ (Microsoft Corporation) C:\WINDOWS\system32\rdpudd.dll
2019-04-10 09:52 - 2019-04-02 22:33 - 001634912 _____ (Microsoft Corporation) C:\WINDOWS\system32\gdi32full.dll
2019-04-10 09:52 - 2019-04-02 22:33 - 000719984 _____ (Microsoft Corporation) C:\WINDOWS\system32\kernel32.dll
2019-04-10 09:52 - 2019-04-02 22:19 - 012730880 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieframe.dll
2019-04-10 09:52 - 2019-04-02 22:19 - 000064000 _____ (Microsoft Corporation) C:\WINDOWS\system32\iemigplugin.dll
2019-04-10 09:52 - 2019-04-02 22:18 - 000059904 _____ (Microsoft Corporation) C:\WINDOWS\system32\mf3216.dll
2019-04-10 09:52 - 2019-04-02 22:16 - 001030144 _____ (Microsoft Corporation) C:\WINDOWS\system32\termsrv.dll
2019-04-10 09:52 - 2019-04-02 22:15 - 000140800 _____ (Microsoft Corporation) C:\WINDOWS\system32\oleprn.dll
2019-04-10 09:52 - 2019-04-02 22:13 - 001605632 _____ (Microsoft Corporation) C:\WINDOWS\system32\rdpcorets.dll
2019-04-10 09:52 - 2019-04-02 22:12 - 003643904 _____ (Microsoft Corporation) C:\WINDOWS\system32\win32kfull.sys
2019-04-10 09:52 - 2019-04-02 22:12 - 001364992 _____ (Microsoft Corporation) C:\WINDOWS\system32\bcastdvruserservice.dll
2019-04-10 09:52 - 2019-04-02 22:11 - 004053504 _____ (Microsoft Corporation) C:\WINDOWS\system32\msi.dll
2019-04-10 09:52 - 2019-04-02 22:11 - 001857536 _____ (Microsoft Corporation) C:\WINDOWS\system32\msxml3.dll
2019-04-10 09:52 - 2019-04-02 22:11 - 001662976 _____ (Microsoft Corporation) C:\WINDOWS\system32\GdiPlus.dll
2019-04-10 09:52 - 2019-04-02 22:10 - 000130048 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\luafv.sys
2019-04-10 09:52 - 2019-04-02 22:10 - 000033280 _____ (Microsoft Corporation) C:\WINDOWS\system32\sxssrv.dll
2019-04-10 09:52 - 2019-04-02 19:25 - 001454648 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\gdi32full.dll
2019-04-10 09:52 - 2019-04-02 19:25 - 000607960 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\kernel32.dll
2019-04-10 09:52 - 2019-04-02 19:11 - 011919360 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ieframe.dll
2019-04-10 09:52 - 2019-04-02 19:11 - 000046080 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mf3216.dll
2019-04-10 09:52 - 2019-04-02 19:10 - 000117760 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\oleprn.dll
2019-04-10 09:52 - 2019-04-02 19:08 - 002889216 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\win32kfull.sys
2019-04-10 09:52 - 2019-04-02 19:07 - 004054528 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msi.dll
2019-04-10 09:52 - 2019-04-02 19:07 - 001586688 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msxml3.dll
2019-04-10 09:52 - 2019-04-02 19:06 - 001470976 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\GdiPlus.dll
2019-04-10 09:52 - 2019-04-02 18:36 - 001035256 _____ (Microsoft Corporation) C:\WINDOWS\system32\ApplyTrustOffline.exe
2019-04-10 09:52 - 2019-04-02 18:24 - 000135184 _____ (Microsoft Corporation) C:\WINDOWS\system32\hvloader.dll
2019-04-10 09:52 - 2019-04-02 18:23 - 001023800 _____ (Microsoft Corporation) C:\WINDOWS\system32\hvax64.exe
2019-04-10 09:52 - 2019-04-02 18:22 - 001219896 _____ (Microsoft Corporation) C:\WINDOWS\system32\hvix64.exe
2019-04-10 09:52 - 2019-04-02 18:22 - 000567592 _____ (Microsoft Corporation) C:\WINDOWS\system32\tcblaunch.exe
2019-04-10 09:52 - 2019-04-02 18:22 - 000076088 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\hvservice.sys
2019-04-10 09:52 - 2019-04-02 18:21 - 007520136 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Media.Protection.PlayReady.dll
2019-04-10 09:52 - 2019-04-02 18:21 - 002822160 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\dxgkrnl.sys
2019-04-10 09:52 - 2019-04-02 18:21 - 002467536 _____ (Microsoft Corporation) C:\WINDOWS\system32\msxml6.dll
2019-04-10 09:52 - 2019-04-02 18:21 - 000735680 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppXDeploymentClient.dll
2019-04-10 09:52 - 2019-04-02 18:20 - 002719032 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\tcpip.sys
2019-04-10 09:52 - 2019-04-02 18:20 - 000412984 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\dxgmms1.sys
2019-04-10 09:52 - 2019-04-02 18:19 - 009083704 _____ (Microsoft Corporation) C:\WINDOWS\system32\ntoskrnl.exe
2019-04-10 09:52 - 2019-04-02 18:19 - 000793400 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\dxgmms2.sys
2019-04-10 09:52 - 2019-04-02 18:19 - 000786080 _____ (Microsoft Corporation) C:\WINDOWS\system32\oleaut32.dll
2019-04-10 09:52 - 2019-04-02 18:19 - 000713272 _____ (Microsoft Corporation) C:\WINDOWS\system32\MSVideoDSP.dll
2019-04-10 09:52 - 2019-04-02 18:01 - 025857536 _____ (Microsoft Corporation) C:\WINDOWS\system32\edgehtml.dll
2019-04-10 09:52 - 2019-04-02 17:53 - 022717440 _____ (Microsoft Corporation) C:\WINDOWS\system32\mshtml.dll
2019-04-10 09:52 - 2019-04-02 17:53 - 004384256 _____ (Microsoft Corporation) C:\WINDOWS\system32\EdgeContent.dll
2019-04-10 09:52 - 2019-04-02 17:51 - 003399680 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppXDeploymentServer.dll
2019-04-10 09:52 - 2019-04-02 17:50 - 007591936 _____ (Microsoft Corporation) C:\WINDOWS\system32\Chakra.dll
2019-04-10 09:52 - 2019-04-02 17:50 - 000808448 _____ (Microsoft Corporation) C:\WINDOWS\system32\EdgeManager.dll
2019-04-10 09:52 - 2019-04-02 17:49 - 001307648 _____ (Microsoft Corporation) C:\WINDOWS\system32\MSVPXENC.dll
2019-04-10 09:52 - 2019-04-02 17:49 - 000209408 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppXApplicabilityBlob.dll
2019-04-10 09:52 - 2019-04-02 17:48 - 001559552 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppXDeploymentExtensions.desktop.dll
2019-04-10 09:52 - 2019-04-02 17:48 - 000310272 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\netbt.sys
2019-04-10 09:52 - 2019-04-02 17:48 - 000154112 _____ (Microsoft Corporation) C:\WINDOWS\system32\Chakradiag.dll
2019-04-10 09:52 - 2019-04-02 17:47 - 001214464 _____ (Microsoft Corporation) C:\WINDOWS\system32\rdpcore.dll
2019-04-10 09:52 - 2019-04-02 17:47 - 000894464 _____ (Microsoft Corporation) C:\WINDOWS\system32\webplatstorageserver.dll
2019-04-10 09:52 - 2019-04-02 17:46 - 002174976 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppXDeploymentExtensions.onecore.dll
2019-04-10 09:52 - 2019-04-02 17:45 - 000323584 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppxAllUserStore.dll
2019-04-10 09:52 - 2019-04-02 17:44 - 002208768 _____ (Microsoft Corporation) C:\WINDOWS\system32\win32kbase.sys
2019-04-10 09:52 - 2019-04-02 17:44 - 001724416 _____ (Microsoft Corporation) C:\WINDOWS\system32\rdpserverbase.dll
2019-04-10 09:52 - 2019-04-02 17:44 - 001421312 _____ (Microsoft Corporation) C:\WINDOWS\system32\rdpbase.dll
2019-04-10 09:52 - 2019-04-02 17:43 - 000542720 _____ (Microsoft Corporation) C:\WINDOWS\system32\vbscript.dll
2019-04-10 09:52 - 2019-04-02 16:22 - 000001312 _____ C:\WINDOWS\system32\tcbres.wim
2019-04-10 09:52 - 2019-04-02 15:05 - 001989544 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msxml6.dll
2019-04-10 09:52 - 2019-04-02 15:04 - 006572120 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Media.Protection.PlayReady.dll
2019-04-10 09:52 - 2019-04-02 15:04 - 000604008 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\oleaut32.dll
2019-04-10 09:52 - 2019-04-02 15:04 - 000581832 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MSVideoDSP.dll
2019-04-10 09:52 - 2019-04-02 15:04 - 000560600 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\AppXDeploymentClient.dll
2019-04-10 09:52 - 2019-04-02 14:56 - 022018048 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\edgehtml.dll
2019-04-10 09:52 - 2019-04-02 14:50 - 019404800 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mshtml.dll
2019-04-10 09:52 - 2019-04-02 14:43 - 005788160 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Chakra.dll
2019-04-10 09:52 - 2019-04-02 14:43 - 000608768 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\EdgeManager.dll
2019-04-10 09:52 - 2019-04-02 14:43 - 000578560 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\webplatstorageserver.dll
2019-04-10 09:52 - 2019-04-02 14:42 - 001295360 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MSVPXENC.dll
2019-04-10 09:52 - 2019-04-02 14:41 - 001540096 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\rdpserverbase.dll
2019-04-10 09:52 - 2019-04-02 14:41 - 001235968 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\rdpbase.dll
2019-04-10 09:52 - 2019-04-02 14:41 - 000230912 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\AppxAllUserStore.dll
2019-04-10 09:52 - 2019-04-02 14:40 - 001073664 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\rdpcore.dll
2019-04-10 09:52 - 2019-03-16 22:54 - 001008640 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Media.MixedRealityCapture.dll
2019-04-10 09:52 - 2019-03-16 19:03 - 000868864 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Media.MixedRealityCapture.dll
2019-04-10 09:52 - 2019-03-15 00:55 - 001786680 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppVEntVirtualization.dll
2019-04-10 09:52 - 2019-03-15 00:53 - 001626928 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppVIntegration.dll
2019-04-10 09:52 - 2019-03-15 00:53 - 001038136 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppVPolicy.dll
2019-04-10 09:52 - 2019-03-15 00:53 - 000652088 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppVPublishing.dll
2019-04-10 09:52 - 2019-03-15 00:53 - 000400696 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppVScripting.dll
2019-04-10 09:52 - 2019-03-15 00:52 - 003933296 _____ (Microsoft Corporation) C:\WINDOWS\explorer.exe
2019-04-10 09:52 - 2019-03-15 00:52 - 001424696 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppVEntSubsystemController.dll
2019-04-10 09:52 - 2019-03-15 00:52 - 000954160 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppVManifest.dll
2019-04-10 09:52 - 2019-03-15 00:52 - 000830264 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppVOrchestration.dll
2019-04-10 09:52 - 2019-03-15 00:52 - 000827704 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppVClient.exe
2019-04-10 09:52 - 2019-03-15 00:52 - 000825144 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppVEntStreamingManager.dll
2019-04-10 09:52 - 2019-03-15 00:52 - 000749880 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppVReporting.dll
2019-04-10 09:52 - 2019-03-15 00:52 - 000670008 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppVCatalog.dll
2019-04-10 09:52 - 2019-03-15 00:52 - 000495416 _____ (Microsoft Corporation) C:\WINDOWS\system32\TransportDSA.dll
2019-04-10 09:52 - 2019-03-15 00:52 - 000164664 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\AppvVemgr.sys
2019-04-10 09:52 - 2019-03-15 00:51 - 000157192 _____ (Microsoft Corporation) C:\WINDOWS\system32\consent.exe
2019-04-10 09:52 - 2019-03-15 00:35 - 000011776 _____ (Microsoft Corporation) C:\WINDOWS\system32\appinfoext.dll
2019-04-10 09:52 - 2019-03-15 00:33 - 000182784 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\rdpdr.sys
2019-04-10 09:52 - 2019-03-15 00:33 - 000082432 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\storqosflt.sys
2019-04-10 09:52 - 2019-03-15 00:33 - 000030208 _____ (Microsoft Corporation) C:\WINDOWS\system32\RpcPing.exe
2019-04-10 09:52 - 2019-03-15 00:31 - 000198656 _____ (Microsoft Corporation) C:\WINDOWS\system32\wincredui.dll
2019-04-10 09:52 - 2019-03-15 00:30 - 000675328 _____ (Microsoft Corporation) C:\WINDOWS\system32\objsel.dll
2019-04-10 09:52 - 2019-03-15 00:30 - 000440832 _____ (Microsoft Corporation) C:\WINDOWS\system32\LockAppBroker.dll
2019-04-10 09:52 - 2019-03-15 00:29 - 000882688 _____ (Microsoft Corporation) C:\WINDOWS\system32\SmartcardCredentialProvider.dll
2019-04-10 09:52 - 2019-03-15 00:29 - 000727040 _____ (Microsoft Corporation) C:\WINDOWS\system32\cscsvc.dll
2019-04-10 09:52 - 2019-03-15 00:28 - 000560640 _____ (Microsoft Corporation) C:\WINDOWS\system32\dsound.dll
2019-04-10 09:52 - 2019-03-15 00:08 - 003611264 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\explorer.exe
2019-04-10 09:52 - 2019-03-14 23:56 - 000160768 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wincredui.dll
2019-04-10 09:52 - 2019-03-14 23:55 - 000026624 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\RpcPing.exe
2019-04-10 09:52 - 2019-03-14 23:53 - 000625664 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\SmartcardCredentialProvider.dll
2019-04-10 09:52 - 2019-03-14 23:53 - 000559104 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\objsel.dll
2019-04-10 09:52 - 2019-03-14 23:53 - 000375808 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\LockAppBroker.dll
2019-04-10 09:52 - 2019-03-14 23:52 - 000502784 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dsound.dll
2019-04-10 09:52 - 2019-03-14 18:57 - 000611640 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\spaceport.sys
2019-04-10 09:52 - 2019-03-14 18:56 - 000375096 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\pci.sys
2019-04-10 09:52 - 2019-03-14 18:38 - 000380728 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msv1_0.dll
2019-04-10 09:52 - 2019-03-14 18:38 - 000090360 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mpr.dll
2019-04-10 09:52 - 2019-03-14 18:37 - 006043496 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\windows.storage.dll
2019-04-10 09:52 - 2019-03-14 18:37 - 002256248 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\iertutil.dll
2019-04-10 09:52 - 2019-03-14 18:37 - 001171568 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ucrtbase.dll
2019-04-10 09:52 - 2019-03-14 18:28 - 000152072 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\wcifs.sys
2019-04-10 09:52 - 2019-03-14 18:27 - 000436024 _____ (Microsoft Corporation) C:\WINDOWS\system32\msv1_0.dll
2019-04-10 09:52 - 2019-03-14 18:27 - 000097600 _____ (Microsoft Corporation) C:\WINDOWS\system32\mpr.dll
2019-04-10 09:52 - 2019-03-14 18:26 - 007436016 _____ (Microsoft Corporation) C:\WINDOWS\system32\windows.storage.dll
2019-04-10 09:52 - 2019-03-14 18:26 - 002768448 _____ (Microsoft Corporation) C:\WINDOWS\system32\iertutil.dll
2019-04-10 09:52 - 2019-03-14 18:26 - 002421048 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\ntfs.sys
2019-04-10 09:52 - 2019-03-14 18:26 - 001457576 _____ (Microsoft Corporation) C:\WINDOWS\system32\winload.efi
2019-04-10 09:52 - 2019-03-14 18:26 - 001258688 _____ (Microsoft Corporation) C:\WINDOWS\system32\winload.exe
2019-04-10 09:52 - 2019-03-14 18:26 - 001140984 _____ (Microsoft Corporation) C:\WINDOWS\system32\winresume.efi
2019-04-10 09:52 - 2019-03-14 18:26 - 001014344 _____ (Microsoft Corporation) C:\WINDOWS\system32\ucrtbase.dll
2019-04-10 09:52 - 2019-03-14 18:26 - 000983424 _____ (Microsoft Corporation) C:\WINDOWS\system32\winresume.exe
2019-04-10 09:52 - 2019-03-14 18:26 - 000481048 _____ (Microsoft Corporation) C:\WINDOWS\system32\ucrtbase_enclave.dll
2019-04-10 09:52 - 2019-03-14 18:26 - 000175416 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\spacedump.sys
2019-04-10 09:52 - 2019-03-14 18:22 - 002700288 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\tquery.dll
2019-04-10 09:52 - 2019-03-14 18:20 - 006661632 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Data.Pdf.dll
2019-04-10 09:52 - 2019-03-14 18:19 - 003711488 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\jscript9.dll
2019-04-10 09:52 - 2019-03-14 18:19 - 002969600 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\cdp.dll
2019-04-10 09:52 - 2019-03-14 18:18 - 005307392 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\d2d1.dll
2019-04-10 09:52 - 2019-03-14 18:18 - 000095744 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\UserDataTimeUtil.dll
2019-04-10 09:52 - 2019-03-14 18:18 - 000035840 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\credui.dll
2019-04-10 09:52 - 2019-03-14 18:18 - 000002560 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\tzres.dll
2019-04-10 09:52 - 2019-03-14 18:17 - 000561152 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\jscript9diag.dll
2019-04-10 09:52 - 2019-03-14 18:17 - 000261632 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dhcpcore6.dll
2019-04-10 09:52 - 2019-03-14 18:17 - 000105472 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wcmapi.dll
2019-04-10 09:52 - 2019-03-14 18:17 - 000057344 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ntlanman.dll
2019-04-10 09:52 - 2019-03-14 18:16 - 000392192 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\daxexec.dll
2019-04-10 09:52 - 2019-03-14 18:16 - 000333824 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\edgeIso.dll
2019-04-10 09:52 - 2019-03-14 18:15 - 000415744 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\schannel.dll
2019-04-10 09:52 - 2019-03-14 18:15 - 000318464 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dhcpcore.dll
2019-04-10 09:52 - 2019-03-14 18:15 - 000195072 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ShellCommonCommonProxyStub.dll
2019-04-10 09:52 - 2019-03-14 18:15 - 000102400 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\negoexts.dll
2019-04-10 09:52 - 2019-03-14 18:14 - 001070080 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\aadtb.dll
2019-04-10 09:52 - 2019-03-14 18:14 - 000856576 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\SearchIndexer.exe
2019-04-10 09:52 - 2019-03-14 18:14 - 000735744 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mssvp.dll
2019-04-10 09:52 - 2019-03-14 18:14 - 000330752 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Graphics.Printing.Workflow.dll
2019-04-10 09:52 - 2019-03-14 18:14 - 000251904 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msIso.dll
2019-04-10 09:52 - 2019-03-14 18:13 - 001468416 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ieapfltr.dll
2019-04-10 09:52 - 2019-03-14 18:13 - 000669696 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\jscript.dll
2019-04-10 09:52 - 2019-03-14 18:01 - 008188928 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Data.Pdf.dll
2019-04-10 09:52 - 2019-03-14 17:58 - 004708864 _____ (Microsoft Corporation) C:\WINDOWS\system32\cdp.dll
2019-04-10 09:52 - 2019-03-14 17:58 - 002509824 _____ (Microsoft Corporation) C:\WINDOWS\system32\smartscreen.exe
2019-04-10 09:52 - 2019-03-14 17:57 - 004866560 _____ (Microsoft Corporation) C:\WINDOWS\system32\jscript9.dll
2019-04-10 09:52 - 2019-03-14 17:57 - 000106496 _____ (Microsoft Corporation) C:\WINDOWS\system32\NotificationControllerPS.dll
2019-04-10 09:52 - 2019-03-14 17:56 - 003392000 _____ (Microsoft Corporation) C:\WINDOWS\system32\tquery.dll
2019-04-10 09:52 - 2019-03-14 17:56 - 000144384 _____ (Microsoft Corporation) C:\WINDOWS\system32\mssprxy.dll
2019-04-10 09:52 - 2019-03-14 17:56 - 000120320 _____ (Microsoft Corporation) C:\WINDOWS\system32\UserDataTimeUtil.dll
2019-04-10 09:52 - 2019-03-14 17:56 - 000002560 _____ (Microsoft Corporation) C:\WINDOWS\system32\tzres.dll
2019-04-10 09:52 - 2019-03-14 17:55 - 003601920 _____ (Microsoft Corporation) C:\WINDOWS\system32\Microsoft.Bluetooth.Service.dll
2019-04-10 09:52 - 2019-03-14 17:55 - 002739200 _____ (Microsoft Corporation) C:\WINDOWS\system32\mssrch.dll
2019-04-10 09:52 - 2019-03-14 17:55 - 000528896 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\nwifi.sys
2019-04-10 09:52 - 2019-03-14 17:55 - 000458752 _____ (Microsoft Corporation) C:\WINDOWS\system32\cloudAP.dll
2019-04-10 09:52 - 2019-03-14 17:55 - 000414720 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\cldflt.sys
2019-04-10 09:52 - 2019-03-14 17:55 - 000141312 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppointmentActivation.dll
2019-04-10 09:52 - 2019-03-14 17:55 - 000134656 _____ (Microsoft Corporation) C:\WINDOWS\system32\wcmapi.dll
2019-04-10 09:52 - 2019-03-14 17:55 - 000099328 _____ (Microsoft Corporation) C:\WINDOWS\system32\ActiveSyncCsp.dll
2019-04-10 09:52 - 2019-03-14 17:55 - 000069120 _____ (Microsoft Corporation) C:\WINDOWS\system32\ntlanman.dll
2019-04-10 09:52 - 2019-03-14 17:55 - 000062976 _____ (Microsoft Corporation) C:\WINDOWS\system32\EASPolicyManagerBrokerHost.exe
2019-04-10 09:52 - 2019-03-14 17:55 - 000048640 _____ (Microsoft Corporation) C:\WINDOWS\system32\credui.dll
2019-04-10 09:52 - 2019-03-14 17:54 - 002368000 _____ (Microsoft Corporation) C:\WINDOWS\system32\WebRuntimeManager.dll
2019-04-10 09:52 - 2019-03-14 17:54 - 000566784 _____ (Microsoft Corporation) C:\WINDOWS\system32\daxexec.dll
2019-04-10 09:52 - 2019-03-14 17:54 - 000395776 _____ (Microsoft Corporation) C:\WINDOWS\system32\Search.ProtocolHandler.MAPI2.dll
2019-04-10 09:52 - 2019-03-14 17:54 - 000354304 _____ (Microsoft Corporation) C:\WINDOWS\system32\dhcpcore.dll
2019-04-10 09:52 - 2019-03-14 17:54 - 000279552 _____ (Microsoft Corporation) C:\WINDOWS\system32\dhcpcore6.dll
2019-04-10 09:52 - 2019-03-14 17:54 - 000273408 _____ (Microsoft Corporation) C:\WINDOWS\system32\ubpm.dll
2019-04-10 09:52 - 2019-03-14 17:54 - 000231936 _____ (Microsoft Corporation) C:\WINDOWS\system32\wcmcsp.dll
2019-04-10 09:52 - 2019-03-14 17:54 - 000118784 _____ (Microsoft Corporation) C:\WINDOWS\system32\negoexts.dll
2019-04-10 09:52 - 2019-03-14 17:54 - 000110592 _____ (Microsoft Corporation) C:\WINDOWS\system32\ngcpopkeysrv.dll
2019-04-10 09:52 - 2019-03-14 17:53 - 000787968 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\WdiWiFi.sys
2019-04-10 09:52 - 2019-03-14 17:53 - 000726528 _____ (Microsoft Corporation) C:\WINDOWS\system32\jscript9diag.dll
2019-04-10 09:52 - 2019-03-14 17:53 - 000473600 _____ (Microsoft Corporation) C:\WINDOWS\system32\schannel.dll
2019-04-10 09:52 - 2019-03-14 17:53 - 000456192 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Graphics.Printing.Workflow.dll
2019-04-10 09:52 - 2019-03-14 17:52 - 002909696 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuaueng.dll
2019-04-10 09:52 - 2019-03-14 17:52 - 000532992 _____ (Microsoft Corporation) C:\WINDOWS\system32\QuietHours.dll
2019-04-10 09:52 - 2019-03-14 17:52 - 000404480 _____ (Microsoft Corporation) C:\WINDOWS\system32\ShellCommonCommonProxyStub.dll
2019-04-10 09:52 - 2019-03-14 17:52 - 000201728 _____ (Microsoft Corporation) C:\WINDOWS\system32\smartscreenps.dll
2019-04-10 09:52 - 2019-03-14 17:51 - 001216000 _____ (Microsoft Corporation) C:\WINDOWS\system32\NotificationController.dll
2019-04-10 09:52 - 2019-03-14 17:51 - 001058304 _____ (Microsoft Corporation) C:\WINDOWS\system32\SearchIndexer.exe
2019-04-10 09:52 - 2019-03-14 17:51 - 000226304 _____ (Microsoft Corporation) C:\WINDOWS\system32\TetheringMgr.dll
2019-04-10 09:52 - 2019-03-14 17:50 - 001587712 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieapfltr.dll
2019-04-10 09:52 - 2019-03-14 17:50 - 001410560 _____ (Microsoft Corporation) C:\WINDOWS\system32\aadtb.dll
2019-04-10 09:52 - 2019-03-14 17:50 - 000947200 _____ (Microsoft Corporation) C:\WINDOWS\system32\wcmsvc.dll
2019-04-10 09:52 - 2019-03-14 17:50 - 000847360 _____ (Microsoft Corporation) C:\WINDOWS\system32\bisrv.dll
2019-04-10 09:52 - 2019-03-14 17:50 - 000796672 _____ (Microsoft Corporation) C:\WINDOWS\system32\mssvp.dll
2019-04-10 09:52 - 2019-03-14 17:50 - 000776192 _____ (Microsoft Corporation) C:\WINDOWS\system32\jscript.dll
2019-04-10 09:52 - 2019-03-14 17:50 - 000507392 _____ (Microsoft Corporation) C:\WINDOWS\system32\edgeIso.dll
2019-04-10 09:52 - 2019-03-14 17:50 - 000406528 _____ (Microsoft Corporation) C:\WINDOWS\system32\SearchProtocolHost.exe
2019-04-10 09:52 - 2019-03-14 17:50 - 000176640 _____ (Microsoft Corporation) C:\WINDOWS\system32\mssph.dll
2019-04-10 09:52 - 2019-03-14 11:57 - 001311744 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msjet40.dll
2019-04-10 09:52 - 2019-03-14 11:57 - 000475648 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msxbde40.dll
2019-04-10 09:52 - 2019-03-14 11:57 - 000375808 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mspbde40.dll
2019-04-10 09:52 - 2019-03-14 11:57 - 000352768 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msrd3x40.dll
2019-04-10 09:52 - 2019-03-14 11:57 - 000340992 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msexcl40.dll
2019-04-09 03:02 - 2019-04-09 03:02 - 000000000 ____D C:\ProgramData\Hankuper
2019-04-09 03:02 - 2019-04-09 03:02 - 000000000 ____D C:\Program Files\AdLock
2019-04-09 02:58 - 2019-04-09 02:58 - 036153840 _____ (Hankuper s.r.o.) C:\Users\Lenovo\Downloads\Adlock_Installer.exe
2019-04-09 00:08 - 2019-04-09 00:08 - 003976665 _____ C:\Users\Lenovo\Downloads\Mega Man Battle Network 2 (USA).zip
2019-04-09 00:06 - 2019-04-09 00:06 - 000001600 _____ C:\Users\Lenovo\Desktop\Continue Megaman Battle Network Installation.lnk
2019-04-09 00:05 - 2019-04-09 00:06 - 002134624 _____ ( ) C:\Users\Lenovo\Downloads\Megaman Battle Network_0322712152.exe
2019-04-06 18:30 - 2019-04-06 18:30 - 000364952 _____ C:\Users\Lenovo\Downloads\download.pdf
2019-04-05 11:04 - 2019-04-05 11:04 - 000192384 _____ C:\Users\Lenovo\Downloads\9299 (1) (1).pdf
2019-04-05 11:02 - 2019-04-05 11:02 - 000182444 _____ C:\Users\Lenovo\Downloads\9299 (1).pdf
2019-04-05 11:00 - 2019-04-05 11:00 - 000182444 _____ C:\Users\Lenovo\Downloads\929 (1).pdf
2019-04-05 10:00 - 2019-04-05 10:00 - 000338279 _____ C:\Users\Lenovo\Downloads\form 80 2015-2019(1) (1)[1145].pdf
2019-04-01 15:19 - 2019-04-01 15:19 - 000182444 _____ C:\Users\Lenovo\Downloads\929.pdf
2019-04-01 15:01 - 2019-04-01 15:01 - 000233489 _____ C:\Users\Lenovo\Downloads\form 80 2015-2019(1) (1).pdf
2019-03-31 01:33 - 2019-03-31 01:33 - 000000000 ____D C:\Users\Lenovo\Downloads\New folder
2019-03-27 12:24 - 2019-03-27 12:24 - 000233489 _____ C:\Users\Lenovo\Downloads\form 80 2015-2019(1).pdf
2019-03-25 13:27 - 2019-03-25 13:27 - 000063894 _____ C:\Users\Lenovo\Downloads\Albert - Akta lahir.pdf
2019-03-25 13:02 - 2019-03-25 13:02 - 001771175 _____ C:\Users\Lenovo\Downloads\Statement20181231.pdf
2019-03-25 13:01 - 2019-03-25 13:01 - 000116172 _____ C:\Users\Lenovo\Downloads\scoreReport (2).pdf
2019-03-21 23:11 - 2019-03-23 15:36 - 000000000 ____D C:\ProgramData\Stardock
2019-03-21 23:11 - 2019-03-21 23:11 - 000000000 ____D C:\Users\Lenovo\AppData\Local\Stardock
2019-03-21 23:10 - 2019-03-21 23:10 - 000000000 ____D C:\Users\Lenovo\Documents\My Games
2019-03-21 23:10 - 2019-03-21 23:10 - 000000000 ____D C:\Users\Lenovo\AppData\LocalLow\MohawkGames
2019-03-21 15:57 - 2019-03-21 15:57 - 000000202 _____ C:\Users\Lenovo\Desktop\Offworld Trading Company.url
2019-03-20 14:46 - 2019-03-20 14:46 - 000085072 _____ C:\Users\Lenovo\Downloads\Unconfirmed 583584.crdownload

==================== One month (modified) ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2019-04-19 02:08 - 2018-04-12 09:38 - 000000000 ____D C:\ProgramData\regid.1991-06.com.microsoft
2019-04-19 01:45 - 2018-03-22 23:45 - 000000410 __RSH C:\ProgramData\ntuser.pol
2019-04-19 00:28 - 2018-03-22 21:37 - 000000000 ____D C:\Users\Lenovo\AppData\LocalLow\360WD
2019-04-19 00:20 - 2014-12-30 12:34 - 000000000 ____D C:\Users\Lenovo\AppData\Local\CrashDumps
2019-04-18 18:51 - 2018-05-26 17:01 - 000000000 ____D C:\WINDOWS\system32\SleepStudy
2019-04-18 15:45 - 2017-12-30 07:35 - 000000000 ____D C:\Users\Lenovo\AppData\Local\Packages
2019-04-18 15:40 - 2016-12-21 04:23 - 000000000 ____D C:\Users\Lenovo\AppData\LocalLow\Mozilla
2019-04-18 13:26 - 2017-10-16 00:08 - 000000000 ____D C:\ProgramData\Package Cache
2019-04-18 13:26 - 2017-05-27 00:44 - 000000000 ____D C:\ProgramData\Adguard
2019-04-18 13:26 - 2017-05-27 00:43 - 000000000 ____D C:\Program Files (x86)\Adguard
2019-04-18 12:32 - 2015-09-12 20:58 - 000000000 ____D C:\Users\Lenovo\AppData\Local\TeamViewer
2019-04-18 12:30 - 2018-05-26 17:10 - 000000000 ____D C:\Users\DefaultAppPool
2019-04-18 12:30 - 2015-09-12 20:45 - 000000000 ____D C:\Users\Lenovo\AppData\Roaming\TeamViewer
2019-04-18 10:55 - 2018-03-22 21:37 - 000000000 ____D C:\ProgramData\360safe
2019-04-18 10:36 - 2018-12-14 16:35 - 000001082 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Ragnarok M -MuMu App Player.lnk
2019-04-18 10:36 - 2018-03-22 22:05 - 000000000 ____D C:\ProgramData\360Quarant
2019-04-18 10:28 - 2018-03-22 21:37 - 000000000 ____D C:\Users\Lenovo\AppData\Roaming\360safe
2019-04-18 10:22 - 2018-05-26 17:40 - 000000006 ____H C:\WINDOWS\Tasks\SA.DAT
2019-04-18 10:21 - 2018-04-12 07:04 - 000524288 _____ C:\WINDOWS\system32\config\BBI
2019-04-18 10:21 - 2018-03-22 21:37 - 000000000 _RSHD C:\360SANDBOX
2019-04-18 10:20 - 2018-05-26 17:10 - 000000000 ____D C:\Users\Lenovo
2019-04-18 10:14 - 2018-04-12 09:38 - 000000000 ____D C:\WINDOWS\system32\NDF
2019-04-18 03:58 - 2018-04-12 09:38 - 000000000 ____D C:\WINDOWS\AppReadiness
2019-04-18 03:57 - 2018-03-24 19:05 - 000000428 _____ C:\WINDOWS\Tasks\Driver Easy Scheduled Scan.job
2019-04-18 03:50 - 2019-02-16 23:48 - 000003752 _____ C:\WINDOWS\System32\Tasks\Opera scheduled assistant Autoupdate 1550324909
2019-04-18 03:50 - 2018-05-26 17:40 - 000003752 _____ C:\WINDOWS\System32\Tasks\Adobe Flash Player NPAPI Notifier
2019-04-18 03:50 - 2018-05-26 17:40 - 000003556 _____ C:\WINDOWS\System32\Tasks\Driver Easy Scheduled Scan
2019-04-18 03:50 - 2018-05-26 17:40 - 000002970 _____ C:\WINDOWS\System32\Tasks\IntelSURQC-Upgrade-86621605-2a0b-4128-8ffc-15514c247132
2019-04-18 03:50 - 2018-05-26 17:40 - 000002646 _____ C:\WINDOWS\System32\Tasks\McAfee Remediation (Prepare)
2019-04-18 03:50 - 2018-05-26 17:40 - 000002604 _____ C:\WINDOWS\System32\Tasks\IntelSURQC-Upgrade-86621605-2a0b-4128-8ffc-15514c247132-Logon
2019-04-18 03:50 - 2018-05-26 17:40 - 000002220 _____ C:\WINDOWS\System32\Tasks\CCleanerSkipUAC
2019-04-18 03:50 - 2018-05-26 17:40 - 000002202 _____ C:\WINDOWS\System32\Tasks\StartCN
2019-04-18 03:48 - 2019-03-18 21:26 - 000000000 ____D C:\WINDOWS\System32\Tasks\Avast Software
2019-04-18 01:12 - 2017-09-28 20:12 - 000061060 _____ C:\Users\Lenovo\Desktop\Share.xlsx
2019-04-17 19:52 - 2018-04-12 09:38 - 000000000 ___HD C:\Program Files\WindowsApps
2019-04-16 13:23 - 2018-12-26 22:02 - 000019344 _____ C:\Users\Lenovo\Desktop\Mascot-202-RENT.xlsx
2019-04-13 19:26 - 2016-09-22 12:11 - 000000000 ____D C:\Users\Lenovo\AppData\Roaming\vlc
2019-04-13 05:25 - 2019-03-18 21:25 - 000476264 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\asw1af7b8ca475981fe.tmp
2019-04-12 12:56 - 2018-03-25 06:00 - 000000000 ____D C:\Program Files (x86)\Intel Driver and Support Assistant
2019-04-12 03:45 - 2018-05-27 10:37 - 000503220 _____ C:\WINDOWS\system32\perfh011.dat
2019-04-12 03:45 - 2018-05-27 10:37 - 000145096 _____ C:\WINDOWS\system32\perfc011.dat
2019-04-12 03:45 - 2018-05-26 17:09 - 001571872 _____ C:\WINDOWS\system32\PerfStringBackup.INI
2019-04-12 03:45 - 2018-04-12 09:36 - 000000000 ____D C:\WINDOWS\INF
2019-04-12 02:47 - 2018-03-22 21:47 - 000001443 _____ C:\Users\Lenovo\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Opera Browser.lnk
2019-04-11 18:06 - 2018-03-22 21:38 - 000000000 ____D C:\Users\Lenovo\AppData\Roaming\360TotalSecurity
2019-04-11 17:51 - 2018-08-15 17:42 - 005199288 _____ C:\WINDOWS\system32\FNTCACHE.DAT
2019-04-11 17:47 - 2018-04-12 19:20 - 000000000 ____D C:\Program Files\Windows Defender Advanced Threat Protection
2019-04-11 17:47 - 2018-04-12 09:38 - 000000000 ___RD C:\Program Files\Windows Defender
2019-04-11 17:47 - 2018-04-12 09:38 - 000000000 ____D C:\WINDOWS\TextInput
2019-04-11 17:47 - 2018-04-12 09:38 - 000000000 ____D C:\WINDOWS\PolicyDefinitions
2019-04-11 17:47 - 2018-04-12 09:38 - 000000000 ____D C:\WINDOWS\bcastdvr
2019-04-10 10:03 - 2018-04-12 09:30 - 000000000 ____D C:\WINDOWS\CbsTemp
2019-04-10 09:51 - 2015-03-13 02:43 - 000000000 ____D C:\WINDOWS\system32\MRT
2019-04-10 09:44 - 2015-03-13 02:42 - 131129288 ____C (Microsoft Corporation) C:\WINDOWS\system32\MRT.exe
2019-04-09 00:05 - 2018-03-22 22:30 - 000000000 __SHD C:\$360Section
2019-04-07 23:23 - 2018-03-22 21:48 - 000000000 ____D C:\Users\Lenovo\AppData\Roaming\360DrvMgr
2019-04-05 21:35 - 2017-09-29 19:45 - 000000000 ____D C:\Program Files\rempl
2019-04-02 03:51 - 2018-11-18 11:45 - 000835480 _____ (Adobe) C:\WINDOWS\SysWOW64\FlashPlayerApp.exe
2019-04-02 03:51 - 2018-11-18 11:45 - 000179608 _____ (Adobe) C:\WINDOWS\SysWOW64\FlashPlayerCPLApp.cpl
2019-03-26 08:20 - 2019-02-19 10:38 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Daum
2019-03-26 07:28 - 2019-03-18 21:25 - 000004264 _____ C:\WINDOWS\System32\Tasks\Avast Emergency Update
2019-03-21 15:57 - 2017-08-11 00:34 - 000000000 ____D C:\Users\Lenovo\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Steam

==================== Files in the root of some directories =======

2017-05-27 00:44 - 2018-06-15 09:49 - 000000267 _____ () C:\ProgramData\fontcacheev1.dat
2018-08-13 21:01 - 2018-06-14 21:01 - 000000032 ____R () C:\ProgramData\hash.dat
2015-10-04 11:52 - 2015-10-04 11:52 - 000000102 _____ () C:\ProgramData\{262E20B8-6E20-4CEF-B1FD-D022AB1085F5}.dat
2015-10-04 11:58 - 2015-10-04 11:58 - 000000097 _____ () C:\Users\Lenovo\AppData\Roaming\settings.xml
2015-04-25 14:16 - 2015-04-25 14:16 - 000000054 _____ () C:\Users\Lenovo\AppData\Roaming\updater.cfg
2015-11-09 13:55 - 2015-11-30 19:16 - 000002856 _____ () C:\Users\Lenovo\AppData\Roaming\VoiceMeeterDefault.xml
2016-09-23 11:37 - 2017-01-05 11:54 - 000000202 _____ () C:\Users\Lenovo\AppData\Roaming\_encryptiondb.grf
2014-11-26 19:09 - 2014-11-26 19:09 - 000000038 ___SH () C:\Users\Lenovo\AppData\Local\1754111884ee9ab5277ca00.95260103
2014-12-26 00:02 - 2016-06-26 16:10 - 000007603 _____ () C:\Users\Lenovo\AppData\Local\Resmon.ResmonCfg

Some files in TEMP:
====================
2018-12-14 16:18 - 2018-12-14 16:18 - 005148112 _____ () C:\Users\Lenovo\AppData\Local\Temp\aria2c.exe
2018-08-06 08:50 - 2018-08-06 08:50 - 037432936 _____ (Ellora Assets Corporation ) C:\Users\Lenovo\AppData\Local\Temp\FreemakeVideoConverterFull.exe
2019-04-09 00:06 - 2019-04-09 00:06 - 002134624 _____ ( ) C:\Users\Lenovo\AppData\Local\Temp\Megaman Battle Network_0322712152.exe
2018-12-14 16:19 - 2018-12-14 16:31 - 475120432 _____ (网易游戏) C:\Users\Lenovo\AppData\Local\Temp\nemu-2.0.23.1-overseas-1029172337.exe
2018-08-17 00:57 - 2018-08-17 00:57 - 002170368 _____ (Opera Software) C:\Users\Lenovo\AppData\Local\Temp\Opera_installer_18081614571768111980.dll
2018-11-14 16:47 - 2018-11-14 16:47 - 002766848 _____ (Opera Software) C:\Users\Lenovo\AppData\Local\Temp\Opera_installer_18111406473400016512.dll
2019-03-18 21:23 - 2019-03-18 21:23 - 002128432 _____ ( ) C:\Users\Lenovo\AppData\Local\Temp\Pokemon- Fire Red Version_2090929492.exe

==================== Bamital & volsnap ======================

(There is no automatic fix for files that do not pass verification.)

C:\WINDOWS\system32\winlogon.exe => File is digitally signed
C:\WINDOWS\system32\wininit.exe => File is digitally signed
C:\WINDOWS\explorer.exe => File is digitally signed
C:\WINDOWS\SysWOW64\explorer.exe => File is digitally signed
C:\WINDOWS\system32\svchost.exe => File is digitally signed
C:\WINDOWS\SysWOW64\svchost.exe => File is digitally signed
C:\WINDOWS\system32\services.exe => File is digitally signed
C:\WINDOWS\system32\User32.dll => File is digitally signed
C:\WINDOWS\SysWOW64\User32.dll => File is digitally signed
C:\WINDOWS\system32\userinit.exe => File is digitally signed
C:\WINDOWS\SysWOW64\userinit.exe => File is digitally signed
C:\WINDOWS\system32\rpcss.dll => File is digitally signed
C:\WINDOWS\system32\dnsapi.dll => File is digitally signed
C:\WINDOWS\SysWOW64\dnsapi.dll => File is digitally signed
C:\WINDOWS\system32\dllhost.exe => File is digitally signed
C:\WINDOWS\SysWOW64\dllhost.exe => File is digitally signed
C:\WINDOWS\system32\Drivers\volsnap.sys => File is digitally signed

LastRegBack: 2018-05-26 17:01

==================== End of FRST.txt ============================
 

jmarket

PCHF's Almighty Ruler
PCHF Owner
Support Team
Security Team
Jan 10, 2015
2,154
499
PCHF Bunker
pchelpforum.net
We will need a log from AdwCleaner for further information.

Please go HERE and download AdwCleaner to your Desktop. Once downloaded right click the new icon and select Run as Administrator from the context menu to open the program. It will open at the Dashboard tab and no further changes to the program are necessary at this stage.

Click the Scan Now button.



Allow AdwCleaner to start scanning and depending on the amount of data on your PC it may take some time. At the conclusion of the scan any content considered unnecessary will be displayed in the Scan Results box. Ensure all items are selected for removal and click "Clean & Repair"



After selecting "Clean & Repair" another dialogue box may appear asking to restart now or later. If so choose "Clean & Restart Now"


Once the PC has restarted if AdwCleaner does not restart then open it again and click "Log Files" tab on the left. All log files will be listed. If you have used the program previously you may have several logs to select from so double click the most recent "Clean" log and it will open a notepad file on your Desktop.

Please COPY and PASTE the contents of that file in your next post :)

Download ResetBrowser to your desktop.

Now close all open browsers. All browsers MUST be closed during this operation!

Right click and Run as Administrator



Click on Reset Chrome-- Allow completion.
Click on Reset Firefox-- Allow completion.
Click on Reset Internet Explorer-- Allow completion.

Now reboot your machine.
 

Baroona

PCHF Member
PCHF Member
Apr 18, 2019
27
1
23
# -------------------------------
# Malwarebytes AdwCleaner 7.3.0.0
# -------------------------------
# Build: 04-04-2019
# Database: 2019-04-18.2 (Cloud)
# Support: https://www.malwarebytes.com/support
#
# -------------------------------
# Mode: Scan
# -------------------------------
# Start: 04-19-2019
# Duration: 00:00:14
# OS: Windows 10 Pro
# Scanned: 27356
# Detected: 88


***** [ Services ] *****

PUP.Optional.Legacy WtuSystemSupport

***** [ Folders ] *****

PUP.Adware.Heuristic C:\ProgramData\AVG_UPDATE_0215TB
PUP.Adware.Heuristic C:\ProgramData\AVG_UPDATE_0516TB
PUP.Adware.Heuristic C:\ProgramData\AVG_UPDATE_0816TB
PUP.Adware.Heuristic C:\ProgramData\AVG_UPDATE_1016TB
PUP.Adware.Heuristic C:\ProgramData\AVG_UPDATE_1214TB
PUP.Optional.AdvancedSystemCare C:\ProgramData\IObit\Advanced SystemCare
PUP.Optional.AdvancedSystemCare C:\Users\Lenovo\AppData\Roaming\IObit\Advanced SystemCare
PUP.Optional.Legacy C:\Program Files (x86)\Common Files\AVG Secure Search
PUP.Optional.Legacy C:\Program Files (x86)\avg web tuneup
PUP.Optional.Legacy C:\Program Files\Common Files\AVG Secure Search
PUP.Optional.Legacy C:\Program Files\avg web tuneup
PUP.Optional.Legacy C:\ProgramData\AVG Secure Search
PUP.Optional.Legacy C:\ProgramData\AVG Security Toolbar
PUP.Optional.Legacy C:\ProgramData\Speedbit
PUP.Optional.Legacy C:\ProgramData\avg web tuneup
PUP.Optional.Legacy C:\Users\Lenovo\AppData\LocalLow\Speedbit
PUP.Optional.Legacy C:\Users\Lenovo\AppData\LocalLow\avg web tuneup
PUP.Optional.Legacy C:\Users\Lenovo\AppData\Local\avg web tuneup
PUP.Optional.Legacy C:\Users\Lenovo\AppData\Roaming\Speedbit
PUP.Optional.MYPCTuneUp C:\Users\Lenovo\AppData\Local\Packages\windows_ie_ac_001\AC\AVG Web TuneUp
Trojan.Sathurbot.E C:\Users\Lenovo\AppData\Local\Microsoft\Performance\Monitor

***** [ Files ] *****

PUP.Optional.Legacy C:\ProgramData\{262E20B8-6E20-4CEF-B1FD-D022AB1085F5}.dat
PUP.Optional.Legacy C:\Users\Lenovo\AppData\Roaming\Mozilla\Firefox\Profiles\yyjwfhm6.default\searchplugins\avg-secure-search.xml

***** [ DLL ] *****

No malicious DLLs found.

***** [ WMI ] *****

No malicious WMI found.

***** [ Shortcuts ] *****

No malicious shortcuts found.

***** [ Tasks ] *****

PUP.Adware.Heuristic C:\Windows\System32\Tasks\0915TBUPDATEINFO
PUP.Adware.Heuristic C:\Windows\System32\Tasks\AVG-SSU_0117avz
PUP.Adware.Heuristic C:\Windows\System32\Tasks\AVG-SSU_0117avz_DELETE
PUP.Adware.Heuristic C:\Windows\System32\Tasks\FreeDownloadManagerNetworkMonitor
PUP.Adware.Heuristic C:\Windows\Tasks\0915TBUPDATEINFO.JOB

***** [ Registry ] *****

PUP.Adware.Heuristic HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Boot\{1C48C1BE-378A-4BD4-9CBC-1EE169FA27A9}
PUP.Adware.Heuristic HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{08DE182E-4B30-4A1E-B2FD-C6EB7895D4FF}
PUP.Adware.Heuristic HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{08DE182E-4B30-4A1E-B2FD-C6EB7895D4FF}
PUP.Adware.Heuristic HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{1C48C1BE-378A-4BD4-9CBC-1EE169FA27A9}
PUP.Adware.Heuristic HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{4B4D8E7B-0A5F-40FC-BBCD-29A82DE55E1E}
PUP.Adware.Heuristic HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{C14A101B-90DF-4EA6-814A-49BE72CAD1BA}
PUP.Adware.Heuristic HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\0915TBUPDATEINFO
PUP.Adware.Heuristic HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\AVG-SSU_0117avz
PUP.Adware.Heuristic HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\AVG-SSU_0117avz_DELETE
PUP.Adware.Heuristic HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\FreeDownloadManagerNetworkMonitor
PUP.Optional.ByteFence HKLM\Software\Wow6432Node\\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_BROWSER_EMULATION|ByteFence.exe
PUP.Optional.DriverAgent HKLM\SOFTWARE\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_BROWSER_EMULATION|DriverSupport.exe
PUP.Optional.DriverAgent HKLM\SOFTWARE\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_GPU_RENDERING|DriverSupport.exe
PUP.Optional.DriverPack HKCU\Software\drpsu
PUP.Optional.InstallCore HKCU\Software\csastats
PUP.Optional.Legacy HKCU\Software\AVG Tuneup
PUP.Optional.Legacy HKCU\Software\Microsoft\Internet Explorer\Main|Start Page
PUP.Optional.Legacy HKCU\Software\SpeedBit
PUP.Optional.Legacy HKLM\SOFTWARE\Classes\AppID\ViProtocol.DLL
PUP.Optional.Legacy HKLM\SOFTWARE\Classes\protocols\handler\viprotocol
PUP.Optional.Legacy HKLM\Software\Classes\AppID\{1FDFF5A2-7BB1-48E1-8081-7236812B12B2}
PUP.Optional.Legacy HKLM\Software\Classes\Interface\{03E2A1F3-4402-4121-8B35-733216D61217}
PUP.Optional.Legacy HKLM\Software\Classes\Interface\{4E92DB5F-AAD9-49D3-8EAB-B40CBE5B1FF7}
PUP.Optional.Legacy HKLM\Software\Classes\Interface\{9E3B11F6-4179-4603-A71B-A55F4BCB0BEC}
PUP.Optional.Legacy HKLM\Software\Classes\Interface\{C401D2CE-DC27-45C7-BC0C-8E6EA7F085D6}
PUP.Optional.Legacy HKLM\Software\Classes\TypeLib\{74FB6AFD-DD77-4CEB-83BD-AB2B63E63C93}
PUP.Optional.Legacy HKLM\Software\Classes\TypeLib\{82351433-9094-11D1-A24B-00A0C932C7DF}
PUP.Optional.Legacy HKLM\Software\Classes\TypeLib\{9C049BA6-EA47-4AC3-AED6-A66D8DC9E1D8}
PUP.Optional.Legacy HKLM\Software\Classes\TypeLib\{C2AC8A0E-E48E-484B-A71C-C7A937FAAB94}
PUP.Optional.Legacy HKLM\Software\Microsoft\Shared Tools\MSConfig\services\WtuSystemSupport
PUP.Optional.Legacy HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\StartupApproved\Run|WebDiscoverBrowser
PUP.Optional.Legacy HKLM\Software\Wow6432Node\AVG Tuneup
PUP.Optional.Legacy HKLM\Software\Wow6432Node\SpeedBit
PUP.Optional.Legacy HKLM\Software\Wow6432Node\\Classes\AppID\ViProtocol.DLL
PUP.Optional.Legacy HKLM\Software\Wow6432Node\\Classes\AppID\{1FDFF5A2-7BB1-48E1-8081-7236812B12B2}
PUP.Optional.Legacy HKLM\Software\Wow6432Node\\Classes\CLSID\{4E92DB5F-AAD9-49D3-8EAB-B40CBE5B1FF7}
PUP.Optional.Legacy HKLM\Software\Wow6432Node\\Classes\CLSID\{61AB12E1-A5FF-11D1-B2E9-444553540000}
PUP.Optional.Legacy HKLM\Software\Wow6432Node\\Classes\CLSID\{6DC82D15-92F2-11D1-A255-00A0C932C7DF}
PUP.Optional.Legacy HKLM\Software\Wow6432Node\\Classes\CLSID\{82351441-9094-11D1-A24B-00A0C932C7DF}
PUP.Optional.Legacy HKLM\Software\Wow6432Node\\Classes\CLSID\{933B95E2-E7B7-4AD9-B952-7AC336682AE3}
PUP.Optional.Legacy HKLM\Software\Wow6432Node\\Classes\CLSID\{B658800C-F66E-4EF3-AB85-6C0C227862A9}
PUP.Optional.Legacy HKLM\Software\Wow6432Node\\Classes\CLSID\{CA3A5461-96B5-46DD-9341-5350D3C94615}
PUP.Optional.Legacy HKLM\Software\Wow6432Node\\Classes\Interface\{03E2A1F3-4402-4121-8B35-733216D61217}
PUP.Optional.Legacy HKLM\Software\Wow6432Node\\Classes\Interface\{4E92DB5F-AAD9-49D3-8EAB-B40CBE5B1FF7}
PUP.Optional.Legacy HKLM\Software\Wow6432Node\\Classes\Interface\{9E3B11F6-4179-4603-A71B-A55F4BCB0BEC}
PUP.Optional.Legacy HKLM\Software\Wow6432Node\\Classes\Interface\{C401D2CE-DC27-45C7-BC0C-8E6EA7F085D6}
PUP.Optional.Legacy HKLM\Software\Wow6432Node\\Classes\TypeLib\{74FB6AFD-DD77-4CEB-83BD-AB2B63E63C93}
PUP.Optional.Legacy HKLM\Software\Wow6432Node\\Classes\TypeLib\{82351433-9094-11D1-A24B-00A0C932C7DF}
PUP.Optional.Legacy HKLM\Software\Wow6432Node\\Classes\TypeLib\{9C049BA6-EA47-4AC3-AED6-A66D8DC9E1D8}
PUP.Optional.Legacy HKLM\Software\Wow6432Node\\Classes\TypeLib\{C2AC8A0E-E48E-484B-A71C-C7A937FAAB94}
PUP.Optional.Legacy HKLM\Software\Wow6432Node\\Classes\protocols\handler\viprotocol

***** [ Chromium (and derivatives) ] *****

PUP.Optional.Legacy Download Accelerator Plus (DAP)
PUP.Optional.VideoAdBlocker.ChrPRST bknbnapaddjdnbilpmlacdkjdkjmbjhd
PUP.Optional.VideoAdBlocker.ChrPRST bknbnapaddjdnbilpmlacdkjdkjmbjhd

***** [ Chromium URLs ] *****

No malicious Chromium URLs found.

***** [ Firefox (and derivatives) ] *****

PUP.Optional.Legacy AVG Web TuneUp

***** [ Firefox URLs ] *****

PUP.Optional.Legacy https://mysearch.avg.com/?cid={E644F638-8B1F-47E6-B698-D3DB372E9EFA}&mid=f4d66996aa8347cda0658ddae406f9fb-55d4ec08cd7e853dfbd9c9b5e6cb009adb67b172&lang=en&ds=AVG&coid=avgtbavg&cmpid=1215tb&pr=fr&d=2014-11-26 17:29:01&v=4.2.1.951&pid=wtu&sg=&sap=hp
PUP.Optional.Legacy mysearch.avg.com
PUP.Optional.MySearch https://mysearch.avg.com/?cid={E644F638-8B1F-47E6-B698-D3DB372E9EFA}&mid=f4d66996aa8347cda0658ddae406f9fb-55d4ec08cd7e853dfbd9c9b5e6cb009adb67b172&lang=en&ds=AVG&coid=avgtbavg&cmpid=1215tb&pr=fr&d=2014-11-26 17:29:01&v=4.2.1.951&pid=wtu&sg=&sap=hp
PUP.Optional.MySearch mysearch.avg.com



########## EOF - C:\AdwCleaner\Logs\AdwCleaner[S00].txt ##########
 

jmarket

PCHF's Almighty Ruler
PCHF Owner
Support Team
Security Team
Jan 10, 2015
2,154
499
PCHF Bunker
pchelpforum.net
A lot of bad crap was removed. Go ahead and re-run my FRST instructions and post some fresh logs for me to look at :)

How do the browsers act now?
 

Baroona

PCHF Member
PCHF Member
Apr 18, 2019
27
1
23
Haha thanks for the step by step guidance, however my chrome still has issues in which the lock is still on gray colour, this issues only happened in chrome which is quite weird.

sidenote: my Antivirus detected resetbrowser as trojan and i just ignore the whole thing, is it a normal interaction or no?

Addition:
Additional scan result of Farbar Recovery Scan Tool (x64) Version: 18.04.2019
Ran by Lenovo (19-04-2019 12:48:10)
Running from C:\Users\Lenovo\Downloads
Windows 10 Pro Version 1803 17134.706 (X64) (2018-05-26 07:41:06)
Boot Mode: Normal
==========================================================


==================== Accounts: =============================

Administrator (S-1-5-21-1925601759-1010797402-2804155008-500 - Administrator - Disabled)
DefaultAccount (S-1-5-21-1925601759-1010797402-2804155008-503 - Limited - Disabled)
Guest (S-1-5-21-1925601759-1010797402-2804155008-501 - Limited - Disabled)
HomeGroupUser$ (S-1-5-21-1925601759-1010797402-2804155008-1002 - Limited - Enabled)
Lenovo (S-1-5-21-1925601759-1010797402-2804155008-1000 - Administrator - Enabled) => C:\Users\Lenovo
WDAGUtilityAccount (S-1-5-21-1925601759-1010797402-2804155008-504 - Limited - Disabled)

==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AV: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AV: Malwarebytes (Disabled - Out of date) {23007AD3-69FE-687C-2629-D584AFFAF72B}
AV: 360 Total Security (Disabled - Up to date) {0371CA44-3F80-A1D3-BECE-910620B58D50}
AS: Malwarebytes (Disabled - Out of date) {98619B37-4FC4-67F2-1C99-EEF6D47DBD96}
AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: 360 Total Security (Disabled - Up to date) {B8102BA0-19BA-AE5D-847E-AA745B32C7ED}

==================== Installed Programs ======================

(Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

. . (HKLM\...\{3D383E25-72E7-4F09-AA1C-9ADE6A2EF42F}) (Version: 7.1 - Intel) Hidden
. . . (HKLM-x32\...\{0C9A6167-6560-4085-9C35-EDB1AE105328}) (Version: 3.2.0.9 - Intel) Hidden
360 Total Security (HKLM-x32\...\360TotalSecurity) (Version: 10.2.0.1180 - 360 Security Center)
3DP Chip Lite v17.11.1 (HKLM-x32\...\3DP Chip Lite) (Version: v17.11.1 - 3DP)
ACDSee Pro 3 (HKLM-x32\...\{1B280FAF-AE10-4E31-A41A-DB3917D651DC}) (Version: 3.0.355 - ACD Systems International Inc.)
Active Directory Authentication Library for SQL Server (HKLM\...\{32C0D7B2-1046-43AC-98AD-B748E1910916}) (Version: 13.0.1601.5 - Microsoft Corporation) Hidden
Active Directory Authentication Library for SQL Server (x86) (HKLM-x32\...\{F40FA676-46B1-4609-85EF-D2F1F79E0C0E}) (Version: 13.0.1601.5 - Microsoft Corporation) Hidden
AdLock (HKLM\...\{26D2159D-4BE2-43A4-9E68-F0594DF0295C}) (Version: 1.0.2.2 - Hankuper) Hidden
Adobe Flash Player 29 NPAPI (HKLM-x32\...\Adobe Flash Player NPAPI) (Version: 29.0.0.113 - Adobe Systems Incorporated)
Adobe Flash Player 29 PPAPI (HKLM-x32\...\Adobe Flash Player PPAPI) (Version: 29.0.0.113 - Adobe Systems Incorporated)
AMD Settings (HKLM\...\WUCCCApp) (Version: 2016.0628.2138.37120 - Advanced Micro Devices, Inc.)
AMD Software (HKLM\...\AMD Catalyst Install Manager) (Version: 18.2.1 - Advanced Micro Devices, Inc.)
Anathena (HKU\S-1-5-21-1925601759-1010797402-2804155008-1000\...\242cfcc8731b6ee3) (Version: 3.3.8.0 - Anathena)
Any Video Converter 6.2.5 (HKLM-x32\...\Any Video Converter) (Version: 6.2.5 - Anvsoft)
Apple Application Support (32-bit) (HKLM-x32\...\{D4C80B0C-CF67-43A7-90C3-466853543B54}) (Version: 6.3 - Apple Inc.)
Apple Application Support (64-bit) (HKLM\...\{B2A2E8AF-BC48-4191-B2C4-3846A19835CA}) (Version: 6.3 - Apple Inc.)
Apple Application Support (HKLM-x32\...\{46F044A5-CE8B-4196-984E-5BD6525E361D}) (Version: 2.3.6 - Apple Inc.)
Apple Mobile Device Support (HKLM\...\{AA7D90D2-2387-4FA5-A3AF-96811BE49BFD}) (Version: 11.0.5.14 - Apple Inc.)
Apple Software Update (HKLM-x32\...\{19589375-5C58-4AFA-842F-8B34744CCEAD}) (Version: 2.5.0.1 - Apple Inc.)
Apple Software Update (HKLM-x32\...\{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}) (Version: 2.1.3.127 - Apple Inc.)
ArcSoft WebCam Companion 3 (HKLM-x32\...\{34985F59-8F6F-46F4-9AD5-53E2714294D2}) (Version: 3.0.189 - ArcSoft)
AVG 2015 (HKLM\...\{6E4BAAF0-7F23-41E5-B16B-4727B6FC0C6F}) (Version: 15.0.6081 - AVG Technologies) Hidden
AVG Web TuneUp (HKLM-x32\...\AVG Web TuneUp) (Version: 4.3.6.255 - AVG Technologies)
Battle.net (HKLM-x32\...\Battle.net) (Version: - Blizzard Entertainment)
BattlePing (HKLM-x32\...\{DB480AC3-1578-B8DC-3F8F-786A2A4E3BC7}) (Version: 1.3.7.1 - BattlePing)
Bonjour (HKLM\...\{56DDDFB8-7F79-4480-89D5-25E1F52AB28F}) (Version: 3.1.0.1 - Apple Inc.)
Catalyst Control Center Next Localization BR (HKLM\...\{15EEB07A-3FB9-FA4C-8EFF-697728CB1E5C}) (Version: 2016.0628.2138.37120 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization CHS (HKLM\...\{A63E3031-0522-18C6-F18F-7EE80973315F}) (Version: 2016.0628.2138.37120 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization CHT (HKLM\...\{A2966D0F-43BB-116D-C9C7-49612FBFD0AE}) (Version: 2016.0628.2138.37120 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization CS (HKLM\...\{4C608ED2-535B-2119-3661-9E6F7DDB600F}) (Version: 2016.0628.2138.37120 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization DA (HKLM\...\{9005C809-497A-FD45-CB96-76A3338E35B9}) (Version: 2016.0628.2138.37120 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization DE (HKLM\...\{D84300A6-72F1-5771-B3B1-8FC71184AB38}) (Version: 2016.0628.2138.37120 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization EL (HKLM\...\{56D13277-FA9F-2842-682D-DD7298973585}) (Version: 2016.0628.2138.37120 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization ES (HKLM\...\{8D0C7788-D519-7B65-36F6-D0D21296F173}) (Version: 2016.0628.2138.37120 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization FI (HKLM\...\{930FD2C7-D026-197D-94E4-CB5917CE7420}) (Version: 2016.0628.2138.37120 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization FR (HKLM\...\{086D11E3-9CA4-DBEF-2B48-5A2EFFD53145}) (Version: 2016.0628.2138.37120 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization HU (HKLM\...\{D0C1EAB6-92F1-EE91-04C2-5947EE150593}) (Version: 2016.0628.2138.37120 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization IT (HKLM\...\{57EAA61A-CD02-DF34-0839-2549F57A334C}) (Version: 2016.0628.2138.37120 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization JA (HKLM\...\{AA477FD2-347B-1732-5D8C-AF35AF1B9703}) (Version: 2016.0628.2138.37120 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization KO (HKLM\...\{BBFC5953-2CB9-5932-1D47-52E4AA99737B}) (Version: 2016.0628.2138.37120 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization NL (HKLM\...\{01E7D692-D785-743F-5A55-F00162D26A1C}) (Version: 2016.0628.2138.37120 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization NO (HKLM\...\{5D8BA452-1264-7D13-E4EC-8236EC5B83FE}) (Version: 2016.0628.2138.37120 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization PL (HKLM\...\{F49BA906-83DA-3F5A-5B24-03C8DE2A3936}) (Version: 2016.0628.2138.37120 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization RU (HKLM\...\{5A466CAA-F071-D9EF-A799-EF63552DBE70}) (Version: 2016.0628.2138.37120 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization SV (HKLM\...\{D7DC4DDB-3E0D-6F79-4258-4A461654B689}) (Version: 2016.0628.2138.37120 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization TH (HKLM\...\{ACDFF800-6015-BEEC-8A27-7B1A80915273}) (Version: 2016.0628.2138.37120 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization TR (HKLM\...\{A28B1FC5-3947-9D39-7FE5-A3CB18E16358}) (Version: 2016.0628.2138.37120 - Advanced Micro Devices, Inc.) Hidden
CCleaner (HKLM\...\CCleaner) (Version: 5.41 - Piriform)
Cheat Engine 6.6 (HKLM-x32\...\Cheat Engine 6.6_is1) (Version: - Cheat Engine)
Cisco EAP-FAST Module (HKLM-x32\...\{64BF0187-F3D2-498B-99EA-163AF9AE6EC9}) (Version: 2.2.14 - Cisco Systems, Inc.)
Cisco LEAP Module (HKLM-x32\...\{AF312B06-5C5C-468E-89B3-BE6DE2645722}) (Version: 1.0.19 - Cisco Systems, Inc.)
Cisco PEAP Module (HKLM-x32\...\{0A4EF0E6-A912-4CDE-A7F3-6E56E7C13A2F}) (Version: 1.1.6 - Cisco Systems, Inc.)
Conexant HD Audio (HKLM\...\CNXT_AUDIO_HDA) (Version: 8.66.16.50 - Conexant)
CyberLink PowerDVD 11 (HKLM-x32\...\InstallShield_{F232C87C-6E92-4775-8210-DFE90B7777D9}) (Version: 11.0.1620.51 - CyberLink Corp.)
D3DX10 (HKLM-x32\...\{E09C4DB7-630C-4F06-A631-8EA7239923AF}) (Version: 15.4.2368.0902 - Microsoft) Hidden
DivX H.264 decoder 8.2.0.26 (HKLM-x32\...\divxh264_is1) (Version: 8.2.0.26 - )
DivX Setup (HKLM-x32\...\DivX Setup) (Version: 2.7.0.93 - DivX, LLC)
Dolby Digital Plus Advanced Audio (HKLM\...\{B0BFC63F-EA07-419E-960B-3FB2ED5DD0B2}) (Version: 7.6.5.1 - Dolby Laboratories Inc)
Dolby Digital Plus Home Theater (HKLM\...\{7E3D8FA1-6092-469A-955B-68FC4A2C67CA}) (Version: 7.6.5.1 - Dolby Laboratories Inc)
Driver Easy 5.6.1 (HKLM\...\DriverEasy_is1) (Version: 5.6.1 - Easeware)
Dropbox (HKLM-x32\...\Dropbox) (Version: 45.4.92 - Dropbox, Inc.)
Dropbox Update Helper (HKLM-x32\...\{099218A5-A723-43DC-8DB5-6173656A1E94}) (Version: 1.3.59.1 - Dropbox, Inc.) Hidden
Energy Management (HKLM-x32\...\{D0956C11-0F60-43FE-99AD-524E833471BB}) (Version: 7.0.3.9 - Lenovo) Hidden
Energy Management (HKLM-x32\...\InstallShield_{D0956C11-0F60-43FE-99AD-524E833471BB}) (Version: 7.0.3.9 - Lenovo)
eNexia version 749.0 (HKLM-x32\...\{8C3EC8A8-70A1-4298-BD7D-3CD7DAE20D64}_is1) (Version: 749.0 - eNexiaTK)
Free Download Manager (HKLM\...\{43781dff-e0df-49ce-a6d2-47da96a485e7}}_is1) (Version: - FreeDownloadManager.ORG)
Google Chrome (HKLM-x32\...\{8CAF1821-50A9-3971-88C2-371AACE003E1}) (Version: 73.0.3683.103 - Google LLC)
Google Update Helper (HKLM-x32\...\{60EC980A-BDA2-4CB6-A427-B07A5498B4CA}) (Version: 1.3.34.7 - Google LLC) Hidden
GRF Editor version 1.7.9 (HKLM-x32\...\GRF Editor_is1) (Version: 1.7.9 - )
Hearthstone (HKLM-x32\...\Hearthstone) (Version: - Blizzard Entertainment)
Hearthstone Deck Tracker (HKU\S-1-5-21-1925601759-1010797402-2804155008-1000\...\HearthstoneDeckTracker) (Version: 1.7.6 - HearthSim)
Hotspot Shield 7.6.4 (HKLM-x32\...\{AF599C42-A2E5-4251-B7EE-4925C187EDD1}) (Version: 7.6.4.10926 - AnchorFree Inc.) Hidden
Hotspot Shield 7.6.4 (HKLM-x32\...\{f0473374-de13-4075-b4ef-5847e91e1d6a}) (Version: 7.6.4.10926 - AnchorFree Inc.)
Hotspot Shield 7.6.4 (HKLM-x32\...\HotspotShield) (Version: 7.6.4 - AnchorFree Inc.) Hidden
HxD Hex Editor version 1.7.7.0 (HKLM-x32\...\HxD Hex Editor_is1) (Version: 1.7.7.0 - Maël Hörz)
IIS 10.0 Express (HKLM\...\{13FD7E30-D2F1-498D-ABC2-A4242DB6610E}) (Version: 10.0.1736 - Microsoft Corporation)
Intel(R) Chipset Device Software (HKLM-x32\...\{17408817-d415-4768-a160-ae6d46d6bdb0}) (Version: 10.1.1.44 - Intel(R) Corporation) Hidden
Intel(R) Computing Improvement Program (HKLM\...\{699E6891-25C3-443A-9B8E-80C74F0172C8}) (Version: 2.1.03413 - Intel Corporation)
Intel(R) Management Engine Components (HKLM-x32\...\{65153EA5-8B6E-43B6-857B-C6E4FC25798A}) (Version: 9.5.15.1730 - Intel Corporation)
Intel(R) Processor Graphics (HKLM-x32\...\{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}) (Version: 20.19.15.4531 - Intel Corporation)
Intel(R) Rapid Storage Technology (HKLM\...\{409CB30E-E457-4008-9B1A-ED1B9EA21140}) (Version: 12.9.0.1001 - Intel Corporation)
Intel(R) USB 3.0 eXtensible Host Controller Driver (HKLM-x32\...\{240C3DDD-C5E9-4029-9DF7-95650D040CF2}) (Version: 2.5.3.34 - Intel Corporation)
Intel® Driver & Support Assistant (HKLM-x32\...\{4d839fe1-a8d3-4edc-b0ca-844394309856}) (Version: 3.2.0.9 - Intel)
IObit Uninstaller 8 (HKLM-x32\...\IObitUninstall) (Version: 8.4.0.8 - IObit)
iTunes (HKLM\...\{1D7D1271-5258-4F5A-B8C1-7176BF398782}) (Version: 12.7.3.46 - Apple Inc.)
Java 8 Update 161 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F32180161F0}) (Version: 8.0.1610.12 - Oracle Corporation)
K-Lite Mega Codec Pack 14.0.5 (HKLM-x32\...\KLiteCodecPack_is1) (Version: 14.0.5 - KLCP)
Lenovo EasyCamera (HKLM-x32\...\{E399A5B3-ED53-4DEA-AF04-8011E1EB1EAC}) (Version: 6.3.9600.11105 - Realtek Semiconductor Corp.)
Logitech Gaming Software 8.57 (HKLM\...\Logitech Gaming Software) (Version: 8.57.145 - Logitech Inc.)
Magic Bullet Suite 64-bit (HKLM\...\{93488C33-D8D6-472A-83BB-F71603355CF0}) (Version: 11.1.0 - Red Giant Software) Hidden
Magic Bullet Suite 64-bit (HKLM-x32\...\InstallShield_{93488C33-D8D6-472A-83BB-F71603355CF0}) (Version: 11.1.0 - Red Giant Software)
Malwarebytes version 3.4.4.2398 (HKLM\...\{35065F43-4BB2-439A-BFF7-0F1014F2E0CD}_is1) (Version: 3.4.4.2398 - Malwarebytes)
McAfee True Key (HKLM\...\TrueKey) (Version: 5.2.167.1 - McAfee, LLC)
mHotspot version 7.8.8.0 (HKLM-x32\...\{beeb7906-9268-4520-8850-8d8af9b1c7c8}_is1) (Version: 7.8.8.0 - 1BN Software & IT Solutions Pvt. Ltd.)
Microsoft .NET Framework 4 Multi-Targeting Pack (HKLM-x32\...\{CFEF48A8-BFB8-3EAC-8BA5-DE4F8AA267CE}) (Version: 4.0.30319 - Microsoft Corporation)
Microsoft .NET Framework 4.5.1 Multi-Targeting Pack (ENU) (HKLM-x32\...\{D3517C62-68A5-37CF-92F7-93C029A89681}) (Version: 4.5.50932 - Microsoft Corporation)
Microsoft .NET Framework 4.5.1 Multi-Targeting Pack (HKLM-x32\...\{6A0C6700-EA93-372C-8871-DCCF13D160A4}) (Version: 4.5.50932 - Microsoft Corporation)
Microsoft .NET Framework 4.6.1 SDK (HKLM-x32\...\{2F0ECC80-B9E4-4485-8083-CD32F22ABD92}) (Version: 4.6.01055 - Microsoft Corporation)
Microsoft .NET Framework 4.6.1 SDK (日本語) (HKLM-x32\...\{9A330858-0CD6-4FB3-8C57-0F1BB58012B0}) (Version: 4.6.01055 - Microsoft Corporation)
Microsoft .NET Framework 4.6.1 Targeting Pack (ENU) (HKLM-x32\...\{8EEB28EE-5141-411C-9CF0-9952264FE4AF}) (Version: 4.6.01055 - Microsoft Corporation)
Microsoft .NET Framework 4.6.1 Targeting Pack (HKLM-x32\...\{8BC3EEC9-090F-4C53-A8DA-1BEC913040F9}) (Version: 4.6.01055 - Microsoft Corporation)
Microsoft .NET Framework 4.6.1 Targeting Pack (日本語) (HKLM-x32\...\{903C5477-BA28-4CFC-8BE4-62E3C328D4DD}) (Version: 4.6.01055 - Microsoft Corporation)
Microsoft Chart Controls for Microsoft .NET Framework 3.5 (HKLM-x32\...\{41785C66-90F2-40CE-8CB5-1C94BFC97280}) (Version: 3.5.0.0 - Microsoft Corporation)
Microsoft Help Viewer 1.1 (HKLM\...\Microsoft Help Viewer 1.1) (Version: 1.1.40219 - Microsoft Corporation)
Microsoft Help Viewer 2.2 (HKLM-x32\...\Microsoft Help Viewer 2.2) (Version: 2.2.25420 - Microsoft Corporation)
Microsoft Office 2007 Service Pack 3 (SP3) (HKLM-x32\...\{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{6E107EB7-8B55-48BF-ACCB-199F86A2CD93}) (Version: - Microsoft)
Microsoft Office Enterprise 2007 (HKLM-x32\...\ENTERPRISE) (Version: 12.0.6612.1000 - Microsoft Corporation)
Microsoft Office File Validation Add-In (HKLM-x32\...\{90140000-2005-0000-0000-0000000FF1CE}) (Version: 14.0.5130.5003 - Microsoft Corporation)
Microsoft OneDrive (HKU\S-1-5-21-1925601759-1010797402-2804155008-1000\...\OneDriveSetup.exe) (Version: 18.025.0204.0009 - Microsoft Corporation)
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.50918.0 - Microsoft Corporation)
Microsoft SQL Server 2005 Compact Edition [ENU] (HKLM-x32\...\{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}) (Version: 3.1.0000 - Microsoft Corporation)
Microsoft SQL Server 2008 (64-bit) (HKLM\...\Microsoft SQL Server 10 Release) (Version: - Microsoft Corporation)
Microsoft SQL Server 2008 Browser (HKLM-x32\...\{C688457E-03FD-4941-923B-A27F4D42A7DD}) (Version: 10.1.2531.0 - Microsoft Corporation)
Microsoft SQL Server 2008 Native Client (HKLM\...\{BBDE8A3D-64A2-43A6-95F3-C27B87DF7AC1}) (Version: 10.1.2531.0 - Microsoft Corporation)
Microsoft SQL Server 2008 Setup Support Files (HKLM\...\{B40EE88B-400A-4266-A17B-E3DE64E94431}) (Version: 10.1.2731.0 - Microsoft Corporation)
Microsoft SQL Server 2012 Command Line Utilities (HKLM\...\{9D573E71-1077-4C7E-B4DB-4E22A5D2B48B}) (Version: 11.0.2100.60 - Microsoft Corporation)
Microsoft SQL Server 2012 Native Client (HKLM\...\{49D665A2-4C2A-476E-9AB8-FCC425F526FC}) (Version: 11.0.2100.60 - Microsoft Corporation)
Microsoft SQL Server 2014 Management Objects (HKLM-x32\...\{2774595F-BC2A-4B12-A25B-0C37A37049B0}) (Version: 12.0.2000.8 - Microsoft Corporation)
Microsoft SQL Server 2014 Management Objects (x64) (HKLM\...\{1F9EB3B6-AED7-4AA7-B8F1-8E314B74B2A5}) (Version: 12.0.2000.8 - Microsoft Corporation)
Microsoft SQL Server 2014 Transact-SQL ScriptDom (HKLM\...\{020CDFE0-C127-4047-B571-37C82396B662}) (Version: 12.0.2000.8 - Microsoft Corporation)
Microsoft SQL Server 2014 T-SQL Language Service (HKLM-x32\...\{47D08E7A-92A1-489B-B0BF-415516497BCE}) (Version: 12.0.2000.8 - Microsoft Corporation)
Microsoft SQL Server 2016 LocalDB (HKLM\...\{E359515A-92E6-4FA3-A2C9-E1BA02D8DE6E}) (Version: 13.0.1601.5 - Microsoft Corporation)
Microsoft SQL Server 2016 Management Objects (HKLM-x32\...\{0F1C8E2F-199A-4946-B3BF-0906DACFD032}) (Version: 13.0.1601.5 - Microsoft Corporation)
Microsoft SQL Server 2016 Management Objects (x64) (HKLM\...\{20EA85AA-2A1D-4F11-B09F-4BA2BF3C8989}) (Version: 13.0.1601.5 - Microsoft Corporation)
Microsoft SQL Server 2016 T-SQL Language Service (HKLM-x32\...\{8BFDE775-C5B8-46DB-84EF-43FFC8A2E8AD}) (Version: 13.0.14500.10 - Microsoft Corporation)
Microsoft SQL Server 2016 T-SQL ScriptDom (HKLM\...\{D091DE8C-EA0F-49AF-8DE3-BD6C79737C6E}) (Version: 13.0.1601.5 - Microsoft Corporation)
Microsoft SQL Server Compact 3.5 SP2 ENU (HKLM-x32\...\{3A9FC03D-C685-4831-94CF-4EDFD3749497}) (Version: 3.5.8080.0 - Microsoft Corporation)
Microsoft SQL Server Compact 3.5 SP2 x64 ENU (HKLM\...\{D4AD39AD-091E-4D33-BB2B-59F6FCB8ADC3}) (Version: 3.5.8080.0 - Microsoft Corporation)
Microsoft SQL Server Compact 4.0 SP1 x64 ENU (HKLM\...\{78909610-D229-459C-A936-25D92283D3FD}) (Version: 4.0.8876.1 - Microsoft Corporation)
Microsoft SQL Server Data Tools - enu (14.0.60519.0) (HKLM-x32\...\{4E27B0EF-7BAB-432A-AF3D-3FC8F3F7353F}) (Version: 14.0.60519.0 - Microsoft Corporation)
Microsoft SQL Server VSS Writer (HKLM\...\{0826F9E4-787E-481D-83E0-BC6A57B056D5}) (Version: 10.1.2531.0 - Microsoft Corporation)
Microsoft Sync Framework 2.1 Core Components (x86) ENU (HKLM-x32\...\{7AC8EF88-D996-4D47-B40C-4DD93E307481}) (Version: 2.1.1648.0 - Microsoft Corporation)
Microsoft Sync Framework 2.1 Database Providers (x86) ENU (HKLM-x32\...\{296E293F-C481-4DDE-9ED2-3F79FCF38731}) (Version: 3.1.1648.0 - Microsoft Corporation)
Microsoft System CLR Types for SQL Server 2014 (HKLM\...\{FC3BB979-AA54-4B60-BBA3-2C4DA6E08D80}) (Version: 12.0.2402.29 - Microsoft Corporation)
Microsoft System CLR Types for SQL Server 2014 (HKLM-x32\...\{091CE6AA-2753-4F6E-AD1C-0E875744EB54}) (Version: 12.0.2402.29 - Microsoft Corporation)
Microsoft System CLR Types for SQL Server 2016 (HKLM\...\{96EB5054-C775-4BEF-B7B9-AA96A295EDCD}) (Version: 13.0.1601.5 - Microsoft Corporation)
Microsoft System CLR Types for SQL Server 2016 (HKLM-x32\...\{84C23ECA-FE4D-494F-9247-3EBAD57E7F0C}) (Version: 13.0.1601.5 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022 (HKLM-x32\...\{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}) (Version: 9.0.21022 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010 x64 Runtime - 10.0.40219 (HKLM\...\{1C7C8AAF-A16D-32E8-89E5-F6D165DE0BCE}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010 x86 Runtime - 10.0.40219 (HKLM-x32\...\{5D9ED403-94DE-3BA0-B1D6-71F4BDA412E6}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.61030 (HKLM-x32\...\{ca67548a-5ebe-413a-b50c-4b9ceb6d66c6}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.61030 (HKLM-x32\...\{33d1fd90-4274-48a1-9bc1-97e33d9c2d6f}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x64) - 12.0.30501 (HKLM-x32\...\{050d4fc8-5d48-4b8f-8972-47c82c46020f}) (Version: 12.0.30501.0 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.30501 (HKLM-x32\...\{f65db027-aff3-4070-886a-0d87064aabb1}) (Version: 12.0.30501.0 - Microsoft Corporation)
Microsoft Visual C++ 2017 Redistributable (x64) - 14.10.25008 (HKLM-x32\...\{f1e7e313-06df-4c56-96a9-99fdfd149c51}) (Version: 14.10.25008.0 - Microsoft Corporation)
Microsoft Visual C++ 2017 Redistributable (x86) - 14.10.25008 (HKLM-x32\...\{c239cea1-d49e-4e16-8e87-8c055765f7ec}) (Version: 14.10.25008.0 - Microsoft Corporation)
Microsoft Visual Studio 2010 Express Prerequisites x64 - ENU (HKLM\...\{BCA26999-EC22-3007-BB79-638913079C9A}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual Studio 2010 Service Pack 1 (HKLM-x32\...\Microsoft Visual Studio 2010 Service Pack 1) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual Studio 2010 Tools for Office Runtime (x64) (HKLM\...\Microsoft Visual Studio 2010 Tools for Office Runtime (x64)) (Version: 10.0.50903 - Microsoft Corporation)
Microsoft Web Deploy 3.6 (HKLM\...\{94E1227C-08A9-4962-B388-1F05D89AEA75}) (Version: 3.1238.1962 - Microsoft Corporation)
Modem AC2726 UI (HKLM\...\ZTEWireless-101_is1) (Version: - )
MornaTK Installer (HKLM-x32\...\{BCD1C4AD-EB1A-40DF-A838-2AF8C45B5942}) (Version: 1.0 - MornaTales)
Movavi Video Converter 18 Premium (HKLM-x32\...\Movavi Video Converter 18 Premium) (Version: 18.3.0 - Movavi)
Movie Maker (HKLM-x32\...\{38F03569-A636-4CF3-BDDE-032C8C251304}) (Version: 16.4.3528.0331 - Microsoft Corporation) Hidden
Movie Maker (HKLM-x32\...\{DD67BE4B-7E62-4215-AFA3-F123A800A389}) (Version: 16.4.3528.0331 - Microsoft Corporation) Hidden
Mozilla Firefox 66.0.3 (x86 en-US) (HKLM-x32\...\Mozilla Firefox 66.0.3 (x86 en-US)) (Version: 66.0.3 - Mozilla)
Mozilla Maintenance Service (HKLM\...\MozillaMaintenanceService) (Version: 66.0.3 - Mozilla)
Mumble 1.2.19 (HKLM-x32\...\{F62A874F-2354-49B1-87BE-CAAD7C8FA084}) (Version: 1.2.19 - Thorvald Natvig)
MYOB AccountRight Plus v19.12.0 ED (HKLM-x32\...\{27D4F4A7-5A34-4657-9E78-D6B1E87C8A90}) (Version: 19.12.0 - MYOB Technology Pty Ltd) Hidden
MYOB AccountRight Plus v19.12.0 ED (HKLM-x32\...\InstallShield_{27D4F4A7-5A34-4657-9E78-D6B1E87C8A90}) (Version: 19.12.0 - MYOB Technology Pty Ltd)
MYOB ODBC Direct v10 AUS (HKLM-x32\...\{55D5A77E-FAAA-4358-B3E5-6565E024F78B}) (Version: 10.1.0 - MYOB Technology Pty Ltd) Hidden
MYOB ODBC Direct v10 AUS (HKLM-x32\...\InstallShield_{55D5A77E-FAAA-4358-B3E5-6565E024F78B}) (Version: 10.1.0 - MYOB Technology Pty Ltd)
MySQL Installer - Community (HKLM-x32\...\{4553E209-560C-451E-9DE9-E6B812D32B8C}) (Version: 1.4.8.0 - Oracle Corporation)
MySQL Server 5.0 (HKLM-x32\...\{2FEB25F8-C3CB-49A2-AE79-DE17FFAFB5D9}) (Version: 5.0.45 - MySQL AB)
MySQL Tools for 5.0 (HKLM-x32\...\{EC561602-C0B9-4FAA-A175-1B3273639AC3}) (Version: 5.0.12 - MySQL AB)
Notepad++ (32-bit x86) (HKLM-x32\...\Notepad++) (Version: 7.5.6 - Notepad++ Team)
NovaRO (HKLM-x32\...\NovaRO_is1) (Version: 6.0.0 - NovaRO)
Nox APP Player (HKLM-x32\...\Nox) (Version: 6.0.1.1 - Duodian Technology Co. Ltd.)
OBS Studio (HKLM-x32\...\OBS Studio) (Version: 21.1.2 - OBS Project)
OEM Application Profile (HKLM-x32\...\{70D5F822-F4C4-33D9-7EEC-2A4AF4EA7BDC}) (Version: 1.00.0000 - Advanced Micro Devices, Inc.) Hidden
Opera Stable 58.0.3135.127 (HKU\S-1-5-21-1925601759-1010797402-2804155008-1000\...\Opera 58.0.3135.127) (Version: 58.0.3135.127 - Opera Software)
Pingzapper version 2.1.2 (HKLM-x32\...\{7FD61982-5436-439B-B5D0-36F0536FF8BF}_is1) (Version: 2.1.2 - Pingzapper)
PlayNexia II (HKLM-x32\...\PlayNexia II) (Version: - )
PlaysTV (HKLM-x32\...\PlaysTV) (Version: 1.13.1-r115223-release - Plays.tv, LLC)
Pokémon World Online Uninstaller (HKLM-x32\...\{6B67E1A1-1D62-4BDC-8C60-07FDF25CA975}_is1) (Version: 1.97 - PWO Team)
Prerequisites for SSDT (HKLM-x32\...\{21373064-AD95-48DB-A32E-0D9E08EF7355}) (Version: 12.0.2000.8 - Microsoft Corporation)
Prerequisites for SSDT (HKLM-x32\...\{B7E94916-7AE6-4F7F-A377-7A410A42BA19}) (Version: 13.0.1601.5 - Microsoft Corporation)
PX Profile Update (HKLM-x32\...\{230C6C56-D930-2D7A-CF62-9BE26FAEE260}) (Version: 1.00.1. - AMD) Hidden
QuickTime 7 (HKLM-x32\...\{80CEEB1E-0A6C-45B9-A312-37A1D25FDEBC}) (Version: 7.78.80.95 - Apple Inc.)
Ragnarok Online (HKLM-x32\...\{181579B5-0028-4E01-AC27-97ED80352279}) (Version: 14.2.5 - Gravity Interactive, Inc.)
Raptr (HKLM-x32\...\Raptr) (Version: 5.1.1-r111306-release - Raptr, Inc)
Razer Game Booster (HKLM-x32\...\Razer Game Booster_is1) (Version: 4.1.59.0 - Razer Inc.)
Realtek Card Reader (HKLM-x32\...\{5BC2B5AB-80DE-4E83-B8CF-426902051D0A}) (Version: 6.2.9200.39052 - Realtek Semiconductor Corp.)
Realtek Ethernet Controller Driver (HKLM-x32\...\{8833FFB6-5B0C-4764-81AA-06DFEED9A476}) (Version: 7.75.827.2013 - Realtek)
Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.8186 - Realtek Semiconductor Corp.)
REALTEK Wireless LAN Driver (HKLM-x32\...\{9DAABC60-A5EF-41FF-B2B9-17329590CD5}) (Version: 1.30.0239 - REALTEK Semiconductor Corp.)
Roslyn Language Services - x86 (HKLM-x32\...\{6970C7E1-F99D-388D-8903-DF8FCE677FED}) (Version: 14.0.25431 - Microsoft Corporation) Hidden
Safari (HKLM-x32\...\{A08BAD08-9AA3-410F-98F3-C92C8EE37218}) (Version: 5.34.54.16 - Apple Inc.)
Service Pack 1 for SQL Server 2008 (KB968369) (64-bit) (HKLM\...\KB968369) (Version: 10.1.2531.0 - Microsoft Corporation)
Skype™ 7.26 (HKLM-x32\...\{FC965A47-4839-40CA-B618-18F486F042C6}) (Version: 7.26.101 - Skype Technologies S.A.)
Speccy (HKLM\...\Speccy) (Version: 1.31 - Piriform)
Spotify (HKU\S-1-5-21-1925601759-1010797402-2804155008-1000\...\Spotify) (Version: 1.0.70.388.g8e1ed5af - Spotify AB)
Sql Server Customer Experience Improvement Program (HKLM\...\{2F14965D-567B-4E59-ADEB-0A2CC1E3ADDF}) (Version: 10.1.2531.0 - Microsoft Corporation) Hidden
Team Explorer for Microsoft Visual Studio 2015 Update 3.1 (HKLM-x32\...\{7A95671A-759E-3B83-B763-4289D1D24D73}) (Version: 14.102.25619 - Microsoft) Hidden
TeamSpeak 3 Client (HKU\S-1-5-21-1925601759-1010797402-2804155008-1000\...\TeamSpeak 3 Client) (Version: 3.0.16 - TeamSpeak Systems GmbH)
TeamViewer 14 (HKLM-x32\...\TeamViewer) (Version: 14.2.8352 - TeamViewer)
TypeScript Tools for Microsoft Visual Studio 2015 (HKLM-x32\...\{BA5762C7-D35F-4725-A4BD-525854127018}) (Version: 1.8.36.0 - Microsoft Corporation) Hidden
Update for 2007 Microsoft Office System (KB967642) (HKLM-x32\...\{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{C444285D-5E4F-48A4-91DD-47AAAA68E92D}) (Version: - Microsoft)
Update for Windows 10 for x64-based Systems (KB4023057) (HKLM\...\{B2E25355-C24E-4E7D-8AD3-455D59810838}) (Version: 2.57.0.0 - Microsoft Corporation)
VC80CRTRedist - 8.0.50727.6195 (HKLM-x32\...\{933B4015-4618-4716-A828-5289FC03165F}) (Version: 1.2.0 - DivX, Inc) Hidden
Vegas Pro 12.0 (64-bit) (HKLM\...\{BD422D00-5232-11E3-A6F3-F04DA23A5C58}) (Version: 12.0.770 - Sony)
Vegas Pro 13.0 (64-bit) (HKLM-x32\...\Vegas Pro 13.0 (64-bit)) (Version: 13.0 (64-bit) - Exµs ™)
Visual Studio 2012 x64 Redistributables (HKLM\...\{8C775E70-A791-4DA8-BCC3-6AB7136F4484}) (Version: 14.0.0.1 - AVG Technologies)
Visual Studio 2012 x86 Redistributables (HKLM-x32\...\{98EFF19A-30AB-4E4B-B943-F06B1C63EBF8}) (Version: 14.0.0.1 - AVG Technologies CZ, s.r.o.)
VLC media player (HKLM-x32\...\VLC media player) (Version: 3.0.1 - VideoLAN)
Vulkan Run Time Libraries 1.0.26.0 (HKLM\...\VulkanRT1.0.26.0) (Version: 1.0.26.0 - LunarG, Inc.)
Vulkan Run Time Libraries 1.0.65.0 (HKLM\...\VulkanRT1.0.65.0) (Version: 1.0.65.0 - LunarG, Inc.) Hidden
Winamp (HKLM-x32\...\Winamp) (Version: 5.666 - Nullsoft, Inc)
Windows Driver Package - Lenovo (ACPIVPC) System (12/15/2011 7.1.0.1) (HKLM\...\99841829BE839365AA67B2AD0E50D371F59F8A1E) (Version: 12/15/2011 7.1.0.1 - Lenovo)
Windows Live Essentials (HKLM-x32\...\WinLiveSuite) (Version: 16.4.3528.0331 - Microsoft Corporation)
WinPcap 4.1.3 (HKLM-x32\...\WinPcapInst) (Version: 4.1.0.2980 - Riverbed Technology, Inc.)
WinRAR 5.70 (64-bit) (HKLM\...\WinRAR archiver) (Version: 5.70.0 - win.rar GmbH)
Wondershare Filmora(Build 8.7.0) (HKLM\...\Wondershare Filmora_is1) (Version: - Wondershare Software)
Wondershare Helper Compact 2.6.0 (HKLM-x32\...\{5363CE84-5F09-48A1-8B6C-6BB590FFEDF2}_is1) (Version: 2.6.0 - Wondershare)
Wondershare PDFelement 6 Pro(Build 6.8.6) (HKLM-x32\...\{B026557A-EF19-4812-8A79-B30F94AA0A78}_is1) (Version: 6.8.6.4121 - Wondershare Software Co.,Ltd.)
Wondershare Video Converter Ultimate(Build 10.3.0.178) (HKLM-x32\...\Video Converter Ultimate_is1) (Version: 10.3.0.178 - Wondershare Software)
World of Warcraft (HKLM-x32\...\World of Warcraft) (Version: - Blizzard Entertainment)
XAMPP (HKLM-x32\...\xampp) (Version: 7.1.1-0 - Bitnami)
Zoom (HKU\S-1-5-21-1925601759-1010797402-2804155008-1000\...\ZoomUMX) (Version: 4.1 - Zoom Video Communications, Inc.)

==================== Custom CLSID (Whitelisted): ==========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

CustomCLSID: HKU\S-1-5-21-1925601759-1010797402-2804155008-1000_Classes\CLSID\{00020420-0000-0000-C000-000000000046}\InprocServer32 -> C:\WINDOWS\system32\oleaut32.dll (Microsoft Windows -> Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-1925601759-1010797402-2804155008-1000_Classes\CLSID\{00020424-0000-0000-C000-000000000046}\InprocServer32 -> C:\WINDOWS\system32\oleaut32.dll (Microsoft Windows -> Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-1925601759-1010797402-2804155008-1000_Classes\CLSID\{E31EA727-12ED-4702-820C-4B6445F28E1A} -> [Dropbox] => C:\Users\Lenovo\Dropbox [2015-07-07 16:17]
CustomCLSID: HKU\S-1-5-21-1925601759-1010797402-2804155008-1000_Classes\CLSID\{f1d8036a-7f48-43e4-8045-dbcb4e742507}\InprocServer32 -> C:\WINDOWS\system32\dfshim.dll (Microsoft Windows -> Microsoft Corporation)
ShellExecuteHooks-x32: Groove GFS Stub Execution Hook - {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\Program Files (x86)\Microsoft Office\Office12\GrooveShellExtensions.dll [2217832 2009-02-26] (Microsoft Corporation -> Microsoft Corporation)
ShellIconOverlayIdentifiers: [ DropboxExt01] -> {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.19.0.dll [2018-03-15] (Dropbox, Inc -> Dropbox, Inc.)
ShellIconOverlayIdentifiers: [ DropboxExt02] -> {FB314EDF-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.19.0.dll [2018-03-15] (Dropbox, Inc -> Dropbox, Inc.)
ShellIconOverlayIdentifiers: [ DropboxExt03] -> {FB314EE1-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.19.0.dll [2018-03-15] (Dropbox, Inc -> Dropbox, Inc.)
ShellIconOverlayIdentifiers: [ DropboxExt04] -> {FB314EDB-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.19.0.dll [2018-03-15] (Dropbox, Inc -> Dropbox, Inc.)
ShellIconOverlayIdentifiers: [ DropboxExt05] -> {FB314EDA-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.19.0.dll [2018-03-15] (Dropbox, Inc -> Dropbox, Inc.)
ShellIconOverlayIdentifiers: [ DropboxExt06] -> {FB314EDC-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.19.0.dll [2018-03-15] (Dropbox, Inc -> Dropbox, Inc.)
ShellIconOverlayIdentifiers: [ DropboxExt07] -> {FB314EDD-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.19.0.dll [2018-03-15] (Dropbox, Inc -> Dropbox, Inc.)
ShellIconOverlayIdentifiers: [ DropboxExt08] -> {FB314EE0-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.19.0.dll [2018-03-15] (Dropbox, Inc -> Dropbox, Inc.)
ShellIconOverlayIdentifiers: [ DropboxExt09] -> {FB314EE2-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.19.0.dll [2018-03-15] (Dropbox, Inc -> Dropbox, Inc.)
ShellIconOverlayIdentifiers: [ DropboxExt10] -> {FB314EDE-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.19.0.dll [2018-03-15] (Dropbox, Inc -> Dropbox, Inc.)
ShellIconOverlayIdentifiers: [ OneDrive7] -> {C5FF006E-2AE9-408C-B85B-2DFDD5449D9C} => -> No File
ShellIconOverlayIdentifiers: [00asw] -> {472083B0-C522-11CF-8763-00608CC02F24} => -> No File
ShellIconOverlayIdentifiers: [00avg] -> {472083B0-C522-11CF-8763-00608CC02F24} => -> No File
ShellIconOverlayIdentifiers-x32: [ DropboxExt01] -> {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.19.0.dll [2018-03-15] (Dropbox, Inc -> Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [ DropboxExt02] -> {FB314EDF-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.19.0.dll [2018-03-15] (Dropbox, Inc -> Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [ DropboxExt03] -> {FB314EE1-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.19.0.dll [2018-03-15] (Dropbox, Inc -> Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [ DropboxExt04] -> {FB314EDB-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.19.0.dll [2018-03-15] (Dropbox, Inc -> Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [ DropboxExt05] -> {FB314EDA-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.19.0.dll [2018-03-15] (Dropbox, Inc -> Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [ DropboxExt06] -> {FB314EDC-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.19.0.dll [2018-03-15] (Dropbox, Inc -> Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [ DropboxExt07] -> {FB314EDD-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.19.0.dll [2018-03-15] (Dropbox, Inc -> Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [ DropboxExt08] -> {FB314EE0-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.19.0.dll [2018-03-15] (Dropbox, Inc -> Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [ DropboxExt09] -> {FB314EE2-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.19.0.dll [2018-03-15] (Dropbox, Inc -> Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [ DropboxExt10] -> {FB314EDE-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.19.0.dll [2018-03-15] (Dropbox, Inc -> Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [ OneDrive7] -> {C5FF006E-2AE9-408C-B85B-2DFDD5449D9C} => -> No File
ContextMenuHandlers1: [ANotepad++64] -> {B298D29A-A6ED-11DE-BA8C-A68E55D89593} => C:\Program Files (x86)\Notepad++\NppShell_06.dll [2018-03-19] (Notepad++ -> )
ContextMenuHandlers1: [DropboxExt] -> {ECD97DE5-3C8F-4ACB-AEEE-CCAB78F7711C} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.19.0.dll [2018-03-15] (Dropbox, Inc -> Dropbox, Inc.)
ContextMenuHandlers1: [IObitUnstaler] -> {836AB26C-2DE4-41D3-AC24-4C6C2699B960} => C:\Program Files (x86)\IObit\IObit Uninstaller\IUMenuRight.dll [2018-07-21] (IObit Information Technology -> IObit)
ContextMenuHandlers1: [SD360] -> {086F171D-5ED1-4ED2-B736-CFF3AD6A128E} => C:\Program Files (x86)\360\Total Security\MenuEx64.dll [2018-09-28] (QIHU 360 SOFTWARE CO. LIMITED -> )
ContextMenuHandlers1: [WinRAR] -> {B41DB860-64E4-11D2-9906-E49FADC173CA} => D:\Program Files\WinRAR\rarext.dll [2019-02-25] (win.rar GmbH -> Alexander Roshal)
ContextMenuHandlers1-x32: [WinRAR32] -> {B41DB860-8EE4-11D2-9906-E49FADC173CA} => D:\Program Files\WinRAR\rarext32.dll [2019-02-25] (win.rar GmbH -> Alexander Roshal)
ContextMenuHandlers3: [MBAMShlExt] -> {57CE581A-0CB6-4266-9CA0-19364C90A0B3} => C:\Program Files\Malwarebytes\Anti-Malware\mbshlext.dll [2018-03-03] (Malwarebytes Corporation -> Malwarebytes)
ContextMenuHandlers4: [DropboxExt] -> {ECD97DE5-3C8F-4ACB-AEEE-CCAB78F7711C} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.19.0.dll [2018-03-15] (Dropbox, Inc -> Dropbox, Inc.)
ContextMenuHandlers4: [IObitUnstaler] -> {836AB26C-2DE4-41D3-AC24-4C6C2699B960} => C:\Program Files (x86)\IObit\IObit Uninstaller\IUMenuRight.dll [2018-07-21] (IObit Information Technology -> IObit)
ContextMenuHandlers4: [SD360] -> {086F171D-5ED1-4ED2-B736-CFF3AD6A128E} => C:\Program Files (x86)\360\Total Security\MenuEx64.dll [2018-09-28] (QIHU 360 SOFTWARE CO. LIMITED -> )
ContextMenuHandlers5: [ACE] -> {5E2121EE-0300-11D4-8D3B-444553540000} => C:\Program Files\AMD\CNext\CNext\atiacm64.dll [2016-06-28] (Advanced Micro Devices, Inc. -> Advanced Micro Devices, Inc.)
ContextMenuHandlers5: [DropboxExt] -> {ECD97DE5-3C8F-4ACB-AEEE-CCAB78F7711C} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.19.0.dll [2018-03-15] (Dropbox, Inc -> Dropbox, Inc.)
ContextMenuHandlers5: [Gadgets] -> {6B9228DA-9C15-419e-856C-19E768A13BDC} => -> No File
ContextMenuHandlers5: [igfxcui] -> {3AB1675A-CCFF-11D2-8B20-00A0C93CB1F4} => -> No File
ContextMenuHandlers5: [igfxDTCM] -> {9B5F5829-A529-4B12-814A-E81BCB8D93FC} => C:\WINDOWS\system32\igfxDTCM.dll [2017-06-12] (Microsoft Windows Hardware Compatibility Publisher -> Intel Corporation)
ContextMenuHandlers6: [IObitUnstaler] -> {836AB26C-2DE4-41D3-AC24-4C6C2699B960} => C:\Program Files (x86)\IObit\IObit Uninstaller\IUMenuRight.dll [2018-07-21] (IObit Information Technology -> IObit)
ContextMenuHandlers6: [MBAMShlExt] -> {57CE581A-0CB6-4266-9CA0-19364C90A0B3} => C:\Program Files\Malwarebytes\Anti-Malware\mbshlext.dll [2018-03-03] (Malwarebytes Corporation -> Malwarebytes)
ContextMenuHandlers6: [SD360] -> {086F171D-5ED1-4ED2-B736-CFF3AD6A128E} => C:\Program Files (x86)\360\Total Security\MenuEx64.dll [2018-09-28] (QIHU 360 SOFTWARE CO. LIMITED -> )
ContextMenuHandlers6: [WinRAR] -> {B41DB860-64E4-11D2-9906-E49FADC173CA} => D:\Program Files\WinRAR\rarext.dll [2019-02-25] (win.rar GmbH -> Alexander Roshal)
ContextMenuHandlers6-x32: [WinRAR32] -> {B41DB860-8EE4-11D2-9906-E49FADC173CA} => D:\Program Files\WinRAR\rarext32.dll [2019-02-25] (win.rar GmbH -> Alexander Roshal)

==================== Scheduled Tasks (Whitelisted) =============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

Task: {012A6F59-87D6-44E0-A91E-4191C44105EE} - System32\Tasks\Microsoft\Windows\Media Center\PvrRecoveryTask => C:\WINDOWS\ehome\mcupdate.exe
Task: {02E9EE88-8B2A-45A8-B237-293AF930C0D8} - System32\Tasks\CCleanerSkipUAC => C:\Program Files\CCleaner\CCleaner.exe (Piriform Ltd -> Piriform Ltd)
Task: {06B7B6A5-89CC-4D81-B982-3F531F29F6A9} - System32\Tasks\Avast Emergency Update => C:\Program Files\AVAST Software\Avast\AvEmUpdate.exe (AVAST Software s.r.o. -> AVAST Software)
Task: {07375CF8-C1FF-492B-8278-0396D0245D6F} - System32\Tasks\DropboxUpdateTaskMachineCore1d1719f65cee02e => C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe (Dropbox, Inc -> Dropbox, Inc.)
Task: {08DE182E-4B30-4A1E-B2FD-C6EB7895D4FF} - \0915tbUpdateInfo -> No File <==== ATTENTION
Task: {0F9B47A5-A3A5-4CC4-9CF4-6FCF47A1FB9F} - System32\Tasks\Microsoft\Windows\Media Center\ActivateWindowsSearch => C:\WINDOWS\ehome\ehPrivJob.exe
Task: {115F90B7-1231-4FF1-AB5B-92FEF3694B20} - System32\Tasks\Driver Easy Scheduled Scan => C:\Program Files\Easeware\DriverEasy\DriverEasy.exe (Easeware Technology Limited -> Easeware)
Task: {159448A5-F558-4572-8A16-6E303989186A} - System32\Tasks\Microsoft\Windows\Media Center\OCURActivate => C:\WINDOWS\ehome\ehPrivJob.exe
Task: {19946D02-33AE-4E60-81DF-5092DEB8F277} - System32\Tasks\Microsoft\VisualStudio\VSIX Auto Update 14 => D:\Program Files (x86)\Microsoft Visual Studio 14.0\Common7\IDE\VSIXAutoUpdate.exe
Task: {1AE784A5-A8C1-469D-ACDC-69A2BD7FEE8A} - System32\Tasks\DropboxUpdateTaskMachineUA1d1719f66008e5b => C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe (Dropbox, Inc -> Dropbox, Inc.)
Task: {1C48C1BE-378A-4BD4-9CBC-1EE169FA27A9} - \FreeDownloadManagerNetworkMonitor -> No File <==== ATTENTION
Task: {1DA9B645-13DA-4059-A3CB-D56C3971092C} - System32\Tasks\Microsoft\Windows\Media Center\ObjectStoreRecoveryTask => C:\WINDOWS\ehome\mcupdate.exe
Task: {21BE9597-704B-4669-B98E-367AC00D234B} - System32\Tasks\Microsoft\Windows\Media Center\PBDADiscoveryW1 => C:\WINDOWS\ehome\ehPrivJob.exe
Task: {24672617-0A93-4BB5-8559-4012CEDFDF08} - System32\Tasks\{61E32EBD-8E77-4D1B-9D4E-DFB440A9AB05} => C:\Windows\system32\pcalua.exe -a "D:\game\Gravity\openkore\Ragnarok Online\Setup.exe" -d "D:\game\Gravity\openkore\Ragnarok Online"
Task: {25C72C5E-A5A2-4F4B-BD37-3E4477093B5A} - System32\Tasks\Microsoft\Windows\Media Center\SqlLiteRecoveryTask => C:\WINDOWS\ehome\mcupdate.exe
Task: {297450E0-6ABB-427D-BB1C-BB2872268E11} - System32\Tasks\Microsoft\Windows\Media Center\MediaCenterRecoveryTask => C:\WINDOWS\ehome\mcupdate.exe
Task: {31709D69-4FCE-4D4D-821C-94E1E6D6B831} - System32\Tasks\Microsoft\Windows\Media Center\DispatchRecoveryTasks => C:\WINDOWS\ehome\ehPrivJob.exe
Task: {36512371-A906-4CBA-8D6E-CCCA8F25E12E} - System32\Tasks\IntelSURQC-Upgrade-86621605-2a0b-4128-8ffc-15514c247132-Logon => C:\Program Files\Intel\SUR\QUEENCREEK\Updater\bin\IntelSoftwareAssetManagerService.exe (Intel(R) Software Asset Manager -> Intel Corporation)
Task: {3BB917BA-28B7-4433-B3E7-7EFBADC9BF05} - System32\Tasks\Avast Software\Overseer => C:\Program Files\Common Files\AVAST Software\Overseer\overseer.exe (AVAST Software s.r.o. -> AVAST Software)
Task: {3BB99F43-80C7-4010-9269-058CFC43E873} - System32\Tasks\Microsoft\Windows\Media Center\OCURDiscovery => C:\WINDOWS\ehome\ehPrivJob.exe
Task: {3C199C18-45CD-429D-B193-E25CBD0D0253} - System32\Tasks\Microsoft\Windows\Media Center\mcupdate_scheduled => C:\WINDOWS\ehome\mcupdate.exe
Task: {4B4D8E7B-0A5F-40FC-BBCD-29A82DE55E1E} - \AVG-SSU_0117avz_DELETE -> No File <==== ATTENTION
Task: {4D4F0449-FE30-4BDD-871D-BC436EDB0421} - System32\Tasks\Microsoft\Windows\Media Center\ConfigureInternetTimeService => C:\WINDOWS\ehome\ehPrivJob.exe
Task: {508A340E-5F91-492E-ABB0-B98532F80480} - System32\Tasks\USER_ESRV_SVC_QUEENCREEK => "C:\WINDOWS\System32\Wscript.exe" //B //NoLogo "C:\Program Files\Intel\SUR\QUEENCREEK\task.vbs"
Task: {522525D9-3E35-4CED-9B07-86DCF48846B4} - System32\Tasks\S-1-5-21-1925601759-1010797402-2804155008-1000\DataSenseLiveTileTask => C:\WINDOWS\System32\DataUsageLiveTileTask.exe (Microsoft Windows -> Microsoft Corporation)
Task: {547C6C01-5708-4D14-AA13-ACA0C447A4A6} - System32\Tasks\StartCN => C:\Program Files\AMD\CNext\CNext\cncmd.exe (Advanced Micro Devices, Inc. -> Advanced Micro Devices, Inc.)
Task: {57DFC5D9-A460-4BFF-B8E3-7B32AFB8CF85} - System32\Tasks\CommView for WiFi Update => C:\Program Files (x86)\CommViewWiFi\Updater.exe
Task: {5A1FB4EE-EE0E-4270-9E75-684F0AF09C07} - System32\Tasks\Microsoft\Windows\Media Center\ehDRMInit => C:\WINDOWS\ehome\ehPrivJob.exe
Task: {621144B0-DE22-4BA5-8091-E7C4827BEF4F} - System32\Tasks\Microsoft\Windows\Media Center\RecordingRestart => C:\WINDOWS\ehome\ehrec.exe
Task: {67DA1BE8-90A4-4CF2-A274-8747F431E302} - System32\Tasks\Microsoft\Windows\Media Center\RegisterSearch => C:\WINDOWS\ehome\ehPrivJob.exe
Task: {728F5E94-6E39-4D9D-BDDF-15FE8F3796DB} - \cFos\Registration Tasks\Open Browser -> No File <==== ATTENTION
Task: {754E8E88-D223-42F3-9481-B9A6C2933CF3} - \Microsoft\Windows\UNP\RunCampaignManager -> No File <==== ATTENTION
Task: {789B54F6-B496-4419-97FF-B9199F07696D} - System32\Tasks\Apple\AppleSoftwareUpdate => C:\Program Files (x86)\Apple Software Update\SoftwareUpdate.exe (Apple Inc. -> Apple Inc.)
Task: {807DE444-D371-423B-899D-8236EA7A416B} - System32\Tasks\Uninstaller_SkipUac_Lenovo => C:\Program Files (x86)\IObit\IObit Uninstaller\IObitUninstaler.exe (IObit Information Technology -> IObit)
Task: {909165E7-58B7-40A8-BAD4-06369AE44715} - System32\Tasks\Microsoft\Windows\Flighting\FeatureConfig\ReconcileFeatures
Task: {9C7FF83C-4028-4C31-9DA7-4814BF4DD82A} - System32\Tasks\Microsoft\Windows\Media Center\ReindexSearchRoot => C:\WINDOWS\ehome\ehPrivJob.exe
Task: {9EA7EA19-87D5-4A05-90A2-77FAC5CAFED8} - System32\Tasks\CCleaner Update => C:\Program Files\CCleaner\CCUpdate.exe (Piriform Ltd -> Piriform Ltd)
Task: {A1E768A1-C621-44E3-9D8D-0B31A7AA6480} - System32\Tasks\Intel\Intel Telemetry 2 => C:\Program Files\Intel\Telemetry 2.0\lrio.exe (Intel(R) Software -> Intel Corporation)
Task: {A2BC51F7-A5A5-4583-BCFC-07D102EFC8B5} - System32\Tasks\McAfee Remediation (Prepare) => C:\Program Files\Common Files\AV\McAfee VirusScan\upgrade.exe (McAfee, Inc. -> McAfee, Inc.)
Task: {A3F7EA55-63E8-472B-BD18-E4C82C33D682} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe (Adobe Systems Incorporated -> Adobe Systems Incorporated)
Task: {A65C2727-BF46-4882-A619-716BB2E10EE3} - System32\Tasks\Microsoft\Windows\Media Center\PeriodicScanRetry => C:\WINDOWS\ehome\MCUpdate.exe
Task: {A9744BF1-B3BE-485E-8CED-C8A112DB42C9} - System32\Tasks\Microsoft\Windows\Media Center\PBDADiscoveryW2 => C:\WINDOWS\ehome\ehPrivJob.exe
Task: {B170E593-7A4A-42ED-8E5E-FE91C524223A} - System32\Tasks\Adobe Flash Player PPAPI Notifier => C:\WINDOWS\SysWOW64\Macromed\Flash\FlashUtil32_29_0_0_113_pepper.exe (Adobe Systems Incorporated -> Adobe Systems Incorporated)
Task: {B79C1E15-BBAE-4901-8144-CA6499E7F7BD} - System32\Tasks\Microsoft\Windows\Media Center\PBDADiscovery => C:\WINDOWS\ehome\ehPrivJob.exe
Task: {BAB0F865-1900-4889-B5E2-E00F083B9AC6} - System32\Tasks\Opera scheduled assistant Autoupdate 1550324909 => C:\Users\Lenovo\AppData\Local\Programs\Opera\launcher.exe (Opera Software AS -> Opera Software)
Task: {C14A101B-90DF-4EA6-814A-49BE72CAD1BA} - \AVG-SSU_0117avz -> No File <==== ATTENTION
Task: {C35EAC49-C654-4AD2-A8E0-13BB4B538500} - System32\Tasks\Microsoft\Windows\Media Center\mcupdate => C:\WINDOWS\ehome\mcupdate.exe
Task: {CB120083-D139-490E-ABC1-9711116BDE86} - System32\Tasks\Adobe Flash Player NPAPI Notifier => C:\WINDOWS\SysWOW64\Macromed\Flash\FlashUtil32_29_0_0_113_Plugin.exe (Adobe Systems Incorporated -> Adobe Systems Incorporated)
Task: {CC790BC5-5E2E-431D-96D7-38992A378467} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe (Google Inc -> Google Inc.)
Task: {D841F08B-9CC5-4DE4-8780-B48A4D247CC3} - System32\Tasks\Microsoft\Windows\Media Center\InstallPlayReady => C:\WINDOWS\ehome\ehPrivJob.exe
Task: {DA3CD105-1C40-4F31-B596-534277F311B7} - System32\Tasks\Microsoft\Windows\Media Center\StartRecording => C:\WINDOWS\ehome\ehrec.exe
Task: {DC97CD24-99CA-4409-AA44-E0B8E9790D31} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe (Google Inc -> Google Inc.)
Task: {DEBAD4D3-2F39-4C63-9561-762021145015} - System32\Tasks\MySQL\Installer\ManifestUpdate => C:\Program Files (x86)\MySQL\MySQL Installer for Windows\MySQLInstallerConsole.exe
Task: {ECF63DBD-0D24-4258-861D-7F5BDFA4C73D} - System32\Tasks\Microsoft\Windows\Media Center\PvrScheduleTask => C:\WINDOWS\ehome\mcupdate.exe
Task: {F73979B7-3B5E-4FBF-AF56-473DC86B90CE} - System32\Tasks\Opera scheduled Autoupdate 1521719234 => C:\Users\Lenovo\AppData\Local\Programs\Opera\launcher.exe (Opera Software AS -> Opera Software)
Task: {F8A429FB-D075-49EE-91B6-D247866AD4A6} - System32\Tasks\IntelSURQC-Upgrade-86621605-2a0b-4128-8ffc-15514c247132 => C:\Program Files\Intel\SUR\QUEENCREEK\Updater\bin\IntelSoftwareAssetManagerService.exe (Intel(R) Software Asset Manager -> Intel Corporation)
Task: {FEB657CD-087C-4664-B5E8-D03BBC23E1CF} - System32\Tasks\Microsoft\Windows\Media Center\UpdateRecordPath => C:\WINDOWS\ehome\ehPrivJob.exe

(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)

Task: C:\WINDOWS\Tasks\Driver Easy Scheduled Scan.job => C:\Program Files\Easeware\DriverEasy\DriverEasy.exe
Task: C:\WINDOWS\Tasks\DropboxUpdateTaskMachineCore1d1719f65cee02e.job => C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe
Task: C:\WINDOWS\Tasks\DropboxUpdateTaskMachineUA1d1719f66008e5b.job => C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe
Task: C:\WINDOWS\Tasks\Synaptics TouchPad Enhancements.job => C:\Program Files\Synaptics\SynTP\SynTPEnh.exe

==================== Shortcuts & WMI ========================

(The entries could be listed to be restored or removed.)


ShortcutWithArgument: C:\Users\Lenovo\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\ImplicitAppShortcuts\69639df789022856\Google Chrome.lnk -> C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) -> --profile-directory="Profile 1"

==================== Loaded Modules (Whitelisted) ==============

2018-12-18 14:31 - 2017-10-19 09:17 - 000271360 _____ (Wondershare Software) [File not signed] C:\WINDOWS\System32\WSPDFelementMonitor.dll
2013-08-27 17:32 - 2013-08-27 17:32 - 000747520 _____ (Intel(R) Corporation) [File not signed] C:\Program Files\Intel\iCLS Client\HeciServer.exe
2007-07-06 12:14 - 2007-07-06 12:14 - 005730304 _____ () [File not signed] C:\Program Files (x86)\MySQL\MySQL Server 5.0\bin\mysqld-nt.exe
2018-03-22 23:25 - 2018-01-31 13:39 - 001656832 _____ (Igor Pavlov) [File not signed] C:\PROGRAM FILES\MALWAREBYTES\ANTI-MALWARE\7z.dll
2016-06-28 21:38 - 2016-06-28 21:38 - 000138752 _____ () [File not signed] C:\Program Files\ATI Technologies\ATI.ACE\A4\AdaptiveSleepService.exe
2018-01-31 17:49 - 2018-01-31 17:49 - 000009216 _____ () [File not signed] C:\Program Files (x86)\AMD\Performance Profile Client\AUEPLauncher.exe
2018-01-31 17:49 - 2018-01-31 17:49 - 000077312 _____ () [File not signed] C:\Program Files (x86)\AMD\Performance Profile Client\AUEPMaster.exe
2018-01-31 17:49 - 2018-01-31 17:49 - 000011264 _____ () [File not signed] C:\Program Files (x86)\AMD\Performance Profile Client\AUEPUF.exe
2018-01-31 17:49 - 2018-01-31 17:49 - 000060928 _____ () [File not signed] C:\Program Files (x86)\AMD\Performance Profile Client\AUEPDU.exe
2015-11-25 06:49 - 2015-11-25 06:49 - 002257408 _____ (ActiveState Software Inc) [File not signed] C:\Program Files (x86)\Raptr Inc\PlaysTV\python26.dll
2015-11-25 06:48 - 2015-11-25 06:48 - 000028160 _____ () [File not signed] C:\Program Files (x86)\Raptr Inc\PlaysTV\servicemanager.pyd
2015-11-25 06:46 - 2015-11-25 06:46 - 000110592 _____ () [File not signed] C:\Program Files (x86)\Raptr Inc\PlaysTV\pywintypes26.dll
2015-11-25 06:48 - 2015-11-25 06:48 - 000041472 _____ () [File not signed] C:\Program Files (x86)\Raptr Inc\PlaysTV\win32service.pyd
2015-11-25 06:48 - 2015-11-25 06:48 - 000096256 _____ () [File not signed] C:\Program Files (x86)\Raptr Inc\PlaysTV\win32api.pyd
2015-11-25 06:43 - 2015-11-25 06:43 - 000356864 _____ () [File not signed] C:\Program Files (x86)\Raptr Inc\PlaysTV\_hashlib.pyd
2015-11-25 06:48 - 2015-11-25 06:48 - 000017920 _____ () [File not signed] C:\Program Files (x86)\Raptr Inc\PlaysTV\win32event.pyd
2015-11-25 06:48 - 2015-11-25 06:48 - 000019968 _____ () [File not signed] C:\Program Files (x86)\Raptr Inc\PlaysTV\win32evtlog.pyd
2015-11-25 06:48 - 2015-11-25 06:48 - 000036352 _____ () [File not signed] C:\Program Files (x86)\Raptr Inc\PlaysTV\win32process.pyd
2015-11-25 06:43 - 2015-11-25 06:43 - 000043008 _____ () [File not signed] C:\Program Files (x86)\Raptr Inc\PlaysTV\_socket.pyd
2015-11-25 06:43 - 2015-11-25 06:43 - 000805376 _____ () [File not signed] C:\Program Files (x86)\Raptr Inc\PlaysTV\_ssl.pyd
2015-11-25 06:43 - 2015-11-25 06:43 - 000087040 _____ () [File not signed] C:\Program Files (x86)\Raptr Inc\PlaysTV\_ctypes.pyd
2015-11-25 06:46 - 2015-11-25 06:46 - 000354304 _____ () [File not signed] C:\Program Files (x86)\Raptr Inc\PlaysTV\pythoncom26.dll
2015-11-25 06:48 - 2015-11-25 06:48 - 000167936 _____ () [File not signed] C:\Program Files (x86)\Raptr Inc\PlaysTV\win32gui.pyd
2015-11-25 06:47 - 2015-11-25 06:47 - 001980928 _____ () [File not signed] C:\Program Files (x86)\Raptr Inc\PlaysTV\PyQt5.QtGui.pyd
2015-11-25 07:02 - 2015-11-25 07:02 - 004604416 _____ (Digia Plc and/or its subsidiary(-ies)) [File not signed] C:\Program Files (x86)\Raptr Inc\PlaysTV\Qt5Gui.dll
2015-11-25 07:01 - 2015-11-25 07:01 - 004088320 _____ (Digia Plc and/or its subsidiary(-ies)) [File not signed] C:\Program Files (x86)\Raptr Inc\PlaysTV\Qt5Core.dll
2015-11-25 07:01 - 2015-11-25 07:01 - 001961472 _____ (The ICU Project) [File not signed] C:\Program Files (x86)\Raptr Inc\PlaysTV\icuin53.dll
2015-11-25 07:02 - 2015-11-25 07:02 - 001316352 _____ (The ICU Project) [File not signed] C:\Program Files (x86)\Raptr Inc\PlaysTV\icuuc53.dll
2015-11-25 07:01 - 2015-11-25 07:01 - 021529088 _____ (The ICU Project) [File not signed] C:\Program Files (x86)\Raptr Inc\PlaysTV\icudt53.dll
2015-12-08 06:57 - 2015-12-08 06:57 - 000077824 _____ () [File not signed] C:\Program Files (x86)\Raptr Inc\PlaysTV\sip.pyd
2015-11-25 06:47 - 2015-11-25 06:47 - 001862144 _____ () [File not signed] C:\Program Files (x86)\Raptr Inc\PlaysTV\PyQt5.QtCore.pyd
2015-11-25 06:47 - 2015-11-25 06:47 - 000516608 _____ () [File not signed] C:\Program Files (x86)\Raptr Inc\PlaysTV\PyQt5.QtNetwork.pyd
2015-11-25 07:02 - 2015-11-25 07:02 - 000839680 _____ (Digia Plc and/or its subsidiary(-ies)) [File not signed] C:\Program Files (x86)\Raptr Inc\PlaysTV\Qt5Network.dll
2015-11-25 06:47 - 2015-11-25 06:47 - 004060160 _____ () [File not signed] C:\Program Files (x86)\Raptr Inc\PlaysTV\PyQt5.QtWidgets.pyd
2015-11-25 07:01 - 2015-11-25 07:01 - 004468736 _____ (Digia Plc and/or its subsidiary(-ies)) [File not signed] C:\Program Files (x86)\Raptr Inc\PlaysTV\Qt5Widgets.dll
2015-11-25 06:43 - 2015-11-25 06:43 - 000010240 _____ () [File not signed] C:\Program Files (x86)\Raptr Inc\PlaysTV\select.pyd
2018-03-22 23:24 - 2018-01-18 15:20 - 002570752 _____ (The Qt Company Ltd) [File not signed] C:\Program Files\Malwarebytes\Anti-Malware\Qt5Quick.dll
2018-03-22 23:24 - 2018-01-18 15:24 - 000206336 _____ (The Qt Company Ltd) [File not signed] C:\Program Files\Malwarebytes\Anti-Malware\Qt5WinExtras.dll
2018-03-22 23:24 - 2018-01-18 15:14 - 004482048 _____ (The Qt Company Ltd) [File not signed] C:\Program Files\Malwarebytes\Anti-Malware\Qt5Widgets.dll
2018-03-22 23:24 - 2018-01-18 15:12 - 005100032 _____ (The Qt Company Ltd) [File not signed] C:\Program Files\Malwarebytes\Anti-Malware\Qt5Gui.dll
2018-03-22 23:24 - 2018-01-18 15:10 - 002012672 _____ (The Qt Company Ltd) [File not signed] C:\Program Files\Malwarebytes\Anti-Malware\Qt5Network.dll
2018-03-22 23:24 - 2018-02-22 13:58 - 004809728 _____ (The Qt Company Ltd) [File not signed] C:\Program Files\Malwarebytes\Anti-Malware\Qt5Core.dll
2018-03-22 23:24 - 2018-01-18 15:18 - 002522112 _____ (The Qt Company Ltd) [File not signed] C:\Program Files\Malwarebytes\Anti-Malware\Qt5Qml.dll
2018-03-22 23:24 - 2018-01-18 15:15 - 000993792 _____ (The Qt Company Ltd) [File not signed] C:\Program Files\Malwarebytes\Anti-Malware\platforms\qwindows.dll
2018-03-22 23:24 - 2018-01-18 15:15 - 000024576 _____ (The Qt Company Ltd) [File not signed] C:\Program Files\Malwarebytes\Anti-Malware\imageformats\qgif.dll
2018-03-22 23:24 - 2018-01-18 15:16 - 000031232 _____ (The Qt Company Ltd) [File not signed] C:\Program Files\Malwarebytes\Anti-Malware\imageformats\qicns.dll
2018-03-22 23:24 - 2018-01-18 15:15 - 000025088 _____ (The Qt Company Ltd) [File not signed] C:\Program Files\Malwarebytes\Anti-Malware\imageformats\qico.dll
2018-03-22 23:24 - 2018-01-18 15:15 - 000242688 _____ (The Qt Company Ltd) [File not signed] C:\Program Files\Malwarebytes\Anti-Malware\imageformats\qjpeg.dll
2018-03-22 23:24 - 2018-01-18 15:16 - 000019968 _____ (The Qt Company Ltd) [File not signed] C:\Program Files\Malwarebytes\Anti-Malware\imageformats\qsvg.dll
2018-03-22 23:24 - 2018-01-18 15:16 - 000247808 _____ (The Qt Company Ltd) [File not signed] C:\Program Files\Malwarebytes\Anti-Malware\Qt5Svg.dll
2018-03-22 23:24 - 2018-01-18 15:16 - 000018944 _____ (The Qt Company Ltd) [File not signed] C:\Program Files\Malwarebytes\Anti-Malware\imageformats\qtga.dll
2018-03-22 23:24 - 2018-01-18 15:16 - 000318976 _____ (The Qt Company Ltd) [File not signed] C:\Program Files\Malwarebytes\Anti-Malware\imageformats\qtiff.dll
2018-03-22 23:24 - 2018-01-18 15:16 - 000017920 _____ (The Qt Company Ltd) [File not signed] C:\Program Files\Malwarebytes\Anti-Malware\imageformats\qwbmp.dll
2018-03-22 23:24 - 2018-01-18 15:16 - 000328704 _____ (The Qt Company Ltd) [File not signed] C:\Program Files\Malwarebytes\Anti-Malware\imageformats\qwebp.dll
2018-03-22 23:24 - 2018-01-18 15:22 - 000013824 _____ (The Qt Company Ltd) [File not signed] C:\Program Files\Malwarebytes\Anti-Malware\QtQuick.2\qtquick2plugin.dll
2018-03-22 23:24 - 2018-01-18 15:27 - 000698368 _____ (The Qt Company Ltd) [File not signed] C:\Program Files\Malwarebytes\Anti-Malware\QtQuick\Controls\qtquickcontrolsplugin.dll
2018-03-22 23:24 - 2018-01-18 15:26 - 000069632 _____ (The Qt Company Ltd) [File not signed] C:\Program Files\Malwarebytes\Anti-Malware\QtQuick\Layouts\qquicklayoutsplugin.dll
2018-03-22 23:24 - 2018-01-18 15:27 - 000173056 _____ (The Qt Company Ltd) [File not signed] C:\Program Files\Malwarebytes\Anti-Malware\QtQuick\Dialogs\dialogplugin.dll
2018-03-22 23:24 - 2018-01-18 15:22 - 000013312 _____ (The Qt Company Ltd) [File not signed] C:\Program Files\Malwarebytes\Anti-Malware\QtQuick\Window.2\windowplugin.dll
2018-03-22 23:24 - 2018-01-18 15:22 - 000013312 _____ (The Qt Company Ltd) [File not signed] C:\Program Files\Malwarebytes\Anti-Malware\QtQml\Models.2\modelsplugin.dll
2018-03-22 23:24 - 2018-01-18 15:27 - 000097280 _____ (The Qt Company Ltd) [File not signed] C:\Program Files\Malwarebytes\Anti-Malware\QtQuick\PrivateWidgets\widgetsplugin.dll
2013-11-21 11:31 - 2013-11-21 11:31 - 000286720 _____ (Intel Corporation) [File not signed] C:\Program Files\Intel\Intel(R) Rapid Storage Technology\PsiData.dll
2013-11-21 11:31 - 2013-11-21 11:31 - 000499200 _____ (Intel Corporation) [File not signed] C:\Program Files\Intel\Intel(R) Rapid Storage Technology\ISDI2.dll
2018-05-26 17:16 - 2018-05-26 17:16 - 000097280 _____ (Microsoft Corporation) [File not signed] C:\WINDOWS\WinSxS\x86_microsoft.vc80.atl_1fc8b3b9a1e18e3b_8.0.50727.6195_none_d1cb102c435421de\ATL80.DLL

==================== Alternate Data Streams (Whitelisted) =========

(If an entry is included in the fixlist, only the ADS will be removed.)

AlternateDataStreams: C:\ProgramData\Temp:56E2E879 [135]

==================== Safe Mode (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)


==================== Association (Whitelisted) ===============

(If an entry is included in the fixlist, the registry item will be restored to default or removed.)


==================== Internet Explorer trusted/restricted ===============

(If an entry is included in the fixlist, it will be removed from the registry.)


==================== Hosts content: ==========================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2016-11-15 03:41 - 2018-03-22 23:07 - 000001595 _____ C:\WINDOWS\system32\drivers\etc\hosts

127.0.0.1 bandicam.com
127.0.0.1 ssl.bandisoft.com
127.0.0.1 localhost
127.0.0.1 tonec.com
127.0.0.1 www.tonec.com
127.0.0.1 registeridm.com
127.0.0.1 www.registeridm.com
127.0.0.1 secure.registeridm.com
127.0.0.1 internetdownloadmanager.com
127.0.0.1 www.internetdownloadmanager.com
127.0.0.1 secure.internetdownloadmanager.com
127.0.0.1 www.secure.internetdownloadmanager.com
127.0.0.1 mirror.internetdownloadmanager.com
127.0.0.1 www.mirror.internetdownloadmanager.com
127.0.0.1 mirror2.internetdownloadmanager.com
127.0.0.1 www.mirror2.internetdownloadmanager.com
127.0.0.1 mirror3.internetdownloadmanager.com
127.0.0.1 www.mirror3.internetdownloadmanager.com
127.0.0.1 174.133.70.98

2016-11-07 03:29 - 2016-11-07 03:29 - 000000499 _____ C:\WINDOWS\system32\drivers\etc\hosts.ics

192.168.137.70 iPhone.mshome.net # 2016 11 0 13 17 29 46 813
192.168.137.1 Lenovo-PC.mshome.net # 2021 11 5 5 17 29 46 813

==================== Other Areas ============================

(Currently there is no automatic fix for this section.)

HKLM\System\CurrentControlSet\Control\Session Manager\Environment\\Path: C:\ProgramData\Oracle\Java\javapath;C:\Program Files\Common Files\Microsoft Shared\Windows Live;C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live;C:\Program Files (x86)\Intel\iCLS Client\;C:\Program Files\Intel\iCLS Client\;%SystemRoot%\system32;%SystemRoot%;%SystemRoot%\System32\Wbem;%SYSTEMROOT%\System32\WindowsPowerShell\v1.0\;C:\Program Files\Intel\Intel(R) Management Engine Components\DAL;C:\Program Files\Intel\Intel(R) Management Engine Components\IPT;C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL;C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT;C:\Program Files (x86)\Windows Live\Shared;D:\Program Files (x86)\QuickTime\QTSystem\;C:\Program Files (x86)\Skype\Phone\;C:\Program Files\Microsoft SQL Server\130\Tools\Binn\;C:\Program Files (x86)\Microsoft SQL Server\100\Tools\Binn\;C:\Program Files\Microsoft SQL Server\100\Tools\Binn\;C:\Program Files\Microsoft SQL Server\100\DTS\Binn\;%SYSTEMROOT%\System32\OpenSSH\
HKU\S-1-5-21-1925601759-1010797402-2804155008-1000\Control Panel\Desktop\\Wallpaper -> C:\Windows\Web\Wallpaper\Windows\img0.jpg
DNS Servers: 192.168.0.1
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1)
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer => (SmartScreenEnabled: Off)
HKLM\software\microsoft\Windows\CurrentVersion\Telephony\Providers => ProviderFileName2 -> ndptsp.tsp (No File)
Windows Firewall is enabled.

==================== MSCONFIG/TASK MANAGER disabled items ==

If an entry is included in the fixlist, it will be removed.

MSCONFIG\Services: ACDaemon => 3
MSCONFIG\Services: CLHNServiceForPowerDVD => 2
MSCONFIG\Services: CxAudMsg => 2
MSCONFIG\Services: CyberLink PowerDVD 11.0 Monitor Service => 2
MSCONFIG\Services: CyberLink PowerDVD 11.0 Service => 2
MSCONFIG\Services: dbupdate => 2
MSCONFIG\Services: dbupdatem => 3
MSCONFIG\Services: ETDService => 2
MSCONFIG\Services: gusvc => 3
MSCONFIG\Services: hmevpnsvc => 2
MSCONFIG\Services: iPod Service => 3
MSCONFIG\Services: MozillaMaintenance => 3
MSCONFIG\Services: OverwolfUpdater => 3
MSCONFIG\Services: PingzapperSvc => 2
MSCONFIG\Services: Razer Game Scanner Service => 2
MSCONFIG\Services: SkypeUpdate => 2
MSCONFIG\Services: TeamViewer => 2
MSCONFIG\Services: UDisk Monitor => 2
MSCONFIG\Services: WtuSystemSupport => 2
MSCONFIG\startupfolder: C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^McAfee Security Scan Plus.lnk => C:\Windows\pss\McAfee Security Scan Plus.lnk.CommonStartup
MSCONFIG\startupfolder: C:^Users^Lenovo^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^MYOB Add-On Connector.lnk => C:\Windows\pss\MYOB Add-On Connector.lnk.Startup
MSCONFIG\startupreg: Adobe ARM => "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
MSCONFIG\startupreg: AdobeAAMUpdater-1.0 => "C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe"
MSCONFIG\startupreg: APSDaemon => "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe"
MSCONFIG\startupreg: AVG-Secure-Search-Update_0715tb => "C:\ProgramData\Avg_Update_0715tb\AVG-Secure-Search-Update_0715tb.exe" /PROMPT /CMPID=0715tb
MSCONFIG\startupreg: BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA} => "C:\Program Files (x86)\Common Files\Ahead\Lib\NMBgMonitor.exe"
MSCONFIG\startupreg: cAudioFilterAgent => C:\Program Files\Conexant\cAudioFilterAgent\cAudioFilterAgent64.exe
MSCONFIG\startupreg: cFosSpeed => C:\Program Files\cFosSpeed\cFosSpeed.exe
MSCONFIG\startupreg: Dropbox => "C:\Program Files (x86)\Dropbox\Client\Dropbox.exe" /systemstartup
MSCONFIG\startupreg: Energy Management => C:\Program Files (x86)\Lenovo\Energy Management\Energy Management.exe
MSCONFIG\startupreg: EnergyUtility => C:\Program Files (x86)\Lenovo\Energy Management\Utility.exe
MSCONFIG\startupreg: ForteConfig => C:\Program Files\Conexant\ForteConfig\fmapp.exe
MSCONFIG\startupreg: Google Update => "C:\Users\Lenovo\AppData\Local\Google\Update\GoogleUpdate.exe" /c
MSCONFIG\startupreg: GrooveMonitor => "C:\Program Files (x86)\Microsoft Office\Office12\GrooveMonitor.exe"
MSCONFIG\startupreg: HotKeysCmds => "C:\Windows\system32\hkcmd.exe"
MSCONFIG\startupreg: IAStorIcon => "C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorIconLaunch.exe" "C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe" 60
MSCONFIG\startupreg: IgfxTray => "C:\Windows\system32\igfxtray.exe"
MSCONFIG\startupreg: Launch LCore => C:\Program Files\Logitech Gaming Software\LCore.exe /minimized
MSCONFIG\startupreg: Overwolf => C:\Program Files (x86)\Overwolf\Overwolf.exe -silent
MSCONFIG\startupreg: Persistence => "C:\Windows\system32\igfxpers.exe"
MSCONFIG\startupreg: QuickTime Task => "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime
MSCONFIG\startupreg: Raptr => C:\Program Files (x86)\Raptr\RAPTRS~1.EXE --startup
MSCONFIG\startupreg: Razer Synapse => "C:\Program Files (x86)\Razer\Synapse\RzSynapse.exe"
MSCONFIG\startupreg: RemoteControl11 => "C:\Program Files (x86)\CyberLink\PowerDVD11\PDVD11Serv.exe"
MSCONFIG\startupreg: Sidebar => C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
MSCONFIG\startupreg: SmartAudio => C:\Program Files\CONEXANT\SAII\SACpl.exe /t
MSCONFIG\startupreg: Spotify => "C:\Users\Lenovo\AppData\Roaming\Spotify\Spotify.exe" -autostart -minimized
MSCONFIG\startupreg: Spotify Web Helper => "C:\Users\Lenovo\AppData\Roaming\Spotify\SpotifyWebHelper.exe"
MSCONFIG\startupreg: StartCCC => "C:\Program Files (x86)\AMD\ATI.ACE\Core-Static\amd64\CLIStart.exe" MSRun
MSCONFIG\startupreg: Steam => "C:\Program Files (x86)\Steam\steam.exe" -silent
MSCONFIG\startupreg: SynLenovoGestureMgr => %ProgramFiles%\Synaptics\SynTP\SynLenovoGestureMgr.exe
MSCONFIG\startupreg: SynTPEnh => %ProgramFiles%\Synaptics\SynTP\SynTPEnh.exe
MSCONFIG\startupreg: USB3MON => "C:\Program Files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe"
MSCONFIG\startupreg: vProt => "C:\Program Files (x86)\AVG Web TuneUp\vprot.exe"
MSCONFIG\startupreg: WTFast Tray => "D:\Program Files (x86)\WTFast\WTFast.exe" trayonly
HKLM\...\StartupApproved\Run: => "cAudioFilterAgent"
HKLM\...\StartupApproved\Run: => "ForteConfig"
HKLM\...\StartupApproved\Run: => "iTunesHelper"
HKLM\...\StartupApproved\Run: => "StartCN"
HKLM\...\StartupApproved\Run32: => "DivXUpdate"
HKLM\...\StartupApproved\Run32: => "DivXMediaServer"
HKLM\...\StartupApproved\Run32: => "Dropbox"
HKLM\...\StartupApproved\Run32: => "AVG_UI"
HKLM\...\StartupApproved\Run32: => "QuickTime Task"
HKLM\...\StartupApproved\Run32: => "Raptr"
HKLM\...\StartupApproved\Run32: => "vProt"
HKLM\...\StartupApproved\Run32: => "PlaysTV"
HKLM\...\StartupApproved\Run32: => "Wondershare Helper Compact.exe"
HKLM\...\StartupApproved\Run32: => "SunJavaUpdateSched"
HKLM\...\StartupApproved\Run32: => "SecurityHealth"
HKLM\...\StartupApproved\Run32: => "SmartAudio"
HKLM\...\StartupApproved\Run32: => "ETDCtrl"
HKLM\...\StartupApproved\Run32: => "DSATray"
HKU\S-1-5-21-1925601759-1010797402-2804155008-1000\...\StartupApproved\StartupFolder: => "hide.me VPN.lnk"
HKU\S-1-5-21-1925601759-1010797402-2804155008-1000\...\StartupApproved\StartupFolder: => "Bitcoin.lnk"
HKU\S-1-5-21-1925601759-1010797402-2804155008-1000\...\StartupApproved\Run: => "Discord"
HKU\S-1-5-21-1925601759-1010797402-2804155008-1000\...\StartupApproved\Run: => "OneDrive"
HKU\S-1-5-21-1925601759-1010797402-2804155008-1000\...\StartupApproved\Run: => "Spotify Web Helper"
HKU\S-1-5-21-1925601759-1010797402-2804155008-1000\...\StartupApproved\Run: => "WTFast Tray"
HKU\S-1-5-21-1925601759-1010797402-2804155008-1000\...\StartupApproved\Run: => "CCleaner Monitoring"
HKU\S-1-5-21-1925601759-1010797402-2804155008-1000\...\StartupApproved\Run: => "Free Download Manager"
HKU\S-1-5-21-1925601759-1010797402-2804155008-1000\...\StartupApproved\Run: => "Adguard"
HKU\S-1-5-21-1925601759-1010797402-2804155008-1000\...\StartupApproved\Run: => "DownloadAccelerator"

==================== FirewallRules (Whitelisted) ===============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

FirewallRules: [{C85BB459-5825-465E-9C64-4F6D04295ECA}] => (Allow) D:\Steam\Steam.exe (Valve -> Valve Corporation)
FirewallRules: [{56B248C4-51C0-4881-A3DF-FFE49495D7A2}] => (Allow) D:\Steam\Steam.exe (Valve -> Valve Corporation)
FirewallRules: [{384A9A9E-27F1-4EEA-8FB8-BE8AA17306FB}] => (Allow) D:\Steam\bin\cef\cef.win7x64\steamwebhelper.exe (Valve -> Valve Corporation)
FirewallRules: [{8F158D42-D729-46B6-B6CB-533F4AC05185}] => (Allow) D:\Steam\bin\cef\cef.win7x64\steamwebhelper.exe (Valve -> Valve Corporation)
FirewallRules: [{435422B9-07FA-46DF-A741-237F7C2210F3}] => (Allow) D:\Steam\SteamApps\common\dota 2 beta\game\bin\win64\dota2.exe (Valve -> )
FirewallRules: [{22F62F48-C02A-4790-A6F5-8B890C3CCB15}] => (Allow) D:\Steam\SteamApps\common\dota 2 beta\game\bin\win64\dota2.exe (Valve -> )
FirewallRules: [{B4DEDF6A-1421-40E0-8BAF-84376A31421B}] => (Allow) D:\Steam\SteamApps\common\dota 2 beta\game\bin\win64\dota2cfg.exe (Valve -> )
FirewallRules: [{08045740-3153-41A2-9A22-8AAD96F532E8}] => (Allow) D:\Steam\SteamApps\common\dota 2 beta\game\bin\win64\dota2cfg.exe (Valve -> )
FirewallRules: [{2C9C57C3-E3E0-4550-87ED-D230BE7E01BA}] => (Allow) D:\Steam\SteamApps\common\dota 2 beta\game\bin\win64\dota2.exe (Valve -> )
FirewallRules: [{2F0F5E82-9854-4FF2-8036-7472B1B31AFD}] => (Allow) D:\Steam\SteamApps\common\dota 2 beta\game\bin\win64\dota2.exe (Valve -> )
FirewallRules: [{91CF5134-F890-4AD5-9C20-E746603126B1}] => (Allow) C:\Program Files (x86)\360\Total Security\LiveUpdate360.exe (QIHU 360 SOFTWARE CO. LIMITED -> Qihoo 360 Technology Co. Ltd.)
FirewallRules: [{2900A6FC-2B32-4C08-A628-19A07D548503}] => (Allow) C:\Program Files (x86)\360\Total Security\LiveUpdate360.exe (QIHU 360 SOFTWARE CO. LIMITED -> Qihoo 360 Technology Co. Ltd.)
FirewallRules: [{C233EE90-5EF6-4A79-B869-7D6D847044E9}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Mozilla Corporation -> Mozilla Corporation)
FirewallRules: [{0729A247-3837-46E5-8510-48BDE54ECD0B}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Mozilla Corporation -> Mozilla Corporation)
FirewallRules: [{0B7BDA4E-3B54-4A69-86BA-2E08D8A8F8D8}] => (Allow) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google LLC -> Google Inc.)
FirewallRules: [{539A723E-25CF-46FC-88FD-54482A7313F9}] => (Allow) C:\Program Files (x86)\360\Total Security\safemon\QHSafeTray.exe (QIHU 360 SOFTWARE CO. LIMITED -> Qihoo 360 Technology Co. Ltd.)
FirewallRules: [{345B4A24-9BEC-4E18-A135-B2BE5B1E76FE}] => (Allow) C:\Program Files (x86)\360\Total Security\safemon\QHSafeTray.exe (QIHU 360 SOFTWARE CO. LIMITED -> Qihoo 360 Technology Co. Ltd.)

==================== Restore Points =========================

19-04-2019 04:42:40 Scheduled Checkpoint

==================== Faulty Device Manager Devices =============


==================== Event log errors: =========================

Application errors:
==================
Error: (04/19/2019 10:14:43 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: AvLaunch.exe, version: 19.3.4241.0, time stamp: 0x5c82677e
Faulting module name: ucrtbase.dll, version: 10.0.17134.677, time stamp: 0x9f346d3f
Exception code: 0xc0000409
Fault offset: 0x000000000006e14e
Faulting process id: 0x176c
Faulting application start time: 0x01d4f6449fe30c0a
Faulting application path: C:\Program Files\AVAST Software\Avast\AvLaunch.exe
Faulting module path: C:\WINDOWS\System32\ucrtbase.dll
Report Id: 63396444-9bfc-471f-a29d-aab87208a1ba
Faulting package full name:
Faulting package-relative application ID:

Error: (04/19/2019 10:09:58 AM) (Source: MSSQL$SQLEXPRESS) (EventID: 8317) (User: )
Description: Cannot query value 'First Counter' associated with registry key 'HKLM\SYSTEM\CurrentControlSet\Services\MSSQL$SQLEXPRESS\Performance'. SQL Server performance counters are disabled.

Error: (04/19/2019 10:06:59 AM) (Source: Windows Search Service) (EventID: 1019) (User: )
Description: Windows Search Service failed to process the list of included and excluded locations with the error <30, 0x80040d07, "iehistory://{S-1-5-21-1925601759-1010797402-2804155008-1000}/">.

Error: (04/19/2019 10:03:38 AM) (Source: VSS) (EventID: 8193) (User: )
Description: Volume Shadow Copy Service error: Unexpected error calling routine QueryFullProcessImageNameW. hr = 0x80070006, The handle is invalid.
.


Operation:
Executing Asynchronous Operation

Context:
Current State: DoSnapshotSet

Error: (04/19/2019 09:53:50 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: AvLaunch.exe, version: 19.3.4241.0, time stamp: 0x5c82677e
Faulting module name: ucrtbase.dll, version: 10.0.17134.677, time stamp: 0x9f346d3f
Exception code: 0xc0000409
Fault offset: 0x000000000006e14e
Faulting process id: 0x2340
Faulting application start time: 0x01d4f641b75869fb
Faulting application path: C:\Program Files\AVAST Software\Avast\AvLaunch.exe
Faulting module path: C:\WINDOWS\System32\ucrtbase.dll
Report Id: 2fb64e77-70ba-4a85-adc7-38962547547f
Faulting package full name:
Faulting package-relative application ID:

Error: (04/19/2019 09:51:05 AM) (Source: Perflib) (EventID: 1008) (User: )
Description: The Open Procedure for service "SQLAgent$SQLEXPRESS" in DLL "perf-SQLAgent$SQLEXPRESS-sqlagtctr10.1.2531.0.dll" failed. Performance data for this service will not be available. The first four bytes (DWORD) of the Data section contains the error code.

Error: (04/19/2019 09:51:04 AM) (Source: Perflib) (EventID: 1023) (User: )
Description: Windows cannot load the extensible counter DLL rdyboost. The first four bytes (DWORD) of the Data section contains the Windows error code.

Error: (04/19/2019 09:50:59 AM) (Source: Perflib) (EventID: 1008) (User: )
Description: The Open Procedure for service "MSSQL$SQLEXPRESS" in DLL "perf-MSSQL$SQLEXPRESS-sqlctr10.1.2531.0.dll" failed. Performance data for this service will not be available. The first four bytes (DWORD) of the Data section contains the error code.


System errors:
=============
Error: (04/19/2019 10:49:31 AM) (Source: DCOM) (EventID: 10016) (User: Lenovo-PC)
Description: The application-specific permission settings do not grant Local Activation permission for the COM Server application with CLSID
{D63B10C5-BB46-4990-A94F-E40B9D520160}
and APPID
{9CA88EE3-ACB7-47C8-AFC4-AB702511C276}
to the user Lenovo-PC\Lenovo SID (S-1-5-21-1925601759-1010797402-2804155008-1000) from address LocalHost (Using LRPC) running in the application container Unavailable SID (Unavailable). This security permission can be modified using the Component Services administrative tool.

Error: (04/19/2019 10:16:33 AM) (Source: DCOM) (EventID: 10016) (User: NT AUTHORITY)
Description: The application-specific permission settings do not grant Local Launch permission for the COM Server application with CLSID
Windows.SecurityCenter.WscBrokerManager
and APPID
Unavailable
to the user NT AUTHORITY\SYSTEM SID (S-1-5-18) from address LocalHost (Using LRPC) running in the application container Unavailable SID (Unavailable). This security permission can be modified using the Component Services administrative tool.

Error: (04/19/2019 10:16:32 AM) (Source: DCOM) (EventID: 10016) (User: NT AUTHORITY)
Description: The application-specific permission settings do not grant Local Launch permission for the COM Server application with CLSID
Windows.SecurityCenter.WscBrokerManager
and APPID
Unavailable
to the user NT AUTHORITY\SYSTEM SID (S-1-5-18) from address LocalHost (Using LRPC) running in the application container Unavailable SID (Unavailable). This security permission can be modified using the Component Services administrative tool.

Error: (04/19/2019 10:16:31 AM) (Source: DCOM) (EventID: 10016) (User: NT AUTHORITY)
Description: The application-specific permission settings do not grant Local Launch permission for the COM Server application with CLSID
Windows.SecurityCenter.WscBrokerManager
and APPID
Unavailable
to the user NT AUTHORITY\SYSTEM SID (S-1-5-18) from address LocalHost (Using LRPC) running in the application container Unavailable SID (Unavailable). This security permission can be modified using the Component Services administrative tool.

Error: (04/19/2019 10:16:30 AM) (Source: DCOM) (EventID: 10016) (User: NT AUTHORITY)
Description: The application-specific permission settings do not grant Local Launch permission for the COM Server application with CLSID
Windows.SecurityCenter.WscBrokerManager
and APPID
Unavailable
to the user NT AUTHORITY\SYSTEM SID (S-1-5-18) from address LocalHost (Using LRPC) running in the application container Unavailable SID (Unavailable). This security permission can be modified using the Component Services administrative tool.

Error: (04/19/2019 10:16:29 AM) (Source: DCOM) (EventID: 10016) (User: NT AUTHORITY)
Description: The application-specific permission settings do not grant Local Launch permission for the COM Server application with CLSID
Windows.SecurityCenter.WscBrokerManager
and APPID
Unavailable
to the user NT AUTHORITY\SYSTEM SID (S-1-5-18) from address LocalHost (Using LRPC) running in the application container Unavailable SID (Unavailable). This security permission can be modified using the Component Services administrative tool.

Error: (04/19/2019 10:14:35 AM) (Source: DCOM) (EventID: 10016) (User: Lenovo-PC)
Description: The application-specific permission settings do not grant Local Activation permission for the COM Server application with CLSID
{D63B10C5-BB46-4990-A94F-E40B9D520160}
and APPID
{9CA88EE3-ACB7-47C8-AFC4-AB702511C276}
to the user Lenovo-PC\Lenovo SID (S-1-5-21-1925601759-1010797402-2804155008-1000) from address LocalHost (Using LRPC) running in the application container Unavailable SID (Unavailable). This security permission can be modified using the Component Services administrative tool.

Error: (04/19/2019 10:10:37 AM) (Source: DCOM) (EventID: 10016) (User: NT AUTHORITY)
Description: The application-specific permission settings do not grant Local Activation permission for the COM Server application with CLSID
{D63B10C5-BB46-4990-A94F-E40B9D520160}
and APPID
{9CA88EE3-ACB7-47C8-AFC4-AB702511C276}
to the user NT AUTHORITY\LOCAL SERVICE SID (S-1-5-19) from address LocalHost (Using LRPC) running in the application container Unavailable SID (Unavailable). This security permission can be modified using the Component Services administrative tool.


CodeIntegrity:
===================================

Date: 2019-04-19 10:35:52.456
Description:
Code Integrity determined that a process (\Device\HarddiskVolume2\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe) attempted to load \Device\HarddiskVolume2\Program Files (x86)\360\Total Security\I18N64.dll that did not meet the Store signing level requirements.

Date: 2019-04-19 10:35:52.425
Description:
Code Integrity determined that a process (\Device\HarddiskVolume2\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe) attempted to load \Device\HarddiskVolume2\Program Files (x86)\360\Total Security\I18N64.dll that did not meet the Store signing level requirements.

Date: 2019-04-19 10:35:34.363
Description:
Code Integrity determined that a process (\Device\HarddiskVolume2\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe) attempted to load \Device\HarddiskVolume2\Program Files (x86)\360\Total Security\I18N64.dll that did not meet the Store signing level requirements.

Date: 2019-04-19 10:35:33.720
Description:
Code Integrity determined that a process (\Device\HarddiskVolume2\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe) attempted to load \Device\HarddiskVolume2\Program Files (x86)\360\Total Security\I18N64.dll that did not meet the Store signing level requirements.

Date: 2019-04-19 10:35:26.718
Description:
Code Integrity determined that a process (\Device\HarddiskVolume2\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe) attempted to load \Device\HarddiskVolume2\Program Files (x86)\360\Total Security\I18N64.dll that did not meet the Store signing level requirements.

Date: 2019-04-19 10:35:26.718
Description:
Code Integrity determined that a process (\Device\HarddiskVolume2\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe) attempted to load \Device\HarddiskVolume2\Program Files (x86)\360\Total Security\I18N64.dll that did not meet the Store signing level requirements.

Date: 2019-04-19 03:22:50.135
Description:
Code Integrity determined that a process (\Device\HarddiskVolume2\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe) attempted to load \Device\HarddiskVolume2\Program Files (x86)\360\Total Security\I18N64.dll that did not meet the Store signing level requirements.

Date: 2019-04-19 03:22:50.082
Description:
Code Integrity determined that a process (\Device\HarddiskVolume2\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe) attempted to load \Device\HarddiskVolume2\Program Files (x86)\360\Total Security\I18N64.dll that did not meet the Store signing level requirements.

==================== Memory info ===========================

Processor: Intel(R) Core(TM) i7-4510U CPU @ 2.00GHz
Percentage of memory in use: 47%
Total physical RAM: 8088.36 MB
Available physical RAM: 4226.23 MB
Total Virtual: 20220.36 MB
Available Virtual: 15388.08 MB

==================== Drives ================================

Drive c: (OS) (Fixed) (Total:151.27 GB) (Free:19.03 GB) NTFS
Drive d: (Data) (Fixed) (Total:584.83 GB) (Free:275.81 GB) NTFS
Drive f: (Bandicam) (Fixed) (Total:195.31 GB) (Free:179.55 GB) NTFS

\\?\Volume{c05dd144-747f-11e4-9d1a-806e6f6e6963}\ (System Reserved) (Fixed) (Total:0.1 GB) (Free:0.05 GB) NTFS

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (MBR Code: Windows 7/8/10) (Size: 931.5 GB) (Disk ID: D9FA2484)
Partition 1: (Active) - (Size=100 MB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=151.3 GB) - (Type=07 NTFS)
Partition 3: (Not Active) - (Size=584.8 GB) - (Type=07 NTFS)
Partition 4: (Not Active) - (Size=195.3 GB) - (Type=0F Extended)

==================== End of Addition.txt ============================

FRST:
Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 18.04.2019
Ran by Lenovo (administrator) on LENOVO-PC (19-04-2019 12:45:49)
Running from C:\Users\Lenovo\Downloads
Loaded Profiles: Lenovo (Available Profiles: Lenovo & DefaultAppPool)
Platform: Windows 10 Pro Version 1803 17134.706 (X64) Language: English (United States)
Default browser: Chrome
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(QIHU 360 SOFTWARE CO. LIMITED -> Qihoo 360 Technology Co. Ltd.) C:\Program Files (x86)\360\Total Security\safemon\QHActiveDefense.exe
(Intel(R) Corporation) [File not signed] C:\Program Files\Intel\iCLS Client\HeciServer.exe
(Apple Inc. -> Apple Inc.) C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(AnchorFree Inc -> AnchorFree Inc.) C:\Program Files (x86)\Hotspot Shield\bin\cmw_srv.exe
(Conexant Systems, Inc. -> Conexant Systems Inc.) C:\Windows\System32\CxAudMsg64.exe
(Intel(R) Driver & Support Assistant -> Intel) C:\Program Files (x86)\Intel Driver and Support Assistant\DSAService.exe
() [File not signed] C:\Program Files (x86)\MySQL\MySQL Server 5.0\bin\mysqld-nt.exe
(McAfee, Inc. -> McAfee, LLC.) C:\Program Files\McAfee\TrueKey\McTkSchedulerService.exe
(Apple Inc. -> Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(ELAN Microelectronics Corporation -> ELAN Microelectronics Corp.) C:\Program Files\Elantech\ETDService.exe
(Plays.tv, LLC -> Plays.tv, LLC) C:\Program Files (x86)\Raptr Inc\PlaysTV\plays_service.exe
(McAfee, Inc. -> McAfee, LLC.) C:\Program Files\McAfee\TrueKey\McAfee.TrueKey.Service.exe
(McAfee, Inc. -> McAfee, LLC.) C:\Program Files\McAfee\TrueKey\McAfee.TrueKey.ServiceHelper.exe
(Microsoft Corporation -> Microsoft Corporation) C:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe
(Microsoft Corporation -> Microsoft Corporation) C:\Program Files\Microsoft SQL Server\MSSQL10.SQLEXPRESS\MSSQL\Binn\sqlservr.exe
(Razer Inc. -> Razer Inc.) D:\Program Files (x86)\Razer\Razer Game Booster\RzKLService.exe
(Malwarebytes Corporation -> Malwarebytes) C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe
(TeamViewer GmbH -> TeamViewer GmbH) C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe
(QIHU 360 SOFTWARE CO. LIMITED -> QIHU 360 SOFTWARE CO. LIMITED) C:\Program Files (x86)\360\Total Security\safemon\QHWatchdog.exe
(ELAN Microelectronics Corporation -> ELAN Microelectronics Corp.) C:\Program Files\Elantech\ETDCtrl.exe
(ELAN Microelectronics Corporation -> ELAN Microelectronics Corp.) C:\Program Files\Elantech\ETDCtrlHelper.exe
(TeamViewer GmbH -> TeamViewer GmbH) C:\Program Files (x86)\TeamViewer\TeamViewer.exe
(Malwarebytes Corporation -> Malwarebytes) C:\Program Files\Malwarebytes\Anti-Malware\mbamtray.exe
(IObit Information Technology -> IObit) C:\Program Files (x86)\IObit\IObit Uninstaller\UninstallMonitor.exe
(TeamViewer GmbH -> TeamViewer GmbH) C:\Program Files (x86)\TeamViewer\tv_w32.exe
(TeamViewer GmbH -> TeamViewer GmbH) C:\Program Files (x86)\TeamViewer\tv_x64.exe
(Intel Corporation - Intel® Management Engine Firmware -> Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe
(Microsoft Corporation) [File not signed] C:\Program Files\WindowsApps\Microsoft.SkypeApp_14.42.60.0_x64__kzf8qxf38zg5c\SkypeApp.exe
() [File not signed] C:\Program Files\WindowsApps\Microsoft.SkypeApp_14.42.60.0_x64__kzf8qxf38zg5c\SkypeBackgroundHost.exe
(Microsoft Windows -> Microsoft Corporation) C:\Program Files\Windows Defender\MSASCuiL.exe
(Opera Software AS -> Opera Software) C:\Users\Lenovo\AppData\Local\Programs\Opera\assistant\browser_assistant.exe
() [File not signed] C:\Program Files\WindowsApps\Microsoft.ZuneVideo_10.19031.11411.0_x64__8wekyb3d8bbwe\Video.UI.exe
() [File not signed] C:\Program Files\ATI Technologies\ATI.ACE\a4\AdaptiveSleepService.exe
(QIHU 360 SOFTWARE CO. LIMITED -> Qihoo 360 Technology Co. Ltd.) C:\Program Files (x86)\360\Total Security\safemon\QHSafeTray.exe
() [File not signed] C:\Program Files (x86)\AMD\Performance Profile Client\AUEPLauncher.exe
() [File not signed] C:\Program Files (x86)\AMD\Performance Profile Client\AUEPMaster.exe
(Intel Corporation - Intel® Rapid Storage Technology -> Intel Corporation) C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe
(Microsoft Windows -> Microsoft Corporation) C:\Program Files\rempl\sedsvc.exe
() [File not signed] C:\Program Files (x86)\AMD\Performance Profile Client\AUEPUF.exe
(Microsoft Windows -> Microsoft Corporation) C:\Windows\SysWOW64\wbem\WmiPrvSE.exe
() [File not signed] C:\Program Files (x86)\AMD\Performance Profile Client\AUEPDU.exe
(Google LLC -> Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google LLC -> Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google LLC -> Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google LLC -> Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\OpenWith.exe
(Google LLC -> Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Google LLC -> Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google LLC -> Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google LLC -> Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Google LLC -> Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
() [File not signed] C:\Program Files\WindowsApps\Microsoft.Windows.Photos_2019.19021.18010.0_x64__8wekyb3d8bbwe\Microsoft.Photos.exe
(Google LLC -> Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google LLC -> Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google LLC -> Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe

==================== Registry (Whitelisted) ===========================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [SecurityHealth] => C:\Program Files\Windows Defender\MSASCuiL.exe [638872 2018-04-12] (Microsoft Windows -> Microsoft Corporation)
HKLM\...\Run: [ETDCtrl] => C:\Program Files\Elantech\ETDCtrl.exe [3242696 2015-10-07] (ELAN Microelectronics Corporation -> ELAN Microelectronics Corp.)
HKLM\...\Run: [ForteConfig] => C:\Program Files\Conexant\ForteConfig\fmapp.exe [49056 2010-10-26] (Fortemedia Inc -> )
HKLM\...\Run: [cAudioFilterAgent] => C:\Program Files\Conexant\cAudioFilterAgent\cAudioFilterAgent64.exe [935104 2014-11-25] (Conexant Systems, Inc. -> Conexant Systems, Inc.)
HKLM\...\Run: [iTunesHelper] => D:\Program Files\iTunes\iTunesHelper.exe [298296 2018-01-22] (Apple Inc. -> Apple Inc.)
HKLM-x32\...\Run: [vProt] => "C:\Program Files (x86)\AVG Web TuneUp\vprot.exe"
HKLM-x32\...\Run: [Dropbox] => C:\Program Files (x86)\Dropbox\Client\Dropbox.exe [3567936 2018-03-15] (Dropbox, Inc -> Dropbox, Inc.)
HKLM-x32\...\Run: [PlaysTV] => C:\Program Files (x86)\Raptr Inc\PlaysTV\playstv_launcher.exe [71440 2016-08-10] (Plays.tv, LLC -> Plays.tv, LLC)
HKLM-x32\...\Run: [Raptr] => C:\Program Files (x86)\Raptr Inc\Raptr\raptrstub.exe [58640 2016-04-01] (Raptr, Inc -> Raptr, Inc)
HKLM-x32\...\Run: [QHSafeTray] => C:\Program Files (x86)\360\Total Security\safemon\360Tray.exe [669248 2018-09-28] (QIHU 360 SOFTWARE CO. LIMITED -> Qihoo 360 Technology Co. Ltd.)
HKLM-x32\...\Run: [DSATray] => C:\Program Files (x86)\Intel Driver and Support Assistant\DsaTray.exe [135968 2018-03-15] (Intel(R) Driver & Support Assistant -> Intel)
HKLM-x32\...\Run: [AvastUI.exe] => C:\Program Files\AVAST Software\Avast\AvLaunch.exe [260488 2019-03-18] (AVAST Software s.r.o. -> AVAST Software)
HKLM\SOFTWARE\Policies\Microsoft\Windows Defender: Restriction <==== ATTENTION
HKU\S-1-5-19\...\RunOnce: [WAB Migrate] => C:\Program Files\Windows Mail\wab.exe [518144 2018-04-12] (Microsoft Windows -> Microsoft Corporation)
HKU\S-1-5-20\...\RunOnce: [WAB Migrate] => C:\Program Files\Windows Mail\wab.exe [518144 2018-04-12] (Microsoft Windows -> Microsoft Corporation)
HKU\S-1-5-21-1925601759-1010797402-2804155008-1000\...\Run: [CCleaner Monitoring] => C:\Program Files\CCleaner\CCleaner64.exe [17074688 2018-03-07] (Piriform Ltd -> Piriform Ltd)
HKU\S-1-5-21-1925601759-1010797402-2804155008-1000\...\Run: [Opera Browser Assistant] => C:\Users\Lenovo\AppData\Local\Programs\Opera\assistant\browser_assistant.exe [2480216 2019-02-12] (Opera Software AS -> Opera Software)
HKU\S-1-5-21-1925601759-1010797402-2804155008-1000\...\Policies\Explorer: [NoLowDiskSpaceChecks] 1
HKLM\...\Drivers32: [VIDC.FPS1] => C:\WINDOWS\system32\frapsv64.dll [105984 2015-09-05] (Beepa P/L) [File not signed]
HKLM\...\Drivers32: [VIDC.HFYU] => C:\WINDOWS\system32\huffyuv.dll [55296 2005-01-22] () [File not signed]
HKLM\...\Drivers32: [VIDC.LAGS] => C:\WINDOWS\system32\lagarith.dll [148992 2011-12-08] ( ) [File not signed]
HKLM\...\Drivers32: [VIDC.X264] => C:\WINDOWS\system32\x264vfw64.dll [3799552 2017-07-30] (x264vfw project) [File not signed]
HKLM\...\Drivers32: [VIDC.XVID] => C:\WINDOWS\system32\xvidvfw.dll [311296 2018-01-28] () [File not signed]
HKLM\...\Drivers32: [VIDC.FFDS] => C:\WINDOWS\system32\ff_vfw.dll [126976 2015-08-25] () [File not signed]
HKLM\...\Drivers32: [msacm.ac3acm] => C:\WINDOWS\system32\ac3acm.acm [180736 2012-07-21] (fccHandler) [File not signed]
HKLM\...\Drivers32: [VIDC.FPS1] => C:\Windows\SysWOW64\frapsvid.dll [94208 2015-09-05] (Beepa P/L) [File not signed]
HKLM\...\Drivers32: [VIDC.HFYU] => C:\WINDOWS\SysWOW64\huffyuv.dll [39936 2004-05-19] (Disappearing Inc.) [File not signed]
HKLM\...\Drivers32: [VIDC.LAGS] => C:\WINDOWS\SysWOW64\lagarith.dll [216064 2011-12-08] ( ) [File not signed]
HKLM\...\Drivers32: [VIDC.X264] => C:\Windows\SysWOW64\x264vfw.dll [3850240 2017-07-30] (x264vfw project) [File not signed]
HKLM\...\Drivers32: [VIDC.XVID] => C:\WINDOWS\SysWOW64\xvidvfw.dll [284672 2018-01-28] () [File not signed]
HKLM\...\Drivers32: [msacm.ac3acm] => C:\WINDOWS\SysWOW64\ac3acm.acm [122880 2012-07-21] (fccHandler) [File not signed]
HKLM\...\Drivers32: [msacm.lameacm] => C:\Windows\SysWOW64\lameACM.acm [473088 2015-02-26] (hxxp://www.mp3dev.org/) [File not signed]
HKLM\...\Drivers32: [VIDC.FFDS] => C:\WINDOWS\SysWOW64\ff_vfw.dll [112128 2015-08-25] () [File not signed]
HKLM\Software\Wow6432Node\Microsoft\Active Setup\Installed Components: [{8A69D345-D564-463c-AFF1-A69D9E530F96}] -> C:\Program Files (x86)\Google\Chrome\Application\73.0.3683.103\Installer\chrmstp.exe [2019-04-19] (Google LLC -> Google Inc.)
HKLM\Software\...\Authentication\Credential Providers: [{503739d0-4c5e-4cfd-b3ba-d881334f0df2}] ->
HKLM\Software\...\Authentication\Credential Providers: [{B7724AE5-1135-4889-8A5F-CA98BE6CA1ED}] -> C:\Program Files\McAfee\TrueKey\McAfee.TrueKey.CredentialProvider.dll [2018-11-27] (McAfee, Inc. -> McAfee, LLC.)
Lsa: [Notification Packages] scecli C:\Program Files\TrueKey\McAfeeTrueKeyPasswordFilter "C:\Program Files\TrueKey\McAfeeTrueKeyPasswordFilter" "C:\Program Files\McAfee\TrueKey\McAfeeTrueKeyPasswordFilter"
GroupPolicy: Restriction ? <==== ATTENTION

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

Hosts: There are more than one entry in Hosts. See Hosts section of Addition.txt
Tcpip\Parameters: [DhcpNameServer] 192.168.0.1
Tcpip\..\Interfaces\{2e5093be-ec30-45b1-a0b7-0a9388c176f1}: [DhcpNameServer] 172.20.10.1
Tcpip\..\Interfaces\{8d45d7f2-23ec-402e-ba7c-d7e2681ab43c}: [DhcpNameServer] 192.168.0.1

Internet Explorer:
==================
HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer: Restriction <==== ATTENTION
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.google.com/
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.google.com/
HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.google.com/?q={searchTerms}
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.google.com/?q={searchTerms}
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://www.google.com/
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://www.google.com/
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = hxxp://www.google.com/
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Search_URL = hxxp://www.google.com/
HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Local Page =
HKU\S-1-5-21-1925601759-1010797402-2804155008-1000\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = hxxp://www.google.com/ie
BHO: ExplorerWnd Helper -> {10921475-03CE-4E04-90CE-E2E7EF20C814} -> C:\Program Files (x86)\IObit\IObit Uninstaller\UninstallExplorer.dll [2018-07-19] (IObit Information Technology -> IObit)
BHO-x32: Groove GFS Browser Helper -> {72853161-30C5-4D22-B7F9-0BBC1D38A37E} -> C:\Program Files (x86)\Microsoft Office\Office12\GrooveShellExtensions.dll [2009-02-26] (Microsoft Corporation -> Microsoft Corporation)
Toolbar: HKLM - True Key - {4BAAC1B8-0800-42C9-8FA6-08B211F356B8} - C:\Program Files\McAfee\TrueKey\MSIE\truekey_ie64.dll [2018-04-23] (McAfee, Inc. -> Intel Security)
Toolbar: HKLM-x32 - True Key - {4BAAC1B8-0800-42C9-8FA6-08B211F356B8} - C:\Program Files\McAfee\TrueKey\MSIE\truekey_ie.dll [2018-04-23] (McAfee, Inc. -> Intel Security)
Handler: viprotocol - {B658800C-F66E-4EF3-AB85-6C0C227862A9} - C:\Program Files (x86)\Common Files\AVG Secure Search\ViProtocolInstaller\18.2.0\ViProtocol.dll No File

FireFox:
========
FF ProfilePath: C:\Users\Lenovo\AppData\Roaming\Mozilla\Firefox\Profiles\yyjwfhm6.default [2019-04-19]
FF HKLM-x32\...\Firefox\Extensions: [[email protected]] - D:\Program Files (x86)\DAP\daplinkchecker
FF Extension: (DAP Link Checker) - D:\Program Files (x86)\DAP\daplinkchecker [2017-11-12] [Legacy] [not signed]
FF HKU\S-1-5-21-1925601759-1010797402-2804155008-1000\...\Firefox\Extensions: [{F17C1572-C9EC-4e5c-A542-D05CBB5C5A08}] - D:\Program Files (x86)\DAP\DAPFireFox
FF Extension: (Download Accelerator Plus (DAP) extension) - D:\Program Files (x86)\DAP\DAPFireFox [2017-11-12] [Legacy] [not signed]
FF HKU\S-1-5-21-1925601759-1010797402-2804155008-1000\...\SeaMonkey\Extensions: [[email protected]] - C:\Program Files (x86)\Internet Download Manager\idmmzcc2.xpi => not found
FF Plugin: @adobe.com/FlashPlayer -> C:\WINDOWS\system32\Macromed\Flash\NPSWF64_29_0_0_113.dll [2018-03-22] (Adobe Systems Incorporated -> )
FF Plugin: @divx.com/DivX VOD Helper,version=1.0.0 -> C:\Program Files\DivX\DivX OVS Helper\npovshelper.dll [2014-05-22] (DivX, LLC -> DivX, LLC.)
FF Plugin: @java.com/DTPlugin,version=10.40.2 -> C:\WINDOWS\system32\npDeployJava1.dll [2014-11-25] (Oracle America, Inc. -> Oracle Corporation)
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files\Microsoft Silverlight\5.1.50918.0\npctrl.dll [2018-10-23] (Microsoft Corporation -> Microsoft Corporation)
FF Plugin: adobe.com/AdobeAAMDetect -> C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\CCM\Utilities\npAdobeAAMDetect64.dll [2014-04-28] (Adobe Systems Incorporated -> Adobe Systems)
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\WINDOWS\SysWOW64\Macromed\Flash\NPSWF32_29_0_0_113.dll [2018-03-22] (Adobe Systems Incorporated -> )
FF Plugin-x32: @avg.com/AVG SiteSafety plugin,version=11.0.0.1,application/x-avg-sitesafety-plugin -> C:\Program Files (x86)\Common Files\AVG Secure Search\SiteSafetyInstaller\40.3.6\\npsitesafety.dll [No File]
FF Plugin-x32: @divx.com/DivX VOD Helper,version=1.0.0 -> C:\Program Files (x86)\DivX\DivX OVS Helper\npovshelper.dll [2014-05-22] (DivX, LLC -> DivX, LLC.)
FF Plugin-x32: @divx.com/DivX Web Player Plug-In,version=1.0.0 -> C:\Program Files (x86)\DivX\DivX Web Player\npdivx32.dll [2015-09-02] (DivX, LLC -> DivX, LLC)
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI ipt;version=4.0.5 -> C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIIPT.dll [2013-09-16] (Intel® Identity Protection Technology Software -> Intel Corporation)
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI updater -> C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIUpdater.dll [2013-09-16] (Intel® Identity Protection Technology Software -> Intel Corporation)
FF Plugin-x32: @java.com/DTPlugin,version=11.161.2 -> C:\Program Files (x86)\Java\jre1.8.0_161\bin\dtplugin\npDeployJava1.dll [2018-03-22] (Oracle America, Inc. -> Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=11.161.2 -> C:\Program Files (x86)\Java\jre1.8.0_161\bin\plugin2\npjp2.dll [2018-03-22] (Oracle America, Inc. -> Oracle Corporation)
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files (x86)\Microsoft Silverlight\5.1.50918.0\npctrl.dll [2018-10-23] (Microsoft Corporation -> Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=16.4.3528.0331 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll [2014-04-01] (Microsoft Corporation -> Microsoft Corporation)
FF Plugin-x32: @raidcall.en/RCplugin -> C:\Users\Lenovo\AppData\Roaming\raidcall\plugins\nprcplugin.dll [2014-05-27] (Raidcall) [File not signed]
FF Plugin-x32: @softnyxNpruntime -> D:\Game\SoftnyxGame\NyxLauncherIS\npSoftnyx.dll [No File]
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.34.7\npGoogleUpdate3.dll [2019-04-19] (Google Inc -> Google LLC)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.34.7\npGoogleUpdate3.dll [2019-04-19] (Google Inc -> Google LLC)
FF Plugin-x32: @videolan.org/vlc,version=2.2.4 -> D:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [2018-02-27] (VideoLAN -> VideoLAN)
FF Plugin-x32: @videolan.org/vlc,version=3.0.1 -> D:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [2018-02-27] (VideoLAN -> VideoLAN)
FF Plugin HKU\S-1-5-21-1925601759-1010797402-2804155008-1000: @zoom.us/ZoomVideoPlugin -> C:\Users\Lenovo\AppData\Roaming\Zoom\bin\npzoomplugin.dll [2017-11-14] (Zoom Video Communications, Inc. -> Zoom Video Communications, Inc.)

Chrome:
=======
CHR Profile: C:\Users\Lenovo\AppData\Local\Google\Chrome\User Data\Default [2019-04-19]
CHR Extension: (Slides) - C:\Users\Lenovo\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2019-04-19]
CHR Extension: (AdLock ad blocker) - C:\Users\Lenovo\AppData\Local\Google\Chrome\User Data\Default\Extensions\aemffjkmgcepimloclpkecifcnipnodh [2019-04-19]
CHR Extension: (Docs) - C:\Users\Lenovo\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2019-04-19]
CHR Extension: (Google Drive) - C:\Users\Lenovo\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2019-04-19]
CHR Extension: (YouTube) - C:\Users\Lenovo\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2019-04-19]
CHR Extension: (Sheets) - C:\Users\Lenovo\AppData\Local\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2019-04-19]
CHR Extension: (Google Docs Offline) - C:\Users\Lenovo\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2019-04-19]
CHR Extension: (AdBlock) - C:\Users\Lenovo\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom [2019-04-19]
CHR Extension: (Chrome Web Store Payments) - C:\Users\Lenovo\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2019-04-19]
CHR Extension: (Gmail) - C:\Users\Lenovo\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2019-04-19]
CHR Extension: (Chrome Media Router) - C:\Users\Lenovo\AppData\Local\Google\Chrome\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm [2019-04-19]
CHR HKLM\...\Chrome\Extension: [ngpampappnmepgilojfohadhhmbhlaek] - C:\Program Files (x86)\Internet Download Manager\IDMGCExt.crx <not found>

Opera:
=======
OPR Extension: (Adblock Plus - free ad blocker) - C:\Users\Lenovo\AppData\Roaming\Opera Software\Opera Stable\Extensions\oidhhegpmlfpoeialbgcdocjalghfpkp [2019-04-18]

==================== Services (Whitelisted) ====================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

S4 ACDaemon; C:\Program Files (x86)\Common Files\ArcSoft\Connection Service\Bin\ACService.exe [109056 2009-02-06] (ArcSoft, Inc. -> ArcSoft Inc.)
R2 AdaptiveSleepService; C:\Program Files\ATI Technologies\ATI.ACE\A4\AdaptiveSleepService.exe [138752 2016-06-28] () [File not signed]
S3 AMD External Events Utility; C:\WINDOWS\system32\atiesrxx.exe [287264 2016-08-04] (Microsoft Windows Hardware Compatibility Publisher -> AMD)
R2 Apple Mobile Device Service; C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe [83768 2018-01-05] (Apple Inc. -> Apple Inc.)
R2 AUEPLauncher; C:\Program Files (x86)\AMD\Performance Profile Client\AUEPLauncher.exe [9216 2018-01-31] () [File not signed]
S4 CLHNServiceForPowerDVD; C:\Program Files (x86)\CyberLink\PowerDVD11\Kernel\DMP\CLHNServiceForPowerDVD.exe [83240 2011-04-20] (CyberLink -> )
S4 CyberLink PowerDVD 11.0 Monitor Service; C:\Program Files (x86)\CyberLink\PowerDVD11\Common\MediaServer\CLMSMonitorService.exe [70952 2011-03-31] (CyberLink -> CyberLink)
S4 CyberLink PowerDVD 11.0 Service; C:\Program Files (x86)\CyberLink\PowerDVD11\Common\MediaServer\CLMSServer.exe [312616 2011-03-31] (CyberLink -> CyberLink)
S3 dbupdate; C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe [143144 2016-02-28] (Dropbox, Inc -> Dropbox, Inc.)
S3 dbupdatem; C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe [143144 2016-02-28] (Dropbox, Inc -> Dropbox, Inc.)
S3 DbxSvc; C:\WINDOWS\system32\DbxSvc.exe [51024 2018-03-15] (Dropbox, Inc -> Dropbox, Inc.)
R2 DSAService; C:\Program Files (x86)\Intel Driver and Support Assistant\DSAService.exe [22816 2018-03-15] (Intel(R) Driver & Support Assistant -> Intel)
S3 ESRV_SVC_QUEENCREEK; C:\Program Files\Intel\SUR\QUEENCREEK\esrv_svc.exe [805632 2016-11-17] (Intel(R) Software Development Products -> )
R2 ETDService; C:\Program Files\Elantech\ETDService.exe [144072 2015-10-07] (ELAN Microelectronics Corporation -> ELAN Microelectronics Corp.)
R2 hshld; C:\Program Files (x86)\Hotspot Shield\bin\cmw_srv.exe [53120 2018-04-10] (AnchorFree Inc -> AnchorFree Inc.)
R2 IAStorDataMgrSvc; C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe [15720 2013-11-21] (Intel Corporation - Intel® Rapid Storage Technology -> Intel Corporation)
S3 igfxCUIService2.0.0.0; C:\WINDOWS\system32\igfxCUIService.exe [373688 2017-06-12] (Intel(R) pGFX -> Intel Corporation)
R2 Intel(R) Capability Licensing Service Interface; C:\Program Files\Intel\iCLS Client\HeciServer.exe [747520 2013-08-27] (Intel(R) Corporation) [File not signed]
S3 Intel(R) Capability Licensing Service TCP IP Interface; C:\Program Files\Intel\iCLS Client\SocketHeciServer.exe [828376 2013-08-27] (Intel® Trusted Connect Service -> Intel(R) Corporation)
S3 Intel(R) SUR QC SAM; C:\Program Files\Intel\SUR\QUEENCREEK\Updater\bin\IntelSoftwareAssetManagerService.exe [18168 2017-07-13] (Intel(R) Software Asset Manager -> Intel Corporation)
S2 IObitUnSvr; C:\Program Files (x86)\IObit\IObit Uninstaller\IUService.exe [153360 2018-09-25] (IObit Information Technology -> IObit)
R2 jhi_service; C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe [169432 2013-09-16] (Intel Corporation - Intel® Management Engine Firmware -> Intel Corporation)
R2 MBAMService; C:\Program Files\Malwarebytes\Anti-Malware\mbamservice.exe [6440736 2018-03-03] (Malwarebytes Corporation -> Malwarebytes)
R2 MSSQL$SQLEXPRESS; C:\Program Files\Microsoft SQL Server\MSSQL10.SQLEXPRESS\MSSQL\Binn\sqlservr.exe [57617752 2009-03-30] (Microsoft Corporation -> Microsoft Corporation)
R2 MySQL; C:\Program Files (x86)\MySQL\MySQL Server 5.0\my.ini [9263 2017-02-03] () [File not signed]
S3 npggsvc; C:\WINDOWS\SysWOW64\GameMon.des [7780848 2017-11-29] (INCA Internet Co.,Ltd. -> INCA Internet Co., Ltd.)
R2 PlaysService; C:\Program Files (x86)\Raptr Inc\PlaysTV\plays_service.exe [32528 2016-08-10] (Plays.tv, LLC -> Plays.tv, LLC)
R2 QHActiveDefense; C:\Program Files (x86)\360\Total Security\safemon\QHActiveDefense.exe [965184 2018-09-28] (QIHU 360 SOFTWARE CO. LIMITED -> Qihoo 360 Technology Co. Ltd.)
S3 rpcapd; C:\Program Files (x86)\WinPcap\rpcapd.exe [118520 2013-03-01] (Riverbed Technology, Inc. -> Riverbed Technology, Inc.)
R2 RzKLService; D:\Program Files (x86)\Razer\Razer Game Booster\RzKLService.exe [105448 2013-11-22] (Razer Inc. -> Razer Inc.)
S3 Sense; C:\Program Files\Windows Defender Advanced Threat Protection\MsSense.exe [5074120 2019-03-15] (Microsoft Windows Publisher -> Microsoft Corporation)
S4 SQLAgent$SQLEXPRESS; C:\Program Files\Microsoft SQL Server\MSSQL10.SQLEXPRESS\MSSQL\Binn\SQLAGENT.EXE [427880 2009-03-30] (Microsoft Corporation -> Microsoft Corporation)
R2 TeamViewer; C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe [11795800 2019-04-15] (TeamViewer GmbH -> TeamViewer GmbH)
R2 TrueKey; C:\Program Files\McAfee\TrueKey\McAfee.TrueKey.Service.exe [352688 2018-11-27] (McAfee, Inc. -> McAfee, LLC.)
R2 TrueKeyScheduler; C:\Program Files\McAfee\TrueKey\McTkSchedulerService.exe [352688 2018-11-27] (McAfee, Inc. -> McAfee, LLC.)
R2 TrueKeyServiceHelper; C:\Program Files\McAfee\TrueKey\McAfee.TrueKey.ServiceHelper.exe [194168 2018-11-27] (McAfee, Inc. -> McAfee, LLC.)
S4 UDisk Monitor; D:\Program Files\Modem AC2726 UI\bin\MonServiceUDisk64.exe [407040 2009-09-23] () [File not signed]
S3 USER_ESRV_SVC_QUEENCREEK; C:\Program Files\Intel\SUR\QUEENCREEK\esrv_svc.exe [805632 2016-11-17] (Intel(R) Software Development Products -> )
S3 VSStandardCollectorService140; D:\Program Files (x86)\Microsoft Visual Studio 14.0\Team Tools\DiagnosticsHub\Collector\StandardCollector.Service.exe [108776 2016-09-06] (Microsoft Corporation -> Microsoft Corporation)
S3 WdNisSvc; C:\Program Files\Windows Defender\NisSrv.exe [4413440 2019-03-14] (Microsoft Corporation -> Microsoft Corporation)
S3 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [107160 2019-02-16] (Microsoft Corporation -> Microsoft Corporation)
S3 WsDrvInst; C:\Program Files (x86)\Wondershare\Wondershare Video Converter Ultimate\Transfer\DriverInstall.exe [105064 2018-07-25] (Wondershare Technology Co.,Ltd -> Wondershare)

===================== Drivers (Whitelisted) ======================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R1 360AntiHacker; C:\WINDOWS\System32\Drivers\360AntiHacker64.sys [192600 2018-09-28] (Qihoo 360 Software (Beijing) Company Limited -> 360.cn)
R3 360AvFlt; C:\WINDOWS\System32\DRIVERS\360AvFlt.sys [95232 2018-03-13] (Qihoo 360 Software (Beijing) Company Limited -> 360.cn)
R3 360AvFlt; C:\Windows\SysWOW64\DRIVERS\360AvFlt.sys [95232 2018-09-28] (Qihoo 360 Software (Beijing) Company Limited -> 360.cn)
R1 360Box64; C:\WINDOWS\System32\DRIVERS\360Box64.sys [340568 2018-09-28] (Qihoo 360 Software (Beijing) Company Limited -> 360.cn)
R1 360Camera; C:\WINDOWS\System32\Drivers\360Camera64.sys [57848 2018-03-13] (Qihoo 360 Software (Beijing) Company Limited -> 360.cn)
R1 360FsFlt; C:\WINDOWS\System32\DRIVERS\360FsFlt.sys [443992 2018-09-28] (Qihoo 360 Software (Beijing) Company Limited -> 360.cn)
R1 360netmon; C:\WINDOWS\System32\DRIVERS\360netmon.sys [96424 2018-03-13] (Qihoo 360 Software (Beijing) Company Limited -> 360.cn)
R3 AFTrafMgr1.4; C:\Program Files (x86)\Hotspot Shield\bin\TrafMgr_1_4_64.sys [56840 2018-04-04] (AnchorFree Inc -> AnchorFree Inc.)
R3 amdkmdag; C:\WINDOWS\system32\DRIVERS\atikmdag.sys [26706464 2016-08-04] (Microsoft Windows Hardware Compatibility Publisher -> Advanced Micro Devices, Inc.)
R3 amdkmdap; C:\WINDOWS\system32\DRIVERS\atikmpag.sys [518176 2016-08-04] (Microsoft Windows Hardware Compatibility Publisher -> Advanced Micro Devices, Inc.)
R0 amdkmpfd; C:\WINDOWS\System32\drivers\amdkmpfd.sys [73976 2015-06-04] (Advanced Micro Devices, Inc. -> Advanced Micro Devices, Inc.)
R3 athr; C:\WINDOWS\System32\drivers\athw8x.sys [4233728 2018-04-12] (Microsoft Windows -> Qualcomm Atheros Communications, Inc.)
R1 BAPIDRV; C:\WINDOWS\System32\DRIVERS\BAPIDRV64.sys [211160 2018-12-21] (Beijing Qihu Technology Co., Ltd. -> 360.cn)
R3 BtFilter; C:\WINDOWS\system32\DRIVERS\btfilter.sys [610336 2016-07-13] (Microsoft Windows Hardware Compatibility Publisher -> Qualcomm Atheros)
S3 CYUSB3; C:\WINDOWS\System32\Drivers\CYUSB3.sys [90536 2018-08-12] (Cypress Semiconductor Corporation -> Cypress Semiconductor)
S3 GunBod; C:\WINDOWS\system32\gunbod64.sys [84384 2017-02-09] (Beijing Apex Weifeng Technology Co.,Ltd. -> )
R3 IUProcessFilter; C:\Program Files (x86)\IObit\IObit Uninstaller\drivers\win10_amd64\IUProcessFilter.sys [37184 2018-10-16] (IObit Information Technology -> IObit)
R3 IURegistryFilter; C:\Program Files (x86)\IObit\IObit Uninstaller\drivers\win10_amd64\IURegistryFilter.sys [43392 2018-10-16] (IObit Information Technology -> IObit)
S3 LGSHidFilt; C:\WINDOWS\system32\DRIVERS\LGSHidFilt.Sys [64280 2013-05-31] (Logitech -> Logitech Inc.)
R0 MBAMSwissArmy; C:\WINDOWS\System32\Drivers\mbamswissarmy.sys [253664 2019-04-19] (Malwarebytes Corporation -> Malwarebytes)
R3 MEIx64; C:\WINDOWS\system32\DRIVERS\TeeDriverx64.sys [99288 2013-09-16] (Intel Corporation - Intel® Management Engine Firmware -> Intel Corporation)
S3 Netaapl; C:\WINDOWS\System32\drivers\netaapl64.sys [23040 2014-08-15] (Microsoft Windows Hardware Compatibility Publisher -> Apple Inc.)
R2 NPF; C:\WINDOWS\System32\drivers\npf.sys [36600 2013-03-01] (Riverbed Technology, Inc. -> Riverbed Technology, Inc.)
R3 rt640x64; C:\WINDOWS\System32\drivers\rt640x64.sys [886528 2015-07-22] (Realtek Semiconductor Corp -> Realtek )
R3 RTSUER; C:\WINDOWS\system32\Drivers\RtsUer.sys [410880 2015-07-03] (Realtek Semiconductor Corp -> Realsil Semiconductor Corporation)
R3 rtsuvc; C:\WINDOWS\system32\DRIVERS\rtsuvc.sys [3068160 2015-06-16] (Realtek Semiconductor Corp -> Realtek Semiconductor Corp.)
S3 rzendpt; C:\WINDOWS\System32\drivers\rzendpt.sys [50392 2015-08-14] (Razer Inc. -> Razer Inc)
S3 semav6msr64; C:\WINDOWS\system32\drivers\semav6msr64.sys [21984 2016-10-18] (Intel(R) Code Signing External -> )
R3 taphss6; C:\WINDOWS\System32\drivers\taphss6.sys [42064 2016-08-23] (AnchorFree Inc -> Anchorfree Inc.)
S3 USBAAPL64; C:\WINDOWS\System32\Drivers\usbaapl64.sys [54784 2015-06-17] (Microsoft Windows Hardware Compatibility Publisher -> Apple, Inc.)
S3 VBAudioVMVAIOMME; C:\WINDOWS\system32\DRIVERS\vbaudio_vmvaio64_win7.sys [41192 2015-11-07] (Vincent Burel -> Windows (R) Win 7 DDK provider)
S3 WdBoot; C:\WINDOWS\system32\drivers\WdBoot.sys [44616 2018-04-12] (Microsoft Windows Early Launch Anti-malware Publisher -> Microsoft Corporation)
S3 WdFilter; C:\WINDOWS\system32\drivers\WdFilter.sys [331680 2018-04-12] (Microsoft Windows -> Microsoft Corporation)
S3 WdNisDrv; C:\WINDOWS\System32\Drivers\WdNisDrv.sys [44032 2018-04-12] (Microsoft Windows -> Microsoft Corporation)
R2 WtfEngineDrv; C:\WINDOWS\system32\DRIVERS\WtfEngineDrv.sys [37872 2016-05-20] (Initex, OOO -> AAA Internet Publishing, Inc.)
R1 YSDrv; C:\Program Files (x86)\Bignox\BigNoxVM\RT\YSDrv.sys [270608 2017-12-21] (Beijing Duodian Online Science and Technology Co.,Ltd -> BigNox Corporation)
R2 {329F96B6-DF1E-4328-BFDA-39EA953C1312}; C:\Program Files (x86)\CyberLink\PowerDVD11\Common\NavFilter\000.fcl [148976 2011-04-12] (CyberLink -> CyberLink Corp.)
U3 aswbdisk; no ImagePath
U3 idsvc; no ImagePath

==================== NetSvcs (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)


==================== One month (created) ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2019-04-19 12:46 - 2019-04-19 12:46 - 000000000 ____D C:\Users\Lenovo\AppData\Local\Mozilla
2019-04-19 12:45 - 2019-04-19 12:45 - 000000000 ____D C:\Users\Lenovo\Downloads\FRST-OlderVersion
2019-04-19 10:06 - 2019-04-19 10:19 - 000003530 _____ C:\WINDOWS\System32\Tasks\GoogleUpdateTaskMachineUA
2019-04-19 10:06 - 2019-04-19 10:19 - 000003406 _____ C:\WINDOWS\System32\Tasks\GoogleUpdateTaskMachineCore
2019-04-19 10:06 - 2019-04-19 10:06 - 000002303 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk
2019-04-19 10:06 - 2019-04-19 10:06 - 000002262 _____ C:\Users\Public\Desktop\Google Chrome.lnk
2019-04-19 10:03 - 2019-04-19 10:03 - 000000000 ____D C:\Program Files (x86)\Mozilla Firefox
2019-04-19 09:59 - 2019-04-19 09:59 - 001622528 _____ C:\Users\Lenovo\Downloads\resetbrowser.exe
2019-04-19 09:47 - 2019-04-19 09:49 - 005208384 _____ C:\WINDOWS\system32\FNTCACHE.DAT
2019-04-19 09:42 - 2019-04-19 09:44 - 000000000 ____D C:\AdwCleaner
2019-04-19 09:38 - 2019-04-19 09:40 - 007025360 _____ (Malwarebytes) C:\Users\Lenovo\Downloads\adwcleaner_7.3.exe
2019-04-19 02:27 - 2019-04-19 02:27 - 000253664 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\mbamswissarmy.sys
2019-04-19 02:14 - 2019-04-19 02:21 - 000079423 _____ C:\Users\Lenovo\Downloads\Addition.txt
2019-04-19 02:10 - 2019-04-19 12:47 - 000032944 _____ C:\Users\Lenovo\Downloads\FRST.txt
2019-04-19 02:10 - 2019-04-19 12:45 - 002434048 _____ (Farbar) C:\Users\Lenovo\Downloads\FRST64.exe
2019-04-19 02:10 - 2019-04-19 12:45 - 000000000 ____D C:\FRST
2019-04-19 01:58 - 2019-04-19 01:58 - 037133296 _____ (Hankuper s.r.o.) C:\Users\Lenovo\Downloads\Adlock_Installer (2).exe
2019-04-19 01:24 - 2019-04-19 01:24 - 037133296 _____ (Hankuper s.r.o.) C:\Users\Lenovo\Downloads\Adlock_Installer (1).exe
2019-04-18 13:15 - 2019-04-19 10:06 - 000000000 ____D C:\Program Files (x86)\Google
2019-04-18 13:15 - 2019-04-18 13:16 - 000000000 ____D C:\Users\Lenovo\AppData\Local\Google clean
2019-04-18 12:52 - 2019-04-18 12:52 - 000000000 ____D C:\WINDOWS\Tasks\ImCleanDisabled
2019-04-18 12:50 - 2019-04-19 09:55 - 000000000 ____D C:\ProgramData\ProductData
2019-04-18 12:50 - 2019-04-18 12:51 - 000000000 ____D C:\Users\Lenovo\AppData\LocalLow\IObit
2019-04-18 12:50 - 2019-04-18 12:50 - 000002950 _____ C:\WINDOWS\System32\Tasks\Uninstaller_SkipUac_Lenovo
2019-04-18 12:49 - 2019-04-18 12:55 - 000000000 ____D C:\Users\Lenovo\AppData\Roaming\IObit
2019-04-18 12:49 - 2019-04-18 12:54 - 000000000 ____D C:\ProgramData\IObit
2019-04-18 12:49 - 2019-04-18 12:49 - 000001430 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\IObit Uninstaller.lnk
2019-04-18 12:49 - 2019-04-18 12:49 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\IObit Uninstaller
2019-04-18 12:49 - 2019-04-18 12:49 - 000000000 ____D C:\Program Files (x86)\IObit
2019-04-18 12:30 - 2019-04-19 10:10 - 000000000 ____D C:\Program Files (x86)\TeamViewer
2019-04-18 12:30 - 2019-04-18 12:30 - 000001118 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\TeamViewer 14.lnk
2019-04-18 12:30 - 2019-04-18 12:30 - 000001106 _____ C:\Users\Public\Desktop\TeamViewer 14.lnk
2019-04-13 05:25 - 2019-04-13 05:25 - 000000077 _____ C:\WINDOWS\system32\Drivers\aswSP.sys.sum
2019-04-10 09:53 - 2019-04-02 14:40 - 000534016 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\vbscript.dll
2019-04-10 09:53 - 2019-03-15 00:34 - 000127488 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppxSysprep.dll
2019-04-10 09:53 - 2019-03-14 18:17 - 002258944 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mssrch.dll
2019-04-10 09:53 - 2019-03-14 18:17 - 000288768 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Search.ProtocolHandler.MAPI2.dll
2019-04-10 09:53 - 2019-03-14 18:14 - 000345088 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\SearchProtocolHost.exe
2019-04-10 09:53 - 2019-03-14 18:14 - 000138240 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\smartscreenps.dll
2019-04-10 09:53 - 2019-03-14 18:13 - 000145408 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mssph.dll
2019-04-10 09:53 - 2019-03-14 17:58 - 000150016 _____ (Microsoft Corporation) C:\WINDOWS\system32\fcon.dll
2019-04-10 09:53 - 2019-03-14 17:56 - 000055296 _____ (Microsoft Corporation) C:\WINDOWS\system32\msscntrs.dll
2019-04-10 09:53 - 2019-03-14 17:54 - 000227328 _____ (Microsoft Corporation) C:\WINDOWS\system32\SearchFilterHost.exe
2019-04-10 09:52 - 2019-04-02 22:38 - 000094008 _____ (Microsoft Corporation) C:\WINDOWS\system32\rdpudd.dll
2019-04-10 09:52 - 2019-04-02 22:33 - 001634912 _____ (Microsoft Corporation) C:\WINDOWS\system32\gdi32full.dll
2019-04-10 09:52 - 2019-04-02 22:33 - 000719984 _____ (Microsoft Corporation) C:\WINDOWS\system32\kernel32.dll
2019-04-10 09:52 - 2019-04-02 22:19 - 012730880 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieframe.dll
2019-04-10 09:52 - 2019-04-02 22:19 - 000064000 _____ (Microsoft Corporation) C:\WINDOWS\system32\iemigplugin.dll
2019-04-10 09:52 - 2019-04-02 22:18 - 000059904 _____ (Microsoft Corporation) C:\WINDOWS\system32\mf3216.dll
2019-04-10 09:52 - 2019-04-02 22:16 - 001030144 _____ (Microsoft Corporation) C:\WINDOWS\system32\termsrv.dll
2019-04-10 09:52 - 2019-04-02 22:15 - 000140800 _____ (Microsoft Corporation) C:\WINDOWS\system32\oleprn.dll
2019-04-10 09:52 - 2019-04-02 22:13 - 001605632 _____ (Microsoft Corporation) C:\WINDOWS\system32\rdpcorets.dll
2019-04-10 09:52 - 2019-04-02 22:12 - 003643904 _____ (Microsoft Corporation) C:\WINDOWS\system32\win32kfull.sys
2019-04-10 09:52 - 2019-04-02 22:12 - 001364992 _____ (Microsoft Corporation) C:\WINDOWS\system32\bcastdvruserservice.dll
2019-04-10 09:52 - 2019-04-02 22:11 - 004053504 _____ (Microsoft Corporation) C:\WINDOWS\system32\msi.dll
2019-04-10 09:52 - 2019-04-02 22:11 - 001857536 _____ (Microsoft Corporation) C:\WINDOWS\system32\msxml3.dll
2019-04-10 09:52 - 2019-04-02 22:11 - 001662976 _____ (Microsoft Corporation) C:\WINDOWS\system32\GdiPlus.dll
2019-04-10 09:52 - 2019-04-02 22:10 - 000130048 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\luafv.sys
2019-04-10 09:52 - 2019-04-02 22:10 - 000033280 _____ (Microsoft Corporation) C:\WINDOWS\system32\sxssrv.dll
2019-04-10 09:52 - 2019-04-02 19:25 - 001454648 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\gdi32full.dll
2019-04-10 09:52 - 2019-04-02 19:25 - 000607960 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\kernel32.dll
2019-04-10 09:52 - 2019-04-02 19:11 - 011919360 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ieframe.dll
2019-04-10 09:52 - 2019-04-02 19:11 - 000046080 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mf3216.dll
2019-04-10 09:52 - 2019-04-02 19:10 - 000117760 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\oleprn.dll
2019-04-10 09:52 - 2019-04-02 19:08 - 002889216 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\win32kfull.sys
2019-04-10 09:52 - 2019-04-02 19:07 - 004054528 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msi.dll
2019-04-10 09:52 - 2019-04-02 19:07 - 001586688 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msxml3.dll
2019-04-10 09:52 - 2019-04-02 19:06 - 001470976 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\GdiPlus.dll
2019-04-10 09:52 - 2019-04-02 18:36 - 001035256 _____ (Microsoft Corporation) C:\WINDOWS\system32\ApplyTrustOffline.exe
2019-04-10 09:52 - 2019-04-02 18:24 - 000135184 _____ (Microsoft Corporation) C:\WINDOWS\system32\hvloader.dll
2019-04-10 09:52 - 2019-04-02 18:23 - 001023800 _____ (Microsoft Corporation) C:\WINDOWS\system32\hvax64.exe
2019-04-10 09:52 - 2019-04-02 18:22 - 001219896 _____ (Microsoft Corporation) C:\WINDOWS\system32\hvix64.exe
2019-04-10 09:52 - 2019-04-02 18:22 - 000567592 _____ (Microsoft Corporation) C:\WINDOWS\system32\tcblaunch.exe
2019-04-10 09:52 - 2019-04-02 18:22 - 000076088 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\hvservice.sys
2019-04-10 09:52 - 2019-04-02 18:21 - 007520136 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Media.Protection.PlayReady.dll
2019-04-10 09:52 - 2019-04-02 18:21 - 002822160 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\dxgkrnl.sys
2019-04-10 09:52 - 2019-04-02 18:21 - 002467536 _____ (Microsoft Corporation) C:\WINDOWS\system32\msxml6.dll
2019-04-10 09:52 - 2019-04-02 18:21 - 000735680 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppXDeploymentClient.dll
2019-04-10 09:52 - 2019-04-02 18:20 - 002719032 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\tcpip.sys
2019-04-10 09:52 - 2019-04-02 18:20 - 000412984 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\dxgmms1.sys
2019-04-10 09:52 - 2019-04-02 18:19 - 009083704 _____ (Microsoft Corporation) C:\WINDOWS\system32\ntoskrnl.exe
2019-04-10 09:52 - 2019-04-02 18:19 - 000793400 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\dxgmms2.sys
2019-04-10 09:52 - 2019-04-02 18:19 - 000786080 _____ (Microsoft Corporation) C:\WINDOWS\system32\oleaut32.dll
2019-04-10 09:52 - 2019-04-02 18:19 - 000713272 _____ (Microsoft Corporation) C:\WINDOWS\system32\MSVideoDSP.dll
2019-04-10 09:52 - 2019-04-02 18:01 - 025857536 _____ (Microsoft Corporation) C:\WINDOWS\system32\edgehtml.dll
2019-04-10 09:52 - 2019-04-02 17:53 - 022717440 _____ (Microsoft Corporation) C:\WINDOWS\system32\mshtml.dll
2019-04-10 09:52 - 2019-04-02 17:53 - 004384256 _____ (Microsoft Corporation) C:\WINDOWS\system32\EdgeContent.dll
2019-04-10 09:52 - 2019-04-02 17:51 - 003399680 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppXDeploymentServer.dll
2019-04-10 09:52 - 2019-04-02 17:50 - 007591936 _____ (Microsoft Corporation) C:\WINDOWS\system32\Chakra.dll
2019-04-10 09:52 - 2019-04-02 17:50 - 000808448 _____ (Microsoft Corporation) C:\WINDOWS\system32\EdgeManager.dll
2019-04-10 09:52 - 2019-04-02 17:49 - 001307648 _____ (Microsoft Corporation) C:\WINDOWS\system32\MSVPXENC.dll
2019-04-10 09:52 - 2019-04-02 17:49 - 000209408 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppXApplicabilityBlob.dll
2019-04-10 09:52 - 2019-04-02 17:48 - 001559552 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppXDeploymentExtensions.desktop.dll
2019-04-10 09:52 - 2019-04-02 17:48 - 000310272 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\netbt.sys
2019-04-10 09:52 - 2019-04-02 17:48 - 000154112 _____ (Microsoft Corporation) C:\WINDOWS\system32\Chakradiag.dll
2019-04-10 09:52 - 2019-04-02 17:47 - 001214464 _____ (Microsoft Corporation) C:\WINDOWS\system32\rdpcore.dll
2019-04-10 09:52 - 2019-04-02 17:47 - 000894464 _____ (Microsoft Corporation) C:\WINDOWS\system32\webplatstorageserver.dll
2019-04-10 09:52 - 2019-04-02 17:46 - 002174976 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppXDeploymentExtensions.onecore.dll
2019-04-10 09:52 - 2019-04-02 17:45 - 000323584 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppxAllUserStore.dll
2019-04-10 09:52 - 2019-04-02 17:44 - 002208768 _____ (Microsoft Corporation) C:\WINDOWS\system32\win32kbase.sys
2019-04-10 09:52 - 2019-04-02 17:44 - 001724416 _____ (Microsoft Corporation) C:\WINDOWS\system32\rdpserverbase.dll
2019-04-10 09:52 - 2019-04-02 17:44 - 001421312 _____ (Microsoft Corporation) C:\WINDOWS\system32\rdpbase.dll
2019-04-10 09:52 - 2019-04-02 17:43 - 000542720 _____ (Microsoft Corporation) C:\WINDOWS\system32\vbscript.dll
2019-04-10 09:52 - 2019-04-02 16:22 - 000001312 _____ C:\WINDOWS\system32\tcbres.wim
2019-04-10 09:52 - 2019-04-02 15:05 - 001989544 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msxml6.dll
2019-04-10 09:52 - 2019-04-02 15:04 - 006572120 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Media.Protection.PlayReady.dll
2019-04-10 09:52 - 2019-04-02 15:04 - 000604008 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\oleaut32.dll
2019-04-10 09:52 - 2019-04-02 15:04 - 000581832 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MSVideoDSP.dll
2019-04-10 09:52 - 2019-04-02 15:04 - 000560600 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\AppXDeploymentClient.dll
2019-04-10 09:52 - 2019-04-02 14:56 - 022018048 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\edgehtml.dll
2019-04-10 09:52 - 2019-04-02 14:50 - 019404800 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mshtml.dll
2019-04-10 09:52 - 2019-04-02 14:43 - 005788160 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Chakra.dll
2019-04-10 09:52 - 2019-04-02 14:43 - 000608768 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\EdgeManager.dll
2019-04-10 09:52 - 2019-04-02 14:43 - 000578560 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\webplatstorageserver.dll
2019-04-10 09:52 - 2019-04-02 14:42 - 001295360 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MSVPXENC.dll
2019-04-10 09:52 - 2019-04-02 14:41 - 001540096 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\rdpserverbase.dll
2019-04-10 09:52 - 2019-04-02 14:41 - 001235968 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\rdpbase.dll
2019-04-10 09:52 - 2019-04-02 14:41 - 000230912 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\AppxAllUserStore.dll
2019-04-10 09:52 - 2019-04-02 14:40 - 001073664 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\rdpcore.dll
2019-04-10 09:52 - 2019-03-16 22:54 - 001008640 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Media.MixedRealityCapture.dll
2019-04-10 09:52 - 2019-03-16 19:03 - 000868864 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Media.MixedRealityCapture.dll
2019-04-10 09:52 - 2019-03-15 00:55 - 001786680 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppVEntVirtualization.dll
2019-04-10 09:52 - 2019-03-15 00:53 - 001626928 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppVIntegration.dll
2019-04-10 09:52 - 2019-03-15 00:53 - 001038136 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppVPolicy.dll
2019-04-10 09:52 - 2019-03-15 00:53 - 000652088 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppVPublishing.dll
2019-04-10 09:52 - 2019-03-15 00:53 - 000400696 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppVScripting.dll
2019-04-10 09:52 - 2019-03-15 00:52 - 003933296 _____ (Microsoft Corporation) C:\WINDOWS\explorer.exe
2019-04-10 09:52 - 2019-03-15 00:52 - 001424696 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppVEntSubsystemController.dll
2019-04-10 09:52 - 2019-03-15 00:52 - 000954160 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppVManifest.dll
2019-04-10 09:52 - 2019-03-15 00:52 - 000830264 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppVOrchestration.dll
2019-04-10 09:52 - 2019-03-15 00:52 - 000827704 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppVClient.exe
2019-04-10 09:52 - 2019-03-15 00:52 - 000825144 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppVEntStreamingManager.dll
2019-04-10 09:52 - 2019-03-15 00:52 - 000749880 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppVReporting.dll
2019-04-10 09:52 - 2019-03-15 00:52 - 000670008 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppVCatalog.dll
2019-04-10 09:52 - 2019-03-15 00:52 - 000495416 _____ (Microsoft Corporation) C:\WINDOWS\system32\TransportDSA.dll
2019-04-10 09:52 - 2019-03-15 00:52 - 000164664 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\AppvVemgr.sys
2019-04-10 09:52 - 2019-03-15 00:51 - 000157192 _____ (Microsoft Corporation) C:\WINDOWS\system32\consent.exe
2019-04-10 09:52 - 2019-03-15 00:35 - 000011776 _____ (Microsoft Corporation) C:\WINDOWS\system32\appinfoext.dll
2019-04-10 09:52 - 2019-03-15 00:33 - 000182784 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\rdpdr.sys
2019-04-10 09:52 - 2019-03-15 00:33 - 000082432 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\storqosflt.sys
2019-04-10 09:52 - 2019-03-15 00:33 - 000030208 _____ (Microsoft Corporation) C:\WINDOWS\system32\RpcPing.exe
2019-04-10 09:52 - 2019-03-15 00:31 - 000198656 _____ (Microsoft Corporation) C:\WINDOWS\system32\wincredui.dll
2019-04-10 09:52 - 2019-03-15 00:30 - 000675328 _____ (Microsoft Corporation) C:\WINDOWS\system32\objsel.dll
2019-04-10 09:52 - 2019-03-15 00:30 - 000440832 _____ (Microsoft Corporation) C:\WINDOWS\system32\LockAppBroker.dll
2019-04-10 09:52 - 2019-03-15 00:29 - 000882688 _____ (Microsoft Corporation) C:\WINDOWS\system32\SmartcardCredentialProvider.dll
2019-04-10 09:52 - 2019-03-15 00:29 - 000727040 _____ (Microsoft Corporation) C:\WINDOWS\system32\cscsvc.dll
2019-04-10 09:52 - 2019-03-15 00:28 - 000560640 _____ (Microsoft Corporation) C:\WINDOWS\system32\dsound.dll
2019-04-10 09:52 - 2019-03-15 00:08 - 003611264 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\explorer.exe
2019-04-10 09:52 - 2019-03-14 23:56 - 000160768 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wincredui.dll
2019-04-10 09:52 - 2019-03-14 23:55 - 000026624 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\RpcPing.exe
2019-04-10 09:52 - 2019-03-14 23:53 - 000625664 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\SmartcardCredentialProvider.dll
2019-04-10 09:52 - 2019-03-14 23:53 - 000559104 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\objsel.dll
2019-04-10 09:52 - 2019-03-14 23:53 - 000375808 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\LockAppBroker.dll
2019-04-10 09:52 - 2019-03-14 23:52 - 000502784 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dsound.dll
2019-04-10 09:52 - 2019-03-14 18:57 - 000611640 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\spaceport.sys
2019-04-10 09:52 - 2019-03-14 18:56 - 000375096 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\pci.sys
2019-04-10 09:52 - 2019-03-14 18:38 - 000380728 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msv1_0.dll
2019-04-10 09:52 - 2019-03-14 18:38 - 000090360 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mpr.dll
2019-04-10 09:52 - 2019-03-14 18:37 - 006043496 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\windows.storage.dll
2019-04-10 09:52 - 2019-03-14 18:37 - 002256248 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\iertutil.dll
2019-04-10 09:52 - 2019-03-14 18:37 - 001171568 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ucrtbase.dll
2019-04-10 09:52 - 2019-03-14 18:28 - 000152072 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\wcifs.sys
2019-04-10 09:52 - 2019-03-14 18:27 - 000436024 _____ (Microsoft Corporation) C:\WINDOWS\system32\msv1_0.dll
2019-04-10 09:52 - 2019-03-14 18:27 - 000097600 _____ (Microsoft Corporation) C:\WINDOWS\system32\mpr.dll
2019-04-10 09:52 - 2019-03-14 18:26 - 007436016 _____ (Microsoft Corporation) C:\WINDOWS\system32\windows.storage.dll
2019-04-10 09:52 - 2019-03-14 18:26 - 002768448 _____ (Microsoft Corporation) C:\WINDOWS\system32\iertutil.dll
2019-04-10 09:52 - 2019-03-14 18:26 - 002421048 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\ntfs.sys
2019-04-10 09:52 - 2019-03-14 18:26 - 001457576 _____ (Microsoft Corporation) C:\WINDOWS\system32\winload.efi
2019-04-10 09:52 - 2019-03-14 18:26 - 001258688 _____ (Microsoft Corporation) C:\WINDOWS\system32\winload.exe
2019-04-10 09:52 - 2019-03-14 18:26 - 001140984 _____ (Microsoft Corporation) C:\WINDOWS\system32\winresume.efi
2019-04-10 09:52 - 2019-03-14 18:26 - 001014344 _____ (Microsoft Corporation) C:\WINDOWS\system32\ucrtbase.dll
2019-04-10 09:52 - 2019-03-14 18:26 - 000983424 _____ (Microsoft Corporation) C:\WINDOWS\system32\winresume.exe
2019-04-10 09:52 - 2019-03-14 18:26 - 000481048 _____ (Microsoft Corporation) C:\WINDOWS\system32\ucrtbase_enclave.dll
2019-04-10 09:52 - 2019-03-14 18:26 - 000175416 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\spacedump.sys
2019-04-10 09:52 - 2019-03-14 18:22 - 002700288 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\tquery.dll
2019-04-10 09:52 - 2019-03-14 18:20 - 006661632 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Data.Pdf.dll
2019-04-10 09:52 - 2019-03-14 18:19 - 003711488 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\jscript9.dll
2019-04-10 09:52 - 2019-03-14 18:19 - 002969600 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\cdp.dll
2019-04-10 09:52 - 2019-03-14 18:18 - 005307392 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\d2d1.dll
2019-04-10 09:52 - 2019-03-14 18:18 - 000095744 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\UserDataTimeUtil.dll
2019-04-10 09:52 - 2019-03-14 18:18 - 000035840 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\credui.dll
2019-04-10 09:52 - 2019-03-14 18:18 - 000002560 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\tzres.dll
2019-04-10 09:52 - 2019-03-14 18:17 - 000561152 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\jscript9diag.dll
2019-04-10 09:52 - 2019-03-14 18:17 - 000261632 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dhcpcore6.dll
2019-04-10 09:52 - 2019-03-14 18:17 - 000105472 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wcmapi.dll
2019-04-10 09:52 - 2019-03-14 18:17 - 000057344 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ntlanman.dll
2019-04-10 09:52 - 2019-03-14 18:16 - 000392192 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\daxexec.dll
2019-04-10 09:52 - 2019-03-14 18:16 - 000333824 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\edgeIso.dll
2019-04-10 09:52 - 2019-03-14 18:15 - 000415744 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\schannel.dll
2019-04-10 09:52 - 2019-03-14 18:15 - 000318464 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dhcpcore.dll
2019-04-10 09:52 - 2019-03-14 18:15 - 000195072 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ShellCommonCommonProxyStub.dll
2019-04-10 09:52 - 2019-03-14 18:15 - 000102400 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\negoexts.dll
2019-04-10 09:52 - 2019-03-14 18:14 - 001070080 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\aadtb.dll
2019-04-10 09:52 - 2019-03-14 18:14 - 000856576 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\SearchIndexer.exe
2019-04-10 09:52 - 2019-03-14 18:14 - 000735744 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mssvp.dll
2019-04-10 09:52 - 2019-03-14 18:14 - 000330752 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Graphics.Printing.Workflow.dll
2019-04-10 09:52 - 2019-03-14 18:14 - 000251904 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msIso.dll
2019-04-10 09:52 - 2019-03-14 18:13 - 001468416 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ieapfltr.dll
2019-04-10 09:52 - 2019-03-14 18:13 - 000669696 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\jscript.dll
2019-04-10 09:52 - 2019-03-14 18:01 - 008188928 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Data.Pdf.dll
2019-04-10 09:52 - 2019-03-14 17:58 - 004708864 _____ (Microsoft Corporation) C:\WINDOWS\system32\cdp.dll
2019-04-10 09:52 - 2019-03-14 17:58 - 002509824 _____ (Microsoft Corporation) C:\WINDOWS\system32\smartscreen.exe
2019-04-10 09:52 - 2019-03-14 17:57 - 004866560 _____ (Microsoft Corporation) C:\WINDOWS\system32\jscript9.dll
2019-04-10 09:52 - 2019-03-14 17:57 - 000106496 _____ (Microsoft Corporation) C:\WINDOWS\system32\NotificationControllerPS.dll
2019-04-10 09:52 - 2019-03-14 17:56 - 003392000 _____ (Microsoft Corporation) C:\WINDOWS\system32\tquery.dll
2019-04-10 09:52 - 2019-03-14 17:56 - 000144384 _____ (Microsoft Corporation) C:\WINDOWS\system32\mssprxy.dll
2019-04-10 09:52 - 2019-03-14 17:56 - 000120320 _____ (Microsoft Corporation) C:\WINDOWS\system32\UserDataTimeUtil.dll
2019-04-10 09:52 - 2019-03-14 17:56 - 000002560 _____ (Microsoft Corporation) C:\WINDOWS\system32\tzres.dll
2019-04-10 09:52 - 2019-03-14 17:55 - 003601920 _____ (Microsoft Corporation) C:\WINDOWS\system32\Microsoft.Bluetooth.Service.dll
2019-04-10 09:52 - 2019-03-14 17:55 - 002739200 _____ (Microsoft Corporation) C:\WINDOWS\system32\mssrch.dll
2019-04-10 09:52 - 2019-03-14 17:55 - 000528896 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\nwifi.sys
2019-04-10 09:52 - 2019-03-14 17:55 - 000458752 _____ (Microsoft Corporation) C:\WINDOWS\system32\cloudAP.dll
2019-04-10 09:52 - 2019-03-14 17:55 - 000414720 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\cldflt.sys
2019-04-10 09:52 - 2019-03-14 17:55 - 000141312 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppointmentActivation.dll
2019-04-10 09:52 - 2019-03-14 17:55 - 000134656 _____ (Microsoft Corporation) C:\WINDOWS\system32\wcmapi.dll
2019-04-10 09:52 - 2019-03-14 17:55 - 000099328 _____ (Microsoft Corporation) C:\WINDOWS\system32\ActiveSyncCsp.dll
2019-04-10 09:52 - 2019-03-14 17:55 - 000069120 _____ (Microsoft Corporation) C:\WINDOWS\system32\ntlanman.dll
2019-04-10 09:52 - 2019-03-14 17:55 - 000062976 _____ (Microsoft Corporation) C:\WINDOWS\system32\EASPolicyManagerBrokerHost.exe
2019-04-10 09:52 - 2019-03-14 17:55 - 000048640 _____ (Microsoft Corporation) C:\WINDOWS\system32\credui.dll
2019-04-10 09:52 - 2019-03-14 17:54 - 002368000 _____ (Microsoft Corporation) C:\WINDOWS\system32\WebRuntimeManager.dll
2019-04-10 09:52 - 2019-03-14 17:54 - 000566784 _____ (Microsoft Corporation) C:\WINDOWS\system32\daxexec.dll
2019-04-10 09:52 - 2019-03-14 17:54 - 000395776 _____ (Microsoft Corporation) C:\WINDOWS\system32\Search.ProtocolHandler.MAPI2.dll
2019-04-10 09:52 - 2019-03-14 17:54 - 000354304 _____ (Microsoft Corporation) C:\WINDOWS\system32\dhcpcore.dll
2019-04-10 09:52 - 2019-03-14 17:54 - 000279552 _____ (Microsoft Corporation) C:\WINDOWS\system32\dhcpcore6.dll
2019-04-10 09:52 - 2019-03-14 17:54 - 000273408 _____ (Microsoft Corporation) C:\WINDOWS\system32\ubpm.dll
2019-04-10 09:52 - 2019-03-14 17:54 - 000231936 _____ (Microsoft Corporation) C:\WINDOWS\system32\wcmcsp.dll
2019-04-10 09:52 - 2019-03-14 17:54 - 000118784 _____ (Microsoft Corporation) C:\WINDOWS\system32\negoexts.dll
2019-04-10 09:52 - 2019-03-14 17:54 - 000110592 _____ (Microsoft Corporation) C:\WINDOWS\system32\ngcpopkeysrv.dll
2019-04-10 09:52 - 2019-03-14 17:53 - 000787968 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\WdiWiFi.sys
2019-04-10 09:52 - 2019-03-14 17:53 - 000726528 _____ (Microsoft Corporation) C:\WINDOWS\system32\jscript9diag.dll
2019-04-10 09:52 - 2019-03-14 17:53 - 000473600 _____ (Microsoft Corporation) C:\WINDOWS\system32\schannel.dll
2019-04-10 09:52 - 2019-03-14 17:53 - 000456192 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Graphics.Printing.Workflow.dll
2019-04-10 09:52 - 2019-03-14 17:52 - 002909696 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuaueng.dll
2019-04-10 09:52 - 2019-03-14 17:52 - 000532992 _____ (Microsoft Corporation) C:\WINDOWS\system32\QuietHours.dll
2019-04-10 09:52 - 2019-03-14 17:52 - 000404480 _____ (Microsoft Corporation) C:\WINDOWS\system32\ShellCommonCommonProxyStub.dll
2019-04-10 09:52 - 2019-03-14 17:52 - 000201728 _____ (Microsoft Corporation) C:\WINDOWS\system32\smartscreenps.dll
2019-04-10 09:52 - 2019-03-14 17:51 - 001216000 _____ (Microsoft Corporation) C:\WINDOWS\system32\NotificationController.dll
2019-04-10 09:52 - 2019-03-14 17:51 - 001058304 _____ (Microsoft Corporation) C:\WINDOWS\system32\SearchIndexer.exe
2019-04-10 09:52 - 2019-03-14 17:51 - 000226304 _____ (Microsoft Corporation) C:\WINDOWS\system32\TetheringMgr.dll
2019-04-10 09:52 - 2019-03-14 17:50 - 001587712 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieapfltr.dll
2019-04-10 09:52 - 2019-03-14 17:50 - 001410560 _____ (Microsoft Corporation) C:\WINDOWS\system32\aadtb.dll
2019-04-10 09:52 - 2019-03-14 17:50 - 000947200 _____ (Microsoft Corporation) C:\WINDOWS\system32\wcmsvc.dll
2019-04-10 09:52 - 2019-03-14 17:50 - 000847360 _____ (Microsoft Corporation) C:\WINDOWS\system32\bisrv.dll
2019-04-10 09:52 - 2019-03-14 17:50 - 000796672 _____ (Microsoft Corporation) C:\WINDOWS\system32\mssvp.dll
2019-04-10 09:52 - 2019-03-14 17:50 - 000776192 _____ (Microsoft Corporation) C:\WINDOWS\system32\jscript.dll
2019-04-10 09:52 - 2019-03-14 17:50 - 000507392 _____ (Microsoft Corporation) C:\WINDOWS\system32\edgeIso.dll
2019-04-10 09:52 - 2019-03-14 17:50 - 000406528 _____ (Microsoft Corporation) C:\WINDOWS\system32\SearchProtocolHost.exe
2019-04-10 09:52 - 2019-03-14 17:50 - 000176640 _____ (Microsoft Corporation) C:\WINDOWS\system32\mssph.dll
2019-04-10 09:52 - 2019-03-14 11:57 - 001311744 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msjet40.dll
2019-04-10 09:52 - 2019-03-14 11:57 - 000475648 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msxbde40.dll
2019-04-10 09:52 - 2019-03-14 11:57 - 000375808 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mspbde40.dll
2019-04-10 09:52 - 2019-03-14 11:57 - 000352768 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msrd3x40.dll
2019-04-10 09:52 - 2019-03-14 11:57 - 000340992 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msexcl40.dll
2019-04-09 03:02 - 2019-04-09 03:02 - 000000000 ____D C:\ProgramData\Hankuper
2019-04-09 03:02 - 2019-04-09 03:02 - 000000000 ____D C:\Program Files\AdLock
2019-04-09 02:58 - 2019-04-09 02:58 - 036153840 _____ (Hankuper s.r.o.) C:\Users\Lenovo\Downloads\Adlock_Installer.exe
2019-04-09 00:08 - 2019-04-09 00:08 - 003976665 _____ C:\Users\Lenovo\Downloads\Mega Man Battle Network 2 (USA).zip
2019-04-06 18:30 - 2019-04-06 18:30 - 000364952 _____ C:\Users\Lenovo\Downloads\download.pdf
2019-04-05 11:04 - 2019-04-05 11:04 - 000192384 _____ C:\Users\Lenovo\Downloads\9299 (1) (1).pdf
2019-04-05 11:02 - 2019-04-05 11:02 - 000182444 _____ C:\Users\Lenovo\Downloads\9299 (1).pdf
2019-04-05 11:00 - 2019-04-05 11:00 - 000182444 _____ C:\Users\Lenovo\Downloads\929 (1).pdf
2019-04-05 10:00 - 2019-04-05 10:00 - 000338279 _____ C:\Users\Lenovo\Downloads\form 80 2015-2019(1) (1)[1145].pdf
2019-04-01 15:19 - 2019-04-01 15:19 - 000182444 _____ C:\Users\Lenovo\Downloads\929.pdf
2019-04-01 15:01 - 2019-04-01 15:01 - 000233489 _____ C:\Users\Lenovo\Downloads\form 80 2015-2019(1) (1).pdf
2019-03-31 01:33 - 2019-03-31 01:33 - 000000000 ____D C:\Users\Lenovo\Downloads\New folder
2019-03-27 12:24 - 2019-03-27 12:24 - 000233489 _____ C:\Users\Lenovo\Downloads\form 80 2015-2019(1).pdf
2019-03-25 13:27 - 2019-03-25 13:27 - 000063894 _____ C:\Users\Lenovo\Downloads\Albert - Akta lahir.pdf
2019-03-25 13:02 - 2019-03-25 13:02 - 001771175 _____ C:\Users\Lenovo\Downloads\Statement20181231.pdf
2019-03-25 13:01 - 2019-03-25 13:01 - 000116172 _____ C:\Users\Lenovo\Downloads\scoreReport (2).pdf
2019-03-21 23:11 - 2019-03-23 15:36 - 000000000 ____D C:\ProgramData\Stardock
2019-03-21 23:11 - 2019-03-21 23:11 - 000000000 ____D C:\Users\Lenovo\AppData\Local\Stardock
2019-03-21 23:10 - 2019-03-21 23:10 - 000000000 ____D C:\Users\Lenovo\Documents\My Games
2019-03-21 23:10 - 2019-03-21 23:10 - 000000000 ____D C:\Users\Lenovo\AppData\LocalLow\MohawkGames
2019-03-20 14:46 - 2019-03-20 14:46 - 000085072 _____ C:\Users\Lenovo\Downloads\Unconfirmed 583584.crdownload

==================== One month (modified) ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2019-04-19 12:47 - 2018-03-22 21:37 - 000000000 ____D C:\ProgramData\360safe
2019-04-19 12:47 - 2016-12-21 04:23 - 000000000 ____D C:\Users\Lenovo\AppData\LocalLow\Mozilla
2019-04-19 12:47 - 2014-11-25 18:39 - 000000000 ____D C:\ProgramData\Mozilla
2019-04-19 12:46 - 2018-04-12 09:38 - 000000000 ____D C:\ProgramData\regid.1991-06.com.microsoft
2019-04-19 12:46 - 2014-11-25 18:39 - 000000000 ____D C:\Users\Lenovo\AppData\Roaming\Mozilla
2019-04-19 12:21 - 2018-05-26 17:01 - 000000000 ____D C:\WINDOWS\system32\SleepStudy
2019-04-19 10:24 - 2018-03-22 21:37 - 000000000 ____D C:\Users\Lenovo\AppData\LocalLow\360WD
2019-04-19 10:20 - 2014-12-30 12:34 - 000000000 ____D C:\Users\Lenovo\AppData\Local\CrashDumps
2019-04-19 10:09 - 2018-05-26 17:40 - 000000006 ____H C:\WINDOWS\Tasks\SA.DAT
2019-04-19 10:09 - 2014-11-25 18:39 - 000000000 ____D C:\Program Files (x86)\Mozilla Maintenance Service
2019-04-19 10:08 - 2018-04-12 07:04 - 000524288 _____ C:\WINDOWS\system32\config\BBI
2019-04-19 10:08 - 2018-03-22 21:37 - 000000000 _RSHD C:\360SANDBOX
2019-04-19 10:04 - 2014-11-25 18:39 - 000001234 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Firefox.lnk
2019-04-19 10:01 - 2018-03-22 22:30 - 000000000 __SHD C:\$360Section
2019-04-19 10:01 - 2018-03-22 22:05 - 000000000 ____D C:\ProgramData\360Quarant
2019-04-19 09:47 - 2018-03-25 05:46 - 000000000 ____D C:\Program Files (x86)\Driver Support
2019-04-19 04:48 - 2018-04-12 09:38 - 000000000 ____D C:\WINDOWS\AppReadiness
2019-04-19 02:36 - 2017-09-30 14:04 - 000000000 ____D C:\Users\Lenovo\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Albion Online
2019-04-19 02:35 - 2019-02-26 14:27 - 000000000 ____D C:\WINDOWS\Minidump
2019-04-19 02:35 - 2018-04-12 09:36 - 000000000 ____D C:\WINDOWS\INF
2019-04-19 01:45 - 2018-03-22 23:45 - 000000410 __RSH C:\ProgramData\ntuser.pol
2019-04-18 15:45 - 2017-12-30 07:35 - 000000000 ____D C:\Users\Lenovo\AppData\Local\Packages
2019-04-18 13:26 - 2017-10-16 00:08 - 000000000 ____D C:\ProgramData\Package Cache
2019-04-18 13:26 - 2017-05-27 00:44 - 000000000 ____D C:\ProgramData\Adguard
2019-04-18 13:26 - 2017-05-27 00:43 - 000000000 ____D C:\Program Files (x86)\Adguard
2019-04-18 12:32 - 2015-09-12 20:58 - 000000000 ____D C:\Users\Lenovo\AppData\Local\TeamViewer
2019-04-18 12:30 - 2018-05-26 17:10 - 000000000 ____D C:\Users\DefaultAppPool
2019-04-18 12:30 - 2015-09-12 20:45 - 000000000 ____D C:\Users\Lenovo\AppData\Roaming\TeamViewer
2019-04-18 10:28 - 2018-03-22 21:37 - 000000000 ____D C:\Users\Lenovo\AppData\Roaming\360safe
2019-04-18 10:20 - 2018-05-26 17:10 - 000000000 ____D C:\Users\Lenovo
2019-04-18 10:14 - 2018-04-12 09:38 - 000000000 ____D C:\WINDOWS\system32\NDF
2019-04-18 03:57 - 2018-03-24 19:05 - 000000428 _____ C:\WINDOWS\Tasks\Driver Easy Scheduled Scan.job
2019-04-18 03:50 - 2019-02-16 23:48 - 000003752 _____ C:\WINDOWS\System32\Tasks\Opera scheduled assistant Autoupdate 1550324909
2019-04-18 03:50 - 2018-05-26 17:40 - 000003752 _____ C:\WINDOWS\System32\Tasks\Adobe Flash Player NPAPI Notifier
2019-04-18 03:50 - 2018-05-26 17:40 - 000003556 _____ C:\WINDOWS\System32\Tasks\Driver Easy Scheduled Scan
2019-04-18 03:50 - 2018-05-26 17:40 - 000002970 _____ C:\WINDOWS\System32\Tasks\IntelSURQC-Upgrade-86621605-2a0b-4128-8ffc-15514c247132
2019-04-18 03:50 - 2018-05-26 17:40 - 000002646 _____ C:\WINDOWS\System32\Tasks\McAfee Remediation (Prepare)
2019-04-18 03:50 - 2018-05-26 17:40 - 000002604 _____ C:\WINDOWS\System32\Tasks\IntelSURQC-Upgrade-86621605-2a0b-4128-8ffc-15514c247132-Logon
2019-04-18 03:50 - 2018-05-26 17:40 - 000002220 _____ C:\WINDOWS\System32\Tasks\CCleanerSkipUAC
2019-04-18 03:50 - 2018-05-26 17:40 - 000002202 _____ C:\WINDOWS\System32\Tasks\StartCN
2019-04-18 03:48 - 2019-03-18 21:26 - 000000000 ____D C:\WINDOWS\System32\Tasks\Avast Software
2019-04-18 01:12 - 2017-09-28 20:12 - 000061060 _____ C:\Users\Lenovo\Desktop\Share.xlsx
2019-04-17 19:52 - 2018-04-12 09:38 - 000000000 ___HD C:\Program Files\WindowsApps
2019-04-16 13:23 - 2018-12-26 22:02 - 000019344 _____ C:\Users\Lenovo\Desktop\Mascot-202-RENT.xlsx
2019-04-13 19:26 - 2016-09-22 12:11 - 000000000 ____D C:\Users\Lenovo\AppData\Roaming\vlc
2019-04-13 05:25 - 2019-03-18 21:25 - 000476264 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\asw1af7b8ca475981fe.tmp
2019-04-12 12:56 - 2018-03-25 06:00 - 000000000 ____D C:\Program Files (x86)\Intel Driver and Support Assistant
2019-04-12 03:45 - 2018-05-27 10:37 - 000503220 _____ C:\WINDOWS\system32\perfh011.dat
2019-04-12 03:45 - 2018-05-27 10:37 - 000145096 _____ C:\WINDOWS\system32\perfc011.dat
2019-04-12 03:45 - 2018-05-26 17:09 - 001571872 _____ C:\WINDOWS\system32\PerfStringBackup.INI
2019-04-12 02:47 - 2018-03-22 21:47 - 000001443 _____ C:\Users\Lenovo\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Opera Browser.lnk
2019-04-11 18:06 - 2018-03-22 21:38 - 000000000 ____D C:\Users\Lenovo\AppData\Roaming\360TotalSecurity
2019-04-11 17:47 - 2018-04-12 19:20 - 000000000 ____D C:\Program Files\Windows Defender Advanced Threat Protection
2019-04-11 17:47 - 2018-04-12 09:38 - 000000000 ___RD C:\Program Files\Windows Defender
2019-04-11 17:47 - 2018-04-12 09:38 - 000000000 ____D C:\WINDOWS\TextInput
2019-04-11 17:47 - 2018-04-12 09:38 - 000000000 ____D C:\WINDOWS\PolicyDefinitions
2019-04-11 17:47 - 2018-04-12 09:38 - 000000000 ____D C:\WINDOWS\bcastdvr
2019-04-10 10:03 - 2018-04-12 09:30 - 000000000 ____D C:\WINDOWS\CbsTemp
2019-04-10 09:51 - 2015-03-13 02:43 - 000000000 ____D C:\WINDOWS\system32\MRT
2019-04-10 09:44 - 2015-03-13 02:42 - 131129288 ____C (Microsoft Corporation) C:\WINDOWS\system32\MRT.exe
2019-04-07 23:23 - 2018-03-22 21:48 - 000000000 ____D C:\Users\Lenovo\AppData\Roaming\360DrvMgr
2019-04-05 21:35 - 2017-09-29 19:45 - 000000000 ____D C:\Program Files\rempl
2019-04-02 03:51 - 2018-11-18 11:45 - 000835480 _____ (Adobe) C:\WINDOWS\SysWOW64\FlashPlayerApp.exe
2019-04-02 03:51 - 2018-11-18 11:45 - 000179608 _____ (Adobe) C:\WINDOWS\SysWOW64\FlashPlayerCPLApp.cpl
2019-03-26 08:20 - 2019-02-19 10:38 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Daum
2019-03-26 07:28 - 2019-03-18 21:25 - 000004264 _____ C:\WINDOWS\System32\Tasks\Avast Emergency Update
2019-03-21 15:57 - 2017-08-11 00:34 - 000000000 ____D C:\Users\Lenovo\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Steam

==================== Files in the root of some directories =======

2017-05-27 00:44 - 2018-06-15 09:49 - 000000267 _____ () C:\ProgramData\fontcacheev1.dat
2018-08-13 21:01 - 2018-06-14 21:01 - 000000032 ____R () C:\ProgramData\hash.dat
2015-10-04 11:58 - 2015-10-04 11:58 - 000000097 _____ () C:\Users\Lenovo\AppData\Roaming\settings.xml
2015-04-25 14:16 - 2015-04-25 14:16 - 000000054 _____ () C:\Users\Lenovo\AppData\Roaming\updater.cfg
2015-11-09 13:55 - 2015-11-30 19:16 - 000002856 _____ () C:\Users\Lenovo\AppData\Roaming\VoiceMeeterDefault.xml
2016-09-23 11:37 - 2017-01-05 11:54 - 000000202 _____ () C:\Users\Lenovo\AppData\Roaming\_encryptiondb.grf
2014-11-26 19:09 - 2014-11-26 19:09 - 000000038 ___SH () C:\Users\Lenovo\AppData\Local\1754111884ee9ab5277ca00.95260103
2014-12-26 00:02 - 2016-06-26 16:10 - 000007603 _____ () C:\Users\Lenovo\AppData\Local\Resmon.ResmonCfg

==================== Bamital & volsnap ======================

(There is no automatic fix for files that do not pass verification.)

C:\WINDOWS\system32\winlogon.exe => File is digitally signed
C:\WINDOWS\system32\wininit.exe => File is digitally signed
C:\WINDOWS\explorer.exe => File is digitally signed
C:\WINDOWS\SysWOW64\explorer.exe => File is digitally signed
C:\WINDOWS\system32\svchost.exe => File is digitally signed
C:\WINDOWS\SysWOW64\svchost.exe => File is digitally signed
C:\WINDOWS\system32\services.exe => File is digitally signed
C:\WINDOWS\system32\User32.dll => File is digitally signed
C:\WINDOWS\SysWOW64\User32.dll => File is digitally signed
C:\WINDOWS\system32\userinit.exe => File is digitally signed
C:\WINDOWS\SysWOW64\userinit.exe => File is digitally signed
C:\WINDOWS\system32\rpcss.dll => File is digitally signed
C:\WINDOWS\system32\dnsapi.dll => File is digitally signed
C:\WINDOWS\SysWOW64\dnsapi.dll => File is digitally signed
C:\WINDOWS\system32\dllhost.exe => File is digitally signed
C:\WINDOWS\SysWOW64\dllhost.exe => File is digitally signed
C:\WINDOWS\system32\Drivers\volsnap.sys => File is digitally signed


ATTENTION: ==> Could not access BCD.

LastRegBack: 2018-05-26 17:01

==================== End of FRST.txt ============================
 

jmarket

PCHF's Almighty Ruler
PCHF Owner
Support Team
Security Team
Jan 10, 2015
2,154
499
PCHF Bunker
pchelpforum.net
I assure you ResetBrowser is safe. Please run it and report back.

You still have some junk on the machine. I will have to analyze your log file before I have a fix for you.
 
  • Like
Reactions: Baroona

Baroona

PCHF Member
PCHF Member
Apr 18, 2019
27
1
23
Yeah i trust you. I did run it before but im just wondering haha.

There is one weird interaction though, i tried to rerun the resetbrowser, however it doesnt automatically install the chrome when i press the reset button. It works with mozila but not chrome. So i have to download manually.
 

jmarket

PCHF's Almighty Ruler
PCHF Owner
Support Team
Security Team
Jan 10, 2015
2,154
499
PCHF Bunker
pchelpforum.net
Download attached fixlist.txt file and save it to the Desktop. NOTE. It's important that both files, FRST/FRST64 and fixlist.txt are in the same location or the fix will not work. NOTICE: This script was written specifically for this user, for use on that particular machine. Running this on another machine may cause damage to your operating system. Run FRST/FRST64 and press the Fix button just once and wait. If for some reason the tool needs a restart, please make sure you let the system restart normally. After that let the tool complete its run. When finished FRST will generate a log on the Desktop (Fixlog.txt). Please post it to your reply.
 

Attachments

Baroona

PCHF Member
PCHF Member
Apr 18, 2019
27
1
23
Big thanks for the helps jmarket, however my chrome is still not fixed.

fix logs:
Fix result of Farbar Recovery Scan Tool (x64) Version: 18.04.2019
Ran by Lenovo (20-04-2019 04:13:00) Run:1
Running from C:\Users\Lenovo\Downloads\FRST
Loaded Profiles: Lenovo (Available Profiles: Lenovo & DefaultAppPool)
Boot Mode: Normal
==============================================

fixlist content:
*****************
start
CreateRestorePoint:
CloseProcesses:
ShellIconOverlayIdentifiers: [ OneDrive7] -> {C5FF006E-2AE9-408C-B85B-2DFDD5449D9C} => -> No File
ShellIconOverlayIdentifiers: [00asw] -> {472083B0-C522-11CF-8763-00608CC02F24} => -> No File
ShellIconOverlayIdentifiers: [00avg] -> {472083B0-C522-11CF-8763-00608CC02F24} => -> No File
ShellIconOverlayIdentifiers-x32: [ OneDrive7] -> {C5FF006E-2AE9-408C-B85B-2DFDD5449D9C} => -> No File
ContextMenuHandlers5: [Gadgets] -> {6B9228DA-9C15-419e-856C-19E768A13BDC} => -> No File
ContextMenuHandlers5: [igfxcui] -> {3AB1675A-CCFF-11D2-8B20-00A0C93CB1F4} => -> No File
Task: {08DE182E-4B30-4A1E-B2FD-C6EB7895D4FF} - \0915tbUpdateInfo -> No File <==== ATTENTION
Task: {1C48C1BE-378A-4BD4-9CBC-1EE169FA27A9} - \FreeDownloadManagerNetworkMonitor -> No File <==== ATTENTION
Task: {4B4D8E7B-0A5F-40FC-BBCD-29A82DE55E1E} - \AVG-SSU_0117avz_DELETE -> No File <==== ATTENTION
Task: {728F5E94-6E39-4D9D-BDDF-15FE8F3796DB} - \cFos\Registration Tasks\Open Browser -> No File <==== ATTENTION
Task: {754E8E88-D223-42F3-9481-B9A6C2933CF3} - \Microsoft\Windows\UNP\RunCampaignManager -> No File <==== ATTENTION
Task: {C14A101B-90DF-4EA6-814A-49BE72CAD1BA} - \AVG-SSU_0117avz -> No File <==== ATTENTION
AlternateDataStreams: C:\ProgramData\Temp:56E2E879 [135]
HKLM\SOFTWARE\Policies\Microsoft\Windows Defender: Restriction <==== ATTENTION
GroupPolicy: Restriction ? <==== ATTENTION
Tcpip\..\Interfaces\{2e5093be-ec30-45b1-a0b7-0a9388c176f1}: [DhcpNameServer] 172.20.10.1
Tcpip\..\Interfaces\{8d45d7f2-23ec-402e-ba7c-d7e2681ab43c}: [DhcpNameServer] 192.168.0.1
HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer: Restriction <==== ATTENTION
Hosts:
CMD: netsh advfirewall reset
CMD: netsh advfirewall set allprofiles state On
RemoveProxy:
CMD: ipconfig /flushdns
CMD: netsh winsock reset catalog
CMD: netsh int ip reset c:\resetlog.txt
CMD: ipconfig /release
CMD: ipconfig /renew
CMD: netsh int ipv4 reset
CMD: netsh int ipv6 reset
EmptyTemp:
reboot:
end
*****************

Restore point was successfully created.
Processes closed successfully.
HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\ OneDrive7 => removed successfully
HKLM\Software\Classes\CLSID\{C5FF006E-2AE9-408C-B85B-2DFDD5449D9C} => not found
HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\00asw => removed successfully
HKLM\Software\Classes\CLSID\{472083B0-C522-11CF-8763-00608CC02F24} => not found
HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\00avg => removed successfully
HKLM\Software\Classes\CLSID\{472083B0-C522-11CF-8763-00608CC02F24} => not found
HKLM\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\ OneDrive7 => removed successfully
HKLM\Software\Wow6432Node\Classes\CLSID\{C5FF006E-2AE9-408C-B85B-2DFDD5449D9C} => not found
HKLM\Software\Classes\Directory\Background\ShellEx\ContextMenuHandlers\Gadgets => removed successfully
HKLM\Software\Classes\CLSID\{6B9228DA-9C15-419e-856C-19E768A13BDC} => not found
HKLM\Software\Classes\Directory\Background\ShellEx\ContextMenuHandlers\igfxcui => removed successfully
HKLM\Software\Classes\CLSID\{3AB1675A-CCFF-11D2-8B20-00A0C93CB1F4} => not found
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{08DE182E-4B30-4A1E-B2FD-C6EB7895D4FF}" => removed successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{08DE182E-4B30-4A1E-B2FD-C6EB7895D4FF}" => removed successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\0915tbUpdateInfo" => removed successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Boot\{1C48C1BE-378A-4BD4-9CBC-1EE169FA27A9}" => removed successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{1C48C1BE-378A-4BD4-9CBC-1EE169FA27A9}" => removed successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\FreeDownloadManagerNetworkMonitor" => removed successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{4B4D8E7B-0A5F-40FC-BBCD-29A82DE55E1E}" => removed successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{4B4D8E7B-0A5F-40FC-BBCD-29A82DE55E1E}" => removed successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\AVG-SSU_0117avz_DELETE" => removed successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{728F5E94-6E39-4D9D-BDDF-15FE8F3796DB}" => removed successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{728F5E94-6E39-4D9D-BDDF-15FE8F3796DB}" => removed successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\cFos\Registration Tasks\Open Browser" => removed successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{754E8E88-D223-42F3-9481-B9A6C2933CF3}" => removed successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{754E8E88-D223-42F3-9481-B9A6C2933CF3}" => removed successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\UNP\RunCampaignManager" => not found
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{C14A101B-90DF-4EA6-814A-49BE72CAD1BA}" => removed successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{C14A101B-90DF-4EA6-814A-49BE72CAD1BA}" => removed successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\AVG-SSU_0117avz" => removed successfully
C:\ProgramData\Temp => ":56E2E879" ADS removed successfully
HKLM\SOFTWARE\Policies\Microsoft\Windows Defender => removed successfully
C:\WINDOWS\system32\GroupPolicy\Machine => moved successfully
C:\WINDOWS\system32\GroupPolicy\GPT.ini => moved successfully
"HKLM\System\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{2e5093be-ec30-45b1-a0b7-0a9388c176f1}\\DhcpNameServer" => removed successfully
"HKLM\System\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{8d45d7f2-23ec-402e-ba7c-d7e2681ab43c}\\DhcpNameServer" => removed successfully
HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer => removed successfully
C:\Windows\System32\Drivers\etc\hosts => moved successfully
Hosts restored successfully.

========= netsh advfirewall reset =========

Ok.


========= End of CMD: =========


========= netsh advfirewall set allprofiles state On =========

Ok.


========= End of CMD: =========


========= RemoveProxy: =========

"HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Connections\\DefaultConnectionSettings" => removed successfully
"HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Connections\\SavedLegacySettings" => removed successfully
"HKU\S-1-5-21-1925601759-1010797402-2804155008-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Connections\\DefaultConnectionSettings" => removed successfully
"HKU\S-1-5-21-1925601759-1010797402-2804155008-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Connections\\SavedLegacySettings" => removed successfully


========= End of RemoveProxy: =========


========= ipconfig /flushdns =========


Windows IP Configuration

Successfully flushed the DNS Resolver Cache.

========= End of CMD: =========


========= netsh winsock reset catalog =========


Sucessfully reset the Winsock Catalog.
You must restart the computer in order to complete the reset.


========= End of CMD: =========


========= netsh int ip reset c:\resetlog.txt =========

Resetting Compartment Forwarding, OK!
Resetting Compartment, OK!
Resetting Control Protocol, OK!
Resetting Echo Sequence Request, OK!
Resetting Global, OK!
Resetting Interface, OK!
Resetting Anycast Address, OK!
Resetting Multicast Address, OK!
Resetting Unicast Address, OK!
Resetting Neighbor, OK!
Resetting Path, OK!
Resetting Potential, OK!
Resetting Prefix Policy, OK!
Resetting Proxy Neighbor, OK!
Resetting Route, OK!
Resetting Site Prefix, OK!
Resetting Subinterface, OK!
Resetting Wakeup Pattern, OK!
Resetting Resolve Neighbor, OK!
Resetting , OK!
Resetting , OK!
Resetting , OK!
Resetting , OK!
Resetting , failed.
Access is denied.

Resetting , OK!
Resetting , OK!
Resetting , OK!
Resetting , OK!
Resetting , OK!
Resetting , OK!
Resetting , OK!
Restart the computer to complete this action.


========= End of CMD: =========


========= ipconfig /release =========


Windows IP Configuration

No operation can be performed on Ethernet while it has its media disconnected.
No operation can be performed on Local Area Connection* 4 while it has its media disconnected.
No operation can be performed on Local Area Connection* 5 while it has its media disconnected.

Ethernet adapter Local Area Connection:

Media State . . . . . . . . . . . : Media disconnected
Connection-specific DNS Suffix . :

Ethernet adapter Ethernet:

Media State . . . . . . . . . . . : Media disconnected
Connection-specific DNS Suffix . :

Wireless LAN adapter Local Area Connection* 4:

Media State . . . . . . . . . . . : Media disconnected
Connection-specific DNS Suffix . :

Wireless LAN adapter Local Area Connection* 5:

Media State . . . . . . . . . . . : Media disconnected
Connection-specific DNS Suffix . :

Wireless LAN adapter Wi-Fi:

Connection-specific DNS Suffix . :
Link-local IPv6 Address . . . . . : fe80::941a:52d:426a:63f6%15
Default Gateway . . . . . . . . . :

========= End of CMD: =========


========= ipconfig /renew =========


Windows IP Configuration

No operation can be performed on Local Area Connection while it has its media disconnected.
No operation can be performed on Ethernet while it has its media disconnected.
No operation can be performed on Local Area Connection* 4 while it has its media disconnected.
No operation can be performed on Local Area Connection* 5 while it has its media disconnected.

Ethernet adapter Local Area Connection:

Media State . . . . . . . . . . . : Media disconnected
Connection-specific DNS Suffix . :

Ethernet adapter Ethernet:

Media State . . . . . . . . . . . : Media disconnected
Connection-specific DNS Suffix . :

Wireless LAN adapter Local Area Connection* 4:

Media State . . . . . . . . . . . : Media disconnected
Connection-specific DNS Suffix . :

Wireless LAN adapter Local Area Connection* 5:

Media State . . . . . . . . . . . : Media disconnected
Connection-specific DNS Suffix . :

Wireless LAN adapter Wi-Fi:

Connection-specific DNS Suffix . :
Link-local IPv6 Address . . . . . : fe80::941a:52d:426a:63f6%15
IPv4 Address. . . . . . . . . . . : 192.168.0.2
Subnet Mask . . . . . . . . . . . : 255.255.255.0
Default Gateway . . . . . . . . . : 192.168.0.1

========= End of CMD: =========


========= netsh int ipv4 reset =========

Resetting Compartment Forwarding, OK!
Resetting Compartment, OK!
Resetting Control Protocol, OK!
Resetting Echo Sequence Request, OK!
Resetting Global, OK!
Resetting Interface, OK!
Resetting Anycast Address, OK!
Resetting Multicast Address, OK!
Resetting Unicast Address, OK!
Resetting Neighbor, OK!
Resetting Path, OK!
Resetting Potential, OK!
Resetting Prefix Policy, OK!
Resetting Proxy Neighbor, OK!
Resetting Route, OK!
Resetting Site Prefix, OK!
Resetting Subinterface, OK!
Resetting Wakeup Pattern, OK!
Resetting Resolve Neighbor, OK!
Resetting , OK!
Resetting , OK!
Resetting , OK!
Resetting , OK!
Resetting , failed.
Access is denied.

Resetting , OK!
Resetting , OK!
Resetting , OK!
Resetting , OK!
Resetting , OK!
Resetting , OK!
Resetting , OK!
Restart the computer to complete this action.


========= End of CMD: =========


========= netsh int ipv6 reset =========

Resetting Compartment Forwarding, OK!
Resetting Compartment, OK!
Resetting Control Protocol, OK!
Resetting Echo Sequence Request, OK!
Resetting Global, OK!
Resetting Interface, OK!
Resetting Anycast Address, OK!
Resetting Multicast Address, OK!
Resetting Unicast Address, OK!
Resetting Neighbor, OK!
Resetting Path, OK!
Resetting Potential, OK!
Resetting Prefix Policy, OK!
Resetting Proxy Neighbor, OK!
Resetting Route, OK!
Resetting Site Prefix, OK!
Resetting Subinterface, OK!
Resetting Wakeup Pattern, OK!
Resetting Resolve Neighbor, OK!
Resetting , OK!
Resetting , OK!
Resetting , OK!
Resetting , OK!
Resetting , failed.
Access is denied.

Resetting , OK!
Resetting , OK!
Resetting , OK!
Resetting , OK!
Resetting , OK!
Resetting , OK!
Resetting , OK!
Restart the computer to complete this action.


========= End of CMD: =========


=========== EmptyTemp: ==========

BITS transfer queue => 10510336 B
DOMStore, IE Recovery, AppCache, Feeds Cache, Thumbcache, IconCache => 75883627 B
Java, Flash, Steam htmlcache => 450836743 B
Windows/system/drivers => 8045374 B
Edge => 6322 B
Chrome => 251903992 B
Firefox => 981972574 B
Opera => 28188050 B

Temp, IE cache, history, cookies, recent:
Default => 6656 B
Users => 0 B
ProgramData => 0 B
Public => 0 B
systemprofile => 0 B
systemprofile32 => 0 B
LocalService => 9376 B
LocalService => 0 B
NetworkService => 6656 B
NetworkService => 0 B
Lenovo => 95666212 B
DefaultAppPool => 6656 B

RecycleBin => 0 B
EmptyTemp: => 1.8 GB temporary data Removed.

================================


The system needed a reboot.

==== End of Fixlog 04:16:06 ====
 

Baroona

PCHF Member
PCHF Member
Apr 18, 2019
27
1
23
I have rerun FRST again just in case you will need the details:

FRST:
Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 18.04.2019
Ran by Lenovo (administrator) on LENOVO-PC (20-04-2019 04:26:52)
Running from C:\Users\Lenovo\Downloads\FRST
Loaded Profiles: Lenovo (Available Profiles: Lenovo & DefaultAppPool)
Platform: Windows 10 Pro Version 1803 17134.706 (X64) Language: English (United States)
Default browser: Chrome
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(QIHU 360 SOFTWARE CO. LIMITED -> Qihoo 360 Technology Co. Ltd.) C:\Program Files (x86)\360\Total Security\safemon\QHActiveDefense.exe
(Intel(R) Corporation) [File not signed] C:\Program Files\Intel\iCLS Client\HeciServer.exe
(Conexant Systems, Inc. -> Conexant Systems Inc.) C:\Windows\System32\CxAudMsg64.exe
(Apple Inc. -> Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(AnchorFree Inc -> AnchorFree Inc.) C:\Program Files (x86)\Hotspot Shield\bin\cmw_srv.exe
(Intel(R) Driver & Support Assistant -> Intel) C:\Program Files (x86)\Intel Driver and Support Assistant\DSAService.exe
(Apple Inc. -> Apple Inc.) C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(ELAN Microelectronics Corporation -> ELAN Microelectronics Corp.) C:\Program Files\Elantech\ETDService.exe
(Microsoft Corporation -> Microsoft Corporation) C:\Program Files\Microsoft SQL Server\MSSQL10.SQLEXPRESS\MSSQL\Binn\sqlservr.exe
() [File not signed] C:\Program Files (x86)\MySQL\MySQL Server 5.0\bin\mysqld-nt.exe
(Plays.tv, LLC -> Plays.tv, LLC) C:\Program Files (x86)\Raptr Inc\PlaysTV\plays_service.exe
(Microsoft Corporation -> Microsoft Corporation) C:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe
(McAfee, Inc. -> McAfee, LLC.) C:\Program Files\McAfee\TrueKey\McAfee.TrueKey.Service.exe
(McAfee, Inc. -> McAfee, LLC.) C:\Program Files\McAfee\TrueKey\McTkSchedulerService.exe
(McAfee, Inc. -> McAfee, LLC.) C:\Program Files\McAfee\TrueKey\McAfee.TrueKey.ServiceHelper.exe
(Razer Inc. -> Razer Inc.) D:\Program Files (x86)\Razer\Razer Game Booster\RzKLService.exe
(TeamViewer GmbH -> TeamViewer GmbH) C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe
(Malwarebytes Corporation -> Malwarebytes) C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe
(QIHU 360 SOFTWARE CO. LIMITED -> QIHU 360 SOFTWARE CO. LIMITED) C:\Program Files (x86)\360\Total Security\safemon\QHWatchdog.exe
(ELAN Microelectronics Corporation -> ELAN Microelectronics Corp.) C:\Program Files\Elantech\ETDCtrl.exe
(ELAN Microelectronics Corporation -> ELAN Microelectronics Corp.) C:\Program Files\Elantech\ETDCtrlHelper.exe
(Malwarebytes Corporation -> Malwarebytes) C:\Program Files\Malwarebytes\Anti-Malware\mbamtray.exe
(IObit Information Technology -> IObit) C:\Program Files (x86)\IObit\IObit Uninstaller\UninstallMonitor.exe
(Microsoft Corporation) [File not signed] C:\Program Files\WindowsApps\Microsoft.SkypeApp_14.42.60.0_x64__kzf8qxf38zg5c\SkypeApp.exe
() [File not signed] C:\Program Files\WindowsApps\Microsoft.SkypeApp_14.42.60.0_x64__kzf8qxf38zg5c\SkypeBackgroundHost.exe
(Microsoft Corporation -> Microsoft Corporation) C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_16005.11425.20190.0_x64__8wekyb3d8bbwe\HxTsr.exe
(Intel Corporation - Intel® Management Engine Firmware -> Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe
(Google Inc -> Google LLC) C:\Program Files (x86)\Google\Update\1.3.34.7\GoogleCrashHandler.exe
(Google Inc -> Google LLC) C:\Program Files (x86)\Google\Update\1.3.34.7\GoogleCrashHandler64.exe
(Microsoft Windows -> Microsoft Corporation) C:\Program Files\Windows Defender\MSASCuiL.exe
() [File not signed] C:\Program Files\ATI Technologies\ATI.ACE\a4\AdaptiveSleepService.exe
(Opera Software AS -> Opera Software) C:\Users\Lenovo\AppData\Local\Programs\Opera\assistant\browser_assistant.exe
() [File not signed] C:\Program Files (x86)\AMD\Performance Profile Client\AUEPLauncher.exe
() [File not signed] C:\Program Files\WindowsApps\Microsoft.ZuneVideo_10.19031.11411.0_x64__8wekyb3d8bbwe\Video.UI.exe
() [File not signed] C:\Program Files (x86)\AMD\Performance Profile Client\AUEPMaster.exe
(Malwarebytes Corporation -> Malwarebytes) C:\Program Files\Malwarebytes\Anti-Malware\MBAMWsc.exe
(AVAST Software s.r.o. -> AVAST Software) C:\Program Files\AVAST Software\Avast\AvLaunch.exe
(QIHU 360 SOFTWARE CO. LIMITED -> Qihoo 360 Technology Co. Ltd.) C:\Program Files (x86)\360\Total Security\safemon\QHSafeTray.exe
Failed to access process -> AvLaunch.exe
(Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\WerFault.exe
(Intel Corporation - Intel® Rapid Storage Technology -> Intel Corporation) C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe
(Microsoft Windows -> Microsoft Corporation) C:\Program Files\rempl\sedsvc.exe
() [File not signed] C:\Program Files (x86)\AMD\Performance Profile Client\AUEPUF.exe
(Microsoft Windows -> Microsoft Corporation) C:\Windows\SysWOW64\wbem\WmiPrvSE.exe
() [File not signed] C:\Program Files (x86)\AMD\Performance Profile Client\AUEPDU.exe
(Google LLC -> Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google LLC -> Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google LLC -> Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google LLC -> Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google LLC -> Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google LLC -> Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google LLC -> Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Intel(R) Software Asset Manager -> Intel Corporation) C:\Program Files\Intel\SUR\QUEENCREEK\Updater\bin\IntelSoftwareAssetManagerService.exe
(Opera Software AS -> Opera Software) C:\Users\Lenovo\AppData\Local\Programs\Opera\launcher.exe
(Google LLC -> Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google LLC -> Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(AVAST Software s.r.o. -> AVAST Software) C:\Program Files\AVAST Software\Avast\AvEmUpdate.exe
(Opera Software AS -> Opera Software) C:\Users\Lenovo\AppData\Local\Temp\opera autoupdate\installer.exe
(Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\dllhost.exe

==================== Registry (Whitelisted) ===========================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [SecurityHealth] => C:\Program Files\Windows Defender\MSASCuiL.exe [638872 2018-04-12] (Microsoft Windows -> Microsoft Corporation)
HKLM\...\Run: [ETDCtrl] => C:\Program Files\Elantech\ETDCtrl.exe [3242696 2015-10-07] (ELAN Microelectronics Corporation -> ELAN Microelectronics Corp.)
HKLM\...\Run: [ForteConfig] => C:\Program Files\Conexant\ForteConfig\fmapp.exe [49056 2010-10-26] (Fortemedia Inc -> )
HKLM\...\Run: [cAudioFilterAgent] => C:\Program Files\Conexant\cAudioFilterAgent\cAudioFilterAgent64.exe [935104 2014-11-25] (Conexant Systems, Inc. -> Conexant Systems, Inc.)
HKLM\...\Run: [iTunesHelper] => D:\Program Files\iTunes\iTunesHelper.exe [298296 2018-01-22] (Apple Inc. -> Apple Inc.)
HKLM-x32\...\Run: [vProt] => "C:\Program Files (x86)\AVG Web TuneUp\vprot.exe"
HKLM-x32\...\Run: [Dropbox] => C:\Program Files (x86)\Dropbox\Client\Dropbox.exe [3567936 2018-03-15] (Dropbox, Inc -> Dropbox, Inc.)
HKLM-x32\...\Run: [PlaysTV] => C:\Program Files (x86)\Raptr Inc\PlaysTV\playstv_launcher.exe [71440 2016-08-10] (Plays.tv, LLC -> Plays.tv, LLC)
HKLM-x32\...\Run: [Raptr] => C:\Program Files (x86)\Raptr Inc\Raptr\raptrstub.exe [58640 2016-04-01] (Raptr, Inc -> Raptr, Inc)
HKLM-x32\...\Run: [QHSafeTray] => C:\Program Files (x86)\360\Total Security\safemon\360Tray.exe [669248 2018-09-28] (QIHU 360 SOFTWARE CO. LIMITED -> Qihoo 360 Technology Co. Ltd.)
HKLM-x32\...\Run: [DSATray] => C:\Program Files (x86)\Intel Driver and Support Assistant\DsaTray.exe [135968 2018-03-15] (Intel(R) Driver & Support Assistant -> Intel)
HKLM-x32\...\Run: [AvastUI.exe] => C:\Program Files\AVAST Software\Avast\AvLaunch.exe [260488 2019-03-18] (AVAST Software s.r.o. -> AVAST Software)
HKU\S-1-5-19\...\RunOnce: [WAB Migrate] => C:\Program Files\Windows Mail\wab.exe [518144 2018-04-12] (Microsoft Windows -> Microsoft Corporation)
HKU\S-1-5-20\...\RunOnce: [WAB Migrate] => C:\Program Files\Windows Mail\wab.exe [518144 2018-04-12] (Microsoft Windows -> Microsoft Corporation)
HKU\S-1-5-21-1925601759-1010797402-2804155008-1000\...\Run: [CCleaner Monitoring] => C:\Program Files\CCleaner\CCleaner64.exe [17074688 2018-03-07] (Piriform Ltd -> Piriform Ltd)
HKU\S-1-5-21-1925601759-1010797402-2804155008-1000\...\Run: [Opera Browser Assistant] => C:\Users\Lenovo\AppData\Local\Programs\Opera\assistant\browser_assistant.exe [2480216 2019-02-12] (Opera Software AS -> Opera Software)
HKU\S-1-5-21-1925601759-1010797402-2804155008-1000\...\Policies\Explorer: [NoLowDiskSpaceChecks] 1
HKLM\...\Drivers32: [VIDC.FPS1] => C:\WINDOWS\system32\frapsv64.dll [105984 2015-09-05] (Beepa P/L) [File not signed]
HKLM\...\Drivers32: [VIDC.HFYU] => C:\WINDOWS\system32\huffyuv.dll [55296 2005-01-22] () [File not signed]
HKLM\...\Drivers32: [VIDC.LAGS] => C:\WINDOWS\system32\lagarith.dll [148992 2011-12-08] ( ) [File not signed]
HKLM\...\Drivers32: [VIDC.X264] => C:\WINDOWS\system32\x264vfw64.dll [3799552 2017-07-30] (x264vfw project) [File not signed]
HKLM\...\Drivers32: [VIDC.XVID] => C:\WINDOWS\system32\xvidvfw.dll [311296 2018-01-28] () [File not signed]
HKLM\...\Drivers32: [VIDC.FFDS] => C:\WINDOWS\system32\ff_vfw.dll [126976 2015-08-25] () [File not signed]
HKLM\...\Drivers32: [msacm.ac3acm] => C:\WINDOWS\system32\ac3acm.acm [180736 2012-07-21] (fccHandler) [File not signed]
HKLM\...\Drivers32: [VIDC.FPS1] => C:\Windows\SysWOW64\frapsvid.dll [94208 2015-09-05] (Beepa P/L) [File not signed]
HKLM\...\Drivers32: [VIDC.HFYU] => C:\WINDOWS\SysWOW64\huffyuv.dll [39936 2004-05-19] (Disappearing Inc.) [File not signed]
HKLM\...\Drivers32: [VIDC.LAGS] => C:\WINDOWS\SysWOW64\lagarith.dll [216064 2011-12-08] ( ) [File not signed]
HKLM\...\Drivers32: [VIDC.X264] => C:\Windows\SysWOW64\x264vfw.dll [3850240 2017-07-30] (x264vfw project) [File not signed]
HKLM\...\Drivers32: [VIDC.XVID] => C:\WINDOWS\SysWOW64\xvidvfw.dll [284672 2018-01-28] () [File not signed]
HKLM\...\Drivers32: [msacm.ac3acm] => C:\WINDOWS\SysWOW64\ac3acm.acm [122880 2012-07-21] (fccHandler) [File not signed]
HKLM\...\Drivers32: [msacm.lameacm] => C:\Windows\SysWOW64\lameACM.acm [473088 2015-02-26] (hxxp://www.mp3dev.org/) [File not signed]
HKLM\...\Drivers32: [VIDC.FFDS] => C:\WINDOWS\SysWOW64\ff_vfw.dll [112128 2015-08-25] () [File not signed]
HKLM\Software\Microsoft\Active Setup\Installed Components: [{8A69D345-D564-463c-AFF1-A69D9E530F96}] -> C:\Program Files (x86)\Google\Chrome\Application\73.0.3683.103\Installer\chrmstp.exe [2019-04-19] (Google LLC -> Google Inc.)
HKLM\Software\...\Authentication\Credential Providers: [{503739d0-4c5e-4cfd-b3ba-d881334f0df2}] ->
HKLM\Software\...\Authentication\Credential Providers: [{B7724AE5-1135-4889-8A5F-CA98BE6CA1ED}] -> C:\Program Files\McAfee\TrueKey\McAfee.TrueKey.CredentialProvider.dll [2018-11-27] (McAfee, Inc. -> McAfee, LLC.)
Lsa: [Notification Packages] scecli C:\Program Files\TrueKey\McAfeeTrueKeyPasswordFilter "C:\Program Files\TrueKey\McAfeeTrueKeyPasswordFilter" "C:\Program Files\McAfee\TrueKey\McAfeeTrueKeyPasswordFilter"

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

Tcpip\Parameters: [DhcpNameServer] 192.168.0.1
Tcpip\..\Interfaces\{8d45d7f2-23ec-402e-ba7c-d7e2681ab43c}: [DhcpNameServer] 192.168.0.1

Internet Explorer:
==================
HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer: Restriction <==== ATTENTION
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.google.com/
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.google.com/
HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.google.com/?q={searchTerms}
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.google.com/?q={searchTerms}
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://www.google.com/
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://www.google.com/
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = hxxp://www.google.com/
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Search_URL = hxxp://www.google.com/
HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Local Page =
HKU\S-1-5-21-1925601759-1010797402-2804155008-1000\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = hxxp://www.google.com/ie
SearchScopes: HKLM -> DefaultScope {A485DD13-1799-4E8B-8E0D-87A35529FC3C} URL =
SearchScopes: HKLM-x32 -> DefaultScope {A485DD13-1799-4E8B-8E0D-87A35529FC3C} URL =
Toolbar: HKLM - True Key - {4BAAC1B8-0800-42C9-8FA6-08B211F356B8} - C:\Program Files\McAfee\TrueKey\MSIE\truekey_ie64.dll [2018-04-23] (McAfee, Inc. -> Intel Security)
Toolbar: HKLM-x32 - True Key - {4BAAC1B8-0800-42C9-8FA6-08B211F356B8} - C:\Program Files\McAfee\TrueKey\MSIE\truekey_ie.dll [2018-04-23] (McAfee, Inc. -> Intel Security)
Handler: viprotocol - {B658800C-F66E-4EF3-AB85-6C0C227862A9} - C:\Program Files (x86)\Common Files\AVG Secure Search\ViProtocolInstaller\18.2.0\ViProtocol.dll No File

FireFox:
========
FF DefaultProfile: 5556b60k.default-1555684723521
FF ProfilePath: C:\Users\Lenovo\AppData\Roaming\Mozilla\Firefox\Profiles\5556b60k.default-1555684723521 [2019-04-20]
FF Extension: (Federated Learning Awesome Bar) - C:\Users\Lenovo\AppData\Roaming\Mozilla\Firefox\Profiles\5556b60k.default-1555684723521\Extensions\[email protected] [2019-04-20]
FF Extension: (AdBlock) - C:\Users\Lenovo\AppData\Roaming\Mozilla\Firefox\Profiles\5556b60k.default-1555684723521\Extensions\[email protected] [2019-04-20]
FF HKLM-x32\...\Firefox\Extensions: [[email protected]] - D:\Program Files (x86)\DAP\daplinkchecker
FF Extension: (DAP Link Checker) - D:\Program Files (x86)\DAP\daplinkchecker [2017-11-12] [Legacy] [not signed]
FF HKU\S-1-5-21-1925601759-1010797402-2804155008-1000\...\Firefox\Extensions: [{F17C1572-C9EC-4e5c-A542-D05CBB5C5A08}] - D:\Program Files (x86)\DAP\DAPFireFox
FF Extension: (Download Accelerator Plus (DAP) extension) - D:\Program Files (x86)\DAP\DAPFireFox [2017-11-12] [Legacy] [not signed]
FF HKU\S-1-5-21-1925601759-1010797402-2804155008-1000\...\SeaMonkey\Extensions: [[email protected]] - C:\Program Files (x86)\Internet Download Manager\idmmzcc2.xpi => not found
FF Plugin: @adobe.com/FlashPlayer -> C:\WINDOWS\system32\Macromed\Flash\NPSWF64_29_0_0_113.dll [2018-03-22] (Adobe Systems Incorporated -> )
FF Plugin: @divx.com/DivX VOD Helper,version=1.0.0 -> C:\Program Files\DivX\DivX OVS Helper\npovshelper.dll [2014-05-22] (DivX, LLC -> DivX, LLC.)
FF Plugin: @java.com/DTPlugin,version=10.40.2 -> C:\WINDOWS\system32\npDeployJava1.dll [2014-11-25] (Oracle America, Inc. -> Oracle Corporation)
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files\Microsoft Silverlight\5.1.50918.0\npctrl.dll [2018-10-23] (Microsoft Corporation -> Microsoft Corporation)
FF Plugin: adobe.com/AdobeAAMDetect -> C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\CCM\Utilities\npAdobeAAMDetect64.dll [2014-04-28] (Adobe Systems Incorporated -> Adobe Systems)
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\WINDOWS\SysWOW64\Macromed\Flash\NPSWF32_29_0_0_113.dll [2018-03-22] (Adobe Systems Incorporated -> )
FF Plugin-x32: @avg.com/AVG SiteSafety plugin,version=11.0.0.1,application/x-avg-sitesafety-plugin -> C:\Program Files (x86)\Common Files\AVG Secure Search\SiteSafetyInstaller\40.3.6\\npsitesafety.dll [No File]
FF Plugin-x32: @divx.com/DivX VOD Helper,version=1.0.0 -> C:\Program Files (x86)\DivX\DivX OVS Helper\npovshelper.dll [2014-05-22] (DivX, LLC -> DivX, LLC.)
FF Plugin-x32: @divx.com/DivX Web Player Plug-In,version=1.0.0 -> C:\Program Files (x86)\DivX\DivX Web Player\npdivx32.dll [2015-09-02] (DivX, LLC -> DivX, LLC)
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI ipt;version=4.0.5 -> C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIIPT.dll [2013-09-16] (Intel® Identity Protection Technology Software -> Intel Corporation)
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI updater -> C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIUpdater.dll [2013-09-16] (Intel® Identity Protection Technology Software -> Intel Corporation)
FF Plugin-x32: @java.com/DTPlugin,version=11.161.2 -> C:\Program Files (x86)\Java\jre1.8.0_161\bin\dtplugin\npDeployJava1.dll [2018-03-22] (Oracle America, Inc. -> Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=11.161.2 -> C:\Program Files (x86)\Java\jre1.8.0_161\bin\plugin2\npjp2.dll [2018-03-22] (Oracle America, Inc. -> Oracle Corporation)
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files (x86)\Microsoft Silverlight\5.1.50918.0\npctrl.dll [2018-10-23] (Microsoft Corporation -> Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=16.4.3528.0331 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll [2014-04-01] (Microsoft Corporation -> Microsoft Corporation)
FF Plugin-x32: @raidcall.en/RCplugin -> C:\Users\Lenovo\AppData\Roaming\raidcall\plugins\nprcplugin.dll [2014-05-27] (Raidcall) [File not signed]
FF Plugin-x32: @softnyxNpruntime -> D:\Game\SoftnyxGame\NyxLauncherIS\npSoftnyx.dll [No File]
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.34.7\npGoogleUpdate3.dll [2019-04-19] (Google Inc -> Google LLC)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.34.7\npGoogleUpdate3.dll [2019-04-19] (Google Inc -> Google LLC)
FF Plugin-x32: @videolan.org/vlc,version=2.2.4 -> D:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [2018-02-27] (VideoLAN -> VideoLAN)
FF Plugin-x32: @videolan.org/vlc,version=3.0.1 -> D:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [2018-02-27] (VideoLAN -> VideoLAN)
FF Plugin HKU\S-1-5-21-1925601759-1010797402-2804155008-1000: @zoom.us/ZoomVideoPlugin -> C:\Users\Lenovo\AppData\Roaming\Zoom\bin\npzoomplugin.dll [2017-11-14] (Zoom Video Communications, Inc. -> Zoom Video Communications, Inc.)

Chrome:
=======
CHR Profile: C:\Users\Lenovo\AppData\Local\Google\Chrome\User Data\Default [2019-04-20]
CHR Extension: (Slides) - C:\Users\Lenovo\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2019-04-19]
CHR Extension: (AdLock ad blocker) - C:\Users\Lenovo\AppData\Local\Google\Chrome\User Data\Default\Extensions\aemffjkmgcepimloclpkecifcnipnodh [2019-04-19]
CHR Extension: (Docs) - C:\Users\Lenovo\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2019-04-19]
CHR Extension: (Google Drive) - C:\Users\Lenovo\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2019-04-19]
CHR Extension: (YouTube) - C:\Users\Lenovo\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2019-04-19]
CHR Extension: (Sheets) - C:\Users\Lenovo\AppData\Local\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2019-04-19]
CHR Extension: (Google Docs Offline) - C:\Users\Lenovo\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2019-04-19]
CHR Extension: (AdBlock) - C:\Users\Lenovo\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom [2019-04-19]
CHR Extension: (Chrome Web Store Payments) - C:\Users\Lenovo\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2019-04-19]
CHR Extension: (Gmail) - C:\Users\Lenovo\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2019-04-19]
CHR Extension: (Chrome Media Router) - C:\Users\Lenovo\AppData\Local\Google\Chrome\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm [2019-04-19]
CHR HKLM\...\Chrome\Extension: [ngpampappnmepgilojfohadhhmbhlaek] - C:\Program Files (x86)\Internet Download Manager\IDMGCExt.crx <not found>

Opera:
=======
OPR Extension: (Adblock Plus - free ad blocker) - C:\Users\Lenovo\AppData\Roaming\Opera Software\Opera Stable\Extensions\oidhhegpmlfpoeialbgcdocjalghfpkp [2019-04-18]

==================== Services (Whitelisted) ====================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

S4 ACDaemon; C:\Program Files (x86)\Common Files\ArcSoft\Connection Service\Bin\ACService.exe [109056 2009-02-06] (ArcSoft, Inc. -> ArcSoft Inc.)
R2 AdaptiveSleepService; C:\Program Files\ATI Technologies\ATI.ACE\A4\AdaptiveSleepService.exe [138752 2016-06-28] () [File not signed]
S3 AMD External Events Utility; C:\WINDOWS\system32\atiesrxx.exe [287264 2016-08-04] (Microsoft Windows Hardware Compatibility Publisher -> AMD)
R2 Apple Mobile Device Service; C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe [83768 2018-01-05] (Apple Inc. -> Apple Inc.)
R2 AUEPLauncher; C:\Program Files (x86)\AMD\Performance Profile Client\AUEPLauncher.exe [9216 2018-01-31] () [File not signed]
S4 CLHNServiceForPowerDVD; C:\Program Files (x86)\CyberLink\PowerDVD11\Kernel\DMP\CLHNServiceForPowerDVD.exe [83240 2011-04-20] (CyberLink -> )
S4 CyberLink PowerDVD 11.0 Monitor Service; C:\Program Files (x86)\CyberLink\PowerDVD11\Common\MediaServer\CLMSMonitorService.exe [70952 2011-03-31] (CyberLink -> CyberLink)
S4 CyberLink PowerDVD 11.0 Service; C:\Program Files (x86)\CyberLink\PowerDVD11\Common\MediaServer\CLMSServer.exe [312616 2011-03-31] (CyberLink -> CyberLink)
S3 dbupdate; C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe [143144 2016-02-28] (Dropbox, Inc -> Dropbox, Inc.)
S3 dbupdatem; C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe [143144 2016-02-28] (Dropbox, Inc -> Dropbox, Inc.)
S3 DbxSvc; C:\WINDOWS\system32\DbxSvc.exe [51024 2018-03-15] (Dropbox, Inc -> Dropbox, Inc.)
R2 DSAService; C:\Program Files (x86)\Intel Driver and Support Assistant\DSAService.exe [22816 2018-03-15] (Intel(R) Driver & Support Assistant -> Intel)
S3 ESRV_SVC_QUEENCREEK; C:\Program Files\Intel\SUR\QUEENCREEK\esrv_svc.exe [805632 2016-11-17] (Intel(R) Software Development Products -> )
R2 ETDService; C:\Program Files\Elantech\ETDService.exe [144072 2015-10-07] (ELAN Microelectronics Corporation -> ELAN Microelectronics Corp.)
R2 hshld; C:\Program Files (x86)\Hotspot Shield\bin\cmw_srv.exe [53120 2018-04-10] (AnchorFree Inc -> AnchorFree Inc.)
R2 IAStorDataMgrSvc; C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe [15720 2013-11-21] (Intel Corporation - Intel® Rapid Storage Technology -> Intel Corporation)
S3 igfxCUIService2.0.0.0; C:\WINDOWS\system32\igfxCUIService.exe [373688 2017-06-12] (Intel(R) pGFX -> Intel Corporation)
R2 Intel(R) Capability Licensing Service Interface; C:\Program Files\Intel\iCLS Client\HeciServer.exe [747520 2013-08-27] (Intel(R) Corporation) [File not signed]
S3 Intel(R) Capability Licensing Service TCP IP Interface; C:\Program Files\Intel\iCLS Client\SocketHeciServer.exe [828376 2013-08-27] (Intel® Trusted Connect Service -> Intel(R) Corporation)
S3 Intel(R) SUR QC SAM; C:\Program Files\Intel\SUR\QUEENCREEK\Updater\bin\IntelSoftwareAssetManagerService.exe [18168 2017-07-13] (Intel(R) Software Asset Manager -> Intel Corporation)
S2 IObitUnSvr; C:\Program Files (x86)\IObit\IObit Uninstaller\IUService.exe [153360 2018-09-25] (IObit Information Technology -> IObit)
R2 jhi_service; C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe [169432 2013-09-16] (Intel Corporation - Intel® Management Engine Firmware -> Intel Corporation)
R2 MBAMService; C:\Program Files\Malwarebytes\Anti-Malware\mbamservice.exe [6562472 2019-02-01] (Malwarebytes Corporation -> Malwarebytes)
R2 MSSQL$SQLEXPRESS; C:\Program Files\Microsoft SQL Server\MSSQL10.SQLEXPRESS\MSSQL\Binn\sqlservr.exe [57617752 2009-03-30] (Microsoft Corporation -> Microsoft Corporation)
R2 MySQL; C:\Program Files (x86)\MySQL\MySQL Server 5.0\my.ini [9263 2017-02-03] () [File not signed]
S3 npggsvc; C:\WINDOWS\SysWOW64\GameMon.des [7780848 2017-11-29] (INCA Internet Co.,Ltd. -> INCA Internet Co., Ltd.)
R2 PlaysService; C:\Program Files (x86)\Raptr Inc\PlaysTV\plays_service.exe [32528 2016-08-10] (Plays.tv, LLC -> Plays.tv, LLC)
R2 QHActiveDefense; C:\Program Files (x86)\360\Total Security\safemon\QHActiveDefense.exe [965184 2018-09-28] (QIHU 360 SOFTWARE CO. LIMITED -> Qihoo 360 Technology Co. Ltd.)
S3 rpcapd; C:\Program Files (x86)\WinPcap\rpcapd.exe [118520 2013-03-01] (Riverbed Technology, Inc. -> Riverbed Technology, Inc.)
R2 RzKLService; D:\Program Files (x86)\Razer\Razer Game Booster\RzKLService.exe [105448 2013-11-22] (Razer Inc. -> Razer Inc.)
S3 Sense; C:\Program Files\Windows Defender Advanced Threat Protection\MsSense.exe [5074120 2019-03-15] (Microsoft Windows Publisher -> Microsoft Corporation)
S4 SQLAgent$SQLEXPRESS; C:\Program Files\Microsoft SQL Server\MSSQL10.SQLEXPRESS\MSSQL\Binn\SQLAGENT.EXE [427880 2009-03-30] (Microsoft Corporation -> Microsoft Corporation)
R2 TeamViewer; C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe [11795800 2019-04-15] (TeamViewer GmbH -> TeamViewer GmbH)
R2 TrueKey; C:\Program Files\McAfee\TrueKey\McAfee.TrueKey.Service.exe [352688 2018-11-27] (McAfee, Inc. -> McAfee, LLC.)
R2 TrueKeyScheduler; C:\Program Files\McAfee\TrueKey\McTkSchedulerService.exe [352688 2018-11-27] (McAfee, Inc. -> McAfee, LLC.)
R2 TrueKeyServiceHelper; C:\Program Files\McAfee\TrueKey\McAfee.TrueKey.ServiceHelper.exe [194168 2018-11-27] (McAfee, Inc. -> McAfee, LLC.)
S4 UDisk Monitor; D:\Program Files\Modem AC2726 UI\bin\MonServiceUDisk64.exe [407040 2009-09-23] () [File not signed]
S3 USER_ESRV_SVC_QUEENCREEK; C:\Program Files\Intel\SUR\QUEENCREEK\esrv_svc.exe [805632 2016-11-17] (Intel(R) Software Development Products -> )
S3 VSStandardCollectorService140; D:\Program Files (x86)\Microsoft Visual Studio 14.0\Team Tools\DiagnosticsHub\Collector\StandardCollector.Service.exe [108776 2016-09-06] (Microsoft Corporation -> Microsoft Corporation)
S3 WdNisSvc; C:\Program Files\Windows Defender\NisSrv.exe [4413440 2019-03-14] (Microsoft Corporation -> Microsoft Corporation)
S3 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [107160 2019-02-16] (Microsoft Corporation -> Microsoft Corporation)
S3 WsDrvInst; C:\Program Files (x86)\Wondershare\Wondershare Video Converter Ultimate\Transfer\DriverInstall.exe [105064 2018-07-25] (Wondershare Technology Co.,Ltd -> Wondershare)

===================== Drivers (Whitelisted) ======================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R1 360AntiHacker; C:\WINDOWS\System32\Drivers\360AntiHacker64.sys [192600 2018-09-28] (Qihoo 360 Software (Beijing) Company Limited -> 360.cn)
R3 360AvFlt; C:\WINDOWS\System32\DRIVERS\360AvFlt.sys [95232 2018-03-13] (Qihoo 360 Software (Beijing) Company Limited -> 360.cn)
R3 360AvFlt; C:\Windows\SysWOW64\DRIVERS\360AvFlt.sys [95232 2018-09-28] (Qihoo 360 Software (Beijing) Company Limited -> 360.cn)
R1 360Box64; C:\WINDOWS\System32\DRIVERS\360Box64.sys [340568 2018-09-28] (Qihoo 360 Software (Beijing) Company Limited -> 360.cn)
R1 360Camera; C:\WINDOWS\System32\Drivers\360Camera64.sys [57848 2018-03-13] (Qihoo 360 Software (Beijing) Company Limited -> 360.cn)
R1 360FsFlt; C:\WINDOWS\System32\DRIVERS\360FsFlt.sys [443992 2018-09-28] (Qihoo 360 Software (Beijing) Company Limited -> 360.cn)
R1 360netmon; C:\WINDOWS\System32\DRIVERS\360netmon.sys [96424 2018-03-13] (Qihoo 360 Software (Beijing) Company Limited -> 360.cn)
R3 AFTrafMgr1.4; C:\Program Files (x86)\Hotspot Shield\bin\TrafMgr_1_4_64.sys [56840 2018-04-04] (AnchorFree Inc -> AnchorFree Inc.)
R3 amdkmdag; C:\WINDOWS\system32\DRIVERS\atikmdag.sys [26706464 2016-08-04] (Microsoft Windows Hardware Compatibility Publisher -> Advanced Micro Devices, Inc.)
R3 amdkmdap; C:\WINDOWS\system32\DRIVERS\atikmpag.sys [518176 2016-08-04] (Microsoft Windows Hardware Compatibility Publisher -> Advanced Micro Devices, Inc.)
R0 amdkmpfd; C:\WINDOWS\System32\drivers\amdkmpfd.sys [73976 2015-06-04] (Advanced Micro Devices, Inc. -> Advanced Micro Devices, Inc.)
R3 athr; C:\WINDOWS\System32\drivers\athw8x.sys [4233728 2018-04-12] (Microsoft Windows -> Qualcomm Atheros Communications, Inc.)
R1 BAPIDRV; C:\WINDOWS\System32\DRIVERS\BAPIDRV64.sys [211160 2018-12-21] (Beijing Qihu Technology Co., Ltd. -> 360.cn)
R3 BtFilter; C:\WINDOWS\system32\DRIVERS\btfilter.sys [610336 2016-07-13] (Microsoft Windows Hardware Compatibility Publisher -> Qualcomm Atheros)
S3 CYUSB3; C:\WINDOWS\System32\Drivers\CYUSB3.sys [90536 2018-08-12] (Cypress Semiconductor Corporation -> Cypress Semiconductor)
R1 ESProtectionDriver; C:\WINDOWS\system32\drivers\mbae64.sys [153328 2019-04-19] (Malwarebytes Corporation -> Malwarebytes)
S3 GunBod; C:\WINDOWS\system32\gunbod64.sys [84384 2017-02-09] (Beijing Apex Weifeng Technology Co.,Ltd. -> )
R3 IUProcessFilter; C:\Program Files (x86)\IObit\IObit Uninstaller\drivers\win10_amd64\IUProcessFilter.sys [37184 2018-10-16] (IObit Information Technology -> IObit)
R3 IURegistryFilter; C:\Program Files (x86)\IObit\IObit Uninstaller\drivers\win10_amd64\IURegistryFilter.sys [43392 2018-10-16] (IObit Information Technology -> IObit)
S3 LGSHidFilt; C:\WINDOWS\system32\DRIVERS\LGSHidFilt.Sys [64280 2013-05-31] (Logitech -> Logitech Inc.)
R2 MBAMChameleon; C:\WINDOWS\System32\Drivers\MbamChameleon.sys [198512 2019-04-19] (Malwarebytes Corporation -> Malwarebytes)
S0 MbamElam; C:\WINDOWS\System32\DRIVERS\MbamElam.sys [20936 2019-02-01] (Microsoft Windows Early Launch Anti-malware Publisher -> Malwarebytes)
R3 MBAMFarflt; C:\WINDOWS\System32\DRIVERS\farflt.sys [127136 2019-04-20] (Malwarebytes Corporation -> Malwarebytes)
R3 MBAMProtection; C:\WINDOWS\system32\DRIVERS\mbam.sys [73912 2019-04-20] (Malwarebytes Corporation -> Malwarebytes)
R3 MBAMSwissArmy; C:\WINDOWS\System32\Drivers\mbamswissarmy.sys [274416 2019-04-20] (Malwarebytes Corporation -> Malwarebytes)
R3 MBAMWebProtection; C:\WINDOWS\system32\DRIVERS\mwac.sys [114040 2019-04-20] (Malwarebytes Corporation -> Malwarebytes)
R3 MEIx64; C:\WINDOWS\system32\DRIVERS\TeeDriverx64.sys [99288 2013-09-16] (Intel Corporation - Intel® Management Engine Firmware -> Intel Corporation)
S3 Netaapl; C:\WINDOWS\System32\drivers\netaapl64.sys [23040 2014-08-15] (Microsoft Windows Hardware Compatibility Publisher -> Apple Inc.)
R2 NPF; C:\WINDOWS\System32\drivers\npf.sys [36600 2013-03-01] (Riverbed Technology, Inc. -> Riverbed Technology, Inc.)
R3 rt640x64; C:\WINDOWS\System32\drivers\rt640x64.sys [886528 2015-07-22] (Realtek Semiconductor Corp -> Realtek )
R3 RTSUER; C:\WINDOWS\system32\Drivers\RtsUer.sys [410880 2015-07-03] (Realtek Semiconductor Corp -> Realsil Semiconductor Corporation)
R3 rtsuvc; C:\WINDOWS\system32\DRIVERS\rtsuvc.sys [3068160 2015-06-16] (Realtek Semiconductor Corp -> Realtek Semiconductor Corp.)
S3 rzendpt; C:\WINDOWS\System32\drivers\rzendpt.sys [50392 2015-08-14] (Razer Inc. -> Razer Inc)
S3 semav6msr64; C:\WINDOWS\system32\drivers\semav6msr64.sys [21984 2016-10-18] (Intel(R) Code Signing External -> )
R3 taphss6; C:\WINDOWS\System32\drivers\taphss6.sys [42064 2016-08-23] (AnchorFree Inc -> Anchorfree Inc.)
S3 USBAAPL64; C:\WINDOWS\System32\Drivers\usbaapl64.sys [54784 2015-06-17] (Microsoft Windows Hardware Compatibility Publisher -> Apple, Inc.)
S3 VBAudioVMVAIOMME; C:\WINDOWS\system32\DRIVERS\vbaudio_vmvaio64_win7.sys [41192 2015-11-07] (Vincent Burel -> Windows (R) Win 7 DDK provider)
S3 WdBoot; C:\WINDOWS\system32\drivers\WdBoot.sys [44616 2018-04-12] (Microsoft Windows Early Launch Anti-malware Publisher -> Microsoft Corporation)
S3 WdFilter; C:\WINDOWS\system32\drivers\WdFilter.sys [331680 2018-04-12] (Microsoft Windows -> Microsoft Corporation)
S3 WdNisDrv; C:\WINDOWS\System32\Drivers\WdNisDrv.sys [44032 2018-04-12] (Microsoft Windows -> Microsoft Corporation)
R2 WtfEngineDrv; C:\WINDOWS\system32\DRIVERS\WtfEngineDrv.sys [37872 2016-05-20] (Initex, OOO -> AAA Internet Publishing, Inc.)
R1 YSDrv; C:\Program Files (x86)\Bignox\BigNoxVM\RT\YSDrv.sys [270608 2017-12-21] (Beijing Duodian Online Science and Technology Co.,Ltd -> BigNox Corporation)
R2 {329F96B6-DF1E-4328-BFDA-39EA953C1312}; C:\Program Files (x86)\CyberLink\PowerDVD11\Common\NavFilter\000.fcl [148976 2011-04-12] (CyberLink -> CyberLink Corp.)
U3 aswbdisk; no ImagePath
U3 idsvc; no ImagePath

==================== NetSvcs (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)


==================== One month (created) ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2019-04-20 04:30 - 2019-04-20 04:31 - 000000000 ____D C:\Users\Lenovo\Desktop\Comp Tool
2019-04-20 04:30 - 2019-04-20 04:30 - 000012371 _____ C:\Users\Lenovo\Desktop\bookmarks_20_04_2019.html
2019-04-20 04:20 - 2019-04-20 04:20 - 000073912 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\mbam.sys
2019-04-20 04:19 - 2019-04-20 04:19 - 000127136 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\farflt.sys
2019-04-20 04:19 - 2019-04-20 04:19 - 000114040 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\mwac.sys
2019-04-20 04:18 - 2019-04-20 04:18 - 000274416 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\mbamswissarmy.sys
2019-04-20 04:12 - 2019-04-20 04:26 - 000000000 ____D C:\Users\Lenovo\Downloads\FRST
2019-04-20 00:38 - 2019-04-20 00:38 - 000000000 ____D C:\Users\Lenovo\Desktop\Old Firefox Data
2019-04-20 00:36 - 2019-04-20 00:36 - 000000000 ____D C:\Users\Lenovo\AppData\Local\Mozilla
2019-04-19 14:09 - 2019-04-19 14:09 - 000000000 ____D C:\Users\Lenovo\AppData\Local\mbam
2019-04-19 14:08 - 2019-04-19 14:08 - 000198512 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\MbamChameleon.sys
2019-04-19 14:04 - 2019-04-19 14:04 - 000000000 ____D C:\Users\Lenovo\AppData\Local\mbamtray
2019-04-19 14:03 - 2019-04-19 14:03 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes
2019-04-19 14:03 - 2019-02-01 11:20 - 000020936 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\MbamElam.sys
2019-04-19 13:03 - 2019-04-19 13:03 - 001214008 _____ (Google LLC) C:\Users\Lenovo\Downloads\ChromeSetup.exe
2019-04-19 13:03 - 2019-04-19 13:03 - 000002379 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk
2019-04-19 13:03 - 2019-04-19 13:03 - 000002338 _____ C:\Users\Public\Desktop\Google Chrome.lnk
2019-04-19 13:00 - 2019-04-19 13:00 - 000001234 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Firefox.lnk
2019-04-19 13:00 - 2019-04-19 13:00 - 000001222 _____ C:\Users\Public\Desktop\Firefox.lnk
2019-04-19 13:00 - 2019-04-19 13:00 - 000000000 ____D C:\Program Files (x86)\Mozilla Firefox
2019-04-19 12:45 - 2019-04-19 12:45 - 000000000 ____D C:\Users\Lenovo\Downloads\FRST-OlderVersion
2019-04-19 10:06 - 2019-04-19 10:19 - 000003530 _____ C:\WINDOWS\System32\Tasks\GoogleUpdateTaskMachineUA
2019-04-19 10:06 - 2019-04-19 10:19 - 000003406 _____ C:\WINDOWS\System32\Tasks\GoogleUpdateTaskMachineCore
2019-04-19 09:59 - 2019-04-19 09:59 - 001622528 _____ C:\Users\Lenovo\Downloads\resetbrowser.exe
2019-04-19 09:47 - 2019-04-19 09:49 - 005208384 _____ C:\WINDOWS\system32\FNTCACHE.DAT
2019-04-19 09:42 - 2019-04-19 09:44 - 000000000 ____D C:\AdwCleaner
2019-04-19 02:14 - 2019-04-19 12:53 - 000084516 _____ C:\Users\Lenovo\Downloads\Addition.txt
2019-04-19 02:10 - 2019-04-20 04:26 - 000000000 ____D C:\FRST
2019-04-19 02:10 - 2019-04-19 12:53 - 000072532 _____ C:\Users\Lenovo\Downloads\FRST.txt
2019-04-19 01:58 - 2019-04-19 01:58 - 037133296 _____ (Hankuper s.r.o.) C:\Users\Lenovo\Downloads\Adlock_Installer (2).exe
2019-04-19 01:24 - 2019-04-19 01:24 - 037133296 _____ (Hankuper s.r.o.) C:\Users\Lenovo\Downloads\Adlock_Installer (1).exe
2019-04-18 13:15 - 2019-04-19 13:03 - 000000000 ____D C:\Program Files (x86)\Google
2019-04-18 13:15 - 2019-04-18 13:16 - 000000000 ____D C:\Users\Lenovo\AppData\Local\Google clean
2019-04-18 12:52 - 2019-04-18 12:52 - 000000000 ____D C:\WINDOWS\Tasks\ImCleanDisabled
2019-04-18 12:50 - 2019-04-20 04:24 - 000000000 ____D C:\ProgramData\ProductData
2019-04-18 12:50 - 2019-04-18 12:51 - 000000000 ____D C:\Users\Lenovo\AppData\LocalLow\IObit
2019-04-18 12:50 - 2019-04-18 12:50 - 000002950 _____ C:\WINDOWS\System32\Tasks\Uninstaller_SkipUac_Lenovo
2019-04-18 12:49 - 2019-04-18 12:55 - 000000000 ____D C:\Users\Lenovo\AppData\Roaming\IObit
2019-04-18 12:49 - 2019-04-18 12:54 - 000000000 ____D C:\ProgramData\IObit
2019-04-18 12:49 - 2019-04-18 12:49 - 000001430 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\IObit Uninstaller.lnk
2019-04-18 12:49 - 2019-04-18 12:49 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\IObit Uninstaller
2019-04-18 12:49 - 2019-04-18 12:49 - 000000000 ____D C:\Program Files (x86)\IObit
2019-04-18 12:30 - 2019-04-20 04:20 - 000000000 ____D C:\Program Files (x86)\TeamViewer
2019-04-18 12:30 - 2019-04-18 12:30 - 000001118 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\TeamViewer 14.lnk
2019-04-13 05:25 - 2019-04-13 05:25 - 000000077 _____ C:\WINDOWS\system32\Drivers\aswSP.sys.sum
2019-04-10 09:53 - 2019-04-02 14:40 - 000534016 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\vbscript.dll
2019-04-10 09:53 - 2019-03-15 00:34 - 000127488 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppxSysprep.dll
2019-04-10 09:53 - 2019-03-14 18:17 - 002258944 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mssrch.dll
2019-04-10 09:53 - 2019-03-14 18:17 - 000288768 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Search.ProtocolHandler.MAPI2.dll
2019-04-10 09:53 - 2019-03-14 18:14 - 000345088 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\SearchProtocolHost.exe
2019-04-10 09:53 - 2019-03-14 18:14 - 000138240 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\smartscreenps.dll
2019-04-10 09:53 - 2019-03-14 18:13 - 000145408 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mssph.dll
2019-04-10 09:53 - 2019-03-14 17:58 - 000150016 _____ (Microsoft Corporation) C:\WINDOWS\system32\fcon.dll
2019-04-10 09:53 - 2019-03-14 17:56 - 000055296 _____ (Microsoft Corporation) C:\WINDOWS\system32\msscntrs.dll
2019-04-10 09:53 - 2019-03-14 17:54 - 000227328 _____ (Microsoft Corporation) C:\WINDOWS\system32\SearchFilterHost.exe
2019-04-10 09:52 - 2019-04-02 22:38 - 000094008 _____ (Microsoft Corporation) C:\WINDOWS\system32\rdpudd.dll
2019-04-10 09:52 - 2019-04-02 22:33 - 001634912 _____ (Microsoft Corporation) C:\WINDOWS\system32\gdi32full.dll
2019-04-10 09:52 - 2019-04-02 22:33 - 000719984 _____ (Microsoft Corporation) C:\WINDOWS\system32\kernel32.dll
2019-04-10 09:52 - 2019-04-02 22:19 - 012730880 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieframe.dll
2019-04-10 09:52 - 2019-04-02 22:19 - 000064000 _____ (Microsoft Corporation) C:\WINDOWS\system32\iemigplugin.dll
2019-04-10 09:52 - 2019-04-02 22:18 - 000059904 _____ (Microsoft Corporation) C:\WINDOWS\system32\mf3216.dll
2019-04-10 09:52 - 2019-04-02 22:16 - 001030144 _____ (Microsoft Corporation) C:\WINDOWS\system32\termsrv.dll
2019-04-10 09:52 - 2019-04-02 22:15 - 000140800 _____ (Microsoft Corporation) C:\WINDOWS\system32\oleprn.dll
2019-04-10 09:52 - 2019-04-02 22:13 - 001605632 _____ (Microsoft Corporation) C:\WINDOWS\system32\rdpcorets.dll
2019-04-10 09:52 - 2019-04-02 22:12 - 003643904 _____ (Microsoft Corporation) C:\WINDOWS\system32\win32kfull.sys
2019-04-10 09:52 - 2019-04-02 22:12 - 001364992 _____ (Microsoft Corporation) C:\WINDOWS\system32\bcastdvruserservice.dll
2019-04-10 09:52 - 2019-04-02 22:11 - 004053504 _____ (Microsoft Corporation) C:\WINDOWS\system32\msi.dll
2019-04-10 09:52 - 2019-04-02 22:11 - 001857536 _____ (Microsoft Corporation) C:\WINDOWS\system32\msxml3.dll
2019-04-10 09:52 - 2019-04-02 22:11 - 001662976 _____ (Microsoft Corporation) C:\WINDOWS\system32\GdiPlus.dll
2019-04-10 09:52 - 2019-04-02 22:10 - 000130048 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\luafv.sys
2019-04-10 09:52 - 2019-04-02 22:10 - 000033280 _____ (Microsoft Corporation) C:\WINDOWS\system32\sxssrv.dll
2019-04-10 09:52 - 2019-04-02 19:25 - 001454648 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\gdi32full.dll
2019-04-10 09:52 - 2019-04-02 19:25 - 000607960 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\kernel32.dll
2019-04-10 09:52 - 2019-04-02 19:11 - 011919360 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ieframe.dll
2019-04-10 09:52 - 2019-04-02 19:11 - 000046080 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mf3216.dll
2019-04-10 09:52 - 2019-04-02 19:10 - 000117760 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\oleprn.dll
2019-04-10 09:52 - 2019-04-02 19:08 - 002889216 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\win32kfull.sys
2019-04-10 09:52 - 2019-04-02 19:07 - 004054528 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msi.dll
2019-04-10 09:52 - 2019-04-02 19:07 - 001586688 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msxml3.dll
2019-04-10 09:52 - 2019-04-02 19:06 - 001470976 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\GdiPlus.dll
2019-04-10 09:52 - 2019-04-02 18:36 - 001035256 _____ (Microsoft Corporation) C:\WINDOWS\system32\ApplyTrustOffline.exe
2019-04-10 09:52 - 2019-04-02 18:24 - 000135184 _____ (Microsoft Corporation) C:\WINDOWS\system32\hvloader.dll
2019-04-10 09:52 - 2019-04-02 18:23 - 001023800 _____ (Microsoft Corporation) C:\WINDOWS\system32\hvax64.exe
2019-04-10 09:52 - 2019-04-02 18:22 - 001219896 _____ (Microsoft Corporation) C:\WINDOWS\system32\hvix64.exe
2019-04-10 09:52 - 2019-04-02 18:22 - 000567592 _____ (Microsoft Corporation) C:\WINDOWS\system32\tcblaunch.exe
2019-04-10 09:52 - 2019-04-02 18:22 - 000076088 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\hvservice.sys
2019-04-10 09:52 - 2019-04-02 18:21 - 007520136 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Media.Protection.PlayReady.dll
2019-04-10 09:52 - 2019-04-02 18:21 - 002822160 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\dxgkrnl.sys
2019-04-10 09:52 - 2019-04-02 18:21 - 002467536 _____ (Microsoft Corporation) C:\WINDOWS\system32\msxml6.dll
2019-04-10 09:52 - 2019-04-02 18:21 - 000735680 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppXDeploymentClient.dll
2019-04-10 09:52 - 2019-04-02 18:20 - 002719032 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\tcpip.sys
2019-04-10 09:52 - 2019-04-02 18:20 - 000412984 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\dxgmms1.sys
2019-04-10 09:52 - 2019-04-02 18:19 - 009083704 _____ (Microsoft Corporation) C:\WINDOWS\system32\ntoskrnl.exe
2019-04-10 09:52 - 2019-04-02 18:19 - 000793400 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\dxgmms2.sys
2019-04-10 09:52 - 2019-04-02 18:19 - 000786080 _____ (Microsoft Corporation) C:\WINDOWS\system32\oleaut32.dll
2019-04-10 09:52 - 2019-04-02 18:19 - 000713272 _____ (Microsoft Corporation) C:\WINDOWS\system32\MSVideoDSP.dll
2019-04-10 09:52 - 2019-04-02 18:01 - 025857536 _____ (Microsoft Corporation) C:\WINDOWS\system32\edgehtml.dll
2019-04-10 09:52 - 2019-04-02 17:53 - 022717440 _____ (Microsoft Corporation) C:\WINDOWS\system32\mshtml.dll
2019-04-10 09:52 - 2019-04-02 17:53 - 004384256 _____ (Microsoft Corporation) C:\WINDOWS\system32\EdgeContent.dll
2019-04-10 09:52 - 2019-04-02 17:51 - 003399680 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppXDeploymentServer.dll
2019-04-10 09:52 - 2019-04-02 17:50 - 007591936 _____ (Microsoft Corporation) C:\WINDOWS\system32\Chakra.dll
2019-04-10 09:52 - 2019-04-02 17:50 - 000808448 _____ (Microsoft Corporation) C:\WINDOWS\system32\EdgeManager.dll
2019-04-10 09:52 - 2019-04-02 17:49 - 001307648 _____ (Microsoft Corporation) C:\WINDOWS\system32\MSVPXENC.dll
2019-04-10 09:52 - 2019-04-02 17:49 - 000209408 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppXApplicabilityBlob.dll
2019-04-10 09:52 - 2019-04-02 17:48 - 001559552 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppXDeploymentExtensions.desktop.dll
2019-04-10 09:52 - 2019-04-02 17:48 - 000310272 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\netbt.sys
2019-04-10 09:52 - 2019-04-02 17:48 - 000154112 _____ (Microsoft Corporation) C:\WINDOWS\system32\Chakradiag.dll
2019-04-10 09:52 - 2019-04-02 17:47 - 001214464 _____ (Microsoft Corporation) C:\WINDOWS\system32\rdpcore.dll
2019-04-10 09:52 - 2019-04-02 17:47 - 000894464 _____ (Microsoft Corporation) C:\WINDOWS\system32\webplatstorageserver.dll
2019-04-10 09:52 - 2019-04-02 17:46 - 002174976 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppXDeploymentExtensions.onecore.dll
2019-04-10 09:52 - 2019-04-02 17:45 - 000323584 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppxAllUserStore.dll
2019-04-10 09:52 - 2019-04-02 17:44 - 002208768 _____ (Microsoft Corporation) C:\WINDOWS\system32\win32kbase.sys
2019-04-10 09:52 - 2019-04-02 17:44 - 001724416 _____ (Microsoft Corporation) C:\WINDOWS\system32\rdpserverbase.dll
2019-04-10 09:52 - 2019-04-02 17:44 - 001421312 _____ (Microsoft Corporation) C:\WINDOWS\system32\rdpbase.dll
2019-04-10 09:52 - 2019-04-02 17:43 - 000542720 _____ (Microsoft Corporation) C:\WINDOWS\system32\vbscript.dll
2019-04-10 09:52 - 2019-04-02 16:22 - 000001312 _____ C:\WINDOWS\system32\tcbres.wim
2019-04-10 09:52 - 2019-04-02 15:05 - 001989544 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msxml6.dll
2019-04-10 09:52 - 2019-04-02 15:04 - 006572120 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Media.Protection.PlayReady.dll
2019-04-10 09:52 - 2019-04-02 15:04 - 000604008 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\oleaut32.dll
2019-04-10 09:52 - 2019-04-02 15:04 - 000581832 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MSVideoDSP.dll
2019-04-10 09:52 - 2019-04-02 15:04 - 000560600 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\AppXDeploymentClient.dll
2019-04-10 09:52 - 2019-04-02 14:56 - 022018048 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\edgehtml.dll
2019-04-10 09:52 - 2019-04-02 14:50 - 019404800 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mshtml.dll
2019-04-10 09:52 - 2019-04-02 14:43 - 005788160 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Chakra.dll
2019-04-10 09:52 - 2019-04-02 14:43 - 000608768 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\EdgeManager.dll
2019-04-10 09:52 - 2019-04-02 14:43 - 000578560 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\webplatstorageserver.dll
2019-04-10 09:52 - 2019-04-02 14:42 - 001295360 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MSVPXENC.dll
2019-04-10 09:52 - 2019-04-02 14:41 - 001540096 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\rdpserverbase.dll
2019-04-10 09:52 - 2019-04-02 14:41 - 001235968 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\rdpbase.dll
2019-04-10 09:52 - 2019-04-02 14:41 - 000230912 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\AppxAllUserStore.dll
2019-04-10 09:52 - 2019-04-02 14:40 - 001073664 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\rdpcore.dll
2019-04-10 09:52 - 2019-03-16 22:54 - 001008640 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Media.MixedRealityCapture.dll
2019-04-10 09:52 - 2019-03-16 19:03 - 000868864 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Media.MixedRealityCapture.dll
2019-04-10 09:52 - 2019-03-15 00:55 - 001786680 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppVEntVirtualization.dll
2019-04-10 09:52 - 2019-03-15 00:53 - 001626928 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppVIntegration.dll
2019-04-10 09:52 - 2019-03-15 00:53 - 001038136 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppVPolicy.dll
2019-04-10 09:52 - 2019-03-15 00:53 - 000652088 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppVPublishing.dll
2019-04-10 09:52 - 2019-03-15 00:53 - 000400696 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppVScripting.dll
2019-04-10 09:52 - 2019-03-15 00:52 - 003933296 _____ (Microsoft Corporation) C:\WINDOWS\explorer.exe
2019-04-10 09:52 - 2019-03-15 00:52 - 001424696 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppVEntSubsystemController.dll
2019-04-10 09:52 - 2019-03-15 00:52 - 000954160 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppVManifest.dll
2019-04-10 09:52 - 2019-03-15 00:52 - 000830264 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppVOrchestration.dll
2019-04-10 09:52 - 2019-03-15 00:52 - 000827704 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppVClient.exe
2019-04-10 09:52 - 2019-03-15 00:52 - 000825144 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppVEntStreamingManager.dll
2019-04-10 09:52 - 2019-03-15 00:52 - 000749880 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppVReporting.dll
2019-04-10 09:52 - 2019-03-15 00:52 - 000670008 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppVCatalog.dll
2019-04-10 09:52 - 2019-03-15 00:52 - 000495416 _____ (Microsoft Corporation) C:\WINDOWS\system32\TransportDSA.dll
2019-04-10 09:52 - 2019-03-15 00:52 - 000164664 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\AppvVemgr.sys
2019-04-10 09:52 - 2019-03-15 00:51 - 000157192 _____ (Microsoft Corporation) C:\WINDOWS\system32\consent.exe
2019-04-10 09:52 - 2019-03-15 00:35 - 000011776 _____ (Microsoft Corporation) C:\WINDOWS\system32\appinfoext.dll
2019-04-10 09:52 - 2019-03-15 00:33 - 000182784 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\rdpdr.sys
2019-04-10 09:52 - 2019-03-15 00:33 - 000082432 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\storqosflt.sys
2019-04-10 09:52 - 2019-03-15 00:33 - 000030208 _____ (Microsoft Corporation) C:\WINDOWS\system32\RpcPing.exe
2019-04-10 09:52 - 2019-03-15 00:31 - 000198656 _____ (Microsoft Corporation) C:\WINDOWS\system32\wincredui.dll
2019-04-10 09:52 - 2019-03-15 00:30 - 000675328 _____ (Microsoft Corporation) C:\WINDOWS\system32\objsel.dll
2019-04-10 09:52 - 2019-03-15 00:30 - 000440832 _____ (Microsoft Corporation) C:\WINDOWS\system32\LockAppBroker.dll
2019-04-10 09:52 - 2019-03-15 00:29 - 000882688 _____ (Microsoft Corporation) C:\WINDOWS\system32\SmartcardCredentialProvider.dll
2019-04-10 09:52 - 2019-03-15 00:29 - 000727040 _____ (Microsoft Corporation) C:\WINDOWS\system32\cscsvc.dll
2019-04-10 09:52 - 2019-03-15 00:28 - 000560640 _____ (Microsoft Corporation) C:\WINDOWS\system32\dsound.dll
2019-04-10 09:52 - 2019-03-15 00:08 - 003611264 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\explorer.exe
2019-04-10 09:52 - 2019-03-14 23:56 - 000160768 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wincredui.dll
2019-04-10 09:52 - 2019-03-14 23:55 - 000026624 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\RpcPing.exe
2019-04-10 09:52 - 2019-03-14 23:53 - 000625664 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\SmartcardCredentialProvider.dll
2019-04-10 09:52 - 2019-03-14 23:53 - 000559104 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\objsel.dll
2019-04-10 09:52 - 2019-03-14 23:53 - 000375808 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\LockAppBroker.dll
2019-04-10 09:52 - 2019-03-14 23:52 - 000502784 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dsound.dll
2019-04-10 09:52 - 2019-03-14 18:57 - 000611640 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\spaceport.sys
2019-04-10 09:52 - 2019-03-14 18:56 - 000375096 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\pci.sys
2019-04-10 09:52 - 2019-03-14 18:38 - 000380728 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msv1_0.dll
2019-04-10 09:52 - 2019-03-14 18:38 - 000090360 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mpr.dll
2019-04-10 09:52 - 2019-03-14 18:37 - 006043496 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\windows.storage.dll
2019-04-10 09:52 - 2019-03-14 18:37 - 002256248 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\iertutil.dll
2019-04-10 09:52 - 2019-03-14 18:37 - 001171568 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ucrtbase.dll
2019-04-10 09:52 - 2019-03-14 18:28 - 000152072 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\wcifs.sys
2019-04-10 09:52 - 2019-03-14 18:27 - 000436024 _____ (Microsoft Corporation) C:\WINDOWS\system32\msv1_0.dll
2019-04-10 09:52 - 2019-03-14 18:27 - 000097600 _____ (Microsoft Corporation) C:\WINDOWS\system32\mpr.dll
2019-04-10 09:52 - 2019-03-14 18:26 - 007436016 _____ (Microsoft Corporation) C:\WINDOWS\system32\windows.storage.dll
2019-04-10 09:52 - 2019-03-14 18:26 - 002768448 _____ (Microsoft Corporation) C:\WINDOWS\system32\iertutil.dll
2019-04-10 09:52 - 2019-03-14 18:26 - 002421048 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\ntfs.sys
2019-04-10 09:52 - 2019-03-14 18:26 - 001457576 _____ (Microsoft Corporation) C:\WINDOWS\system32\winload.efi
2019-04-10 09:52 - 2019-03-14 18:26 - 001258688 _____ (Microsoft Corporation) C:\WINDOWS\system32\winload.exe
2019-04-10 09:52 - 2019-03-14 18:26 - 001140984 _____ (Microsoft Corporation) C:\WINDOWS\system32\winresume.efi
2019-04-10 09:52 - 2019-03-14 18:26 - 001014344 _____ (Microsoft Corporation) C:\WINDOWS\system32\ucrtbase.dll
2019-04-10 09:52 - 2019-03-14 18:26 - 000983424 _____ (Microsoft Corporation) C:\WINDOWS\system32\winresume.exe
2019-04-10 09:52 - 2019-03-14 18:26 - 000481048 _____ (Microsoft Corporation) C:\WINDOWS\system32\ucrtbase_enclave.dll
2019-04-10 09:52 - 2019-03-14 18:26 - 000175416 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\spacedump.sys
2019-04-10 09:52 - 2019-03-14 18:22 - 002700288 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\tquery.dll
2019-04-10 09:52 - 2019-03-14 18:20 - 006661632 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Data.Pdf.dll
2019-04-10 09:52 - 2019-03-14 18:19 - 003711488 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\jscript9.dll
2019-04-10 09:52 - 2019-03-14 18:19 - 002969600 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\cdp.dll
2019-04-10 09:52 - 2019-03-14 18:18 - 005307392 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\d2d1.dll
2019-04-10 09:52 - 2019-03-14 18:18 - 000095744 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\UserDataTimeUtil.dll
2019-04-10 09:52 - 2019-03-14 18:18 - 000035840 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\credui.dll
2019-04-10 09:52 - 2019-03-14 18:18 - 000002560 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\tzres.dll
2019-04-10 09:52 - 2019-03-14 18:17 - 000561152 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\jscript9diag.dll
2019-04-10 09:52 - 2019-03-14 18:17 - 000261632 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dhcpcore6.dll
2019-04-10 09:52 - 2019-03-14 18:17 - 000105472 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wcmapi.dll
2019-04-10 09:52 - 2019-03-14 18:17 - 000057344 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ntlanman.dll
2019-04-10 09:52 - 2019-03-14 18:16 - 000392192 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\daxexec.dll
2019-04-10 09:52 - 2019-03-14 18:16 - 000333824 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\edgeIso.dll
2019-04-10 09:52 - 2019-03-14 18:15 - 000415744 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\schannel.dll
2019-04-10 09:52 - 2019-03-14 18:15 - 000318464 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dhcpcore.dll
2019-04-10 09:52 - 2019-03-14 18:15 - 000195072 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ShellCommonCommonProxyStub.dll
2019-04-10 09:52 - 2019-03-14 18:15 - 000102400 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\negoexts.dll
2019-04-10 09:52 - 2019-03-14 18:14 - 001070080 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\aadtb.dll
2019-04-10 09:52 - 2019-03-14 18:14 - 000856576 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\SearchIndexer.exe
2019-04-10 09:52 - 2019-03-14 18:14 - 000735744 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mssvp.dll
2019-04-10 09:52 - 2019-03-14 18:14 - 000330752 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Graphics.Printing.Workflow.dll
2019-04-10 09:52 - 2019-03-14 18:14 - 000251904 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msIso.dll
2019-04-10 09:52 - 2019-03-14 18:13 - 001468416 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ieapfltr.dll
2019-04-10 09:52 - 2019-03-14 18:13 - 000669696 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\jscript.dll
2019-04-10 09:52 - 2019-03-14 18:01 - 008188928 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Data.Pdf.dll
2019-04-10 09:52 - 2019-03-14 17:58 - 004708864 _____ (Microsoft Corporation) C:\WINDOWS\system32\cdp.dll
2019-04-10 09:52 - 2019-03-14 17:58 - 002509824 _____ (Microsoft Corporation) C:\WINDOWS\system32\smartscreen.exe
2019-04-10 09:52 - 2019-03-14 17:57 - 004866560 _____ (Microsoft Corporation) C:\WINDOWS\system32\jscript9.dll
2019-04-10 09:52 - 2019-03-14 17:57 - 000106496 _____ (Microsoft Corporation) C:\WINDOWS\system32\NotificationControllerPS.dll
2019-04-10 09:52 - 2019-03-14 17:56 - 003392000 _____ (Microsoft Corporation) C:\WINDOWS\system32\tquery.dll
2019-04-10 09:52 - 2019-03-14 17:56 - 000144384 _____ (Microsoft Corporation) C:\WINDOWS\system32\mssprxy.dll
2019-04-10 09:52 - 2019-03-14 17:56 - 000120320 _____ (Microsoft Corporation) C:\WINDOWS\system32\UserDataTimeUtil.dll
2019-04-10 09:52 - 2019-03-14 17:56 - 000002560 _____ (Microsoft Corporation) C:\WINDOWS\system32\tzres.dll
2019-04-10 09:52 - 2019-03-14 17:55 - 003601920 _____ (Microsoft Corporation) C:\WINDOWS\system32\Microsoft.Bluetooth.Service.dll
2019-04-10 09:52 - 2019-03-14 17:55 - 002739200 _____ (Microsoft Corporation) C:\WINDOWS\system32\mssrch.dll
2019-04-10 09:52 - 2019-03-14 17:55 - 000528896 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\nwifi.sys
2019-04-10 09:52 - 2019-03-14 17:55 - 000458752 _____ (Microsoft Corporation) C:\WINDOWS\system32\cloudAP.dll
2019-04-10 09:52 - 2019-03-14 17:55 - 000414720 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\cldflt.sys
2019-04-10 09:52 - 2019-03-14 17:55 - 000141312 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppointmentActivation.dll
2019-04-10 09:52 - 2019-03-14 17:55 - 000134656 _____ (Microsoft Corporation) C:\WINDOWS\system32\wcmapi.dll
2019-04-10 09:52 - 2019-03-14 17:55 - 000099328 _____ (Microsoft Corporation) C:\WINDOWS\system32\ActiveSyncCsp.dll
2019-04-10 09:52 - 2019-03-14 17:55 - 000069120 _____ (Microsoft Corporation) C:\WINDOWS\system32\ntlanman.dll
2019-04-10 09:52 - 2019-03-14 17:55 - 000062976 _____ (Microsoft Corporation) C:\WINDOWS\system32\EASPolicyManagerBrokerHost.exe
2019-04-10 09:52 - 2019-03-14 17:55 - 000048640 _____ (Microsoft Corporation) C:\WINDOWS\system32\credui.dll
2019-04-10 09:52 - 2019-03-14 17:54 - 002368000 _____ (Microsoft Corporation) C:\WINDOWS\system32\WebRuntimeManager.dll
2019-04-10 09:52 - 2019-03-14 17:54 - 000566784 _____ (Microsoft Corporation) C:\WINDOWS\system32\daxexec.dll
2019-04-10 09:52 - 2019-03-14 17:54 - 000395776 _____ (Microsoft Corporation) C:\WINDOWS\system32\Search.ProtocolHandler.MAPI2.dll
2019-04-10 09:52 - 2019-03-14 17:54 - 000354304 _____ (Microsoft Corporation) C:\WINDOWS\system32\dhcpcore.dll
2019-04-10 09:52 - 2019-03-14 17:54 - 000279552 _____ (Microsoft Corporation) C:\WINDOWS\system32\dhcpcore6.dll
2019-04-10 09:52 - 2019-03-14 17:54 - 000273408 _____ (Microsoft Corporation) C:\WINDOWS\system32\ubpm.dll
2019-04-10 09:52 - 2019-03-14 17:54 - 000231936 _____ (Microsoft Corporation) C:\WINDOWS\system32\wcmcsp.dll
2019-04-10 09:52 - 2019-03-14 17:54 - 000118784 _____ (Microsoft Corporation) C:\WINDOWS\system32\negoexts.dll
2019-04-10 09:52 - 2019-03-14 17:54 - 000110592 _____ (Microsoft Corporation) C:\WINDOWS\system32\ngcpopkeysrv.dll
2019-04-10 09:52 - 2019-03-14 17:53 - 000787968 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\WdiWiFi.sys
2019-04-10 09:52 - 2019-03-14 17:53 - 000726528 _____ (Microsoft Corporation) C:\WINDOWS\system32\jscript9diag.dll
2019-04-10 09:52 - 2019-03-14 17:53 - 000473600 _____ (Microsoft Corporation) C:\WINDOWS\system32\schannel.dll
2019-04-10 09:52 - 2019-03-14 17:53 - 000456192 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Graphics.Printing.Workflow.dll
2019-04-10 09:52 - 2019-03-14 17:52 - 002909696 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuaueng.dll
2019-04-10 09:52 - 2019-03-14 17:52 - 000532992 _____ (Microsoft Corporation) C:\WINDOWS\system32\QuietHours.dll
2019-04-10 09:52 - 2019-03-14 17:52 - 000404480 _____ (Microsoft Corporation) C:\WINDOWS\system32\ShellCommonCommonProxyStub.dll
2019-04-10 09:52 - 2019-03-14 17:52 - 000201728 _____ (Microsoft Corporation) C:\WINDOWS\system32\smartscreenps.dll
2019-04-10 09:52 - 2019-03-14 17:51 - 001216000 _____ (Microsoft Corporation) C:\WINDOWS\system32\NotificationController.dll
2019-04-10 09:52 - 2019-03-14 17:51 - 001058304 _____ (Microsoft Corporation) C:\WINDOWS\system32\SearchIndexer.exe
2019-04-10 09:52 - 2019-03-14 17:51 - 000226304 _____ (Microsoft Corporation) C:\WINDOWS\system32\TetheringMgr.dll
2019-04-10 09:52 - 2019-03-14 17:50 - 001587712 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieapfltr.dll
2019-04-10 09:52 - 2019-03-14 17:50 - 001410560 _____ (Microsoft Corporation) C:\WINDOWS\system32\aadtb.dll
2019-04-10 09:52 - 2019-03-14 17:50 - 000947200 _____ (Microsoft Corporation) C:\WINDOWS\system32\wcmsvc.dll
2019-04-10 09:52 - 2019-03-14 17:50 - 000847360 _____ (Microsoft Corporation) C:\WINDOWS\system32\bisrv.dll
2019-04-10 09:52 - 2019-03-14 17:50 - 000796672 _____ (Microsoft Corporation) C:\WINDOWS\system32\mssvp.dll
2019-04-10 09:52 - 2019-03-14 17:50 - 000776192 _____ (Microsoft Corporation) C:\WINDOWS\system32\jscript.dll
2019-04-10 09:52 - 2019-03-14 17:50 - 000507392 _____ (Microsoft Corporation) C:\WINDOWS\system32\edgeIso.dll
2019-04-10 09:52 - 2019-03-14 17:50 - 000406528 _____ (Microsoft Corporation) C:\WINDOWS\system32\SearchProtocolHost.exe
2019-04-10 09:52 - 2019-03-14 17:50 - 000176640 _____ (Microsoft Corporation) C:\WINDOWS\system32\mssph.dll
2019-04-10 09:52 - 2019-03-14 11:57 - 001311744 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msjet40.dll
2019-04-10 09:52 - 2019-03-14 11:57 - 000475648 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msxbde40.dll
2019-04-10 09:52 - 2019-03-14 11:57 - 000375808 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mspbde40.dll
2019-04-10 09:52 - 2019-03-14 11:57 - 000352768 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msrd3x40.dll
2019-04-10 09:52 - 2019-03-14 11:57 - 000340992 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msexcl40.dll
2019-04-09 03:02 - 2019-04-09 03:02 - 000000000 ____D C:\ProgramData\Hankuper
2019-04-09 03:02 - 2019-04-09 03:02 - 000000000 ____D C:\Program Files\AdLock
2019-04-09 02:58 - 2019-04-09 02:58 - 036153840 _____ (Hankuper s.r.o.) C:\Users\Lenovo\Downloads\Adlock_Installer.exe
2019-04-09 00:08 - 2019-04-09 00:08 - 003976665 _____ C:\Users\Lenovo\Downloads\Mega Man Battle Network 2 (USA).zip
2019-04-06 18:30 - 2019-04-06 18:30 - 000364952 _____ C:\Users\Lenovo\Downloads\download.pdf
2019-04-05 11:04 - 2019-04-05 11:04 - 000192384 _____ C:\Users\Lenovo\Downloads\9299 (1) (1).pdf
2019-04-05 11:02 - 2019-04-05 11:02 - 000182444 _____ C:\Users\Lenovo\Downloads\9299 (1).pdf
2019-04-05 11:00 - 2019-04-05 11:00 - 000182444 _____ C:\Users\Lenovo\Downloads\929 (1).pdf
2019-04-05 10:00 - 2019-04-05 10:00 - 000338279 _____ C:\Users\Lenovo\Downloads\form 80 2015-2019(1) (1)[1145].pdf
2019-04-01 15:19 - 2019-04-01 15:19 - 000182444 _____ C:\Users\Lenovo\Downloads\929.pdf
2019-04-01 15:01 - 2019-04-01 15:01 - 000233489 _____ C:\Users\Lenovo\Downloads\form 80 2015-2019(1) (1).pdf
2019-03-31 01:33 - 2019-03-31 01:33 - 000000000 ____D C:\Users\Lenovo\Downloads\New folder
2019-03-27 12:24 - 2019-03-27 12:24 - 000233489 _____ C:\Users\Lenovo\Downloads\form 80 2015-2019(1).pdf
2019-03-25 13:27 - 2019-03-25 13:27 - 000063894 _____ C:\Users\Lenovo\Downloads\Albert - Akta lahir.pdf
2019-03-25 13:02 - 2019-03-25 13:02 - 001771175 _____ C:\Users\Lenovo\Downloads\Statement20181231.pdf
2019-03-25 13:01 - 2019-03-25 13:01 - 000116172 _____ C:\Users\Lenovo\Downloads\scoreReport (2).pdf
2019-03-21 23:11 - 2019-03-23 15:36 - 000000000 ____D C:\ProgramData\Stardock
2019-03-21 23:11 - 2019-03-21 23:11 - 000000000 ____D C:\Users\Lenovo\AppData\Local\Stardock
2019-03-21 23:10 - 2019-03-21 23:10 - 000000000 ____D C:\Users\Lenovo\Documents\My Games
2019-03-21 23:10 - 2019-03-21 23:10 - 000000000 ____D C:\Users\Lenovo\AppData\LocalLow\MohawkGames

==================== One month (modified) ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2019-04-20 04:30 - 2014-12-30 12:34 - 000000000 ____D C:\Users\Lenovo\AppData\Local\CrashDumps
2019-04-20 04:21 - 2018-04-12 09:38 - 000000000 ____D C:\ProgramData\regid.1991-06.com.microsoft
2019-04-20 04:19 - 2018-04-12 09:36 - 000000000 ____D C:\WINDOWS\INF
2019-04-20 04:18 - 2018-05-26 17:40 - 000000006 ____H C:\WINDOWS\Tasks\SA.DAT
2019-04-20 04:18 - 2018-03-22 23:45 - 000000008 __RSH C:\ProgramData\ntuser.pol
2019-04-20 04:18 - 2014-11-25 18:39 - 000000000 ____D C:\Program Files (x86)\Mozilla Maintenance Service
2019-04-20 04:16 - 2018-04-12 07:04 - 000524288 _____ C:\WINDOWS\system32\config\BBI
2019-04-20 04:15 - 2016-12-09 20:20 - 000000000 ____D C:\Users\Lenovo\AppData\LocalLow\Temp
2019-04-20 04:14 - 2009-07-14 13:20 - 000000000 ___HD C:\WINDOWS\system32\GroupPolicy
2019-04-20 02:39 - 2018-05-26 17:01 - 000000000 ____D C:\WINDOWS\system32\SleepStudy
2019-04-20 00:38 - 2016-12-21 04:23 - 000000000 ____D C:\Users\Lenovo\AppData\LocalLow\Mozilla
2019-04-20 00:36 - 2014-11-25 18:39 - 000000000 ____D C:\Users\Lenovo\AppData\Roaming\Mozilla
2019-04-19 14:07 - 2018-03-22 23:25 - 000153328 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\mbae64.sys
2019-04-19 14:03 - 2018-04-12 09:38 - 000000000 ___HD C:\WINDOWS\ELAMBKUP
2019-04-19 12:57 - 2018-03-25 06:00 - 000000000 ____D C:\Program Files (x86)\Intel Driver and Support Assistant
2019-04-19 12:47 - 2018-03-22 21:37 - 000000000 ____D C:\ProgramData\360safe
2019-04-19 12:47 - 2014-11-25 18:39 - 000000000 ____D C:\ProgramData\Mozilla
2019-04-19 10:24 - 2018-03-22 21:37 - 000000000 ____D C:\Users\Lenovo\AppData\LocalLow\360WD
2019-04-19 10:08 - 2018-03-22 21:37 - 000000000 _RSHD C:\360SANDBOX
2019-04-19 10:01 - 2018-03-22 22:30 - 000000000 __SHD C:\$360Section
2019-04-19 10:01 - 2018-03-22 22:05 - 000000000 ____D C:\ProgramData\360Quarant
2019-04-19 09:47 - 2018-03-25 05:46 - 000000000 ____D C:\Program Files (x86)\Driver Support
2019-04-19 04:48 - 2018-04-12 09:38 - 000000000 ____D C:\WINDOWS\AppReadiness
2019-04-19 02:36 - 2017-09-30 14:04 - 000000000 ____D C:\Users\Lenovo\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Albion Online
2019-04-19 02:35 - 2019-02-26 14:27 - 000000000 ____D C:\WINDOWS\Minidump
2019-04-18 15:45 - 2017-12-30 07:35 - 000000000 ____D C:\Users\Lenovo\AppData\Local\Packages
2019-04-18 13:26 - 2017-10-16 00:08 - 000000000 ____D C:\ProgramData\Package Cache
2019-04-18 13:26 - 2017-05-27 00:44 - 000000000 ____D C:\ProgramData\Adguard
2019-04-18 13:26 - 2017-05-27 00:43 - 000000000 ____D C:\Program Files (x86)\Adguard
2019-04-18 12:32 - 2015-09-12 20:58 - 000000000 ____D C:\Users\Lenovo\AppData\Local\TeamViewer
2019-04-18 12:30 - 2018-05-26 17:10 - 000000000 ____D C:\Users\DefaultAppPool
2019-04-18 12:30 - 2015-09-12 20:45 - 000000000 ____D C:\Users\Lenovo\AppData\Roaming\TeamViewer
2019-04-18 10:28 - 2018-03-22 21:37 - 000000000 ____D C:\Users\Lenovo\AppData\Roaming\360safe
2019-04-18 10:20 - 2018-05-26 17:10 - 000000000 ____D C:\Users\Lenovo
2019-04-18 10:14 - 2018-04-12 09:38 - 000000000 ____D C:\WINDOWS\system32\NDF
2019-04-18 03:57 - 2018-03-24 19:05 - 000000428 _____ C:\WINDOWS\Tasks\Driver Easy Scheduled Scan.job
2019-04-18 03:50 - 2019-02-16 23:48 - 000003752 _____ C:\WINDOWS\System32\Tasks\Opera scheduled assistant Autoupdate 1550324909
2019-04-18 03:50 - 2018-05-26 17:40 - 000003752 _____ C:\WINDOWS\System32\Tasks\Adobe Flash Player NPAPI Notifier
2019-04-18 03:50 - 2018-05-26 17:40 - 000003556 _____ C:\WINDOWS\System32\Tasks\Driver Easy Scheduled Scan
2019-04-18 03:50 - 2018-05-26 17:40 - 000002970 _____ C:\WINDOWS\System32\Tasks\IntelSURQC-Upgrade-86621605-2a0b-4128-8ffc-15514c247132
2019-04-18 03:50 - 2018-05-26 17:40 - 000002646 _____ C:\WINDOWS\System32\Tasks\McAfee Remediation (Prepare)
2019-04-18 03:50 - 2018-05-26 17:40 - 000002604 _____ C:\WINDOWS\System32\Tasks\IntelSURQC-Upgrade-86621605-2a0b-4128-8ffc-15514c247132-Logon
2019-04-18 03:50 - 2018-05-26 17:40 - 000002220 _____ C:\WINDOWS\System32\Tasks\CCleanerSkipUAC
2019-04-18 03:50 - 2018-05-26 17:40 - 000002202 _____ C:\WINDOWS\System32\Tasks\StartCN
2019-04-18 03:48 - 2019-03-18 21:26 - 000000000 ____D C:\WINDOWS\System32\Tasks\Avast Software
2019-04-18 01:12 - 2017-09-28 20:12 - 000061060 _____ C:\Users\Lenovo\Desktop\Share.xlsx
2019-04-17 19:52 - 2018-04-12 09:38 - 000000000 ___HD C:\Program Files\WindowsApps
2019-04-16 13:23 - 2018-12-26 22:02 - 000019344 _____ C:\Users\Lenovo\Desktop\Mascot-202-RENT.xlsx
2019-04-13 19:26 - 2016-09-22 12:11 - 000000000 ____D C:\Users\Lenovo\AppData\Roaming\vlc
2019-04-13 05:25 - 2019-03-18 21:25 - 000476264 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\asw1af7b8ca475981fe.tmp
2019-04-12 03:45 - 2018-05-27 10:37 - 000503220 _____ C:\WINDOWS\system32\perfh011.dat
2019-04-12 03:45 - 2018-05-27 10:37 - 000145096 _____ C:\WINDOWS\system32\perfc011.dat
2019-04-12 03:45 - 2018-05-26 17:09 - 001571872 _____ C:\WINDOWS\system32\PerfStringBackup.INI
2019-04-12 02:47 - 2018-03-22 21:47 - 000001443 _____ C:\Users\Lenovo\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Opera Browser.lnk
2019-04-11 18:06 - 2018-03-22 21:38 - 000000000 ____D C:\Users\Lenovo\AppData\Roaming\360TotalSecurity
2019-04-11 17:47 - 2018-04-12 19:20 - 000000000 ____D C:\Program Files\Windows Defender Advanced Threat Protection
2019-04-11 17:47 - 2018-04-12 09:38 - 000000000 ___RD C:\Program Files\Windows Defender
2019-04-11 17:47 - 2018-04-12 09:38 - 000000000 ____D C:\WINDOWS\TextInput
2019-04-11 17:47 - 2018-04-12 09:38 - 000000000 ____D C:\WINDOWS\PolicyDefinitions
2019-04-11 17:47 - 2018-04-12 09:38 - 000000000 ____D C:\WINDOWS\bcastdvr
2019-04-10 10:03 - 2018-04-12 09:30 - 000000000 ____D C:\WINDOWS\CbsTemp
2019-04-10 09:51 - 2015-03-13 02:43 - 000000000 ____D C:\WINDOWS\system32\MRT
2019-04-10 09:44 - 2015-03-13 02:42 - 131129288 ____C (Microsoft Corporation) C:\WINDOWS\system32\MRT.exe
2019-04-07 23:23 - 2018-03-22 21:48 - 000000000 ____D C:\Users\Lenovo\AppData\Roaming\360DrvMgr
2019-04-05 21:35 - 2017-09-29 19:45 - 000000000 ____D C:\Program Files\rempl
2019-04-02 03:51 - 2018-11-18 11:45 - 000835480 _____ (Adobe) C:\WINDOWS\SysWOW64\FlashPlayerApp.exe
2019-04-02 03:51 - 2018-11-18 11:45 - 000179608 _____ (Adobe) C:\WINDOWS\SysWOW64\FlashPlayerCPLApp.cpl
2019-03-26 08:20 - 2019-02-19 10:38 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Daum
2019-03-26 07:28 - 2019-03-18 21:25 - 000004264 _____ C:\WINDOWS\System32\Tasks\Avast Emergency Update
2019-03-21 15:57 - 2017-08-11 00:34 - 000000000 ____D C:\Users\Lenovo\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Steam

==================== Files in the root of some directories =======

2017-05-27 00:44 - 2018-06-15 09:49 - 000000267 _____ () C:\ProgramData\fontcacheev1.dat
2018-08-13 21:01 - 2018-06-14 21:01 - 000000032 ____R () C:\ProgramData\hash.dat
2015-10-04 11:58 - 2015-10-04 11:58 - 000000097 _____ () C:\Users\Lenovo\AppData\Roaming\settings.xml
2015-04-25 14:16 - 2015-04-25 14:16 - 000000054 _____ () C:\Users\Lenovo\AppData\Roaming\updater.cfg
2015-11-09 13:55 - 2015-11-30 19:16 - 000002856 _____ () C:\Users\Lenovo\AppData\Roaming\VoiceMeeterDefault.xml
2016-09-23 11:37 - 2017-01-05 11:54 - 000000202 _____ () C:\Users\Lenovo\AppData\Roaming\_encryptiondb.grf
2014-11-26 19:09 - 2014-11-26 19:09 - 000000038 ___SH () C:\Users\Lenovo\AppData\Local\1754111884ee9ab5277ca00.95260103
2014-12-26 00:02 - 2016-06-26 16:10 - 000007603 _____ () C:\Users\Lenovo\AppData\Local\Resmon.ResmonCfg

==================== Bamital & volsnap ======================

(There is no automatic fix for files that do not pass verification.)

C:\WINDOWS\system32\winlogon.exe => File is digitally signed
C:\WINDOWS\system32\wininit.exe => File is digitally signed
C:\WINDOWS\explorer.exe => File is digitally signed
C:\WINDOWS\SysWOW64\explorer.exe => File is digitally signed
C:\WINDOWS\system32\svchost.exe => File is digitally signed
C:\WINDOWS\SysWOW64\svchost.exe => File is digitally signed
C:\WINDOWS\system32\services.exe => File is digitally signed
C:\WINDOWS\system32\User32.dll => File is digitally signed
C:\WINDOWS\SysWOW64\User32.dll => File is digitally signed
C:\WINDOWS\system32\userinit.exe => File is digitally signed
C:\WINDOWS\SysWOW64\userinit.exe => File is digitally signed
C:\WINDOWS\system32\rpcss.dll => File is digitally signed
C:\WINDOWS\system32\dnsapi.dll => File is digitally signed
C:\WINDOWS\SysWOW64\dnsapi.dll => File is digitally signed
C:\WINDOWS\system32\dllhost.exe => File is digitally signed
C:\WINDOWS\SysWOW64\dllhost.exe => File is digitally signed
C:\WINDOWS\system32\Drivers\volsnap.sys => File is digitally signed

LastRegBack: 2018-05-26 17:01

==================== End of FRST.txt ============================

Addition:
Additional scan result of Farbar Recovery Scan Tool (x64) Version: 18.04.2019
Ran by Lenovo (20-04-2019 04:31:36)
Running from C:\Users\Lenovo\Downloads\FRST
Windows 10 Pro Version 1803 17134.706 (X64) (2018-05-26 07:41:06)
Boot Mode: Normal
==========================================================


==================== Accounts: =============================

Administrator (S-1-5-21-1925601759-1010797402-2804155008-500 - Administrator - Disabled)
DefaultAccount (S-1-5-21-1925601759-1010797402-2804155008-503 - Limited - Disabled)
Guest (S-1-5-21-1925601759-1010797402-2804155008-501 - Limited - Disabled)
HomeGroupUser$ (S-1-5-21-1925601759-1010797402-2804155008-1002 - Limited - Enabled)
Lenovo (S-1-5-21-1925601759-1010797402-2804155008-1000 - Administrator - Enabled) => C:\Users\Lenovo
WDAGUtilityAccount (S-1-5-21-1925601759-1010797402-2804155008-504 - Limited - Disabled)

==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AV: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AV: Malwarebytes (Enabled - Up to date) {23007AD3-69FE-687C-2629-D584AFFAF72B}
AV: 360 Total Security (Disabled - Up to date) {0371CA44-3F80-A1D3-BECE-910620B58D50}
AS: Malwarebytes (Enabled - Up to date) {98619B37-4FC4-67F2-1C99-EEF6D47DBD96}
AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: 360 Total Security (Disabled - Up to date) {B8102BA0-19BA-AE5D-847E-AA745B32C7ED}

==================== Installed Programs ======================

(Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

. . (HKLM\...\{3D383E25-72E7-4F09-AA1C-9ADE6A2EF42F}) (Version: 7.1 - Intel) Hidden
. . . (HKLM-x32\...\{0C9A6167-6560-4085-9C35-EDB1AE105328}) (Version: 3.2.0.9 - Intel) Hidden
360 Total Security (HKLM-x32\...\360TotalSecurity) (Version: 10.2.0.1180 - 360 Security Center)
3DP Chip Lite v17.11.1 (HKLM-x32\...\3DP Chip Lite) (Version: v17.11.1 - 3DP)
ACDSee Pro 3 (HKLM-x32\...\{1B280FAF-AE10-4E31-A41A-DB3917D651DC}) (Version: 3.0.355 - ACD Systems International Inc.)
Active Directory Authentication Library for SQL Server (HKLM\...\{32C0D7B2-1046-43AC-98AD-B748E1910916}) (Version: 13.0.1601.5 - Microsoft Corporation) Hidden
Active Directory Authentication Library for SQL Server (x86) (HKLM-x32\...\{F40FA676-46B1-4609-85EF-D2F1F79E0C0E}) (Version: 13.0.1601.5 - Microsoft Corporation) Hidden
AdLock (HKLM\...\{26D2159D-4BE2-43A4-9E68-F0594DF0295C}) (Version: 1.0.2.2 - Hankuper) Hidden
Adobe Flash Player 29 NPAPI (HKLM-x32\...\Adobe Flash Player NPAPI) (Version: 29.0.0.113 - Adobe Systems Incorporated)
Adobe Flash Player 29 PPAPI (HKLM-x32\...\Adobe Flash Player PPAPI) (Version: 29.0.0.113 - Adobe Systems Incorporated)
AMD Settings (HKLM\...\WUCCCApp) (Version: 2016.0628.2138.37120 - Advanced Micro Devices, Inc.)
AMD Software (HKLM\...\AMD Catalyst Install Manager) (Version: 18.2.1 - Advanced Micro Devices, Inc.)
Anathena (HKU\S-1-5-21-1925601759-1010797402-2804155008-1000\...\242cfcc8731b6ee3) (Version: 3.3.8.0 - Anathena)
Any Video Converter 6.2.5 (HKLM-x32\...\Any Video Converter) (Version: 6.2.5 - Anvsoft)
Apple Application Support (32-bit) (HKLM-x32\...\{D4C80B0C-CF67-43A7-90C3-466853543B54}) (Version: 6.3 - Apple Inc.)
Apple Application Support (64-bit) (HKLM\...\{B2A2E8AF-BC48-4191-B2C4-3846A19835CA}) (Version: 6.3 - Apple Inc.)
Apple Application Support (HKLM-x32\...\{46F044A5-CE8B-4196-984E-5BD6525E361D}) (Version: 2.3.6 - Apple Inc.)
Apple Mobile Device Support (HKLM\...\{AA7D90D2-2387-4FA5-A3AF-96811BE49BFD}) (Version: 11.0.5.14 - Apple Inc.)
Apple Software Update (HKLM-x32\...\{19589375-5C58-4AFA-842F-8B34744CCEAD}) (Version: 2.5.0.1 - Apple Inc.)
Apple Software Update (HKLM-x32\...\{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}) (Version: 2.1.3.127 - Apple Inc.)
ArcSoft WebCam Companion 3 (HKLM-x32\...\{34985F59-8F6F-46F4-9AD5-53E2714294D2}) (Version: 3.0.189 - ArcSoft)
AVG 2015 (HKLM\...\{6E4BAAF0-7F23-41E5-B16B-4727B6FC0C6F}) (Version: 15.0.6081 - AVG Technologies) Hidden
AVG Web TuneUp (HKLM-x32\...\AVG Web TuneUp) (Version: 4.3.6.255 - AVG Technologies)
Battle.net (HKLM-x32\...\Battle.net) (Version: - Blizzard Entertainment)
BattlePing (HKLM-x32\...\{DB480AC3-1578-B8DC-3F8F-786A2A4E3BC7}) (Version: 1.3.7.1 - BattlePing)
Bonjour (HKLM\...\{56DDDFB8-7F79-4480-89D5-25E1F52AB28F}) (Version: 3.1.0.1 - Apple Inc.)
Catalyst Control Center Next Localization BR (HKLM\...\{15EEB07A-3FB9-FA4C-8EFF-697728CB1E5C}) (Version: 2016.0628.2138.37120 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization CHS (HKLM\...\{A63E3031-0522-18C6-F18F-7EE80973315F}) (Version: 2016.0628.2138.37120 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization CHT (HKLM\...\{A2966D0F-43BB-116D-C9C7-49612FBFD0AE}) (Version: 2016.0628.2138.37120 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization CS (HKLM\...\{4C608ED2-535B-2119-3661-9E6F7DDB600F}) (Version: 2016.0628.2138.37120 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization DA (HKLM\...\{9005C809-497A-FD45-CB96-76A3338E35B9}) (Version: 2016.0628.2138.37120 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization DE (HKLM\...\{D84300A6-72F1-5771-B3B1-8FC71184AB38}) (Version: 2016.0628.2138.37120 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization EL (HKLM\...\{56D13277-FA9F-2842-682D-DD7298973585}) (Version: 2016.0628.2138.37120 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization ES (HKLM\...\{8D0C7788-D519-7B65-36F6-D0D21296F173}) (Version: 2016.0628.2138.37120 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization FI (HKLM\...\{930FD2C7-D026-197D-94E4-CB5917CE7420}) (Version: 2016.0628.2138.37120 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization FR (HKLM\...\{086D11E3-9CA4-DBEF-2B48-5A2EFFD53145}) (Version: 2016.0628.2138.37120 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization HU (HKLM\...\{D0C1EAB6-92F1-EE91-04C2-5947EE150593}) (Version: 2016.0628.2138.37120 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization IT (HKLM\...\{57EAA61A-CD02-DF34-0839-2549F57A334C}) (Version: 2016.0628.2138.37120 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization JA (HKLM\...\{AA477FD2-347B-1732-5D8C-AF35AF1B9703}) (Version: 2016.0628.2138.37120 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization KO (HKLM\...\{BBFC5953-2CB9-5932-1D47-52E4AA99737B}) (Version: 2016.0628.2138.37120 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization NL (HKLM\...\{01E7D692-D785-743F-5A55-F00162D26A1C}) (Version: 2016.0628.2138.37120 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization NO (HKLM\...\{5D8BA452-1264-7D13-E4EC-8236EC5B83FE}) (Version: 2016.0628.2138.37120 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization PL (HKLM\...\{F49BA906-83DA-3F5A-5B24-03C8DE2A3936}) (Version: 2016.0628.2138.37120 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization RU (HKLM\...\{5A466CAA-F071-D9EF-A799-EF63552DBE70}) (Version: 2016.0628.2138.37120 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization SV (HKLM\...\{D7DC4DDB-3E0D-6F79-4258-4A461654B689}) (Version: 2016.0628.2138.37120 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization TH (HKLM\...\{ACDFF800-6015-BEEC-8A27-7B1A80915273}) (Version: 2016.0628.2138.37120 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization TR (HKLM\...\{A28B1FC5-3947-9D39-7FE5-A3CB18E16358}) (Version: 2016.0628.2138.37120 - Advanced Micro Devices, Inc.) Hidden
CCleaner (HKLM\...\CCleaner) (Version: 5.41 - Piriform)
Cheat Engine 6.6 (HKLM-x32\...\Cheat Engine 6.6_is1) (Version: - Cheat Engine)
Cisco EAP-FAST Module (HKLM-x32\...\{64BF0187-F3D2-498B-99EA-163AF9AE6EC9}) (Version: 2.2.14 - Cisco Systems, Inc.)
Cisco LEAP Module (HKLM-x32\...\{AF312B06-5C5C-468E-89B3-BE6DE2645722}) (Version: 1.0.19 - Cisco Systems, Inc.)
Cisco PEAP Module (HKLM-x32\...\{0A4EF0E6-A912-4CDE-A7F3-6E56E7C13A2F}) (Version: 1.1.6 - Cisco Systems, Inc.)
Conexant HD Audio (HKLM\...\CNXT_AUDIO_HDA) (Version: 8.66.16.50 - Conexant)
CyberLink PowerDVD 11 (HKLM-x32\...\InstallShield_{F232C87C-6E92-4775-8210-DFE90B7777D9}) (Version: 11.0.1620.51 - CyberLink Corp.)
D3DX10 (HKLM-x32\...\{E09C4DB7-630C-4F06-A631-8EA7239923AF}) (Version: 15.4.2368.0902 - Microsoft) Hidden
DivX H.264 decoder 8.2.0.26 (HKLM-x32\...\divxh264_is1) (Version: 8.2.0.26 - )
DivX Setup (HKLM-x32\...\DivX Setup) (Version: 2.7.0.93 - DivX, LLC)
Dolby Digital Plus Advanced Audio (HKLM\...\{B0BFC63F-EA07-419E-960B-3FB2ED5DD0B2}) (Version: 7.6.5.1 - Dolby Laboratories Inc)
Dolby Digital Plus Home Theater (HKLM\...\{7E3D8FA1-6092-469A-955B-68FC4A2C67CA}) (Version: 7.6.5.1 - Dolby Laboratories Inc)
Driver Easy 5.6.1 (HKLM\...\DriverEasy_is1) (Version: 5.6.1 - Easeware)
Dropbox (HKLM-x32\...\Dropbox) (Version: 45.4.92 - Dropbox, Inc.)
Dropbox Update Helper (HKLM-x32\...\{099218A5-A723-43DC-8DB5-6173656A1E94}) (Version: 1.3.59.1 - Dropbox, Inc.) Hidden
Energy Management (HKLM-x32\...\{D0956C11-0F60-43FE-99AD-524E833471BB}) (Version: 7.0.3.9 - Lenovo) Hidden
Energy Management (HKLM-x32\...\InstallShield_{D0956C11-0F60-43FE-99AD-524E833471BB}) (Version: 7.0.3.9 - Lenovo)
eNexia version 749.0 (HKLM-x32\...\{8C3EC8A8-70A1-4298-BD7D-3CD7DAE20D64}_is1) (Version: 749.0 - eNexiaTK)
Free Download Manager (HKLM\...\{43781dff-e0df-49ce-a6d2-47da96a485e7}}_is1) (Version: - FreeDownloadManager.ORG)
Google Chrome (HKLM-x32\...\{8CAF1821-50A9-3971-88C2-371AACE003E1}) (Version: 73.0.3683.103 - Google LLC)
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 73.0.3683.103 - Google Inc.)
Google Update Helper (HKLM-x32\...\{60EC980A-BDA2-4CB6-A427-B07A5498B4CA}) (Version: 1.3.34.7 - Google LLC) Hidden
GRF Editor version 1.7.9 (HKLM-x32\...\GRF Editor_is1) (Version: 1.7.9 - )
Hearthstone (HKLM-x32\...\Hearthstone) (Version: - Blizzard Entertainment)
Hearthstone Deck Tracker (HKU\S-1-5-21-1925601759-1010797402-2804155008-1000\...\HearthstoneDeckTracker) (Version: 1.7.6 - HearthSim)
Hotspot Shield 7.6.4 (HKLM-x32\...\{AF599C42-A2E5-4251-B7EE-4925C187EDD1}) (Version: 7.6.4.10926 - AnchorFree Inc.) Hidden
Hotspot Shield 7.6.4 (HKLM-x32\...\{f0473374-de13-4075-b4ef-5847e91e1d6a}) (Version: 7.6.4.10926 - AnchorFree Inc.)
Hotspot Shield 7.6.4 (HKLM-x32\...\HotspotShield) (Version: 7.6.4 - AnchorFree Inc.) Hidden
HxD Hex Editor version 1.7.7.0 (HKLM-x32\...\HxD Hex Editor_is1) (Version: 1.7.7.0 - Maël Hörz)
IIS 10.0 Express (HKLM\...\{13FD7E30-D2F1-498D-ABC2-A4242DB6610E}) (Version: 10.0.1736 - Microsoft Corporation)
Intel(R) Chipset Device Software (HKLM-x32\...\{17408817-d415-4768-a160-ae6d46d6bdb0}) (Version: 10.1.1.44 - Intel(R) Corporation) Hidden
Intel(R) Computing Improvement Program (HKLM\...\{699E6891-25C3-443A-9B8E-80C74F0172C8}) (Version: 2.1.03413 - Intel Corporation)
Intel(R) Management Engine Components (HKLM-x32\...\{65153EA5-8B6E-43B6-857B-C6E4FC25798A}) (Version: 9.5.15.1730 - Intel Corporation)
Intel(R) Processor Graphics (HKLM-x32\...\{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}) (Version: 20.19.15.4531 - Intel Corporation)
Intel(R) Rapid Storage Technology (HKLM\...\{409CB30E-E457-4008-9B1A-ED1B9EA21140}) (Version: 12.9.0.1001 - Intel Corporation)
Intel(R) USB 3.0 eXtensible Host Controller Driver (HKLM-x32\...\{240C3DDD-C5E9-4029-9DF7-95650D040CF2}) (Version: 2.5.3.34 - Intel Corporation)
Intel® Driver & Support Assistant (HKLM-x32\...\{4d839fe1-a8d3-4edc-b0ca-844394309856}) (Version: 3.2.0.9 - Intel)
IObit Uninstaller 8 (HKLM-x32\...\IObitUninstall) (Version: 8.4.0.8 - IObit)
iTunes (HKLM\...\{1D7D1271-5258-4F5A-B8C1-7176BF398782}) (Version: 12.7.3.46 - Apple Inc.)
Java 8 Update 161 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F32180161F0}) (Version: 8.0.1610.12 - Oracle Corporation)
K-Lite Mega Codec Pack 14.0.5 (HKLM-x32\...\KLiteCodecPack_is1) (Version: 14.0.5 - KLCP)
Lenovo EasyCamera (HKLM-x32\...\{E399A5B3-ED53-4DEA-AF04-8011E1EB1EAC}) (Version: 6.3.9600.11105 - Realtek Semiconductor Corp.)
Logitech Gaming Software 8.57 (HKLM\...\Logitech Gaming Software) (Version: 8.57.145 - Logitech Inc.)
Magic Bullet Suite 64-bit (HKLM\...\{93488C33-D8D6-472A-83BB-F71603355CF0}) (Version: 11.1.0 - Red Giant Software) Hidden
Magic Bullet Suite 64-bit (HKLM-x32\...\InstallShield_{93488C33-D8D6-472A-83BB-F71603355CF0}) (Version: 11.1.0 - Red Giant Software)
Malwarebytes version 3.7.1.2839 (HKLM\...\{35065F43-4BB2-439A-BFF7-0F1014F2E0CD}_is1) (Version: 3.7.1.2839 - Malwarebytes)
McAfee True Key (HKLM\...\TrueKey) (Version: 5.2.167.1 - McAfee, LLC)
mHotspot version 7.8.8.0 (HKLM-x32\...\{beeb7906-9268-4520-8850-8d8af9b1c7c8}_is1) (Version: 7.8.8.0 - 1BN Software & IT Solutions Pvt. Ltd.)
Microsoft .NET Framework 4 Multi-Targeting Pack (HKLM-x32\...\{CFEF48A8-BFB8-3EAC-8BA5-DE4F8AA267CE}) (Version: 4.0.30319 - Microsoft Corporation)
Microsoft .NET Framework 4.5.1 Multi-Targeting Pack (ENU) (HKLM-x32\...\{D3517C62-68A5-37CF-92F7-93C029A89681}) (Version: 4.5.50932 - Microsoft Corporation)
Microsoft .NET Framework 4.5.1 Multi-Targeting Pack (HKLM-x32\...\{6A0C6700-EA93-372C-8871-DCCF13D160A4}) (Version: 4.5.50932 - Microsoft Corporation)
Microsoft .NET Framework 4.6.1 SDK (HKLM-x32\...\{2F0ECC80-B9E4-4485-8083-CD32F22ABD92}) (Version: 4.6.01055 - Microsoft Corporation)
Microsoft .NET Framework 4.6.1 SDK (日本語) (HKLM-x32\...\{9A330858-0CD6-4FB3-8C57-0F1BB58012B0}) (Version: 4.6.01055 - Microsoft Corporation)
Microsoft .NET Framework 4.6.1 Targeting Pack (ENU) (HKLM-x32\...\{8EEB28EE-5141-411C-9CF0-9952264FE4AF}) (Version: 4.6.01055 - Microsoft Corporation)
Microsoft .NET Framework 4.6.1 Targeting Pack (HKLM-x32\...\{8BC3EEC9-090F-4C53-A8DA-1BEC913040F9}) (Version: 4.6.01055 - Microsoft Corporation)
Microsoft .NET Framework 4.6.1 Targeting Pack (日本語) (HKLM-x32\...\{903C5477-BA28-4CFC-8BE4-62E3C328D4DD}) (Version: 4.6.01055 - Microsoft Corporation)
Microsoft Chart Controls for Microsoft .NET Framework 3.5 (HKLM-x32\...\{41785C66-90F2-40CE-8CB5-1C94BFC97280}) (Version: 3.5.0.0 - Microsoft Corporation)
Microsoft Help Viewer 1.1 (HKLM\...\Microsoft Help Viewer 1.1) (Version: 1.1.40219 - Microsoft Corporation)
Microsoft Help Viewer 2.2 (HKLM-x32\...\Microsoft Help Viewer 2.2) (Version: 2.2.25420 - Microsoft Corporation)
Microsoft Office 2007 Service Pack 3 (SP3) (HKLM-x32\...\{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{6E107EB7-8B55-48BF-ACCB-199F86A2CD93}) (Version: - Microsoft)
Microsoft Office Enterprise 2007 (HKLM-x32\...\ENTERPRISE) (Version: 12.0.6612.1000 - Microsoft Corporation)
Microsoft Office File Validation Add-In (HKLM-x32\...\{90140000-2005-0000-0000-0000000FF1CE}) (Version: 14.0.5130.5003 - Microsoft Corporation)
Microsoft OneDrive (HKU\S-1-5-21-1925601759-1010797402-2804155008-1000\...\OneDriveSetup.exe) (Version: 18.025.0204.0009 - Microsoft Corporation)
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.50918.0 - Microsoft Corporation)
Microsoft SQL Server 2005 Compact Edition [ENU] (HKLM-x32\...\{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}) (Version: 3.1.0000 - Microsoft Corporation)
Microsoft SQL Server 2008 (64-bit) (HKLM\...\Microsoft SQL Server 10 Release) (Version: - Microsoft Corporation)
Microsoft SQL Server 2008 Browser (HKLM-x32\...\{C688457E-03FD-4941-923B-A27F4D42A7DD}) (Version: 10.1.2531.0 - Microsoft Corporation)
Microsoft SQL Server 2008 Native Client (HKLM\...\{BBDE8A3D-64A2-43A6-95F3-C27B87DF7AC1}) (Version: 10.1.2531.0 - Microsoft Corporation)
Microsoft SQL Server 2008 Setup Support Files (HKLM\...\{B40EE88B-400A-4266-A17B-E3DE64E94431}) (Version: 10.1.2731.0 - Microsoft Corporation)
Microsoft SQL Server 2012 Command Line Utilities (HKLM\...\{9D573E71-1077-4C7E-B4DB-4E22A5D2B48B}) (Version: 11.0.2100.60 - Microsoft Corporation)
Microsoft SQL Server 2012 Native Client (HKLM\...\{49D665A2-4C2A-476E-9AB8-FCC425F526FC}) (Version: 11.0.2100.60 - Microsoft Corporation)
Microsoft SQL Server 2014 Management Objects (HKLM-x32\...\{2774595F-BC2A-4B12-A25B-0C37A37049B0}) (Version: 12.0.2000.8 - Microsoft Corporation)
Microsoft SQL Server 2014 Management Objects (x64) (HKLM\...\{1F9EB3B6-AED7-4AA7-B8F1-8E314B74B2A5}) (Version: 12.0.2000.8 - Microsoft Corporation)
Microsoft SQL Server 2014 Transact-SQL ScriptDom (HKLM\...\{020CDFE0-C127-4047-B571-37C82396B662}) (Version: 12.0.2000.8 - Microsoft Corporation)
Microsoft SQL Server 2014 T-SQL Language Service (HKLM-x32\...\{47D08E7A-92A1-489B-B0BF-415516497BCE}) (Version: 12.0.2000.8 - Microsoft Corporation)
Microsoft SQL Server 2016 LocalDB (HKLM\...\{E359515A-92E6-4FA3-A2C9-E1BA02D8DE6E}) (Version: 13.0.1601.5 - Microsoft Corporation)
Microsoft SQL Server 2016 Management Objects (HKLM-x32\...\{0F1C8E2F-199A-4946-B3BF-0906DACFD032}) (Version: 13.0.1601.5 - Microsoft Corporation)
Microsoft SQL Server 2016 Management Objects (x64) (HKLM\...\{20EA85AA-2A1D-4F11-B09F-4BA2BF3C8989}) (Version: 13.0.1601.5 - Microsoft Corporation)
Microsoft SQL Server 2016 T-SQL Language Service (HKLM-x32\...\{8BFDE775-C5B8-46DB-84EF-43FFC8A2E8AD}) (Version: 13.0.14500.10 - Microsoft Corporation)
Microsoft SQL Server 2016 T-SQL ScriptDom (HKLM\...\{D091DE8C-EA0F-49AF-8DE3-BD6C79737C6E}) (Version: 13.0.1601.5 - Microsoft Corporation)
Microsoft SQL Server Compact 3.5 SP2 ENU (HKLM-x32\...\{3A9FC03D-C685-4831-94CF-4EDFD3749497}) (Version: 3.5.8080.0 - Microsoft Corporation)
Microsoft SQL Server Compact 3.5 SP2 x64 ENU (HKLM\...\{D4AD39AD-091E-4D33-BB2B-59F6FCB8ADC3}) (Version: 3.5.8080.0 - Microsoft Corporation)
Microsoft SQL Server Compact 4.0 SP1 x64 ENU (HKLM\...\{78909610-D229-459C-A936-25D92283D3FD}) (Version: 4.0.8876.1 - Microsoft Corporation)
Microsoft SQL Server Data Tools - enu (14.0.60519.0) (HKLM-x32\...\{4E27B0EF-7BAB-432A-AF3D-3FC8F3F7353F}) (Version: 14.0.60519.0 - Microsoft Corporation)
Microsoft SQL Server VSS Writer (HKLM\...\{0826F9E4-787E-481D-83E0-BC6A57B056D5}) (Version: 10.1.2531.0 - Microsoft Corporation)
Microsoft Sync Framework 2.1 Core Components (x86) ENU (HKLM-x32\...\{7AC8EF88-D996-4D47-B40C-4DD93E307481}) (Version: 2.1.1648.0 - Microsoft Corporation)
Microsoft Sync Framework 2.1 Database Providers (x86) ENU (HKLM-x32\...\{296E293F-C481-4DDE-9ED2-3F79FCF38731}) (Version: 3.1.1648.0 - Microsoft Corporation)
Microsoft System CLR Types for SQL Server 2014 (HKLM\...\{FC3BB979-AA54-4B60-BBA3-2C4DA6E08D80}) (Version: 12.0.2402.29 - Microsoft Corporation)
Microsoft System CLR Types for SQL Server 2014 (HKLM-x32\...\{091CE6AA-2753-4F6E-AD1C-0E875744EB54}) (Version: 12.0.2402.29 - Microsoft Corporation)
Microsoft System CLR Types for SQL Server 2016 (HKLM\...\{96EB5054-C775-4BEF-B7B9-AA96A295EDCD}) (Version: 13.0.1601.5 - Microsoft Corporation)
Microsoft System CLR Types for SQL Server 2016 (HKLM-x32\...\{84C23ECA-FE4D-494F-9247-3EBAD57E7F0C}) (Version: 13.0.1601.5 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022 (HKLM-x32\...\{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}) (Version: 9.0.21022 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010 x64 Runtime - 10.0.40219 (HKLM\...\{1C7C8AAF-A16D-32E8-89E5-F6D165DE0BCE}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010 x86 Runtime - 10.0.40219 (HKLM-x32\...\{5D9ED403-94DE-3BA0-B1D6-71F4BDA412E6}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.61030 (HKLM-x32\...\{ca67548a-5ebe-413a-b50c-4b9ceb6d66c6}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.61030 (HKLM-x32\...\{33d1fd90-4274-48a1-9bc1-97e33d9c2d6f}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x64) - 12.0.30501 (HKLM-x32\...\{050d4fc8-5d48-4b8f-8972-47c82c46020f}) (Version: 12.0.30501.0 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.30501 (HKLM-x32\...\{f65db027-aff3-4070-886a-0d87064aabb1}) (Version: 12.0.30501.0 - Microsoft Corporation)
Microsoft Visual C++ 2017 Redistributable (x64) - 14.10.25008 (HKLM-x32\...\{f1e7e313-06df-4c56-96a9-99fdfd149c51}) (Version: 14.10.25008.0 - Microsoft Corporation)
Microsoft Visual C++ 2017 Redistributable (x86) - 14.10.25008 (HKLM-x32\...\{c239cea1-d49e-4e16-8e87-8c055765f7ec}) (Version: 14.10.25008.0 - Microsoft Corporation)
Microsoft Visual Studio 2010 Express Prerequisites x64 - ENU (HKLM\...\{BCA26999-EC22-3007-BB79-638913079C9A}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual Studio 2010 Service Pack 1 (HKLM-x32\...\Microsoft Visual Studio 2010 Service Pack 1) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual Studio 2010 Tools for Office Runtime (x64) (HKLM\...\Microsoft Visual Studio 2010 Tools for Office Runtime (x64)) (Version: 10.0.50903 - Microsoft Corporation)
Microsoft Web Deploy 3.6 (HKLM\...\{94E1227C-08A9-4962-B388-1F05D89AEA75}) (Version: 3.1238.1962 - Microsoft Corporation)
Modem AC2726 UI (HKLM\...\ZTEWireless-101_is1) (Version: - )
MornaTK Installer (HKLM-x32\...\{BCD1C4AD-EB1A-40DF-A838-2AF8C45B5942}) (Version: 1.0 - MornaTales)
Movavi Video Converter 18 Premium (HKLM-x32\...\Movavi Video Converter 18 Premium) (Version: 18.3.0 - Movavi)
Movie Maker (HKLM-x32\...\{38F03569-A636-4CF3-BDDE-032C8C251304}) (Version: 16.4.3528.0331 - Microsoft Corporation) Hidden
Movie Maker (HKLM-x32\...\{DD67BE4B-7E62-4215-AFA3-F123A800A389}) (Version: 16.4.3528.0331 - Microsoft Corporation) Hidden
Mozilla Firefox 66.0.3 (x86 en-US) (HKLM-x32\...\Mozilla Firefox 66.0.3 (x86 en-US)) (Version: 66.0.3 - Mozilla)
Mozilla Maintenance Service (HKLM\...\MozillaMaintenanceService) (Version: 66.0.3 - Mozilla)
Mumble 1.2.19 (HKLM-x32\...\{F62A874F-2354-49B1-87BE-CAAD7C8FA084}) (Version: 1.2.19 - Thorvald Natvig)
MYOB AccountRight Plus v19.12.0 ED (HKLM-x32\...\{27D4F4A7-5A34-4657-9E78-D6B1E87C8A90}) (Version: 19.12.0 - MYOB Technology Pty Ltd) Hidden
MYOB AccountRight Plus v19.12.0 ED (HKLM-x32\...\InstallShield_{27D4F4A7-5A34-4657-9E78-D6B1E87C8A90}) (Version: 19.12.0 - MYOB Technology Pty Ltd)
MYOB ODBC Direct v10 AUS (HKLM-x32\...\{55D5A77E-FAAA-4358-B3E5-6565E024F78B}) (Version: 10.1.0 - MYOB Technology Pty Ltd) Hidden
MYOB ODBC Direct v10 AUS (HKLM-x32\...\InstallShield_{55D5A77E-FAAA-4358-B3E5-6565E024F78B}) (Version: 10.1.0 - MYOB Technology Pty Ltd)
MySQL Installer - Community (HKLM-x32\...\{4553E209-560C-451E-9DE9-E6B812D32B8C}) (Version: 1.4.8.0 - Oracle Corporation)
MySQL Server 5.0 (HKLM-x32\...\{2FEB25F8-C3CB-49A2-AE79-DE17FFAFB5D9}) (Version: 5.0.45 - MySQL AB)
MySQL Tools for 5.0 (HKLM-x32\...\{EC561602-C0B9-4FAA-A175-1B3273639AC3}) (Version: 5.0.12 - MySQL AB)
Notepad++ (32-bit x86) (HKLM-x32\...\Notepad++) (Version: 7.5.6 - Notepad++ Team)
NovaRO (HKLM-x32\...\NovaRO_is1) (Version: 6.0.0 - NovaRO)
Nox APP Player (HKLM-x32\...\Nox) (Version: 6.0.1.1 - Duodian Technology Co. Ltd.)
OBS Studio (HKLM-x32\...\OBS Studio) (Version: 21.1.2 - OBS Project)
OEM Application Profile (HKLM-x32\...\{70D5F822-F4C4-33D9-7EEC-2A4AF4EA7BDC}) (Version: 1.00.0000 - Advanced Micro Devices, Inc.) Hidden
Opera Stable 58.0.3135.127 (HKU\S-1-5-21-1925601759-1010797402-2804155008-1000\...\Opera 58.0.3135.127) (Version: 58.0.3135.127 - Opera Software)
Pingzapper version 2.1.2 (HKLM-x32\...\{7FD61982-5436-439B-B5D0-36F0536FF8BF}_is1) (Version: 2.1.2 - Pingzapper)
PlayNexia II (HKLM-x32\...\PlayNexia II) (Version: - )
PlaysTV (HKLM-x32\...\PlaysTV) (Version: 1.13.1-r115223-release - Plays.tv, LLC)
Pokémon World Online Uninstaller (HKLM-x32\...\{6B67E1A1-1D62-4BDC-8C60-07FDF25CA975}_is1) (Version: 1.97 - PWO Team)
Prerequisites for SSDT (HKLM-x32\...\{21373064-AD95-48DB-A32E-0D9E08EF7355}) (Version: 12.0.2000.8 - Microsoft Corporation)
Prerequisites for SSDT (HKLM-x32\...\{B7E94916-7AE6-4F7F-A377-7A410A42BA19}) (Version: 13.0.1601.5 - Microsoft Corporation)
PX Profile Update (HKLM-x32\...\{230C6C56-D930-2D7A-CF62-9BE26FAEE260}) (Version: 1.00.1. - AMD) Hidden
QuickTime 7 (HKLM-x32\...\{80CEEB1E-0A6C-45B9-A312-37A1D25FDEBC}) (Version: 7.78.80.95 - Apple Inc.)
Ragnarok Online (HKLM-x32\...\{181579B5-0028-4E01-AC27-97ED80352279}) (Version: 14.2.5 - Gravity Interactive, Inc.)
Raptr (HKLM-x32\...\Raptr) (Version: 5.1.1-r111306-release - Raptr, Inc)
Razer Game Booster (HKLM-x32\...\Razer Game Booster_is1) (Version: 4.1.59.0 - Razer Inc.)
Realtek Card Reader (HKLM-x32\...\{5BC2B5AB-80DE-4E83-B8CF-426902051D0A}) (Version: 6.2.9200.39052 - Realtek Semiconductor Corp.)
Realtek Ethernet Controller Driver (HKLM-x32\...\{8833FFB6-5B0C-4764-81AA-06DFEED9A476}) (Version: 7.75.827.2013 - Realtek)
Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.8186 - Realtek Semiconductor Corp.)
REALTEK Wireless LAN Driver (HKLM-x32\...\{9DAABC60-A5EF-41FF-B2B9-17329590CD5}) (Version: 1.30.0239 - REALTEK Semiconductor Corp.)
Roslyn Language Services - x86 (HKLM-x32\...\{6970C7E1-F99D-388D-8903-DF8FCE677FED}) (Version: 14.0.25431 - Microsoft Corporation) Hidden
Safari (HKLM-x32\...\{A08BAD08-9AA3-410F-98F3-C92C8EE37218}) (Version: 5.34.54.16 - Apple Inc.)
Service Pack 1 for SQL Server 2008 (KB968369) (64-bit) (HKLM\...\KB968369) (Version: 10.1.2531.0 - Microsoft Corporation)
Skype™ 7.26 (HKLM-x32\...\{FC965A47-4839-40CA-B618-18F486F042C6}) (Version: 7.26.101 - Skype Technologies S.A.)
Speccy (HKLM\...\Speccy) (Version: 1.31 - Piriform)
Spotify (HKU\S-1-5-21-1925601759-1010797402-2804155008-1000\...\Spotify) (Version: 1.0.70.388.g8e1ed5af - Spotify AB)
Sql Server Customer Experience Improvement Program (HKLM\...\{2F14965D-567B-4E59-ADEB-0A2CC1E3ADDF}) (Version: 10.1.2531.0 - Microsoft Corporation) Hidden
Team Explorer for Microsoft Visual Studio 2015 Update 3.1 (HKLM-x32\...\{7A95671A-759E-3B83-B763-4289D1D24D73}) (Version: 14.102.25619 - Microsoft) Hidden
TeamSpeak 3 Client (HKU\S-1-5-21-1925601759-1010797402-2804155008-1000\...\TeamSpeak 3 Client) (Version: 3.0.16 - TeamSpeak Systems GmbH)
TeamViewer 14 (HKLM-x32\...\TeamViewer) (Version: 14.2.8352 - TeamViewer)
TypeScript Tools for Microsoft Visual Studio 2015 (HKLM-x32\...\{BA5762C7-D35F-4725-A4BD-525854127018}) (Version: 1.8.36.0 - Microsoft Corporation) Hidden
Update for 2007 Microsoft Office System (KB967642) (HKLM-x32\...\{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{C444285D-5E4F-48A4-91DD-47AAAA68E92D}) (Version: - Microsoft)
Update for Windows 10 for x64-based Systems (KB4023057) (HKLM\...\{B2E25355-C24E-4E7D-8AD3-455D59810838}) (Version: 2.57.0.0 - Microsoft Corporation)
VC80CRTRedist - 8.0.50727.6195 (HKLM-x32\...\{933B4015-4618-4716-A828-5289FC03165F}) (Version: 1.2.0 - DivX, Inc) Hidden
Vegas Pro 12.0 (64-bit) (HKLM\...\{BD422D00-5232-11E3-A6F3-F04DA23A5C58}) (Version: 12.0.770 - Sony)
Vegas Pro 13.0 (64-bit) (HKLM-x32\...\Vegas Pro 13.0 (64-bit)) (Version: 13.0 (64-bit) - Exµs ™)
Visual Studio 2012 x64 Redistributables (HKLM\...\{8C775E70-A791-4DA8-BCC3-6AB7136F4484}) (Version: 14.0.0.1 - AVG Technologies)
Visual Studio 2012 x86 Redistributables (HKLM-x32\...\{98EFF19A-30AB-4E4B-B943-F06B1C63EBF8}) (Version: 14.0.0.1 - AVG Technologies CZ, s.r.o.)
VLC media player (HKLM-x32\...\VLC media player) (Version: 3.0.1 - VideoLAN)
Vulkan Run Time Libraries 1.0.26.0 (HKLM\...\VulkanRT1.0.26.0) (Version: 1.0.26.0 - LunarG, Inc.)
Vulkan Run Time Libraries 1.0.65.0 (HKLM\...\VulkanRT1.0.65.0) (Version: 1.0.65.0 - LunarG, Inc.) Hidden
Winamp (HKLM-x32\...\Winamp) (Version: 5.666 - Nullsoft, Inc)
Windows Driver Package - Lenovo (ACPIVPC) System (12/15/2011 7.1.0.1) (HKLM\...\99841829BE839365AA67B2AD0E50D371F59F8A1E) (Version: 12/15/2011 7.1.0.1 - Lenovo)
Windows Live Essentials (HKLM-x32\...\WinLiveSuite) (Version: 16.4.3528.0331 - Microsoft Corporation)
WinPcap 4.1.3 (HKLM-x32\...\WinPcapInst) (Version: 4.1.0.2980 - Riverbed Technology, Inc.)
WinRAR 5.70 (64-bit) (HKLM\...\WinRAR archiver) (Version: 5.70.0 - win.rar GmbH)
Wondershare Filmora(Build 8.7.0) (HKLM\...\Wondershare Filmora_is1) (Version: - Wondershare Software)
Wondershare Helper Compact 2.6.0 (HKLM-x32\...\{5363CE84-5F09-48A1-8B6C-6BB590FFEDF2}_is1) (Version: 2.6.0 - Wondershare)
Wondershare PDFelement 6 Pro(Build 6.8.6) (HKLM-x32\...\{B026557A-EF19-4812-8A79-B30F94AA0A78}_is1) (Version: 6.8.6.4121 - Wondershare Software Co.,Ltd.)
Wondershare Video Converter Ultimate(Build 10.3.0.178) (HKLM-x32\...\Video Converter Ultimate_is1) (Version: 10.3.0.178 - Wondershare Software)
World of Warcraft (HKLM-x32\...\World of Warcraft) (Version: - Blizzard Entertainment)
XAMPP (HKLM-x32\...\xampp) (Version: 7.1.1-0 - Bitnami)
Zoom (HKU\S-1-5-21-1925601759-1010797402-2804155008-1000\...\ZoomUMX) (Version: 4.1 - Zoom Video Communications, Inc.)

==================== Custom CLSID (Whitelisted): ==========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

CustomCLSID: HKU\S-1-5-21-1925601759-1010797402-2804155008-1000_Classes\CLSID\{00020420-0000-0000-C000-000000000046}\InprocServer32 -> C:\WINDOWS\system32\oleaut32.dll (Microsoft Windows -> Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-1925601759-1010797402-2804155008-1000_Classes\CLSID\{00020424-0000-0000-C000-000000000046}\InprocServer32 -> C:\WINDOWS\system32\oleaut32.dll (Microsoft Windows -> Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-1925601759-1010797402-2804155008-1000_Classes\CLSID\{E31EA727-12ED-4702-820C-4B6445F28E1A} -> [Dropbox] => C:\Users\Lenovo\Dropbox [2015-07-07 16:17]
CustomCLSID: HKU\S-1-5-21-1925601759-1010797402-2804155008-1000_Classes\CLSID\{f1d8036a-7f48-43e4-8045-dbcb4e742507}\InprocServer32 -> C:\WINDOWS\system32\dfshim.dll (Microsoft Windows -> Microsoft Corporation)
ShellExecuteHooks-x32: Groove GFS Stub Execution Hook - {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\Program Files (x86)\Microsoft Office\Office12\GrooveShellExtensions.dll [2217832 2009-02-26] (Microsoft Corporation -> Microsoft Corporation)
ShellIconOverlayIdentifiers: [ DropboxExt01] -> {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.19.0.dll [2018-03-15] (Dropbox, Inc -> Dropbox, Inc.)
ShellIconOverlayIdentifiers: [ DropboxExt02] -> {FB314EDF-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.19.0.dll [2018-03-15] (Dropbox, Inc -> Dropbox, Inc.)
ShellIconOverlayIdentifiers: [ DropboxExt03] -> {FB314EE1-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.19.0.dll [2018-03-15] (Dropbox, Inc -> Dropbox, Inc.)
ShellIconOverlayIdentifiers: [ DropboxExt04] -> {FB314EDB-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.19.0.dll [2018-03-15] (Dropbox, Inc -> Dropbox, Inc.)
ShellIconOverlayIdentifiers: [ DropboxExt05] -> {FB314EDA-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.19.0.dll [2018-03-15] (Dropbox, Inc -> Dropbox, Inc.)
ShellIconOverlayIdentifiers: [ DropboxExt06] -> {FB314EDC-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.19.0.dll [2018-03-15] (Dropbox, Inc -> Dropbox, Inc.)
ShellIconOverlayIdentifiers: [ DropboxExt07] -> {FB314EDD-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.19.0.dll [2018-03-15] (Dropbox, Inc -> Dropbox, Inc.)
ShellIconOverlayIdentifiers: [ DropboxExt08] -> {FB314EE0-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.19.0.dll [2018-03-15] (Dropbox, Inc -> Dropbox, Inc.)
ShellIconOverlayIdentifiers: [ DropboxExt09] -> {FB314EE2-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.19.0.dll [2018-03-15] (Dropbox, Inc -> Dropbox, Inc.)
ShellIconOverlayIdentifiers: [ DropboxExt10] -> {FB314EDE-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.19.0.dll [2018-03-15] (Dropbox, Inc -> Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [ DropboxExt01] -> {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.19.0.dll [2018-03-15] (Dropbox, Inc -> Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [ DropboxExt02] -> {FB314EDF-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.19.0.dll [2018-03-15] (Dropbox, Inc -> Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [ DropboxExt03] -> {FB314EE1-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.19.0.dll [2018-03-15] (Dropbox, Inc -> Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [ DropboxExt04] -> {FB314EDB-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.19.0.dll [2018-03-15] (Dropbox, Inc -> Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [ DropboxExt05] -> {FB314EDA-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.19.0.dll [2018-03-15] (Dropbox, Inc -> Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [ DropboxExt06] -> {FB314EDC-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.19.0.dll [2018-03-15] (Dropbox, Inc -> Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [ DropboxExt07] -> {FB314EDD-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.19.0.dll [2018-03-15] (Dropbox, Inc -> Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [ DropboxExt08] -> {FB314EE0-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.19.0.dll [2018-03-15] (Dropbox, Inc -> Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [ DropboxExt09] -> {FB314EE2-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.19.0.dll [2018-03-15] (Dropbox, Inc -> Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [ DropboxExt10] -> {FB314EDE-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.19.0.dll [2018-03-15] (Dropbox, Inc -> Dropbox, Inc.)
ContextMenuHandlers1: [ANotepad++64] -> {B298D29A-A6ED-11DE-BA8C-A68E55D89593} => C:\Program Files (x86)\Notepad++\NppShell_06.dll [2018-03-19] (Notepad++ -> )
ContextMenuHandlers1: [DropboxExt] -> {ECD97DE5-3C8F-4ACB-AEEE-CCAB78F7711C} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.19.0.dll [2018-03-15] (Dropbox, Inc -> Dropbox, Inc.)
ContextMenuHandlers1: [IObitUnstaler] -> {836AB26C-2DE4-41D3-AC24-4C6C2699B960} => C:\Program Files (x86)\IObit\IObit Uninstaller\IUMenuRight.dll [2018-07-21] (IObit Information Technology -> IObit)
ContextMenuHandlers1: [SD360] -> {086F171D-5ED1-4ED2-B736-CFF3AD6A128E} => C:\Program Files (x86)\360\Total Security\MenuEx64.dll [2018-09-28] (QIHU 360 SOFTWARE CO. LIMITED -> )
ContextMenuHandlers1: [WinRAR] -> {B41DB860-64E4-11D2-9906-E49FADC173CA} => D:\Program Files\WinRAR\rarext.dll [2019-02-25] (win.rar GmbH -> Alexander Roshal)
ContextMenuHandlers1-x32: [WinRAR32] -> {B41DB860-8EE4-11D2-9906-E49FADC173CA} => D:\Program Files\WinRAR\rarext32.dll [2019-02-25] (win.rar GmbH -> Alexander Roshal)
ContextMenuHandlers3: [MBAMShlExt] -> {57CE581A-0CB6-4266-9CA0-19364C90A0B3} => C:\Program Files\Malwarebytes\Anti-Malware\mbshlext.dll [2019-02-01] (Malwarebytes Corporation -> Malwarebytes)
ContextMenuHandlers4: [DropboxExt] -> {ECD97DE5-3C8F-4ACB-AEEE-CCAB78F7711C} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.19.0.dll [2018-03-15] (Dropbox, Inc -> Dropbox, Inc.)
ContextMenuHandlers4: [IObitUnstaler] -> {836AB26C-2DE4-41D3-AC24-4C6C2699B960} => C:\Program Files (x86)\IObit\IObit Uninstaller\IUMenuRight.dll [2018-07-21] (IObit Information Technology -> IObit)
ContextMenuHandlers4: [SD360] -> {086F171D-5ED1-4ED2-B736-CFF3AD6A128E} => C:\Program Files (x86)\360\Total Security\MenuEx64.dll [2018-09-28] (QIHU 360 SOFTWARE CO. LIMITED -> )
ContextMenuHandlers5: [ACE] -> {5E2121EE-0300-11D4-8D3B-444553540000} => C:\Program Files\AMD\CNext\CNext\atiacm64.dll [2016-06-28] (Advanced Micro Devices, Inc. -> Advanced Micro Devices, Inc.)
ContextMenuHandlers5: [DropboxExt] -> {ECD97DE5-3C8F-4ACB-AEEE-CCAB78F7711C} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.19.0.dll [2018-03-15] (Dropbox, Inc -> Dropbox, Inc.)
ContextMenuHandlers5: [igfxDTCM] -> {9B5F5829-A529-4B12-814A-E81BCB8D93FC} => C:\WINDOWS\system32\igfxDTCM.dll [2017-06-12] (Microsoft Windows Hardware Compatibility Publisher -> Intel Corporation)
ContextMenuHandlers6: [IObitUnstaler] -> {836AB26C-2DE4-41D3-AC24-4C6C2699B960} => C:\Program Files (x86)\IObit\IObit Uninstaller\IUMenuRight.dll [2018-07-21] (IObit Information Technology -> IObit)
ContextMenuHandlers6: [MBAMShlExt] -> {57CE581A-0CB6-4266-9CA0-19364C90A0B3} => C:\Program Files\Malwarebytes\Anti-Malware\mbshlext.dll [2019-02-01] (Malwarebytes Corporation -> Malwarebytes)
ContextMenuHandlers6: [SD360] -> {086F171D-5ED1-4ED2-B736-CFF3AD6A128E} => C:\Program Files (x86)\360\Total Security\MenuEx64.dll [2018-09-28] (QIHU 360 SOFTWARE CO. LIMITED -> )
ContextMenuHandlers6: [WinRAR] -> {B41DB860-64E4-11D2-9906-E49FADC173CA} => D:\Program Files\WinRAR\rarext.dll [2019-02-25] (win.rar GmbH -> Alexander Roshal)
ContextMenuHandlers6-x32: [WinRAR32] -> {B41DB860-8EE4-11D2-9906-E49FADC173CA} => D:\Program Files\WinRAR\rarext32.dll [2019-02-25] (win.rar GmbH -> Alexander Roshal)

==================== Scheduled Tasks (Whitelisted) =============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

Task: {012A6F59-87D6-44E0-A91E-4191C44105EE} - System32\Tasks\Microsoft\Windows\Media Center\PvrRecoveryTask => C:\WINDOWS\ehome\mcupdate.exe
Task: {02E9EE88-8B2A-45A8-B237-293AF930C0D8} - System32\Tasks\CCleanerSkipUAC => C:\Program Files\CCleaner\CCleaner.exe (Piriform Ltd -> Piriform Ltd)
Task: {06B7B6A5-89CC-4D81-B982-3F531F29F6A9} - System32\Tasks\Avast Emergency Update => C:\Program Files\AVAST Software\Avast\AvEmUpdate.exe (AVAST Software s.r.o. -> AVAST Software)
Task: {07375CF8-C1FF-492B-8278-0396D0245D6F} - System32\Tasks\DropboxUpdateTaskMachineCore1d1719f65cee02e => C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe (Dropbox, Inc -> Dropbox, Inc.)
Task: {0F9B47A5-A3A5-4CC4-9CF4-6FCF47A1FB9F} - System32\Tasks\Microsoft\Windows\Media Center\ActivateWindowsSearch => C:\WINDOWS\ehome\ehPrivJob.exe
Task: {115F90B7-1231-4FF1-AB5B-92FEF3694B20} - System32\Tasks\Driver Easy Scheduled Scan => C:\Program Files\Easeware\DriverEasy\DriverEasy.exe (Easeware Technology Limited -> Easeware)
Task: {159448A5-F558-4572-8A16-6E303989186A} - System32\Tasks\Microsoft\Windows\Media Center\OCURActivate => C:\WINDOWS\ehome\ehPrivJob.exe
Task: {19946D02-33AE-4E60-81DF-5092DEB8F277} - System32\Tasks\Microsoft\VisualStudio\VSIX Auto Update 14 => D:\Program Files (x86)\Microsoft Visual Studio 14.0\Common7\IDE\VSIXAutoUpdate.exe
Task: {1AE784A5-A8C1-469D-ACDC-69A2BD7FEE8A} - System32\Tasks\DropboxUpdateTaskMachineUA1d1719f66008e5b => C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe (Dropbox, Inc -> Dropbox, Inc.)
Task: {1DA9B645-13DA-4059-A3CB-D56C3971092C} - System32\Tasks\Microsoft\Windows\Media Center\ObjectStoreRecoveryTask => C:\WINDOWS\ehome\mcupdate.exe
Task: {21BE9597-704B-4669-B98E-367AC00D234B} - System32\Tasks\Microsoft\Windows\Media Center\PBDADiscoveryW1 => C:\WINDOWS\ehome\ehPrivJob.exe
Task: {24672617-0A93-4BB5-8559-4012CEDFDF08} - System32\Tasks\{61E32EBD-8E77-4D1B-9D4E-DFB440A9AB05} => C:\Windows\system32\pcalua.exe -a "D:\game\Gravity\openkore\Ragnarok Online\Setup.exe" -d "D:\game\Gravity\openkore\Ragnarok Online"
Task: {25C72C5E-A5A2-4F4B-BD37-3E4477093B5A} - System32\Tasks\Microsoft\Windows\Media Center\SqlLiteRecoveryTask => C:\WINDOWS\ehome\mcupdate.exe
Task: {297450E0-6ABB-427D-BB1C-BB2872268E11} - System32\Tasks\Microsoft\Windows\Media Center\MediaCenterRecoveryTask => C:\WINDOWS\ehome\mcupdate.exe
Task: {31709D69-4FCE-4D4D-821C-94E1E6D6B831} - System32\Tasks\Microsoft\Windows\Media Center\DispatchRecoveryTasks => C:\WINDOWS\ehome\ehPrivJob.exe
Task: {36512371-A906-4CBA-8D6E-CCCA8F25E12E} - System32\Tasks\IntelSURQC-Upgrade-86621605-2a0b-4128-8ffc-15514c247132-Logon => C:\Program Files\Intel\SUR\QUEENCREEK\Updater\bin\IntelSoftwareAssetManagerService.exe (Intel(R) Software Asset Manager -> Intel Corporation)
Task: {3BB917BA-28B7-4433-B3E7-7EFBADC9BF05} - System32\Tasks\Avast Software\Overseer => C:\Program Files\Common Files\AVAST Software\Overseer\overseer.exe (AVAST Software s.r.o. -> AVAST Software)
Task: {3BB99F43-80C7-4010-9269-058CFC43E873} - System32\Tasks\Microsoft\Windows\Media Center\OCURDiscovery => C:\WINDOWS\ehome\ehPrivJob.exe
Task: {3C199C18-45CD-429D-B193-E25CBD0D0253} - System32\Tasks\Microsoft\Windows\Media Center\mcupdate_scheduled => C:\WINDOWS\ehome\mcupdate.exe
Task: {4D4F0449-FE30-4BDD-871D-BC436EDB0421} - System32\Tasks\Microsoft\Windows\Media Center\ConfigureInternetTimeService => C:\WINDOWS\ehome\ehPrivJob.exe
Task: {508A340E-5F91-492E-ABB0-B98532F80480} - System32\Tasks\USER_ESRV_SVC_QUEENCREEK => "C:\WINDOWS\System32\Wscript.exe" //B //NoLogo "C:\Program Files\Intel\SUR\QUEENCREEK\task.vbs"
Task: {522525D9-3E35-4CED-9B07-86DCF48846B4} - System32\Tasks\S-1-5-21-1925601759-1010797402-2804155008-1000\DataSenseLiveTileTask => C:\WINDOWS\System32\DataUsageLiveTileTask.exe (Microsoft Windows -> Microsoft Corporation)
Task: {547C6C01-5708-4D14-AA13-ACA0C447A4A6} - System32\Tasks\StartCN => C:\Program Files\AMD\CNext\CNext\cncmd.exe (Advanced Micro Devices, Inc. -> Advanced Micro Devices, Inc.)
Task: {57DFC5D9-A460-4BFF-B8E3-7B32AFB8CF85} - System32\Tasks\CommView for WiFi Update => C:\Program Files (x86)\CommViewWiFi\Updater.exe
Task: {5A1FB4EE-EE0E-4270-9E75-684F0AF09C07} - System32\Tasks\Microsoft\Windows\Media Center\ehDRMInit => C:\WINDOWS\ehome\ehPrivJob.exe
Task: {621144B0-DE22-4BA5-8091-E7C4827BEF4F} - System32\Tasks\Microsoft\Windows\Media Center\RecordingRestart => C:\WINDOWS\ehome\ehrec.exe
Task: {67DA1BE8-90A4-4CF2-A274-8747F431E302} - System32\Tasks\Microsoft\Windows\Media Center\RegisterSearch => C:\WINDOWS\ehome\ehPrivJob.exe
Task: {789B54F6-B496-4419-97FF-B9199F07696D} - System32\Tasks\Apple\AppleSoftwareUpdate => C:\Program Files (x86)\Apple Software Update\SoftwareUpdate.exe (Apple Inc. -> Apple Inc.)
Task: {807DE444-D371-423B-899D-8236EA7A416B} - System32\Tasks\Uninstaller_SkipUac_Lenovo => C:\Program Files (x86)\IObit\IObit Uninstaller\IObitUninstaler.exe (IObit Information Technology -> IObit)
Task: {909165E7-58B7-40A8-BAD4-06369AE44715} - System32\Tasks\Microsoft\Windows\Flighting\FeatureConfig\ReconcileFeatures
Task: {9C7FF83C-4028-4C31-9DA7-4814BF4DD82A} - System32\Tasks\Microsoft\Windows\Media Center\ReindexSearchRoot => C:\WINDOWS\ehome\ehPrivJob.exe
Task: {9EA7EA19-87D5-4A05-90A2-77FAC5CAFED8} - System32\Tasks\CCleaner Update => C:\Program Files\CCleaner\CCUpdate.exe (Piriform Ltd -> Piriform Ltd)
Task: {A1E768A1-C621-44E3-9D8D-0B31A7AA6480} - System32\Tasks\Intel\Intel Telemetry 2 => C:\Program Files\Intel\Telemetry 2.0\lrio.exe (Intel(R) Software -> Intel Corporation)
Task: {A2BC51F7-A5A5-4583-BCFC-07D102EFC8B5} - System32\Tasks\McAfee Remediation (Prepare) => C:\Program Files\Common Files\AV\McAfee VirusScan\upgrade.exe (McAfee, Inc. -> McAfee, Inc.)
Task: {A3F7EA55-63E8-472B-BD18-E4C82C33D682} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe (Adobe Systems Incorporated -> Adobe Systems Incorporated)
Task: {A65C2727-BF46-4882-A619-716BB2E10EE3} - System32\Tasks\Microsoft\Windows\Media Center\PeriodicScanRetry => C:\WINDOWS\ehome\MCUpdate.exe
Task: {A9744BF1-B3BE-485E-8CED-C8A112DB42C9} - System32\Tasks\Microsoft\Windows\Media Center\PBDADiscoveryW2 => C:\WINDOWS\ehome\ehPrivJob.exe
Task: {B170E593-7A4A-42ED-8E5E-FE91C524223A} - System32\Tasks\Adobe Flash Player PPAPI Notifier => C:\WINDOWS\SysWOW64\Macromed\Flash\FlashUtil32_29_0_0_113_pepper.exe (Adobe Systems Incorporated -> Adobe Systems Incorporated)
Task: {B79C1E15-BBAE-4901-8144-CA6499E7F7BD} - System32\Tasks\Microsoft\Windows\Media Center\PBDADiscovery => C:\WINDOWS\ehome\ehPrivJob.exe
Task: {BAB0F865-1900-4889-B5E2-E00F083B9AC6} - System32\Tasks\Opera scheduled assistant Autoupdate 1550324909 => C:\Users\Lenovo\AppData\Local\Programs\Opera\launcher.exe (Opera Software AS -> Opera Software)
Task: {C35EAC49-C654-4AD2-A8E0-13BB4B538500} - System32\Tasks\Microsoft\Windows\Media Center\mcupdate => C:\WINDOWS\ehome\mcupdate.exe
Task: {CB120083-D139-490E-ABC1-9711116BDE86} - System32\Tasks\Adobe Flash Player NPAPI Notifier => C:\WINDOWS\SysWOW64\Macromed\Flash\FlashUtil32_29_0_0_113_Plugin.exe (Adobe Systems Incorporated -> Adobe Systems Incorporated)
Task: {CC790BC5-5E2E-431D-96D7-38992A378467} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe (Google Inc -> Google Inc.)
Task: {D841F08B-9CC5-4DE4-8780-B48A4D247CC3} - System32\Tasks\Microsoft\Windows\Media Center\InstallPlayReady => C:\WINDOWS\ehome\ehPrivJob.exe
Task: {DA3CD105-1C40-4F31-B596-534277F311B7} - System32\Tasks\Microsoft\Windows\Media Center\StartRecording => C:\WINDOWS\ehome\ehrec.exe
Task: {DC97CD24-99CA-4409-AA44-E0B8E9790D31} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe (Google Inc -> Google Inc.)
Task: {DEBAD4D3-2F39-4C63-9561-762021145015} - System32\Tasks\MySQL\Installer\ManifestUpdate => C:\Program Files (x86)\MySQL\MySQL Installer for Windows\MySQLInstallerConsole.exe
Task: {ECF63DBD-0D24-4258-861D-7F5BDFA4C73D} - System32\Tasks\Microsoft\Windows\Media Center\PvrScheduleTask => C:\WINDOWS\ehome\mcupdate.exe
Task: {F73979B7-3B5E-4FBF-AF56-473DC86B90CE} - System32\Tasks\Opera scheduled Autoupdate 1521719234 => C:\Users\Lenovo\AppData\Local\Programs\Opera\launcher.exe (Opera Software AS -> Opera Software)
Task: {F8A429FB-D075-49EE-91B6-D247866AD4A6} - System32\Tasks\IntelSURQC-Upgrade-86621605-2a0b-4128-8ffc-15514c247132 => C:\Program Files\Intel\SUR\QUEENCREEK\Updater\bin\IntelSoftwareAssetManagerService.exe (Intel(R) Software Asset Manager -> Intel Corporation)
Task: {FEB657CD-087C-4664-B5E8-D03BBC23E1CF} - System32\Tasks\Microsoft\Windows\Media Center\UpdateRecordPath => C:\WINDOWS\ehome\ehPrivJob.exe

(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)

Task: C:\WINDOWS\Tasks\Driver Easy Scheduled Scan.job => C:\Program Files\Easeware\DriverEasy\DriverEasy.exe
Task: C:\WINDOWS\Tasks\DropboxUpdateTaskMachineCore1d1719f65cee02e.job => C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe
Task: C:\WINDOWS\Tasks\DropboxUpdateTaskMachineUA1d1719f66008e5b.job => C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe
Task: C:\WINDOWS\Tasks\Synaptics TouchPad Enhancements.job => C:\Program Files\Synaptics\SynTP\SynTPEnh.exe

==================== Shortcuts & WMI ========================

(The entries could be listed to be restored or removed.)


ShortcutWithArgument: C:\Users\Lenovo\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\ImplicitAppShortcuts\69639df789022856\Google Chrome.lnk -> C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) -> --profile-directory="Profile 1"

==================== Loaded Modules (Whitelisted) ==============

2018-12-18 14:31 - 2017-10-19 09:17 - 000271360 _____ (Wondershare Software) [File not signed] C:\WINDOWS\System32\WSPDFelementMonitor.dll
2013-08-27 17:32 - 2013-08-27 17:32 - 000747520 _____ (Intel(R) Corporation) [File not signed] C:\Program Files\Intel\iCLS Client\HeciServer.exe
2007-07-06 12:14 - 2007-07-06 12:14 - 005730304 _____ () [File not signed] C:\Program Files (x86)\MySQL\MySQL Server 5.0\bin\mysqld-nt.exe
2016-06-28 21:38 - 2016-06-28 21:38 - 000138752 _____ () [File not signed] C:\Program Files\ATI Technologies\ATI.ACE\A4\AdaptiveSleepService.exe
2018-01-31 17:49 - 2018-01-31 17:49 - 000009216 _____ () [File not signed] C:\Program Files (x86)\AMD\Performance Profile Client\AUEPLauncher.exe
2018-01-31 17:49 - 2018-01-31 17:49 - 000077312 _____ () [File not signed] C:\Program Files (x86)\AMD\Performance Profile Client\AUEPMaster.exe
2018-01-31 17:49 - 2018-01-31 17:49 - 000011264 _____ () [File not signed] C:\Program Files (x86)\AMD\Performance Profile Client\AUEPUF.exe
2018-01-31 17:49 - 2018-01-31 17:49 - 000060928 _____ () [File not signed] C:\Program Files (x86)\AMD\Performance Profile Client\AUEPDU.exe
2015-11-25 06:49 - 2015-11-25 06:49 - 002257408 _____ (ActiveState Software Inc) [File not signed] C:\Program Files (x86)\Raptr Inc\PlaysTV\python26.dll
2015-11-25 06:48 - 2015-11-25 06:48 - 000028160 _____ () [File not signed] C:\Program Files (x86)\Raptr Inc\PlaysTV\servicemanager.pyd
2015-11-25 06:46 - 2015-11-25 06:46 - 000110592 _____ () [File not signed] C:\Program Files (x86)\Raptr Inc\PlaysTV\pywintypes26.dll
2015-11-25 06:48 - 2015-11-25 06:48 - 000041472 _____ () [File not signed] C:\Program Files (x86)\Raptr Inc\PlaysTV\win32service.pyd
2015-11-25 06:48 - 2015-11-25 06:48 - 000096256 _____ () [File not signed] C:\Program Files (x86)\Raptr Inc\PlaysTV\win32api.pyd
2015-11-25 06:43 - 2015-11-25 06:43 - 000356864 _____ () [File not signed] C:\Program Files (x86)\Raptr Inc\PlaysTV\_hashlib.pyd
2015-11-25 06:48 - 2015-11-25 06:48 - 000017920 _____ () [File not signed] C:\Program Files (x86)\Raptr Inc\PlaysTV\win32event.pyd
2015-11-25 06:48 - 2015-11-25 06:48 - 000019968 _____ () [File not signed] C:\Program Files (x86)\Raptr Inc\PlaysTV\win32evtlog.pyd
2015-11-25 06:48 - 2015-11-25 06:48 - 000036352 _____ () [File not signed] C:\Program Files (x86)\Raptr Inc\PlaysTV\win32process.pyd
2015-11-25 06:43 - 2015-11-25 06:43 - 000043008 _____ () [File not signed] C:\Program Files (x86)\Raptr Inc\PlaysTV\_socket.pyd
2015-11-25 06:43 - 2015-11-25 06:43 - 000805376 _____ () [File not signed] C:\Program Files (x86)\Raptr Inc\PlaysTV\_ssl.pyd
2015-11-25 06:43 - 2015-11-25 06:43 - 000087040 _____ () [File not signed] C:\Program Files (x86)\Raptr Inc\PlaysTV\_ctypes.pyd
2015-11-25 06:46 - 2015-11-25 06:46 - 000354304 _____ () [File not signed] C:\Program Files (x86)\Raptr Inc\PlaysTV\pythoncom26.dll
2015-11-25 06:48 - 2015-11-25 06:48 - 000167936 _____ () [File not signed] C:\Program Files (x86)\Raptr Inc\PlaysTV\win32gui.pyd
2015-11-25 06:47 - 2015-11-25 06:47 - 001980928 _____ () [File not signed] C:\Program Files (x86)\Raptr Inc\PlaysTV\PyQt5.QtGui.pyd
2015-11-25 07:02 - 2015-11-25 07:02 - 004604416 _____ (Digia Plc and/or its subsidiary(-ies)) [File not signed] C:\Program Files (x86)\Raptr Inc\PlaysTV\Qt5Gui.dll
2015-11-25 07:01 - 2015-11-25 07:01 - 004088320 _____ (Digia Plc and/or its subsidiary(-ies)) [File not signed] C:\Program Files (x86)\Raptr Inc\PlaysTV\Qt5Core.dll
2015-11-25 07:01 - 2015-11-25 07:01 - 001961472 _____ (The ICU Project) [File not signed] C:\Program Files (x86)\Raptr Inc\PlaysTV\icuin53.dll
2015-11-25 07:02 - 2015-11-25 07:02 - 001316352 _____ (The ICU Project) [File not signed] C:\Program Files (x86)\Raptr Inc\PlaysTV\icuuc53.dll
2015-11-25 07:01 - 2015-11-25 07:01 - 021529088 _____ (The ICU Project) [File not signed] C:\Program Files (x86)\Raptr Inc\PlaysTV\icudt53.dll
2015-12-08 06:57 - 2015-12-08 06:57 - 000077824 _____ () [File not signed] C:\Program Files (x86)\Raptr Inc\PlaysTV\sip.pyd
2015-11-25 06:47 - 2015-11-25 06:47 - 001862144 _____ () [File not signed] C:\Program Files (x86)\Raptr Inc\PlaysTV\PyQt5.QtCore.pyd
2015-11-25 06:47 - 2015-11-25 06:47 - 000516608 _____ () [File not signed] C:\Program Files (x86)\Raptr Inc\PlaysTV\PyQt5.QtNetwork.pyd
2015-11-25 07:02 - 2015-11-25 07:02 - 000839680 _____ (Digia Plc and/or its subsidiary(-ies)) [File not signed] C:\Program Files (x86)\Raptr Inc\PlaysTV\Qt5Network.dll
2015-11-25 06:47 - 2015-11-25 06:47 - 004060160 _____ () [File not signed] C:\Program Files (x86)\Raptr Inc\PlaysTV\PyQt5.QtWidgets.pyd
2015-11-25 07:01 - 2015-11-25 07:01 - 004468736 _____ (Digia Plc and/or its subsidiary(-ies)) [File not signed] C:\Program Files (x86)\Raptr Inc\PlaysTV\Qt5Widgets.dll
2015-11-25 06:43 - 2015-11-25 06:43 - 000010240 _____ () [File not signed] C:\Program Files (x86)\Raptr Inc\PlaysTV\select.pyd
2018-03-22 23:24 - 2019-04-19 14:07 - 003084800 _____ (The Qt Company Ltd.) [File not signed] C:\Program Files\Malwarebytes\Anti-Malware\Qt5Quick.dll
2018-03-22 23:24 - 2019-04-19 14:07 - 000438272 _____ (The Qt Company Ltd.) [File not signed] C:\Program Files\Malwarebytes\Anti-Malware\Qt5WinExtras.dll
2018-03-22 23:24 - 2019-04-19 14:07 - 004571648 _____ (The Qt Company Ltd.) [File not signed] C:\Program Files\Malwarebytes\Anti-Malware\Qt5Widgets.dll
2018-03-22 23:24 - 2019-04-19 14:07 - 005139968 _____ (The Qt Company Ltd.) [File not signed] C:\Program Files\Malwarebytes\Anti-Malware\Qt5Gui.dll
2018-03-22 23:24 - 2019-04-19 14:07 - 002950144 _____ (The Qt Company Ltd.) [File not signed] C:\Program Files\Malwarebytes\Anti-Malware\Qt5Qml.dll
2018-03-22 23:24 - 2019-04-19 14:07 - 002234880 _____ (The Qt Company Ltd.) [File not signed] C:\Program Files\Malwarebytes\Anti-Malware\Qt5Network.dll
2018-03-22 23:24 - 2019-04-19 14:07 - 005010944 _____ (The Qt Company Ltd.) [File not signed] C:\Program Files\Malwarebytes\Anti-Malware\Qt5Core.dll
2019-04-19 14:03 - 2019-04-19 14:07 - 001181184 _____ (The Qt Company Ltd.) [File not signed] C:\Program Files\Malwarebytes\Anti-Malware\platforms\qwindows.dll
2019-04-19 14:03 - 2019-04-19 14:07 - 000124928 _____ (The Qt Company Ltd.) [File not signed] C:\Program Files\Malwarebytes\Anti-Malware\styles\qwindowsvistastyle.dll
2019-04-19 14:07 - 2019-04-19 14:07 - 000026112 _____ (The Qt Company Ltd.) [File not signed] C:\Program Files\Malwarebytes\Anti-Malware\imageformats\qico.dll
2019-04-19 14:07 - 2019-04-19 14:07 - 000020992 _____ (The Qt Company Ltd.) [File not signed] C:\Program Files\Malwarebytes\Anti-Malware\imageformats\qsvg.dll
2018-03-22 23:24 - 2019-04-19 14:07 - 000259584 _____ (The Qt Company Ltd.) [File not signed] C:\Program Files\Malwarebytes\Anti-Malware\Qt5Svg.dll
2019-04-19 14:07 - 2019-04-19 14:07 - 000014848 _____ (The Qt Company Ltd.) [File not signed] C:\Program Files\Malwarebytes\Anti-Malware\QtQuick.2\qtquick2plugin.dll
2019-04-19 14:07 - 2019-04-19 14:07 - 000729088 _____ (The Qt Company Ltd.) [File not signed] C:\Program Files\Malwarebytes\Anti-Malware\QtQuick\Controls\qtquickcontrolsplugin.dll
2019-04-19 14:07 - 2019-04-19 14:07 - 000073216 _____ (The Qt Company Ltd.) [File not signed] C:\Program Files\Malwarebytes\Anti-Malware\QtQuick\Layouts\qquicklayoutsplugin.dll
2019-04-19 14:07 - 2019-04-19 14:07 - 000179712 _____ (The Qt Company Ltd.) [File not signed] C:\Program Files\Malwarebytes\Anti-Malware\QtQuick\Dialogs\dialogplugin.dll
2019-04-19 14:07 - 2019-04-19 14:07 - 000014848 _____ (The Qt Company Ltd.) [File not signed] C:\Program Files\Malwarebytes\Anti-Malware\QtQuick\Window.2\windowplugin.dll
2019-04-19 14:07 - 2019-04-19 14:07 - 000014848 _____ (The Qt Company Ltd.) [File not signed] C:\Program Files\Malwarebytes\Anti-Malware\QtQml\Models.2\modelsplugin.dll
2019-04-19 14:07 - 2019-04-19 14:07 - 000101888 _____ (The Qt Company Ltd.) [File not signed] C:\Program Files\Malwarebytes\Anti-Malware\QtQuick\PrivateWidgets\widgetsplugin.dll
2013-11-21 11:31 - 2013-11-21 11:31 - 000286720 _____ (Intel Corporation) [File not signed] C:\Program Files\Intel\Intel(R) Rapid Storage Technology\PsiData.dll
2013-11-21 11:31 - 2013-11-21 11:31 - 000499200 _____ (Intel Corporation) [File not signed] C:\Program Files\Intel\Intel(R) Rapid Storage Technology\ISDI2.dll

==================== Alternate Data Streams (Whitelisted) =========

(If an entry is included in the fixlist, only the ADS will be removed.)


==================== Safe Mode (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)

HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MBAMService => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\MBAMService => ""="Service"

==================== Association (Whitelisted) ===============

(If an entry is included in the fixlist, the registry item will be restored to default or removed.)


==================== Internet Explorer trusted/restricted ===============

(If an entry is included in the fixlist, it will be removed from the registry.)


==================== Hosts content: ===============================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2016-11-15 03:41 - 2019-04-20 04:14 - 000000027 _____ C:\WINDOWS\system32\drivers\etc\hosts

127.0.0.1 localhost

2016-11-07 03:29 - 2016-11-07 03:29 - 000000499 _____ C:\WINDOWS\system32\drivers\etc\hosts.ics

192.168.137.70 iPhone.mshome.net # 2016 11 0 13 17 29 46 813
192.168.137.1 Lenovo-PC.mshome.net # 2021 11 5 5 17 29 46 813

==================== Other Areas ============================

(Currently there is no automatic fix for this section.)

HKLM\System\CurrentControlSet\Control\Session Manager\Environment\\Path: C:\ProgramData\Oracle\Java\javapath;C:\Program Files\Common Files\Microsoft Shared\Windows Live;C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live;C:\Program Files (x86)\Intel\iCLS Client\;C:\Program Files\Intel\iCLS Client\;%SystemRoot%\system32;%SystemRoot%;%SystemRoot%\System32\Wbem;%SYSTEMROOT%\System32\WindowsPowerShell\v1.0\;C:\Program Files\Intel\Intel(R) Management Engine Components\DAL;C:\Program Files\Intel\Intel(R) Management Engine Components\IPT;C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL;C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT;C:\Program Files (x86)\Windows Live\Shared;D:\Program Files (x86)\QuickTime\QTSystem\;C:\Program Files (x86)\Skype\Phone\;C:\Program Files\Microsoft SQL Server\130\Tools\Binn\;C:\Program Files (x86)\Microsoft SQL Server\100\Tools\Binn\;C:\Program Files\Microsoft SQL Server\100\Tools\Binn\;C:\Program Files\Microsoft SQL Server\100\DTS\Binn\;%SYSTEMROOT%\System32\OpenSSH\
HKU\S-1-5-21-1925601759-1010797402-2804155008-1000\Control Panel\Desktop\\Wallpaper -> C:\Windows\Web\Wallpaper\Windows\img0.jpg
DNS Servers: 192.168.0.1
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1)
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer => (SmartScreenEnabled: Off)
HKLM\software\microsoft\Windows\CurrentVersion\Telephony\Providers => ProviderFileName2 -> ndptsp.tsp (No File)
Windows Firewall is enabled.

==================== MSCONFIG/TASK MANAGER disabled items ==

If an entry is included in the fixlist, it will be removed.

MSCONFIG\Services: ACDaemon => 3
MSCONFIG\Services: CLHNServiceForPowerDVD => 2
MSCONFIG\Services: CxAudMsg => 2
MSCONFIG\Services: CyberLink PowerDVD 11.0 Monitor Service => 2
MSCONFIG\Services: CyberLink PowerDVD 11.0 Service => 2
MSCONFIG\Services: dbupdate => 2
MSCONFIG\Services: dbupdatem => 3
MSCONFIG\Services: ETDService => 2
MSCONFIG\Services: gusvc => 3
MSCONFIG\Services: hmevpnsvc => 2
MSCONFIG\Services: iPod Service => 3
MSCONFIG\Services: MozillaMaintenance => 3
MSCONFIG\Services: OverwolfUpdater => 3
MSCONFIG\Services: PingzapperSvc => 2
MSCONFIG\Services: Razer Game Scanner Service => 2
MSCONFIG\Services: SkypeUpdate => 2
MSCONFIG\Services: TeamViewer => 2
MSCONFIG\Services: UDisk Monitor => 2
MSCONFIG\Services: WtuSystemSupport => 2
MSCONFIG\startupfolder: C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^McAfee Security Scan Plus.lnk => C:\Windows\pss\McAfee Security Scan Plus.lnk.CommonStartup
MSCONFIG\startupfolder: C:^Users^Lenovo^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^MYOB Add-On Connector.lnk => C:\Windows\pss\MYOB Add-On Connector.lnk.Startup
MSCONFIG\startupreg: Adobe ARM => "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
MSCONFIG\startupreg: AdobeAAMUpdater-1.0 => "C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe"
MSCONFIG\startupreg: APSDaemon => "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe"
MSCONFIG\startupreg: AVG-Secure-Search-Update_0715tb => "C:\ProgramData\Avg_Update_0715tb\AVG-Secure-Search-Update_0715tb.exe" /PROMPT /CMPID=0715tb
MSCONFIG\startupreg: BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA} => "C:\Program Files (x86)\Common Files\Ahead\Lib\NMBgMonitor.exe"
MSCONFIG\startupreg: cAudioFilterAgent => C:\Program Files\Conexant\cAudioFilterAgent\cAudioFilterAgent64.exe
MSCONFIG\startupreg: cFosSpeed => C:\Program Files\cFosSpeed\cFosSpeed.exe
MSCONFIG\startupreg: Dropbox => "C:\Program Files (x86)\Dropbox\Client\Dropbox.exe" /systemstartup
MSCONFIG\startupreg: Energy Management => C:\Program Files (x86)\Lenovo\Energy Management\Energy Management.exe
MSCONFIG\startupreg: EnergyUtility => C:\Program Files (x86)\Lenovo\Energy Management\Utility.exe
MSCONFIG\startupreg: ForteConfig => C:\Program Files\Conexant\ForteConfig\fmapp.exe
MSCONFIG\startupreg: Google Update => "C:\Users\Lenovo\AppData\Local\Google\Update\GoogleUpdate.exe" /c
MSCONFIG\startupreg: GrooveMonitor => "C:\Program Files (x86)\Microsoft Office\Office12\GrooveMonitor.exe"
MSCONFIG\startupreg: HotKeysCmds => "C:\Windows\system32\hkcmd.exe"
MSCONFIG\startupreg: IAStorIcon => "C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorIconLaunch.exe" "C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe" 60
MSCONFIG\startupreg: IgfxTray => "C:\Windows\system32\igfxtray.exe"
MSCONFIG\startupreg: Launch LCore => C:\Program Files\Logitech Gaming Software\LCore.exe /minimized
MSCONFIG\startupreg: Overwolf => C:\Program Files (x86)\Overwolf\Overwolf.exe -silent
MSCONFIG\startupreg: Persistence => "C:\Windows\system32\igfxpers.exe"
MSCONFIG\startupreg: QuickTime Task => "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime
MSCONFIG\startupreg: Raptr => C:\Program Files (x86)\Raptr\RAPTRS~1.EXE --startup
MSCONFIG\startupreg: Razer Synapse => "C:\Program Files (x86)\Razer\Synapse\RzSynapse.exe"
MSCONFIG\startupreg: RemoteControl11 => "C:\Program Files (x86)\CyberLink\PowerDVD11\PDVD11Serv.exe"
MSCONFIG\startupreg: Sidebar => C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
MSCONFIG\startupreg: SmartAudio => C:\Program Files\CONEXANT\SAII\SACpl.exe /t
MSCONFIG\startupreg: Spotify => "C:\Users\Lenovo\AppData\Roaming\Spotify\Spotify.exe" -autostart -minimized
MSCONFIG\startupreg: Spotify Web Helper => "C:\Users\Lenovo\AppData\Roaming\Spotify\SpotifyWebHelper.exe"
MSCONFIG\startupreg: StartCCC => "C:\Program Files (x86)\AMD\ATI.ACE\Core-Static\amd64\CLIStart.exe" MSRun
MSCONFIG\startupreg: Steam => "C:\Program Files (x86)\Steam\steam.exe" -silent
MSCONFIG\startupreg: SynLenovoGestureMgr => %ProgramFiles%\Synaptics\SynTP\SynLenovoGestureMgr.exe
MSCONFIG\startupreg: SynTPEnh => %ProgramFiles%\Synaptics\SynTP\SynTPEnh.exe
MSCONFIG\startupreg: USB3MON => "C:\Program Files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe"
MSCONFIG\startupreg: vProt => "C:\Program Files (x86)\AVG Web TuneUp\vprot.exe"
MSCONFIG\startupreg: WTFast Tray => "D:\Program Files (x86)\WTFast\WTFast.exe" trayonly
HKLM\...\StartupApproved\Run: => "cAudioFilterAgent"
HKLM\...\StartupApproved\Run: => "ForteConfig"
HKLM\...\StartupApproved\Run: => "iTunesHelper"
HKLM\...\StartupApproved\Run: => "StartCN"
HKLM\...\StartupApproved\Run32: => "DivXUpdate"
HKLM\...\StartupApproved\Run32: => "DivXMediaServer"
HKLM\...\StartupApproved\Run32: => "Dropbox"
HKLM\...\StartupApproved\Run32: => "AVG_UI"
HKLM\...\StartupApproved\Run32: => "QuickTime Task"
HKLM\...\StartupApproved\Run32: => "Raptr"
HKLM\...\StartupApproved\Run32: => "vProt"
HKLM\...\StartupApproved\Run32: => "PlaysTV"
HKLM\...\StartupApproved\Run32: => "Wondershare Helper Compact.exe"
HKLM\...\StartupApproved\Run32: => "SunJavaUpdateSched"
HKLM\...\StartupApproved\Run32: => "SecurityHealth"
HKLM\...\StartupApproved\Run32: => "SmartAudio"
HKLM\...\StartupApproved\Run32: => "ETDCtrl"
HKLM\...\StartupApproved\Run32: => "DSATray"
HKU\S-1-5-21-1925601759-1010797402-2804155008-1000\...\StartupApproved\StartupFolder: => "hide.me VPN.lnk"
HKU\S-1-5-21-1925601759-1010797402-2804155008-1000\...\StartupApproved\StartupFolder: => "Bitcoin.lnk"
HKU\S-1-5-21-1925601759-1010797402-2804155008-1000\...\StartupApproved\Run: => "Discord"
HKU\S-1-5-21-1925601759-1010797402-2804155008-1000\...\StartupApproved\Run: => "OneDrive"
HKU\S-1-5-21-1925601759-1010797402-2804155008-1000\...\StartupApproved\Run: => "Spotify Web Helper"
HKU\S-1-5-21-1925601759-1010797402-2804155008-1000\...\StartupApproved\Run: => "WTFast Tray"
HKU\S-1-5-21-1925601759-1010797402-2804155008-1000\...\StartupApproved\Run: => "CCleaner Monitoring"
HKU\S-1-5-21-1925601759-1010797402-2804155008-1000\...\StartupApproved\Run: => "Free Download Manager"
HKU\S-1-5-21-1925601759-1010797402-2804155008-1000\...\StartupApproved\Run: => "Adguard"
HKU\S-1-5-21-1925601759-1010797402-2804155008-1000\...\StartupApproved\Run: => "DownloadAccelerator"

==================== FirewallRules (Whitelisted) ===============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

FirewallRules: [{D90D21C3-BAD6-4B80-BC6B-95BBD9A82F27}] => (Allow) C:\Program Files (x86)\360\Total Security\safemon\QHSafeTray.exe (QIHU 360 SOFTWARE CO. LIMITED -> Qihoo 360 Technology Co. Ltd.)
FirewallRules: [{46A1B855-A108-4B9E-81E1-D3A6228F8047}] => (Allow) C:\Program Files (x86)\360\Total Security\safemon\QHSafeTray.exe (QIHU 360 SOFTWARE CO. LIMITED -> Qihoo 360 Technology Co. Ltd.)

==================== Restore Points =========================

19-04-2019 04:42:40 Scheduled Checkpoint

==================== Faulty Device Manager Devices =============


==================== Event log errors: =========================

Application errors:
==================
Error: (04/20/2019 04:22:59 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: AvLaunch.exe, version: 19.3.4241.0, time stamp: 0x5c82677e
Faulting module name: ucrtbase.dll, version: 10.0.17134.677, time stamp: 0x9f346d3f
Exception code: 0xc0000409
Fault offset: 0x000000000006e14e
Faulting process id: 0x930
Faulting application start time: 0x01d4f6dcbd9cb91e
Faulting application path: C:\Program Files\AVAST Software\Avast\AvLaunch.exe
Faulting module path: C:\WINDOWS\System32\ucrtbase.dll
Report Id: 73a46981-8edb-48cd-b2a9-936390caca89
Faulting package full name:
Faulting package-relative application ID:

Error: (04/20/2019 04:18:41 AM) (Source: MSSQL$SQLEXPRESS) (EventID: 8317) (User: )
Description: Cannot query value 'First Counter' associated with registry key 'HKLM\SYSTEM\CurrentControlSet\Services\MSSQL$SQLEXPRESS\Performance'. SQL Server performance counters are disabled.

Error: (04/20/2019 04:14:54 AM) (Source: VSS) (EventID: 8193) (User: )
Description: Volume Shadow Copy Service error: Unexpected error calling routine QueryFullProcessImageNameW. hr = 0x8007001f, A device attached to the system is not functioning.
.


Operation:
Executing Asynchronous Operation

Context:
Current State: DoSnapshotSet

Error: (04/20/2019 04:13:01 AM) (Source: VSS) (EventID: 8194) (User: )
Description: Volume Shadow Copy Service error: Unexpected error querying for the IVssWriterCallback interface. hr = 0x80070005, Access is denied.
.
This is often caused by incorrect security settings in either the writer or requestor process.


Operation:
Gathering Writer Data

Context:
Writer Class Id: {e8132975-6f93-4464-a53e-1050253ae220}
Writer Name: System Writer
Writer Instance ID: {08499028-1e60-4eea-aa56-62f230a4f5d9}

Error: (04/20/2019 04:09:55 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: Explorer.EXE, version: 10.0.17134.677, time stamp: 0xb4a88dff
Faulting module name: ntdll.dll, version: 10.0.17134.556, time stamp: 0x74bed8b0
Exception code: 0xc0000005
Fault offset: 0x0000000000024989
Faulting process id: 0x193c
Faulting application start time: 0x01d4f644479a143e
Faulting application path: C:\WINDOWS\Explorer.EXE
Faulting module path: C:\WINDOWS\SYSTEM32\ntdll.dll
Report Id: a08641ea-208c-470a-a576-2291f1e782fe
Faulting package full name:
Faulting package-relative application ID:

Error: (04/19/2019 10:24:24 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: ShellExperienceHost.exe, version: 10.0.17134.1, time stamp: 0x5ace103a
Faulting module name: ntdll.dll, version: 10.0.17134.556, time stamp: 0x74bed8b0
Exception code: 0xc0000374
Fault offset: 0x00000000000f479b
Faulting process id: 0x720
Faulting application start time: 0x01d4f644758852d1
Faulting application path: C:\WINDOWS\SystemApps\ShellExperienceHost_cw5n1h2txyewy\ShellExperienceHost.exe
Faulting module path: C:\WINDOWS\SYSTEM32\ntdll.dll
Report Id: 8b43e3fc-5c5f-477a-8ae8-c9f4b9215bdc
Faulting package full name: Microsoft.Windows.ShellExperienceHost_10.0.17134.112_neutral_neutral_cw5n1h2txyewy
Faulting package-relative application ID: App

Error: (04/19/2019 01:00:47 PM) (Source: Windows Search Service) (EventID: 1019) (User: )
Description: Windows Search Service failed to process the list of included and excluded locations with the error <30, 0x80040d07, "iehistory://{S-1-5-21-1925601759-1010797402-2804155008-1000}/">.

Error: (04/19/2019 10:14:43 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: AvLaunch.exe, version: 19.3.4241.0, time stamp: 0x5c82677e
Faulting module name: ucrtbase.dll, version: 10.0.17134.677, time stamp: 0x9f346d3f
Exception code: 0xc0000409
Fault offset: 0x000000000006e14e
Faulting process id: 0x176c
Faulting application start time: 0x01d4f6449fe30c0a
Faulting application path: C:\Program Files\AVAST Software\Avast\AvLaunch.exe
Faulting module path: C:\WINDOWS\System32\ucrtbase.dll
Report Id: 63396444-9bfc-471f-a29d-aab87208a1ba
Faulting package full name:
Faulting package-relative application ID:


System errors:
=============
Error: (04/20/2019 04:27:17 AM) (Source: DCOM) (EventID: 10016) (User: NT AUTHORITY)
Description: The application-specific permission settings do not grant Local Launch permission for the COM Server application with CLSID
Windows.SecurityCenter.WscBrokerManager
and APPID
Unavailable
to the user NT AUTHORITY\SYSTEM SID (S-1-5-18) from address LocalHost (Using LRPC) running in the application container Unavailable SID (Unavailable). This security permission can be modified using the Component Services administrative tool.

Error: (04/20/2019 04:26:33 AM) (Source: DCOM) (EventID: 10010) (User: NT AUTHORITY)
Description: The server {B91D5831-B1BD-4608-8198-D72E155020F7} did not register with DCOM within the required timeout.

Error: (04/20/2019 04:26:10 AM) (Source: Service Control Manager) (EventID: 7022) (User: )
Description: The Update Orchestrator Service service hung on starting.

Error: (04/20/2019 04:23:56 AM) (Source: DCOM) (EventID: 10016) (User: Lenovo-PC)
Description: The application-specific permission settings do not grant Local Activation permission for the COM Server application with CLSID
{D63B10C5-BB46-4990-A94F-E40B9D520160}
and APPID
{9CA88EE3-ACB7-47C8-AFC4-AB702511C276}
to the user Lenovo-PC\Lenovo SID (S-1-5-21-1925601759-1010797402-2804155008-1000) from address LocalHost (Using LRPC) running in the application container Unavailable SID (Unavailable). This security permission can be modified using the Component Services administrative tool.

Error: (04/20/2019 04:19:33 AM) (Source: DCOM) (EventID: 10016) (User: NT AUTHORITY)
Description: The application-specific permission settings do not grant Local Activation permission for the COM Server application with CLSID
{D63B10C5-BB46-4990-A94F-E40B9D520160}
and APPID
{9CA88EE3-ACB7-47C8-AFC4-AB702511C276}
to the user NT AUTHORITY\LOCAL SERVICE SID (S-1-5-19) from address LocalHost (Using LRPC) running in the application container Unavailable SID (Unavailable). This security permission can be modified using the Component Services administrative tool.

Error: (04/20/2019 04:19:05 AM) (Source: Service Control Manager) (EventID: 7001) (User: )
Description: The RasMan service depends on the SstpSvc service which failed to start because of the following error:
The operation completed successfully.

Error: (04/20/2019 04:18:34 AM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The SAService service failed to start due to the following error:
The system cannot find the file specified.

Error: (04/20/2019 04:18:31 AM) (Source: Microsoft-Windows-Directory-Services-SAM) (EventID: 16953) (User: NT AUTHORITY)
Description: The password notification DLL "C:\Program Files\McAfee\TrueKey\McAfeeTrueKeyPasswordFilter" failed to load with error 126. Please verify that the notification DLL path defined in the registry, HKLM\System\CurrentControlSet\Control\Lsa\Notification Packages, refers to a correct and absolute path (<drive>:\<path>\<filename>.<ext>) and not a relative or invalid path. If the DLL path is correct, please validate that any supporting files are located in the same directory, and that the system account has read access to both the DLL path and any supporting files. Contact the provider of the notification DLL for additional support. Further details can be found on the web at http://go.microsoft.com/fwlink/?LinkId=245898.


CodeIntegrity:
===================================

Date: 2019-04-20 02:59:53.375
Description:
Code Integrity determined that a process (\Device\HarddiskVolume2\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe) attempted to load \Device\HarddiskVolume2\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements.

Date: 2019-04-20 02:55:29.316
Description:
Code Integrity determined that a process (\Device\HarddiskVolume2\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe) attempted to load \Device\HarddiskVolume2\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements.

Date: 2019-04-20 02:55:28.526
Description:
Code Integrity determined that a process (\Device\HarddiskVolume2\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe) attempted to load \Device\HarddiskVolume2\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements.

Date: 2019-04-20 02:55:27.687
Description:
Code Integrity determined that a process (\Device\HarddiskVolume2\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe) attempted to load \Device\HarddiskVolume2\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements.

Date: 2019-04-20 02:55:26.977
Description:
Code Integrity determined that a process (\Device\HarddiskVolume2\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe) attempted to load \Device\HarddiskVolume2\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements.

Date: 2019-04-20 02:55:26.211
Description:
Code Integrity determined that a process (\Device\HarddiskVolume2\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe) attempted to load \Device\HarddiskVolume2\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements.

Date: 2019-04-20 02:55:25.474
Description:
Code Integrity determined that a process (\Device\HarddiskVolume2\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe) attempted to load \Device\HarddiskVolume2\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements.

Date: 2019-04-20 02:55:24.604
Description:
Code Integrity determined that a process (\Device\HarddiskVolume2\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe) attempted to load \Device\HarddiskVolume2\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements.

==================== Memory info ===========================

Processor: Intel(R) Core(TM) i7-4510U CPU @ 2.00GHz
Percentage of memory in use: 44%
Total physical RAM: 8088.36 MB
Available physical RAM: 4470.66 MB
Total Virtual: 20220.36 MB
Available Virtual: 16473.34 MB

==================== Drives ================================

Drive c: (OS) (Fixed) (Total:151.27 GB) (Free:19.19 GB) NTFS
Drive d: (Data) (Fixed) (Total:584.83 GB) (Free:275.81 GB) NTFS
Drive f: (Bandicam) (Fixed) (Total:195.31 GB) (Free:179.55 GB) NTFS

\\?\Volume{c05dd144-747f-11e4-9d1a-806e6f6e6963}\ (System Reserved) (Fixed) (Total:0.1 GB) (Free:0.05 GB) NTFS

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (MBR Code: Windows 7/8/10) (Size: 931.5 GB) (Disk ID: D9FA2484)
Partition 1: (Active) - (Size=100 MB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=151.3 GB) - (Type=07 NTFS)
Partition 3: (Not Active) - (Size=584.8 GB) - (Type=07 NTFS)
Partition 4: (Not Active) - (Size=195.3 GB) - (Type=0F Extended)

==================== End of Addition.txt ============================


Note: you can delete this post if it is unnecessary
 

jmarket

PCHF's Almighty Ruler
PCHF Owner
Support Team
Security Team
Jan 10, 2015
2,154
499
PCHF Bunker
pchelpforum.net
Download Security Check to your desktop.
Right click it and choose Run as Administrator.
When the program completes, the tool will automatically open a log file.
Please post that log here in your next post.
 

Baroona

PCHF Member
PCHF Member
Apr 18, 2019
27
1
23
SecurityCheck by glax24 & Severnyj v.1.4.0.53 [27.10.17]
WebSite: www.safezone.cc
DateLog: 20.04.2019 04:41:16
Path starting: C:\Users\Lenovo\AppData\Local\Temp\SecurityCheck\SecurityCheck.exe
Log directory: C:\SecurityCheck\
IsAdmin: True
User: Lenovo
VersionXML: 6.29is-19.04.2019
___________________________________________________________________________

Windows 10(6.3.17134) (x64) Professional Release: 1803 Lang: English(0409)
Installation date OS: 26.05.2018 07:41:06
LicenseStatus: Windows(R), Professional edition The machine is permanently activated.
Boot Mode: Normal
Default Browser: C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
SystemDrive: C: FS: [NTFS] Capacity: [151.3 Gb] Used: [132.1 Gb] Free: [19.2 Gb]
------------------------------- [ Windows ] -------------------------------
Internet Explorer 11.706.17134.0
User Account Control enabled (Level 3)
Never check for updates
Security Center (wscsvc) - The service is running
Remote Registry (RemoteRegistry) - The service has stopped
SSDP Discovery (SSDPSRV) - The service is running
Remote Desktop Services (TermService) - The service has stopped
Windows Remote Management (WS-Management) (WinRM) - The service has stopped
------------------------------ [ MS Office ] ------------------------------
Microsoft Office 2007 v.12.0.6612.1000
---------------------------- [ Antivirus_WMI ] ----------------------------
Windows Defender (disabled and up to date)
Malwarebytes (enabled and up to date)
360 Total Security (disabled)
--------------------------- [ FirewallWindows ] ---------------------------
Windows Defender Firewall (mpssvc) - The service is running
--------------------------- [ AntiSpyware_WMI ] ---------------------------
Malwarebytes (enabled and up to date)
Windows Defender (disabled and up to date)
360 Total Security (disabled)
---------------------- [ AntiVirusFirewallInstall ] -----------------------
Malwarebytes version 3.7.1.2839 v.3.7.1.2839
AVG 2015 v.15.0.6081 Warning! Download Update
360 Total Security v.10.2.0.1180
--------------------------- [ OtherUtilities ] ----------------------------
WinRAR 5.70 (64-bit) v.5.70.0
Microsoft .NET Framework 4.5.2 v.4.5.51209 Warning! Download Update
Microsoft Silverlight v.5.1.50918.0
DivX Setup v.2.7.0.93 Warning! Download Update
Microsoft Office Enterprise 2007 v.12.0.6612.1000 Warning! This software is no longer supported. Please use latest Microsift Office, Office Online or LibreOffice
K-Lite Mega Codec Pack 14.0.5 v.14.0.5 Warning! Download Update
TeamViewer 14 v.14.2.8352
VLC media player v.3.0.1 Warning! Download Update
Winamp v.5.666 [+]
Intel® Driver & Support Assistant v.3.2.0.9 Warning! Download Update
Microsoft Office 2007 Service Pack 3 (SP3) Warning! This software is no longer supported. Please use latest Microsift Office, Office Online or LibreOffice
TeamViewer 14 (TeamViewer) - The service is running
--------------------------------- [ IM ] ----------------------------------
Skype™ 7.26 v.7.26.101 Warning! Download Update
---------------------------- [ ProxyAndVPNs ] -----------------------------
Hotspot Shield 7.6.4 v.7.6.4
-------------------------------- [ Java ] ---------------------------------
Java 8 Update 161 v.8.0.1610.12 Warning! Download Update
Uninstall old version and install new one (jre-8u211-windows-i586.exe).
--------------------------- [ AppleProduction ] ---------------------------
iTunes v.12.7.3.46 Warning! Download Update
^Please use Apple Software Update tool.^
QuickTime 7 v.7.78.80.95 Warning! This software is no longer supported. Please uninstall it and use another software.
--------------------------- [ AdobeProduction ] ---------------------------
Adobe Flash Player 29 NPAPI v.29.0.0.113 Warning! Download Update
Adobe Flash Player 29 PPAPI v.29.0.0.113 Warning! Download Update
------------------------------- [ Browser ] -------------------------------
Opera Stable 58.0.3135.127 v.58.0.3135.127 Warning! Download Update
Google Chrome v.73.0.3683.103
Mozilla Firefox 66.0.3 (x86 en-US) v.66.0.3
Safari v.5.34.54.16 Warning! This software is no longer supported.
----------------------------- [ EmailClient ] -----------------------------
Windows Live Essentials v.16.4.3528.0331 Warning! This software is no longer supported.
------------------ [ AntivirusFirewallProcessServices ] -------------------
C:\Program Files\Malwarebytes\Anti-Malware\mbamtray.exe v.3.1.0.1763
Malwarebytes Service (MBAMService) - The service is running
C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe v.3.2.0.765
C:\Program Files\Windows Defender\MSASCuiL.exe v.4.13.17134.1
Windows Defender Antivirus Service (WinDefend) - The service has stopped
Windows Defender Antivirus Network Inspection Service (WdNisSvc) - The service has stopped
360 Total Security (QHActiveDefense) - The service is running
C:\Program Files (x86)\360\Total Security\safemon\QHActiveDefense.exe v.10.0.0.1014
C:\Program Files (x86)\360\Total Security\safemon\QHWatchdog.exe v.8.2.0.1000
C:\Program Files (x86)\360\Total Security\safemon\QHSafeTray.exe v.10.0.0.1070
---------------------------- [ UnwantedApps ] -----------------------------
McAfee True Key v.5.2.167.1 Warning! Application is distributed through the partnership programs and bundle assemblies. Uninstallation recommended. Possible you became a victim of fraud or social engineering.
AVG Web TuneUp v.4.3.6.255 Warning! Suspected demo version of anti-spyware or optimization program. If this program is not familiar to you it is recommended to uninstall it and execute PC scanning using Malwarebytes Anti-Malware. Possible you became a victim of fraud or social engineering.
IObit Uninstaller 8 v.8.4.0.8 Warning! Application is distributed through the partnership programs and bundle assemblies. Uninstallation recommended. Possible you became a victim of fraud or social engineering.
Razer Game Booster v.4.1.59.0 Warning! Suspected demo version of anti-spyware or optimization program. If this program is not familiar to you it is recommended to uninstall it and execute PC scanning using Malwarebytes Anti-Malware. Possible you became a victim of fraud or social engineering.
IObit Uninstaller Service (IObitUnSvr) - The service has stopped
McAfee True Key (TrueKey) - The service is running
C:\Program Files\McAfee\TrueKey\McAfee.TrueKey.Service.exe v.5.2.167.0
McAfee True Key Scheduler (TrueKeyScheduler) - The service is running
C:\Program Files\McAfee\TrueKey\McTkSchedulerService.exe v.5.2.167.0
McAfee True Key Helper Service (TrueKeyServiceHelper) - The service is running
C:\Program Files\McAfee\TrueKey\McAfee.TrueKey.ServiceHelper.exe v.5.2.167.0
----------------------------- [ End of Log ] ------------------------------

Note: i just rerun adwcleaner and found bunch of threat again, should i clean it or it is part of the thing ?
 

Baroona

PCHF Member
PCHF Member
Apr 18, 2019
27
1
23
Hi jmarket, i am not very familiar with updating windows, but my current windows update told me that i am up to date
4614


i tried to rerun the security check the professional release is still on 1803.
 
Status
Not open for further replies.