Jump to content

Welcome to Geeks to Go - Register now for FREE

Geeks To Go is a helpful hub, where thousands of volunteer geeks quickly serve friendly answers and support. Check out the forums and get free advice from the experts. Register now to gain access to all of our features, it's FREE and only takes one minute. Once registered and logged in, you will be able to create topics, post replies to existing threads, give reputation to your fellow members, get your own private messenger, post status updates, manage your profile and so much more.

Create Account How it Works
Photo

Redirect pop-ups on google chrome browser

Need help please!!! Redirect pop-ups Google chrome browser

  • Please log in to reply

#1
breakmydreams

breakmydreams

    Member

  • Member
  • PipPip
  • 41 posts

I am dealing with redirect pop-ups on my google chrome browser. The problem just started about an hour ago.

I have run my Microsoft Security Essentials (it runs all the time), Mal-Ware Bytes, and Spybot Search and Destroy. They didn't find anything with the scans that I ran though. Except for Spybot, it found a few things, but I'm not sure how to show you all what it found in case what I had it fix that it sound is what is part of the problem. However, I don't think it is because I'm still dealing with the issue *sighs* Hoping it is an easy fix like the last time I had the issue last year with this computer. But won't know until I hear back from you all. Thank you for any and all help. 

I have also run ADWCleaner and it found a few issues. I have posted that log in this post. 

As of tonight (3/10/18) I went ahead and ran the cleaning of ADWCleaner to see if it would take care of the issue. I am going to post the log that it gave me at the bottom of this post. However, it doesn't look like it did, but it looks like it cleaned something up off my machine which is good. 

I just added a screenshot to help show some of what is going as well. Not normally there.jpg

 

 

 

 

Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 04.03.2018
Ran by LenovoThinkPadOwner (administrator) on LENOVOTHINKPAD (06-03-2018 13:34:13)
Running from C:\Users\LenovoThinkPadOwner\Downloads
Loaded Profiles: LenovoThinkPadOwner (Available Profiles: LenovoThinkPadOwner)
Platform: Windows 7 Professional Service Pack 1 (X64) Language: English (United States)
Internet Explorer Version 11 (Default browser: Chrome)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo...very-scan-tool/
 
==================== Processes (Whitelisted) =================
 
(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
 
(Lenovo.) C:\Windows\System32\ibmpmsvc.exe
(Lenovo.) C:\Windows\System32\LPlatSvc.exe
(Microsoft Corporation) C:\Program Files\Microsoft Security Client\MsMpEng.exe
(Intel Corporation) C:\Windows\System32\igfxCUIService.exe
(DisplayLink Corp.) C:\Program Files\DisplayLink Core Software\DisplayLinkManager.exe
(Lenovo.) C:\Windows\System32\LPlatSvc.exe
(DisplayLink Corp.) C:\Program Files\DisplayLink Core Software\DisplayLinkUserAgent.exe
(Microsoft Corporation) C:\Windows\System32\wlanext.exe
(Lenovo.) C:\Windows\System32\TpShocks.exe
(Alps Electric Co., Ltd.) C:\Program Files\Apoint2K\Apoint.exe
(Microsoft Corporation) C:\Windows\System32\rundll32.exe
(Lenovo Group Limited) C:\Program Files\Lenovo\Communications Utility\TpKnrres.exe
(Conexant Systems, Inc.) C:\Program Files\CONEXANT\cAudioFilterAgent\CAudioFilterAgent64.exe
(Microsoft Corporation) C:\Program Files\Microsoft Security Client\msseces.exe
(Skype Technologies S.A.) C:\Program Files (x86)\Skype\Phone\Skype.exe
(Microsoft Corporation) C:\Windows\System32\StikyNot.exe
(Piriform Ltd) C:\Program Files\CCleaner\CCleaner64.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe
(Microsoft Corporation) C:\Windows\SysWOW64\rundll32.exe
(Inmar, Inc.) C:\Program Files (x86)\Digital Coupon Printer\DigitalCouponPrinter.exe
(Safer-Networking Ltd.) C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe
(Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
(Microsoft Corporation) C:\Windows\System32\rundll32.exe
() C:\Program Files (x86)\PrintMyCouponAnywhere\PrintMyCouponAnywhere.exe
(Google Inc.) C:\Program Files (x86)\Google\Update\1.3.33.7\GoogleCrashHandler.exe
(Google Inc.) C:\Program Files (x86)\Google\Update\1.3.33.7\GoogleCrashHandler64.exe
(Alps Electric Co., Ltd.) C:\Program Files\Apoint2K\HidMonitorSvc.exe
(Lenovo) C:\Program Files (x86)\Lenovo\Connect2\Connect2.Service.exe
(CyberLink Corp.) C:\Program Files (x86)\CyberLink\PowerDVD12\PDVD12Serv.exe
(CyberLink) C:\Program Files (x86)\CyberLink\Power2Go\CLMLSvc.exe
(Conexant Systems Inc.) C:\Windows\System32\CxAudMsg64.exe
(Intel® Corporation) C:\Program Files\Intel\WiFi\bin\EvtEng.exe
(Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v3.0\WPF\PresentationFontCache.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Bluetooth\ibtsiva.exe
(Lenovo Group Limited) C:\Program Files\Lenovo\Communications Utility\CamMute.exe
(Lenovo Group Limited) C:\Program Files\Lenovo\Communications Utility\TPKNRSVC.exe
(Lenovo Group Limited) C:\Program Files\Lenovo\Communications Utility\vcamsvc.exe
(Intel Corporation) C:\Windows\System32\igfxEM.exe
(Intel Corporation) C:\Windows\System32\igfxHK.exe
(Lenovo Group Limited) C:\Program Files\Lenovo\VIRTSCRL\lvvsst.exe
(Lenovo Group Limited) C:\Program Files\Lenovo\VIRTSCRL\virtscrl.exe
(Nitro PDF Software) C:\Program Files\Nitro\Pro 9\NitroPDFDriverService9x64.exe
() C:\Program Files\Nitro\Pro 9\Nitro_UpdateService.exe
(Nalpeiron Ltd.) C:\Windows\SysWOW64\NLSSRV32.EXE
(Intel® Corporation) C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe
(Conexant Systems, Inc.) C:\Windows\SysWOW64\SASrv.exe
(Safer-Networking Ltd.) C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe
(Safer-Networking Ltd.) C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe
(Lenovo Group Limited) C:\Program Files\Lenovo\HOTKEY\TPHKSVC.exe
(Synaptics Incorporated) C:\Windows\System32\valWBFPolicyService.exe
(Lenovo Group Limited) C:\Program Files\Lenovo\HOTKEY\tpnumlkd.exe
(Lenovo Group Limited) C:\Program Files\Lenovo\HOTKEY\tpnumlk.exe
(Intel® Corporation) C:\Program Files\Intel\WiFi\bin\ZeroConfigService.exe
(Lenovo Group Limited) C:\Program Files\Lenovo\HOTKEY\micmute.exe
(Malwarebytes) C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe
(Lenovo Group Limited) C:\Program Files\Lenovo\HOTKEY\tphkload.exe
(Safer-Networking Ltd.) C:\Program Files (x86)\Spybot - Search & Destroy 2\SDWSCSvc.exe
(Microsoft Corporation) C:\Windows\System32\rundll32.exe
(Lenovo Group Limited) C:\Program Files\Lenovo\HOTKEY\TPONSCR.exe
(Lenovo Group Limited) C:\Program Files\Lenovo\HOTKEY\shtctky.exe
(Lenovo Group Limited) C:\Program Files (x86)\ThinkPad\Utilities\SCHTASK.EXE
(Lenovo) C:\Program Files\Lenovo\Lenovo Solution Center\LSCNotify.exe
(Lenovo) C:\Program Files (x86)\Lenovo\Message Center Plus\MCPLaunch.exe
(Lenovo Group Limited) C:\Program Files (x86)\Lenovo\QuickControl\QuickControlService.exe
(Lenovo Group Limited) C:\Program Files (x86)\Lenovo\QuickControl\QuickControl.exe
(Microsoft Corporation) C:\Program Files\Microsoft Security Client\NisSrv.exe
(Malwarebytes) C:\Program Files\Malwarebytes\Anti-Malware\mbamtray.exe
(Alps Electric Co., Ltd.) C:\Program Files\Apoint2K\ApMsgFwd.exe
(Alps Electric Co., Ltd.) C:\Program Files\Apoint2K\ApntEx.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Motorola Solutions, Inc.) C:\Program Files (x86)\Intel\Bluetooth\devmonsrv.exe
(Motorola Solutions, Inc.) C:\Program Files (x86)\Intel\Bluetooth\obexsrv.exe
(Motorola Solutions, Inc.) C:\Program Files (x86)\Intel\Bluetooth\mediasrv.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Lenovo) C:\Program Files (x86)\ThinkPad\Utilities\PWMDBSVC.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\DAL\jhi_service.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe
(Lenovo) C:\Program Files\Lenovo\Lenovo Peer Connect\LenovoDiscoverySvc.exe
(Validity Sensors, Inc.) C:\Program Files\Lenovo Fingerprint Reader\ValBioService.exe
(Validity Sensors, Inc.) C:\Program Files\Lenovo Fingerprint Reader\SwipeMonitor.exe
(Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jucheck.exe
(VL) C:\Program Files (x86)\ShopTracker\Scheduler\AmazonMeter.Scheduler.exe
() C:\Program Files (x86)\Lenovo\System Update\SUService.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
 
==================== Registry (Whitelisted) ===========================
 
(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
 
HKLM\...\Run: [Apoint] => C:\Program Files\Apoint2K\Apoint.exe [317240 2014-12-11] (Alps Electric Co., Ltd.)
HKLM\...\Run: [BTMTrayAgent] => rundll32.exe "C:\Program Files (x86)\Intel\Bluetooth\btmshellex.dll",TrayApp
HKLM\...\Run: [LENOVO.TPKNRRES] => C:\Program Files\Lenovo\Communications Utility\TPKNRRES.exe [295712 2014-08-07] (Lenovo Group Limited)
HKLM\...\Run: [SmartAudio] => C:\Program Files\CONEXANT\SAII\SACpl.exe [1830616 2014-04-09] (Conexant Systems, Inc.)
HKLM\...\Run: [cAudioFilterAgent] => C:\Program Files\Conexant\cAudioFilterAgent\cAudioFilterAgent64.exe [916184 2014-07-02] (Conexant Systems, Inc.)
HKLM\...\Run: [MSC] => c:\Program Files\Microsoft Security Client\msseces.exe [1353680 2016-11-14] (Microsoft Corporation)
HKLM-x32\...\Run: [USB3MON] => C:\Program Files (x86)\Intel\Intel® USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe [296208 2014-12-02] (Intel Corporation)
HKLM-x32\...\Run: [PWMTRV] => rundll32 "C:\Program Files (x86)\ThinkPad\Utilities\PWMTR64V.DLL",PwrMgrBkGndMonitor
HKLM-x32\...\Run: [Digital Coupon Print Driver] => C:\Program Files (x86)\Digital Coupon Printer\DigitalCouponPrinter.exe [90048 2015-09-22] (Inmar, Inc.)
HKLM-x32\...\Run: [SDTray] => C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe [4101576 2014-06-24] (Safer-Networking Ltd.)
HKLM-x32\...\Run: [SunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [587288 2017-07-21] (Oracle Corporation)
HKLM-x32\...\Run: [Http Listener] => C:\Program Files (x86)\PrintMyCouponAnywhere\PrintMyCouponAnywhere.exe [90760 2015-04-30] ()
Winlogon\Notify\SDWinLogon-x32: SDWinLogon.dll [X]
HKU\S-1-5-21-3035152817-1234986613-3461963699-1000\...\Run: [CCleaner Monitoring] => C:\Program Files\CCleaner\CCleaner64.exe [8891608 2016-07-13] (Piriform Ltd)
HKU\S-1-5-21-3035152817-1234986613-3461963699-1000\...\Run: [SpybotPostWindows10UpgradeReInstall] => C:\Program Files\Common Files\AV\Spybot - Search and Destroy\Test.exe [1011200 2015-07-28] (Safer-Networking Ltd.)
HKU\S-1-5-21-3035152817-1234986613-3461963699-1000\...\Run: [GoogleChromeAutoLaunch_311ED15B9F59AFF57647FE448C1F9B8D] => C:\Program Files (x86)\Google\Chrome\Application\chrome.exe [1581912 2018-02-21] (Google Inc.)
HKU\S-1-5-21-3035152817-1234986613-3461963699-1000\...\Run: [Skype] => C:\Program Files (x86)\Skype\Phone\Skype.exe [31682144 2015-03-25] (Skype Technologies S.A.)
HKU\S-1-5-21-3035152817-1234986613-3461963699-1000\...\Run: [RESTART_STICKY_NOTES] => C:\Windows\System32\StikyNot.exe [427520 2009-07-13] (Microsoft Corporation)
HKU\S-1-5-21-3035152817-1234986613-3461963699-1000\...\MountPoints2: {eb730243-4dd3-11e6-8661-806e6f6e6963} - Q:\LenovoQDrive.cmd
BootExecute: autocheck autochk * sdnclean64.exe
 
==================== Internet (Whitelisted) ====================
 
(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
 
Hosts: There are more than one entry in Hosts. See Hosts section of Addition.txt
Tcpip\Parameters: [DhcpNameServer] 10.0.0.1
Tcpip\..\Interfaces\{9EC25985-FB3D-4ECA-81B3-B0EBB212B995}: [DhcpNameServer] 10.0.0.1
 
Internet Explorer:
==================
HKU\S-1-5-21-3035152817-1234986613-3461963699-1000\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.bing.com/
HKU\S-1-5-21-3035152817-1234986613-3461963699-1000\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://lenovo13-comm.msn.com/?pc=LNJB
SearchScopes: HKLM -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
SearchScopes: HKLM-x32 -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
SearchScopes: HKU\S-1-5-21-3035152817-1234986613-3461963699-1000 -> DefaultScope {BA5620C9-A3AF-414B-830C-5B76322C736A} URL = 
BHO: Java™ Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files\Java\jre1.8.0_144\bin\ssv.dll [2017-08-15] (Oracle Corporation)
BHO: Java™ Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Java\jre1.8.0_144\bin\jp2ssv.dll [2017-08-15] (Oracle Corporation)
BHO-x32: Java™ Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre1.8.0_144\bin\ssv.dll [2017-08-15] (Oracle Corporation)
BHO-x32: Java™ Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre1.8.0_144\bin\jp2ssv.dll [2017-08-15] (Oracle Corporation)
 
FireFox:
========
FF Plugin: @java.com/DTPlugin,version=11.144.2 -> C:\Program Files\Java\jre1.8.0_144\bin\dtplugin\npDeployJava1.dll [2017-08-15] (Oracle Corporation)
FF Plugin: @java.com/JavaPlugin,version=11.144.2 -> C:\Program Files\Java\jre1.8.0_144\bin\plugin2\npjp2.dll [2017-08-15] (Oracle Corporation)
FF Plugin: @microsoft.com/GENUINE -> disabled [No File]
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.50907.0\npctrl.dll [2017-05-03] ( Microsoft Corporation)
FF Plugin: @videolan.org/vlc,version=2.2.4 -> C:\Program Files\VideoLAN\VLC\npvlc.dll [2017-05-24] (VideoLAN)
FF Plugin: @videolan.org/vlc,version=2.2.6 -> C:\Program Files\VideoLAN\VLC\npvlc.dll [2017-05-24] (VideoLAN)
FF Plugin-x32: @adobe.com/ShockwavePlayer -> C:\Windows\SysWOW64\Adobe\Director\np32dsw_1229199.dll [2017-03-31] (Adobe Systems, Inc.)
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI ipt;version=4.0.56 -> C:\Program Files (x86)\Intel\Intel® Management Engine Components\IPT\npIntelWebAPIIPT.dll [2014-10-10] (Intel Corporation)
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI updater -> C:\Program Files (x86)\Intel\Intel® Management Engine Components\IPT\npIntelWebAPIUpdater.dll [2014-10-10] (Intel Corporation)
FF Plugin-x32: @java.com/DTPlugin,version=11.144.2 -> C:\Program Files (x86)\Java\jre1.8.0_144\bin\dtplugin\npDeployJava1.dll [2017-08-15] (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=11.144.2 -> C:\Program Files (x86)\Java\jre1.8.0_144\bin\plugin2\npjp2.dll [2017-08-15] (Oracle Corporation)
FF Plugin-x32: @microsoft.com/GENUINE -> disabled [No File]
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files (x86)\Microsoft Silverlight\5.1.50907.0\npctrl.dll [2017-05-03] ( Microsoft Corporation)
FF Plugin-x32: @nitropdf.com/NitroPDF -> C:\Program Files (x86)\Nitro\Pro 9\npnitromozilla.dll [2016-07-28] (Nitro PDF)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.33.7\npGoogleUpdate3.dll [2017-11-13] (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.33.7\npGoogleUpdate3.dll [2017-11-13] (Google Inc.)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AIR\nppdf32.dll [2018-02-11] (Adobe Systems Inc.)
 
Chrome: 
=======
CHR HomePage: Default -> hxxp://www.bing.com/?pc=U162&form=U162HP
CHR StartupUrls: Default -> "hxxp://www.bing.com/?pc=U162&form=U162HP"
CHR Profile: C:\Users\LenovoThinkPadOwner\AppData\Local\Google\Chrome\User Data\Default [2018-03-06]
CHR Extension: (Slides) - C:\Users\LenovoThinkPadOwner\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2017-10-14]
CHR Extension: (Docs) - C:\Users\LenovoThinkPadOwner\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2017-10-14]
CHR Extension: (Google Drive) - C:\Users\LenovoThinkPadOwner\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2017-01-14]
CHR Extension: (YouTube) - C:\Users\LenovoThinkPadOwner\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2017-01-14]
CHR Extension: (Supernatural) - C:\Users\LenovoThinkPadOwner\AppData\Local\Google\Chrome\User Data\Default\Extensions\eaejimcbahonbhigeacmlmjiofegplpn [2017-01-14]
CHR Extension: (Adobe Acrobat) - C:\Users\LenovoThinkPadOwner\AppData\Local\Google\Chrome\User Data\Default\Extensions\efaidnbmnnnibpcajpcglclefindmkaj [2017-04-07]
CHR Extension: (Sheets) - C:\Users\LenovoThinkPadOwner\AppData\Local\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2017-10-14]
CHR Extension: (Office Editing for Docs, Sheets & Slides) - C:\Users\LenovoThinkPadOwner\AppData\Local\Google\Chrome\User Data\Default\Extensions\gbkeegbaiigmenfmjfclcdgdpimamgkj [2018-01-16]
CHR Extension: (Savings Alerts) - C:\Users\LenovoThinkPadOwner\AppData\Local\Google\Chrome\User Data\Default\Extensions\gflpeapppfijfecjmibidlnfggdifmic [2018-02-15]
CHR Extension: (Google Docs Offline) - C:\Users\LenovoThinkPadOwner\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2018-02-25]
CHR Extension: (Screenwise Meter) - C:\Users\LenovoThinkPadOwner\AppData\Local\Google\Chrome\User Data\Default\Extensions\gmieefkpoaagiboijfjhidningfpomge [2017-06-07]
CHR Extension: (SwagButton) - C:\Users\LenovoThinkPadOwner\AppData\Local\Google\Chrome\User Data\Default\Extensions\gngocbkfmikdgphklgmmehbjjlfgdemm [2018-03-06]
CHR Extension: (Piggy - Automatic Coupons & Cash Back) - C:\Users\LenovoThinkPadOwner\AppData\Local\Google\Chrome\User Data\Default\Extensions\hfapbcheiepjppjbnkphkmegjlipojba [2018-02-15]
CHR Extension: (Supernatural Photo Gallery) - C:\Users\LenovoThinkPadOwner\AppData\Local\Google\Chrome\User Data\Default\Extensions\jddhkngnpofgkagacodjmnicclhjjokk [2017-01-14]
CHR Extension: (Klout) - C:\Users\LenovoThinkPadOwner\AppData\Local\Google\Chrome\User Data\Default\Extensions\jjaakbhpcbpmojkhpiaacepfcaniglak [2017-01-15]
CHR Extension: (Qmee) - C:\Users\LenovoThinkPadOwner\AppData\Local\Google\Chrome\User Data\Default\Extensions\mbaanpgkpkoamihninlcegnjclcpibde [2017-01-14]
CHR Extension: (MyPoints Score) - C:\Users\LenovoThinkPadOwner\AppData\Local\Google\Chrome\User Data\Default\Extensions\mcglgmippekbdbmniknikdgkmnnpdnmh [2018-03-06]
CHR Extension: (TubeBuddy for YouTube) - C:\Users\LenovoThinkPadOwner\AppData\Local\Google\Chrome\User Data\Default\Extensions\mhkhmbddkmdggbhaaaodilponhnccicb [2018-03-06]
CHR Extension: (Chrome Web Store Payments) - C:\Users\LenovoThinkPadOwner\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2017-08-30]
CHR Extension: (Gmail) - C:\Users\LenovoThinkPadOwner\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2017-01-14]
CHR Extension: (Chrome Media Router) - C:\Users\LenovoThinkPadOwner\AppData\Local\Google\Chrome\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm [2018-03-06]
CHR HKU\S-1-5-21-3035152817-1234986613-3461963699-1000\SOFTWARE\Google\Chrome\Extensions\...\Chrome\Extension: [efaidnbmnnnibpcajpcglclefindmkaj] - hxxps://clients2.google.com/service/update2/crx
 
==================== Services (Whitelisted) ====================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
R2 AmazonMeterService; C:\Program Files (x86)\ShopTracker\Scheduler\AmazonMeter.Scheduler.exe [31640 2017-11-21] (VL)
R2 ApHidMonitorService; C:\Program Files\Apoint2K\HidMonitorSvc.exe [87384 2014-11-06] (Alps Electric Co., Ltd.)
R2 connect2hotspot; C:\Program Files (x86)\Lenovo\Connect2\Connect2.Service.exe [100680 2017-02-08] (Lenovo)
R2 DisplayLinkService; C:\Program Files\DisplayLink Core Software\DisplayLinkManager.exe [9954096 2014-03-31] (DisplayLink Corp.)
R2 iBtSiva; C:\Program Files (x86)\Intel\Bluetooth\ibtsiva.exe [121304 2014-08-10] (Intel Corporation)
R2 igfxCUIService1.0.0.0; C:\Windows\system32\igfxCUIService.exe [354280 2016-06-02] (Intel Corporation)
S3 Intel® Capability Licensing Service TCP IP Interface; C:\Program Files\Intel\iCLS Client\SocketHeciServer.exe [887256 2014-05-13] (Intel® Corporation)
S3 iumsvc; C:\Program Files (x86)\Intel\Intel® Update Manager\bin\iumsvc.exe [174368 2014-06-09] ()
R2 jhi_service; C:\Program Files (x86)\Intel\Intel® Management Engine Components\DAL\jhi_service.exe [158496 2014-10-10] (Intel Corporation)
S3 Lenovo EasyPlus Hotspot; C:\Program Files (x86)\Common Files\lenovo\easyplussdk\bin\EPHotspot64.exe [619776 2014-12-05] (Lenovo)
R2 LENOVO.TVTVCAM; C:\Program Files\Lenovo\Communications Utility\vcamsvc.exe [197408 2014-08-07] (Lenovo Group Limited)
R2 Lenovo.VIRTSCRLSVC; C:\Program Files\LENOVO\VIRTSCRL\lvvsst.exe [115184 2014-07-08] (Lenovo Group Limited)
S3 LenovoProdRegManager; C:\Program Files (x86)\Lenovo Registration\EngageService.exe [293416 2015-01-09] (Aviata, Inc.)
R2 lnvDiscoveryWinSvc; C:\Program Files\Lenovo\Lenovo Peer Connect\LenovoDiscoverySvc.exe [21552 2014-02-21] (Lenovo)
R2 LPlatSvc; C:\Windows\system32\LPlatSvc.exe [774736 2017-09-05] (Lenovo.)
S3 LSC.Services.SystemService; C:\Program Files\Lenovo\Lenovo Solution Center\App\LSC.Services.SystemService.exe [273232 2016-06-02] (Lenovo)
R2 MBAMService; C:\Program Files\Malwarebytes\Anti-Malware\mbamservice.exe [6234056 2017-11-01] (Malwarebytes)
R2 MsMpSvc; c:\Program Files\Microsoft Security Client\MsMpEng.exe [119864 2016-11-14] (Microsoft Corporation)
S3 MyWiFiDHCPDNS; C:\Program Files\Intel\WiFi\bin\PanDhcpDns.exe [268192 2014-12-04] ()
R3 NisSrv; c:\Program Files\Microsoft Security Client\NisSrv.exe [361816 2016-11-14] (Microsoft Corporation)
R2 NitroDriverReadSpool9; C:\Program Files\Nitro\Pro 9\NitroPDFDriverService9x64.exe [233112 2016-07-28] (Nitro PDF Software)
R2 NitroUpdateService; C:\Program Files\Nitro\Pro 9\Nitro_UpdateService.exe [420504 2016-07-28] ()
S2 QuickControlMasterSvc; C:\Program Files (x86)\Lenovo\QuickControl\QuickControlMasterSvc.exe [61232 2014-12-05] (Lenovo Group Limited)
R3 QuickControlService; C:\Program Files (x86)\Lenovo\QuickControl\QuickControlService.exe [317224 2014-12-05] (Lenovo Group Limited)
R2 SDScannerService; C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe [1738168 2014-06-24] (Safer-Networking Ltd.)
R2 SDUpdateService; C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe [2088408 2014-06-27] (Safer-Networking Ltd.)
R2 SDWSCService; C:\Program Files (x86)\Spybot - Search & Destroy 2\SDWSCSvc.exe [235984 2016-11-24] (Safer-Networking Ltd.) [File not signed]
R3 SUService; C:\Program Files (x86)\Lenovo\System Update\SUService.exe [23920 2017-12-12] ()
R2 ValBioService; C:\Program Files\Lenovo Fingerprint Reader\ValBioService.exe [22776 2015-12-02] (Validity Sensors, Inc.)
R2 valWBFPolicyService; C:\Windows\system32\valWBFPolicyService.exe [88400 2015-12-06] (Synaptics Incorporated)
S3 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [1011712 2013-05-27] (Microsoft Corporation)
R2 ZeroConfigService; C:\Program Files\Intel\WiFi\bin\ZeroConfigService.exe [3820960 2014-12-04] (Intel® Corporation)
 
===================== Drivers (Whitelisted) ======================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
R3 btmaux; C:\Windows\System32\DRIVERS\btmaux.sys [141624 2014-05-13] (Motorola Solutions, Inc.)
R3 btmhsf; C:\Windows\System32\DRIVERS\btmhsf.sys [1424184 2014-06-17] (Motorola Solutions, Inc.)
R3 e1dexpress; C:\Windows\System32\DRIVERS\e1d62x64.sys [533496 2017-02-01] (Intel Corporation)
R0 iaStorF; C:\Windows\System32\DRIVERS\iaStorF.sys [30360 2014-10-09] (Intel Corporation)
R3 ibtusb; C:\Windows\System32\DRIVERS\ibtusb.sys [220104 2014-08-10] (Intel Corporation)
R3 MBAMSwissArmy; C:\Windows\System32\Drivers\mbamswissarmy.sys [253880 2018-03-06] (Malwarebytes)
R3 MEIx64; C:\Windows\System32\DRIVERS\TeeDriverx64.sys [129312 2014-10-10] (Intel Corporation)
R0 MpFilter; C:\Windows\System32\DRIVERS\MpFilter.sys [295000 2016-08-25] (Microsoft Corporation)
R1 MpKsl1dc0f6c6; c:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{3C5242F3-91A4-4992-921B-C7F77D7D41E5}\MpKsl1dc0f6c6.sys [58120 2018-03-06] (Microsoft Corporation)
R3 NETwNs64; C:\Windows\System32\DRIVERS\Netwsw02.sys [3437848 2014-12-08] (Intel Corporation)
R3 NisDrv; C:\Windows\System32\DRIVERS\NisDrvWFP.sys [135928 2016-08-25] (Microsoft Corporation)
R3 RTSPER; C:\Windows\System32\DRIVERS\RtsPer.sys [466136 2014-01-14] (Realsil Semiconductor Corporation)
R3 SPUVCbv; C:\Windows\System32\Drivers\SPUVCbv_x64.sys [682272 2014-09-04] (Sunplus)
 
========================== Drivers MD5 =======================
 
C:\Windows\system32\drivers\1394ohci.sys ==> MD5 is legit
C:\Windows\System32\drivers\ACPI.sys ==> MD5 is legit
C:\Windows\system32\drivers\acpipmi.sys ==> MD5 is legit
C:\Windows\system32\drivers\adp94xx.sys ==> MD5 is legit
C:\Windows\system32\drivers\adpahci.sys ==> MD5 is legit
C:\Windows\system32\drivers\adpu320.sys ==> MD5 is legit
C:\Windows\system32\drivers\afd.sys 0DC2A9882540DEA4A55B08785E09D8FC
C:\Windows\system32\drivers\agp440.sys ==> MD5 is legit
C:\Windows\system32\drivers\aliide.sys ==> MD5 is legit
C:\Windows\system32\drivers\amdide.sys ==> MD5 is legit
C:\Windows\system32\drivers\amdk8.sys ==> MD5 is legit
C:\Windows\system32\drivers\amdppm.sys ==> MD5 is legit
C:\Windows\system32\drivers\amdsata.sys D4121AE6D0C0E7E13AA221AA57EF2D49
C:\Windows\system32\drivers\amdsbs.sys ==> MD5 is legit
C:\Windows\System32\drivers\amdxata.sys 540DAF1CEA6094886D72126FD7C33048
C:\Windows\System32\DRIVERS\Apfiltr.sys 4A5AEBC992322CA9E701AB1291A06EAE
C:\Windows\system32\drivers\appid.sys C879C8AD47FB5CA30D81FDF35DAC1CC2
C:\Windows\system32\drivers\arc.sys ==> MD5 is legit
C:\Windows\system32\drivers\arcsas.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\asyncmac.sys ==> MD5 is legit
C:\Windows\System32\drivers\atapi.sys ==> MD5 is legit
C:\Windows\system32\drivers\bxvbda.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\b57nd60a.sys ==> MD5 is legit
C:\Windows\System32\Drivers\Beep.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\blbdrive.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\bowser.sys ABA3984C822E4D3F889699912D85D6C5
C:\Windows\system32\drivers\BrFiltLo.sys ==> MD5 is legit
C:\Windows\system32\drivers\BrFiltUp.sys ==> MD5 is legit
C:\Windows\System32\Drivers\Brserid.sys ==> MD5 is legit
C:\Windows\System32\Drivers\BrSerWdm.sys ==> MD5 is legit
C:\Windows\System32\Drivers\BrUsbMdm.sys ==> MD5 is legit
C:\Windows\System32\Drivers\BrUsbSer.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\BthEnum.sys CF98190A94F62E405C8CB255018B2315
C:\Windows\system32\drivers\bthmodem.sys ==> MD5 is legit
C:\Windows\system32\drivers\bthpan.sys 5A8951D195AFEF979C4AB02A129EBC37
C:\Windows\System32\Drivers\BTHport.sys 738D0E9272F59EB7A1449C3EC118E6C4
C:\Windows\System32\Drivers\BTHUSB.sys F188B7394D81010767B6DF3178519A37
C:\Windows\System32\DRIVERS\btmaux.sys 70F8310E8B36DFCAD9A11720929E20ED
C:\Windows\System32\DRIVERS\btmhsf.sys 94A99773CC88E25E61E99EB137D7C176
C:\Windows\System32\DRIVERS\cdfs.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\cdrom.sys ==> MD5 is legit
C:\Windows\system32\drivers\circlass.sys ==> MD5 is legit
C:\Windows\System32\CLFS.sys 3963FEC1892368DD500E6ED1F5C286CE
C:\Windows\System32\DRIVERS\CmBatt.sys ==> MD5 is legit
C:\Windows\system32\drivers\cmdide.sys ==> MD5 is legit
C:\Windows\System32\Drivers\cng.sys A98CED39AD91B445E2E442A9BD67E8B4
C:\Windows\System32\drivers\CHDRT64.sys 37A079BB41B3F673B9BF8A8A5B4070A4
C:\Windows\System32\drivers\compbatt.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\CompositeBus.sys ==> MD5 is legit
C:\Windows\system32\drivers\crcdisk.sys ==> MD5 is legit
C:\Windows\System32\drivers\csc.sys ==> MD5 is legit
C:\Windows\System32\Drivers\dfsc.sys 7D2D2284833760A82308CF09F7618E8B
C:\Windows\System32\drivers\discache.sys ==> MD5 is legit
C:\Windows\System32\drivers\disk.sys 616387BBD83372220B09DE95F4E67BBC
C:\Windows\system32\drivers\dmvsc.sys 5DB085A8A6600BE6401F2B24EECB5415
C:\Windows\system32\drivers\drmkaud.sys 26FE888505E5A945B0536AF9A2A27A6F
C:\Windows\System32\drivers\dxgkrnl.sys 5CEF80AE869336376F550ECAE91E424A
C:\Windows\System32\DRIVERS\e1d62x64.sys 6ABAEAEB7EE5CAF8984B9F678E80F4FC
C:\Windows\system32\drivers\evbda.sys ==> MD5 is legit
C:\Windows\system32\drivers\elxstor.sys ==> MD5 is legit
C:\Windows\system32\drivers\errdev.sys ==> MD5 is legit
C:\Windows\System32\Drivers\exfat.sys 7E45F8B117419ABA3BB26579F6E70324
C:\Windows\System32\Drivers\fastfat.sys 6EDFA237D25433C03F42FBFDB16BDD24
C:\Windows\system32\drivers\fdc.sys ==> MD5 is legit
C:\Windows\System32\drivers\fileinfo.sys ==> MD5 is legit
C:\Windows\System32\drivers\filetrace.sys ==> MD5 is legit
C:\Windows\system32\drivers\flpydisk.sys ==> MD5 is legit
C:\Windows\System32\drivers\fltmgr.sys DC591A7A196E99EFB5A48D708CB989FD
C:\Windows\System32\drivers\FsDepends.sys ==> MD5 is legit
C:\Windows\System32\Drivers\Fs_Rec.sys 6BD9295CC032DD3077C671FCCF579A7B
C:\Windows\System32\DRIVERS\fvevol.sys 8F6322049018354F45F05A2FD2D4E5E0
C:\Windows\system32\drivers\gagp30kx.sys ==> MD5 is legit
C:\Windows\system32\drivers\hcw85cir.sys ==> MD5 is legit
C:\Windows\System32\drivers\HdAudio.sys 975761C778E33CD22498059B91E7373A
C:\Windows\System32\DRIVERS\HDAudBus.sys 12DED0995AE2BA68EBBE70E14A76EE02
C:\Windows\system32\drivers\HidBatt.sys ==> MD5 is legit
C:\Windows\system32\drivers\hidbth.sys ==> MD5 is legit
C:\Windows\system32\drivers\hidir.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\hidusb.sys ==> MD5 is legit
C:\Windows\system32\drivers\HpSAMD.sys ==> MD5 is legit
C:\Windows\System32\drivers\HTTP.sys 93C367EA831FB39DEE3BA96539A187FB
C:\Windows\System32\drivers\hwpolicy.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\i8042prt.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\iaStorA.sys BA2C068FC92EF7232527FC66566F08FB
C:\Windows\System32\DRIVERS\iaStorF.sys A60EB8258D6FC9220CEBB9D8E9FD6124
C:\Windows\system32\drivers\iaStorV.sys AAAF44DB3BD0B9D1FB6969B23ECC8366
C:\Windows\System32\DRIVERS\ibmpmdrv.sys 9A2EBE258FD6FB7228C098B282DE3586
C:\Windows\System32\DRIVERS\ibtusb.sys 18DA57A6DBA2DFEFDCD52D1637FFB657
C:\Windows\System32\DRIVERS\igdkmd64.sys 01E3EB22CC18B08008FE141C843036F5
C:\Windows\system32\drivers\iirsp.sys ==> MD5 is legit
C:\Windows\System32\drivers\intelaud.sys 9B4D2ADA7A867D8FF02664B130CDDB53
C:\Windows\System32\DRIVERS\IntcDAud.sys EA26AE512C63026756D2ACA0711BA7E5
C:\Windows\system32\drivers\intelide.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\intelppm.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\ipfltdrv.sys ==> MD5 is legit
C:\Windows\system32\drivers\IPMIDrv.sys ==> MD5 is legit
C:\Windows\System32\drivers\ipnat.sys ==> MD5 is legit
C:\Windows\System32\drivers\irenum.sys ==> MD5 is legit
C:\Windows\system32\drivers\isapnp.sys ==> MD5 is legit
C:\Windows\system32\drivers\msiscsi.sys 96BB922A0981BC7432C8CF52B5410FE6
C:\Windows\System32\DRIVERS\iusb3hcs.sys AFB70882655B85FD3A241C78D4DEC7F9
C:\Windows\System32\DRIVERS\iusb3hub.sys B3ACB8ECAAED8D72EF915D0883764188
C:\Windows\System32\DRIVERS\iusb3xhc.sys 7FCDCF40A8E99FEAA80C6F915102DB1B
C:\Windows\System32\DRIVERS\iwdbus.sys E74B1A771C879A9A8101789C53EF8F1D
C:\Windows\System32\DRIVERS\kbdclass.sys ==> MD5 is legit
C:\Windows\system32\drivers\kbdhid.sys ==> MD5 is legit
C:\Windows\System32\Drivers\ksecdd.sys 4DFBEF9BDA2D720F9AADC2FB698C9FEF
C:\Windows\System32\Drivers\ksecpkg.sys 678D90A262C1FD81B1AE40163255EFAB
C:\Windows\system32\drivers\ksthunk.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\lltdio.sys ==> MD5 is legit
C:\Windows\system32\drivers\lsi_fc.sys ==> MD5 is legit
C:\Windows\system32\drivers\lsi_sas.sys ==> MD5 is legit
C:\Windows\system32\drivers\lsi_sas2.sys ==> MD5 is legit
C:\Windows\system32\drivers\lsi_scsi.sys ==> MD5 is legit
C:\Windows\system32\drivers\luafv.sys 5416CEB2916BBE635288C4D1075B045E
C:\Windows\System32\Drivers\mbamswissarmy.sys B047B9CE5A0D800E6D713B43D0405221
C:\Windows\system32\drivers\megasas.sys ==> MD5 is legit
C:\Windows\system32\drivers\MegaSR.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\TeeDriverx64.sys 1BC9159CF58BABD89419072EA180A8F6
C:\Windows\System32\drivers\modem.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\monitor.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\mouclass.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\mouhid.sys ==> MD5 is legit
C:\Windows\System32\drivers\mountmgr.sys 072D8646E23ECF8A3F5F0157017B4DB6
C:\Windows\System32\DRIVERS\MpFilter.sys 3665AB2F67F4024F5F3F80335ED5322A
C:\Windows\system32\drivers\mpio.sys ==> MD5 is legit
c:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{3C5242F3-91A4-4992-921B-C7F77D7D41E5}\MpKsl1dc0f6c6.sys BF2513029E231BE96D82F7C3ABFF87F4
C:\Windows\System32\drivers\mpsdrv.sys 6D9BB8B53394B62540A3971FCE2BE8DB
C:\Windows\system32\drivers\mrxdav.sys 98DB1790F0A584E0A2528B92B052417F
C:\Windows\System32\DRIVERS\mrxsmb.sys EEC4E22876AFC905C9EDBFEB829B8022
C:\Windows\System32\DRIVERS\mrxsmb10.sys 386EFD770CA3B2D36049C17A7A1239BA
C:\Windows\System32\DRIVERS\mrxsmb20.sys A052D084A01D65993DABE3CFE2D8D1BE
C:\Windows\System32\drivers\msahci.sys ==> MD5 is legit
C:\Windows\system32\drivers\msdsm.sys ==> MD5 is legit
C:\Windows\System32\Drivers\Msfs.sys ==> MD5 is legit
C:\Windows\System32\drivers\mshidkmdf.sys ==> MD5 is legit
C:\Windows\System32\drivers\msisadrv.sys ==> MD5 is legit
C:\Windows\System32\drivers\MSKSSRV.sys ==> MD5 is legit
C:\Windows\System32\drivers\MSPCLOCK.sys ==> MD5 is legit
C:\Windows\System32\drivers\MSPQM.sys ==> MD5 is legit
C:\Windows\System32\Drivers\MsRPC.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\mssmbios.sys ==> MD5 is legit
C:\Windows\System32\drivers\MSTEE.sys ==> MD5 is legit
C:\Windows\system32\drivers\MTConfig.sys ==> MD5 is legit
C:\Windows\System32\Drivers\mup.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\nwifi.sys 9FB2A095B1166CB3C9A06651863B3452
C:\Windows\System32\drivers\ndis.sys 261F27367EB6EA6478B940811F0A6F03
C:\Windows\System32\DRIVERS\ndiscap.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\ndistapi.sys 3F217F77899654833B650ED6A1372BE4
C:\Windows\System32\DRIVERS\ndisuio.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\ndiswan.sys ==> MD5 is legit
C:\Windows\System32\Drivers\NDProxy.sys E46AF308E96F7730F59B0F250A884CD6
C:\Windows\System32\DRIVERS\netbios.sys 2E19EB10185992AB08BC3688AACA4CE2
C:\Windows\System32\DRIVERS\netbt.sys 734837208CAFD6E0959A7A0333C95C9D
C:\Windows\System32\DRIVERS\Netwsw02.sys 87473262743FB71A63E3A506385DA836
C:\Windows\system32\drivers\nfrd960.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\NisDrvWFP.sys CE5F6E635FE4506AE6F2D6EB87425128
C:\Windows\System32\Drivers\Npfs.sys ==> MD5 is legit
C:\Windows\System32\drivers\nsiproxy.sys BE313E566EEA2A4B7F9AAC9782A567D4
C:\Windows\System32\Drivers\Ntfs.sys A97B92D11270695B15C3663BCCB737D3
C:\Windows\System32\Drivers\Null.sys ==> MD5 is legit
C:\Windows\system32\drivers\nvraid.sys 0A92CB65770442ED0DC44834632F66AD
C:\Windows\system32\drivers\nvstor.sys DAB0E87525C10052BF65F06152F37E4A
C:\Windows\system32\drivers\nv_agp.sys ==> MD5 is legit
C:\Windows\system32\drivers\ohci1394.sys ==> MD5 is legit
C:\Windows\system32\drivers\parport.sys ==> MD5 is legit
C:\Windows\System32\drivers\partmgr.sys E9766131EEADE40A27DC27D2D68FBA9C
C:\Windows\System32\drivers\pci.sys ==> MD5 is legit
C:\Windows\system32\drivers\pciide.sys ==> MD5 is legit
C:\Windows\system32\drivers\pcmcia.sys ==> MD5 is legit
C:\Windows\System32\drivers\pcw.sys ==> MD5 is legit
C:\Windows\System32\drivers\peauth.sys EA4D67448BE493D543F1730D6CD04694
C:\Windows\System32\DRIVERS\raspptp.sys ==> MD5 is legit
C:\Windows\system32\drivers\processr.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\psadd.sys 05A4779E4994B21473EDBE85AABE8030
C:\Windows\System32\DRIVERS\pacer.sys 4CE827A5433451551E99C2C1D20E4A43
C:\Windows\system32\drivers\ql2300.sys ==> MD5 is legit
C:\Windows\system32\drivers\ql40xx.sys ==> MD5 is legit
C:\Windows\system32\drivers\qwavedrv.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\rasacd.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\AgileVpn.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\rasl2tp.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\raspppoe.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\rassstp.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\rdbss.sys FB45727105E27756B3252572A138FA19
C:\Windows\System32\DRIVERS\rdpbus.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\RDPCDD.sys ==> MD5 is legit
C:\Windows\System32\drivers\rdpdr.sys ==> MD5 is legit
C:\Windows\System32\drivers\rdpencdd.sys ==> MD5 is legit
C:\Windows\System32\drivers\rdprefmp.sys ==> MD5 is legit
C:\Windows\System32\drivers\rdpvideominiport.sys 313F68E1A3E6345A4F47A36B07062F34
C:\Windows\System32\Drivers\RDPWD.sys FE571E088C2D83619D2D48D4E961BF41
C:\Windows\System32\drivers\rdyboost.sys F4287A980C0AA41DE3073F053E5EA73C
C:\Windows\System32\DRIVERS\rfcomm.sys 3DD798846E2C28102B922C56E71B7932
C:\Windows\System32\DRIVERS\rspndr.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\RtsPer.sys 8E255394255FB64DB7D31DD3D08F68A6
C:\Windows\system32\drivers\vms3cap.sys ==> MD5 is legit
C:\Windows\system32\drivers\sbp2port.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\scfilter.sys ==> MD5 is legit
C:\Windows\System32\Drivers\secdrv.sys ==> MD5 is legit
C:\Windows\system32\drivers\serenum.sys ==> MD5 is legit
C:\Windows\system32\drivers\serial.sys ==> MD5 is legit
C:\Windows\system32\drivers\sermouse.sys ==> MD5 is legit
C:\Windows\system32\drivers\sffdisk.sys ==> MD5 is legit
C:\Windows\system32\drivers\sffp_mmc.sys ==> MD5 is legit
C:\Windows\system32\drivers\sffp_sd.sys ==> MD5 is legit
C:\Windows\system32\drivers\sfloppy.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\Apsx64.sys D1AC677E7066D3278356C875628B16D4
C:\Windows\system32\drivers\SiSRaid2.sys ==> MD5 is legit
C:\Windows\system32\drivers\sisraid4.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\smb.sys ==> MD5 is legit
C:\Windows\System32\Drivers\spldr.sys ==> MD5 is legit
C:\Windows\System32\Drivers\SPUVCbv_x64.sys 4B1049A268C9318029D2443D9150B0AC
C:\Windows\System32\DRIVERS\srv.sys 8980499A526581794A20B12E2E264661
C:\Windows\System32\DRIVERS\srv2.sys 9B90A439B97EBBD2A9ABEFFBBC1EEC71
C:\Windows\System32\DRIVERS\srvnet.sys 9E30361776E07AD940791927A0FC9B3A
C:\Windows\system32\drivers\stexstor.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\serscan.sys DECACB6921DED1A38642642685D77DAC
C:\Windows\System32\drivers\vmstorfl.sys ==> MD5 is legit
C:\Windows\system32\drivers\storvsc.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\swenum.sys ==> MD5 is legit
C:\Windows\System32\drivers\tcpip.sys 7FB36A0A036ADDACE0A868E4A43C1C27
C:\Windows\System32\DRIVERS\tcpip.sys 7FB36A0A036ADDACE0A868E4A43C1C27
C:\Windows\System32\drivers\tcpipreg.sys 7FE5586314EE7D6AA8483264A089E5AF
C:\Windows\System32\drivers\tdpipe.sys ==> MD5 is legit
C:\Windows\System32\drivers\tdtcp.sys 51C5ECEB1CDEE2468A1748BE550CFBC8
C:\Windows\System32\DRIVERS\tdx.sys 4DD986720F7CB7A8A5D1226793097B9A
C:\Windows\System32\DRIVERS\termdd.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\ApsHM64.sys D43EB8666214C14AB97080D4B11F5CAF
C:\Windows\System32\drivers\tpm.sys 48DDEF0B921DD331536CC82C1A8FF64F
C:\Windows\System32\drivers\Tppwr64v.sys 1B58B92F059C30F33A7B9DF7EC61F288
C:\Windows\System32\DRIVERS\tssecsrv.sys 2CF58216424757ED29605B4F18EC443C
C:\Windows\System32\drivers\tsusbflt.sys E9981ECE8D894CEF7038FD1D040EB426
C:\Windows\system32\drivers\TsUsbGD.sys AD64450A4ABE076F5CB34CC08EEACB07
C:\Windows\System32\DRIVERS\tunnel.sys ==> MD5 is legit
C:\Windows\system32\drivers\uagp35.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\udfs.sys ==> MD5 is legit
C:\Windows\system32\drivers\uliagpkx.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\umbus.sys ==> MD5 is legit
C:\Windows\system32\drivers\umpass.sys ==> MD5 is legit
C:\Windows\system32\drivers\usbccgp.sys 9E68E917FB4B5C983438969643F53BEF
C:\Windows\system32\drivers\usbcir.sys 80B0F7D5CCF86CEB5D402EAAF61FEC31
C:\Windows\system32\drivers\usbehci.sys 3F9D3902CE931E2A28DD8452AE915B67
C:\Windows\system32\drivers\usbhub.sys 86B65EEBC03B936DE8B26E5A18D98FA2
C:\Windows\system32\drivers\usbohci.sys 099C2931C6F73EB1B9E13C560F61B50D
C:\Windows\System32\DRIVERS\usbprint.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\USBSTOR.SYS D029DD09E22EB24318A8FC3D8138BA43
C:\Windows\system32\drivers\usbuhci.sys 5D7651347C7D702F4A5DE53603DC024F
C:\Windows\System32\Drivers\usbvideo.sys 1F775DA4CF1A3A1834207E975A72E9D7
C:\Windows\System32\drivers\vdrvroot.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\vgapnp.sys ==> MD5 is legit
C:\Windows\System32\drivers\vga.sys ==> MD5 is legit
C:\Windows\system32\drivers\vhdmp.sys ==> MD5 is legit
C:\Windows\system32\drivers\viaide.sys ==> MD5 is legit
C:\Windows\system32\drivers\vmbus.sys ==> MD5 is legit
C:\Windows\system32\drivers\VMBusHID.sys ==> MD5 is legit
C:\Windows\System32\drivers\volmgr.sys ==> MD5 is legit
C:\Windows\System32\drivers\volmgrx.sys 85C5468BC395819AE2A0C747334BA14C
C:\Windows\System32\drivers\volsnap.sys ==> MD5 is legit
C:\Windows\system32\drivers\vsmraid.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\vwifibus.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\vwififlt.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\vwifimp.sys ==> MD5 is legit
C:\Windows\system32\drivers\wacompen.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\wanarp.sys DC4CB3626E7423B9D83CF1B4857FDF15
C:\Windows\System32\DRIVERS\wanarp.sys DC4CB3626E7423B9D83CF1B4857FDF15
C:\Windows\system32\drivers\wd.sys ==> MD5 is legit
C:\Windows\System32\drivers\Wdf01000.sys E2C933EDBC389386EBE6D2BA953F43D8
C:\Windows\System32\DRIVERS\wfplwf.sys ==> MD5 is legit
C:\Windows\System32\drivers\wimmount.sys ==> MD5 is legit
C:\Windows\SysWOW64\drivers\wimmount.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\WinUSB.sys FE88B288356E7B47B74B13372ADD906D
C:\Windows\System32\DRIVERS\wmiacpi.sys ==> MD5 is legit
C:\Windows\system32\drivers\ws2ifsl.sys ==> MD5 is legit
C:\Windows\System32\drivers\WudfPf.sys AB886378EEB55C6C75B4F2D14B6C869F
C:\Windows\System32\DRIVERS\WUDFRd.sys DDA4CAF29D8C0A297F886BFE561E6659
 
==================== NetSvcs (Whitelisted) ===================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
 
==================== Three Months Created files and folders ========
 
(If an entry is included in the fixlist, the file/folder will be moved.)
 
2018-03-06 13:34 - 2018-03-06 13:35 - 000042235 _____ C:\Users\LenovoThinkPadOwner\Downloads\FRST.txt
2018-03-06 13:33 - 2018-03-06 13:34 - 000000000 ____D C:\FRST
2018-03-06 13:33 - 2018-03-06 13:33 - 002403328 _____ (Farbar) C:\Users\LenovoThinkPadOwner\Downloads\FRST64.exe
2018-03-06 10:38 - 2018-03-06 10:38 - 000253880 _____ (Malwarebytes) C:\Windows\system32\Drivers\mbamswissarmy.sys
2018-03-03 16:18 - 2018-03-03 16:21 - 482926401 _____ C:\Users\LenovoThinkPadOwner\Downloads\All Patreon Recordings Thru 2_2018.zip
2018-02-18 17:51 - 2018-02-18 17:51 - 000000000 ____D C:\Users\LenovoThinkPadOwner\AppData\Local\Tvsukernel
2018-02-12 13:39 - 2018-02-13 12:20 - 000000694 _____ C:\Users\LenovoThinkPadOwner\Desktop\Supernatural in Louisiana.txt
2018-02-10 21:12 - 2018-02-10 21:12 - 000000107 _____ C:\Users\LenovoThinkPadOwner\Documents\Cost of paddle.txt
2018-02-07 05:52 - 2018-02-07 05:53 - 000000478 _____ C:\Users\LenovoThinkPadOwner\Documents\Supernatural in Louisiana.txt
2018-02-05 16:08 - 2018-02-05 16:08 - 000000488 _____ C:\Users\LenovoThinkPadOwner\Documents\Cookout Visit Febuaary 5 2018 at 300 pm.txt
2018-01-27 01:26 - 2018-01-27 01:26 - 000127064 _____ C:\Users\LenovoThinkPadOwner\Downloads\189473771-Supernatural-Tattoo-Symbols.jpeg
2018-01-23 19:37 - 2018-01-23 19:37 - 000044902 _____ C:\Users\LenovoThinkPadOwner\Downloads\quotes-jensen-ackles-supernatural-sam-winchester-Favim.com-4247872.jpeg
2018-01-17 21:02 - 2018-01-17 21:02 - 000273134 _____ C:\Users\LenovoThinkPadOwner\Downloads\Suze (@theglam_squad) • Instagram photos and videos.html
2018-01-17 21:02 - 2018-01-17 21:02 - 000000000 ____D C:\Users\LenovoThinkPadOwner\Downloads\Suze (@theglam_squad) • Instagram photos and videos_files
2018-01-14 21:14 - 2018-01-15 19:26 - 000000059 _____ C:\Users\LenovoThinkPadOwner\Desktop\susan morriss.txt
2018-01-07 00:48 - 2018-01-07 00:49 - 006289902 _____ C:\Users\LenovoThinkPadOwner\Downloads\HealthSummary20180107.zip
2018-01-05 14:12 - 2017-12-31 21:21 - 005581544 _____ (Microsoft Corporation) C:\Windows\system32\ntoskrnl.exe
2018-01-05 14:12 - 2017-12-31 21:21 - 001680616 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ntfs.sys
2018-01-05 14:12 - 2017-12-31 21:21 - 000948968 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ndis.sys
2018-01-05 14:12 - 2017-12-31 21:21 - 000708328 _____ (Microsoft Corporation) C:\Windows\system32\winload.efi
2018-01-05 14:12 - 2017-12-31 21:21 - 000288488 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\fltMgr.sys
2018-01-05 14:12 - 2017-12-31 21:21 - 000262376 _____ (Microsoft Corporation) C:\Windows\system32\hal.dll
2018-01-05 14:12 - 2017-12-31 21:21 - 000213736 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\rdyboost.sys
2018-01-05 14:12 - 2017-12-31 21:21 - 000154856 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecpkg.sys
2018-01-05 14:12 - 2017-12-31 21:21 - 000114408 _____ (Microsoft Corporation) C:\Windows\system32\consent.exe
2018-01-05 14:12 - 2017-12-31 21:21 - 000095464 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecdd.sys
2018-01-05 14:12 - 2017-12-31 21:19 - 001665384 _____ (Microsoft Corporation) C:\Windows\system32\ntdll.dll
2018-01-05 14:12 - 2017-12-31 21:18 - 014183936 _____ (Microsoft Corporation) C:\Windows\system32\shell32.dll
2018-01-05 14:12 - 2017-12-31 21:18 - 002066432 _____ (Microsoft Corporation) C:\Windows\system32\ole32.dll
2018-01-05 14:12 - 2017-12-31 21:18 - 002004480 _____ (Microsoft Corporation) C:\Windows\system32\msxml6.dll
2018-01-05 14:12 - 2017-12-31 21:18 - 001942016 _____ (Microsoft Corporation) C:\Windows\system32\authui.dll
2018-01-05 14:12 - 2017-12-31 21:18 - 001867776 _____ (Microsoft Corporation) C:\Windows\system32\ExplorerFrame.dll
2018-01-05 14:12 - 2017-12-31 21:18 - 001741312 _____ (Microsoft Corporation) C:\Windows\system32\sysmain.dll
2018-01-05 14:12 - 2017-12-31 21:18 - 001460736 _____ (Microsoft Corporation) C:\Windows\system32\lsasrv.dll
2018-01-05 14:12 - 2017-12-31 21:18 - 001361408 _____ (Microsoft Corporation) C:\Windows\system32\PeerDistSvc.dll
2018-01-05 14:12 - 2017-12-31 21:18 - 001212928 _____ (Microsoft Corporation) C:\Windows\system32\rpcrt4.dll
2018-01-05 14:12 - 2017-12-31 21:18 - 001163264 _____ (Microsoft Corporation) C:\Windows\system32\kernel32.dll
2018-01-05 14:12 - 2017-12-31 21:18 - 001110528 _____ (Microsoft Corporation) C:\Windows\system32\schedsvc.dll
2018-01-05 14:12 - 2017-12-31 21:18 - 000977408 _____ (Microsoft Corporation) C:\Windows\system32\inetcomm.dll
2018-01-05 14:12 - 2017-12-31 21:18 - 000961024 _____ (Microsoft Corporation) C:\Windows\system32\actxprxy.dll
2018-01-05 14:12 - 2017-12-31 21:18 - 000880640 _____ (Microsoft Corporation) C:\Windows\system32\advapi32.dll
2018-01-05 14:12 - 2017-12-31 21:18 - 000863232 _____ (Microsoft Corporation) C:\Windows\system32\IKEEXT.DLL
2018-01-05 14:12 - 2017-12-31 21:18 - 000842752 _____ (Microsoft Corporation) C:\Windows\system32\nshwfp.dll
2018-01-05 14:12 - 2017-12-31 21:18 - 000828928 _____ (Microsoft Corporation) C:\Windows\system32\MPSSVC.dll
2018-01-05 14:12 - 2017-12-31 21:18 - 000749568 _____ (Microsoft Corporation) C:\Windows\system32\FirewallAPI.dll
2018-01-05 14:12 - 2017-12-31 21:18 - 000731648 _____ (Microsoft Corporation) C:\Windows\system32\kerberos.dll
2018-01-05 14:12 - 2017-12-31 21:18 - 000705024 _____ (Microsoft Corporation) C:\Windows\system32\BFE.DLL
2018-01-05 14:12 - 2017-12-31 21:18 - 000690688 _____ (Microsoft Corporation) C:\Windows\system32\adtschema.dll
2018-01-05 14:12 - 2017-12-31 21:18 - 000512000 _____ (Microsoft Corporation) C:\Windows\system32\rpcss.dll
2018-01-05 14:12 - 2017-12-31 21:18 - 000503808 _____ (Microsoft Corporation) C:\Windows\system32\srcore.dll
2018-01-05 14:12 - 2017-12-31 21:18 - 000473600 _____ (Microsoft Corporation) C:\Windows\system32\taskcomp.dll
2018-01-05 14:12 - 2017-12-31 21:18 - 000463872 _____ (Microsoft Corporation) C:\Windows\system32\certcli.dll
2018-01-05 14:12 - 2017-12-31 21:18 - 000444928 _____ (Microsoft Corporation) C:\Windows\system32\winhttp.dll
2018-01-05 14:12 - 2017-12-31 21:18 - 000439296 _____ (Microsoft Corporation) C:\Windows\system32\p2psvc.dll
2018-01-05 14:12 - 2017-12-31 21:18 - 000419840 _____ (Microsoft Corporation) C:\Windows\system32\KernelBase.dll
2018-01-05 14:12 - 2017-12-31 21:18 - 000366592 _____ (Microsoft Corporation) C:\Windows\system32\wcncsvc.dll
2018-01-05 14:12 - 2017-12-31 21:18 - 000361984 _____ (Microsoft Corporation) C:\Windows\system32\wow64win.dll
2018-01-05 14:12 - 2017-12-31 21:18 - 000345600 _____ (Microsoft Corporation) C:\Windows\system32\schannel.dll
2018-01-05 14:12 - 2017-12-31 21:18 - 000327168 _____ (Microsoft Corporation) C:\Windows\system32\pnrpsvc.dll
2018-01-05 14:12 - 2017-12-31 21:18 - 000324096 _____ (Microsoft Corporation) C:\Windows\system32\FWPUCLNT.DLL
2018-01-05 14:12 - 2017-12-31 21:18 - 000316928 _____ (Microsoft Corporation) C:\Windows\system32\msv1_0.dll
2018-01-05 14:12 - 2017-12-31 21:18 - 000312320 _____ (Microsoft Corporation) C:\Windows\system32\ncrypt.dll
2018-01-05 14:12 - 2017-12-31 21:18 - 000303104 _____ (Microsoft Corporation) C:\Windows\system32\nlasvc.dll
2018-01-05 14:12 - 2017-12-31 21:18 - 000264704 _____ (Microsoft Corporation) C:\Windows\system32\P2P.dll
2018-01-05 14:12 - 2017-12-31 21:18 - 000243712 _____ (Microsoft Corporation) C:\Windows\system32\wow64.dll
2018-01-05 14:12 - 2017-12-31 21:18 - 000223232 _____ (Microsoft Corporation) C:\Windows\system32\ncsi.dll
2018-01-05 14:12 - 2017-12-31 21:18 - 000215552 _____ (Microsoft Corporation) C:\Windows\system32\winsrv.dll
2018-01-05 14:12 - 2017-12-31 21:18 - 000210432 _____ (Microsoft Corporation) C:\Windows\system32\wdigest.dll
2018-01-05 14:12 - 2017-12-31 21:18 - 000190464 _____ (Microsoft Corporation) C:\Windows\system32\rpchttp.dll
2018-01-05 14:12 - 2017-12-31 21:18 - 000181760 _____ (Microsoft Corporation) C:\Windows\system32\PeerDist.dll
2018-01-05 14:12 - 2017-12-31 21:18 - 000146432 _____ (Microsoft Corporation) C:\Windows\system32\msaudite.dll
2018-01-05 14:12 - 2017-12-31 21:18 - 000135680 _____ (Microsoft Corporation) C:\Windows\system32\sspicli.dll
2018-01-05 14:12 - 2017-12-31 21:18 - 000131584 _____ (Microsoft Corporation) C:\Windows\system32\PeerDistWSDDiscoProv.dll
2018-01-05 14:12 - 2017-12-31 21:18 - 000123904 _____ (Microsoft Corporation) C:\Windows\system32\bcrypt.dll
2018-01-05 14:12 - 2017-12-31 21:18 - 000120320 _____ (Microsoft Corporation) C:\Windows\system32\WcnApi.dll
2018-01-05 14:12 - 2017-12-31 21:18 - 000108544 _____ (Microsoft Corporation) C:\Windows\system32\icfupgd.dll
2018-01-05 14:12 - 2017-12-31 21:18 - 000101376 _____ (Microsoft Corporation) C:\Windows\system32\fdWCN.dll
2018-01-05 14:12 - 2017-12-31 21:18 - 000095744 _____ (Microsoft Corporation) C:\Windows\system32\rascfg.dll
2018-01-05 14:12 - 2017-12-31 21:18 - 000086528 _____ (Microsoft Corporation) C:\Windows\system32\TSpkg.dll
2018-01-05 14:12 - 2017-12-31 21:18 - 000084480 _____ (Microsoft Corporation) C:\Windows\system32\INETRES.dll
2018-01-05 14:12 - 2017-12-31 21:18 - 000076288 _____ (Microsoft Corporation) C:\Windows\system32\rasdiag.dll
2018-01-05 14:12 - 2017-12-31 21:18 - 000070656 _____ (Microsoft Corporation) C:\Windows\system32\nlaapi.dll
2018-01-05 14:12 - 2017-12-31 21:18 - 000070144 _____ (Microsoft Corporation) C:\Windows\system32\appinfo.dll
2018-01-05 14:12 - 2017-12-31 21:18 - 000063488 _____ (Microsoft Corporation) C:\Windows\system32\setbcdlocale.dll
2018-01-05 14:12 - 2017-12-31 21:18 - 000060928 _____ (Microsoft Corporation) C:\Windows\system32\ndptsp.tsp
2018-01-05 14:12 - 2017-12-31 21:18 - 000060416 _____ (Microsoft Corporation) C:\Windows\system32\msobjs.dll
2018-01-05 14:12 - 2017-12-31 21:18 - 000059904 _____ (Microsoft Corporation) C:\Windows\system32\appidapi.dll
2018-01-05 14:12 - 2017-12-31 21:18 - 000053760 _____ (Microsoft Corporation) C:\Windows\system32\vmicres.dll
2018-01-05 14:12 - 2017-12-31 21:18 - 000051200 _____ (Microsoft Corporation) C:\Windows\system32\PeerDistHttpTrans.dll
2018-01-05 14:12 - 2017-12-31 21:18 - 000050176 _____ (Microsoft Corporation) C:\Windows\system32\srclient.dll
2018-01-05 14:12 - 2017-12-31 21:18 - 000047104 _____ (Microsoft Corporation) C:\Windows\system32\kmddsp.tsp
2018-01-05 14:12 - 2017-12-31 21:18 - 000044032 _____ (Microsoft Corporation) C:\Windows\system32\csrsrv.dll
2018-01-05 14:12 - 2017-12-31 21:18 - 000043520 _____ (Microsoft Corporation) C:\Windows\system32\cryptbase.dll
2018-01-05 14:12 - 2017-12-31 21:18 - 000041472 _____ (Microsoft Corporation) C:\Windows\system32\rasmxs.dll
2018-01-05 14:12 - 2017-12-31 21:18 - 000039424 _____ (Microsoft Corporation) C:\Windows\system32\traffic.dll
2018-01-05 14:12 - 2017-12-31 21:18 - 000034816 _____ (Microsoft Corporation) C:\Windows\system32\appidsvc.dll
2018-01-05 14:12 - 2017-12-31 21:18 - 000029696 _____ (Microsoft Corporation) C:\Windows\system32\rasser.dll
2018-01-05 14:12 - 2017-12-31 21:18 - 000028672 _____ (Microsoft Corporation) C:\Windows\system32\sspisrv.dll
2018-01-05 14:12 - 2017-12-31 21:18 - 000028160 _____ (Microsoft Corporation) C:\Windows\system32\secur32.dll
2018-01-05 14:12 - 2017-12-31 21:18 - 000026112 _____ (Microsoft Corporation) C:\Windows\system32\oleres.dll
2018-01-05 14:12 - 2017-12-31 21:18 - 000024576 _____ (Microsoft Corporation) C:\Windows\system32\WcnEapPeerProxy.dll
2018-01-05 14:12 - 2017-12-31 21:18 - 000024064 _____ (Microsoft Corporation) C:\Windows\system32\WcnEapAuthProxy.dll
2018-01-05 14:12 - 2017-12-31 21:18 - 000022528 _____ (Microsoft Corporation) C:\Windows\system32\wfapigp.dll
2018-01-05 14:12 - 2017-12-31 21:18 - 000022016 _____ (Microsoft Corporation) C:\Windows\system32\credssp.dll
2018-01-05 14:12 - 2017-12-31 21:18 - 000016896 _____ (Microsoft Corporation) C:\Windows\system32\wshqos.dll
2018-01-05 14:12 - 2017-12-31 21:18 - 000016384 _____ (Microsoft Corporation) C:\Windows\system32\ntvdm64.dll
2018-01-05 14:12 - 2017-12-31 21:18 - 000013312 _____ (Microsoft Corporation) C:\Windows\system32\wshnetbs.dll
2018-01-05 14:12 - 2017-12-31 21:18 - 000013312 _____ (Microsoft Corporation) C:\Windows\system32\wow64cpu.dll
2018-01-05 14:12 - 2017-12-31 21:18 - 000008704 _____ (Microsoft Corporation) C:\Windows\system32\comcat.dll
2018-01-05 14:12 - 2017-12-31 21:18 - 000006656 _____ (Microsoft Corporation) C:\Windows\system32\apisetschema.dll
2018-01-05 14:12 - 2017-12-31 21:18 - 000006144 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-security-base-l1-1-0.dll
2018-01-05 14:12 - 2017-12-31 21:18 - 000005120 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-file-l1-1-0.dll
2018-01-05 14:12 - 2017-12-31 21:18 - 000004608 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-threadpool-l1-1-0.dll
2018-01-05 14:12 - 2017-12-31 21:18 - 000004608 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-processthreads-l1-1-0.dll
2018-01-05 14:12 - 2017-12-31 21:18 - 000004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-sysinfo-l1-1-0.dll
2018-01-05 14:12 - 2017-12-31 21:18 - 000004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-synch-l1-1-0.dll
2018-01-05 14:12 - 2017-12-31 21:18 - 000004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-localregistry-l1-1-0.dll
2018-01-05 14:12 - 2017-12-31 21:18 - 000004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-localization-l1-1-0.dll
2018-01-05 14:12 - 2017-12-31 21:18 - 000003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-rtlsupport-l1-1-0.dll
2018-01-05 14:12 - 2017-12-31 21:18 - 000003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-processenvironment-l1-1-0.dll
2018-01-05 14:12 - 2017-12-31 21:18 - 000003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-namedpipe-l1-1-0.dll
2018-01-05 14:12 - 2017-12-31 21:18 - 000003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-misc-l1-1-0.dll
2018-01-05 14:12 - 2017-12-31 21:18 - 000003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-memory-l1-1-0.dll
2018-01-05 14:12 - 2017-12-31 21:18 - 000003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-libraryloader-l1-1-0.dll
2018-01-05 14:12 - 2017-12-31 21:18 - 000003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-heap-l1-1-0.dll
2018-01-05 14:12 - 2017-12-31 21:18 - 000003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-xstate-l1-1-0.dll
2018-01-05 14:12 - 2017-12-31 21:18 - 000003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-util-l1-1-0.dll
2018-01-05 14:12 - 2017-12-31 21:18 - 000003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-string-l1-1-0.dll
2018-01-05 14:12 - 2017-12-31 21:18 - 000003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-profile-l1-1-0.dll
2018-01-05 14:12 - 2017-12-31 21:18 - 000003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-io-l1-1-0.dll
2018-01-05 14:12 - 2017-12-31 21:18 - 000003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-interlocked-l1-1-0.dll
2018-01-05 14:12 - 2017-12-31 21:18 - 000003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-handle-l1-1-0.dll
2018-01-05 14:12 - 2017-12-31 21:18 - 000003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-fibers-l1-1-0.dll
2018-01-05 14:12 - 2017-12-31 21:18 - 000003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-errorhandling-l1-1-0.dll
2018-01-05 14:12 - 2017-12-31 21:18 - 000003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-delayload-l1-1-0.dll
2018-01-05 14:12 - 2017-12-31 21:18 - 000003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-debug-l1-1-0.dll
2018-01-05 14:12 - 2017-12-31 21:18 - 000003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-datetime-l1-1-0.dll
2018-01-05 14:12 - 2017-12-31 21:18 - 000003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-console-l1-1-0.dll
2018-01-05 14:12 - 2017-12-31 21:13 - 000631680 _____ (Microsoft Corporation) C:\Windows\system32\winresume.efi
2018-01-05 14:12 - 2017-12-31 21:04 - 000559616 _____ (Microsoft Corporation) C:\Windows\system32\spoolsv.exe
2018-01-05 14:12 - 2017-12-31 21:02 - 001314112 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntdll.dll
2018-01-05 14:12 - 2017-12-31 21:00 - 012880384 _____ (Microsoft Corporation) C:\Windows\SysWOW64\shell32.dll
2018-01-05 14:12 - 2017-12-31 21:00 - 001499648 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ExplorerFrame.dll
2018-01-05 14:12 - 2017-12-31 21:00 - 001417728 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ole32.dll
2018-01-05 14:12 - 2017-12-31 21:00 - 001390080 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msxml6.dll
2018-01-05 14:12 - 2017-12-31 21:00 - 001114112 _____ (Microsoft Corporation) C:\Windows\SysWOW64\kernel32.dll
2018-01-05 14:12 - 2017-12-31 21:00 - 000741888 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcomm.dll
2018-01-05 14:12 - 2017-12-31 21:00 - 000666624 _____ (Microsoft Corporation) C:\Windows\SysWOW64\nshwfp.dll
2018-01-05 14:12 - 2017-12-31 21:00 - 000666112 _____ (Microsoft Corporation) C:\Windows\SysWOW64\rpcrt4.dll
2018-01-05 14:12 - 2017-12-31 21:00 - 000554496 _____ (Microsoft Corporation) C:\Windows\SysWOW64\kerberos.dll
2018-01-05 14:12 - 2017-12-31 21:00 - 000463360 _____ (Microsoft Corporation) C:\Windows\SysWOW64\FirewallAPI.dll
2018-01-05 14:12 - 2017-12-31 21:00 - 000351744 _____ (Microsoft Corporation) C:\Windows\SysWOW64\winhttp.dll
2018-01-05 14:12 - 2017-12-31 21:00 - 000304640 _____ (Microsoft Corporation) C:\Windows\SysWOW64\taskcomp.dll
2018-01-05 14:12 - 2017-12-31 21:00 - 000276992 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wcncsvc.dll
2018-01-05 14:12 - 2017-12-31 21:00 - 000275456 _____ (Microsoft Corporation) C:\Windows\SysWOW64\KernelBase.dll
2018-01-05 14:12 - 2017-12-31 21:00 - 000261120 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msv1_0.dll
2018-01-05 14:12 - 2017-12-31 21:00 - 000254464 _____ (Microsoft Corporation) C:\Windows\SysWOW64\schannel.dll
2018-01-05 14:12 - 2017-12-31 21:00 - 000223232 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ncrypt.dll
2018-01-05 14:12 - 2017-12-31 21:00 - 000217600 _____ (Microsoft Corporation) C:\Windows\SysWOW64\P2P.dll
2018-01-05 14:12 - 2017-12-31 21:00 - 000216576 _____ (Microsoft Corporation) C:\Windows\SysWOW64\FWPUCLNT.DLL
2018-01-05 14:12 - 2017-12-31 21:00 - 000172032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wdigest.dll
2018-01-05 14:12 - 2017-12-31 21:00 - 000162304 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ncsi.dll
2018-01-05 14:12 - 2017-12-31 21:00 - 000146432 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msaudite.dll
2018-01-05 14:12 - 2017-12-31 21:00 - 000141312 _____ (Microsoft Corporation) C:\Windows\SysWOW64\rpchttp.dll
2018-01-05 14:12 - 2017-12-31 21:00 - 000139776 _____ (Microsoft Corporation) C:\Windows\SysWOW64\PeerDist.dll
2018-01-05 14:12 - 2017-12-31 21:00 - 000096768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\sspicli.dll
2018-01-05 14:12 - 2017-12-31 21:00 - 000084480 _____ (Microsoft Corporation) C:\Windows\SysWOW64\INETRES.dll
2018-01-05 14:12 - 2017-12-31 21:00 - 000082944 _____ (Microsoft Corporation) C:\Windows\SysWOW64\bcrypt.dll
2018-01-05 14:12 - 2017-12-31 21:00 - 000081920 _____ (Microsoft Corporation) C:\Windows\SysWOW64\fdWCN.dll
2018-01-05 14:12 - 2017-12-31 21:00 - 000081408 _____ (Microsoft Corporation) C:\Windows\SysWOW64\rascfg.dll
2018-01-05 14:12 - 2017-12-31 21:00 - 000065536 _____ (Microsoft Corporation) C:\Windows\SysWOW64\TSpkg.dll
2018-01-05 14:12 - 2017-12-31 21:00 - 000061952 _____ (Microsoft Corporation) C:\Windows\SysWOW64\rasdiag.dll
2018-01-05 14:12 - 2017-12-31 21:00 - 000060416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msobjs.dll
2018-01-05 14:12 - 2017-12-31 21:00 - 000052224 _____ (Microsoft Corporation) C:\Windows\SysWOW64\nlaapi.dll
2018-01-05 14:12 - 2017-12-31 21:00 - 000050688 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ndptsp.tsp
2018-01-05 14:12 - 2017-12-31 21:00 - 000043008 _____ (Microsoft Corporation) C:\Windows\SysWOW64\srclient.dll
2018-01-05 14:12 - 2017-12-31 21:00 - 000033280 _____ (Microsoft Corporation) C:\Windows\SysWOW64\traffic.dll
2018-01-05 14:12 - 2017-12-31 21:00 - 000026112 _____ (Microsoft Corporation) C:\Windows\SysWOW64\oleres.dll
2018-01-05 14:12 - 2017-12-31 21:00 - 000022016 _____ (Microsoft Corporation) C:\Windows\SysWOW64\secur32.dll
2018-01-05 14:12 - 2017-12-31 21:00 - 000017408 _____ (Microsoft Corporation) C:\Windows\SysWOW64\credssp.dll
2018-01-05 14:12 - 2017-12-31 21:00 - 000005120 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wow32.dll
2018-01-05 14:12 - 2017-12-31 20:59 - 001806848 _____ (Microsoft Corporation) C:\Windows\SysWOW64\authui.dll
2018-01-05 14:12 - 2017-12-31 20:59 - 000690688 _____ (Microsoft Corporation) C:\Windows\SysWOW64\adtschema.dll
2018-01-05 14:12 - 2017-12-31 20:59 - 000644096 _____ (Microsoft Corporation) C:\Windows\SysWOW64\advapi32.dll
2018-01-05 14:12 - 2017-12-31 20:59 - 000342528 _____ (Microsoft Corporation) C:\Windows\SysWOW64\certcli.dll
2018-01-05 14:12 - 2017-12-31 20:59 - 000309760 _____ (Microsoft Corporation) C:\Windows\SysWOW64\actxprxy.dll
2018-01-05 14:12 - 2017-12-31 20:59 - 000050688 _____ (Microsoft Corporation) C:\Windows\SysWOW64\appidapi.dll
2018-01-05 14:12 - 2017-12-31 20:59 - 000006656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\apisetschema.dll
2018-01-05 14:12 - 2017-12-31 20:59 - 000005120 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-file-l1-1-0.dll
2018-01-05 14:12 - 2017-12-31 20:59 - 000004608 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-processthreads-l1-1-0.dll
2018-01-05 14:12 - 2017-12-31 20:59 - 000004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-sysinfo-l1-1-0.dll
2018-01-05 14:12 - 2017-12-31 20:59 - 000004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-synch-l1-1-0.dll
2018-01-05 14:12 - 2017-12-31 20:59 - 000004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-misc-l1-1-0.dll
2018-01-05 14:12 - 2017-12-31 20:59 - 000004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-localregistry-l1-1-0.dll
2018-01-05 14:12 - 2017-12-31 20:59 - 000004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-localization-l1-1-0.dll
2018-01-05 14:12 - 2017-12-31 20:59 - 000003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-processenvironment-l1-1-0.dll
2018-01-05 14:12 - 2017-12-31 20:59 - 000003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-namedpipe-l1-1-0.dll
2018-01-05 14:12 - 2017-12-31 20:59 - 000003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-memory-l1-1-0.dll
2018-01-05 14:12 - 2017-12-31 20:59 - 000003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-libraryloader-l1-1-0.dll
2018-01-05 14:12 - 2017-12-31 20:59 - 000003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-interlocked-l1-1-0.dll
2018-01-05 14:12 - 2017-12-31 20:59 - 000003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-heap-l1-1-0.dll
2018-01-05 14:12 - 2017-12-31 20:59 - 000003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-string-l1-1-0.dll
2018-01-05 14:12 - 2017-12-31 20:59 - 000003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-rtlsupport-l1-1-0.dll
2018-01-05 14:12 - 2017-12-31 20:59 - 000003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-profile-l1-1-0.dll
2018-01-05 14:12 - 2017-12-31 20:59 - 000003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-io-l1-1-0.dll
2018-01-05 14:12 - 2017-12-31 20:59 - 000003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-handle-l1-1-0.dll
2018-01-05 14:12 - 2017-12-31 20:59 - 000003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-fibers-l1-1-0.dll
2018-01-05 14:12 - 2017-12-31 20:59 - 000003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-errorhandling-l1-1-0.dll
2018-01-05 14:12 - 2017-12-31 20:59 - 000003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-delayload-l1-1-0.dll
2018-01-05 14:12 - 2017-12-31 20:59 - 000003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-debug-l1-1-0.dll
2018-01-05 14:12 - 2017-12-31 20:59 - 000003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-datetime-l1-1-0.dll
2018-01-05 14:12 - 2017-12-31 20:59 - 000003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-console-l1-1-0.dll
2018-01-05 14:12 - 2017-12-31 20:55 - 000131584 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\pacer.sys
2018-01-05 14:12 - 2017-12-31 20:55 - 000088576 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\wanarp.sys
2018-01-05 14:12 - 2017-12-31 20:55 - 000058368 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ndproxy.sys
2018-01-05 14:12 - 2017-12-31 20:55 - 000045056 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\netbios.sys
2018-01-05 14:12 - 2017-12-31 20:55 - 000024064 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ndistapi.sys
2018-01-05 14:12 - 2017-12-31 20:54 - 004013800 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntkrnlpa.exe
2018-01-05 14:12 - 2017-12-31 20:54 - 003959016 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntoskrnl.exe
2018-01-05 14:12 - 2017-12-31 20:54 - 000077312 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mpsdrv.sys
2018-01-05 14:12 - 2017-12-31 20:50 - 000455680 _____ (Microsoft Corporation) C:\Windows\system32\winlogon.exe
2018-01-05 14:12 - 2017-12-31 20:49 - 000148480 _____ (Microsoft Corporation) C:\Windows\system32\appidpolicyconverter.exe
2018-01-05 14:12 - 2017-12-31 20:49 - 000064000 _____ (Microsoft Corporation) C:\Windows\system32\auditpol.exe
2018-01-05 14:12 - 2017-12-31 20:49 - 000062464 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\appid.sys
2018-01-05 14:12 - 2017-12-31 20:49 - 000017920 _____ (Microsoft Corporation) C:\Windows\system32\appidcertstorecheck.exe
2018-01-05 14:12 - 2017-12-31 20:47 - 000244224 _____ (Microsoft Corporation) C:\Windows\system32\vmicsvc.exe
2018-01-05 14:12 - 2017-12-31 20:46 - 000338432 _____ (Microsoft Corporation) C:\Windows\system32\conhost.exe
2018-01-05 14:12 - 2017-12-31 20:46 - 000128512 _____ (Microsoft Corporation) C:\Windows\system32\IcCoinstall.dll
2018-01-05 14:12 - 2017-12-31 20:46 - 000051712 _____ (Microsoft Corporation) C:\Windows\system32\vmictimeprovider.dll
2018-01-05 14:12 - 2017-12-31 20:45 - 000296960 _____ (Microsoft Corporation) C:\Windows\system32\rstrui.exe
2018-01-05 14:12 - 2017-12-31 20:43 - 000086528 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WcnApi.dll
2018-01-05 14:12 - 2017-12-31 20:43 - 000038912 _____ (Microsoft Corporation) C:\Windows\SysWOW64\kmddsp.tsp
2018-01-05 14:12 - 2017-12-31 20:43 - 000033280 _____ (Microsoft Corporation) C:\Windows\SysWOW64\rasmxs.dll
2018-01-05 14:12 - 2017-12-31 20:43 - 000022528 _____ (Microsoft Corporation) C:\Windows\SysWOW64\rasser.dll
2018-01-05 14:12 - 2017-12-31 20:43 - 000020480 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WcnEapPeerProxy.dll
2018-01-05 14:12 - 2017-12-31 20:43 - 000019968 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WcnEapAuthProxy.dll
2018-01-05 14:12 - 2017-12-31 20:43 - 000018944 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wfapigp.dll
2018-01-05 14:12 - 2017-12-31 20:43 - 000013824 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wshqos.dll
2018-01-05 14:12 - 2017-12-31 20:42 - 000460288 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\srv.sys
2018-01-05 14:12 - 2017-12-31 20:42 - 000406016 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\srv2.sys
2018-01-05 14:12 - 2017-12-31 20:42 - 000168448 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\srvnet.sys
2018-01-05 14:12 - 2017-12-31 20:42 - 000159744 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxsmb.sys
2018-01-05 14:12 - 2017-12-31 20:41 - 000754176 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\http.sys
2018-01-05 14:12 - 2017-12-31 20:41 - 000291328 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxsmb10.sys
2018-01-05 14:12 - 2017-12-31 20:41 - 000129536 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxsmb20.sys
2018-01-05 14:12 - 2017-12-31 20:41 - 000112640 _____ (Microsoft Corporation) C:\Windows\system32\smss.exe
2018-01-05 14:12 - 2017-12-31 20:41 - 000106496 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\dfsc.sys
2018-01-05 14:12 - 2017-12-31 20:41 - 000030720 _____ (Microsoft Corporation) C:\Windows\system32\lsass.exe
2018-01-05 14:12 - 2017-12-31 20:41 - 000007168 _____ (Microsoft Corporation) C:\Windows\SysWOW64\comcat.dll
2018-01-05 14:12 - 2017-12-31 20:39 - 000050176 _____ (Microsoft Corporation) C:\Windows\SysWOW64\auditpol.exe
2018-01-05 14:12 - 2017-12-31 20:36 - 000025600 _____ (Microsoft Corporation) C:\Windows\SysWOW64\setup16.exe
2018-01-05 14:12 - 2017-12-31 20:36 - 000014336 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntvdm64.dll
2018-01-05 14:12 - 2017-12-31 20:36 - 000007680 _____ (Microsoft Corporation) C:\Windows\SysWOW64\instnm.exe
2018-01-05 14:12 - 2017-12-31 20:36 - 000002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\user.exe
2018-01-05 14:12 - 2017-12-31 20:35 - 000036352 _____ (Microsoft Corporation) C:\Windows\SysWOW64\cryptbase.dll
2018-01-05 14:12 - 2017-12-31 20:35 - 000006144 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-security-base-l1-1-0.dll
2018-01-05 14:12 - 2017-12-31 20:35 - 000004608 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-threadpool-l1-1-0.dll
2018-01-05 14:12 - 2017-12-31 20:35 - 000003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-xstate-l1-1-0.dll
2018-01-05 14:12 - 2017-12-31 20:35 - 000003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-util-l1-1-0.dll
2018-01-05 14:12 - 2017-12-30 02:29 - 000395968 _____ (Microsoft Corporation) C:\Windows\system32\iedkcs32.dll
2018-01-05 14:12 - 2017-12-30 01:42 - 000347328 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iedkcs32.dll
2018-01-05 14:12 - 2017-12-29 13:39 - 020274688 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2018-01-05 14:12 - 2017-12-29 13:24 - 002724864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2018-01-05 14:12 - 2017-12-29 13:13 - 000499712 _____ (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll
2018-01-05 14:12 - 2017-12-29 13:13 - 000062464 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll
2018-01-05 14:12 - 2017-12-29 13:12 - 000341504 _____ (Microsoft Corporation) C:\Windows\SysWOW64\html.iec
2018-01-05 14:12 - 2017-12-29 13:12 - 000047616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieetwproxystub.dll
2018-01-05 14:12 - 2017-12-29 13:11 - 000064000 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MshtmlDac.dll
2018-01-05 14:12 - 2017-12-29 13:09 - 002294272 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2018-01-05 14:12 - 2017-12-29 13:06 - 000047104 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2018-01-05 14:12 - 2017-12-29 13:06 - 000030720 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll
2018-01-05 14:12 - 2017-12-29 13:04 - 000476160 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2018-01-05 14:12 - 2017-12-29 13:03 - 000662528 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript.dll
2018-01-05 14:12 - 2017-12-29 13:03 - 000620032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9diag.dll
2018-01-05 14:12 - 2017-12-29 13:03 - 000115712 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe
2018-01-05 14:12 - 2017-12-29 12:55 - 000416256 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtmsft.dll
2018-01-05 14:12 - 2017-12-29 12:51 - 000060416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\JavaScriptCollectionAgent.dll
2018-01-05 14:12 - 2017-12-29 12:50 - 000091136 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inseng.dll
2018-01-05 14:12 - 2017-12-29 12:50 - 000073216 _____ (Microsoft Corporation) C:\Windows\SysWOW64\tdc.ocx
2018-01-05 14:12 - 2017-12-29 12:47 - 000168960 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msrating.dll
2018-01-05 14:12 - 2017-12-29 12:47 - 000076288 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll
2018-01-05 14:12 - 2017-12-29 12:46 - 000279040 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtrans.dll
2018-01-05 14:12 - 2017-12-29 12:45 - 004508160 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2018-01-05 14:12 - 2017-12-29 12:44 - 000130048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\occache.dll
2018-01-05 14:12 - 2017-12-29 12:39 - 000230400 _____ (Microsoft Corporation) C:\Windows\SysWOW64\webcheck.dll
2018-01-05 14:12 - 2017-12-29 12:38 - 013680128 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2018-01-05 14:12 - 2017-12-29 12:38 - 000694272 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2018-01-05 14:12 - 2017-12-29 12:37 - 002058752 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
2018-01-05 14:12 - 2017-12-29 12:36 - 001155072 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmlmedia.dll
2018-01-05 14:12 - 2017-12-29 12:19 - 002767872 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2018-01-05 14:12 - 2017-12-29 12:15 - 001313792 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2018-01-05 14:12 - 2017-12-29 12:13 - 000710144 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dll
2018-01-05 14:12 - 2017-12-29 04:15 - 025737728 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2018-01-05 14:12 - 2017-12-29 04:04 - 002724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2018-01-05 14:12 - 2017-12-29 04:04 - 000004096 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollectorres.dll
2018-01-05 14:12 - 2017-12-29 03:52 - 002900480 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2018-01-05 14:12 - 2017-12-29 03:51 - 005796352 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2018-01-05 14:12 - 2017-12-29 03:51 - 000066560 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll
2018-01-05 14:12 - 2017-12-29 03:50 - 000577024 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
2018-01-05 14:12 - 2017-12-29 03:50 - 000417280 _____ (Microsoft Corporation) C:\Windows\system32\html.iec
2018-01-05 14:12 - 2017-12-29 03:50 - 000088064 _____ (Microsoft Corporation) C:\Windows\system32\MshtmlDac.dll
2018-01-05 14:12 - 2017-12-29 03:50 - 000048640 _____ (Microsoft Corporation) C:\Windows\system32\ieetwproxystub.dll
2018-01-05 14:12 - 2017-12-29 03:44 - 000054784 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2018-01-05 14:12 - 2017-12-29 03:43 - 000034304 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll
2018-01-05 14:12 - 2017-12-29 03:40 - 000615936 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2018-01-05 14:12 - 2017-12-29 03:39 - 000817152 _____ (Microsoft Corporation) C:\Windows\system32\jscript.dll
2018-01-05 14:12 - 2017-12-29 03:39 - 000814080 _____ (Microsoft Corporation) C:\Windows\system32\jscript9diag.dll
2018-01-05 14:12 - 2017-12-29 03:39 - 000144384 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe
2018-01-05 14:12 - 2017-12-29 03:39 - 000116224 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollector.exe
2018-01-05 14:12 - 2017-12-29 03:32 - 000969216 _____ (Microsoft Corporation) C:\Windows\system32\MsSpellCheckingFacility.exe
2018-01-05 14:12 - 2017-12-29 03:28 - 000489984 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll
2018-01-05 14:12 - 2017-12-29 03:22 - 000087552 _____ (Microsoft Corporation) C:\Windows\system32\tdc.ocx
2018-01-05 14:12 - 2017-12-29 03:22 - 000077824 _____ (Microsoft Corporation) C:\Windows\system32\JavaScriptCollectionAgent.dll
2018-01-05 14:12 - 2017-12-29 03:21 - 000107520 _____ (Microsoft Corporation) C:\Windows\system32\inseng.dll
2018-01-05 14:12 - 2017-12-29 03:18 - 000199680 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll
2018-01-05 14:12 - 2017-12-29 03:18 - 000092160 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
2018-01-05 14:12 - 2017-12-29 03:16 - 000315392 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll
2018-01-05 14:12 - 2017-12-29 03:14 - 000152064 _____ (Microsoft Corporation) C:\Windows\system32\occache.dll
2018-01-05 14:12 - 2017-12-29 03:05 - 000262144 _____ (Microsoft Corporation) C:\Windows\system32\webcheck.dll
2018-01-05 14:12 - 2017-12-29 03:04 - 015284224 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2018-01-05 14:12 - 2017-12-29 03:03 - 000807936 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2018-01-05 14:12 - 2017-12-29 03:03 - 000726528 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2018-01-05 14:12 - 2017-12-29 03:01 - 002134528 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2018-01-05 14:12 - 2017-12-29 03:01 - 001359360 _____ (Microsoft Corporation) C:\Windows\system32\mshtmlmedia.dll
2018-01-05 14:12 - 2017-12-29 02:50 - 003241472 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2018-01-05 14:12 - 2017-12-29 02:39 - 001545728 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2018-01-05 14:12 - 2017-12-29 02:27 - 000800768 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll
2018-01-05 14:12 - 2017-12-21 01:27 - 000634312 _____ (Microsoft Corporation) C:\Windows\system32\winload.exe
2018-01-05 14:12 - 2017-12-13 11:31 - 000383720 _____ (Adobe Systems Incorporated) C:\Windows\system32\atmfd.dll
2018-01-05 14:12 - 2017-12-13 11:27 - 000100864 _____ (Microsoft Corporation) C:\Windows\system32\fontsub.dll
2018-01-05 14:12 - 2017-12-13 11:27 - 000046080 _____ (Adobe Systems) C:\Windows\system32\atmlib.dll
2018-01-05 14:12 - 2017-12-13 11:27 - 000041472 _____ (Microsoft Corporation) C:\Windows\system32\lpk.dll
2018-01-05 14:12 - 2017-12-13 11:27 - 000014336 _____ (Microsoft Corporation) C:\Windows\system32\dciman32.dll
2018-01-05 14:12 - 2017-12-13 11:15 - 000309480 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\atmfd.dll
2018-01-05 14:12 - 2017-12-13 11:11 - 000071168 _____ (Microsoft Corporation) C:\Windows\SysWOW64\fontsub.dll
2018-01-05 14:12 - 2017-12-13 11:11 - 000025600 _____ (Microsoft Corporation) C:\Windows\SysWOW64\lpk.dll
2018-01-05 14:12 - 2017-12-13 11:11 - 000010240 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dciman32.dll
2018-01-05 14:12 - 2017-12-13 10:50 - 000034304 _____ (Adobe Systems) C:\Windows\SysWOW64\atmlib.dll
2018-01-05 14:12 - 2017-12-05 12:36 - 000625664 _____ (Microsoft Corporation) C:\Windows\system32\mscms.dll
2018-01-05 14:12 - 2017-12-05 12:36 - 000250880 _____ (Microsoft Corporation) C:\Windows\system32\icm32.dll
2018-01-05 14:12 - 2017-12-05 12:36 - 000040960 _____ (Microsoft Corporation) C:\Windows\system32\WcsPlugInService.dll
2018-01-05 14:12 - 2017-12-05 12:08 - 000481792 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mscms.dll
2018-01-05 14:12 - 2017-12-05 12:08 - 000215040 _____ (Microsoft Corporation) C:\Windows\SysWOW64\icm32.dll
2018-01-05 14:12 - 2017-12-05 10:59 - 003222528 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys
2018-01-05 14:12 - 2017-12-05 10:49 - 000032768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WcsPlugInService.dll
2018-01-05 14:12 - 2017-11-07 11:31 - 000002048 _____ (Microsoft Corporation) C:\Windows\system32\tzres.dll
2018-01-05 14:12 - 2017-11-07 11:13 - 000002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\tzres.dll
2018-01-05 14:12 - 2017-11-04 10:31 - 000194048 _____ (Microsoft Corporation) C:\Windows\system32\itircl.dll
2018-01-05 14:12 - 2017-11-04 10:31 - 000170496 _____ (Microsoft Corporation) C:\Windows\system32\itss.dll
2018-01-05 14:12 - 2017-11-04 10:10 - 000158720 _____ (Microsoft Corporation) C:\Windows\SysWOW64\itircl.dll
2018-01-05 14:12 - 2017-11-04 10:10 - 000142336 _____ (Microsoft Corporation) C:\Windows\SysWOW64\itss.dll
2018-01-05 14:12 - 2017-11-02 11:55 - 000281600 _____ (Microsoft Corporation) C:\Windows\system32\iprtrmgr.dll
2018-01-05 14:12 - 2017-11-02 11:55 - 000138240 _____ (Microsoft Corporation) C:\Windows\system32\rtm.dll
2018-01-05 14:12 - 2017-11-02 11:55 - 000097792 _____ (Microsoft Corporation) C:\Windows\system32\mprdim.dll
2018-01-05 14:12 - 2017-11-02 11:55 - 000009728 _____ (Microsoft Corporation) C:\Windows\system32\iprtprio.dll
2018-01-05 14:12 - 2017-11-02 10:11 - 000271360 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iprtrmgr.dll
2018-01-05 14:12 - 2017-11-02 10:11 - 000115200 _____ (Microsoft Corporation) C:\Windows\SysWOW64\rtm.dll
2018-01-05 14:12 - 2017-11-02 10:11 - 000075264 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mprdim.dll
2018-01-05 14:12 - 2017-11-02 09:56 - 000008192 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iprtprio.dll
2018-01-05 14:12 - 2017-10-16 18:04 - 001001984 _____ (Microsoft Corporation) C:\Windows\system32\gpedit.dll
2018-01-05 14:12 - 2017-10-16 17:46 - 000953344 _____ (Microsoft Corporation) C:\Windows\SysWOW64\gpedit.dll
2018-01-05 14:12 - 2017-10-11 19:20 - 000317440 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\rdbss.sys
2018-01-05 14:11 - 2017-12-31 21:18 - 000002048 _____ (Microsoft Corporation) C:\Windows\system32\msxml6r.dll
2018-01-05 14:11 - 2017-12-31 21:00 - 000002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msxml6r.dll
2018-01-02 13:59 - 2018-01-03 09:10 - 000000433 _____ C:\Users\LenovoThinkPadOwner\Desktop\Doctor Appintments in 2018.txt
2017-12-26 15:36 - 2017-12-26 15:36 - 000000032 _____ C:\Users\LenovoThinkPadOwner\Desktop\Amazon for Jenn.txt
2017-12-26 15:35 - 2017-12-26 15:35 - 000000032 _____ C:\Users\LenovoThinkPadOwner\Desktop\Amazon for.txt
2017-12-23 21:11 - 2017-12-23 21:11 - 000000680 _____ C:\Users\LenovoThinkPadOwner\Documents\role play.txt
2017-12-23 00:27 - 2017-12-23 00:48 - 000001880 _____ C:\Users\LenovoThinkPadOwner\Documents\Natalie and Peter.txt
2017-12-19 09:35 - 2017-12-19 14:58 - 000001652 _____ C:\Users\LenovoThinkPadOwner\Desktop\Doctor Appintment.txt
2017-12-14 18:37 - 2017-12-27 14:57 - 000002622 _____ C:\Users\LenovoThinkPadOwner\Desktop\New word.txt
2017-12-10 15:17 - 2017-12-10 15:17 - 000738798 _____ C:\Users\LenovoThinkPadOwner\Downloads\Santa_and_Mrs_Claus_Bitsy_Dolls_online.pdf
2017-12-10 14:41 - 2017-12-10 14:41 - 000948406 _____ C:\Users\LenovoThinkPadOwner\Downloads\HerringboneHatPattern_2.pdf
2017-12-06 21:49 - 2018-02-12 09:20 - 000001050 _____ C:\Users\LenovoThinkPadOwner\Desktop\December 2017 Bills.txt
 
==================== Three Months Modified files and folders ========
 
(If an entry is included in the fixlist, the file/folder will be moved.)
 
2018-03-06 13:13 - 2017-09-13 19:48 - 000000000 ____D C:\Windows\Minidump
2018-03-06 12:18 - 2017-08-15 19:56 - 000000000 ____D C:\Users\LenovoThinkPadOwner\AppData\Roaming\Skype
2018-03-06 12:08 - 2009-07-13 23:45 - 000032208 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2018-03-06 12:08 - 2009-07-13 23:45 - 000032208 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2018-03-06 11:20 - 2016-07-19 10:20 - 000015912 _____ C:\IFRToolLog.txt
2018-03-06 10:44 - 2017-09-06 07:54 - 000001186 _____ C:\Users\Public\Desktop\ShopTracker.lnk
2018-03-06 10:43 - 2009-07-14 00:13 - 000781790 _____ C:\Windows\system32\PerfStringBackup.INI
2018-03-06 10:43 - 2009-07-13 22:20 - 000000000 ____D C:\Windows\inf
2018-03-06 10:39 - 2017-09-06 07:55 - 000000000 ____D C:\Users\LenovoThinkPadOwner\AmazonMeter
2018-03-06 10:36 - 2016-07-19 09:15 - 000000000 __SHD C:\Users\LenovoThinkPadOwner\IntelGraphicsProfiles
2018-03-06 10:35 - 2017-05-15 10:18 - 000000222 _____ C:\Windows\Tasks\Lenovo Active Protection System.job
2018-03-06 10:35 - 2016-07-21 03:44 - 000000000 ____D C:\ProgramData\Synaptics
2018-03-06 10:35 - 2009-07-14 00:08 - 000000006 ____H C:\Windows\Tasks\SA.DAT
2018-03-05 17:14 - 2017-04-27 09:02 - 000232960 ___SH C:\Users\LenovoThinkPadOwner\Documents\Thumbs.db
2018-03-04 17:56 - 2017-01-14 00:37 - 000000000 ____D C:\Users\LenovoThinkPadOwner\AppData\Roaming\Nitro PDF
2018-02-28 10:03 - 2009-07-13 22:20 - 000000000 ____D C:\Windows\system32\NDF
2018-02-26 23:12 - 2016-07-21 15:42 - 000002235 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk
2018-02-26 23:12 - 2016-07-21 15:42 - 000002194 _____ C:\Users\Public\Desktop\Google Chrome.lnk
2018-02-23 17:53 - 2016-07-21 16:13 - 000002441 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Acrobat Reader DC.lnk
2018-02-15 22:39 - 2015-05-04 17:09 - 000000000 ____D C:\ProgramData\Lenovo
2018-02-14 09:16 - 2016-07-21 16:13 - 000004476 _____ C:\Windows\System32\Tasks\Adobe Acrobat Update Task
2018-02-11 17:52 - 2015-05-05 10:24 - 000000000 ____D C:\Windows\System32\Tasks\TVT
2018-02-11 17:52 - 2015-05-05 09:47 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Lenovo
2018-02-11 17:51 - 2017-09-17 16:51 - 000000555 _____ C:\Windows\SysWOW64\InstallUtil.InstallLog
2018-02-11 17:51 - 2015-05-05 09:47 - 000000000 ____D C:\Program Files (x86)\Lenovo
2018-02-06 21:45 - 2017-01-19 00:47 - 000803328 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2018-02-06 21:45 - 2017-01-19 00:47 - 000144896 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2018-02-06 21:45 - 2017-01-19 00:47 - 000004312 _____ C:\Windows\System32\Tasks\Adobe Flash Player Updater
2018-02-06 21:45 - 2017-01-19 00:47 - 000000000 ____D C:\Windows\SysWOW64\Macromed
2018-02-06 21:45 - 2017-01-19 00:47 - 000000000 ____D C:\Windows\system32\Macromed
2018-02-06 04:58 - 2009-07-13 22:20 - 000000000 ____D C:\Windows\rescache
2018-02-04 21:21 - 2009-07-13 23:45 - 000278656 _____ C:\Windows\system32\FNTCACHE.DAT
2018-02-04 21:19 - 2009-07-13 22:20 - 000000000 ____D C:\Windows\SysWOW64\Setup
2018-02-04 21:19 - 2009-07-13 22:20 - 000000000 ____D C:\Windows\system32\Setup
2018-02-04 21:12 - 2017-01-14 18:11 - 000000000 ____D C:\Windows\system32\MRT
2018-02-04 21:07 - 2017-11-19 16:06 - 129365736 ____C (Microsoft Corporation) C:\Windows\system32\MRT-KB890830.exe
2018-02-04 21:07 - 2017-01-14 18:11 - 129365736 ____C (Microsoft Corporation) C:\Windows\system32\MRT.exe
2018-02-04 21:01 - 2014-11-13 17:07 - 000774404 _____ C:\Windows\SysWOW64\PerfStringBackup.INI
 
Some zero byte size files/folders:
==========================
C:\Windows\SysWOW64\dlumd10.dll
C:\Windows\SysWOW64\dlumd11.dll
C:\Windows\SysWOW64\dlumd9.dll
C:\Windows\System32\dlumd10.dll
C:\Windows\System32\dlumd11.dll
C:\Windows\System32\dlumd9.dll
 
==================== Bamital & volsnap ======================
 
(There is no automatic fix for files that do not pass verification.)
 
C:\Windows\system32\winlogon.exe => File is digitally signed
C:\Windows\system32\wininit.exe => File is digitally signed
C:\Windows\SysWOW64\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\system32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\system32\services.exe => File is digitally signed
C:\Windows\system32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\system32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\system32\rpcss.dll => File is digitally signed
C:\Windows\system32\dnsapi.dll => File is digitally signed
C:\Windows\SysWOW64\dnsapi.dll => File is digitally signed
C:\Windows\system32\Drivers\volsnap.sys => File is digitally signed
 
==================== BCD ================================
 
Windows Boot Manager
--------------------
identifier              {bootmgr}
device                  partition=\Device\HarddiskVolume1
description             Manager
locale                  en-US
inherit                 {globalsettings}
extendedinput           Yes
default                 {current}
resumeobject            {0870feeb-f2aa-11e4-869b-68f728af35ef}
displayorder            {current}
toolsdisplayorder       {memdiag}
timeout                 0
customactions           0x10000ba000001
                        0x54000001
custom:54000001         {30d5e55e-4dbb-11e6-8662-34e6ad03fb46}
custom:5400000f         {30d5e55e-4dbb-11e6-8662-34e6ad03fb46}
 
Windows Boot Loader
-------------------
identifier              {current}
device                  partition=C:
path                    \Windows\system32\winload.exe
description             7
locale                  en-US
inherit                 {bootloadersettings}
recoverysequence        {30d5e55e-4dbb-11e6-8662-34e6ad03fb46}
recoveryenabled         Yes
osdevice                partition=C:
systemroot              \Windows
resumeobject            {0870feeb-f2aa-11e4-869b-68f728af35ef}
nx                      OptIn
 
Windows Boot Loader
-------------------
identifier              {30d5e55e-4dbb-11e6-8662-34e6ad03fb46}
device                  ramdisk=[\Device\HarddiskVolume1]\Recovery\WindowsRE\Winre.wim,{30d5e55f-4dbb-11e6-8662-34e6ad03fb46}
path                    \windows\system32\winload.exe
description             Windows Recovery Environment
inherit                 {bootloadersettings}
osdevice                ramdisk=[\Device\HarddiskVolume1]\Recovery\WindowsRE\Winre.wim,{30d5e55f-4dbb-11e6-8662-34e6ad03fb46}
systemroot              \windows
nx                      OptIn
winpe                   Yes
 
Resume from Hibernate
---------------------
identifier              {0870feeb-f2aa-11e4-869b-68f728af35ef}
device                  partition=C:
path                    \Windows\system32\winresume.exe
description             Application
locale                  en-US
inherit                 {resumeloadersettings}
filedevice              partition=C:
filepath                \hiberfil.sys
debugoptionenabled      No
 
Windows Memory Tester
---------------------
identifier              {memdiag}
device                  partition=\Device\HarddiskVolume1
path                    \boot\memtest.exe
description             Diagnostic
locale                  en-US
inherit                 {globalsettings}
badmemoryaccess         Yes
 
EMS Settings
------------
identifier              {emssettings}
bootems                 Yes
 
Debugger Settings
-----------------
identifier              {dbgsettings}
debugtype               Serial
debugport               1
baudrate                115200
 
RAM Defects
-----------
identifier              {badmemory}
 
Global Settings
---------------
identifier              {globalsettings}
inherit                 {dbgsettings}
                        {emssettings}
                        {badmemory}
 
Boot Loader Settings
--------------------
identifier              {bootloadersettings}
inherit                 {globalsettings}
                        {hypervisorsettings}
 
Hypervisor Settings
-------------------
identifier              {hypervisorsettings}
hypervisordebugtype     Serial
hypervisordebugport     1
hypervisorbaudrate      115200
 
Resume Loader Settings
----------------------
identifier              {resumeloadersettings}
inherit                 {globalsettings}
 
Device options
--------------
identifier              {30d5e55f-4dbb-11e6-8662-34e6ad03fb46}
description             Ramdisk Options
ramdisksdidevice        partition=\Device\HarddiskVolume1
ramdisksdipath          \Recovery\WindowsRE\boot.sdi
 
Setup Ramdisk Options
---------------------
identifier              {ramdiskoptions}
description             options
ramdisksdidevice        boot
ramdisksdipath          \boot\boot.sdi
 
 
LastRegBack: 2018-02-17 02:48
 
==================== End of FRST.txt ============================
 
 
 
 
 
 
 
 
 
Additional scan result of Farbar Recovery Scan Tool (x64) Version: 04.03.2018
Ran by LenovoThinkPadOwner (06-03-2018 13:35:41)
Running from C:\Users\LenovoThinkPadOwner\Downloads
Windows 7 Professional Service Pack 1 (X64) (2016-07-19 14:15:07)
Boot Mode: Normal
==========================================================
 
 
==================== Accounts: =============================
 
Administrator (S-1-5-21-3035152817-1234986613-3461963699-500 - Administrator - Disabled)
Guest (S-1-5-21-3035152817-1234986613-3461963699-501 - Limited - Disabled)
HomeGroupUser$ (S-1-5-21-3035152817-1234986613-3461963699-1002 - Limited - Enabled)
LenovoThinkPadOwner (S-1-5-21-3035152817-1234986613-3461963699-1000 - Administrator - Enabled) => C:\Users\LenovoThinkPadOwner
 
==================== Security Center ========================
 
(If an entry is included in the fixlist, it will be removed.)
 
AV: Microsoft Security Essentials (Enabled - Up to date) {71A27EC9-3DA6-45FC-60A7-004F623C6189}
AS: Spybot - Search and Destroy (Enabled - Up to date) {A16C3F68-9280-E053-1818-342707FECF4D}
AS: Microsoft Security Essentials (Enabled - Up to date) {CAC39F2D-1B9C-4A72-5A17-3B3D19BB2B34}
AS: Windows Defender (Disabled - Out of date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
 
==================== Installed Programs ======================
 
(Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)
 
Adobe Acrobat Reader DC (HKLM-x32\...\{AC76BA86-7AD7-1033-7B44-AC0F074E4100}) (Version: 18.011.20038 - Adobe Systems Incorporated)
Adobe AIR (HKLM-x32\...\Adobe AIR) (Version: 26.0.0.118 - Adobe Systems Incorporated)
Adobe Flash Player 28 ActiveX (HKLM-x32\...\Adobe Flash Player ActiveX) (Version: 28.0.0.161 - Adobe Systems Incorporated)
Adobe Shockwave Player 12.2 (HKLM-x32\...\Adobe Shockwave Player) (Version: 12.2.9.199 - Adobe Systems, Inc.)
AVS Video Editor 7.4.1 (HKLM-x32\...\AVS Video Editor_is1) (Version: 7.4.1.281 - Online Media Technologies Ltd.)
CCleaner (HKLM\...\CCleaner) (Version: 5.20 - Piriform)
Conexant HD Audio (HKLM\...\CNXT_AUDIO_HDA) (Version: 8.65.55.62 - Conexant)
Connect2 (HKLM-x32\...\Connect2_is1) (Version: 4.2.1.3973 - Lenovo)
Create Recovery Media (HKLM-x32\...\{50DC5136-21E8-48BC-97E5-1AD055F6B0B6}) (Version: 1.20.0.00 - Lenovo Group Limited)
CyberLink PowerDVD 12 (HKLM-x32\...\InstallShield_{B46BEA36-0B71-4A4E-AE41-87241643FA0A}) (Version: 12.0.4331.55 - CyberLink Corp.)
Digital Coupon Printer (HKLM-x32\...\{2CDD20A5-DFDE-4AC0-97DD-F60B1196BF98}) (Version: 3.50.0.0 - Hopster, Inc. an Inmar company)
DisplayLink Core Software (HKLM\...\{58F4C39B-D946-4A45-A314-DEFC2AFDF397}) (Version: 7.5.54609.0 - DisplayLink Corp.)
Dolby Advanced Audio v2 (HKLM-x32\...\{B9E70C7A-9F85-4A39-A4A3-BFA3C3BF7613}) (Version: 7.2.8000.17 - Dolby Laboratories Inc)
Dropbox 15 GB (HKLM-x32\...\{597A58EC-42D6-4940-8739-FB94491B013C}) (Version: 0.9.0 - Dropbox, Inc.)
Google Chrome (HKLM-x32\...\{A58EE139-F99A-3991-B9D2-EBB6A6E2F9AE}) (Version: 64.0.3282.186 - Google, Inc.)
Google Update Helper (HKLM-x32\...\{60EC980A-BDA2-4CB6-A427-B07A5498B4CA}) (Version: 1.3.33.7 - Google Inc.) Hidden
HP Officejet Pro 6830 Basic Device Software (HKLM\...\{98040AB6-D667-409C-81E7-DB65836B3EE0}) (Version: 33.1.73.49987 - Hewlett-Packard Co.)
HP Officejet Pro 6830 Help (HKLM-x32\...\{28693307-6F99-4B5D-9FA3-4D9132DDA716}) (Version: 34.0.0 - Hewlett Packard)
HP Update (HKLM-x32\...\{912D30CF-F39E-4B31-AD9A-123C6B794EE2}) (Version: 5.005.002.002 - Hewlett-Packard)
I.R.I.S. OCR (HKLM-x32\...\{CA6BCA2F-EDEB-408F-850B-31404BE16A61}) (Version: 12.3.4.0 - HP)
Integrated Camera (HKLM-x32\...\Sunplus SPUVCb) (Version: 3.4.7.36 - SunplusIT)
Intel® Chipset Device Software (HKLM-x32\...\{f5d71765-7cd1-4e68-998f-5b379e725da3}) (Version: 10.0.22 - Intel® Corporation) Hidden
Intel® Management Engine Components (HKLM\...\{1CEAC85D-2590-4760-800F-8DE5E91F3700}) (Version: 10.0.30.1072 - Intel Corporation)
Intel® Processor Graphics (HKLM-x32\...\{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}) (Version: 10.18.14.4432 - Intel Corporation)
Intel® Update Manager (HKLM-x32\...\{43FA4AC8-46F8-423F-96FD-9A7D67048F1C}) (Version: 2.5.1634 - Intel Corporation)
Intel® USB 3.0 eXtensible Host Controller Driver (HKLM-x32\...\{240C3DDD-C5E9-4029-9DF7-95650D040CF2}) (Version: 3.0.3.60 - Intel Corporation)
Intel® WiDi (HKLM\...\{5BBC7722-E4D9-4406-A8B9-1E11A23B9EAF}) (Version: 5.0.32.0 - Intel Corporation)
Intel® Wireless Bluetooth®(patch version 17.1.1431.1) (HKLM\...\{302600C1-6BDF-4FD1-1407-148929CC1385}) (Version: 17.1.1407.0480 - Intel Corporation)
Intel® PROSet/Wireless Software (HKLM-x32\...\{a9888f41-68ae-43df-bd7d-d93405a44106}) (Version: 17.13.11 - Intel Corporation)
Java 8 Update 144 (64-bit) (HKLM\...\{26A24AE4-039D-4CA4-87B4-2F64180144F0}) (Version: 8.0.1440.1 - Oracle Corporation)
Java 8 Update 144 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F32180144F0}) (Version: 8.0.1440.1 - Oracle Corporation)
Lenovo Active Protection System (HKLM\...\{46A84694-59EC-48F0-964C-7E76E9F8A2ED}) (Version: 1.82.00.14 - Lenovo)
Lenovo Auto Scroll Utility (HKLM\...\LenovoAutoScrollUtility) (Version: 2.12 - )
Lenovo Communications Utility (HKLM\...\{88C6A6D9-324C-46E8-BA87-563D14021442}_is1) (Version: 3.1.16.0 - Lenovo)
Lenovo Fingerprint Manager (HKLM\...\{CAED159A-4D69-4016-92AB-0C4644C8E690}) (Version: 4.5.327.0 - Synaptics)
Lenovo Fingerprint Manager (HKLM\...\{F7AB2C19-6A27-4C75-A92A-8CC7C59E5FA2}) (Version: 4.5.327.0 - )
Lenovo Peer Connect SDK (HKLM\...\{75C87855-9CBB-4892-B1A9-74C73A19CACA}_is1) (Version: 1.0.0.7 - Lenovo)
Lenovo Power Management Driver (HKLM\...\Power Management Driver) (Version: 1.67.12.24 - Lenovo) Hidden
Lenovo PowerENGAGE (HKLM-x32\...\{15B15395-FF53-44E1-ADAD-FCC279E3CA10}) (Version: 2.51.0040 - Lenovo Inc.)
Lenovo QuickControl (HKLM-x32\...\{04128C8C-7812-4DCC-816E-9C8AB1D6EECE}) (Version: 2.40 - Lenovo Group Limited)
Lenovo Solution Center (HKLM\...\{C1FC707B-AE6B-4DC4-89A5-6628A01F8103}) (Version: 3.3.003.00 - Lenovo)
Lenovo System Update (HKLM-x32\...\TVSU_is1) (Version: 5.07.0070 - Lenovo)
Lenovo USB Graphics (HKLM\...\{E6B1FE9A-CB1E-4096-A0AF-163419CB971C}) (Version: 7.5.54614.0 - Lenovo)
Lenovo USB3.0 to DVI VGA Monitor Adapter (HKLM-x32\...\{454D32AD-C149-49BE-9F2E-8C089C3D6620}) (Version: 1.07.17 - Lenovo)
Lenovo User Guide (HKLM-x32\...\{13F59938-C595-479C-B479-F171AB9AF64F}) (Version: 1.0.0009.00 - Lenovo Group Limited)
Lenovo Warranty Information (HKLM-x32\...\{FD4EC278-C1B1-4496-99ED-C0BE1B0AA521}) (Version: 1.0.0011.00 - Lenovo)
Malwarebytes version 3.3.1.2183 (HKLM\...\{35065F43-4BB2-439A-BFF7-0F1014F2E0CD}_is1) (Version: 3.3.1.2183 - Malwarebytes)
Message Center Plus (HKLM\...\{C2C2DB64-1BCE-4FA7-962D-457795ECCEC0}) (Version: 3.3.0004.00 - Lenovo Group Limited)
Metric Collection SDK (HKLM-x32\...\{DDAA788F-52E6-44EA-ADB8-92837B11BF26}) (Version: 1.1.0012.00 - Lenovo Group Limited) Hidden
Metric Collection SDK 35 (HKLM-x32\...\{C2B5B5B0-2545-4E94-B4BA-548D4BF0B196}) (Version: 1.2.0006.00 - Lenovo Group Limited) Hidden
Microsoft .NET Framework 4.7 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.7.02053 - Microsoft Corporation)
Microsoft Office (HKLM-x32\...\{90150000-0138-0409-0000-0000000FF1CE}) (Version: 15.0.4641.1005 - Microsoft Corporation)
Microsoft Security Essentials (HKLM\...\Microsoft Security Client) (Version: 4.10.209.0 - Microsoft Corporation)
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.50907.0 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{837b34e3-7c30-493c-8f6a-2b0f04e2912c}) (Version: 8.0.59193 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.60610 (HKLM-x32\...\{a1909659-0a08-4554-8af1-2175904903a1}) (Version: 11.0.60610.1 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.61030 (HKLM-x32\...\{ca67548a-5ebe-413a-b50c-4b9ceb6d66c6}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.60610 (HKLM-x32\...\{95716cce-fc71-413f-8ad5-56c2892d4b3a}) (Version: 11.0.60610.1 - Microsoft Corporation)
Nitro Pro 9 (HKLM\...\{1E347E8D-DB86-43EE-B301-EE953C44BF3C}) (Version: 9.5.4.22 - Nitro)
On Screen Display (HKLM\...\OnScreenDisplay) (Version: 8.51.00 - )
Power Manager (HKLM-x32\...\{DAC01CEE-5BAE-42D5-81FC-B687E84E8405}) (Version: 6.68.10 - Lenovo Group Limited)
PowerDVD Create (HKLM-x32\...\InstallShield_{DE485075-8CD3-4A1E-9ABC-6412EBA44872}) (Version: 10.0 - CyberLink Corp.)
PowerDVD Create 10 (HKLM-x32\...\{D6E853EC-8960-4D44-AF03-7361BB93227C}) (Version: 10.0.1.3710 - CyberLink Corp.) Hidden
PrintMyCouponAnywhere (HKLM-x32\...\{9E5A9316-541D-4F22-BE19-AFE969C00B06}) (Version: 1.0.0.0 - RevTrax)
Product Improvement Study for HP Officejet Pro 6830 (HKLM\...\{96ABEAD3-67AE-4BF7-8A16-F745352049B3}) (Version: 33.1.73.49987 - Hewlett-Packard Co.)
REACHit (HKLM-x32\...\{4532E4C5-C84D-4040-A044-ECFCC5C6995B}) (Version: 2.5.005.12 - Lenovo)
Realtek Card Reader (HKLM-x32\...\{5BC2B5AB-80DE-4E83-B8CF-426902051D0A}) (Version: 6.3.9600.21247 - Realtek Semiconductor Corp.)
ShopTracker 1.1.26 (HKLM-x32\...\AmazonMeter) (Version: 1.1.26 - Nielsen)
Skype™ 7.3 (HKLM-x32\...\{24991BA0-F0EE-44AD-9CC8-5EC50AECF6B7}) (Version: 7.3.101 - Skype Technologies S.A.)
Spybot - Search & Destroy (HKLM-x32\...\{B4092C6D-E886-4CB2-BA68-FE5A99D31DE7}_is1) (Version: 2.4.40 - Safer-Networking Ltd.)
Steam (HKLM-x32\...\Steam) (Version: 2.10.91.91 - Valve Corporation)
swMSM (HKLM-x32\...\{612C34C7-5E90-47D8-9B5C-0F717DD82726}) (Version: 12.0.0.1 - Adobe Systems, Inc) Hidden
ThinkPad OneLink Dock (HKLM-x32\...\{8E1CACF5-2493-4950-9AD5-189903FE57E7}) (Version: 1.08.30 - Lenovo)
ThinkPad UltraNav Driver (HKLM\...\{9F72EF8B-AEC9-4CA5-B483-143980AFD6FD}) (Version: 8.216.1616.115 - ALPS ELECTRIC CO., LTD.)
Thinkpad USB 3.0 Ethernet Adapter Driver (HKLM-x32\...\{D8102684-7BA1-4948-88B9-535F84E6E588}) (Version: 7.4.911.2013 - Lenovo)
VLC media player (HKLM\...\VLC media player) (Version: 2.2.6 - VideoLAN)
WaveEditor (HKLM-x32\...\{324F76CC-D8DD-4D87-B77D-D4AF5E1AA7B3}) (Version: 1.0.1.4514 - CyberLink Corp.) Hidden
WaveEditor (HKLM-x32\...\InstallShield_{324F76CC-D8DD-4D87-B77D-D4AF5E1AA7B3}) (Version: 1.0.1.4514 - CyberLink Corp.)
Windows Driver Package - Intel (e1dexpress) Net  (09/29/2014 12.12.80.19) (HKLM\...\4ED8788498CF43D3423E6F8A41D0FAAF62902DB0) (Version: 09/29/2014 12.12.80.19 - Intel)
Windows Driver Package - Intel Corporation (iaStorA) HDC  (08/22/2014 13.5.0.1056) (HKLM\...\5EC6580D569A9D3B15C34964E5BB5BC263F05FE5) (Version: 08/22/2014 13.5.0.1056 - Intel Corporation)
Windows Driver Package - Lenovo 1.67.09.03 (11/07/2014 1.67.09.03) (HKLM\...\FA3F6F3D6E8958FDDEE1E09CC77DFA71B0D7835A) (Version: 11/07/2014 1.67.09.03 - Lenovo)
 
==================== Custom CLSID (Whitelisted): ==========================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
CustomCLSID: HKU\S-1-5-21-3035152817-1234986613-3461963699-1000_Classes\CLSID\{820D63D5-8CFF-46DE-86AF-4997DEDD6DB5}\localserver32 -> C:\Windows\system32\igfxEM.exe (Intel Corporation)
ShellIconOverlayIdentifiers: [00asw] -> {472083B0-C522-11CF-8763-00608CC02F24} =>  -> No File
ShellIconOverlayIdentifiers: [00avast] -> {472083B0-C522-11CF-8763-00608CC02F24} =>  -> No File
ContextMenuHandlers1: [EPP] -> {09A47860-11B0-4DA5-AFA5-26D86198A780} => c:\Program Files\Microsoft Security Client\shellext.dll [2016-11-14] (Microsoft Corporation)
ContextMenuHandlers1: [NP8ShellExtension] -> {9C4B85B8-956C-49BF-9BA5-101384E562B2} => C:\Program Files\Nitro\Pro 9\NPShellExtension.dll [2016-07-28] (Nitro PDF)
ContextMenuHandlers1: [SDECon32] -> {44176360-2BBF-4EC1-93CE-384B8681A0BC} => C:\Program Files (x86)\Spybot - Search & Destroy 2\SDECon64.dll [2014-06-24] (Safer-Networking Ltd.)
ContextMenuHandlers1: [SDECon64] -> {44176360-2BBF-4EC1-93CE-384B8681A0BC} => C:\Program Files (x86)\Spybot - Search & Destroy 2\SDECon64.dll [2014-06-24] (Safer-Networking Ltd.)
ContextMenuHandlers2: [EPP] -> {09A47860-11B0-4DA5-AFA5-26D86198A780} => c:\Program Files\Microsoft Security Client\shellext.dll [2016-11-14] (Microsoft Corporation)
ContextMenuHandlers3: [MBAMShlExt] -> {57CE581A-0CB6-4266-9CA0-19364C90A0B3} => C:\Program Files\Malwarebytes\Anti-Malware\mbshlext.dll [2017-11-01] (Malwarebytes)
ContextMenuHandlers4: [EPP] -> {09A47860-11B0-4DA5-AFA5-26D86198A780} => c:\Program Files\Microsoft Security Client\shellext.dll [2016-11-14] (Microsoft Corporation)
ContextMenuHandlers5: [igfxDTCM] -> {9B5F5829-A529-4B12-814A-E81BCB8D93FC} => C:\Windows\system32\igfxDTCM.dll [2016-06-02] (Intel Corporation)
ContextMenuHandlers6: [MBAMShlExt] -> {57CE581A-0CB6-4266-9CA0-19364C90A0B3} => C:\Program Files\Malwarebytes\Anti-Malware\mbshlext.dll [2017-11-01] (Malwarebytes)
ContextMenuHandlers6: [SDECon32] -> {44176360-2BBF-4EC1-93CE-384B8681A0BC} => C:\Program Files (x86)\Spybot - Search & Destroy 2\SDECon64.dll [2014-06-24] (Safer-Networking Ltd.)
ContextMenuHandlers6: [SDECon64] -> {44176360-2BBF-4EC1-93CE-384B8681A0BC} => C:\Program Files (x86)\Spybot - Search & Destroy 2\SDECon64.dll [2014-06-24] (Safer-Networking Ltd.)
 
==================== Scheduled Tasks (Whitelisted) =============
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
Task: {0867DD5F-489C-4D48-81BE-A95EEA1CFBDE} - System32\Tasks\Lenovo\REACHit Agent Startup => C:\Program Files (x86)\Lenovo\REACHit\REACHitAgent.exe [2016-05-18] (Lenovo)
Task: {0C43C10A-A4E7-4E0C-8C31-EE0C71267432} - System32\Tasks\PDVDServ12 Task => C:\Program Files (x86)\CyberLink\PowerDVD12\PDVD12Serv.exe [2014-07-31] (CyberLink Corp.)
Task: {1A4643C4-77E7-47AB-B2F9-4E39932A9963} - System32\Tasks\IUM-F1E24CA0-B63E-4F13-A9E3-4ADE3BFF3473-Logon => C:\Program Files (x86)\Intel\Intel® Update Manager\bin\iumsvc.exe [2014-06-09] ()
Task: {1D7A24AE-7641-4C1F-AA25-C25FB8F3A12E} - System32\Tasks\Microsoft\Microsoft Antimalware\Microsoft Antimalware Scheduled Scan => c:\Program Files\Microsoft Security Client\\MpCmdRun.exe [2016-11-14] (Microsoft Corporation)
Task: {1F8CE03B-C3E2-4760-95D1-6CFF766A18F4} - System32\Tasks\{0A8C6A84-0F10-448F-BD92-E5F1920F8A7D} => C:\Windows\system32\pcalua.exe -a C:\Users\LENOVO~1\AppData\Local\Temp\jre-8u144-windows-au.exe -d C:\Windows\SysWOW64 -c /installmethod=jau FAMILYUPGRADE=1 <==== ATTENTION
Task: {22838C27-C458-43D5-ABC8-2A91E997B61E} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2016-07-21] (Google Inc.)
Task: {23E6E8AB-C1A6-44EC-9B8F-C9303EADE81D} - System32\Tasks\Lenovo\LSC\Lenovo Solution Center Notifications => C:\Program Files\Lenovo\Lenovo Solution Center\LSCNotify.exe [2016-06-02] (Lenovo)
Task: {26E853C0-0300-4FBB-A8A6-3CA8CFE52E6F} - System32\Tasks\DiskUpdate => C:\SWTOOLS\OSFIXES\DISKUPDT\DiskUpdate.exe [2009-02-09] ()
Task: {2C355016-6F34-41D1-8B75-676DB3E31430} - System32\Tasks\TVT\LaunchFR => C:\Program Files (x86)\Lenovo\Factory Recovery\FRReminder.exe [2014-08-21] (TODO: <Company name>)
Task: {2FB8016D-7A35-4D86-9964-6B33C9015C30} - System32\Tasks\CCleanerSkipUAC => C:\Program Files\CCleaner\CCleaner.exe [2016-07-13] (Piriform Ltd)
Task: {452C8399-0490-4FAD-942B-67D60D36CE8C} - System32\Tasks\IUM-F1E24CA0-B63E-4F13-A9E3-4ADE3BFF3473 => C:\Program Files (x86)\Intel\Intel® Update Manager\bin\iumsvc.exe [2014-06-09] ()
Task: {46706632-9912-4F0C-885F-455E6E8783FA} - System32\Tasks\Adobe Acrobat Update Task => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2018-01-17] (Adobe Systems Incorporated)
Task: {4F3BBF6C-8B16-472C-9D95-2C0032594C66} - System32\Tasks\Safer-Networking\Spybot - Search and Destroy\Refresh immunization => C:\Program Files (x86)\Spybot - Search & Destroy 2\SDImmunize.exe [2016-03-21] (Safer-Networking Ltd.)
Task: {539625E0-B39B-4D6B-9277-65E8D1361596} - System32\Tasks\Safer-Networking\Spybot - Search and Destroy\Scan the system => C:\Program Files (x86)\Spybot - Search & Destroy 2\SDScan.exe [2016-03-21] (Safer-Networking Ltd.)
Task: {57199E9C-5B86-48E2-84C4-BC6E4532C0C1} - System32\Tasks\Microsoft\Windows\PLA\LSC Memory => C:\Windows\system32\rundll32.exe C:\Windows\system32\pla.dll,PlaHost "LSC Memory" "$(Arg0)"
Task: {57A3CB54-426B-4BB9-B538-5B9F8F6E049C} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2018-02-06] (Adobe Systems Incorporated)
Task: {5C5524EE-5548-4768-9BF4-FEA48DE743DA} - System32\Tasks\Lenovo\Lenovo Solution Center Launcher => C:\Program Files\lenovo\lenovo solution center\App\LSC.Services.UpdateStatusService.exe [2016-06-02] ()
Task: {6495478D-2F77-4E05-AE2F-92D4A25B0918} - System32\Tasks\Lenovo\Message Center Plus Launcher => C:\Program Files (x86)\Lenovo\message center plus\mcplaunch.exe [2014-09-13] (Lenovo)
Task: {69293E2A-91A0-43DB-A7BB-6A1DBC557837} - System32\Tasks\StartPowerDVDService => C:\PROGRAM FILES (x86)\Cyberlink\PowerDVD10\PDVD10Serv.exe
Task: {6B1A499A-A6E7-4EDD-B3C7-4BBC1A9DF53F} - System32\Tasks\DropboxOEM => C:\Program Files (x86)\Dropbox\DropboxOEM\DropboxOEM.exe [2014-12-12] ()
Task: {778B87D0-4B6F-4792-830E-6050A43086D0} - System32\Tasks\Lenovo\LSC\LSCHardwareScan => C:\Program Files\Lenovo\Lenovo Solution Center\LSC.exe [2016-06-02] (Lenovo)
Task: {7A17ECBA-BF1B-49A6-99E2-B178F48751DB} - System32\Tasks\Lenovo\Lenovo Customer Feedback Program => C:\Program Files\Lenovo\Customer Feedback Program\Lenovo.TVT.CustomerFeedback.Agent.exe
Task: {7D6BD75A-D9BA-43E8-9F35-1182031860D8} - System32\Tasks\TVT\TVSUUpdateTask => C:\Program Files (x86)\Lenovo\System Update\tvsuShim.exe [2017-12-12] ()
Task: {956C23B9-2D24-458C-A30B-65D1287A486A} - System32\Tasks\Lenovo\LSC\LSCHardwareScanPostpone => C:\Program Files\Lenovo\Lenovo Solution Center\LSC.exe [2016-06-02] (Lenovo)
Task: {9638A2F1-725D-44AC-80B2-D64A38B6B245} - System32\Tasks\Lenovo Active Protection System => C:\Windows\system32\TpShUI.exe [2017-03-21] (Lenovo.)
Task: {A49C967F-D7F2-4E7A-A2E7-60871152547A} - System32\Tasks\CLMLSvc => C:\Program Files (x86)\CyberLink\Power2Go\CLMLSvc.exe [2013-03-06] (CyberLink)
Task: {A6313626-95F5-4313-89E4-6EEF3ED9ABC6} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2016-07-21] (Google Inc.)
Task: {AD0FE383-939C-405E-84EF-CE8266162E70} - System32\Tasks\Lenovo\REACHit Agent Update => C:\Program Files (x86)\Lenovo\REACHit\REACHitAgent.exe [2016-05-18] (Lenovo)
Task: {C12E3B25-74CF-4731-A49C-8428C68A2B6E} - System32\Tasks\PMTask => C:\Program Files (x86)\ThinkPad\Utilities\PwmIdTsv.exe [2016-04-14] (Lenovo Group Limited)
Task: {CD109C3C-A2A4-40E1-9DA5-14006BDF83C7} - System32\Tasks\Lenovo\Lenovo PowerENGAGE Update => C:\Program Files (x86)\Lenovo Registration\lenovoreg.exe [2015-01-09] (Aviata Inc)
Task: {D6F46022-1E70-410C-B9D8-005118ED1B8D} - System32\Tasks\HPCustParticipation HP Officejet Pro 6830 => C:\Program Files\HP\HP Officejet Pro 6830\Bin\HPCustPartic.exe [2014-07-18] (Hewlett-Packard Development Company, LP)
Task: {EECEDDE7-128F-4A99-818E-34E6F067B79F} - System32\Tasks\TVT\TVSUUpdateTask_UserLogOn => C:\Program Files (x86)\Lenovo\System Update\tvsuShim.exe [2017-12-12] ()
Task: {F644B4B5-D891-4A43-91A7-E35FC3F0ECF2} - System32\Tasks\Lenovo\Lenovo Customer Feedback Program 64 => C:\Program Files (x86)\Lenovo\Customer Feedback Program\Lenovo.TVT.CustomerFeedback.Agent.exe [2015-07-08] (Lenovo)
Task: {F7533C0C-8F03-4F87-A3F9-95024A1F2F55} - System32\Tasks\Safer-Networking\Spybot - Search and Destroy\Check for updates => C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdate.exe [2014-06-27] (Safer-Networking Ltd.)
Task: {FB23D160-1A2F-45EE-AE10-0C3403114E61} - System32\Tasks\Lenovo\Lenovo PowerENGAGE => C:\Program Files (x86)\Lenovo Registration\lenovoreg.exe [2015-01-09] (Aviata Inc)
 
(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)
 
Task: C:\Windows\Tasks\Lenovo Active Protection System.job => C:\Windows\system32\TpShUI.exe
Task: C:\Windows\Tasks\Norton Product Installer.job => C:\Users\LENOVO~1\AppData\Local\Temp\7zS67D.tmp\SymInstallStub.exeK/partnerid=symantec /productlist=nss /staging=false /delay=0 /launchedby=2 C:\Users\LENOVO~1\AppData\Local\Temp\7zS67D.tmp <==== ATTENTION
Task: C:\Windows\Tasks\Norton Security Scan for LenovoThinkPadOwner.job => C:\PROGRA~2\NORTON~2\Engine\461~1.84\Nss.exe
 
==================== Shortcuts & WMI ========================
 
(The entries could be listed to be restored or removed.)
 
 
ShortcutWithArgument: C:\Users\LenovoThinkPadOwner\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\ImplicitAppShortcuts\d70141fadd380fd5\Screenwise Meter.lnk -> C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) -> --profile-directory=Default --app-id=gmieefkpoaagiboijfjhidningfpomge
ShortcutWithArgument: C:\Users\LenovoThinkPadOwner\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\ImplicitAppShortcuts\b8da4a38624bbb1e\Feedback.lnk -> C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) -> --profile-directory=Default --app-id=gfdkimpbcpahaombhbimeihdjnejgicl
 
==================== Loaded Modules (Whitelisted) ==============
 
2015-05-05 10:09 - 2016-04-14 05:08 - 000107008 ____N () C:\Program Files (x86)\ThinkPad\Utilities\US\PWMRT64V.DLL
2015-04-30 13:43 - 2015-04-30 13:43 - 000090760 _____ () C:\Program Files (x86)\PrintMyCouponAnywhere\PrintMyCouponAnywhere.exe
2016-07-28 17:44 - 2016-07-28 17:44 - 000420504 _____ () C:\Program Files\Nitro\Pro 9\Nitro_UpdateService.exe
2017-09-01 21:59 - 2017-12-09 08:47 - 002301384 _____ () C:\PROGRAM FILES\MALWAREBYTES\ANTI-MALWARE\SelfProtectionSdk.dll
2018-02-26 23:12 - 2018-02-21 22:57 - 004433752 _____ () C:\Program Files (x86)\Google\Chrome\Application\64.0.3282.186\libglesv2.dll
2018-02-26 23:12 - 2018-02-21 22:57 - 000099672 _____ () C:\Program Files (x86)\Google\Chrome\Application\64.0.3282.186\libegl.dll
2018-02-11 17:52 - 2017-12-12 10:25 - 000023920 _____ () C:\Program Files (x86)\Lenovo\System Update\SUService.exe
2017-04-24 22:55 - 2014-05-13 11:04 - 000109400 _____ () C:\Program Files (x86)\Spybot - Search & Destroy 2\snlThirdParty150.bpl
2017-04-24 22:55 - 2014-05-13 11:04 - 000416600 _____ () C:\Program Files (x86)\Spybot - Search & Destroy 2\DEC150.bpl
2017-04-24 22:55 - 2014-05-13 11:04 - 000167768 _____ () C:\Program Files (x86)\Spybot - Search & Destroy 2\snlFileFormats150.bpl
2013-03-06 23:49 - 2013-03-06 23:49 - 000626240 _____ () C:\Program Files (x86)\CyberLink\Power2Go\CLMediaLibrary.dll
2013-03-06 23:52 - 2013-03-06 23:52 - 000015424 _____ () C:\Program Files (x86)\CyberLink\Power2Go\CLMLSvcPS.dll
2015-05-05 10:11 - 2011-08-02 22:58 - 002201088 _____ () C:\Program Files\Lenovo\Communications Utility\cxcore210.dll
2015-05-05 10:11 - 2011-08-02 22:58 - 002085888 _____ () C:\Program Files\Lenovo\Communications Utility\cv210.dll
2017-04-24 22:55 - 2012-08-23 09:38 - 000574840 _____ () C:\Program Files (x86)\Spybot - Search & Destroy 2\sqlite3.dll
2017-04-24 22:55 - 2012-04-03 16:06 - 000565640 _____ () C:\Program Files (x86)\Spybot - Search & Destroy 2\av\BDSmartDB.dll
2014-10-10 11:37 - 2014-10-10 11:37 - 001243936 _____ () C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\ACE.dll
 
==================== Alternate Data Streams (Whitelisted) =========
 
(If an entry is included in the fixlist, only the ADS will be removed.)
 
AlternateDataStreams: C:\Windows:nlsPreferences [386]
 
==================== Safe Mode (Whitelisted) ===================
 
(If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)
 
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MBAMService => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\MBAMService => ""="Service"
 
==================== Association (Whitelisted) ===============
 
(If an entry is included in the fixlist, the registry item will be restored to default or removed.)
 
 
==================== Internet Explorer trusted/restricted ===============
 
(If an entry is included in the fixlist, it will be removed from the registry.)
 
IE restricted site: HKU\.DEFAULT\...\007guard.com -> install.007guard.com
IE restricted site: HKU\.DEFAULT\...\008i.com -> 008i.com
IE restricted site: HKU\.DEFAULT\...\008k.com -> www.008k.com
IE restricted site: HKU\.DEFAULT\...\00hq.com -> www.00hq.com
IE restricted site: HKU\.DEFAULT\...\010402.com -> 010402.com
IE restricted site: HKU\.DEFAULT\...\032439.com -> 80gw6ry3i3x3qbrkwhxhw.032439.com
IE restricted site: HKU\.DEFAULT\...\0scan.com -> www.0scan.com
IE restricted site: HKU\.DEFAULT\...\1-2005-search.com -> www.1-2005-search.com
IE restricted site: HKU\.DEFAULT\...\1-domains-registrations.com -> www.1-domains-registrations.com
IE restricted site: HKU\.DEFAULT\...\1000gratisproben.com -> www.1000gratisproben.com
IE restricted site: HKU\.DEFAULT\...\1001namen.com -> www.1001namen.com
IE restricted site: HKU\.DEFAULT\...\100888290cs.com -> mir.100888290cs.com
IE restricted site: HKU\.DEFAULT\...\100sexlinks.com -> www.100sexlinks.com
IE restricted site: HKU\.DEFAULT\...\10sek.com -> www.10sek.com
IE restricted site: HKU\.DEFAULT\...\12-26.net -> user1.12-26.net
IE restricted site: HKU\.DEFAULT\...\12-27.net -> user1.12-27.net
IE restricted site: HKU\.DEFAULT\...\123fporn.info -> www.123fporn.info
IE restricted site: HKU\.DEFAULT\...\123haustiereundmehr.com -> www.123haustiereundmehr.com
IE restricted site: HKU\.DEFAULT\...\123moviedownload.com -> www.123moviedownload.com
IE restricted site: HKU\.DEFAULT\...\123simsen.com -> www.123simsen.com
 
There are 7936 more sites.
 
IE restricted site: HKU\S-1-5-21-3035152817-1234986613-3461963699-1000\...\007guard.com -> install.007guard.com
IE restricted site: HKU\S-1-5-21-3035152817-1234986613-3461963699-1000\...\008i.com -> 008i.com
IE restricted site: HKU\S-1-5-21-3035152817-1234986613-3461963699-1000\...\008k.com -> www.008k.com
IE restricted site: HKU\S-1-5-21-3035152817-1234986613-3461963699-1000\...\00hq.com -> www.00hq.com
IE restricted site: HKU\S-1-5-21-3035152817-1234986613-3461963699-1000\...\010402.com -> 010402.com
IE restricted site: HKU\S-1-5-21-3035152817-1234986613-3461963699-1000\...\032439.com -> 80gw6ry3i3x3qbrkwhxhw.032439.com
IE restricted site: HKU\S-1-5-21-3035152817-1234986613-3461963699-1000\...\0scan.com -> www.0scan.com
IE restricted site: HKU\S-1-5-21-3035152817-1234986613-3461963699-1000\...\1-2005-search.com -> www.1-2005-search.com
IE restricted site: HKU\S-1-5-21-3035152817-1234986613-3461963699-1000\...\1-domains-registrations.com -> www.1-domains-registrations.com
IE restricted site: HKU\S-1-5-21-3035152817-1234986613-3461963699-1000\...\1000gratisproben.com -> www.1000gratisproben.com
IE restricted site: HKU\S-1-5-21-3035152817-1234986613-3461963699-1000\...\1001namen.com -> www.1001namen.com
IE restricted site: HKU\S-1-5-21-3035152817-1234986613-3461963699-1000\...\100888290cs.com -> mir.100888290cs.com
IE restricted site: HKU\S-1-5-21-3035152817-1234986613-3461963699-1000\...\100sexlinks.com -> www.100sexlinks.com
IE restricted site: HKU\S-1-5-21-3035152817-1234986613-3461963699-1000\...\10sek.com -> www.10sek.com
IE restricted site: HKU\S-1-5-21-3035152817-1234986613-3461963699-1000\...\12-26.net -> user1.12-26.net
IE restricted site: HKU\S-1-5-21-3035152817-1234986613-3461963699-1000\...\12-27.net -> user1.12-27.net
IE restricted site: HKU\S-1-5-21-3035152817-1234986613-3461963699-1000\...\123fporn.info -> www.123fporn.info
IE restricted site: HKU\S-1-5-21-3035152817-1234986613-3461963699-1000\...\123haustiereundmehr.com -> www.123haustiereundmehr.com
IE restricted site: HKU\S-1-5-21-3035152817-1234986613-3461963699-1000\...\123moviedownload.com -> www.123moviedownload.com
IE restricted site: HKU\S-1-5-21-3035152817-1234986613-3461963699-1000\...\123simsen.com -> www.123simsen.com
 
There are 7936 more sites.
 
 
==================== Hosts content: ==========================
 
(If needed Hosts: directive could be included in the fixlist to reset Hosts.)
 
2009-07-13 21:34 - 2017-07-07 23:32 - 000454570 ____N C:\Windows\system32\Drivers\etc\hosts
 
127.0.0.1 www.007guard.com
127.0.0.1 007guard.com
127.0.0.1 008i.com
127.0.0.1 www.008k.com
127.0.0.1 008k.com
127.0.0.1 www.00hq.com
127.0.0.1 00hq.com
127.0.0.1 010402.com
127.0.0.1 www.032439.com
127.0.0.1 032439.com
127.0.0.1 www.0scan.com
127.0.0.1 0scan.com
127.0.0.1 1000gratisproben.com
127.0.0.1 www.1000gratisproben.com
127.0.0.1 1001namen.com
127.0.0.1 www.1001namen.com
127.0.0.1 100888290cs.com
127.0.0.1 www.100888290cs.com
127.0.0.1 www.100sexlinks.com
127.0.0.1 100sexlinks.com
127.0.0.1 10sek.com
127.0.0.1 www.10sek.com
127.0.0.1 www.1-2005-search.com
127.0.0.1 1-2005-search.com
127.0.0.1 123fporn.info
127.0.0.1 www.123fporn.info
127.0.0.1 www.123haustiereundmehr.com
127.0.0.1 123haustiereundmehr.com
127.0.0.1 123moviedownload.com
127.0.0.1 www.123moviedownload.com
 
There are 15600 more lines.
 
 
==================== Other Areas ============================
 
(Currently there is no automatic fix for this section.)
 
HKU\S-1-5-21-3035152817-1234986613-3461963699-1000\Control Panel\Desktop\\Wallpaper -> C:\Users\LenovoThinkPadOwner\AppData\Roaming\Microsoft\Windows\Themes\TranscodedWallpaper.jpg
DNS Servers: 10.0.0.1
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1)
Windows Firewall is enabled.
 
==================== MSCONFIG/TASK MANAGER disabled items ==
 
 
==================== FirewallRules (Whitelisted) ===============
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
FirewallRules: [SPPSVC-In-TCP] => (Allow) %SystemRoot%\system32\sppsvc.exe
FirewallRules: [SPPSVC-In-TCP-NoScope] => (Allow) %SystemRoot%\system32\sppsvc.exe
FirewallRules: [{07C18E5C-87A5-45CD-BCF4-8CEED8E2C67E}] => (Allow) C:\Program Files\Intel\WiFi\bin\PanDhcpDns.exe
FirewallRules: [{83C3732F-B394-4356-BC4B-8A7E607FFE14}] => (Allow) C:\Program Files (x86)\Lenovo\QuickControl\QuickControlService.exe
FirewallRules: [{E29365C0-E824-468B-89BD-1A2C2E26BCB4}] => (Allow) C:\Program Files (x86)\Lenovo\QuickControl\QuickControlService.exe
FirewallRules: [{F41BBAD5-E8AD-4730-A53D-95BBA47D3C9F}] => (Allow) C:\Program Files (x86)\CyberLink\PowerDVD12\Movie\PowerDVD Cinema\PowerDVDCinema12.exe
FirewallRules: [{373FB956-0F52-48BD-A7E5-CC2AFEA5978F}] => (Allow) C:\Program Files\Intel Corporation\Intel WiDi\WiDiApp.exe
FirewallRules: [{6FB9E8BF-66AF-49D8-84C5-EE7444B2E208}] => (Allow) C:\Program Files\HP\HP Officejet Pro 6830\bin\FaxApplications.exe
FirewallRules: [{5F8AD6E3-B841-4D12-B88C-BDC124F2D6C3}] => (Allow) C:\Program Files\HP\HP Officejet Pro 6830\bin\DigitalWizards.exe
FirewallRules: [{93E8850C-EC9D-4559-83CC-82AEA019D19E}] => (Allow) C:\Program Files\HP\HP Officejet Pro 6830\bin\SendAFax.exe
FirewallRules: [{56E5B262-F7C8-4930-B23A-4B7D8FDB93D3}] => (Allow) C:\Program Files\HP\HP Officejet Pro 6830\Bin\DeviceSetup.exe
FirewallRules: [{0C13FC03-BECA-413F-A7B4-5132B09581BB}] => (Allow) LPort=5357
FirewallRules: [{D6EF55BA-3FCF-4AE0-A218-D32369BBB652}] => (Allow) C:\Program Files\HP\HP Officejet Pro 6830\Bin\HPNetworkCommunicatorCom.exe
FirewallRules: [{48F2CECA-B015-488A-B4E7-93ED669CE8C4}] => (Allow) C:\Program Files (x86)\Steam\Steam.exe
FirewallRules: [{25DFAE54-9A2D-43A3-A955-2255C93EB7C3}] => (Allow) C:\Program Files (x86)\Steam\Steam.exe
FirewallRules: [{5E5976AC-AEA6-45CB-B655-A3F2CD71F824}] => (Allow) C:\Program Files (x86)\Steam\bin\cef\cef.win7\steamwebhelper.exe
FirewallRules: [{D3B2FA97-01E9-4B8B-AF5E-5458D4A8BCEF}] => (Allow) C:\Program Files (x86)\Steam\bin\cef\cef.win7\steamwebhelper.exe
FirewallRules: [{6AE60B5D-BE01-4F82-A3E6-D4061EFE8530}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\MapleStory\nxsteam.exe
FirewallRules: [{544A5337-199B-45F6-8162-A397CC7BDD1A}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\MapleStory\nxsteam.exe
FirewallRules: [{71EACDBE-1275-4CAA-8EB3-E3499527F0F1}] => (Allow) LPort=15600
FirewallRules: [{1ED07467-4EB0-43D1-A7A1-ADC3B5D267F0}] => (Allow) C:\Program Files (x86)\Lenovo\Connect2\Connect2.exe
FirewallRules: [{450D73AF-2AF9-4AC0-A43B-0A98B944ABC4}] => (Allow) C:\Program Files (x86)\Lenovo\Connect2\Connect2.exe
FirewallRules: [{287CFAAC-20BF-46CB-BF8B-D2C113C65D85}] => (Allow) C:\Program Files (x86)\Lenovo\Connect2\Connect2.exe
FirewallRules: [{77C27AAB-E776-49F8-A580-52B60C324B75}] => (Allow) C:\Program Files (x86)\Skype\Phone\Skype.exe
FirewallRules: [{38CFB366-1E14-4891-9E83-C3B3F449AE96}] => (Allow) C:\Program Files (x86)\Lenovo\System Update\uncserver.exe
FirewallRules: [{AF96339C-CCB5-4D45-A741-C95887517BB0}] => (Allow) C:\Program Files (x86)\Lenovo\System Update\uncserver.exe
FirewallRules: [{03F29033-20D4-45D3-B742-E0CD7E2C0A06}] => (Allow) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
StandardProfile\AuthorizedApplications: [C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe] => Enabled:Spybot - Search & Destroy tray access
StandardProfile\AuthorizedApplications: [C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe] => Enabled:Spybot-S&D 2 Scanner Service
StandardProfile\AuthorizedApplications: [C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdate.exe] => Enabled:Spybot-S&D 2 Updater
StandardProfile\AuthorizedApplications: [C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe] => Enabled:Spybot-S&D 2 Background update service
 
==================== Restore Points =========================
 
17-02-2018 20:59:34 Windows Update
20-02-2018 21:07:22 Windows Update
24-02-2018 21:08:53 Windows Update
28-02-2018 16:40:31 Windows Update
04-03-2018 16:55:16 Windows Update
 
==================== Faulty Device Manager Devices =============
 
 
==================== Event log errors: =========================
 
Application errors:
==================
Error: (03/06/2018 10:37:07 AM) (Source: WinMgmt) (EventID: 10) (User: )
Description: Event filter with query "SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 99" could not be reactivated in namespace "//./root/CIMV2" because of error 0x80041003. Events cannot be delivered through this filter until the problem is corrected.
 
Error: (03/05/2018 06:22:15 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: svchost.exe_WbioSrvc, version: 6.1.7600.16385, time stamp: 0x4a5bc3c1
Faulting module name: KERNELBASE.dll, version: 6.1.7601.24000, time stamp: 0x5a499b18
Exception code: 0x80004004
Fault offset: 0x000000000001a06d
Faulting process id: 0x386c
Faulting application start time: 0x01d3b4a115dc5d1a
Faulting application path: C:\Windows\system32\svchost.exe
Faulting module path: C:\Windows\system32\KERNELBASE.dll
Report Id: 099ab8d5-20cc-11e8-8038-34e6ad03fb46
 
Error: (03/05/2018 06:19:34 AM) (Source: Validity USDK) (EventID: 44) (User: )
Description: Event-ID 44
 
Error: (03/05/2018 06:19:34 AM) (Source: Validity USDK) (EventID: 44) (User: )
Description: Event-ID 44
 
Error: (03/05/2018 06:19:34 AM) (Source: Validity USDK) (EventID: 44) (User: )
Description: Event-ID 44
 
Error: (03/05/2018 06:19:33 AM) (Source: Validity USDK) (EventID: 44) (User: )
Description: Event-ID 44
 
Error: (03/04/2018 04:56:08 PM) (Source: Microsoft-Windows-CAPI2) (EventID: 513) (User: )
Description: Cryptographic Services failed while processing the OnIdentity() call in the System Writer Object.
 
Details:
AddLegacyDriverFiles: Unable to back up image of binary MpKsld3b042b3.
 
System Error:
The system cannot find the file specified.
.
 
Error: (03/03/2018 05:33:26 AM) (Source: MsiInstaller) (EventID: 11714) (User: NT AUTHORITY)
Description: Product: Adobe Refresh Manager -- Error 1714.The older version of Adobe Refresh Manager cannot be removed.  Contact your technical support group.  System Error 1612.
 
 
System errors:
=============
Error: (03/06/2018 10:38:27 AM) (Source: Service Control Manager) (EventID: 7022) (User: )
Description: The Amazon Meter service hung on starting.
 
Error: (03/06/2018 10:35:21 AM) (Source: EventLog) (EventID: 6008) (User: )
Description: The previous system shutdown at 10:34:12 AM on ‎3/‎6/‎2018 was unexpected.
 
Error: (03/06/2018 10:28:57 AM) (Source: Service Control Manager) (EventID: 7011) (User: )
Description: A timeout (30000 milliseconds) was reached while waiting for a transaction response from the ValBioService service.
 
Error: (03/06/2018 10:27:56 AM) (Source: Service Control Manager) (EventID: 7011) (User: )
Description: A timeout (30000 milliseconds) was reached while waiting for a transaction response from the MBAMService service.
 
Error: (03/06/2018 01:59:38 AM) (Source: Service Control Manager) (EventID: 7011) (User: )
Description: A timeout (30000 milliseconds) was reached while waiting for a transaction response from the IBMPMSVC service.
 
Error: (03/06/2018 01:38:34 AM) (Source: Service Control Manager) (EventID: 7011) (User: )
Description: A timeout (30000 milliseconds) was reached while waiting for a transaction response from the IBMPMSVC service.
 
Error: (03/06/2018 12:55:51 AM) (Source: Service Control Manager) (EventID: 7011) (User: )
Description: A timeout (30000 milliseconds) was reached while waiting for a transaction response from the IBMPMSVC service.
 
Error: (03/05/2018 11:33:38 PM) (Source: Service Control Manager) (EventID: 7011) (User: )
Description: A timeout (30000 milliseconds) was reached while waiting for a transaction response from the IBMPMSVC service.
 
 
Windows Defender:
===================================
Date: 2017-01-18 16:36:25.583
Description: 
Windows Defender has encountered an error trying to load signatures and will attempt reverting back to a known-good set of signatures.
Signatures Attempted:Current
Error Code:0x8050800d
Error description:Some history items could not be displayed. Please wait a few minutes and try again. If that doesn't work, clear the history and then try again. 
Signature version:1.235.585.0
Engine version:1.1.13407.0
 
CodeIntegrity:
===================================
 
Date: 2017-05-15 11:16:42.079
Description: 
Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\Program Files (x86)\Lenovo\System Update\ApsIns64.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.
 
Date: 2017-05-15 11:16:42.078
Description: 
Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\Program Files (x86)\Lenovo\System Update\ApsIns64.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.
 
Date: 2017-05-07 17:54:59.944
Description: 
Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\Program Files (x86)\Lenovo\System Update\ApsIns64.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.
 
Date: 2017-05-07 17:54:59.943
Description: 
Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\Program Files (x86)\Lenovo\System Update\ApsIns64.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.
 
Date: 2017-05-07 17:54:11.300
Description: 
Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\Program Files (x86)\Lenovo\System Update\ApsIns64.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.
 
Date: 2017-05-07 17:54:11.299
Description: 
Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\Program Files (x86)\Lenovo\System Update\ApsIns64.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.
 
Date: 2017-04-30 17:53:11.689
Description: 
Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\Program Files (x86)\Lenovo\System Update\ApsIns64.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.
 
Date: 2017-04-30 17:53:11.689
Description: 
Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\Program Files (x86)\Lenovo\System Update\ApsIns64.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.
 
==================== Memory info =========================== 
 
Processor: Intel® Core™ i3-4005U CPU @ 1.70GHz
Percentage of memory in use: 80%
Total physical RAM: 3836.24 MB
Available physical RAM: 758.9 MB
Total Virtual: 7670.65 MB
Available Virtual: 3914.7 MB
 
==================== Drives ================================
 
Drive c: (Windows7_OS) (Fixed) (Total:447.43 GB) (Free:262.53 GB) NTFS ==>[system with boot components (obtained from drive)]
Drive q: (Lenovo_Recovery) (Fixed) (Total:16.86 GB) (Free:5 GB) NTFS
 
\\?\Volume{6805e0c9-4dd4-11e6-b462-806e6f6e6963}\ (SYSTEM_DRV) (Fixed) (Total:1.46 GB) (Free:1.06 GB) NTFS
 
==================== MBR & Partition Table ==================
 
========================================================
Disk: 0 (Size: 465.8 GB) (Disk ID: 675C1CE5)
Partition 1: (Active) - (Size=1.5 GB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=447.4 GB) - (Type=07 NTFS)
Partition 3: (Not Active) - (Size=16.9 GB) - (Type=07 NTFS)
 
==================== End of Addition.txt ============================
 
 
 
 
 
 
Users shortcut scan result (x64) Version: 04.03.2018
Ran by LenovoThinkPadOwner (06-03-2018 13:37:47)
Running from C:\Users\LenovoThinkPadOwner\Downloads
Boot Mode: Normal
 
==================== Shortcuts =============================
 
(The entries could be listed to be restored or removed.)
 
 
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Acrobat Reader DC.lnk -> C:\Windows\Installer\{AC76BA86-7AD7-1033-7B44-AC0F074E4100}\SC_Reader.ico (Flexera Software LLC)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk -> C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\I.R.I.S. OCR Registration.lnk -> C:\Program Files (x86)\HP\IrisOCR_12.3.4.0\regipe.exe (I.R.I.S. Image Recognition Integarted Systems)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Intel® WiDi.lnk -> C:\Program Files\Intel Corporation\Intel WiDi\WiDiApp.exe (Intel Corporation)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Media Center.lnk -> C:\Windows\ehome\ehshell.exe (Microsoft Corporation)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Security Essentials.lnk -> C:\Program Files\Microsoft Security Client\msseces.exe (Microsoft Corporation)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Nitro Pro 9.lnk -> C:\Program Files\Nitro\Pro 9\NitroPDF.exe (Nitro PDF)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Spybot-S&D Start Center.lnk -> C:\Program Files (x86)\Spybot - Search & Destroy 2\SDWelcome.exe (Safer-Networking Ltd.)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows Anytime Upgrade.lnk -> C:\Windows\System32\WindowsAnytimeUpgradeUI.exe (Microsoft Corporation)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows DVD Maker.lnk -> C:\Program Files\DVD Maker\DVDMaker.exe (Microsoft Corporation)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows Fax and Scan.lnk -> C:\Windows\System32\WFS.exe (Microsoft Corporation)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\XPS Viewer.lnk -> C:\Windows\System32\xpsrchvw.exe (Microsoft Corporation)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\VideoLAN\Documentation.lnk -> C:\Program Files\VideoLAN\VLC\Documentation.url ()
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\VideoLAN\Release Notes.lnk -> C:\Program Files\VideoLAN\VLC\NEWS.txt ()
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\VideoLAN\VideoLAN Website.lnk -> C:\Program Files\VideoLAN\VLC\VideoLAN Website.url ()
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\VideoLAN\VLC media player.lnk -> C:\Program Files\VideoLAN\VLC\vlc.exe (VideoLAN)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Steam\Steam.lnk -> C:\Program Files (x86)\Steam\Steam.exe (Valve Corporation)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Spybot - Search & Destroy 2\Create System Report.lnk -> C:\Program Files (x86)\Spybot - Search & Destroy 2\SDLogReport.exe (Safer-Networking Ltd.)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Spybot - Search & Destroy 2\File Scan.lnk -> C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFiles.exe (Safer-Networking Ltd.)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Spybot - Search & Destroy 2\Immunization.lnk -> C:\Program Files (x86)\Spybot - Search & Destroy 2\SDImmunize.exe (Safer-Networking Ltd.)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Spybot - Search & Destroy 2\Rootkit Scan.lnk -> C:\Program Files (x86)\Spybot - Search & Destroy 2\SDRootAlyzer.exe (Safer-Networking Ltd.)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Spybot - Search & Destroy 2\Spybot-S&D Start Center.lnk -> C:\Program Files (x86)\Spybot - Search & Destroy 2\SDWelcome.exe (Safer-Networking Ltd.)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Spybot - Search & Destroy 2\System Scan.lnk -> C:\Program Files (x86)\Spybot - Search & Destroy 2\SDScan.exe (Safer-Networking Ltd.)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Spybot - Search & Destroy 2\Tray Icon (Live Protection).lnk -> C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe (Safer-Networking Ltd.)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Spybot - Search & Destroy 2\Uninstall Spybot-S&D.lnk -> C:\Program Files (x86)\Spybot - Search & Destroy 2\unins000.exe ()
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Skype\Skype.lnk -> C:\Program Files (x86)\Skype\Phone\Skype.exe (Skype Technologies S.A.)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ShopTracker\ShopTracker.lnk -> C:\Program Files (x86)\ShopTracker\AmazonMeter\AmazonMeter.exe (VL)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ShopTracker\Uninstall.lnk -> C:\Program Files (x86)\ShopTracker\uninst.exe (The Nielsen Company)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ShopTracker\Website.lnk -> C:\Program Files (x86)\ShopTracker\ShopTracker.url ()
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\PowerDVD Create\PowerDVD Create.lnk -> C:\Program Files (x86)\CyberLink\PowerDVD Create\PDVDCreate.exe (CyberLink Corp.)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\PowerDVD Create\PowerDVD.lnk -> C:\Program Files (x86)\CyberLink\PowerDVD12\PDVDLaunchPolicy.exe (CyberLink Corp.)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\PowerDVD Create\Power2Go\ISO Viewer.lnk -> C:\Program Files (x86)\CyberLink\Power2Go\IsoViewer.exe (CyberLink Corp.)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\PowerDVD Create\Power2Go\Power2Go.lnk -> C:\Program Files (x86)\CyberLink\Power2Go\Power2Go.exe (CyberLink Corp.)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\PowerDVD Create\CyberLink PowerProducer 5.5\CyberLink PowerProducer 5.5.lnk -> C:\Program Files (x86)\CyberLink\PowerProducer\Producer.exe (CyberLink Corporation)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Silverlight\Microsoft Silverlight.lnk -> C:\Program Files\Microsoft Silverlight\5.1.50907.0\Silverlight.Configuration.exe (Microsoft Corporation)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes\Malwarebytes.lnk -> C:\Program Files\Malwarebytes\Anti-Malware\mbam.exe (Malwarebytes)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Maintenance\Create Recovery Disc.lnk -> C:\Windows\System32\recdisc.exe (Microsoft Corporation)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Maintenance\Remote Assistance.lnk -> C:\Windows\System32\msra.exe (Microsoft Corporation)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Lenovo ThinkVantage Tools\Active Protection System.lnk -> C:\Windows\System32\TpShCPL.cpl (Lenovo.)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Lenovo ThinkVantage Tools\Create Recovery Media.lnk -> C:\Program Files (x86)\Lenovo\Factory Recovery\recovburncd.exe ()
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Lenovo ThinkVantage Tools\Lenovo QuickControl.lnk -> C:\Program Files (x86)\Lenovo\QuickControl\QuickControlUI.exe ()
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Lenovo ThinkVantage Tools\Lenovo User Guide.lnk -> C:\ProgramData\Lenovo\userguides\viewer\LenovoUserGuide.exe (Lenovo)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Lenovo ThinkVantage Tools\Power Manager.lnk -> C:\Program Files (x86)\ThinkPad\Utilities\PWMUI.EXE (Lenovo Group Limited)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Lenovo ThinkVantage Tools\Warranty Information.lnk -> C:\Program Files (x86)\Lenovo\Warranty Viewer\WarrantyViewer.exe ()
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Lenovo\Lenovo QuickControl.lnk -> C:\Program Files (x86)\Lenovo\QuickControl\QuickControlUI.exe ()
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Lenovo\System Update.lnk -> C:\Program Files (x86)\Lenovo\System Update\tvsu.exe ()
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Lenovo\REACHit\REACHit.lnk -> C:\Program Files (x86)\Lenovo\REACHit\REACHitAgent.exe (Lenovo)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Lenovo\Lenovo Solution Center\Lenovo Solution Center.lnk -> C:\Program Files\Lenovo\Lenovo Solution Center\LSC.exe (Lenovo)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Java\Configure Java.lnk -> C:\Program Files\Java\jre1.8.0_144\bin\javacpl.exe (Oracle Corporation)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Intel Corporation\Intel® WiDi Remote.lnk -> C:\Program Files\Intel Corporation\Intel WiDi\WiDiRemoteApp\WiDiRemoteApp.exe (Intel Corporation)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Intel Corporation\Intel® WiDi\Intel® WiDi.lnk -> C:\Program Files\Intel Corporation\Intel WiDi\WiDiApp.exe (Intel Corporation)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\HP\HP Update.lnk -> C:\Program Files (x86)\HP\HP Software Update\hpwucli.exe (Hewlett-Packard)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\HP\HP Officejet Pro 6830\Help.lnk -> C:\Program Files (x86)\HP\HP Officejet Pro 6830\bin\HelpViewer\hpqlpvwr.exe (Hewlett-Packard Development Company, LP)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\HP\HP Officejet Pro 6830\HP Online Printer Diagnostic Tools.lnk -> C:\Program Files\HP\HP Officejet Pro 6830\DiagnosticToolsShortcut.url ()
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\HP\HP Officejet Pro 6830\HP Scan.lnk -> C:\Program Files (x86)\HP\HP Officejet Pro 6830\bin\HPScan.exe (Hewlett-Packard Development Company, LP)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\HP\HP Officejet Pro 6830\Printer Setup & Software.lnk -> C:\Program Files\HP\HP Officejet Pro 6830\Bin\DeviceSetupLauncher.exe (Hewlett-Packard Development Company, LP)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\HP\HP Officejet Pro 6830\Product Support Website.lnk -> C:\Program Files\HP\HP Officejet Pro 6830\ProductSupportShortcut.url ()
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\HP\HP Officejet Pro 6830\Shop for Supplies.lnk -> C:\Program Files\HP\HP Officejet Pro 6830\Bin\hpqDTSS.exe (Hewlett-Packard Development Company, LP)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\HP\HP Officejet Pro 6830\Wireless Printing Online Help.lnk -> C:\Program Files\HP\HP Officejet Pro 6830\WirelessEasyShortcut.url ()
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Games\GameExplorer.lnk -> C:\Windows\System32\gameux.dll (Microsoft Corporation)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Fingerprint Reader\Lenovo Fingerprint Manager.lnk -> C:\Program Files\Lenovo Fingerprint Reader\Lenovo Fingerprint Manager.exe (Validity Sensors, Inc.)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Dolby\Dolby Profile.lnk -> C:\Program Files (x86)\Dolby Advanced Audio v2\pcee4e.exe (Dolby Laboratories Inc.)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Connect2\Connect2.lnk -> C:\Program Files (x86)\Lenovo\Connect2\Connect2.exe (Lenovo)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CCleaner\CCleaner.lnk -> C:\Program Files\CCleaner\CCleaner64.exe (Piriform Ltd)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AVS4YOU\Activation.lnk -> C:\Program Files (x86)\AVS4YOU\Registration.exe (Online Media Technologies Ltd.)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AVS4YOU\Help.lnk -> C:\Program Files (x86)\AVS4YOU\AVS4YOUHelp.chm ()
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AVS4YOU\License Agreement.lnk -> C:\Program Files (x86)\AVS4YOU\License Agreement.rtf ()
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AVS4YOU\Video\AVS Video Editor.lnk -> C:\Program Files (x86)\AVS4YOU\AVSVideoEditor\AVSVideoEditor.exe (Online Media Technologies Ltd.)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Administrative Tools\Component Services.lnk -> C:\Windows\System32\comexp.msc ()
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Administrative Tools\Data Sources (ODBC).lnk -> C:\Windows\System32\odbcad32.exe (Microsoft Corporation)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Administrative Tools\iSCSI Initiator.lnk -> C:\Windows\System32\iscsicpl.exe (Microsoft Corporation)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Administrative Tools\Memory Diagnostics Tool.lnk -> C:\Windows\System32\MdSched.exe (Microsoft Corporation)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Administrative Tools\Print Management.lnk -> C:\Windows\System32\printmanagement.msc ()
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Administrative Tools\services.lnk -> C:\Windows\System32\services.msc ()
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Administrative Tools\System Configuration.lnk -> C:\Windows\System32\msconfig.exe (Microsoft Corporation)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Administrative Tools\Windows Firewall with Advanced Security.lnk -> C:\Windows\System32\WF.msc ()
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories\Bluetooth File Transfer Wizard.lnk -> C:\Windows\System32\fsquirt.exe (Microsoft Corporation)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories\Calculator.lnk -> C:\Windows\System32\calc.exe (Microsoft Corporation)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories\displayswitch.lnk -> C:\Windows\System32\displayswitch.exe (Microsoft Corporation)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories\Math Input Panel.lnk -> C:\Program Files\Common Files\Microsoft Shared\ink\mip.exe (Microsoft Corporation)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories\NetworkProjection.lnk -> C:\Windows\System32\NetProj.exe (Microsoft Corporation)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories\Paint.lnk -> C:\Windows\System32\mspaint.exe (Microsoft Corporation)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories\Remote Desktop Connection.lnk -> C:\Windows\System32\mstsc.exe (Microsoft Corporation)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories\Snipping Tool.lnk -> C:\Windows\System32\SnippingTool.exe (Microsoft Corporation)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories\Sound Recorder.lnk -> C:\Windows\System32\SoundRecorder.exe (Microsoft Corporation)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories\Sticky Notes.lnk -> C:\Windows\System32\StikyNot.exe (Microsoft Corporation)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories\Sync Center.lnk -> C:\Windows\System32\mobsync.exe (Microsoft Corporation)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories\Wordpad.lnk -> C:\Program Files\Windows NT\Accessories\wordpad.exe (Microsoft Corporation)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories\Windows PowerShell\Windows PowerShell (x86).lnk -> C:\Windows\SysWOW64\Windowspowershell\v1.0\powershell.exe (Microsoft Corporation)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories\Windows PowerShell\Windows PowerShell ISE (x86).lnk -> C:\Windows\SysWOW64\WindowsPowerShell\v1.0\PowerShell_ISE.exe (Microsoft Corporation)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories\Windows PowerShell\Windows PowerShell ISE.lnk -> C:\Windows\System32\WindowsPowerShell\v1.0\PowerShell_ISE.exe (Microsoft Corporation)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories\Windows PowerShell\Windows PowerShell.lnk -> C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe (Microsoft Corporation)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories\Tablet PC\ShapeCollector.lnk -> C:\Program Files\Common Files\Microsoft Shared\ink\ShapeCollector.exe (Microsoft Corporation)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories\Tablet PC\TabTip.lnk -> C:\Program Files\Common Files\Microsoft Shared\ink\TabTip.exe (Microsoft Corporation)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories\System Tools\Character Map.lnk -> C:\Windows\System32\charmap.exe (Microsoft Corporation)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories\System Tools\dfrgui.lnk -> C:\Windows\System32\dfrgui.exe (Microsoft Corporation)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories\System Tools\Disk Cleanup.lnk -> C:\Windows\System32\cleanmgr.exe (Microsoft Corporation)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories\System Tools\System Information.lnk -> C:\Windows\System32\msinfo32.exe (Microsoft Corporation)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories\System Tools\System Restore.lnk -> C:\Windows\System32\rstrui.exe (Microsoft Corporation)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories\System Tools\Windows Easy Transfer Reports.lnk -> C:\Windows\System32\migwiz\PostMig.exe (Microsoft Corporation)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories\System Tools\Windows Easy Transfer.lnk -> C:\Windows\System32\migwiz\migwiz.exe (Microsoft Corporation)
Shortcut: C:\ProgramData\Microsoft\Internet Explorer\Quick Launch\Spybot-S&D Start Center.lnk -> C:\Program Files (x86)\Spybot - Search & Destroy 2\SDWelcome.exe (Safer-Networking Ltd.)
Shortcut: C:\ProgramData\Microsoft\Internet Explorer\Quick Launch\System Scan.lnk -> C:\Program Files (x86)\Spybot - Search & Destroy 2\SDScan.exe (Safer-Networking Ltd.)
Shortcut: C:\Users\Default\Links\OneDrive.lnk -> C:\Program Files (x86)\Microsoft OneDrive\OneDriveSetup.exe (Microsoft Corporation)
Shortcut: C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Microsoft OneDrive.lnk -> C:\Program Files (x86)\Microsoft OneDrive\OneDriveSetup.exe (Microsoft Corporation)
Shortcut: C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Maintenance\Help.lnk -> C:\Windows\System32\shell32.dll (Microsoft Corporation)
Shortcut: C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories\Command Prompt.lnk -> C:\Windows\System32\cmd.exe (Microsoft Corporation)
Shortcut: C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories\Notepad.lnk -> C:\Windows\System32\notepad.exe (Microsoft Corporation)
Shortcut: C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories\Run.lnk -> C:\Windows\System32\shell32.dll (Microsoft Corporation)
Shortcut: C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories\Windows Explorer.lnk -> C:\Windows\explorer.exe (Microsoft Corporation)
Shortcut: C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories\System Tools\computer.lnk -> C:\Windows\System32\imageres.dll (Microsoft Corporation)
Shortcut: C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories\System Tools\Control Panel.lnk -> C:\Windows\System32\imageres.dll (Microsoft Corporation)
Shortcut: C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories\System Tools\Private Character Editor.lnk -> C:\Windows\System32\eudcedit.exe (Microsoft Corporation)
Shortcut: C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories\Accessibility\Magnify.lnk -> C:\Windows\System32\Magnify.exe (Microsoft Corporation)
Shortcut: C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories\Accessibility\Narrator.lnk -> C:\Windows\System32\Narrator.exe (Microsoft Corporation)
Shortcut: C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories\Accessibility\On-Screen Keyboard.lnk -> C:\Windows\System32\osk.exe (Microsoft Corporation)
Shortcut: C:\Users\Default\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Shows Desktop.lnk -> C:\Windows\System32\imageres.dll (Microsoft Corporation)
Shortcut: C:\Users\Default\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Window Switcher.lnk -> C:\Windows\explorer.exe (Microsoft Corporation)
Shortcut: C:\Users\LenovoThinkPadOwner\Links\Desktop.lnk -> C:\Users\LenovoThinkPadOwner\Desktop ()
Shortcut: C:\Users\LenovoThinkPadOwner\Links\Downloads.lnk -> C:\Users\LenovoThinkPadOwner\Downloads ()
Shortcut: C:\Users\LenovoThinkPadOwner\Links\OneDrive.lnk -> C:\Program Files (x86)\Microsoft OneDrive\OneDriveSetup.exe (Microsoft Corporation)
Shortcut: C:\Users\LenovoThinkPadOwner\Links\RecentPlaces.lnk -> [::{22877A6D-37A1-461A-91B0-DBDA5AAEBC99}]
Shortcut: C:\Users\LenovoThinkPadOwner\Desktop\AVS Video Editor.lnk -> C:\Program Files (x86)\AVS4YOU\AVSVideoEditor\AVSVideoEditor.exe (Online Media Technologies Ltd.)
Shortcut: C:\Users\LenovoThinkPadOwner\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk -> C:\Program Files\Internet Explorer\iexplore.exe (Microsoft Corporation)
Shortcut: C:\Users\LenovoThinkPadOwner\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Microsoft OneDrive.lnk -> C:\Program Files (x86)\Microsoft OneDrive\OneDriveSetup.exe (Microsoft Corporation)
Shortcut: C:\Users\LenovoThinkPadOwner\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Steam\Steam.lnk -> C:\Program Files (x86)\Steam\Steam.exe (Valve Corporation)
Shortcut: C:\Users\LenovoThinkPadOwner\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Maintenance\Help.lnk -> C:\Windows\System32\shell32.dll (Microsoft Corporation)
Shortcut: C:\Users\LenovoThinkPadOwner\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\AVS4YOU\Uninstall.lnk -> C:\Program Files (x86)\AVS4YOU\Uninstall.exe (Online Media Technologies Ltd.)
Shortcut: C:\Users\LenovoThinkPadOwner\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories\Command Prompt.lnk -> C:\Windows\System32\cmd.exe (Microsoft Corporation)
Shortcut: C:\Users\LenovoThinkPadOwner\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories\Notepad.lnk -> C:\Windows\System32\notepad.exe (Microsoft Corporation)
Shortcut: C:\Users\LenovoThinkPadOwner\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories\Run.lnk -> C:\Windows\System32\shell32.dll (Microsoft Corporation)
Shortcut: C:\Users\LenovoThinkPadOwner\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories\Windows Explorer.lnk -> C:\Windows\explorer.exe (Microsoft Corporation)
Shortcut: C:\Users\LenovoThinkPadOwner\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories\System Tools\computer.lnk -> C:\Windows\System32\imageres.dll (Microsoft Corporation)
Shortcut: C:\Users\LenovoThinkPadOwner\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories\System Tools\Control Panel.lnk -> C:\Windows\System32\imageres.dll (Microsoft Corporation)
Shortcut: C:\Users\LenovoThinkPadOwner\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories\System Tools\Private Character Editor.lnk -> C:\Windows\System32\eudcedit.exe (Microsoft Corporation)
Shortcut: C:\Users\LenovoThinkPadOwner\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories\Accessibility\Magnify.lnk -> C:\Windows\System32\Magnify.exe (Microsoft Corporation)
Shortcut: C:\Users\LenovoThinkPadOwner\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories\Accessibility\On-Screen Keyboard.lnk -> C:\Windows\System32\osk.exe (Microsoft Corporation)
Shortcut: C:\Users\LenovoThinkPadOwner\AppData\Roaming\Microsoft\Windows\SendTo\AVS Mobile Uploader.lnk -> C:\Program Files (x86)\Common Files\AVSMedia\MobileUploader\AVSMobileUploader.exe (Online Media Technologies Ltd.)
Shortcut: C:\Users\LenovoThinkPadOwner\AppData\Roaming\Microsoft\Windows\SendTo\AVS Video Burner.lnk -> C:\Program Files (x86)\Common Files\AVSMedia\BurnerService\AVSVideoBurner.exe (Online Media Technologies Ltd.)
Shortcut: C:\Users\LenovoThinkPadOwner\AppData\Roaming\Microsoft\Windows\SendTo\AVS Video Uploader.lnk -> C:\Program Files (x86)\Common Files\AVSMedia\VideoUploader\AVSVideoUploader.exe (Online Media Technologies Ltd.)
Shortcut: C:\Users\LenovoThinkPadOwner\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Launch Internet Explorer Browser.lnk -> C:\Program Files\Internet Explorer\iexplore.exe (Microsoft Corporation)
Shortcut: C:\Users\LenovoThinkPadOwner\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Shows Desktop.lnk -> C:\Windows\System32\imageres.dll (Microsoft Corporation)
Shortcut: C:\Users\LenovoThinkPadOwner\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Window Switcher.lnk -> C:\Windows\explorer.exe (Microsoft Corporation)
Shortcut: C:\Users\LenovoThinkPadOwner\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\Google Chrome.lnk -> C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.)
Shortcut: C:\Users\LenovoThinkPadOwner\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\Internet Explorer.lnk -> C:\Program Files\Internet Explorer\iexplore.exe (Microsoft Corporation)
Shortcut: C:\Users\LenovoThinkPadOwner\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\Windows Explorer.lnk -> C:\Windows\explorer.exe (Microsoft Corporation)
Shortcut: C:\Users\LenovoThinkPadOwner\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\StartMenu\Calculator.lnk -> C:\Windows\System32\calc.exe (Microsoft Corporation)
Shortcut: C:\Users\Public\Desktop\CCleaner.lnk -> C:\Program Files\CCleaner\CCleaner64.exe (Piriform Ltd)
Shortcut: C:\Users\Public\Desktop\Connect2.lnk -> C:\Program Files (x86)\Lenovo\Connect2\Connect2.exe (Lenovo)
Shortcut: C:\Users\Public\Desktop\Google Chrome.lnk -> C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.)
Shortcut: C:\Users\Public\Desktop\Malwarebytes.lnk -> C:\Program Files\Malwarebytes\Anti-Malware\mbam.exe (Malwarebytes)
Shortcut: C:\Users\Public\Desktop\Shop for Supplies - HP Officejet Pro 6830.lnk -> C:\Program Files\HP\HP Officejet Pro 6830\Bin\hpqDTSS.exe (Hewlett-Packard Development Company, LP)
Shortcut: C:\Users\Public\Desktop\ShopTracker.lnk -> C:\Program Files (x86)\ShopTracker\AmazonMeter\AmazonMeter.exe (VL)
Shortcut: C:\Users\Public\Desktop\Skype.lnk -> C:\Windows\Installer\{24991BA0-F0EE-44AD-9CC8-5EC50AECF6B7}\SkypeIcon.exe ()
Shortcut: C:\Users\Public\Desktop\Spybot-S&D Start Center.lnk -> C:\Program Files (x86)\Spybot - Search & Destroy 2\SDWelcome.exe (Safer-Networking Ltd.)
Shortcut: C:\Users\Public\Desktop\Steam.lnk -> C:\Program Files (x86)\Steam\Steam.exe (Valve Corporation)
Shortcut: C:\Users\Public\Desktop\VLC media player.lnk -> C:\Program Files\VideoLAN\VLC\vlc.exe (VideoLAN)
 
 
ShortcutWithArgument: C:\ProgramData\Microsoft\Windows\Start Menu\Default Programs.lnk -> C:\Windows\System32\control.exe (Microsoft Corporation) -> /name Microsoft.DefaultPrograms
ShortcutWithArgument: C:\ProgramData\Microsoft\Windows\Start Menu\Windows Update.lnk -> C:\Windows\System32\wuapp.exe (Microsoft Corporation) -> startmenu
ShortcutWithArgument: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Lenovo PC Experience.lnk -> C:\Windows\System32\Dxpserver.exe (Microsoft Corporation) -> /c
ShortcutWithArgument: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Office.lnk -> C:\Program Files (x86)\Microsoft Office\Office15\FIRSTRUN.EXE (Microsoft Corporation) -> /OEM
ShortcutWithArgument: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Sidebar.lnk -> C:\Program Files\Windows Sidebar\sidebar.exe (Microsoft Corporation) -> /showgadgets
ShortcutWithArgument: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows Media Player.lnk -> C:\Program Files (x86)\Windows Media Player\wmplayer.exe (Microsoft Corporation) -> /prefetch:1
ShortcutWithArgument: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\VideoLAN\VLC media player - reset preferences and cache files.lnk -> C:\Program Files\VideoLAN\VLC\vlc.exe (VideoLAN) -> --reset-config --reset-plugins-cache vlc://quit
ShortcutWithArgument: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\VideoLAN\VLC media player skinned.lnk -> C:\Program Files\VideoLAN\VLC\vlc.exe (VideoLAN) -> -Iskins
ShortcutWithArgument: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes\Uninstall Malwarebytes.lnk -> C:\Program Files\Malwarebytes\Anti-Malware\unins000.exe () ->  /LOG
ShortcutWithArgument: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Maintenance\Backup and Restore Center.lnk -> C:\Windows\System32\control.exe (Microsoft Corporation) -> /name Microsoft.BackupAndRestore
ShortcutWithArgument: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Lenovo ThinkVantage Tools\Message Center Plus.lnk -> C:\Program Files (x86)\Lenovo\Message Center Plus\MCPConfig.exe (Lenovo) -> /page=viewall
ShortcutWithArgument: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Lenovo ThinkVantage\Message Center Plus.lnk -> C:\Program Files (x86)\Lenovo\Message Center Plus\MCPConfig.exe (Lenovo) -> /page=viewall
ShortcutWithArgument: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Lenovo PowerENGAGE\Lenovo PowerENGAGE.lnk -> C:\Program Files (x86)\Lenovo Registration\lenovoreg.exe (Aviata Inc) -> /LSRC=StartMenu
ShortcutWithArgument: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Java\About Java.lnk -> C:\Program Files\Java\jre1.8.0_144\bin\javacpl.exe (Oracle Corporation) -> -tab about
ShortcutWithArgument: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Java\Check For Updates.lnk -> C:\Program Files\Java\jre1.8.0_144\bin\javacpl.exe (Oracle Corporation) -> -tab update
ShortcutWithArgument: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Intel\Intel® Update Manager\Intel® Update Manager.lnk -> C:\Program Files (x86)\Intel\Intel® Update Manager\bin\iumsvc.exe () -> --showui
ShortcutWithArgument: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\HP\HP Officejet Pro 6830\HP Officejet Pro 6830.lnk -> C:\Program Files\HP\HP Officejet Pro 6830\Bin\HP Officejet Pro 6830.exe (Hewlett-Packard Development Company, LP) -> -Start UDCDevicePage
ShortcutWithArgument: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\HP\HP Officejet Pro 6830\HP Product Improvement Study.lnk -> C:\Program Files\HP\HP Officejet Pro 6830\Bin\HPCustPartic.exe (Hewlett-Packard Development Company, LP) -> /changesettings /UA 14.0 /DDV 0x0b05
ShortcutWithArgument: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\HP\HP Officejet Pro 6830\Uninstall.lnk -> C:\Windows\SysWOW64\msiexec.exe (Microsoft Corporation) -> /qb /x {98040AB6-D667-409C-81E7-DB65836B3EE0}
ShortcutWithArgument: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\HP\HP Officejet Pro 6830\Update IP Address.lnk -> C:\Program Files\HP\HP Officejet Pro 6830\Bin\DeviceSetup.exe (Hewlett-Packard Development Company, LP) -> /changeip ""
ShortcutWithArgument: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Dropbox 15 GB\Dropbox 15 GB.lnk -> C:\Program Files (x86)\Dropbox\DropboxOEM\DropboxOEM.exe () -> manual
ShortcutWithArgument: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Administrative Tools\Computer Management.lnk -> C:\Windows\System32\compmgmt.msc () -> /s
ShortcutWithArgument: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Administrative Tools\Event Viewer.lnk -> C:\Windows\System32\eventvwr.msc () -> /s
ShortcutWithArgument: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Administrative Tools\Performance Monitor.lnk -> C:\Windows\System32\perfmon.msc () -> /s
ShortcutWithArgument: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Administrative Tools\Security Configuration Management.lnk -> C:\Windows\System32\secpol.msc () -> /s
ShortcutWithArgument: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Administrative Tools\Task Scheduler.lnk -> C:\Windows\System32\taskschd.msc () -> /s
ShortcutWithArgument: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Administrative Tools\Windows PowerShell Modules.lnk -> C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe (Microsoft Corporation) -> -NoExit -ImportSystemModules
ShortcutWithArgument: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories\Mobility Center.lnk -> C:\Windows\System32\mblctr.exe (Microsoft Corporation) -> /open
ShortcutWithArgument: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories\Welcome Center.lnk -> C:\Windows\System32\rundll32.exe (Microsoft Corporation) -> %SystemRoot%\system32\OobeFldr.dll,ShowWelcomeCenter LaunchedBy_StartMenuShortcut
ShortcutWithArgument: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories\System Tools\Resource Monitor.lnk -> C:\Windows\System32\perfmon.exe (Microsoft Corporation) -> /res
ShortcutWithArgument: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories\System Tools\Task Scheduler.lnk -> C:\Windows\System32\taskschd.msc () -> /s
ShortcutWithArgument: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories\Accessibility\Speech Recognition.lnk -> C:\Windows\Speech\Common\sapisvr.exe (Microsoft Corporation) -> -SpeechUX
ShortcutWithArgument: C:\ProgramData\Lenovo\LenovoTvtTools\Lenovo PC Experience.lnk -> C:\Windows\System32\Dxpserver.exe (Microsoft Corporation) -> /c
ShortcutWithArgument: C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories\Accessibility\Ease of Access.lnk -> C:\Windows\System32\control.exe (Microsoft Corporation) -> /name Microsoft.EaseOfAccessCenter
ShortcutWithArgument: C:\Users\Default\AppData\Roaming\Microsoft\Windows\SendTo\Fax Recipient.lnk -> C:\Windows\System32\WFS.exe (Microsoft Corporation) -> /SendTo
ShortcutWithArgument: C:\Users\LenovoThinkPadOwner\AppData\Roaming\Microsoft\Windows\Start Menu\REACHit Drive.lnk -> C:\Windows\explorer.exe (Microsoft Corporation) -> /separate,::{20D04FE0-3AEA-1069-A2D8-08002B30309D}\::{2B3256D4-49AA-11D1-8429-0050AE509033}
ShortcutWithArgument: C:\Users\LenovoThinkPadOwner\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories\System Tools\Internet Explorer (No Add-ons).lnk -> C:\Program Files\Internet Explorer\iexplore.exe (Microsoft Corporation) ->  -extoff
ShortcutWithArgument: C:\Users\LenovoThinkPadOwner\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories\Accessibility\Ease of Access.lnk -> C:\Windows\System32\control.exe (Microsoft Corporation) -> /name Microsoft.EaseOfAccessCenter
ShortcutWithArgument: C:\Users\LenovoThinkPadOwner\AppData\Roaming\Microsoft\Windows\SendTo\Fax Recipient.lnk -> C:\Windows\System32\WFS.exe (Microsoft Corporation) -> /SendTo
ShortcutWithArgument: C:\Users\LenovoThinkPadOwner\AppData\Roaming\Microsoft\Windows\SendTo\Skype.lnk -> C:\Program Files (x86)\Skype\Phone\Skype.exe (Skype Technologies S.A.) -> /sendto:
ShortcutWithArgument: C:\Users\LenovoThinkPadOwner\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\Windows Media Player.lnk -> C:\Program Files (x86)\Windows Media Player\wmplayer.exe (Microsoft Corporation) -> /prefetch:1
ShortcutWithArgument: C:\Users\LenovoThinkPadOwner\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\ImplicitAppShortcuts\d70141fadd380fd5\Screenwise Meter.lnk -> C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) -> --profile-directory=Default --app-id=gmieefkpoaagiboijfjhidningfpomge
ShortcutWithArgument: C:\Users\LenovoThinkPadOwner\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\ImplicitAppShortcuts\b8da4a38624bbb1e\Feedback.lnk -> C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) -> --profile-directory=Default --app-id=gfdkimpbcpahaombhbimeihdjnejgicl
ShortcutWithArgument: C:\Users\Public\Desktop\HP Officejet Pro 6830.lnk -> C:\Program Files\HP\HP Officejet Pro 6830\Bin\HP Officejet Pro 6830.exe (Hewlett-Packard Development Company, LP) -> -Start UDCDevicePage
 
 
InternetURL: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Steam\Steam Support Center.url -> URL: hxxp://support.steampowered.com/
InternetURL: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Java\Get Help.url -> URL: hxxp://java.com/help
InternetURL: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Java\Visit Java.com.url -> URL: hxxp://java.com/
InternetURL: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CCleaner\CCleaner Homepage.url -> URL: hxxp://www.piriform.com/ccleaner
InternetURL: C:\Users\LenovoThinkPadOwner\Favorites\MSN.com - Hotmail, Outlook, Skype, Bing, Latest News, Photos & Videos.url -> BASEURL: hxxp://www.msn.com/?cobrand=lenovo13-comm.msn.com&ocid=LENDHP&pc=MALCJS URL: hxxp://www.msn.com/?cobrand=lenovo13-comm.msn.com&ocid=LENDHP&pc=MALCJS
InternetURL: C:\Users\LenovoThinkPadOwner\Favorites\Tiny little boxes are America's newest food pantries.url -> BASEURL: hxxp://www.msn.com/en-us/video/tunedin/tiny-little-boxes-are-americas-newest-food-pantries/vi-AAlO9WV?ocid=LENDHP URL: hxxp://www.msn.com/en-us/video/tunedin/tiny-little-boxes-are-americas-newest-food-pantries/vi-AAlO9WV?ocid=LENDHP
InternetURL: C:\Users\LenovoThinkPadOwner\Favorites\Twitter. It's what's happening..url -> BASEURL: hxxps://twitter.com/ URL: hxxps://twitter.com/
InternetURL: C:\Users\LenovoThinkPadOwner\Favorites\Links for United States\GobiernoUSA.gov.url -> URL: hxxp://go.microsoft.com/fwlink/?LinkId=129792
InternetURL: C:\Users\LenovoThinkPadOwner\Favorites\Links for United States\USA.gov.url -> URL: hxxp://go.microsoft.com/fwlink/?LinkId=129791
InternetURL: C:\Users\LenovoThinkPadOwner\Favorites\Links\Suggested Sites.url -> URL: hxxps://ieonline.microsoft.com/#ieslice
InternetURL: C:\Users\LenovoThinkPadOwner\Favorites\Links\Web Slice Gallery.url -> URL: hxxp://go.microsoft.com/fwlink/?LinkId=121315
InternetURL: C:\Users\LenovoThinkPadOwner\Favorites\Lenovo Recommended Websites\Home - Welcome to Lenovo.url -> BASEURL: hxxp://startpage.lenovo.com/ URL: hxxp://startpage.lenovo.com/
InternetURL: C:\Users\LenovoThinkPadOwner\Favorites\Lenovo Recommended Websites\Home.url -> URL: hxxp://www.lenovo.com/welcome/thinkpad
InternetURL: C:\Users\LenovoThinkPadOwner\Favorites\Lenovo Recommended Websites\My Lenovo Cloud.url -> URL: hxxp://www.mylenovocloud.com/
InternetURL: C:\Users\LenovoThinkPadOwner\Favorites\Lenovo Recommended Websites\News.url -> URL: hxxp://www.lenovo.com/news/us/en
InternetURL: C:\Users\LenovoThinkPadOwner\Favorites\Lenovo Recommended Websites\Product Registration.url -> URL: hxxp://www.lenovo.com/register
InternetURL: C:\Users\LenovoThinkPadOwner\Favorites\Lenovo Recommended Websites\Products.url -> URL: hxxp://www.lenovo.com/products/us/en
InternetURL: C:\Users\LenovoThinkPadOwner\Favorites\Lenovo Recommended Websites\Services, Software, and Accessories.url -> URL: hxxp://www.lenovo.com/accessories
InternetURL: C:\Users\LenovoThinkPadOwner\Favorites\Lenovo Recommended Websites\Support and Downloads.url -> URL: hxxp://www.lenovo.com/support
InternetURL: C:\Users\LenovoThinkPadOwner\Favorites\Lenovo Recommended Websites\The Intel WiMAX website.url -> URL: hxxp://www.intel.com/go/getwimax
InternetURL: C:\Users\LenovoThinkPadOwner\Favorites\Lenovo Recommended Websites\ThinkVantage Technologies.url -> URL: hxxp://www.lenovo.com/thinkvantage
InternetURL: C:\Users\LenovoThinkPadOwner\Desktop\MapleStory.url -> URL: steam://rungameid/216150
InternetURL: C:\Users\LenovoThinkPadOwner\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Steam\MapleStory.url -> URL: steam://rungameid/216150
 
==================== End of Shortcut.txt =============================
 
 
 
 
 
 

I just ran ADW Cleaner and have the report from that as well here for you all. 

Hope it helps. 

 

 

 

 

 

# AdwCleaner 7.0.8.0 - Logfile created on Wed Mar 07 02:57:06 2018
# Updated on 2018/08/02 by Malwarebytes 
# Database: 2018-03-05.3
# Running on Windows 7 Professional (X64)
# Mode: scan
 
***** [ Services ] *****
 
No malicious services found.
 
***** [ Folders ] *****
 
PUP.Optional.Legacy, C:\Program Files (x86)\Digital Coupon Printer
PUP.Optional.Legacy, C:\Program Files (x86)\PrintMyCouponAnywhere
 
 
***** [ Files ] *****
 
No malicious files found.
 
***** [ DLL ] *****
 
No malicious DLLs found.
 
***** [ WMI ] *****
 
No malicious WMI found.
 
***** [ Shortcuts ] *****
 
No malicious shortcuts found.
 
***** [ Tasks ] *****
 
No malicious tasks found.
 
***** [ Registry ] *****
 
No malicious registry entries found.
 
***** [ Firefox (and derivatives) ] *****
 
No malicious Firefox entries.
 
***** [ Chromium (and derivatives) ] *****
 
PUP.Optional.Legacy, Plugin found: SwagButton - 
PUP.Optional.Legacy, SearchProvider found: Web Search - search.freecause.com
PUP.Optional.Legacy, SearchProvider found: WeatherBlink - search.mywebsearch.com
 
/!\ Please Reset the Chrome Synchronization before cleaning the Chrome Preferences: https://support.google.com/chrome/answer/3097271 
 
 
*************************
 
 
 
########## EOF - C:\AdwCleaner\AdwCleaner[S0].txt ##########
 

 

 

 

Here is the log file from the ADWCleaner where I ran the cleaning of it tonight (3/10/18)... 

 

 

 

# AdwCleaner 7.0.8.0 - Logfile created on Sat Mar 10 22:29:20 2018
# Updated on 2018/08/02 by Malwarebytes 
# Running on Windows 7 Professional (X64)
# Mode: clean
 
***** [ Services ] *****
 
No malicious services deleted.
 
***** [ Folders ] *****
 
Deleted: C:\Program Files (x86)\Digital Coupon Printer
Deleted: C:\Program Files (x86)\PrintMyCouponAnywhere
 
 
***** [ Files ] *****
 
No malicious files deleted.
 
***** [ DLL ] *****
 
No malicious DLLs cleaned.
 
***** [ WMI ] *****
 
No malicious WMI cleaned.
 
***** [ Shortcuts ] *****
 
No malicious shortcuts cleaned.
 
***** [ Tasks ] *****
 
No malicious tasks deleted.
 
***** [ Registry ] *****
 
No malicious registry entries deleted.
 
***** [ Firefox (and derivatives) ] *****
 
No malicious Firefox entries deleted.
 
***** [ Chromium (and derivatives) ] *****
 
Plugin deleted: SwagButton - 
SearchProvider deleted: Web Search - search.freecause.com
SearchProvider deleted: WeatherBlink - search.mywebsearch.com
 
 
*************************
 
::Tracing keys deleted
::Winsock settings cleared
::Additional Actions: 0
 
 
 
*************************
 
C:/AdwCleaner/AdwCleaner[S0].txt - [1377 B] - [2018/3/7 2:57:6]
 
 
########## EOF - C:\AdwCleaner\AdwCleaner[C0].txt ##########

Edited by breakmydreams, 10 March 2018 - 09:06 PM.

  • 0

Advertisements


#2
zep516

zep516

    Trusted Helper

  • Malware Removal
  • 6,981 posts
Hi! My name is zep516 and Welcome to Geekstogo!
I'll do the best I can to resolve your computer issue
Please make sure to carefully read any instruction that I give you. If you're not sure, or if something unexpected happens, don't continue Stop and ask! Never be afraid to ask questions! :)



A few items to fix

NOTICE: This script was written specifically for this user, for use on that particular machine. Running this on another machine may cause damage to your operating system
Open notepad (Start =>All Programs => Accessories => Notepad).

Copy/Paste the contents of the code box below into Notepad.
start
CloseProcesses:
CreateRestorePoint:
Winlogon\Notify\SDWinLogon-x32: SDWinLogon.dll [X]
SearchScopes: HKLM -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
SearchScopes: HKLM-x32 -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
SearchScopes: HKU\S-1-5-21-3035152817-1234986613-3461963699-1000 -> DefaultScope {BA5620C9-A3AF-414B-830C-5B76322C736A} URL = 
ShellIconOverlayIdentifiers: [00asw] -> {472083B0-C522-11CF-8763-00608CC02F24} =>  -> No File
ShellIconOverlayIdentifiers: [00avast] -> {472083B0-C522-11CF-8763-00608CC02F24} =>  -> No File
Task: {1F8CE03B-C3E2-4760-95D1-6CFF766A18F4} - System32\Tasks\{0A8C6A84-0F10-448F-BD92-E5F1920F8A7D} => C:\Windows\system32\pcalua.exe -a C:\Users\LENOVO~1\AppData\Local\Temp\jre-8u144-windows-au.exe -d C:\Windows\SysWOW64 -c /installmethod=jau FAMILYUPGRADE=1 <==== ATTENTION
Task: C:\Windows\Tasks\Norton Product Installer.job => C:\Users\LENOVO~1\AppData\Local\Temp\7zS67D.tmp\SymInstallStub.exeK/partnerid=symantec /productlist=nss /staging=false /delay=0 /launchedby=2 C:\Users\LENOVO~1\AppData\Local\Temp\7zS67D.tmp <==== ATTENTION
CMD: bitsadmin /reset /allusers
CMD: netsh winsock reset catalog
CMD: ipconfig /flushdns
RemoveProxy:
hosts:
Emptytemp:
  • Click Format and ensure Wordwrap is unchecked.
  • Save as Fixlist.txt to C:\Users\LenovoThinkPadOwner\Downloads (Must be in this location)
  • Run FRST/FRST64 and press the Fix button just once and wait.
  • If the tool needed a restart please make sure you let the system to restart normally and let the tool completes its run after restart.
  • The tool will make a log on the Desktop (Fixlog.txt). Please post it to your reply.
Note: If the tool warns you about the version you're using being an outdated version please download and run the updated version.


If Google Chrome is still acting up reset it.

https://www.howtogee...fault-settings/
  • 1

#3
breakmydreams

breakmydreams

    Member

  • Topic Starter
  • Member
  • PipPip
  • 41 posts

I just did as you requested and here is the log. So, far it looks like the issue is fixed, but I haven't used Google Chrome to much yet, since I have done the fix, but I will test it out real quick. 

Are there any other issues that I need to worry about on my computer besides the Google Chrome redirect thing that I mentioned??? 

 

 

Fix result of Farbar Recovery Scan Tool (x64) Version: 14.03.2018
Ran by LenovoThinkPadOwner (16-03-2018 00:46:09) Run:1
Running from C:\Users\LenovoThinkPadOwner\Downloads
Loaded Profiles: LenovoThinkPadOwner (Available Profiles: LenovoThinkPadOwner)
Boot Mode: Normal
==============================================
 
fixlist content:
*****************
start
CloseProcesses:
CreateRestorePoint:
Winlogon\Notify\SDWinLogon-x32: SDWinLogon.dll [X]
SearchScopes: HKLM -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
SearchScopes: HKLM-x32 -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
SearchScopes: HKU\S-1-5-21-3035152817-1234986613-3461963699-1000 -> DefaultScope {BA5620C9-A3AF-414B-830C-5B76322C736A} URL = 
ShellIconOverlayIdentifiers: [00asw] -> {472083B0-C522-11CF-8763-00608CC02F24} =>  -> No File
ShellIconOverlayIdentifiers: [00avast] -> {472083B0-C522-11CF-8763-00608CC02F24} =>  -> No File
Task: {1F8CE03B-C3E2-4760-95D1-6CFF766A18F4} - System32\Tasks\{0A8C6A84-0F10-448F-BD92-E5F1920F8A7D} => C:\Windows\system32\pcalua.exe -a C:\Users\LENOVO~1\AppData\Local\Temp\jre-8u144-windows-au.exe -d C:\Windows\SysWOW64 -c /installmethod=jau FAMILYUPGRADE=1 <==== ATTENTION
Task: C:\Windows\Tasks\Norton Product Installer.job => C:\Users\LENOVO~1\AppData\Local\Temp\7zS67D.tmp\SymInstallStub.exeK/partnerid=symantec /productlist=nss /staging=false /delay=0 /launchedby=2 C:\Users\LENOVO~1\AppData\Local\Temp\7zS67D.tmp <==== ATTENTION
CMD: bitsadmin /reset /allusers
CMD: netsh winsock reset catalog
CMD: ipconfig /flushdns
RemoveProxy:
hosts:
Emptytemp:
*****************
 
Processes closed successfully.
Restore point was successfully created.
"HKLM\Software\Wow6432Node\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\SDWinLogon" => removed successfully
"HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}" => removed successfully
HKLM\Software\Classes\CLSID\{0633EE93-D776-472f-A0FF-E1416B8B2E3A} => not found
"HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}" => removed successfully
HKLM\Software\Wow6432Node\Classes\CLSID\{0633EE93-D776-472f-A0FF-E1416B8B2E3A} => not found
"HKU\S-1-5-21-3035152817-1234986613-3461963699-1000\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope" => removed successfully
"HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\00asw" => removed successfully
HKLM\Software\Classes\CLSID\{472083B0-C522-11CF-8763-00608CC02F24} => not found
"HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\00avast" => removed successfully
HKLM\Software\Classes\CLSID\{472083B0-C522-11CF-8763-00608CC02F24} => not found
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{1F8CE03B-C3E2-4760-95D1-6CFF766A18F4}" => removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{1F8CE03B-C3E2-4760-95D1-6CFF766A18F4}" => removed successfully
C:\Windows\System32\Tasks\{0A8C6A84-0F10-448F-BD92-E5F1920F8A7D} => moved successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\{0A8C6A84-0F10-448F-BD92-E5F1920F8A7D}" => removed successfully
C:\Windows\Tasks\Norton Product Installer.job => moved successfully
 
========= bitsadmin /reset /allusers =========
 
 
BITSADMIN version 3.0 [ 7.5.7601 ]
BITS administration utility.
© Copyright 2000-2006 Microsoft Corp.
 
BITSAdmin is deprecated and is not guaranteed to be available in future versions of Windows.
Administrative tools for the BITS service are now provided by BITS PowerShell cmdlets.
 
Unable to cancel {A46C3CC3-9363-4B4B-9E0D-6D386FB32F94}.
Unable to cancel {F7E2F36A-210D-496E-A3EB-10F6194F0096}.
0 out of 2 jobs canceled.
 
========= End of CMD: =========
 
 
========= netsh winsock reset catalog =========
 
 
Sucessfully reset the Winsock Catalog.
You must restart the computer in order to complete the reset.
 
 
========= End of CMD: =========
 
 
========= ipconfig /flushdns =========
 
 
Windows IP Configuration
 
Successfully flushed the DNS Resolver Cache.
 
========= End of CMD: =========
 
 
========= RemoveProxy: =========
 
"HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Connections\\DefaultConnectionSettings" => removed successfully
"HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Connections\\SavedLegacySettings" => removed successfully
"HKU\S-1-5-21-3035152817-1234986613-3461963699-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Connections\\DefaultConnectionSettings" => removed successfully
"HKU\S-1-5-21-3035152817-1234986613-3461963699-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Connections\\SavedLegacySettings" => removed successfully
 
 
========= End of RemoveProxy: =========
 
Could not move "C:\Windows\System32\Drivers\etc\hosts" => Scheduled to move on reboot.
 
=========== EmptyTemp: ==========
 
BITS transfer queue => 8388608 B
DOMStore, IE Recovery, AppCache, Feeds Cache, Thumbcache, IconCache => 16556942 B
Java, Flash, Steam htmlcache => 1655 B
Windows/system/drivers => 36534285 B
Edge => 0 B
Chrome => 623808342 B
Firefox => 0 B
Opera => 0 B
 
Temp, IE cache, history, cookies, recent:
Users => 0 B
Default => 0 B
Public => 0 B
ProgramData => 0 B
systemprofile => 128 B
systemprofile32 => 0 B
LocalService => 0 B
NetworkService => 125396892 B
LenovoThinkPadOwner => 269079462 B
 
RecycleBin => 0 B
EmptyTemp: => 1 GB temporary data Removed.
 
================================
 
Result of scheduled files to move (Boot Mode: Normal) (Date&Time: 16-03-2018 00:50:41)
 
C:\Windows\System32\Drivers\etc\hosts => Is moved successfully
Hosts restored successfully.
 
==== End of Fixlog 00:50:42 ====

  • 0

#4
zep516

zep516

    Trusted Helper

  • Malware Removal
  • 6,981 posts
Hello,

Are there any other issues that I need to worry about on my computer besides the Google Chrome redirect thing that I mentioned


No. Everything looks good. Lets run 1 more Malwwarebytes scan though.

You can "skip the download part" since you already have malwarebytes installed.
  • Please download Malwarebytes Anti-Malware to your desktop.
  • Double-click mbam-setup-version.exe and follow the prompts to install the program.
  • Launch Malwarebytes Anti-Malware
  • Then click Finish.
  • If an update is found, you will be prompted to download and install the latest version.
  • Once the program has loaded, select Scan now. Or select the Threat Scan from the Scan menu.
  • When the scan is complete , make sure that that all Threats are selected, and click Remove Selected.
  • Reboot your computer if prompted.
Posting the Malwarebytes log.
  • After the restart once you are back at your desktop, open MBAM once more.
  • Click on the History tab > Application Logs.
  • Double click on the Scan Log which shows the Date and time of the scan just performed.
  • Click 'Export'.
  • Click 'Text file (*.txt)'
  • In the Save File dialog box which appears, click on Desktop.
  • In the File name: box type a name for your scan log.
  • A message box named 'File Saved' should appear stating "Your file has been successfully exported".
  • Click Ok
  • post that saved log to your next reply.

  • 1

#5
breakmydreams

breakmydreams

    Member

  • Topic Starter
  • Member
  • PipPip
  • 41 posts

Hello,
 

Are there any other issues that I need to worry about on my computer besides the Google Chrome redirect thing that I mentioned


No. Everything looks good. Lets run 1 more Malwwarebytes scan though.

You can "skip the download part" since you already have malwarebytes installed.
  • Please download Malwarebytes Anti-Malware to your desktop.
  • Double-click mbam-setup-version.exe and follow the prompts to install the program.
  • Launch Malwarebytes Anti-Malware
  • Then click Finish.
  • If an update is found, you will be prompted to download and install the latest version.
  • Once the program has loaded, select Scan now. Or select the Threat Scan from the Scan menu.
  • When the scan is complete , make sure that that all Threats are selected, and click Remove Selected.
  • Reboot your computer if prompted.
Posting the Malwarebytes log.
  • After the restart once you are back at your desktop, open MBAM once more.
  • Click on the History tab > Application Logs.
  • Double click on the Scan Log which shows the Date and time of the scan just performed.
  • Click 'Export'.
  • Click 'Text file (*.txt)'
  • In the Save File dialog box which appears, click on Desktop.
  • In the File name: box type a name for your scan log.
  • A message box named 'File Saved' should appear stating "Your file has been successfully exported".
  • Click Ok
  • post that saved log to your next reply.

 

 

I'm glad to hear there aren't any other issues I need to worry about on my computer besides the Google Chrome redirect one that I mentioned. Because I use this computer to pay bills and make money, etc... So, I need it to be working correctly at all times. Since my first laptop (I found out a few months ago...has a Trojan Virus on it... and I'm doing my best to still get that fixed thanks to the help from you all)...

 

However, here is the results from the Malewarebytes scan that you just had me run: 

 

 

Malwarebytes
www.malwarebytes.com
 
-Log Details-
Scan Date: 3/16/18
Scan Time: 4:57 PM
Log File: 975a31ea-295c-11e8-85de-34e6ad03fb46.json
Administrator: Yes
 
-Software Information-
Version: 3.4.4.2398
Components Version: 1.0.322
Update Package Version: 1.0.4386
License: Free
 
-System Information-
OS: Windows 7 Service Pack 1
CPU: x64
File System: NTFS
User: LenovoThinkPad\LenovoThinkPadOwner
 
-Scan Summary-
Scan Type: Threat Scan
Result: Completed
Objects Scanned: 255985
Threats Detected: 0
(No malicious items detected)
Threats Quarantined: 0
(No malicious items detected)
Time Elapsed: 7 min, 22 sec
 
-Scan Options-
Memory: Enabled
Startup: Enabled
Filesystem: Enabled
Archives: Enabled
Rootkits: Enabled
Heuristics: Enabled
PUP: Detect
PUM: Detect
 
-Scan Details-
Process: 0
(No malicious items detected)
 
Module: 0
(No malicious items detected)
 
Registry Key: 0
(No malicious items detected)
 
Registry Value: 0
(No malicious items detected)
 
Registry Data: 0
(No malicious items detected)
 
Data Stream: 0
(No malicious items detected)
 
Folder: 0
(No malicious items detected)
 
File: 0
(No malicious items detected)
 
Physical Sector: 0
(No malicious items detected)
 
 

(end) 


  • 0

#6
zep516

zep516

    Trusted Helper

  • Malware Removal
  • 6,981 posts
Hello,

I'm not seeing any issues in your log reports now. Everything looks ok.
  • 1

#7
breakmydreams

breakmydreams

    Member

  • Topic Starter
  • Member
  • PipPip
  • 41 posts

Hello,

I'm not seeing any issues in your log reports now. Everything looks ok.

 

Awesome news, thank you so very much for the help. I appreciate it alot. 


  • 0






Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP