Jump to content

Welcome to Geeks to Go - Register now for FREE

Need help with your computer or device? Want to learn new tech skills? You're in the right place!
Geeks to Go is a friendly community of tech experts who can solve any problem you have. Just create a free account and post your question. Our volunteers will reply quickly and guide you through the steps. Don't let tech troubles stop you. Join Geeks to Go now and get the support you need!

How it Works Create Account
Photo

been told csrss.exe file is a trojan can you help


  • Please log in to reply

#1
bigyin43

bigyin43

    Member

  • Member
  • PipPipPip
  • 114 posts

Hi, computer running very slowly, and when i recently tried to update my satnav.

it said not enough available memory.

 

a quick check showed lots of stopped processes.

and only 310 MB ram avaiable .

 

can anyone help.

 

I am running windows 7 proffesional, for my personal (home) computer.

 

thanks in advance 

 

 

 


  • 0

Advertisements


#2
RKinner

RKinner

    Malware Expert

  • Expert
  • 24,598 posts
  • MVP

  • Get FRST from http://www.bleepingc...very-scan-tool/You need to download the appropriate tool for your PC.  If you don't know if you have a 32 or 64 bit system get them both.  Only one will work and that's the right one.
  • Right click to run as administrator (XP users click run after receipt of Windows Security Warning - Open File). When the tool opens click Yes to disclaimer.
  • Check the Addition.txt box
  • Press Scan button.
  • It will produce a log called FRST.txt in the same directory the tool is run from.  
  • Please copy and paste log back here.
  • It will generate another log (Addition.txt - also located in the same directory as FRST.exe/FRST64.exe). Please also paste that along with the FRST.txt into your reply.

 

 

Get Process Explorer

https://live.sysinte...com/procexp.exe

Save it to your desktop then run it (Vista or Win7+ - right click and Run As Administrator).  

View, Select Column, check Verified Signer, OK
Options, Verify Image Signatures


Click twice on the CPU column header  to sort things by CPU usage with the big hitters at the top.  

Wait a full minute then:

File, Save As, Save.  Note the file name.   Open the file  on your desktop and copy and paste the text to a reply.

 

Get the free version of Speccy:

http://www.filehippo...ownload_speccy/ 

(Look in the upper right for the Download
Latest Version button  - Do NOT press the large Start Download button on the upper left!)  
Download, Save and Install it.  Tell it you do not need CCLEANER.    Run Speccy.  When it finishes (the little icon in the bottom left will stop moving),
File, Save as Text File,  (to your desktop) note the name it gives. OK.  Open the file in notepad and delete the line that gives the serial number of your Operating System.  
(It will be near the top,  10-20  lines down.) Save the file.  Attach the file to your next post.  Attaching the log is the best option as it is too big for the forum.  Attaching is a multi step process.

First click on More Reply Options
Then scroll down to where you see
Choose File and click on it.  Point it at the file and hit Open.
Now click on Attach this file.



 


  • 0

#3
bigyin43

bigyin43

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 114 posts
Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 30-10-2019
Ran by lenovo (administrator) on LENOVO-PC (LENOVO 7829E78) (30-10-2019 19:16:54)
Running from C:\Users\lenovo\Downloads
Loaded Profiles: lenovo (Available Profiles: lenovo)
Platform: Windows 7 Professional Service Pack 1 (X64) Language: English (United States)
Internet Explorer Version 11 (Default browser: Chrome)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo...very-scan-tool/
 
==================== Processes (Whitelisted) =================
 
(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
 
(Avanquest Software SAS -> Avanquest Software) C:\Users\lenovo\AppData\Local\Avanquest\Avanquest Message\AQNotif.exe
(AVAST Software s.r.o. -> AVAST Software) C:\Program Files (x86)\AVAST Software\Avast Cleanup\TuneupSvc.exe
(AVAST Software s.r.o. -> AVAST Software) C:\Program Files\AVAST Software\Avast\aswidsagent.exe
(AVAST Software s.r.o. -> AVAST Software) C:\Program Files\AVAST Software\Avast\AvastSvc.exe
(AVAST Software s.r.o. -> AVAST Software) C:\Program Files\AVAST Software\Avast\AvastUI.exe
(AVAST Software s.r.o. -> AVAST Software) C:\Program Files\AVAST Software\SecureLine\Vpn.exe
(AVAST Software s.r.o. -> AVAST Software) C:\Program Files\AVAST Software\SecureLine\VpnSvc.exe
(Broadcom Corporation -> Broadcom Corporation.) C:\Program Files\ThinkPad\Bluetooth Software\btwdins.exe
(Dropbox, Inc -> Dropbox, Inc.) C:\Program Files (x86)\Dropbox\Client\Dropbox.exe
(Dropbox, Inc -> Dropbox, Inc.) C:\Program Files (x86)\Dropbox\Client\Dropbox.exe
(Dropbox, Inc -> Dropbox, Inc.) C:\Program Files (x86)\Dropbox\Client\Dropbox.exe
(Dropbox, Inc -> Dropbox, Inc.) C:\Windows\System32\DbxSvc.exe
(Dropbox, Inc -> The Qt Company Ltd.) C:\Program Files (x86)\Dropbox\Client\83.4.152\QtWebEngineProcess.exe
(Dropbox, Inc -> The Qt Company Ltd.) C:\Program Files (x86)\Dropbox\Client\83.4.152\QtWebEngineProcess.exe
(Dropbox, Inc -> The Qt Company Ltd.) C:\Program Files (x86)\Dropbox\Client\83.4.152\QtWebEngineProcess.exe
(Fortemedia Inc -> ) C:\Program Files\Realtek\Audio\HDA\FMAPP.exe
(Google Inc -> Google LLC) C:\Program Files (x86)\Google\Update\1.3.35.302\GoogleCrashHandler.exe
(Google Inc -> Google LLC) C:\Program Files (x86)\Google\Update\1.3.35.302\GoogleCrashHandler64.exe
(Google LLC -> Google LLC) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google LLC -> Google LLC) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google LLC -> Google LLC) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google LLC -> Google LLC) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google LLC -> Google LLC) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google LLC -> Google LLC) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google LLC -> Google LLC) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google LLC -> Google LLC) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google LLC -> Google LLC) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google LLC -> Google LLC) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google LLC -> Google LLC) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google LLC -> Google LLC) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google LLC -> Google LLC) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Intel Corporation - pGFX -> Intel Corporation) C:\Windows\System32\hkcmd.exe
(Intel Corporation -> Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe
(Intel Corporation -> Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe
(IObit Information Technology -> IObit) C:\Program Files (x86)\IObit\Advanced SystemCare\ASCService.exe
(IObit Information Technology -> IObit) C:\Program Files (x86)\IObit\Advanced SystemCare\ASCTray.exe
(IObit Information Technology -> IObit) C:\Program Files (x86)\IObit\Advanced SystemCare\Monitor.exe
(IObit Information Technology -> IObit) C:\Program Files (x86)\IObit\IObit Uninstaller\UninstallMonitor.exe
(IObit Information Technology -> IObit) C:\Program Files (x86)\IObit\Smart Defrag\Pub\PubMonitor.exe
(IObit Information Technology -> IObit) C:\Program Files (x86)\IObit\Smart Defrag\SmartDefrag.exe
(Lenovo -> ) C:\Program Files (x86)\Lenovo\System Update\SUService.exe
(Lenovo -> Lenovo) C:\Program Files\lenovo\Lenovo Solution Center\LSCNotify.exe
(Lenovo -> Lenovo.) C:\Windows\System32\ibmpmsvc.exe
(Lenovo -> Lenovo.) C:\Windows\System32\LPlatSvc.exe
(Lenovo -> Lenovo.) C:\Windows\System32\LPlatSvc.exe
(LENOVO(JAPAN)LTD. -> Lenovo Group Limited) C:\Program Files\lenovo\Communications Utility\TPKNRSVC.exe
(Microsoft Corporation -> Microsoft Corporation) C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exe
(Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\rundll32.exe
(Realtek Semiconductor Corp -> Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe
(Realtek Semiconductor Corp -> Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
(Realtek Semiconductor Corp -> Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RtkAudioService64.exe
(Synaptics Incorporated -> Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
(Synaptics Incorporated -> Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnhService.exe
(Synaptics Incorporated -> Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
(Synaptics Incorporated -> Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
(Wondershare software CO., LIMITED -> Wondershare) C:\Program Files (x86)\Common Files\Wondershare\Wondershare Helper Compact\WSHelper.exe
 
==================== Registry (Whitelisted) ===================
 
(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
 
HKLM\...\Run: [RTHDVCPL] => C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [12632168 2011-07-19] (Realtek Semiconductor Corp -> Realtek Semiconductor)
HKLM\...\Run: [AvastUI.exe] => C:\Program Files\AVAST Software\Avast\AvLaunch.exe [268680 2019-10-03] (AVAST Software s.r.o. -> AVAST Software)
HKLM-x32\...\Run: [Dropbox] => C:\Program Files (x86)\Dropbox\Client\Dropbox.exe [6210368 2019-10-15] (Dropbox, Inc -> Dropbox, Inc.)
HKLM-x32\...\Run: [Wondershare Helper Compact.exe] => C:\Program Files (x86)\Common Files\Wondershare\Wondershare Helper Compact\WSHelper.exe [2137744 2016-10-08] (Wondershare software CO., LIMITED -> Wondershare)
HKLM-x32\...\Run: [Syncios device service] => C:\Program Files (x86)\Anvsoft\Syncios\SynciosDeviceService.exe
HKLM\SOFTWARE\Policies\Microsoft\Windows Defender: Restriction <==== ATTENTION
HKU\S-1-5-21-3575293515-844785542-2696234256-1000\...\Run: [Avanquest Message] => C:\Users\lenovo\AppData\Local\Avanquest\Avanquest Message\AQNotif.exe********************************************************** [497664 2018-06-13] () [File not signed]
HKU\S-1-5-21-3575293515-844785542-2696234256-1000\...\Run: [Advanced SystemCare 12] => C:\Program Files (x86)\IObit\Advanced SystemCare\ASCTray.exe [3419920 2019-09-09] (IObit Information Technology -> IObit)
HKU\S-1-5-21-3575293515-844785542-2696234256-1000\...\Policies\Explorer: [NolowDiskSpaceChecks] 1
HKU\S-1-5-21-3575293515-844785542-2696234256-1000\...\MountPoints2: {ecad4994-319f-11e8-9cc2-e4d53dc927e4} - E:\OnePlus_setup.exe /s
HKLM\Software\Microsoft\Active Setup\Installed Components: [{8A69D345-D564-463c-AFF1-A69D9E530F96}] -> C:\Program Files (x86)\Google\Chrome\Application\78.0.3904.70\Installer\chrmstp.exe [2019-10-30] (Google LLC -> Google LLC)
HKLM\Software\Wow6432Node\Microsoft\Active Setup\Installed Components: [{8A69D345-D564-463c-AFF1-A69D9E530F96}] -> "C:\Program Files (x86)\Google\Chrome\Application\63.0.3239.132\Installer\chrmstp.exe" --configure-user-settings --verbose-logging --system-level
HKLM\Software\...\Authentication\Credential Providers: [{50968FF7-10C1-4fb3-98B0-CD654D6CB97E}] -> C:\Program Files\ThinkPad\Bluetooth Software\\BtwCP.dll [2013-05-14] (Broadcom Corporation -> Broadcom Corporation.)
HKLM\Software\...\Authentication\Credential Providers: [{D28973E5-8630-41af-8831-50A15FEB396B}] -> C:\Program Files\ThinkPad\Bluetooth Software\BtwProximityCP.dll [2013-05-14] (Broadcom Corporation -> Broadcom Corporation.)
Lsa: [Notification Packages] scecli C:\Program Files\ThinkPad\Bluetooth Software\BtwProximityCP.dll
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Avast SecureLine VPN.lnk [2019-07-04]
ShortcutTarget: Avast SecureLine VPN.lnk -> C:\Program Files\AVAST Software\SecureLine\Vpn.exe (AVAST Software s.r.o. -> AVAST Software)
GroupPolicy: Restriction ? <==== ATTENTION
FF HKLM\SOFTWARE\Policies\Mozilla\Firefox: Restriction <==== ATTENTION
CHR HKLM\SOFTWARE\Policies\Google: Restriction <==== ATTENTION
 
==================== Scheduled Tasks (Whitelisted) ============
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
Task: {000F42F7-CC96-476C-96D1-011E098AF4D5} - System32\Tasks\Microsoft\Office\Office Subscription Maintenance => C:\Program Files\Microsoft Office\root\vfs\ProgramFilesCommonx64\Microsoft Shared\Office16\OLicenseHeartbeat.exe [2349384 2019-10-26] (Microsoft Corporation -> Microsoft Corporation)
Task: {16AE906E-DA07-47B4-B096-041DCC25704E} - System32\Tasks\SmartDefrag_Update => C:\Program Files (x86)\IObit\Smart Defrag\AutoUpdate.exe [3007760 2019-04-24] (IObit Information Technology -> IObit)
Task: {27BBF342-C624-42AD-BFE8-5955E0DB9C2D} - System32\Tasks\TVT\TVSUUpdateTask => C:\Program Files (x86)\Lenovo\System Update\tvsuShim.exe [1758488 2019-08-01] (Lenovo -> )
Task: {2F9C9FA5-B113-42C3-8EDF-0FDE660A37C1} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [156456 2019-04-07] (Google Inc -> Google LLC)
Task: {30B17F2F-4BFA-4742-86EE-0828E5F1F0E3} - System32\Tasks\Microsoft\Office\Office Automatic Updates 2.0 => C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeC2RClient.exe [27289376 2019-10-18] (Microsoft Corporation -> Microsoft Corporation)
Task: {59B54144-72DD-47D1-A8DC-A6BB657B4356} - System32\Tasks\Driver Booster Scheduler => C:\Program Files (x86)\IObit\Driver Booster\7.0.2\Scheduler.exe [149776 2019-09-24] (IObit Information Technology -> IObit)
Task: {5F59DDAC-DD8C-4BC8-A0FD-D9BDCDDC03A8} - System32\Tasks\Avast SecureLine VPN Update => C:\Program Files\AVAST Software\SecureLine\VpnUpdate.exe [1390472 2019-10-23] (AVAST Software s.r.o. -> AVAST Software)
Task: {603620E6-D74D-4006-AF23-050DD2D9F004} - System32\Tasks\Driver Booster SkipUAC (lenovo) => C:\Program Files (x86)\IObit\Driver Booster\7.0.2\DriverBooster.exe [7656208 2019-09-24] (IObit Information Technology -> IObit)
Task: {6D2689AF-F3A3-4F20-9162-331B332B9816} - System32\Tasks\Microsoft\Office\Office Feature Updates Logon => C:\Program Files\Microsoft Office\root\Office16\sdxhelper.exe [156432 2019-10-26] (Microsoft Corporation -> Microsoft Corporation)
Task: {703B9994-089A-4AD5-B744-CFA2FE340694} - System32\Tasks\SmartDefrag_AutoAnalyze => C:\Program Files (x86)\IObit\Smart Defrag\AutoDefrag.exe [314128 2018-05-02] (IObit Information Technology -> IObit)
Task: {883A5D6F-215A-413C-8136-2ABA60C65C21} - System32\Tasks\ASC12_PerformanceMonitor => C:\Program Files (x86)\IObit\Advanced SystemCare\Monitor.exe [3164944 2019-08-28] (IObit Information Technology -> IObit)
Task: {89AA6146-567B-45D0-8D0D-68F0031C497D} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [156456 2019-04-07] (Google Inc -> Google LLC)
Task: {8BEF58DC-D3D4-4ADC-AF50-2CFA0DF6326D} - System32\Tasks\Microsoft\Office\OfficeBackgroundTaskHandlerLogon => C:\Program Files\Microsoft Office\root\Office16\officebackgroundtaskhandler.exe [2170264 2019-10-26] (Microsoft Corporation -> Microsoft Corporation)
Task: {8ED8C46D-0CB9-4485-B6D8-88A90FC7E78D} - System32\Tasks\Avast Cleanup Update => C:\Program Files (x86)\AVAST Software\Avast Cleanup\TUNEUpdate.exe [1659000 2019-07-27] (AVAST Software s.r.o. -> AVAST Software)
Task: {8F32B1A8-07EA-40EC-BE2D-59917B8770DA} - System32\Tasks\DropboxUpdateTaskMachineCore => C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe [143144 2018-01-08] (Dropbox, Inc -> Dropbox, Inc.)
Task: {8F37DF7C-4BFF-4C61-9121-3360DBB56465} - System32\Tasks\Avast Emergency Update => C:\Program Files\AVAST Software\Avast\AvEmUpdate.exe [3933576 2019-10-03] (AVAST Software s.r.o. -> AVAST Software)
Task: {953C6A88-37CE-4D2F-A567-76922F9EC4B6} - System32\Tasks\Microsoft\Office\Office ClickToRun Service Monitor => C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeC2RClient.exe [27289376 2019-10-18] (Microsoft Corporation -> Microsoft Corporation)
Task: {963132F7-BA95-41FF-AD60-B27FF0A52188} - System32\Tasks\HPCustParticipation HP DeskJet 3630 series => C:\Program Files\HP\HP DeskJet 3630 series\Bin\HPCustPartic.exe [6438536 2017-02-08] (Hewlett Packard -> HP Inc.)
Task: {9770CE64-9EB7-429D-A5F1-28A2C7E8CCBA} - System32\Tasks\Uninstaller_SkipUac_lenovo => C:\Program Files (x86)\IObit\IObit Uninstaller\IObitUninstaler.exe [5900560 2019-09-10] (IObit Information Technology -> IObit)
Task: {9F6AF851-C8AD-4AFC-9EB5-E6D43FA1F6AF} - System32\Tasks\Software Updater SkipUAC(lenovo) => C:\Program Files (x86)\IObit\Software Updater\SoftwareUpdater.exe [4177680 2019-08-23] (IObit Information Technology -> IObit) <==== ATTENTION
Task: {A8A89EEC-0B38-4195-AAE3-22E465139F18} - System32\Tasks\TVT\TVSUUpdateTask_UserLogOn => C:\Program Files (x86)\Lenovo\System Update\tvsuShim.exe [1758488 2019-08-01] (Lenovo -> )
Task: {B2530848-2184-48D2-8816-BB32DCC5B7A3} - System32\Tasks\SmartDefrag_Startup => C:\Program Files (x86)\IObit\Smart Defrag\SmartDefrag.exe [5849872 2019-07-05] (IObit Information Technology -> IObit)
Task: {BB8D3D5A-8F5E-492C-B25D-D17D8E62BACB} - System32\Tasks\ASC12_SkipUac_lenovo => C:\Program Files (x86)\IObit\Advanced SystemCare\ASC.exe [8737040 2019-09-09] (IObit Information Technology -> IObit)
Task: {CD0E2D8C-EA54-4278-BF91-7E22FB8106DA} - System32\Tasks\Lenovo\Lenovo Solution Center Launcher => C:\Program Files\Lenovo\Lenovo Solution Center\App\LSC.Services.UpdateStatusService.exe [264984 2017-06-09] (Lenovo -> )
Task: {D6C03FC2-0E94-4B46-96E5-6F7B817AF0FB} - System32\Tasks\GarminUpdaterTask => C:\Program Files (x86)\Garmin\Express SelfUpdater\ExpressSelfUpdater.exe [39920 2018-10-24] (Garmin International, Inc. -> )
Task: {E51E9B54-E78B-4B2E-90CE-B1E6D4E5EB23} - System32\Tasks\DropboxUpdateTaskMachineUA => C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe [143144 2018-01-08] (Dropbox, Inc -> Dropbox, Inc.)
Task: {E610A486-5EFF-4EAD-B8EB-A79031401E15} - System32\Tasks\Microsoft\Office\Office Feature Updates => C:\Program Files\Microsoft Office\root\Office16\sdxhelper.exe [156432 2019-10-26] (Microsoft Corporation -> Microsoft Corporation)
Task: {E9F09F56-5771-4B49-A34D-01091F438693} - System32\Tasks\Microsoft\Office\OfficeBackgroundTaskHandlerRegistration => C:\Program Files\Microsoft Office\root\Office16\officebackgroundtaskhandler.exe [2170264 2019-10-26] (Microsoft Corporation -> Microsoft Corporation)
Task: {EDBE8AF9-9EB8-4F7A-B266-F019EEDB8249} - System32\Tasks\Software Updater Scheduler => C:\Program Files (x86)\IObit\Software Updater\SUInit.exe [1791248 2019-08-16] (IObit Information Technology -> IObit Software updater) <==== ATTENTION
Task: {EDCD1D72-E631-4920-82F6-93B3FCED2EEE} - System32\Tasks\SU_AutoUpdate => C:\Program Files (x86)\IObit\Software Updater\SoftwareUpdater.exe [4177680 2019-08-23] (IObit Information Technology -> IObit)
Task: {F2C32B0D-F054-4184-83EE-E8F2F25A1182} - System32\Tasks\Lenovo\LSC\LSCHardwareScan => C:\Program Files\Lenovo\Lenovo Solution Center\LSC.exe [10197784 2017-06-09] (Lenovo -> Lenovo)
Task: {FA94A395-BF47-458B-A103-E9191925796D} - System32\Tasks\Synaptics TouchPad Enhancements => \Program Files\Synaptics\SynTP\SynTPEnh.exe [4378152 2019-06-27] (Synaptics Incorporated -> Synaptics Incorporated)
Task: {FADB819C-F4DC-4406-B2B6-42F7C96BADF9} - System32\Tasks\Lenovo\LSC\Lenovo Solution Center Notifications => C:\Program Files\Lenovo\Lenovo Solution Center\LSCNotify.exe [1321240 2017-06-09] (Lenovo -> Lenovo)
Task: {FBB0147C-21EF-4A47-B953-8EDC3C00922C} - System32\Tasks\Avast Software\Overseer => C:\Program Files\Common Files\Avast Software\Overseer\overseer.exe [1873288 2019-09-18] (AVAST Software s.r.o. -> AVAST Software)
 
(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)
 
Task: C:\Windows\Tasks\DropboxUpdateTaskMachineCore.job => C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe
Task: C:\Windows\Tasks\DropboxUpdateTaskMachineUA.job => C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe
 
==================== Internet (Whitelisted) ====================
 
(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
 
Tcpip\Parameters: [DhcpNameServer] 192.168.1.254
Tcpip\..\Interfaces\{7B3FE18B-0D6B-48C7-A516-5034C738F5A2}: [NameServer] 1.1.1.1,8.8.8.8
Tcpip\..\Interfaces\{7B3FE18B-0D6B-48C7-A516-5034C738F5A2}: [DhcpNameServer] 192.168.1.254
 
Internet Explorer:
==================
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = hxxps://uk.search.yahoo.com/yhs/web?hspart=iry&hsimp=yhs-fullyhosted_003&type=wncy_iobitfs_17_23&param1=1&param2=f%3D1%26b%3DIE%26cc%3Dgb%26pa%3Dwincy%26cd%3D2XzuyEtN2Y1L1Qzu0EtD0D0ByDyDzytDzz0E0Czz0B0F0EyDtN0D0Tzu0StCzyzztBtN1L2XzutAtFtBzytFtAtFyByDtN1L1Czu1ByEtN1L1G1B1V1N2Y1L1Qzu2StDtB0B0C0D0EtC0DtGtA0B0B0BtGtCzzyD0CtGtDyEyCyDtGtCtA0FzytByEtCyCyE0B0EtB2QtN1M1F1B2Z1V1N2Y1L1Qzu2S0CtAyDzyyCtBtC0DtG0BtAtBtBtGyEyEtBzztGzy0EtD0DtGyDtAzz0F0CtByCtByEyE0F0E2QtN0A0LzuyE%26cr%3D1833779635%26a%3Dwncy_iobitfs_17_23%26os_ver%3D6.1%26os%3DWindows%2B7%2BUltimate
HKU\S-1-5-21-3575293515-844785542-2696234256-1000\Software\Microsoft\Internet Explorer\Main,Search Page = hxxps://www.google.com/search?trackid=sp-006&q={searchTerms}
SearchScopes: HKLM -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxps://uk.search.yahoo.com/yhs/search?hspart=iry&hsimp=yhs-fullyhosted_003&type=wncy_iobitfs_16_41&param1=1&param2=f%3D4%26b%3DIE%26cc%3Dgb%26pa%3Dwincy%26cd%3D2XzuyEtN2Y1L1Qzu0EtD0D0ByDyDzytDzz0E0Czz0B0F0EyDtN0D0Tzu0StCyByEzztN1L2XzutAtFtByEtFtByCtFyDtDtN1L1Czu1ByEtN1L1G1B1V1N2Y1L1Qzu2SyD0EyEtCtA0FtAtCtGyCtC0DtDtG0F0B0AyBtGtC0AyByDtGtAtBzyyDtAtAtD0BtCtB0E0B2QtN1M1F1B2Z1V1N2Y1L1Qzu2S0CtAyDzyyCtBtC0DtG0BtAtBtBtGyEyEtBzztGzy0EtD0DtGyDtAzz0F0CtByCtByEyE0F0E2QtN0A0LzuyEtN1B2Z1V1T1S1NzutCtDyEzyyD%26cr%3D775398792%26a%3Dwncy_iobitfs_16_41%26os_ver%3D6.1%26os%3DWindows%2B7%2BUltimate&p={searchTerms}
SearchScopes: HKLM -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxps://uk.search.yahoo.com/yhs/search?hspart=iry&hsimp=yhs-fullyhosted_003&type=wncy_iobitfs_16_41&param1=1&param2=f%3D4%26b%3DIE%26cc%3Dgb%26pa%3Dwincy%26cd%3D2XzuyEtN2Y1L1Qzu0EtD0D0ByDyDzytDzz0E0Czz0B0F0EyDtN0D0Tzu0StCyByEzztN1L2XzutAtFtByEtFtByCtFyDtDtN1L1Czu1ByEtN1L1G1B1V1N2Y1L1Qzu2SyD0EyEtCtA0FtAtCtGyCtC0DtDtG0F0B0AyBtGtC0AyByDtGtAtBzyyDtAtAtD0BtCtB0E0B2QtN1M1F1B2Z1V1N2Y1L1Qzu2S0CtAyDzyyCtBtC0DtG0BtAtBtBtGyEyEtBzztGzy0EtD0DtGyDtAzz0F0CtByCtByEyE0F0E2QtN0A0LzuyEtN1B2Z1V1T1S1NzutCtDyEzyyD%26cr%3D775398792%26a%3Dwncy_iobitfs_16_41%26os_ver%3D6.1%26os%3DWindows%2B7%2BUltimate&p={searchTerms}
SearchScopes: HKLM -> {E9410C70-B6AE-41FF-AB71-32F4B279EA5F} URL = hxxps://uk.search.yahoo.com/yhs/search?hspart=iry&hsimp=yhs-fullyhosted_003&type=wncy_iobitfs_17_23&param1=1&param2=f%3D4%26b%3DIE%26cc%3Dgb%26pa%3Dwincy%26cd%3D2XzuyEtN2Y1L1Qzu0EtD0D0ByDyDzytDzz0E0Czz0B0F0EyDtN0D0Tzu0StCzyzztBtN1L2XzutAtFtBzytFtAtFyByDtN1L1Czu1ByEtN1L1G1B1V1N2Y1L1Qzu2StDtB0B0C0D0EtC0DtGtA0B0B0BtGtCzzyD0CtGtDyEyCyDtGtCtA0FzytByEtCyCyE0B0EtB2QtN1M1F1B2Z1V1N2Y1L1Qzu2S0CtAyDzyyCtBtC0DtG0BtAtBtBtGyEyEtBzztGzy0EtD0DtGyDtAzz0F0CtByCtByEyE0F0E2QtN0A0LzuyE%26cr%3D1833779635%26a%3Dwncy_iobitfs_17_23%26os_ver%3D6.1%26os%3DWindows%2B7%2BUltimate&p={searchTerms}
SearchScopes: HKLM-x32 -> DefaultScope {E9410C70-B6AE-41FF-AB71-32F4B279EA5F} URL = hxxps://uk.search.yahoo.com/yhs/search?hspart=iry&hsimp=yhs-fullyhosted_003&type=wncy_iobitfs_17_23&param1=1&param2=f%3D4%26b%3DIE%26cc%3Dgb%26pa%3Dwincy%26cd%3D2XzuyEtN2Y1L1Qzu0EtD0D0ByDyDzytDzz0E0Czz0B0F0EyDtN0D0Tzu0StCzyzztBtN1L2XzutAtFtBzytFtAtFyByDtN1L1Czu1ByEtN1L1G1B1V1N2Y1L1Qzu2StDtB0B0C0D0EtC0DtGtA0B0B0BtGtCzzyD0CtGtDyEyCyDtGtCtA0FzytByEtCyCyE0B0EtB2QtN1M1F1B2Z1V1N2Y1L1Qzu2S0CtAyDzyyCtBtC0DtG0BtAtBtBtGyEyEtBzztGzy0EtD0DtGyDtAzz0F0CtByCtByEyE0F0E2QtN0A0LzuyE%26cr%3D1833779635%26a%3Dwncy_iobitfs_17_23%26os_ver%3D6.1%26os%3DWindows%2B7%2BUltimate&p={searchTerms}
SearchScopes: HKLM-x32 -> {2211d4a5-48d0-47f5-a7cd-81e861470f7f} URL = hxxps://www.google.com/search?trackid=sp-006&q={searchTerms}
SearchScopes: HKLM-x32 -> {E9410C70-B6AE-41FF-AB71-32F4B279EA5F} URL = hxxps://uk.search.yahoo.com/yhs/search?hspart=iry&hsimp=yhs-fullyhosted_003&type=wncy_iobitfs_17_23&param1=1&param2=f%3D4%26b%3DIE%26cc%3Dgb%26pa%3Dwincy%26cd%3D2XzuyEtN2Y1L1Qzu0EtD0D0ByDyDzytDzz0E0Czz0B0F0EyDtN0D0Tzu0StCzyzztBtN1L2XzutAtFtBzytFtAtFyByDtN1L1Czu1ByEtN1L1G1B1V1N2Y1L1Qzu2StDtB0B0C0D0EtC0DtGtA0B0B0BtGtCzzyD0CtGtDyEyCyDtGtCtA0FzytByEtCyCyE0B0EtB2QtN1M1F1B2Z1V1N2Y1L1Qzu2S0CtAyDzyyCtBtC0DtG0BtAtBtBtGyEyEtBzztGzy0EtD0DtGyDtAzz0F0CtByCtByEyE0F0E2QtN0A0LzuyE%26cr%3D1833779635%26a%3Dwncy_iobitfs_17_23%26os_ver%3D6.1%26os%3DWindows%2B7%2BUltimate&p={searchTerms}
SearchScopes: HKU\S-1-5-21-3575293515-844785542-2696234256-1000 -> {2211d4a5-48d0-47f5-a7cd-81e861470f7f} URL = hxxps://www.google.com/search?trackid=sp-006&q={searchTerms}
SearchScopes: HKU\S-1-5-21-3575293515-844785542-2696234256-1000 -> {95B7759C-8C7F-4BF1-B163-73684A933233} URL = hxxps://mysearch.avg.com/search?cid={CB0D8B0E-F7AA-438B-B4C9-000BCA19CE75}&mid=85b852bd206147cdb185755e7761e5eb-38090134b81d7cd71d07cdcdf6f00aad59ab94a0&lang=en&ds=AVG&coid=avgtbavg&cmpid=0215pit&pr=fr&d=2015-04-29 12:41:36&v=4.1.0.411&pid=wtu&sg=&sap=dsp&q={searchTerms}
SearchScopes: HKU\S-1-5-21-3575293515-844785542-2696234256-1000 -> {E9410C70-B6AE-41FF-AB71-32F4B279EA5F} URL = hxxps://uk.search.yahoo.com/yhs/search?hspart=iry&hsimp=yhs-fullyhosted_003&type=wncy_iobitfs_17_23&param1=1&param2=f%3D4%26b%3DIE%26cc%3Dgb%26pa%3Dwincy%26cd%3D2XzuyEtN2Y1L1Qzu0EtD0D0ByDyDzytDzz0E0Czz0B0F0EyDtN0D0Tzu0StCzyzztBtN1L2XzutAtFtBzytFtAtFyByDtN1L1Czu1ByEtN1L1G1B1V1N2Y1L1Qzu2StDtB0B0C0D0EtC0DtGtA0B0B0BtGtCzzyD0CtGtDyEyCyDtGtCtA0FzytByEtCyCyE0B0EtB2QtN1M1F1B2Z1V1N2Y1L1Qzu2S0CtAyDzyyCtBtC0DtG0BtAtBtBtGyEyEtBzztGzy0EtD0DtGyDtAzz0F0CtByCtByEyE0F0E2QtN0A0LzuyE%26cr%3D1833779635%26a%3Dwncy_iobitfs_17_23%26os_ver%3D6.1%26os%3DWindows%2B7%2BUltimate&p={searchTerms}
BHO: ExplorerWnd Helper -> {10921475-03CE-4E04-90CE-E2E7EF20C814} -> C:\Program Files (x86)\IObit\IObit Uninstaller\UninstallExplorer.dll [2019-06-20] (IObit Information Technology -> IObit)
BHO: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files\Microsoft Office\root\Office16\URLREDIR.DLL [2019-10-05] (Microsoft Corporation -> Microsoft Corporation)
BHO-x32: Skype for Business Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files\Microsoft Office\root\VFS\ProgramFilesX86\Microsoft Office\Office16\OCHelper.dll [2019-04-06] (Microsoft Corporation -> Microsoft Corporation)
BHO-x32: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files\Microsoft Office\root\VFS\ProgramFilesX86\Microsoft Office\Office16\URLREDIR.DLL [2019-10-05] (Microsoft Corporation -> Microsoft Corporation)
BHO-x32: IObit Surfing Protection -> {BA0C978D-D909-49B6-AFE2-8BDE245DC7E6} -> C:\Program Files (x86)\IObit\Advanced SystemCare\Surfing Protection\BrowerProtect\ASCPlugin_Protection.dll [2019-03-28] (IObit Information Technology -> IObit)
Handler: mso-minsb-roaming.16 - {83C25742-A9F7-49FB-9138-434302C88D07} - C:\Program Files\Microsoft Office\root\Office16\MSOSB.DLL [2019-10-05] (Microsoft Corporation -> Microsoft Corporation)
Handler-x32: mso-minsb-roaming.16 - {83C25742-A9F7-49FB-9138-434302C88D07} - C:\Program Files\Microsoft Office\root\VFS\ProgramFilesX86\Microsoft Office\Office16\MSOSB.DLL [2019-10-05] (Microsoft Corporation -> Microsoft Corporation)
Handler: mso-minsb.16 - {42089D2D-912D-4018-9087-2B87803E93FB} - C:\Program Files\Microsoft Office\root\Office16\MSOSB.DLL [2019-10-05] (Microsoft Corporation -> Microsoft Corporation)
Handler-x32: mso-minsb.16 - {42089D2D-912D-4018-9087-2B87803E93FB} - C:\Program Files\Microsoft Office\root\VFS\ProgramFilesX86\Microsoft Office\Office16\MSOSB.DLL [2019-10-05] (Microsoft Corporation -> Microsoft Corporation)
Handler: osf-roaming.16 - {42089D2D-912D-4018-9087-2B87803E93FB} - C:\Program Files\Microsoft Office\root\Office16\MSOSB.DLL [2019-10-05] (Microsoft Corporation -> Microsoft Corporation)
Handler-x32: osf-roaming.16 - {42089D2D-912D-4018-9087-2B87803E93FB} - C:\Program Files\Microsoft Office\root\VFS\ProgramFilesX86\Microsoft Office\Office16\MSOSB.DLL [2019-10-05] (Microsoft Corporation -> Microsoft Corporation)
Handler: osf.16 - {5504BE45-A83B-4808-900A-3A5C36E7F77A} - C:\Program Files\Microsoft Office\root\Office16\MSOSB.DLL [2019-10-05] (Microsoft Corporation -> Microsoft Corporation)
Handler-x32: osf.16 - {5504BE45-A83B-4808-900A-3A5C36E7F77A} - C:\Program Files\Microsoft Office\root\VFS\ProgramFilesX86\Microsoft Office\Office16\MSOSB.DLL [2019-10-05] (Microsoft Corporation -> Microsoft Corporation)
 
FireFox:
========
FF DefaultProfile: eny2y7ey.default
FF ProfilePath: C:\Users\lenovo\AppData\Roaming\Mozilla\Firefox\Profiles\5gkk1aui.default-release [2019-10-30]
FF Extension: (IObit Surfing Protection & Ads Removal) - C:\Users\lenovo\AppData\Roaming\Mozilla\Firefox\Profiles\5gkk1aui.default-release\Extensions\[email protected] [2019-03-26]
FF Extension: (Avast Online Security) - C:\Users\lenovo\AppData\Roaming\Mozilla\Firefox\Profiles\5gkk1aui.default-release\Extensions\[email protected] [2019-10-04]
FF ProfilePath: C:\Users\lenovo\AppData\Roaming\Mozilla\Firefox\Profiles\eny2y7ey.default [2019-10-30]
FF user.js: detected! => C:\Users\lenovo\AppData\Roaming\Mozilla\Firefox\Profiles\eny2y7ey.default\user.js [2018-03-22]
FF Homepage: Mozilla\Firefox\Profiles\eny2y7ey.default -> hxxps://www.facebook.com/|hxxps://outlook.live.com/owa/|hxxps://accounts.google.com/signin/v2/identifier?service=cl&passive=1209600&osid=1&continue=https%3A%2F%2Fcalendar.google.com%2Fcalendar%2Frender&followup=https%3A%2F%2Fcalendar.google.com%2Fcalendar%2Frender&scc=1&flowName=GlifWebSignIn&flowEntry=ServiceLogin
FF Extension: (IObit Surfing Protection & Ads Removal) - C:\Users\lenovo\AppData\Roaming\Mozilla\Firefox\Profiles\eny2y7ey.default\Extensions\[email protected] [2019-03-26]
FF Extension: (Avast SafePrice | Comparison, deals, coupons) - C:\Users\lenovo\AppData\Roaming\Mozilla\Firefox\Profiles\eny2y7ey.default\Extensions\[email protected] [2019-04-11] [UpdateUrl:hxxps://firefoxext.avcdn.net/firefoxext/avast/sp/update.json]
FF Extension: (Avast Online Security) - C:\Users\lenovo\AppData\Roaming\Mozilla\Firefox\Profiles\eny2y7ey.default\Extensions\[email protected] [2019-10-07]
FF Extension: (Flash and Video Download) - C:\Users\lenovo\AppData\Roaming\Mozilla\Firefox\Profiles\eny2y7ey.default\Extensions\{bee6eb20-01e0-ebd1-da83-080329fb9a3a}.xpi [2018-08-29]
FF Extension: (Flash Video Player for Facebook™) - C:\Users\lenovo\AppData\Roaming\Mozilla\Firefox\Profiles\eny2y7ey.default\Extensions\{d0bfdcce-52c7-4b32-bb45-948f62db8d3f}.xpi [2018-02-16]
FF HKU\S-1-5-21-3575293515-844785542-2696234256-1000\...\Firefox\Extensions: [{F74D5734-46F5-4B16-96F0-1E7FBF41B750}] - C:\Program Files (x86)\Lenovo\Password Manager\PWM Firefox Extension\2.0b12
FF Extension: (ThinkVantage Password Manager) - C:\Program Files (x86)\Lenovo\Password Manager\PWM Firefox Extension\2.0b12 [2017-12-14] [Legacy] [not signed]
FF Plugin: @microsoft.com/GENUINE -> disabled [No File]
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.50918.0\npctrl.dll [2018-10-23] (Microsoft Corporation ->  Microsoft Corporation)
FF Plugin: @microsoft.com/SharePoint,version=14.0 -> C:\Program Files\Microsoft Office\root\Office16\NPSPWRAP.DLL [2019-07-01] (Microsoft Corporation -> Microsoft Corporation)
FF Plugin-x32: @adobe.com/ShockwavePlayer -> C:\Windows\SysWOW64\Adobe\Director\np32dsw_1235205.dll [2019-03-15] (Adobe Systems, Inc.) [File not signed]
FF Plugin-x32: @microsoft.com/GENUINE -> disabled [No File]
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files (x86)\Microsoft Silverlight\5.1.50918.0\npctrl.dll [2018-10-23] (Microsoft Corporation ->  Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\Program Files\Microsoft Office\root\VFS\ProgramFilesX86\Microsoft Office\Office16\NPSPWRAP.DLL [2019-04-06] (Microsoft Corporation -> Microsoft Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.35.302\npGoogleUpdate3.dll [2019-10-08] (Google Inc -> Google LLC)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.35.302\npGoogleUpdate3.dll [2019-10-08] (Google Inc -> Google LLC)
 
Chrome: 
=======
CHR HomePage: Default -> msn.com
CHR DefaultSearchURL: Default -> hxxps://www.bing.com/search?FORM=U452DF&PC=U452&q={searchTerms}
CHR DefaultSuggestURL: Default -> hxxps://www.bing.com/osjson.aspx?FORM=U452DF&PC=U452&query={searchTerms}
CHR Profile: C:\Users\lenovo\AppData\Local\Google\Chrome\User Data\Default [2019-10-30]
CHR Extension: (Slides) - C:\Users\lenovo\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2019-04-07]
CHR Extension: (MSN Homepage & Bing Search Engine) - C:\Users\lenovo\AppData\Local\Google\Chrome\User Data\Default\Extensions\aodojjhnfnfhaplflfohfddffmjkdjak [2019-07-29]
CHR Extension: (Docs) - C:\Users\lenovo\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2019-04-07]
CHR Extension: (Google Drive) - C:\Users\lenovo\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2019-04-07]
CHR Extension: (YouTube) - C:\Users\lenovo\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2019-04-07]
CHR Extension: (Sheets) - C:\Users\lenovo\AppData\Local\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2019-04-07]
CHR Extension: (Google Docs Offline) - C:\Users\lenovo\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2019-04-07]
CHR Extension: (Avast Online Security) - C:\Users\lenovo\AppData\Local\Google\Chrome\User Data\Default\Extensions\gomekmidlodglbbmalcneegieacbdmki [2019-07-16]
CHR Extension: (Apple iTunes For PC) - C:\Users\lenovo\AppData\Local\Google\Chrome\User Data\Default\Extensions\jokpjmmholmjcknnpplenafffabgkobb [2019-10-11]
CHR Extension: (Chrome Web Store Payments) - C:\Users\lenovo\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2019-10-04]
CHR Extension: (Gmail) - C:\Users\lenovo\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2019-04-07]
CHR Extension: (Chrome Media Router) - C:\Users\lenovo\AppData\Local\Google\Chrome\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm [2019-10-30]
CHR HKLM-x32\...\Chrome\Extension: [gomekmidlodglbbmalcneegieacbdmki] - hxxps://clients2.google.com/service/update2/crx
 
==================== Services (Whitelisted) ===================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
R2 AdvancedSystemCareService12; C:\Program Files (x86)\IObit\Advanced SystemCare\ASCService.exe [1266448 2019-09-10] (IObit Information Technology -> IObit)
S3 Agent; C:\Program Files\Agent\Agent.exe [1643096 2018-06-15] (DEVELOPER IN A BOX (THE PLAYFUL GROUP PTY LTD) -> DeveloperInABox)
R3 aswbIDSAgent; C:\Program Files\AVAST Software\Avast\aswidsagent.exe [6085360 2019-10-03] (AVAST Software s.r.o. -> AVAST Software)
R2 avast! Antivirus; C:\Program Files\AVAST Software\Avast\AvastSvc.exe [996880 2019-10-03] (AVAST Software s.r.o. -> AVAST Software)
R2 CleanupPSvc; C:\Program Files (x86)\AVAST Software\Avast Cleanup\TuneupSvc.exe [10287216 2019-07-27] (AVAST Software s.r.o. -> AVAST Software)
R2 ClickToRunSvc; C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exe [11636808 2019-10-18] (Microsoft Corporation -> Microsoft Corporation)
S2 dbupdate; C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe [143144 2018-01-08] (Dropbox, Inc -> Dropbox, Inc.)
S3 dbupdatem; C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe [143144 2018-01-08] (Dropbox, Inc -> Dropbox, Inc.)
R2 DbxSvc; C:\Windows\system32\DbxSvc.exe [51024 2019-10-15] (Dropbox, Inc -> Dropbox, Inc.)
S3 IconMan_R; C:\Program Files (x86)\Realtek\Realtek PCIE Card Reader\RIconMan.exe [2375168 2011-03-07] (Realsil Microelectronics Inc.) [File not signed]
S2 IObitUnSvr; C:\Program Files (x86)\IObit\IObit Uninstaller\IUService.exe [156944 2019-08-23] (IObit Information Technology -> IObit)
R2 LPlatSvc; C:\Windows\system32\LPlatSvc.exe [774552 2018-07-14] (Lenovo -> Lenovo.)
R2 RtkAudioService; C:\Program Files\Realtek\Audio\HDA\RtkAudioService64.exe [199272 2011-05-18] (Realtek Semiconductor Corp -> Realtek Semiconductor)
R2 SecureLine; C:\Program Files\AVAST Software\SecureLine\VpnSvc.exe [6828424 2019-10-23] (AVAST Software s.r.o. -> AVAST Software)
R2 SynTPEnhService; C:\Program Files\Synaptics\SynTP\SynTPEnhService.exe [268328 2019-06-27] (Synaptics Incorporated -> Synaptics Incorporated)
S3 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [1011712 2013-05-27] (Microsoft Windows -> Microsoft Corporation)
 
===================== Drivers (Whitelisted) ===================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
S3 AmUStor; C:\Windows\System32\drivers\AmUStor.SYS [90560 2018-05-17] (Alcorlink Corp. -> Alcorlink Corp.)
R3 AscFileFilter; C:\Program Files (x86)\IObit\Advanced SystemCare\drivers\win7_amd64\AscFileFilter.sys [25512 2018-09-20] (IObit Information Technology -> IObit)
R3 AscRegistryFilter; C:\Program Files (x86)\IObit\Advanced SystemCare\drivers\win7_amd64\AscRegistryFilter.sys [25000 2018-07-04] (IObit Information Technology -> IObit)
R0 aswArDisk; C:\Windows\System32\drivers\aswArDisk.sys [37616 2019-10-03] (AVAST Software s.r.o. -> AVAST Software)
R1 aswArPot; C:\Windows\System32\drivers\aswArPot.sys [204824 2019-10-03] (AVAST Software s.r.o. -> AVAST Software)
R1 aswbidsdriver; C:\Windows\System32\drivers\aswbidsdriver.sys [274456 2019-10-03] (AVAST Software s.r.o. -> AVAST Software)
R0 aswbidsh; C:\Windows\System32\drivers\aswbidsh.sys [209552 2019-10-03] (AVAST Software s.r.o. -> AVAST Software)
R0 aswbuniv; C:\Windows\System32\drivers\aswbuniv.sys [65120 2019-10-03] (AVAST Software s.r.o. -> AVAST Software)
R1 aswHdsKe; C:\Windows\System32\drivers\aswHdsKe.sys [276952 2019-10-03] (AVAST Software s.r.o. -> AVAST Software)
R1 aswKbd; C:\Windows\System32\drivers\aswKbd.sys [42736 2019-10-03] (AVAST Software s.r.o. -> AVAST Software)
R2 aswMonFlt; C:\Windows\System32\drivers\aswMonFlt.sys [171520 2019-10-03] (AVAST Software s.r.o. -> AVAST Software)
R1 aswRdr; C:\Windows\System32\drivers\aswRdr2.sys [110320 2019-10-03] (AVAST Software s.r.o. -> AVAST Software)
R0 aswRvrt; C:\Windows\System32\drivers\aswRvrt.sys [83792 2019-10-03] (AVAST Software s.r.o. -> AVAST Software)
R1 aswSnx; C:\Windows\System32\drivers\aswSnx.sys [848432 2019-10-03] (AVAST Software s.r.o. -> AVAST Software)
R1 aswSP; C:\Windows\System32\drivers\aswSP.sys [460448 2019-10-03] (AVAST Software s.r.o. -> AVAST Software)
R2 aswStm; C:\Windows\System32\drivers\aswStm.sys [236024 2019-10-03] (AVAST Software s.r.o. -> AVAST Software)
R0 aswVmm; C:\Windows\System32\drivers\aswVmm.sys [316528 2019-10-03] (AVAST Software s.r.o. -> AVAST Software)
R3 cpuz143; C:\Windows\temp\cpuz143\cpuz143_x64.sys [48960 2019-10-30] (CPUID -> CPUID)
R1 HWiNFO32; C:\Windows\SysWOW64\drivers\HWiNFO64A.SYS [27552 2018-01-08] (Martin Malik - REALiX -> REALiX™)
R3 iobit_monitor_server; C:\Program Files (x86)\IObit\Advanced SystemCare\drivers\Monitor_win7_x64.sys [14680 2018-07-04] (IObit Information Technology -> IObit)
R3 IUFileFilter; C:\Program Files (x86)\IObit\IObit Uninstaller\drivers\win7_amd64\IUFileFilter.sys [25992 2019-07-30] (IObit CO., LTD -> IObit)
R3 IUProcessFilter; C:\Program Files (x86)\IObit\IObit Uninstaller\drivers\win7_amd64\IUProcessFilter.sys [19280 2019-07-30] (IObit CO., LTD -> IObit)
R3 IURegistryFilter; C:\Program Files (x86)\IObit\IObit Uninstaller\drivers\win7_amd64\IURegistryFilter.sys [31648 2019-07-30] (IObit CO., LTD -> IObit)
R3 NETwNs64; C:\Windows\System32\DRIVERS\NETwsw01.sys [11534096 2018-01-08] (Intel Corporation-Wireless Connectivity Solutions -> Intel Corporation)
R0 PMDRVS; C:\Windows\System32\DRIVERS\pmdrvs.sys [43208 2018-07-14] (Lenovo -> Lenovo.)
S3 RtlvVga; C:\Windows\System32\DRIVERS\RtlvVga.sys [11920 2014-03-18] (Realtek Semiconductor Corp -> Realtek Semiconductor Corporation )
R0 SmartDefragDriver; C:\Windows\System32\Drivers\SmartDefragDriver.sys [30744 2017-03-09] (IObit Information Technology -> IObit)
S3 SmbDrvI; C:\Windows\System32\DRIVERS\Smb_driver_Intel.sys [45296 2014-07-28] (Synaptics Incorporated -> Synaptics Incorporated)
S3 tapsurfshark; C:\Windows\System32\DRIVERS\tapsurfshark.sys [36544 2019-05-22] (Surfshark Ltd. -> The OpenVPN Project)
S4 IMFMBRProtect; \??\C:\Program Files (x86)\IObit\IObit Malware Fighter\drivers\win7_amd64\IMFMBRProtect.sys [X]
S4 IMFSafeBox; \??\C:\Program Files (x86)\IObit\IObit Malware Fighter\drivers\win7_amd64\IMFSafeBox.sys [X]
 
==================== NetSvcs (Whitelisted) ===================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
 
==================== One month (created) ===================
 
(If an entry is included in the fixlist, the file/folder will be moved.)
 
2019-10-30 19:13 - 2019-10-30 19:17 - 000038808 _____ C:\Users\lenovo\Downloads\FRST.txt
2019-10-30 19:08 - 2019-10-30 19:17 - 000000000 ____D C:\FRST
2019-10-30 19:07 - 2019-10-30 19:08 - 001619456 _____ (Farbar) C:\Users\lenovo\Downloads\FRST64.exe
2019-10-30 16:11 - 2019-10-30 16:11 - 001802704 _____ (Bleeping Computer, LLC) C:\Users\lenovo\Downloads\rkill.exe
2019-10-30 13:45 - 2019-10-30 13:45 - 000000000 ____D C:\Users\lenovo\AppData\Local\GoToAssist Remote Support Customer
2019-10-30 09:39 - 2019-10-30 09:39 - 000000000 ____H C:\asc_rdflag
2019-10-28 20:02 - 2019-10-29 11:40 - 000000000 ____D C:\Program Files\Mozilla Firefox
2019-10-27 21:33 - 2019-10-30 18:54 - 000000000 ____D C:\Program Files (x86)\Mozilla Firefox
2019-10-27 21:04 - 2019-10-27 21:27 - 000000000 ____D C:\Users\lenovo\Documents\Micks Photos
2019-10-26 09:38 - 2019-10-26 09:42 - 002310656 _____ C:\Users\lenovo\Documents\homeo.pub
2019-10-22 19:53 - 2019-10-22 19:53 - 000058953 _____ C:\Users\lenovo\Desktop\business sign.pdf
2019-10-19 13:39 - 2019-10-11 02:22 - 000338944 _____ (Microsoft Corporation) C:\Windows\system32\sipnotify.exe
2019-10-19 13:10 - 2019-10-19 13:10 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Dropbox
2019-10-17 11:26 - 2019-10-17 11:26 - 002863104 _____ (Microsoft Corporation) C:\Windows\system32\aitstatic.exe
2019-10-17 11:26 - 2019-10-17 11:26 - 001717760 _____ (Microsoft Corporation) C:\Windows\system32\appraiser.dll
2019-10-17 11:26 - 2019-10-17 11:26 - 000802816 _____ (Microsoft Corporation) C:\Windows\system32\generaltel.dll
2019-10-17 11:26 - 2019-10-17 11:26 - 000738816 _____ (Microsoft Corporation) C:\Windows\system32\aeinv.dll
2019-10-17 11:26 - 2019-10-17 11:26 - 000634368 _____ (Microsoft Corporation) C:\Windows\system32\devinv.dll
2019-10-17 11:26 - 2019-10-17 11:26 - 000503808 _____ (Microsoft Corporation) C:\Windows\system32\centel.dll
2019-10-17 11:26 - 2019-10-17 11:26 - 000456704 _____ (Microsoft Corporation) C:\Windows\system32\invagent.dll
2019-10-17 11:26 - 2019-10-17 11:26 - 000315904 _____ (Microsoft Corporation) C:\Windows\system32\acmigration.dll
2019-10-17 11:26 - 2019-10-17 11:26 - 000257024 _____ (Microsoft Corporation) C:\Windows\system32\aepic.dll
2019-10-17 11:26 - 2019-10-17 11:26 - 000162016 _____ (Microsoft Corporation) C:\Windows\system32\CompatTelRunner.exe
2019-10-17 11:26 - 2019-10-17 11:26 - 000110592 _____ (Microsoft Corporation) C:\Windows\system32\userenv.dll
2019-10-17 11:26 - 2019-10-17 11:26 - 000083968 _____ (Microsoft Corporation) C:\Windows\SysWOW64\userenv.dll
2019-10-17 11:26 - 2019-10-17 11:26 - 000002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\tzres.dll
2019-10-17 11:26 - 2019-10-17 11:26 - 000002048 _____ (Microsoft Corporation) C:\Windows\system32\tzres.dll
2019-10-17 10:33 - 2019-10-17 10:33 - 000116224 _____ C:\Users\lenovo\Desktop\business sign.pub
2019-10-15 18:05 - 2019-10-15 18:05 - 000051024 _____ (Dropbox, Inc.) C:\Windows\system32\DbxSvc.exe
2019-10-15 18:05 - 2019-10-15 18:05 - 000047600 _____ (Dropbox, Inc.) C:\Windows\system32\Drivers\dbx-stable.sys
2019-10-15 18:05 - 2019-10-15 18:05 - 000047600 _____ (Dropbox, Inc.) C:\Windows\system32\Drivers\dbx-dev.sys
2019-10-15 18:05 - 2019-10-15 18:05 - 000047600 _____ (Dropbox, Inc.) C:\Windows\system32\Drivers\dbx-canary.sys
2019-10-11 17:13 - 2019-10-11 17:27 - 000000000 ____D C:\Users\lenovo\AppData\Local\Microsoft Corporation
2019-10-11 17:11 - 2019-10-11 17:11 - 000002165 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows 7 Upgrade Advisor.lnk
2019-10-11 17:11 - 2019-10-11 17:11 - 000002153 _____ C:\Users\Public\Desktop\Windows 7 Upgrade Advisor.lnk
2019-10-11 17:11 - 2019-10-11 17:11 - 000002153 _____ C:\ProgramData\Desktop\Windows 7 Upgrade Advisor.lnk
2019-10-11 17:11 - 2019-10-11 17:11 - 000000000 ____D C:\Program Files (x86)\Microsoft Windows 7 Upgrade Advisor
2019-10-11 17:10 - 2019-10-11 17:10 - 008669472 _____ (Microsoft Corporation) C:\Users\lenovo\Downloads\Windows7UpgradeAdvisorSetup.exe
2019-10-11 15:26 - 2019-10-11 15:26 - 005732464 _____ (Microsoft Corporation) C:\Users\lenovo\Downloads\Setup.Def.en-US_O365HomePremRetail_063c3c93-2096-4d2e-91b8-5b89a4c7c72a_TX_DB_storeid_CFQ7TTC0K5DM_Platform_def_.exe
2019-10-08 20:57 - 2019-10-30 19:01 - 000002844 _____ C:\Windows\system32\Tasks\Driver Booster SkipUAC (lenovo)
2019-10-08 20:57 - 2019-10-08 20:57 - 000003096 _____ C:\Windows\system32\Tasks\Driver Booster Scheduler
2019-10-08 20:57 - 2019-10-08 20:57 - 000002272 _____ C:\Users\Public\Desktop\Driver Booster 7.lnk
2019-10-08 20:57 - 2019-10-08 20:57 - 000002272 _____ C:\ProgramData\Desktop\Driver Booster 7.lnk
2019-10-08 20:57 - 2019-10-08 20:57 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Driver Booster 7
2019-10-08 19:36 - 2019-10-06 04:12 - 025753088 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2019-10-08 19:36 - 2019-10-06 03:49 - 002909184 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2019-10-08 19:36 - 2019-10-06 03:47 - 000579584 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
2019-10-08 19:36 - 2019-10-06 03:36 - 000797696 _____ (Microsoft Corporation) C:\Windows\system32\jscript.dll
2019-10-08 19:36 - 2019-10-06 03:34 - 005500928 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2019-10-08 19:36 - 2019-10-06 03:32 - 020290048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2019-10-08 19:36 - 2019-10-06 03:18 - 000496128 _____ (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll
2019-10-08 19:36 - 2019-10-06 03:15 - 002302464 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2019-10-08 19:36 - 2019-10-06 03:10 - 000663552 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript.dll
2019-10-08 19:36 - 2019-10-06 03:05 - 000809472 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2019-10-08 19:36 - 2019-10-06 02:58 - 015413760 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2019-10-08 19:36 - 2019-10-06 02:57 - 004859904 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2019-10-08 19:36 - 2019-10-06 02:48 - 002058752 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
2019-10-08 19:36 - 2019-10-06 02:45 - 013808640 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2019-10-08 19:36 - 2019-10-06 02:45 - 001566208 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2019-10-08 19:36 - 2019-10-06 02:35 - 004387840 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2019-10-08 19:36 - 2019-10-06 02:32 - 001331712 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2019-10-08 19:36 - 2019-09-19 04:27 - 000168448 _____ (Microsoft Corporation) C:\Windows\system32\umpo.dll
2019-10-08 19:36 - 2019-09-17 02:28 - 001010176 _____ (Microsoft Corporation) C:\Windows\system32\user32.dll
2019-10-08 19:36 - 2019-09-17 02:28 - 000316928 _____ (Microsoft Corporation) C:\Windows\system32\msv1_0.dll
2019-10-08 19:36 - 2019-09-10 02:27 - 000383488 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wer.dll
2019-10-08 19:36 - 2019-09-10 02:24 - 001281536 _____ (Microsoft Corporation) C:\Windows\system32\werconcpl.dll
2019-10-08 19:36 - 2019-09-10 02:24 - 000486912 _____ (Microsoft Corporation) C:\Windows\system32\wer.dll
2019-10-08 19:36 - 2019-09-10 02:02 - 006135296 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mstscax.dll
2019-10-08 19:36 - 2019-09-10 01:54 - 003231744 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys
2019-10-08 19:36 - 2019-09-10 01:53 - 000416256 _____ (Microsoft Corporation) C:\Windows\system32\WerFault.exe
2019-10-08 19:36 - 2019-09-10 00:09 - 007082496 _____ (Microsoft Corporation) C:\Windows\system32\mstscax.dll
2019-10-08 19:36 - 2019-09-10 00:09 - 003187712 _____ (Microsoft Corporation) C:\Windows\system32\rdpcorets.dll
2019-10-08 19:35 - 2019-10-07 06:49 - 000390752 _____ (Microsoft Corporation) C:\Windows\system32\iedkcs32.dll
2019-10-08 19:35 - 2019-10-07 05:57 - 000341896 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iedkcs32.dll
2019-10-08 19:35 - 2019-10-06 04:00 - 002724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2019-10-08 19:35 - 2019-10-06 04:00 - 000004096 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollectorres.dll
2019-10-08 19:35 - 2019-10-06 03:48 - 000066560 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll
2019-10-08 19:35 - 2019-10-06 03:47 - 000417280 _____ (Microsoft Corporation) C:\Windows\system32\html.iec
2019-10-08 19:35 - 2019-10-06 03:47 - 000048640 _____ (Microsoft Corporation) C:\Windows\system32\ieetwproxystub.dll
2019-10-08 19:35 - 2019-10-06 03:46 - 000088064 _____ (Microsoft Corporation) C:\Windows\system32\MshtmlDac.dll
2019-10-08 19:35 - 2019-10-06 03:41 - 000054784 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2019-10-08 19:35 - 2019-10-06 03:40 - 000034304 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll
2019-10-08 19:35 - 2019-10-06 03:38 - 000615936 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2019-10-08 19:35 - 2019-10-06 03:37 - 000144384 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe
2019-10-08 19:35 - 2019-10-06 03:37 - 000116224 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollector.exe
2019-10-08 19:35 - 2019-10-06 03:36 - 000814080 _____ (Microsoft Corporation) C:\Windows\system32\jscript9diag.dll
2019-10-08 19:35 - 2019-10-06 03:31 - 000969216 _____ (Microsoft Corporation) C:\Windows\system32\MsSpellCheckingFacility.exe
2019-10-08 19:35 - 2019-10-06 03:28 - 002724864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2019-10-08 19:35 - 2019-10-06 03:28 - 000489984 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll
2019-10-08 19:35 - 2019-10-06 03:23 - 000077824 _____ (Microsoft Corporation) C:\Windows\system32\JavaScriptCollectionAgent.dll
2019-10-08 19:35 - 2019-10-06 03:22 - 000107520 _____ (Microsoft Corporation) C:\Windows\system32\inseng.dll
2019-10-08 19:35 - 2019-10-06 03:22 - 000087552 _____ (Microsoft Corporation) C:\Windows\system32\tdc.ocx
2019-10-08 19:35 - 2019-10-06 03:19 - 000199680 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll
2019-10-08 19:35 - 2019-10-06 03:19 - 000092160 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
2019-10-08 19:35 - 2019-10-06 03:18 - 000062464 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll
2019-10-08 19:35 - 2019-10-06 03:17 - 000341504 _____ (Microsoft Corporation) C:\Windows\SysWOW64\html.iec
2019-10-08 19:35 - 2019-10-06 03:17 - 000315392 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll
2019-10-08 19:35 - 2019-10-06 03:17 - 000047616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieetwproxystub.dll
2019-10-08 19:35 - 2019-10-06 03:16 - 000152064 _____ (Microsoft Corporation) C:\Windows\system32\occache.dll
2019-10-08 19:35 - 2019-10-06 03:16 - 000064000 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MshtmlDac.dll
2019-10-08 19:35 - 2019-10-06 03:12 - 000047104 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2019-10-08 19:35 - 2019-10-06 03:12 - 000030720 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll
2019-10-08 19:35 - 2019-10-06 03:11 - 000476160 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2019-10-08 19:35 - 2019-10-06 03:10 - 000620032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9diag.dll
2019-10-08 19:35 - 2019-10-06 03:10 - 000115712 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe
2019-10-08 19:35 - 2019-10-06 03:07 - 000262144 _____ (Microsoft Corporation) C:\Windows\system32\webcheck.dll
2019-10-08 19:35 - 2019-10-06 03:05 - 000728064 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2019-10-08 19:35 - 2019-10-06 03:03 - 002132992 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2019-10-08 19:35 - 2019-10-06 03:03 - 001359360 _____ (Microsoft Corporation) C:\Windows\system32\mshtmlmedia.dll
2019-10-08 19:35 - 2019-10-06 03:03 - 000416256 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtmsft.dll
2019-10-08 19:35 - 2019-10-06 03:00 - 000073216 _____ (Microsoft Corporation) C:\Windows\SysWOW64\tdc.ocx
2019-10-08 19:35 - 2019-10-06 03:00 - 000060416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\JavaScriptCollectionAgent.dll
2019-10-08 19:35 - 2019-10-06 02:59 - 000091136 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inseng.dll
2019-10-08 19:35 - 2019-10-06 02:57 - 000168960 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msrating.dll
2019-10-08 19:35 - 2019-10-06 02:56 - 000279040 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtrans.dll
2019-10-08 19:35 - 2019-10-06 02:56 - 000076288 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll
2019-10-08 19:35 - 2019-10-06 02:55 - 000130048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\occache.dll
2019-10-08 19:35 - 2019-10-06 02:53 - 004112384 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2019-10-08 19:35 - 2019-10-06 02:50 - 000230400 _____ (Microsoft Corporation) C:\Windows\SysWOW64\webcheck.dll
2019-10-08 19:35 - 2019-10-06 02:49 - 000696320 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2019-10-08 19:35 - 2019-10-06 02:48 - 001155072 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmlmedia.dll
2019-10-08 19:35 - 2019-10-06 02:34 - 000800768 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll
2019-10-08 19:35 - 2019-10-06 02:30 - 000710144 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dll
2019-10-08 19:35 - 2019-09-17 02:32 - 004060896 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntkrnlpa.exe
2019-10-08 19:35 - 2019-09-17 02:32 - 003966688 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntoskrnl.exe
2019-10-08 19:35 - 2019-09-17 02:32 - 000709856 _____ (Microsoft Corporation) C:\Windows\system32\winload.efi
2019-10-08 19:35 - 2019-09-17 02:32 - 000627424 _____ (Microsoft Corporation) C:\Windows\system32\winresume.efi
2019-10-08 19:35 - 2019-09-17 02:31 - 005552864 _____ (Microsoft Corporation) C:\Windows\system32\ntoskrnl.exe
2019-10-08 19:35 - 2019-09-17 02:31 - 001319496 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntdll.dll
2019-10-08 19:35 - 2019-09-17 02:31 - 000263904 _____ (Microsoft Corporation) C:\Windows\system32\hal.dll
2019-10-08 19:35 - 2019-09-17 02:31 - 000155360 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecpkg.sys
2019-10-08 19:35 - 2019-09-17 02:31 - 000096992 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecdd.sys
2019-10-08 19:35 - 2019-09-17 02:30 - 001670784 _____ (Microsoft Corporation) C:\Windows\system32\ntdll.dll
2019-10-08 19:35 - 2019-09-17 02:29 - 001114112 _____ (Microsoft Corporation) C:\Windows\SysWOW64\kernel32.dll
2019-10-08 19:35 - 2019-09-17 02:29 - 000834048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\user32.dll
2019-10-08 19:35 - 2019-09-17 02:29 - 000690688 _____ (Microsoft Corporation) C:\Windows\SysWOW64\adtschema.dll
2019-10-08 19:35 - 2019-09-17 02:29 - 000666112 _____ (Microsoft Corporation) C:\Windows\SysWOW64\rpcrt4.dll
2019-10-08 19:35 - 2019-09-17 02:29 - 000644096 _____ (Microsoft Corporation) C:\Windows\SysWOW64\advapi32.dll
2019-10-08 19:35 - 2019-09-17 02:29 - 000555520 _____ (Microsoft Corporation) C:\Windows\SysWOW64\kerberos.dll
2019-10-08 19:35 - 2019-09-17 02:29 - 000342528 _____ (Microsoft Corporation) C:\Windows\SysWOW64\certcli.dll
2019-10-08 19:35 - 2019-09-17 02:29 - 000275968 _____ (Microsoft Corporation) C:\Windows\SysWOW64\KernelBase.dll
2019-10-08 19:35 - 2019-09-17 02:29 - 000261632 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msv1_0.dll
2019-10-08 19:35 - 2019-09-17 02:29 - 000254464 _____ (Microsoft Corporation) C:\Windows\SysWOW64\schannel.dll
2019-10-08 19:35 - 2019-09-17 02:29 - 000223232 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ncrypt.dll
2019-10-08 19:35 - 2019-09-17 02:29 - 000172032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wdigest.dll
2019-10-08 19:35 - 2019-09-17 02:29 - 000146432 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msaudite.dll
2019-10-08 19:35 - 2019-09-17 02:29 - 000141312 _____ (Microsoft Corporation) C:\Windows\SysWOW64\rpchttp.dll
2019-10-08 19:35 - 2019-09-17 02:29 - 000096768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\sspicli.dll
2019-10-08 19:35 - 2019-09-17 02:29 - 000082944 _____ (Microsoft Corporation) C:\Windows\SysWOW64\bcrypt.dll
2019-10-08 19:35 - 2019-09-17 02:29 - 000070144 _____ (Microsoft Corporation) C:\Windows\SysWOW64\TSpkg.dll
2019-10-08 19:35 - 2019-09-17 02:29 - 000060416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msobjs.dll
2019-10-08 19:35 - 2019-09-17 02:29 - 000050688 _____ (Microsoft Corporation) C:\Windows\SysWOW64\appidapi.dll
2019-10-08 19:35 - 2019-09-17 02:29 - 000043008 _____ (Microsoft Corporation) C:\Windows\SysWOW64\srclient.dll
2019-10-08 19:35 - 2019-09-17 02:29 - 000022016 _____ (Microsoft Corporation) C:\Windows\SysWOW64\secur32.dll
2019-10-08 19:35 - 2019-09-17 02:29 - 000017408 _____ (Microsoft Corporation) C:\Windows\SysWOW64\credssp.dll
2019-10-08 19:35 - 2019-09-17 02:29 - 000007168 _____ (Microsoft Corporation) C:\Windows\SysWOW64\apisetschema.dll
2019-10-08 19:35 - 2019-09-17 02:29 - 000005120 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-file-l1-1-0.dll
2019-10-08 19:35 - 2019-09-17 02:29 - 000005120 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wow32.dll
2019-10-08 19:35 - 2019-09-17 02:29 - 000004608 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-processthreads-l1-1-0.dll
2019-10-08 19:35 - 2019-09-17 02:29 - 000004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-sysinfo-l1-1-0.dll
2019-10-08 19:35 - 2019-09-17 02:29 - 000004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-synch-l1-1-0.dll
2019-10-08 19:35 - 2019-09-17 02:29 - 000004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-misc-l1-1-0.dll
2019-10-08 19:35 - 2019-09-17 02:29 - 000004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-localregistry-l1-1-0.dll
2019-10-08 19:35 - 2019-09-17 02:29 - 000004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-localization-l1-1-0.dll
2019-10-08 19:35 - 2019-09-17 02:29 - 000003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-processenvironment-l1-1-0.dll
2019-10-08 19:35 - 2019-09-17 02:29 - 000003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-namedpipe-l1-1-0.dll
2019-10-08 19:35 - 2019-09-17 02:29 - 000003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-memory-l1-1-0.dll
2019-10-08 19:35 - 2019-09-17 02:29 - 000003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-libraryloader-l1-1-0.dll
2019-10-08 19:35 - 2019-09-17 02:29 - 000003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-interlocked-l1-1-0.dll
2019-10-08 19:35 - 2019-09-17 02:29 - 000003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-heap-l1-1-0.dll
2019-10-08 19:35 - 2019-09-17 02:29 - 000003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-string-l1-1-0.dll
2019-10-08 19:35 - 2019-09-17 02:29 - 000003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-rtlsupport-l1-1-0.dll
2019-10-08 19:35 - 2019-09-17 02:29 - 000003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-profile-l1-1-0.dll
2019-10-08 19:35 - 2019-09-17 02:29 - 000003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-io-l1-1-0.dll
2019-10-08 19:35 - 2019-09-17 02:29 - 000003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-handle-l1-1-0.dll
2019-10-08 19:35 - 2019-09-17 02:29 - 000003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-fibers-l1-1-0.dll
2019-10-08 19:35 - 2019-09-17 02:29 - 000003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-errorhandling-l1-1-0.dll
2019-10-08 19:35 - 2019-09-17 02:29 - 000003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-delayload-l1-1-0.dll
2019-10-08 19:35 - 2019-09-17 02:29 - 000003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-debug-l1-1-0.dll
2019-10-08 19:35 - 2019-09-17 02:29 - 000003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-datetime-l1-1-0.dll
2019-10-08 19:35 - 2019-09-17 02:29 - 000003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-console-l1-1-0.dll
2019-10-08 19:35 - 2019-09-17 02:28 - 001472512 _____ (Microsoft Corporation) C:\Windows\system32\lsasrv.dll
2019-10-08 19:35 - 2019-09-17 02:28 - 001211392 _____ (Microsoft Corporation) C:\Windows\system32\rpcrt4.dll
2019-10-08 19:35 - 2019-09-17 02:28 - 001162752 _____ (Microsoft Corporation) C:\Windows\system32\kernel32.dll
2019-10-08 19:35 - 2019-09-17 02:28 - 000880640 _____ (Microsoft Corporation) C:\Windows\system32\advapi32.dll
2019-10-08 19:35 - 2019-09-17 02:28 - 000733184 _____ (Microsoft Corporation) C:\Windows\system32\kerberos.dll
2019-10-08 19:35 - 2019-09-17 02:28 - 000690688 _____ (Microsoft Corporation) C:\Windows\system32\adtschema.dll
2019-10-08 19:35 - 2019-09-17 02:28 - 000503808 _____ (Microsoft Corporation) C:\Windows\system32\srcore.dll
2019-10-08 19:35 - 2019-09-17 02:28 - 000463872 _____ (Microsoft Corporation) C:\Windows\system32\certcli.dll
2019-10-08 19:35 - 2019-09-17 02:28 - 000408576 _____ (Microsoft Corporation) C:\Windows\system32\KernelBase.dll
2019-10-08 19:35 - 2019-09-17 02:28 - 000361984 _____ (Microsoft Corporation) C:\Windows\system32\wow64win.dll
2019-10-08 19:35 - 2019-09-17 02:28 - 000345600 _____ (Microsoft Corporation) C:\Windows\system32\schannel.dll
2019-10-08 19:35 - 2019-09-17 02:28 - 000312320 _____ (Microsoft Corporation) C:\Windows\system32\ncrypt.dll
2019-10-08 19:35 - 2019-09-17 02:28 - 000243712 _____ (Microsoft Corporation) C:\Windows\system32\wow64.dll
2019-10-08 19:35 - 2019-09-17 02:28 - 000236032 _____ (Microsoft Corporation) C:\Windows\system32\srvsvc.dll
2019-10-08 19:35 - 2019-09-17 02:28 - 000215552 _____ (Microsoft Corporation) C:\Windows\system32\winsrv.dll
2019-10-08 19:35 - 2019-09-17 02:28 - 000210432 _____ (Microsoft Corporation) C:\Windows\system32\wdigest.dll
2019-10-08 19:35 - 2019-09-17 02:28 - 000190464 _____ (Microsoft Corporation) C:\Windows\system32\rpchttp.dll
2019-10-08 19:35 - 2019-09-17 02:28 - 000146432 _____ (Microsoft Corporation) C:\Windows\system32\msaudite.dll
2019-10-08 19:35 - 2019-09-17 02:28 - 000135680 _____ (Microsoft Corporation) C:\Windows\system32\sspicli.dll
2019-10-08 19:35 - 2019-09-17 02:28 - 000123904 _____ (Microsoft Corporation) C:\Windows\system32\bcrypt.dll
2019-10-08 19:35 - 2019-09-17 02:28 - 000094208 _____ (Microsoft Corporation) C:\Windows\system32\TSpkg.dll
2019-10-08 19:35 - 2019-09-17 02:28 - 000063488 _____ (Microsoft Corporation) C:\Windows\system32\setbcdlocale.dll
2019-10-08 19:35 - 2019-09-17 02:28 - 000060416 _____ (Microsoft Corporation) C:\Windows\system32\msobjs.dll
2019-10-08 19:35 - 2019-09-17 02:28 - 000059904 _____ (Microsoft Corporation) C:\Windows\system32\appidapi.dll
2019-10-08 19:35 - 2019-09-17 02:28 - 000050176 _____ (Microsoft Corporation) C:\Windows\system32\srclient.dll
2019-10-08 19:35 - 2019-09-17 02:28 - 000044032 _____ (Microsoft Corporation) C:\Windows\system32\csrsrv.dll
2019-10-08 19:35 - 2019-09-17 02:28 - 000043520 _____ (Microsoft Corporation) C:\Windows\system32\cryptbase.dll
2019-10-08 19:35 - 2019-09-17 02:28 - 000034816 _____ (Microsoft Corporation) C:\Windows\system32\appidsvc.dll
2019-10-08 19:35 - 2019-09-17 02:28 - 000028672 _____ (Microsoft Corporation) C:\Windows\system32\sspisrv.dll
2019-10-08 19:35 - 2019-09-17 02:28 - 000028160 _____ (Microsoft Corporation) C:\Windows\system32\secur32.dll
2019-10-08 19:35 - 2019-09-17 02:28 - 000022016 _____ (Microsoft Corporation) C:\Windows\system32\credssp.dll
2019-10-08 19:35 - 2019-09-17 02:28 - 000016384 _____ (Microsoft Corporation) C:\Windows\system32\ntvdm64.dll
2019-10-08 19:35 - 2019-09-17 02:28 - 000013312 _____ (Microsoft Corporation) C:\Windows\system32\wow64cpu.dll
2019-10-08 19:35 - 2019-09-17 02:28 - 000013312 _____ (Microsoft Corporation) C:\Windows\system32\sscore.dll
2019-10-08 19:35 - 2019-09-17 02:28 - 000007168 _____ (Microsoft Corporation) C:\Windows\system32\apisetschema.dll
2019-10-08 19:35 - 2019-09-17 02:28 - 000006144 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-security-base-l1-1-0.dll
2019-10-08 19:35 - 2019-09-17 02:28 - 000005120 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-file-l1-1-0.dll
2019-10-08 19:35 - 2019-09-17 02:28 - 000004608 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-threadpool-l1-1-0.dll
2019-10-08 19:35 - 2019-09-17 02:28 - 000004608 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-processthreads-l1-1-0.dll
2019-10-08 19:35 - 2019-09-17 02:28 - 000004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-sysinfo-l1-1-0.dll
2019-10-08 19:35 - 2019-09-17 02:28 - 000004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-synch-l1-1-0.dll
2019-10-08 19:35 - 2019-09-17 02:28 - 000004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-localregistry-l1-1-0.dll
2019-10-08 19:35 - 2019-09-17 02:28 - 000004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-localization-l1-1-0.dll
2019-10-08 19:35 - 2019-09-17 02:28 - 000003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-rtlsupport-l1-1-0.dll
2019-10-08 19:35 - 2019-09-17 02:28 - 000003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-processenvironment-l1-1-0.dll
2019-10-08 19:35 - 2019-09-17 02:28 - 000003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-namedpipe-l1-1-0.dll
2019-10-08 19:35 - 2019-09-17 02:28 - 000003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-misc-l1-1-0.dll
2019-10-08 19:35 - 2019-09-17 02:28 - 000003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-memory-l1-1-0.dll
2019-10-08 19:35 - 2019-09-17 02:28 - 000003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-libraryloader-l1-1-0.dll
2019-10-08 19:35 - 2019-09-17 02:28 - 000003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-heap-l1-1-0.dll
2019-10-08 19:35 - 2019-09-17 02:28 - 000003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-xstate-l1-1-0.dll
2019-10-08 19:35 - 2019-09-17 02:28 - 000003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-util-l1-1-0.dll
2019-10-08 19:35 - 2019-09-17 02:28 - 000003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-string-l1-1-0.dll
2019-10-08 19:35 - 2019-09-17 02:28 - 000003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-profile-l1-1-0.dll
2019-10-08 19:35 - 2019-09-17 02:28 - 000003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-io-l1-1-0.dll
2019-10-08 19:35 - 2019-09-17 02:28 - 000003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-interlocked-l1-1-0.dll
2019-10-08 19:35 - 2019-09-17 02:28 - 000003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-handle-l1-1-0.dll
2019-10-08 19:35 - 2019-09-17 02:28 - 000003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-fibers-l1-1-0.dll
2019-10-08 19:35 - 2019-09-17 02:28 - 000003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-errorhandling-l1-1-0.dll
2019-10-08 19:35 - 2019-09-17 02:28 - 000003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-delayload-l1-1-0.dll
2019-10-08 19:35 - 2019-09-17 02:28 - 000003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-debug-l1-1-0.dll
2019-10-08 19:35 - 2019-09-17 02:28 - 000003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-datetime-l1-1-0.dll
2019-10-08 19:35 - 2019-09-17 02:28 - 000003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-console-l1-1-0.dll
2019-10-08 19:35 - 2019-09-17 02:04 - 000009728 _____ (Microsoft Corporation) C:\Windows\SysWOW64\sscore.dll
2019-10-08 19:35 - 2019-09-17 02:03 - 000050688 _____ (Microsoft Corporation) C:\Windows\SysWOW64\auditpol.exe
2019-10-08 19:35 - 2019-09-17 02:00 - 000148480 _____ (Microsoft Corporation) C:\Windows\system32\appidpolicyconverter.exe
2019-10-08 19:35 - 2019-09-17 02:00 - 000062464 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\appid.sys
2019-10-08 19:35 - 2019-09-17 02:00 - 000017920 _____ (Microsoft Corporation) C:\Windows\system32\appidcertstorecheck.exe
2019-10-08 19:35 - 2019-09-17 01:59 - 000064512 _____ (Microsoft Corporation) C:\Windows\system32\auditpol.exe
2019-10-08 19:35 - 2019-09-17 01:59 - 000025600 _____ (Microsoft Corporation) C:\Windows\SysWOW64\setup16.exe
2019-10-08 19:35 - 2019-09-17 01:59 - 000014336 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntvdm64.dll
2019-10-08 19:35 - 2019-09-17 01:59 - 000007680 _____ (Microsoft Corporation) C:\Windows\SysWOW64\instnm.exe
2019-10-08 19:35 - 2019-09-17 01:59 - 000002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\user.exe
2019-10-08 19:35 - 2019-09-17 01:57 - 000036352 _____ (Microsoft Corporation) C:\Windows\SysWOW64\cryptbase.dll
2019-10-08 19:35 - 2019-09-17 01:57 - 000006144 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-security-base-l1-1-0.dll
2019-10-08 19:35 - 2019-09-17 01:57 - 000004608 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-threadpool-l1-1-0.dll
2019-10-08 19:35 - 2019-09-17 01:57 - 000003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-xstate-l1-1-0.dll
2019-10-08 19:35 - 2019-09-17 01:57 - 000003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-util-l1-1-0.dll
2019-10-08 19:35 - 2019-09-17 01:56 - 000338432 _____ (Microsoft Corporation) C:\Windows\system32\conhost.exe
2019-10-08 19:35 - 2019-09-17 01:56 - 000129536 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\videoprt.sys
2019-10-08 19:35 - 2019-09-17 01:55 - 000296960 _____ (Microsoft Corporation) C:\Windows\system32\rstrui.exe
2019-10-08 19:35 - 2019-09-17 01:53 - 000464384 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\srv.sys
2019-10-08 19:35 - 2019-09-17 01:53 - 000161280 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxsmb.sys
2019-10-08 19:35 - 2019-09-17 01:52 - 000406016 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\srv2.sys
2019-10-08 19:35 - 2019-09-17 01:52 - 000291328 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxsmb10.sys
2019-10-08 19:35 - 2019-09-17 01:52 - 000169984 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\srvnet.sys
2019-10-08 19:35 - 2019-09-17 01:52 - 000129536 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxsmb20.sys
2019-10-08 19:35 - 2019-09-17 01:51 - 000112640 _____ (Microsoft Corporation) C:\Windows\system32\smss.exe
2019-10-08 19:35 - 2019-09-17 01:51 - 000064512 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\amdk8.sys
2019-10-08 19:35 - 2019-09-17 01:51 - 000062464 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\intelppm.sys
2019-10-08 19:35 - 2019-09-17 01:51 - 000060928 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\processr.sys
2019-10-08 19:35 - 2019-09-17 01:51 - 000060928 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\amdppm.sys
2019-10-08 19:35 - 2019-09-17 01:51 - 000044544 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\npfs.sys
2019-10-08 19:35 - 2019-09-17 01:51 - 000030720 _____ (Microsoft Corporation) C:\Windows\system32\lsass.exe
2019-10-08 19:35 - 2019-09-17 00:13 - 000455392 _____ (Microsoft Corporation) C:\Windows\system32\ci.dll
2019-10-08 19:35 - 2019-09-11 04:56 - 000353792 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msrd3x40.dll
2019-10-08 19:35 - 2019-09-11 04:56 - 000241152 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msltus40.dll
2019-10-08 19:35 - 2019-09-10 02:27 - 000320512 _____ (Microsoft Corporation) C:\Windows\SysWOW64\Faultrep.dll
2019-10-08 19:35 - 2019-09-10 02:27 - 000160256 _____ (Microsoft Corporation) C:\Windows\SysWOW64\werui.dll
2019-10-08 19:35 - 2019-09-10 02:24 - 000355328 _____ (Microsoft Corporation) C:\Windows\system32\Faultrep.dll
2019-10-08 19:35 - 2019-09-10 02:24 - 000174080 _____ (Microsoft Corporation) C:\Windows\system32\werui.dll
2019-10-08 19:35 - 2019-09-10 02:24 - 000086016 _____ (Microsoft Corporation) C:\Windows\system32\wercplsupport.dll
2019-10-08 19:35 - 2019-09-10 02:24 - 000034304 _____ (Microsoft Corporation) C:\Windows\system32\werdiagcontroller.dll
2019-10-08 19:35 - 2019-09-10 02:00 - 000361472 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WerFault.exe
2019-10-08 19:35 - 2019-09-10 02:00 - 000130048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\DWWIN.EXE
2019-10-08 19:35 - 2019-09-10 02:00 - 000054272 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wermgr.exe
2019-10-08 19:35 - 2019-09-10 02:00 - 000028672 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WerFaultSecure.exe
2019-10-08 19:35 - 2019-09-10 02:00 - 000028672 _____ (Microsoft Corporation) C:\Windows\SysWOW64\werdiagcontroller.dll
2019-10-08 19:35 - 2019-09-10 01:53 - 000152576 _____ (Microsoft Corporation) C:\Windows\system32\DWWIN.EXE
2019-10-08 19:35 - 2019-09-10 01:53 - 000050688 _____ (Microsoft Corporation) C:\Windows\system32\wermgr.exe
2019-10-08 19:35 - 2019-09-10 01:53 - 000026112 _____ (Microsoft Corporation) C:\Windows\system32\WerFaultSecure.exe
2019-10-08 19:35 - 2019-09-10 01:52 - 000030208 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\monitor.sys
2019-10-08 19:35 - 2019-09-10 01:49 - 000317440 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\rdbss.sys
2019-10-03 09:05 - 2019-10-03 09:00 - 000236024 _____ (AVAST Software) C:\Windows\system32\Drivers\aswStm.sys
2019-10-03 09:05 - 2019-10-03 09:00 - 000171520 _____ (AVAST Software) C:\Windows\system32\Drivers\aswMonFlt.sys
2019-10-03 09:05 - 2019-10-03 08:59 - 000355720 _____ (AVAST Software) C:\Windows\system32\aswBoot.exe
 
==================== One month (modified) ==================
 
(If an entry is included in the fixlist, the file/folder will be moved.)
 
2019-10-30 19:04 - 2009-07-14 04:45 - 000021888 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2019-10-30 19:04 - 2009-07-14 04:45 - 000021888 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2019-10-30 19:01 - 2009-07-14 05:13 - 000781790 _____ C:\Windows\system32\PerfStringBackup.INI
2019-10-30 19:01 - 2009-07-14 03:20 - 000000000 ____D C:\Windows\inf
2019-10-30 18:58 - 2018-01-08 20:25 - 000000908 _____ C:\Windows\Tasks\DropboxUpdateTaskMachineUA.job
2019-10-30 18:57 - 2018-07-14 20:19 - 000000000 ____D C:\Users\lenovo\AppData\Local\AVAST Software
2019-10-30 18:54 - 2018-01-08 20:25 - 000000904 _____ C:\Windows\Tasks\DropboxUpdateTaskMachineCore.job
2019-10-30 18:54 - 2018-01-08 16:29 - 000000000 ____D C:\Program Files (x86)\Mozilla Maintenance Service
2019-10-30 18:54 - 2009-07-14 05:08 - 000000006 ____H C:\Windows\Tasks\SA.DAT
2019-10-30 17:07 - 2018-01-08 16:29 - 000000000 ____D C:\Users\lenovo\AppData\LocalLow\Mozilla
2019-10-30 16:54 - 2018-02-25 20:54 - 000241152 ___SH C:\Users\lenovo\Documents\Thumbs.db
2019-10-30 16:48 - 2018-03-28 08:44 - 000000000 ____D C:\Users\lenovo\AppData\Roaming\Syncios Data Transfer
2019-10-30 09:56 - 2019-04-07 07:58 - 000002226 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk
2019-10-30 09:56 - 2019-04-07 07:58 - 000002185 _____ C:\Users\Public\Desktop\Google Chrome.lnk
2019-10-30 09:56 - 2019-04-07 07:58 - 000002185 _____ C:\ProgramData\Desktop\Google Chrome.lnk
2019-10-30 09:41 - 2017-11-30 07:15 - 000777216 ___SH C:\Users\lenovo\Desktop\Thumbs.db
2019-10-30 09:39 - 2018-01-10 20:50 - 115388416 _____ C:\Windows\system32\config\SOFTWARE.iodefrag.bak
2019-10-30 09:39 - 2018-01-10 20:50 - 000917504 _____ C:\Windows\system32\config\DEFAULT.iodefrag.bak
2019-10-30 09:39 - 2018-01-10 20:50 - 000065536 _____ C:\Windows\system32\config\SAM.iodefrag.bak
2019-10-30 09:39 - 2018-01-10 20:50 - 000028672 _____ C:\Windows\system32\config\SECURITY.iodefrag.bak
2019-10-29 21:35 - 2018-01-08 17:19 - 000000000 ____D C:\ProgramData\AVAST Software
2019-10-29 12:11 - 2019-09-09 06:33 - 000002122 _____ C:\Users\Public\Desktop\IObit Software Updater.lnk
2019-10-29 12:11 - 2019-09-09 06:33 - 000002122 _____ C:\ProgramData\Desktop\IObit Software Updater.lnk
2019-10-28 09:26 - 2018-01-08 17:20 - 000004168 _____ C:\Windows\system32\Tasks\Avast Emergency Update
2019-10-27 21:08 - 2016-12-04 13:00 - 000385024 ___SH C:\Users\lenovo\Downloads\Thumbs.db
2019-10-27 20:13 - 2018-10-29 09:42 - 000000000 ____D C:\ProgramData\regid.1991-06.com.microsoft
2019-10-27 20:13 - 2009-07-14 03:20 - 000000000 ____D C:\Program Files\Common Files\Microsoft Shared
2019-10-27 20:11 - 2018-01-08 18:39 - 000000000 ____D C:\Program Files\Microsoft Office
2019-10-25 09:05 - 2009-07-14 03:20 - 000000000 ____D C:\Windows\rescache
2019-10-25 08:25 - 2018-04-25 13:04 - 051224576 _____ C:\Windows\system32\config\components.iodefrag.bak
2019-10-25 08:05 - 2018-01-08 17:17 - 000000000 ____D C:\ProgramData\ProductData
2019-10-23 21:22 - 2018-11-04 19:17 - 000000000 ____D C:\Users\lenovo\Desktop\poems for buzz
2019-10-23 19:53 - 2018-11-21 15:09 - 000004194 _____ C:\Windows\system32\Tasks\Avast Cleanup Update
2019-10-23 19:46 - 2019-07-04 07:08 - 000004188 _____ C:\Windows\system32\Tasks\Avast SecureLine VPN Update
2019-10-19 19:57 - 2018-09-16 13:26 - 000000000 ____D C:\Users\lenovo\Documents\M Miller Quiz
2019-10-19 16:00 - 2018-01-08 16:50 - 000000000 ___SD C:\Windows\system32\CompatTel
2019-10-19 16:00 - 2018-01-08 16:50 - 000000000 ____D C:\Windows\system32\appraiser
2019-10-19 13:13 - 2018-01-08 20:25 - 000000000 ____D C:\Users\lenovo\AppData\Local\Dropbox
2019-10-19 13:10 - 2018-01-08 20:25 - 000000000 ____D C:\Program Files (x86)\Dropbox
2019-10-17 09:09 - 2018-01-08 20:27 - 000000000 ___RD C:\Users\lenovo\Dropbox
2019-10-11 13:33 - 2018-09-11 13:16 - 000000000 ____D C:\Users\lenovo\Documents\Beeford Buzz stuff
2019-10-11 13:18 - 2016-02-14 08:26 - 000000000 ____D C:\Users\lenovo\Documents\Accounts
2019-10-10 07:58 - 2018-10-29 10:51 - 000003178 _____ C:\Windows\system32\Tasks\OneDrive Standalone Update Task-S-1-5-21-3575293515-844785542-2696234256-1000
2019-10-10 07:58 - 2018-10-29 09:48 - 000002160 _____ C:\Users\lenovo\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Microsoft OneDrive.lnk
2019-10-10 07:58 - 2018-10-29 09:48 - 000000000 ___RD C:\Users\lenovo\OneDrive
2019-10-08 20:55 - 2019-08-12 16:03 - 000003376 _____ C:\Windows\system32\Tasks\SU_AutoUpdate
2019-10-08 20:12 - 2019-01-20 16:35 - 000441656 _____ C:\Windows\system32\FNTCACHE.DAT
2019-10-08 20:05 - 2009-07-14 03:20 - 000000000 ____D C:\Windows\PolicyDefinitions
2019-10-08 20:00 - 2017-12-14 11:10 - 000766100 _____ C:\Windows\SysWOW64\PerfStringBackup.INI
2019-10-08 19:59 - 2017-12-14 13:18 - 000000000 ____D C:\Windows\system32\MRT
2019-10-08 19:54 - 2017-12-14 13:18 - 127230528 ____C (Microsoft Corporation) C:\Windows\system32\MRT.exe
2019-10-08 19:11 - 2019-04-07 07:58 - 000003334 _____ C:\Windows\system32\Tasks\GoogleUpdateTaskMachineUA
2019-10-08 19:11 - 2019-04-07 07:58 - 000003206 _____ C:\Windows\system32\Tasks\GoogleUpdateTaskMachineCore
2019-10-08 19:11 - 2018-01-08 17:21 - 000000000 ____D C:\Program Files (x86)\Google
2019-10-03 09:08 - 2018-01-08 17:20 - 000848432 _____ (AVAST Software) C:\Windows\system32\Drivers\aswSnx.sys
2019-10-03 09:08 - 2018-01-08 17:20 - 000460448 _____ (AVAST Software) C:\Windows\system32\Drivers\aswSP.sys
2019-10-03 09:00 - 2019-02-14 13:55 - 000276952 _____ (AVAST Software) C:\Windows\system32\Drivers\aswHdsKe.sys
2019-10-03 09:00 - 2018-10-20 15:43 - 000042736 _____ (AVAST Software) C:\Windows\system32\Drivers\aswKbd.sys
2019-10-03 09:00 - 2018-01-08 17:20 - 000316528 _____ (AVAST Software) C:\Windows\system32\Drivers\aswVmm.sys
2019-10-03 09:00 - 2018-01-08 17:20 - 000110320 _____ (AVAST Software) C:\Windows\system32\Drivers\aswRdr2.sys
2019-10-03 09:00 - 2018-01-08 17:20 - 000083792 _____ (AVAST Software) C:\Windows\system32\Drivers\aswRvrt.sys
2019-10-03 08:59 - 2019-01-14 14:29 - 000274456 _____ (AVAST Software) C:\Windows\system32\Drivers\aswbidsdriver.sys
2019-10-03 08:59 - 2019-01-05 17:02 - 000209552 _____ (AVAST Software) C:\Windows\system32\Drivers\aswbidsh.sys
2019-10-03 08:59 - 2019-01-05 17:02 - 000065120 _____ (AVAST Software) C:\Windows\system32\Drivers\aswbuniv.sys
2019-10-03 08:59 - 2019-01-05 17:02 - 000037616 _____ (AVAST Software) C:\Windows\system32\Drivers\aswArDisk.sys
2019-10-03 08:59 - 2018-01-08 17:20 - 000204824 _____ (AVAST Software) C:\Windows\system32\Drivers\aswArPot.sys
 
==================== SigCheck ============================
 
(There is no automatic fix for files that do not pass verification.)
 
 
LastRegBack: 2019-10-21 19:52
==================== End of FRST.txt ========================
 
Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 30-10-2019
Ran by lenovo (administrator) on LENOVO-PC (LENOVO 7829E78) (30-10-2019 19:16:54)
Running from C:\Users\lenovo\Downloads
Loaded Profiles: lenovo (Available Profiles: lenovo)
Platform: Windows 7 Professional Service Pack 1 (X64) Language: English (United States)
Internet Explorer Version 11 (Default browser: Chrome)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo...very-scan-tool/
 
==================== Processes (Whitelisted) =================
 
(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
 
(Avanquest Software SAS -> Avanquest Software) C:\Users\lenovo\AppData\Local\Avanquest\Avanquest Message\AQNotif.exe
(AVAST Software s.r.o. -> AVAST Software) C:\Program Files (x86)\AVAST Software\Avast Cleanup\TuneupSvc.exe
(AVAST Software s.r.o. -> AVAST Software) C:\Program Files\AVAST Software\Avast\aswidsagent.exe
(AVAST Software s.r.o. -> AVAST Software) C:\Program Files\AVAST Software\Avast\AvastSvc.exe
(AVAST Software s.r.o. -> AVAST Software) C:\Program Files\AVAST Software\Avast\AvastUI.exe
(AVAST Software s.r.o. -> AVAST Software) C:\Program Files\AVAST Software\SecureLine\Vpn.exe
(AVAST Software s.r.o. -> AVAST Software) C:\Program Files\AVAST Software\SecureLine\VpnSvc.exe
(Broadcom Corporation -> Broadcom Corporation.) C:\Program Files\ThinkPad\Bluetooth Software\btwdins.exe
(Dropbox, Inc -> Dropbox, Inc.) C:\Program Files (x86)\Dropbox\Client\Dropbox.exe
(Dropbox, Inc -> Dropbox, Inc.) C:\Program Files (x86)\Dropbox\Client\Dropbox.exe
(Dropbox, Inc -> Dropbox, Inc.) C:\Program Files (x86)\Dropbox\Client\Dropbox.exe
(Dropbox, Inc -> Dropbox, Inc.) C:\Windows\System32\DbxSvc.exe
(Dropbox, Inc -> The Qt Company Ltd.) C:\Program Files (x86)\Dropbox\Client\83.4.152\QtWebEngineProcess.exe
(Dropbox, Inc -> The Qt Company Ltd.) C:\Program Files (x86)\Dropbox\Client\83.4.152\QtWebEngineProcess.exe
(Dropbox, Inc -> The Qt Company Ltd.) C:\Program Files (x86)\Dropbox\Client\83.4.152\QtWebEngineProcess.exe
(Fortemedia Inc -> ) C:\Program Files\Realtek\Audio\HDA\FMAPP.exe
(Google Inc -> Google LLC) C:\Program Files (x86)\Google\Update\1.3.35.302\GoogleCrashHandler.exe
(Google Inc -> Google LLC) C:\Program Files (x86)\Google\Update\1.3.35.302\GoogleCrashHandler64.exe
(Google LLC -> Google LLC) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google LLC -> Google LLC) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google LLC -> Google LLC) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google LLC -> Google LLC) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google LLC -> Google LLC) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google LLC -> Google LLC) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google LLC -> Google LLC) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google LLC -> Google LLC) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google LLC -> Google LLC) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google LLC -> Google LLC) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google LLC -> Google LLC) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google LLC -> Google LLC) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google LLC -> Google LLC) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Intel Corporation - pGFX -> Intel Corporation) C:\Windows\System32\hkcmd.exe
(Intel Corporation -> Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe
(Intel Corporation -> Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe
(IObit Information Technology -> IObit) C:\Program Files (x86)\IObit\Advanced SystemCare\ASCService.exe
(IObit Information Technology -> IObit) C:\Program Files (x86)\IObit\Advanced SystemCare\ASCTray.exe
(IObit Information Technology -> IObit) C:\Program Files (x86)\IObit\Advanced SystemCare\Monitor.exe
(IObit Information Technology -> IObit) C:\Program Files (x86)\IObit\IObit Uninstaller\UninstallMonitor.exe
(IObit Information Technology -> IObit) C:\Program Files (x86)\IObit\Smart Defrag\Pub\PubMonitor.exe
(IObit Information Technology -> IObit) C:\Program Files (x86)\IObit\Smart Defrag\SmartDefrag.exe
(Lenovo -> ) C:\Program Files (x86)\Lenovo\System Update\SUService.exe
(Lenovo -> Lenovo) C:\Program Files\lenovo\Lenovo Solution Center\LSCNotify.exe
(Lenovo -> Lenovo.) C:\Windows\System32\ibmpmsvc.exe
(Lenovo -> Lenovo.) C:\Windows\System32\LPlatSvc.exe
(Lenovo -> Lenovo.) C:\Windows\System32\LPlatSvc.exe
(LENOVO(JAPAN)LTD. -> Lenovo Group Limited) C:\Program Files\lenovo\Communications Utility\TPKNRSVC.exe
(Microsoft Corporation -> Microsoft Corporation) C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exe
(Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\rundll32.exe
(Realtek Semiconductor Corp -> Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe
(Realtek Semiconductor Corp -> Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
(Realtek Semiconductor Corp -> Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RtkAudioService64.exe
(Synaptics Incorporated -> Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
(Synaptics Incorporated -> Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnhService.exe
(Synaptics Incorporated -> Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
(Synaptics Incorporated -> Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
(Wondershare software CO., LIMITED -> Wondershare) C:\Program Files (x86)\Common Files\Wondershare\Wondershare Helper Compact\WSHelper.exe
 
==================== Registry (Whitelisted) ===================
 
(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
 
HKLM\...\Run: [RTHDVCPL] => C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [12632168 2011-07-19] (Realtek Semiconductor Corp -> Realtek Semiconductor)
HKLM\...\Run: [AvastUI.exe] => C:\Program Files\AVAST Software\Avast\AvLaunch.exe [268680 2019-10-03] (AVAST Software s.r.o. -> AVAST Software)
HKLM-x32\...\Run: [Dropbox] => C:\Program Files (x86)\Dropbox\Client\Dropbox.exe [6210368 2019-10-15] (Dropbox, Inc -> Dropbox, Inc.)
HKLM-x32\...\Run: [Wondershare Helper Compact.exe] => C:\Program Files (x86)\Common Files\Wondershare\Wondershare Helper Compact\WSHelper.exe [2137744 2016-10-08] (Wondershare software CO., LIMITED -> Wondershare)
HKLM-x32\...\Run: [Syncios device service] => C:\Program Files (x86)\Anvsoft\Syncios\SynciosDeviceService.exe
HKLM\SOFTWARE\Policies\Microsoft\Windows Defender: Restriction <==== ATTENTION
HKU\S-1-5-21-3575293515-844785542-2696234256-1000\...\Run: [Avanquest Message] => C:\Users\lenovo\AppData\Local\Avanquest\Avanquest Message\AQNotif.exe********************************************************** [497664 2018-06-13] () [File not signed]
HKU\S-1-5-21-3575293515-844785542-2696234256-1000\...\Run: [Advanced SystemCare 12] => C:\Program Files (x86)\IObit\Advanced SystemCare\ASCTray.exe [3419920 2019-09-09] (IObit Information Technology -> IObit)
HKU\S-1-5-21-3575293515-844785542-2696234256-1000\...\Policies\Explorer: [NolowDiskSpaceChecks] 1
HKU\S-1-5-21-3575293515-844785542-2696234256-1000\...\MountPoints2: {ecad4994-319f-11e8-9cc2-e4d53dc927e4} - E:\OnePlus_setup.exe /s
HKLM\Software\Microsoft\Active Setup\Installed Components: [{8A69D345-D564-463c-AFF1-A69D9E530F96}] -> C:\Program Files (x86)\Google\Chrome\Application\78.0.3904.70\Installer\chrmstp.exe [2019-10-30] (Google LLC -> Google LLC)
HKLM\Software\Wow6432Node\Microsoft\Active Setup\Installed Components: [{8A69D345-D564-463c-AFF1-A69D9E530F96}] -> "C:\Program Files (x86)\Google\Chrome\Application\63.0.3239.132\Installer\chrmstp.exe" --configure-user-settings --verbose-logging --system-level
HKLM\Software\...\Authentication\Credential Providers: [{50968FF7-10C1-4fb3-98B0-CD654D6CB97E}] -> C:\Program Files\ThinkPad\Bluetooth Software\\BtwCP.dll [2013-05-14] (Broadcom Corporation -> Broadcom Corporation.)
HKLM\Software\...\Authentication\Credential Providers: [{D28973E5-8630-41af-8831-50A15FEB396B}] -> C:\Program Files\ThinkPad\Bluetooth Software\BtwProximityCP.dll [2013-05-14] (Broadcom Corporation -> Broadcom Corporation.)
Lsa: [Notification Packages] scecli C:\Program Files\ThinkPad\Bluetooth Software\BtwProximityCP.dll
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Avast SecureLine VPN.lnk [2019-07-04]
ShortcutTarget: Avast SecureLine VPN.lnk -> C:\Program Files\AVAST Software\SecureLine\Vpn.exe (AVAST Software s.r.o. -> AVAST Software)
GroupPolicy: Restriction ? <==== ATTENTION
FF HKLM\SOFTWARE\Policies\Mozilla\Firefox: Restriction <==== ATTENTION
CHR HKLM\SOFTWARE\Policies\Google: Restriction <==== ATTENTION
 
==================== Scheduled Tasks (Whitelisted) ============
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
Task: {000F42F7-CC96-476C-96D1-011E098AF4D5} - System32\Tasks\Microsoft\Office\Office Subscription Maintenance => C:\Program Files\Microsoft Office\root\vfs\ProgramFilesCommonx64\Microsoft Shared\Office16\OLicenseHeartbeat.exe [2349384 2019-10-26] (Microsoft Corporation -> Microsoft Corporation)
Task: {16AE906E-DA07-47B4-B096-041DCC25704E} - System32\Tasks\SmartDefrag_Update => C:\Program Files (x86)\IObit\Smart Defrag\AutoUpdate.exe [3007760 2019-04-24] (IObit Information Technology -> IObit)
Task: {27BBF342-C624-42AD-BFE8-5955E0DB9C2D} - System32\Tasks\TVT\TVSUUpdateTask => C:\Program Files (x86)\Lenovo\System Update\tvsuShim.exe [1758488 2019-08-01] (Lenovo -> )
Task: {2F9C9FA5-B113-42C3-8EDF-0FDE660A37C1} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [156456 2019-04-07] (Google Inc -> Google LLC)
Task: {30B17F2F-4BFA-4742-86EE-0828E5F1F0E3} - System32\Tasks\Microsoft\Office\Office Automatic Updates 2.0 => C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeC2RClient.exe [27289376 2019-10-18] (Microsoft Corporation -> Microsoft Corporation)
Task: {59B54144-72DD-47D1-A8DC-A6BB657B4356} - System32\Tasks\Driver Booster Scheduler => C:\Program Files (x86)\IObit\Driver Booster\7.0.2\Scheduler.exe [149776 2019-09-24] (IObit Information Technology -> IObit)
Task: {5F59DDAC-DD8C-4BC8-A0FD-D9BDCDDC03A8} - System32\Tasks\Avast SecureLine VPN Update => C:\Program Files\AVAST Software\SecureLine\VpnUpdate.exe [1390472 2019-10-23] (AVAST Software s.r.o. -> AVAST Software)
Task: {603620E6-D74D-4006-AF23-050DD2D9F004} - System32\Tasks\Driver Booster SkipUAC (lenovo) => C:\Program Files (x86)\IObit\Driver Booster\7.0.2\DriverBooster.exe [7656208 2019-09-24] (IObit Information Technology -> IObit)
Task: {6D2689AF-F3A3-4F20-9162-331B332B9816} - System32\Tasks\Microsoft\Office\Office Feature Updates Logon => C:\Program Files\Microsoft Office\root\Office16\sdxhelper.exe [156432 2019-10-26] (Microsoft Corporation -> Microsoft Corporation)
Task: {703B9994-089A-4AD5-B744-CFA2FE340694} - System32\Tasks\SmartDefrag_AutoAnalyze => C:\Program Files (x86)\IObit\Smart Defrag\AutoDefrag.exe [314128 2018-05-02] (IObit Information Technology -> IObit)
Task: {883A5D6F-215A-413C-8136-2ABA60C65C21} - System32\Tasks\ASC12_PerformanceMonitor => C:\Program Files (x86)\IObit\Advanced SystemCare\Monitor.exe [3164944 2019-08-28] (IObit Information Technology -> IObit)
Task: {89AA6146-567B-45D0-8D0D-68F0031C497D} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [156456 2019-04-07] (Google Inc -> Google LLC)
Task: {8BEF58DC-D3D4-4ADC-AF50-2CFA0DF6326D} - System32\Tasks\Microsoft\Office\OfficeBackgroundTaskHandlerLogon => C:\Program Files\Microsoft Office\root\Office16\officebackgroundtaskhandler.exe [2170264 2019-10-26] (Microsoft Corporation -> Microsoft Corporation)
Task: {8ED8C46D-0CB9-4485-B6D8-88A90FC7E78D} - System32\Tasks\Avast Cleanup Update => C:\Program Files (x86)\AVAST Software\Avast Cleanup\TUNEUpdate.exe [1659000 2019-07-27] (AVAST Software s.r.o. -> AVAST Software)
Task: {8F32B1A8-07EA-40EC-BE2D-59917B8770DA} - System32\Tasks\DropboxUpdateTaskMachineCore => C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe [143144 2018-01-08] (Dropbox, Inc -> Dropbox, Inc.)
Task: {8F37DF7C-4BFF-4C61-9121-3360DBB56465} - System32\Tasks\Avast Emergency Update => C:\Program Files\AVAST Software\Avast\AvEmUpdate.exe [3933576 2019-10-03] (AVAST Software s.r.o. -> AVAST Software)
Task: {953C6A88-37CE-4D2F-A567-76922F9EC4B6} - System32\Tasks\Microsoft\Office\Office ClickToRun Service Monitor => C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeC2RClient.exe [27289376 2019-10-18] (Microsoft Corporation -> Microsoft Corporation)
Task: {963132F7-BA95-41FF-AD60-B27FF0A52188} - System32\Tasks\HPCustParticipation HP DeskJet 3630 series => C:\Program Files\HP\HP DeskJet 3630 series\Bin\HPCustPartic.exe [6438536 2017-02-08] (Hewlett Packard -> HP Inc.)
Task: {9770CE64-9EB7-429D-A5F1-28A2C7E8CCBA} - System32\Tasks\Uninstaller_SkipUac_lenovo => C:\Program Files (x86)\IObit\IObit Uninstaller\IObitUninstaler.exe [5900560 2019-09-10] (IObit Information Technology -> IObit)
Task: {9F6AF851-C8AD-4AFC-9EB5-E6D43FA1F6AF} - System32\Tasks\Software Updater SkipUAC(lenovo) => C:\Program Files (x86)\IObit\Software Updater\SoftwareUpdater.exe [4177680 2019-08-23] (IObit Information Technology -> IObit) <==== ATTENTION
Task: {A8A89EEC-0B38-4195-AAE3-22E465139F18} - System32\Tasks\TVT\TVSUUpdateTask_UserLogOn => C:\Program Files (x86)\Lenovo\System Update\tvsuShim.exe [1758488 2019-08-01] (Lenovo -> )
Task: {B2530848-2184-48D2-8816-BB32DCC5B7A3} - System32\Tasks\SmartDefrag_Startup => C:\Program Files (x86)\IObit\Smart Defrag\SmartDefrag.exe [5849872 2019-07-05] (IObit Information Technology -> IObit)
Task: {BB8D3D5A-8F5E-492C-B25D-D17D8E62BACB} - System32\Tasks\ASC12_SkipUac_lenovo => C:\Program Files (x86)\IObit\Advanced SystemCare\ASC.exe [8737040 2019-09-09] (IObit Information Technology -> IObit)
Task: {CD0E2D8C-EA54-4278-BF91-7E22FB8106DA} - System32\Tasks\Lenovo\Lenovo Solution Center Launcher => C:\Program Files\Lenovo\Lenovo Solution Center\App\LSC.Services.UpdateStatusService.exe [264984 2017-06-09] (Lenovo -> )
Task: {D6C03FC2-0E94-4B46-96E5-6F7B817AF0FB} - System32\Tasks\GarminUpdaterTask => C:\Program Files (x86)\Garmin\Express SelfUpdater\ExpressSelfUpdater.exe [39920 2018-10-24] (Garmin International, Inc. -> )
Task: {E51E9B54-E78B-4B2E-90CE-B1E6D4E5EB23} - System32\Tasks\DropboxUpdateTaskMachineUA => C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe [143144 2018-01-08] (Dropbox, Inc -> Dropbox, Inc.)
Task: {E610A486-5EFF-4EAD-B8EB-A79031401E15} - System32\Tasks\Microsoft\Office\Office Feature Updates => C:\Program Files\Microsoft Office\root\Office16\sdxhelper.exe [156432 2019-10-26] (Microsoft Corporation -> Microsoft Corporation)
Task: {E9F09F56-5771-4B49-A34D-01091F438693} - System32\Tasks\Microsoft\Office\OfficeBackgroundTaskHandlerRegistration => C:\Program Files\Microsoft Office\root\Office16\officebackgroundtaskhandler.exe [2170264 2019-10-26] (Microsoft Corporation -> Microsoft Corporation)
Task: {EDBE8AF9-9EB8-4F7A-B266-F019EEDB8249} - System32\Tasks\Software Updater Scheduler => C:\Program Files (x86)\IObit\Software Updater\SUInit.exe [1791248 2019-08-16] (IObit Information Technology -> IObit Software updater) <==== ATTENTION
Task: {EDCD1D72-E631-4920-82F6-93B3FCED2EEE} - System32\Tasks\SU_AutoUpdate => C:\Program Files (x86)\IObit\Software Updater\SoftwareUpdater.exe [4177680 2019-08-23] (IObit Information Technology -> IObit)
Task: {F2C32B0D-F054-4184-83EE-E8F2F25A1182} - System32\Tasks\Lenovo\LSC\LSCHardwareScan => C:\Program Files\Lenovo\Lenovo Solution Center\LSC.exe [10197784 2017-06-09] (Lenovo -> Lenovo)
Task: {FA94A395-BF47-458B-A103-E9191925796D} - System32\Tasks\Synaptics TouchPad Enhancements => \Program Files\Synaptics\SynTP\SynTPEnh.exe [4378152 2019-06-27] (Synaptics Incorporated -> Synaptics Incorporated)
Task: {FADB819C-F4DC-4406-B2B6-42F7C96BADF9} - System32\Tasks\Lenovo\LSC\Lenovo Solution Center Notifications => C:\Program Files\Lenovo\Lenovo Solution Center\LSCNotify.exe [1321240 2017-06-09] (Lenovo -> Lenovo)
Task: {FBB0147C-21EF-4A47-B953-8EDC3C00922C} - System32\Tasks\Avast Software\Overseer => C:\Program Files\Common Files\Avast Software\Overseer\overseer.exe [1873288 2019-09-18] (AVAST Software s.r.o. -> AVAST Software)
 
(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)
 
Task: C:\Windows\Tasks\DropboxUpdateTaskMachineCore.job => C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe
Task: C:\Windows\Tasks\DropboxUpdateTaskMachineUA.job => C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe
 
==================== Internet (Whitelisted) ====================
 
(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
 
Tcpip\Parameters: [DhcpNameServer] 192.168.1.254
Tcpip\..\Interfaces\{7B3FE18B-0D6B-48C7-A516-5034C738F5A2}: [NameServer] 1.1.1.1,8.8.8.8
Tcpip\..\Interfaces\{7B3FE18B-0D6B-48C7-A516-5034C738F5A2}: [DhcpNameServer] 192.168.1.254
 
Internet Explorer:
==================
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = hxxps://uk.search.yahoo.com/yhs/web?hspart=iry&hsimp=yhs-fullyhosted_003&type=wncy_iobitfs_17_23&param1=1&param2=f%3D1%26b%3DIE%26cc%3Dgb%26pa%3Dwincy%26cd%3D2XzuyEtN2Y1L1Qzu0EtD0D0ByDyDzytDzz0E0Czz0B0F0EyDtN0D0Tzu0StCzyzztBtN1L2XzutAtFtBzytFtAtFyByDtN1L1Czu1ByEtN1L1G1B1V1N2Y1L1Qzu2StDtB0B0C0D0EtC0DtGtA0B0B0BtGtCzzyD0CtGtDyEyCyDtGtCtA0FzytByEtCyCyE0B0EtB2QtN1M1F1B2Z1V1N2Y1L1Qzu2S0CtAyDzyyCtBtC0DtG0BtAtBtBtGyEyEtBzztGzy0EtD0DtGyDtAzz0F0CtByCtByEyE0F0E2QtN0A0LzuyE%26cr%3D1833779635%26a%3Dwncy_iobitfs_17_23%26os_ver%3D6.1%26os%3DWindows%2B7%2BUltimate
HKU\S-1-5-21-3575293515-844785542-2696234256-1000\Software\Microsoft\Internet Explorer\Main,Search Page = hxxps://www.google.com/search?trackid=sp-006&q={searchTerms}
SearchScopes: HKLM -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxps://uk.search.yahoo.com/yhs/search?hspart=iry&hsimp=yhs-fullyhosted_003&type=wncy_iobitfs_16_41&param1=1&param2=f%3D4%26b%3DIE%26cc%3Dgb%26pa%3Dwincy%26cd%3D2XzuyEtN2Y1L1Qzu0EtD0D0ByDyDzytDzz0E0Czz0B0F0EyDtN0D0Tzu0StCyByEzztN1L2XzutAtFtByEtFtByCtFyDtDtN1L1Czu1ByEtN1L1G1B1V1N2Y1L1Qzu2SyD0EyEtCtA0FtAtCtGyCtC0DtDtG0F0B0AyBtGtC0AyByDtGtAtBzyyDtAtAtD0BtCtB0E0B2QtN1M1F1B2Z1V1N2Y1L1Qzu2S0CtAyDzyyCtBtC0DtG0BtAtBtBtGyEyEtBzztGzy0EtD0DtGyDtAzz0F0CtByCtByEyE0F0E2QtN0A0LzuyEtN1B2Z1V1T1S1NzutCtDyEzyyD%26cr%3D775398792%26a%3Dwncy_iobitfs_16_41%26os_ver%3D6.1%26os%3DWindows%2B7%2BUltimate&p={searchTerms}
SearchScopes: HKLM -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxps://uk.search.yahoo.com/yhs/search?hspart=iry&hsimp=yhs-fullyhosted_003&type=wncy_iobitfs_16_41&param1=1&param2=f%3D4%26b%3DIE%26cc%3Dgb%26pa%3Dwincy%26cd%3D2XzuyEtN2Y1L1Qzu0EtD0D0ByDyDzytDzz0E0Czz0B0F0EyDtN0D0Tzu0StCyByEzztN1L2XzutAtFtByEtFtByCtFyDtDtN1L1Czu1ByEtN1L1G1B1V1N2Y1L1Qzu2SyD0EyEtCtA0FtAtCtGyCtC0DtDtG0F0B0AyBtGtC0AyByDtGtAtBzyyDtAtAtD0BtCtB0E0B2QtN1M1F1B2Z1V1N2Y1L1Qzu2S0CtAyDzyyCtBtC0DtG0BtAtBtBtGyEyEtBzztGzy0EtD0DtGyDtAzz0F0CtByCtByEyE0F0E2QtN0A0LzuyEtN1B2Z1V1T1S1NzutCtDyEzyyD%26cr%3D775398792%26a%3Dwncy_iobitfs_16_41%26os_ver%3D6.1%26os%3DWindows%2B7%2BUltimate&p={searchTerms}
SearchScopes: HKLM -> {E9410C70-B6AE-41FF-AB71-32F4B279EA5F} URL = hxxps://uk.search.yahoo.com/yhs/search?hspart=iry&hsimp=yhs-fullyhosted_003&type=wncy_iobitfs_17_23&param1=1&param2=f%3D4%26b%3DIE%26cc%3Dgb%26pa%3Dwincy%26cd%3D2XzuyEtN2Y1L1Qzu0EtD0D0ByDyDzytDzz0E0Czz0B0F0EyDtN0D0Tzu0StCzyzztBtN1L2XzutAtFtBzytFtAtFyByDtN1L1Czu1ByEtN1L1G1B1V1N2Y1L1Qzu2StDtB0B0C0D0EtC0DtGtA0B0B0BtGtCzzyD0CtGtDyEyCyDtGtCtA0FzytByEtCyCyE0B0EtB2QtN1M1F1B2Z1V1N2Y1L1Qzu2S0CtAyDzyyCtBtC0DtG0BtAtBtBtGyEyEtBzztGzy0EtD0DtGyDtAzz0F0CtByCtByEyE0F0E2QtN0A0LzuyE%26cr%3D1833779635%26a%3Dwncy_iobitfs_17_23%26os_ver%3D6.1%26os%3DWindows%2B7%2BUltimate&p={searchTerms}
SearchScopes: HKLM-x32 -> DefaultScope {E9410C70-B6AE-41FF-AB71-32F4B279EA5F} URL = hxxps://uk.search.yahoo.com/yhs/search?hspart=iry&hsimp=yhs-fullyhosted_003&type=wncy_iobitfs_17_23&param1=1&param2=f%3D4%26b%3DIE%26cc%3Dgb%26pa%3Dwincy%26cd%3D2XzuyEtN2Y1L1Qzu0EtD0D0ByDyDzytDzz0E0Czz0B0F0EyDtN0D0Tzu0StCzyzztBtN1L2XzutAtFtBzytFtAtFyByDtN1L1Czu1ByEtN1L1G1B1V1N2Y1L1Qzu2StDtB0B0C0D0EtC0DtGtA0B0B0BtGtCzzyD0CtGtDyEyCyDtGtCtA0FzytByEtCyCyE0B0EtB2QtN1M1F1B2Z1V1N2Y1L1Qzu2S0CtAyDzyyCtBtC0DtG0BtAtBtBtGyEyEtBzztGzy0EtD0DtGyDtAzz0F0CtByCtByEyE0F0E2QtN0A0LzuyE%26cr%3D1833779635%26a%3Dwncy_iobitfs_17_23%26os_ver%3D6.1%26os%3DWindows%2B7%2BUltimate&p={searchTerms}
SearchScopes: HKLM-x32 -> {2211d4a5-48d0-47f5-a7cd-81e861470f7f} URL = hxxps://www.google.com/search?trackid=sp-006&q={searchTerms}
SearchScopes: HKLM-x32 -> {E9410C70-B6AE-41FF-AB71-32F4B279EA5F} URL = hxxps://uk.search.yahoo.com/yhs/search?hspart=iry&hsimp=yhs-fullyhosted_003&type=wncy_iobitfs_17_23&param1=1&param2=f%3D4%26b%3DIE%26cc%3Dgb%26pa%3Dwincy%26cd%3D2XzuyEtN2Y1L1Qzu0EtD0D0ByDyDzytDzz0E0Czz0B0F0EyDtN0D0Tzu0StCzyzztBtN1L2XzutAtFtBzytFtAtFyByDtN1L1Czu1ByEtN1L1G1B1V1N2Y1L1Qzu2StDtB0B0C0D0EtC0DtGtA0B0B0BtGtCzzyD0CtGtDyEyCyDtGtCtA0FzytByEtCyCyE0B0EtB2QtN1M1F1B2Z1V1N2Y1L1Qzu2S0CtAyDzyyCtBtC0DtG0BtAtBtBtGyEyEtBzztGzy0EtD0DtGyDtAzz0F0CtByCtByEyE0F0E2QtN0A0LzuyE%26cr%3D1833779635%26a%3Dwncy_iobitfs_17_23%26os_ver%3D6.1%26os%3DWindows%2B7%2BUltimate&p={searchTerms}
SearchScopes: HKU\S-1-5-21-3575293515-844785542-2696234256-1000 -> {2211d4a5-48d0-47f5-a7cd-81e861470f7f} URL = hxxps://www.google.com/search?trackid=sp-006&q={searchTerms}
SearchScopes: HKU\S-1-5-21-3575293515-844785542-2696234256-1000 -> {95B7759C-8C7F-4BF1-B163-73684A933233} URL = hxxps://mysearch.avg.com/search?cid={CB0D8B0E-F7AA-438B-B4C9-000BCA19CE75}&mid=85b852bd206147cdb185755e7761e5eb-38090134b81d7cd71d07cdcdf6f00aad59ab94a0&lang=en&ds=AVG&coid=avgtbavg&cmpid=0215pit&pr=fr&d=2015-04-29 12:41:36&v=4.1.0.411&pid=wtu&sg=&sap=dsp&q={searchTerms}
SearchScopes: HKU\S-1-5-21-3575293515-844785542-2696234256-1000 -> {E9410C70-B6AE-41FF-AB71-32F4B279EA5F} URL = hxxps://uk.search.yahoo.com/yhs/search?hspart=iry&hsimp=yhs-fullyhosted_003&type=wncy_iobitfs_17_23&param1=1&param2=f%3D4%26b%3DIE%26cc%3Dgb%26pa%3Dwincy%26cd%3D2XzuyEtN2Y1L1Qzu0EtD0D0ByDyDzytDzz0E0Czz0B0F0EyDtN0D0Tzu0StCzyzztBtN1L2XzutAtFtBzytFtAtFyByDtN1L1Czu1ByEtN1L1G1B1V1N2Y1L1Qzu2StDtB0B0C0D0EtC0DtGtA0B0B0BtGtCzzyD0CtGtDyEyCyDtGtCtA0FzytByEtCyCyE0B0EtB2QtN1M1F1B2Z1V1N2Y1L1Qzu2S0CtAyDzyyCtBtC0DtG0BtAtBtBtGyEyEtBzztGzy0EtD0DtGyDtAzz0F0CtByCtByEyE0F0E2QtN0A0LzuyE%26cr%3D1833779635%26a%3Dwncy_iobitfs_17_23%26os_ver%3D6.1%26os%3DWindows%2B7%2BUltimate&p={searchTerms}
BHO: ExplorerWnd Helper -> {10921475-03CE-4E04-90CE-E2E7EF20C814} -> C:\Program Files (x86)\IObit\IObit Uninstaller\UninstallExplorer.dll [2019-06-20] (IObit Information Technology -> IObit)
BHO: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files\Microsoft Office\root\Office16\URLREDIR.DLL [2019-10-05] (Microsoft Corporation -> Microsoft Corporation)
BHO-x32: Skype for Business Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files\Microsoft Office\root\VFS\ProgramFilesX86\Microsoft Office\Office16\OCHelper.dll [2019-04-06] (Microsoft Corporation -> Microsoft Corporation)
BHO-x32: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files\Microsoft Office\root\VFS\ProgramFilesX86\Microsoft Office\Office16\URLREDIR.DLL [2019-10-05] (Microsoft Corporation -> Microsoft Corporation)
BHO-x32: IObit Surfing Protection -> {BA0C978D-D909-49B6-AFE2-8BDE245DC7E6} -> C:\Program Files (x86)\IObit\Advanced SystemCare\Surfing Protection\BrowerProtect\ASCPlugin_Protection.dll [2019-03-28] (IObit Information Technology -> IObit)
Handler: mso-minsb-roaming.16 - {83C25742-A9F7-49FB-9138-434302C88D07} - C:\Program Files\Microsoft Office\root\Office16\MSOSB.DLL [2019-10-05] (Microsoft Corporation -> Microsoft Corporation)
Handler-x32: mso-minsb-roaming.16 - {83C25742-A9F7-49FB-9138-434302C88D07} - C:\Program Files\Microsoft Office\root\VFS\ProgramFilesX86\Microsoft Office\Office16\MSOSB.DLL [2019-10-05] (Microsoft Corporation -> Microsoft Corporation)
Handler: mso-minsb.16 - {42089D2D-912D-4018-9087-2B87803E93FB} - C:\Program Files\Microsoft Office\root\Office16\MSOSB.DLL [2019-10-05] (Microsoft Corporation -> Microsoft Corporation)
Handler-x32: mso-minsb.16 - {42089D2D-912D-4018-9087-2B87803E93FB} - C:\Program Files\Microsoft Office\root\VFS\ProgramFilesX86\Microsoft Office\Office16\MSOSB.DLL [2019-10-05] (Microsoft Corporation -> Microsoft Corporation)
Handler: osf-roaming.16 - {42089D2D-912D-4018-9087-2B87803E93FB} - C:\Program Files\Microsoft Office\root\Office16\MSOSB.DLL [2019-10-05] (Microsoft Corporation -> Microsoft Corporation)
Handler-x32: osf-roaming.16 - {42089D2D-912D-4018-9087-2B87803E93FB} - C:\Program Files\Microsoft Office\root\VFS\ProgramFilesX86\Microsoft Office\Office16\MSOSB.DLL [2019-10-05] (Microsoft Corporation -> Microsoft Corporation)
Handler: osf.16 - {5504BE45-A83B-4808-900A-3A5C36E7F77A} - C:\Program Files\Microsoft Office\root\Office16\MSOSB.DLL [2019-10-05] (Microsoft Corporation -> Microsoft Corporation)
Handler-x32: osf.16 - {5504BE45-A83B-4808-900A-3A5C36E7F77A} - C:\Program Files\Microsoft Office\root\VFS\ProgramFilesX86\Microsoft Office\Office16\MSOSB.DLL [2019-10-05] (Microsoft Corporation -> Microsoft Corporation)
 
FireFox:
========
FF DefaultProfile: eny2y7ey.default
FF ProfilePath: C:\Users\lenovo\AppData\Roaming\Mozilla\Firefox\Profiles\5gkk1aui.default-release [2019-10-30]
FF Extension: (IObit Surfing Protection & Ads Removal) - C:\Users\lenovo\AppData\Roaming\Mozilla\Firefox\Profiles\5gkk1aui.default-release\Extensions\[email protected] [2019-03-26]
FF Extension: (Avast Online Security) - C:\Users\lenovo\AppData\Roaming\Mozilla\Firefox\Profiles\5gkk1aui.default-release\Extensions\[email protected] [2019-10-04]
FF ProfilePath: C:\Users\lenovo\AppData\Roaming\Mozilla\Firefox\Profiles\eny2y7ey.default [2019-10-30]
FF user.js: detected! => C:\Users\lenovo\AppData\Roaming\Mozilla\Firefox\Profiles\eny2y7ey.default\user.js [2018-03-22]
FF Homepage: Mozilla\Firefox\Profiles\eny2y7ey.default -> hxxps://www.facebook.com/|hxxps://outlook.live.com/owa/|hxxps://accounts.google.com/signin/v2/identifier?service=cl&passive=1209600&osid=1&continue=https%3A%2F%2Fcalendar.google.com%2Fcalendar%2Frender&followup=https%3A%2F%2Fcalendar.google.com%2Fcalendar%2Frender&scc=1&flowName=GlifWebSignIn&flowEntry=ServiceLogin
FF Extension: (IObit Surfing Protection & Ads Removal) - C:\Users\lenovo\AppData\Roaming\Mozilla\Firefox\Profiles\eny2y7ey.default\Extensions\[email protected] [2019-03-26]
FF Extension: (Avast SafePrice | Comparison, deals, coupons) - C:\Users\lenovo\AppData\Roaming\Mozilla\Firefox\Profiles\eny2y7ey.default\Extensions\[email protected] [2019-04-11] [UpdateUrl:hxxps://firefoxext.avcdn.net/firefoxext/avast/sp/update.json]
FF Extension: (Avast Online Security) - C:\Users\lenovo\AppData\Roaming\Mozilla\Firefox\Profiles\eny2y7ey.default\Extensions\[email protected] [2019-10-07]
FF Extension: (Flash and Video Download) - C:\Users\lenovo\AppData\Roaming\Mozilla\Firefox\Profiles\eny2y7ey.default\Extensions\{bee6eb20-01e0-ebd1-da83-080329fb9a3a}.xpi [2018-08-29]
FF Extension: (Flash Video Player for Facebook™) - C:\Users\lenovo\AppData\Roaming\Mozilla\Firefox\Profiles\eny2y7ey.default\Extensions\{d0bfdcce-52c7-4b32-bb45-948f62db8d3f}.xpi [2018-02-16]
FF HKU\S-1-5-21-3575293515-844785542-2696234256-1000\...\Firefox\Extensions: [{F74D5734-46F5-4B16-96F0-1E7FBF41B750}] - C:\Program Files (x86)\Lenovo\Password Manager\PWM Firefox Extension\2.0b12
FF Extension: (ThinkVantage Password Manager) - C:\Program Files (x86)\Lenovo\Password Manager\PWM Firefox Extension\2.0b12 [2017-12-14] [Legacy] [not signed]
FF Plugin: @microsoft.com/GENUINE -> disabled [No File]
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.50918.0\npctrl.dll [2018-10-23] (Microsoft Corporation ->  Microsoft Corporation)
FF Plugin: @microsoft.com/SharePoint,version=14.0 -> C:\Program Files\Microsoft Office\root\Office16\NPSPWRAP.DLL [2019-07-01] (Microsoft Corporation -> Microsoft Corporation)
FF Plugin-x32: @adobe.com/ShockwavePlayer -> C:\Windows\SysWOW64\Adobe\Director\np32dsw_1235205.dll [2019-03-15] (Adobe Systems, Inc.) [File not signed]
FF Plugin-x32: @microsoft.com/GENUINE -> disabled [No File]
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files (x86)\Microsoft Silverlight\5.1.50918.0\npctrl.dll [2018-10-23] (Microsoft Corporation ->  Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\Program Files\Microsoft Office\root\VFS\ProgramFilesX86\Microsoft Office\Office16\NPSPWRAP.DLL [2019-04-06] (Microsoft Corporation -> Microsoft Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.35.302\npGoogleUpdate3.dll [2019-10-08] (Google Inc -> Google LLC)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.35.302\npGoogleUpdate3.dll [2019-10-08] (Google Inc -> Google LLC)
 
Chrome: 
=======
CHR HomePage: Default -> msn.com
CHR DefaultSearchURL: Default -> hxxps://www.bing.com/search?FORM=U452DF&PC=U452&q={searchTerms}
CHR DefaultSuggestURL: Default -> hxxps://www.bing.com/osjson.aspx?FORM=U452DF&PC=U452&query={searchTerms}
CHR Profile: C:\Users\lenovo\AppData\Local\Google\Chrome\User Data\Default [2019-10-30]
CHR Extension: (Slides) - C:\Users\lenovo\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2019-04-07]
CHR Extension: (MSN Homepage & Bing Search Engine) - C:\Users\lenovo\AppData\Local\Google\Chrome\User Data\Default\Extensions\aodojjhnfnfhaplflfohfddffmjkdjak [2019-07-29]
CHR Extension: (Docs) - C:\Users\lenovo\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2019-04-07]
CHR Extension: (Google Drive) - C:\Users\lenovo\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2019-04-07]
CHR Extension: (YouTube) - C:\Users\lenovo\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2019-04-07]
CHR Extension: (Sheets) - C:\Users\lenovo\AppData\Local\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2019-04-07]
CHR Extension: (Google Docs Offline) - C:\Users\lenovo\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2019-04-07]
CHR Extension: (Avast Online Security) - C:\Users\lenovo\AppData\Local\Google\Chrome\User Data\Default\Extensions\gomekmidlodglbbmalcneegieacbdmki [2019-07-16]
CHR Extension: (Apple iTunes For PC) - C:\Users\lenovo\AppData\Local\Google\Chrome\User Data\Default\Extensions\jokpjmmholmjcknnpplenafffabgkobb [2019-10-11]
CHR Extension: (Chrome Web Store Payments) - C:\Users\lenovo\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2019-10-04]
CHR Extension: (Gmail) - C:\Users\lenovo\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2019-04-07]
CHR Extension: (Chrome Media Router) - C:\Users\lenovo\AppData\Local\Google\Chrome\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm [2019-10-30]
CHR HKLM-x32\...\Chrome\Extension: [gomekmidlodglbbmalcneegieacbdmki] - hxxps://clients2.google.com/service/update2/crx
 
==================== Services (Whitelisted) ===================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
R2 AdvancedSystemCareService12; C:\Program Files (x86)\IObit\Advanced SystemCare\ASCService.exe [1266448 2019-09-10] (IObit Information Technology -> IObit)
S3 Agent; C:\Program Files\Agent\Agent.exe [1643096 2018-06-15] (DEVELOPER IN A BOX (THE PLAYFUL GROUP PTY LTD) -> DeveloperInABox)
R3 aswbIDSAgent; C:\Program Files\AVAST Software\Avast\aswidsagent.exe [6085360 2019-10-03] (AVAST Software s.r.o. -> AVAST Software)
R2 avast! Antivirus; C:\Program Files\AVAST Software\Avast\AvastSvc.exe [996880 2019-10-03] (AVAST Software s.r.o. -> AVAST Software)
R2 CleanupPSvc; C:\Program Files (x86)\AVAST Software\Avast Cleanup\TuneupSvc.exe [10287216 2019-07-27] (AVAST Software s.r.o. -> AVAST Software)
R2 ClickToRunSvc; C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exe [11636808 2019-10-18] (Microsoft Corporation -> Microsoft Corporation)
S2 dbupdate; C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe [143144 2018-01-08] (Dropbox, Inc -> Dropbox, Inc.)
S3 dbupdatem; C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe [143144 2018-01-08] (Dropbox, Inc -> Dropbox, Inc.)
R2 DbxSvc; C:\Windows\system32\DbxSvc.exe [51024 2019-10-15] (Dropbox, Inc -> Dropbox, Inc.)
S3 IconMan_R; C:\Program Files (x86)\Realtek\Realtek PCIE Card Reader\RIconMan.exe [2375168 2011-03-07] (Realsil Microelectronics Inc.) [File not signed]
S2 IObitUnSvr; C:\Program Files (x86)\IObit\IObit Uninstaller\IUService.exe [156944 2019-08-23] (IObit Information Technology -> IObit)
R2 LPlatSvc; C:\Windows\system32\LPlatSvc.exe [774552 2018-07-14] (Lenovo -> Lenovo.)
R2 RtkAudioService; C:\Program Files\Realtek\Audio\HDA\RtkAudioService64.exe [199272 2011-05-18] (Realtek Semiconductor Corp -> Realtek Semiconductor)
R2 SecureLine; C:\Program Files\AVAST Software\SecureLine\VpnSvc.exe [6828424 2019-10-23] (AVAST Software s.r.o. -> AVAST Software)
R2 SynTPEnhService; C:\Program Files\Synaptics\SynTP\SynTPEnhService.exe [268328 2019-06-27] (Synaptics Incorporated -> Synaptics Incorporated)
S3 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [1011712 2013-05-27] (Microsoft Windows -> Microsoft Corporation)
 
===================== Drivers (Whitelisted) ===================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
S3 AmUStor; C:\Windows\System32\drivers\AmUStor.SYS [90560 2018-05-17] (Alcorlink Corp. -> Alcorlink Corp.)
R3 AscFileFilter; C:\Program Files (x86)\IObit\Advanced SystemCare\drivers\win7_amd64\AscFileFilter.sys [25512 2018-09-20] (IObit Information Technology -> IObit)
R3 AscRegistryFilter; C:\Program Files (x86)\IObit\Advanced SystemCare\drivers\win7_amd64\AscRegistryFilter.sys [25000 2018-07-04] (IObit Information Technology -> IObit)
R0 aswArDisk; C:\Windows\System32\drivers\aswArDisk.sys [37616 2019-10-03] (AVAST Software s.r.o. -> AVAST Software)
R1 aswArPot; C:\Windows\System32\drivers\aswArPot.sys [204824 2019-10-03] (AVAST Software s.r.o. -> AVAST Software)
R1 aswbidsdriver; C:\Windows\System32\drivers\aswbidsdriver.sys [274456 2019-10-03] (AVAST Software s.r.o. -> AVAST Software)
R0 aswbidsh; C:\Windows\System32\drivers\aswbidsh.sys [209552 2019-10-03] (AVAST Software s.r.o. -> AVAST Software)
R0 aswbuniv; C:\Windows\System32\drivers\aswbuniv.sys [65120 2019-10-03] (AVAST Software s.r.o. -> AVAST Software)
R1 aswHdsKe; C:\Windows\System32\drivers\aswHdsKe.sys [276952 2019-10-03] (AVAST Software s.r.o. -> AVAST Software)
R1 aswKbd; C:\Windows\System32\drivers\aswKbd.sys [42736 2019-10-03] (AVAST Software s.r.o. -> AVAST Software)
R2 aswMonFlt; C:\Windows\System32\drivers\aswMonFlt.sys [171520 2019-10-03] (AVAST Software s.r.o. -> AVAST Software)
R1 aswRdr; C:\Windows\System32\drivers\aswRdr2.sys [110320 2019-10-03] (AVAST Software s.r.o. -> AVAST Software)
R0 aswRvrt; C:\Windows\System32\drivers\aswRvrt.sys [83792 2019-10-03] (AVAST Software s.r.o. -> AVAST Software)
R1 aswSnx; C:\Windows\System32\drivers\aswSnx.sys [848432 2019-10-03] (AVAST Software s.r.o. -> AVAST Software)
R1 aswSP; C:\Windows\System32\drivers\aswSP.sys [460448 2019-10-03] (AVAST Software s.r.o. -> AVAST Software)
R2 aswStm; C:\Windows\System32\drivers\aswStm.sys [236024 2019-10-03] (AVAST Software s.r.o. -> AVAST Software)
R0 aswVmm; C:\Windows\System32\drivers\aswVmm.sys [316528 2019-10-03] (AVAST Software s.r.o. -> AVAST Software)
R3 cpuz143; C:\Windows\temp\cpuz143\cpuz143_x64.sys [48960 2019-10-30] (CPUID -> CPUID)
R1 HWiNFO32; C:\Windows\SysWOW64\drivers\HWiNFO64A.SYS [27552 2018-01-08] (Martin Malik - REALiX -> REALiX™)
R3 iobit_monitor_server; C:\Program Files (x86)\IObit\Advanced SystemCare\drivers\Monitor_win7_x64.sys [14680 2018-07-04] (IObit Information Technology -> IObit)
R3 IUFileFilter; C:\Program Files (x86)\IObit\IObit Uninstaller\drivers\win7_amd64\IUFileFilter.sys [25992 2019-07-30] (IObit CO., LTD -> IObit)
R3 IUProcessFilter; C:\Program Files (x86)\IObit\IObit Uninstaller\drivers\win7_amd64\IUProcessFilter.sys [19280 2019-07-30] (IObit CO., LTD -> IObit)
R3 IURegistryFilter; C:\Program Files (x86)\IObit\IObit Uninstaller\drivers\win7_amd64\IURegistryFilter.sys [31648 2019-07-30] (IObit CO., LTD -> IObit)
R3 NETwNs64; C:\Windows\System32\DRIVERS\NETwsw01.sys [11534096 2018-01-08] (Intel Corporation-Wireless Connectivity Solutions -> Intel Corporation)
R0 PMDRVS; C:\Windows\System32\DRIVERS\pmdrvs.sys [43208 2018-07-14] (Lenovo -> Lenovo.)
S3 RtlvVga; C:\Windows\System32\DRIVERS\RtlvVga.sys [11920 2014-03-18] (Realtek Semiconductor Corp -> Realtek Semiconductor Corporation )
R0 SmartDefragDriver; C:\Windows\System32\Drivers\SmartDefragDriver.sys [30744 2017-03-09] (IObit Information Technology -> IObit)
S3 SmbDrvI; C:\Windows\System32\DRIVERS\Smb_driver_Intel.sys [45296 2014-07-28] (Synaptics Incorporated -> Synaptics Incorporated)
S3 tapsurfshark; C:\Windows\System32\DRIVERS\tapsurfshark.sys [36544 2019-05-22] (Surfshark Ltd. -> The OpenVPN Project)
S4 IMFMBRProtect; \??\C:\Program Files (x86)\IObit\IObit Malware Fighter\drivers\win7_amd64\IMFMBRProtect.sys [X]
S4 IMFSafeBox; \??\C:\Program Files (x86)\IObit\IObit Malware Fighter\drivers\win7_amd64\IMFSafeBox.sys [X]
 
==================== NetSvcs (Whitelisted) ===================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
 
==================== One month (created) ===================
 
(If an entry is included in the fixlist, the file/folder will be moved.)
 
2019-10-30 19:13 - 2019-10-30 19:17 - 000038808 _____ C:\Users\lenovo\Downloads\FRST.txt
2019-10-30 19:08 - 2019-10-30 19:17 - 000000000 ____D C:\FRST
2019-10-30 19:07 - 2019-10-30 19:08 - 001619456 _____ (Farbar) C:\Users\lenovo\Downloads\FRST64.exe
2019-10-30 16:11 - 2019-10-30 16:11 - 001802704 _____ (Bleeping Computer, LLC) C:\Users\lenovo\Downloads\rkill.exe
2019-10-30 13:45 - 2019-10-30 13:45 - 000000000 ____D C:\Users\lenovo\AppData\Local\GoToAssist Remote Support Customer
2019-10-30 09:39 - 2019-10-30 09:39 - 000000000 ____H C:\asc_rdflag
2019-10-28 20:02 - 2019-10-29 11:40 - 000000000 ____D C:\Program Files\Mozilla Firefox
2019-10-27 21:33 - 2019-10-30 18:54 - 000000000 ____D C:\Program Files (x86)\Mozilla Firefox
2019-10-27 21:04 - 2019-10-27 21:27 - 000000000 ____D C:\Users\lenovo\Documents\Micks Photos
2019-10-26 09:38 - 2019-10-26 09:42 - 002310656 _____ C:\Users\lenovo\Documents\homeo.pub
2019-10-22 19:53 - 2019-10-22 19:53 - 000058953 _____ C:\Users\lenovo\Desktop\business sign.pdf
2019-10-19 13:39 - 2019-10-11 02:22 - 000338944 _____ (Microsoft Corporation) C:\Windows\system32\sipnotify.exe
2019-10-19 13:10 - 2019-10-19 13:10 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Dropbox
2019-10-17 11:26 - 2019-10-17 11:26 - 002863104 _____ (Microsoft Corporation) C:\Windows\system32\aitstatic.exe
2019-10-17 11:26 - 2019-10-17 11:26 - 001717760 _____ (Microsoft Corporation) C:\Windows\system32\appraiser.dll
2019-10-17 11:26 - 2019-10-17 11:26 - 000802816 _____ (Microsoft Corporation) C:\Windows\system32\generaltel.dll
2019-10-17 11:26 - 2019-10-17 11:26 - 000738816 _____ (Microsoft Corporation) C:\Windows\system32\aeinv.dll
2019-10-17 11:26 - 2019-10-17 11:26 - 000634368 _____ (Microsoft Corporation) C:\Windows\system32\devinv.dll
2019-10-17 11:26 - 2019-10-17 11:26 - 000503808 _____ (Microsoft Corporation) C:\Windows\system32\centel.dll
2019-10-17 11:26 - 2019-10-17 11:26 - 000456704 _____ (Microsoft Corporation) C:\Windows\system32\invagent.dll
2019-10-17 11:26 - 2019-10-17 11:26 - 000315904 _____ (Microsoft Corporation) C:\Windows\system32\acmigration.dll
2019-10-17 11:26 - 2019-10-17 11:26 - 000257024 _____ (Microsoft Corporation) C:\Windows\system32\aepic.dll
2019-10-17 11:26 - 2019-10-17 11:26 - 000162016 _____ (Microsoft Corporation) C:\Windows\system32\CompatTelRunner.exe
2019-10-17 11:26 - 2019-10-17 11:26 - 000110592 _____ (Microsoft Corporation) C:\Windows\system32\userenv.dll
2019-10-17 11:26 - 2019-10-17 11:26 - 000083968 _____ (Microsoft Corporation) C:\Windows\SysWOW64\userenv.dll
2019-10-17 11:26 - 2019-10-17 11:26 - 000002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\tzres.dll
2019-10-17 11:26 - 2019-10-17 11:26 - 000002048 _____ (Microsoft Corporation) C:\Windows\system32\tzres.dll
2019-10-17 10:33 - 2019-10-17 10:33 - 000116224 _____ C:\Users\lenovo\Desktop\business sign.pub
2019-10-15 18:05 - 2019-10-15 18:05 - 000051024 _____ (Dropbox, Inc.) C:\Windows\system32\DbxSvc.exe
2019-10-15 18:05 - 2019-10-15 18:05 - 000047600 _____ (Dropbox, Inc.) C:\Windows\system32\Drivers\dbx-stable.sys
2019-10-15 18:05 - 2019-10-15 18:05 - 000047600 _____ (Dropbox, Inc.) C:\Windows\system32\Drivers\dbx-dev.sys
2019-10-15 18:05 - 2019-10-15 18:05 - 000047600 _____ (Dropbox, Inc.) C:\Windows\system32\Drivers\dbx-canary.sys
2019-10-11 17:13 - 2019-10-11 17:27 - 000000000 ____D C:\Users\lenovo\AppData\Local\Microsoft Corporation
2019-10-11 17:11 - 2019-10-11 17:11 - 000002165 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows 7 Upgrade Advisor.lnk
2019-10-11 17:11 - 2019-10-11 17:11 - 000002153 _____ C:\Users\Public\Desktop\Windows 7 Upgrade Advisor.lnk
2019-10-11 17:11 - 2019-10-11 17:11 - 000002153 _____ C:\ProgramData\Desktop\Windows 7 Upgrade Advisor.lnk
2019-10-11 17:11 - 2019-10-11 17:11 - 000000000 ____D C:\Program Files (x86)\Microsoft Windows 7 Upgrade Advisor
2019-10-11 17:10 - 2019-10-11 17:10 - 008669472 _____ (Microsoft Corporation) C:\Users\lenovo\Downloads\Windows7UpgradeAdvisorSetup.exe
2019-10-11 15:26 - 2019-10-11 15:26 - 005732464 _____ (Microsoft Corporation) C:\Users\lenovo\Downloads\Setup.Def.en-US_O365HomePremRetail_063c3c93-2096-4d2e-91b8-5b89a4c7c72a_TX_DB_storeid_CFQ7TTC0K5DM_Platform_def_.exe
2019-10-08 20:57 - 2019-10-30 19:01 - 000002844 _____ C:\Windows\system32\Tasks\Driver Booster SkipUAC (lenovo)
2019-10-08 20:57 - 2019-10-08 20:57 - 000003096 _____ C:\Windows\system32\Tasks\Driver Booster Scheduler
2019-10-08 20:57 - 2019-10-08 20:57 - 000002272 _____ C:\Users\Public\Desktop\Driver Booster 7.lnk
2019-10-08 20:57 - 2019-10-08 20:57 - 000002272 _____ C:\ProgramData\Desktop\Driver Booster 7.lnk
2019-10-08 20:57 - 2019-10-08 20:57 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Driver Booster 7
2019-10-08 19:36 - 2019-10-06 04:12 - 025753088 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2019-10-08 19:36 - 2019-10-06 03:49 - 002909184 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2019-10-08 19:36 - 2019-10-06 03:47 - 000579584 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
2019-10-08 19:36 - 2019-10-06 03:36 - 000797696 _____ (Microsoft Corporation) C:\Windows\system32\jscript.dll
2019-10-08 19:36 - 2019-10-06 03:34 - 005500928 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2019-10-08 19:36 - 2019-10-06 03:32 - 020290048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2019-10-08 19:36 - 2019-10-06 03:18 - 000496128 _____ (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll
2019-10-08 19:36 - 2019-10-06 03:15 - 002302464 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2019-10-08 19:36 - 2019-10-06 03:10 - 000663552 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript.dll
2019-10-08 19:36 - 2019-10-06 03:05 - 000809472 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2019-10-08 19:36 - 2019-10-06 02:58 - 015413760 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2019-10-08 19:36 - 2019-10-06 02:57 - 004859904 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2019-10-08 19:36 - 2019-10-06 02:48 - 002058752 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
2019-10-08 19:36 - 2019-10-06 02:45 - 013808640 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2019-10-08 19:36 - 2019-10-06 02:45 - 001566208 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2019-10-08 19:36 - 2019-10-06 02:35 - 004387840 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2019-10-08 19:36 - 2019-10-06 02:32 - 001331712 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2019-10-08 19:36 - 2019-09-19 04:27 - 000168448 _____ (Microsoft Corporation) C:\Windows\system32\umpo.dll
2019-10-08 19:36 - 2019-09-17 02:28 - 001010176 _____ (Microsoft Corporation) C:\Windows\system32\user32.dll
2019-10-08 19:36 - 2019-09-17 02:28 - 000316928 _____ (Microsoft Corporation) C:\Windows\system32\msv1_0.dll
2019-10-08 19:36 - 2019-09-10 02:27 - 000383488 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wer.dll
2019-10-08 19:36 - 2019-09-10 02:24 - 001281536 _____ (Microsoft Corporation) C:\Windows\system32\werconcpl.dll
2019-10-08 19:36 - 2019-09-10 02:24 - 000486912 _____ (Microsoft Corporation) C:\Windows\system32\wer.dll
2019-10-08 19:36 - 2019-09-10 02:02 - 006135296 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mstscax.dll
2019-10-08 19:36 - 2019-09-10 01:54 - 003231744 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys
2019-10-08 19:36 - 2019-09-10 01:53 - 000416256 _____ (Microsoft Corporation) C:\Windows\system32\WerFault.exe
2019-10-08 19:36 - 2019-09-10 00:09 - 007082496 _____ (Microsoft Corporation) C:\Windows\system32\mstscax.dll
2019-10-08 19:36 - 2019-09-10 00:09 - 003187712 _____ (Microsoft Corporation) C:\Windows\system32\rdpcorets.dll
2019-10-08 19:35 - 2019-10-07 06:49 - 000390752 _____ (Microsoft Corporation) C:\Windows\system32\iedkcs32.dll
2019-10-08 19:35 - 2019-10-07 05:57 - 000341896 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iedkcs32.dll
2019-10-08 19:35 - 2019-10-06 04:00 - 002724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2019-10-08 19:35 - 2019-10-06 04:00 - 000004096 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollectorres.dll
2019-10-08 19:35 - 2019-10-06 03:48 - 000066560 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll
2019-10-08 19:35 - 2019-10-06 03:47 - 000417280 _____ (Microsoft Corporation) C:\Windows\system32\html.iec
2019-10-08 19:35 - 2019-10-06 03:47 - 000048640 _____ (Microsoft Corporation) C:\Windows\system32\ieetwproxystub.dll
2019-10-08 19:35 - 2019-10-06 03:46 - 000088064 _____ (Microsoft Corporation) C:\Windows\system32\MshtmlDac.dll
2019-10-08 19:35 - 2019-10-06 03:41 - 000054784 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2019-10-08 19:35 - 2019-10-06 03:40 - 000034304 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll
2019-10-08 19:35 - 2019-10-06 03:38 - 000615936 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2019-10-08 19:35 - 2019-10-06 03:37 - 000144384 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe
2019-10-08 19:35 - 2019-10-06 03:37 - 000116224 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollector.exe
2019-10-08 19:35 - 2019-10-06 03:36 - 000814080 _____ (Microsoft Corporation) C:\Windows\system32\jscript9diag.dll
2019-10-08 19:35 - 2019-10-06 03:31 - 000969216 _____ (Microsoft Corporation) C:\Windows\system32\MsSpellCheckingFacility.exe
2019-10-08 19:35 - 2019-10-06 03:28 - 002724864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2019-10-08 19:35 - 2019-10-06 03:28 - 000489984 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll
2019-10-08 19:35 - 2019-10-06 03:23 - 000077824 _____ (Microsoft Corporation) C:\Windows\system32\JavaScriptCollectionAgent.dll
2019-10-08 19:35 - 2019-10-06 03:22 - 000107520 _____ (Microsoft Corporation) C:\Windows\system32\inseng.dll
2019-10-08 19:35 - 2019-10-06 03:22 - 000087552 _____ (Microsoft Corporation) C:\Windows\system32\tdc.ocx
2019-10-08 19:35 - 2019-10-06 03:19 - 000199680 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll
2019-10-08 19:35 - 2019-10-06 03:19 - 000092160 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
2019-10-08 19:35 - 2019-10-06 03:18 - 000062464 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll
2019-10-08 19:35 - 2019-10-06 03:17 - 000341504 _____ (Microsoft Corporation) C:\Windows\SysWOW64\html.iec
2019-10-08 19:35 - 2019-10-06 03:17 - 000315392 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll
2019-10-08 19:35 - 2019-10-06 03:17 - 000047616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieetwproxystub.dll
2019-10-08 19:35 - 2019-10-06 03:16 - 000152064 _____ (Microsoft Corporation) C:\Windows\system32\occache.dll
2019-10-08 19:35 - 2019-10-06 03:16 - 000064000 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MshtmlDac.dll
2019-10-08 19:35 - 2019-10-06 03:12 - 000047104 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2019-10-08 19:35 - 2019-10-06 03:12 - 000030720 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll
2019-10-08 19:35 - 2019-10-06 03:11 - 000476160 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2019-10-08 19:35 - 2019-10-06 03:10 - 000620032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9diag.dll
2019-10-08 19:35 - 2019-10-06 03:10 - 000115712 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe
2019-10-08 19:35 - 2019-10-06 03:07 - 000262144 _____ (Microsoft Corporation) C:\Windows\system32\webcheck.dll
2019-10-08 19:35 - 2019-10-06 03:05 - 000728064 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2019-10-08 19:35 - 2019-10-06 03:03 - 002132992 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2019-10-08 19:35 - 2019-10-06 03:03 - 001359360 _____ (Microsoft Corporation) C:\Windows\system32\mshtmlmedia.dll
2019-10-08 19:35 - 2019-10-06 03:03 - 000416256 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtmsft.dll
2019-10-08 19:35 - 2019-10-06 03:00 - 000073216 _____ (Microsoft Corporation) C:\Windows\SysWOW64\tdc.ocx
2019-10-08 19:35 - 2019-10-06 03:00 - 000060416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\JavaScriptCollectionAgent.dll
2019-10-08 19:35 - 2019-10-06 02:59 - 000091136 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inseng.dll
2019-10-08 19:35 - 2019-10-06 02:57 - 000168960 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msrating.dll
2019-10-08 19:35 - 2019-10-06 02:56 - 000279040 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtrans.dll
2019-10-08 19:35 - 2019-10-06 02:56 - 000076288 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll
2019-10-08 19:35 - 2019-10-06 02:55 - 000130048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\occache.dll
2019-10-08 19:35 - 2019-10-06 02:53 - 004112384 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2019-10-08 19:35 - 2019-10-06 02:50 - 000230400 _____ (Microsoft Corporation) C:\Windows\SysWOW64\webcheck.dll
2019-10-08 19:35 - 2019-10-06 02:49 - 000696320 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2019-10-08 19:35 - 2019-10-06 02:48 - 001155072 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmlmedia.dll
2019-10-08 19:35 - 2019-10-06 02:34 - 000800768 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll
2019-10-08 19:35 - 2019-10-06 02:30 - 000710144 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dll
2019-10-08 19:35 - 2019-09-17 02:32 - 004060896 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntkrnlpa.exe
2019-10-08 19:35 - 2019-09-17 02:32 - 003966688 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntoskrnl.exe
2019-10-08 19:35 - 2019-09-17 02:32 - 000709856 _____ (Microsoft Corporation) C:\Windows\system32\winload.efi
2019-10-08 19:35 - 2019-09-17 02:32 - 000627424 _____ (Microsoft Corporation) C:\Windows\system32\winresume.efi
2019-10-08 19:35 - 2019-09-17 02:31 - 005552864 _____ (Microsoft Corporation) C:\Windows\system32\ntoskrnl.exe
2019-10-08 19:35 - 2019-09-17 02:31 - 001319496 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntdll.dll
2019-10-08 19:35 - 2019-09-17 02:31 - 000263904 _____ (Microsoft Corporation) C:\Windows\system32\hal.dll
2019-10-08 19:35 - 2019-09-17 02:31 - 000155360 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecpkg.sys
2019-10-08 19:35 - 2019-09-17 02:31 - 000096992 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecdd.sys
2019-10-08 19:35 - 2019-09-17 02:30 - 001670784 _____ (Microsoft Corporation) C:\Windows\system32\ntdll.dll
2019-10-08 19:35 - 2019-09-17 02:29 - 001114112 _____ (Microsoft Corporation) C:\Windows\SysWOW64\kernel32.dll
2019-10-08 19:35 - 2019-09-17 02:29 - 000834048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\user32.dll
2019-10-08 19:35 - 2019-09-17 02:29 - 000690688 _____ (Microsoft Corporation) C:\Windows\SysWOW64\adtschema.dll
2019-10-08 19:35 - 2019-09-17 02:29 - 000666112 _____ (Microsoft Corporation) C:\Windows\SysWOW64\rpcrt4.dll
2019-10-08 19:35 - 2019-09-17 02:29 - 000644096 _____ (Microsoft Corporation) C:\Windows\SysWOW64\advapi32.dll
2019-10-08 19:35 - 2019-09-17 02:29 - 000555520 _____ (Microsoft Corporation) C:\Windows\SysWOW64\kerberos.dll
2019-10-08 19:35 - 2019-09-17 02:29 - 000342528 _____ (Microsoft Corporation) C:\Windows\SysWOW64\certcli.dll
2019-10-08 19:35 - 2019-09-17 02:29 - 000275968 _____ (Microsoft Corporation) C:\Windows\SysWOW64\KernelBase.dll
2019-10-08 19:35 - 2019-09-17 02:29 - 000261632 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msv1_0.dll
2019-10-08 19:35 - 2019-09-17 02:29 - 000254464 _____ (Microsoft Corporation) C:\Windows\SysWOW64\schannel.dll
2019-10-08 19:35 - 2019-09-17 02:29 - 000223232 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ncrypt.dll
2019-10-08 19:35 - 2019-09-17 02:29 - 000172032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wdigest.dll
2019-10-08 19:35 - 2019-09-17 02:29 - 000146432 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msaudite.dll
2019-10-08 19:35 - 2019-09-17 02:29 - 000141312 _____ (Microsoft Corporation) C:\Windows\SysWOW64\rpchttp.dll
2019-10-08 19:35 - 2019-09-17 02:29 - 000096768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\sspicli.dll
2019-10-08 19:35 - 2019-09-17 02:29 - 000082944 _____ (Microsoft Corporation) C:\Windows\SysWOW64\bcrypt.dll
2019-10-08 19:35 - 2019-09-17 02:29 - 000070144 _____ (Microsoft Corporation) C:\Windows\SysWOW64\TSpkg.dll
2019-10-08 19:35 - 2019-09-17 02:29 - 000060416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msobjs.dll
2019-10-08 19:35 - 2019-09-17 02:29 - 000050688 _____ (Microsoft Corporation) C:\Windows\SysWOW64\appidapi.dll
2019-10-08 19:35 - 2019-09-17 02:29 - 000043008 _____ (Microsoft Corporation) C:\Windows\SysWOW64\srclient.dll
2019-10-08 19:35 - 2019-09-17 02:29 - 000022016 _____ (Microsoft Corporation) C:\Windows\SysWOW64\secur32.dll
2019-10-08 19:35 - 2019-09-17 02:29 - 000017408 _____ (Microsoft Corporation) C:\Windows\SysWOW64\credssp.dll
2019-10-08 19:35 - 2019-09-17 02:29 - 000007168 _____ (Microsoft Corporation) C:\Windows\SysWOW64\apisetschema.dll
2019-10-08 19:35 - 2019-09-17 02:29 - 000005120 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-file-l1-1-0.dll
2019-10-08 19:35 - 2019-09-17 02:29 - 000005120 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wow32.dll
2019-10-08 19:35 - 2019-09-17 02:29 - 000004608 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-processthreads-l1-1-0.dll
2019-10-08 19:35 - 2019-09-17 02:29 - 000004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-sysinfo-l1-1-0.dll
2019-10-08 19:35 - 2019-09-17 02:29 - 000004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-synch-l1-1-0.dll
2019-10-08 19:35 - 2019-09-17 02:29 - 000004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-misc-l1-1-0.dll
2019-10-08 19:35 - 2019-09-17 02:29 - 000004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-localregistry-l1-1-0.dll
2019-10-08 19:35 - 2019-09-17 02:29 - 000004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-localization-l1-1-0.dll
2019-10-08 19:35 - 2019-09-17 02:29 - 000003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-processenvironment-l1-1-0.dll
2019-10-08 19:35 - 2019-09-17 02:29 - 000003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-namedpipe-l1-1-0.dll
2019-10-08 19:35 - 2019-09-17 02:29 - 000003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-memory-l1-1-0.dll
2019-10-08 19:35 - 2019-09-17 02:29 - 000003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-libraryloader-l1-1-0.dll
2019-10-08 19:35 - 2019-09-17 02:29 - 000003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-interlocked-l1-1-0.dll
2019-10-08 19:35 - 2019-09-17 02:29 - 000003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-heap-l1-1-0.dll
2019-10-08 19:35 - 2019-09-17 02:29 - 000003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-string-l1-1-0.dll
2019-10-08 19:35 - 2019-09-17 02:29 - 000003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-rtlsupport-l1-1-0.dll
2019-10-08 19:35 - 2019-09-17 02:29 - 000003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-profile-l1-1-0.dll
2019-10-08 19:35 - 2019-09-17 02:29 - 000003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-io-l1-1-0.dll
2019-10-08 19:35 - 2019-09-17 02:29 - 000003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-handle-l1-1-0.dll
2019-10-08 19:35 - 2019-09-17 02:29 - 000003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-fibers-l1-1-0.dll
2019-10-08 19:35 - 2019-09-17 02:29 - 000003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-errorhandling-l1-1-0.dll
2019-10-08 19:35 - 2019-09-17 02:29 - 000003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-delayload-l1-1-0.dll
2019-10-08 19:35 - 2019-09-17 02:29 - 000003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-debug-l1-1-0.dll
2019-10-08 19:35 - 2019-09-17 02:29 - 000003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-datetime-l1-1-0.dll
2019-10-08 19:35 - 2019-09-17 02:29 - 000003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-console-l1-1-0.dll
2019-10-08 19:35 - 2019-09-17 02:28 - 001472512 _____ (Microsoft Corporation) C:\Windows\system32\lsasrv.dll
2019-10-08 19:35 - 2019-09-17 02:28 - 001211392 _____ (Microsoft Corporation) C:\Windows\system32\rpcrt4.dll
2019-10-08 19:35 - 2019-09-17 02:28 - 001162752 _____ (Microsoft Corporation) C:\Windows\system32\kernel32.dll
2019-10-08 19:35 - 2019-09-17 02:28 - 000880640 _____ (Microsoft Corporation) C:\Windows\system32\advapi32.dll
2019-10-08 19:35 - 2019-09-17 02:28 - 000733184 _____ (Microsoft Corporation) C:\Windows\system32\kerberos.dll
2019-10-08 19:35 - 2019-09-17 02:28 - 000690688 _____ (Microsoft Corporation) C:\Windows\system32\adtschema.dll
2019-10-08 19:35 - 2019-09-17 02:28 - 000503808 _____ (Microsoft Corporation) C:\Windows\system32\srcore.dll
2019-10-08 19:35 - 2019-09-17 02:28 - 000463872 _____ (Microsoft Corporation) C:\Windows\system32\certcli.dll
2019-10-08 19:35 - 2019-09-17 02:28 - 000408576 _____ (Microsoft Corporation) C:\Windows\system32\KernelBase.dll
2019-10-08 19:35 - 2019-09-17 02:28 - 000361984 _____ (Microsoft Corporation) C:\Windows\system32\wow64win.dll
2019-10-08 19:35 - 2019-09-17 02:28 - 000345600 _____ (Microsoft Corporation) C:\Windows\system32\schannel.dll
2019-10-08 19:35 - 2019-09-17 02:28 - 000312320 _____ (Microsoft Corporation) C:\Windows\system32\ncrypt.dll
2019-10-08 19:35 - 2019-09-17 02:28 - 000243712 _____ (Microsoft Corporation) C:\Windows\system32\wow64.dll
2019-10-08 19:35 - 2019-09-17 02:28 - 000236032 _____ (Microsoft Corporation) C:\Windows\system32\srvsvc.dll
2019-10-08 19:35 - 2019-09-17 02:28 - 000215552 _____ (Microsoft Corporation) C:\Windows\system32\winsrv.dll
2019-10-08 19:35 - 2019-09-17 02:28 - 000210432 _____ (Microsoft Corporation) C:\Windows\system32\wdigest.dll
2019-10-08 19:35 - 2019-09-17 02:28 - 000190464 _____ (Microsoft Corporation) C:\Windows\system32\rpchttp.dll
2019-10-08 19:35 - 2019-09-17 02:28 - 000146432 _____ (Microsoft Corporation) C:\Windows\system32\msaudite.dll
2019-10-08 19:35 - 2019-09-17 02:28 - 000135680 _____ (Microsoft Corporation) C:\Windows\system32\sspicli.dll
2019-10-08 19:35 - 2019-09-17 02:28 - 000123904 _____ (Microsoft Corporation) C:\Windows\system32\bcrypt.dll
2019-10-08 19:35 - 2019-09-17 02:28 - 000094208 _____ (Microsoft Corporation) C:\Windows\system32\TSpkg.dll
2019-10-08 19:35 - 2019-09-17 02:28 - 000063488 _____ (Microsoft Corporation) C:\Windows\system32\setbcdlocale.dll
2019-10-08 19:35 - 2019-09-17 02:28 - 000060416 _____ (Microsoft Corporation) C:\Windows\system32\msobjs.dll
2019-10-08 19:35 - 2019-09-17 02:28 - 000059904 _____ (Microsoft Corporation) C:\Windows\system32\appidapi.dll
2019-10-08 19:35 - 2019-09-17 02:28 - 000050176 _____ (Microsoft Corporation) C:\Windows\system32\srclient.dll
2019-10-08 19:35 - 2019-09-17 02:28 - 000044032 _____ (Microsoft Corporation) C:\Windows\system32\csrsrv.dll
2019-10-08 19:35 - 2019-09-17 02:28 - 000043520 _____ (Microsoft Corporation) C:\Windows\system32\cryptbase.dll
2019-10-08 19:35 - 2019-09-17 02:28 - 000034816 _____ (Microsoft Corporation) C:\Windows\system32\appidsvc.dll
2019-10-08 19:35 - 2019-09-17 02:28 - 000028672 _____ (Microsoft Corporation) C:\Windows\system32\sspisrv.dll
2019-10-08 19:35 - 2019-09-17 02:28 - 000028160 _____ (Microsoft Corporation) C:\Windows\system32\secur32.dll
2019-10-08 19:35 - 2019-09-17 02:28 - 000022016 _____ (Microsoft Corporation) C:\Windows\system32\credssp.dll
2019-10-08 19:35 - 2019-09-17 02:28 - 000016384 _____ (Microsoft Corporation) C:\Windows\system32\ntvdm64.dll
2019-10-08 19:35 - 2019-09-17 02:28 - 000013312 _____ (Microsoft Corporation) C:\Windows\system32\wow64cpu.dll
2019-10-08 19:35 - 2019-09-17 02:28 - 000013312 _____ (Microsoft Corporation) C:\Windows\system32\sscore.dll
2019-10-08 19:35 - 2019-09-17 02:28 - 000007168 _____ (Microsoft Corporation) C:\Windows\system32\apisetschema.dll
2019-10-08 19:35 - 2019-09-17 02:28 - 000006144 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-security-base-l1-1-0.dll
2019-10-08 19:35 - 2019-09-17 02:28 - 000005120 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-file-l1-1-0.dll
2019-10-08 19:35 - 2019-09-17 02:28 - 000004608 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-threadpool-l1-1-0.dll
2019-10-08 19:35 - 2019-09-17 02:28 - 000004608 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-processthreads-l1-1-0.dll
2019-10-08 19:35 - 2019-09-17 02:28 - 000004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-sysinfo-l1-1-0.dll
2019-10-08 19:35 - 2019-09-17 02:28 - 000004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-synch-l1-1-0.dll
2019-10-08 19:35 - 2019-09-17 02:28 - 000004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-localregistry-l1-1-0.dll
2019-10-08 19:35 - 2019-09-17 02:28 - 000004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-localization-l1-1-0.dll
2019-10-08 19:35 - 2019-09-17 02:28 - 000003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-rtlsupport-l1-1-0.dll
2019-10-08 19:35 - 2019-09-17 02:28 - 000003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-processenvironment-l1-1-0.dll
2019-10-08 19:35 - 2019-09-17 02:28 - 000003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-namedpipe-l1-1-0.dll
2019-10-08 19:35 - 2019-09-17 02:28 - 000003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-misc-l1-1-0.dll
2019-10-08 19:35 - 2019-09-17 02:28 - 000003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-memory-l1-1-0.dll
2019-10-08 19:35 - 2019-09-17 02:28 - 000003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-libraryloader-l1-1-0.dll
2019-10-08 19:35 - 2019-09-17 02:28 - 000003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-heap-l1-1-0.dll
2019-10-08 19:35 - 2019-09-17 02:28 - 000003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-xstate-l1-1-0.dll
2019-10-08 19:35 - 2019-09-17 02:28 - 000003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-util-l1-1-0.dll
2019-10-08 19:35 - 2019-09-17 02:28 - 000003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-string-l1-1-0.dll
2019-10-08 19:35 - 2019-09-17 02:28 - 000003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-profile-l1-1-0.dll
2019-10-08 19:35 - 2019-09-17 02:28 - 000003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-io-l1-1-0.dll
2019-10-08 19:35 - 2019-09-17 02:28 - 000003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-interlocked-l1-1-0.dll
2019-10-08 19:35 - 2019-09-17 02:28 - 000003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-handle-l1-1-0.dll
2019-10-08 19:35 - 2019-09-17 02:28 - 000003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-fibers-l1-1-0.dll
2019-10-08 19:35 - 2019-09-17 02:28 - 000003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-errorhandling-l1-1-0.dll
2019-10-08 19:35 - 2019-09-17 02:28 - 000003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-delayload-l1-1-0.dll
2019-10-08 19:35 - 2019-09-17 02:28 - 000003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-debug-l1-1-0.dll
2019-10-08 19:35 - 2019-09-17 02:28 - 000003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-datetime-l1-1-0.dll
2019-10-08 19:35 - 2019-09-17 02:28 - 000003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-console-l1-1-0.dll
2019-10-08 19:35 - 2019-09-17 02:04 - 000009728 _____ (Microsoft Corporation) C:\Windows\SysWOW64\sscore.dll
2019-10-08 19:35 - 2019-09-17 02:03 - 000050688 _____ (Microsoft Corporation) C:\Windows\SysWOW64\auditpol.exe
2019-10-08 19:35 - 2019-09-17 02:00 - 000148480 _____ (Microsoft Corporation) C:\Windows\system32\appidpolicyconverter.exe
2019-10-08 19:35 - 2019-09-17 02:00 - 000062464 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\appid.sys
2019-10-08 19:35 - 2019-09-17 02:00 - 000017920 _____ (Microsoft Corporation) C:\Windows\system32\appidcertstorecheck.exe
2019-10-08 19:35 - 2019-09-17 01:59 - 000064512 _____ (Microsoft Corporation) C:\Windows\system32\auditpol.exe
2019-10-08 19:35 - 2019-09-17 01:59 - 000025600 _____ (Microsoft Corporation) C:\Windows\SysWOW64\setup16.exe
2019-10-08 19:35 - 2019-09-17 01:59 - 000014336 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntvdm64.dll
2019-10-08 19:35 - 2019-09-17 01:59 - 000007680 _____ (Microsoft Corporation) C:\Windows\SysWOW64\instnm.exe
2019-10-08 19:35 - 2019-09-17 01:59 - 000002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\user.exe
2019-10-08 19:35 - 2019-09-17 01:57 - 000036352 _____ (Microsoft Corporation) C:\Windows\SysWOW64\cryptbase.dll
2019-10-08 19:35 - 2019-09-17 01:57 - 000006144 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-security-base-l1-1-0.dll
2019-10-08 19:35 - 2019-09-17 01:57 - 000004608 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-threadpool-l1-1-0.dll
2019-10-08 19:35 - 2019-09-17 01:57 - 000003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-xstate-l1-1-0.dll
2019-10-08 19:35 - 2019-09-17 01:57 - 000003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-util-l1-1-0.dll
2019-10-08 19:35 - 2019-09-17 01:56 - 000338432 _____ (Microsoft Corporation) C:\Windows\system32\conhost.exe
2019-10-08 19:35 - 2019-09-17 01:56 - 000129536 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\videoprt.sys
2019-10-08 19:35 - 2019-09-17 01:55 - 000296960 _____ (Microsoft Corporation) C:\Windows\system32\rstrui.exe
2019-10-08 19:35 - 2019-09-17 01:53 - 000464384 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\srv.sys
2019-10-08 19:35 - 2019-09-17 01:53 - 000161280 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxsmb.sys
2019-10-08 19:35 - 2019-09-17 01:52 - 000406016 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\srv2.sys
2019-10-08 19:35 - 2019-09-17 01:52 - 000291328 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxsmb10.sys
2019-10-08 19:35 - 2019-09-17 01:52 - 000169984 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\srvnet.sys
2019-10-08 19:35 - 2019-09-17 01:52 - 000129536 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxsmb20.sys
2019-10-08 19:35 - 2019-09-17 01:51 - 000112640 _____ (Microsoft Corporation) C:\Windows\system32\smss.exe
2019-10-08 19:35 - 2019-09-17 01:51 - 000064512 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\amdk8.sys
2019-10-08 19:35 - 2019-09-17 01:51 - 000062464 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\intelppm.sys
2019-10-08 19:35 - 2019-09-17 01:51 - 000060928 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\processr.sys
2019-10-08 19:35 - 2019-09-17 01:51 - 000060928 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\amdppm.sys
2019-10-08 19:35 - 2019-09-17 01:51 - 000044544 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\npfs.sys
2019-10-08 19:35 - 2019-09-17 01:51 - 000030720 _____ (Microsoft Corporation) C:\Windows\system32\lsass.exe
2019-10-08 19:35 - 2019-09-17 00:13 - 000455392 _____ (Microsoft Corporation) C:\Windows\system32\ci.dll
2019-10-08 19:35 - 2019-09-11 04:56 - 000353792 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msrd3x40.dll
2019-10-08 19:35 - 2019-09-11 04:56 - 000241152 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msltus40.dll
2019-10-08 19:35 - 2019-09-10 02:27 - 000320512 _____ (Microsoft Corporation) C:\Windows\SysWOW64\Faultrep.dll
2019-10-08 19:35 - 2019-09-10 02:27 - 000160256 _____ (Microsoft Corporation) C:\Windows\SysWOW64\werui.dll
2019-10-08 19:35 - 2019-09-10 02:24 - 000355328 _____ (Microsoft Corporation) C:\Windows\system32\Faultrep.dll
2019-10-08 19:35 - 2019-09-10 02:24 - 000174080 _____ (Microsoft Corporation) C:\Windows\system32\werui.dll
2019-10-08 19:35 - 2019-09-10 02:24 - 000086016 _____ (Microsoft Corporation) C:\Windows\system32\wercplsupport.dll
2019-10-08 19:35 - 2019-09-10 02:24 - 000034304 _____ (Microsoft Corporation) C:\Windows\system32\werdiagcontroller.dll
2019-10-08 19:35 - 2019-09-10 02:00 - 000361472 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WerFault.exe
2019-10-08 19:35 - 2019-09-10 02:00 - 000130048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\DWWIN.EXE
2019-10-08 19:35 - 2019-09-10 02:00 - 000054272 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wermgr.exe
2019-10-08 19:35 - 2019-09-10 02:00 - 000028672 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WerFaultSecure.exe
2019-10-08 19:35 - 2019-09-10 02:00 - 000028672 _____ (Microsoft Corporation) C:\Windows\SysWOW64\werdiagcontroller.dll
2019-10-08 19:35 - 2019-09-10 01:53 - 000152576 _____ (Microsoft Corporation) C:\Windows\system32\DWWIN.EXE
2019-10-08 19:35 - 2019-09-10 01:53 - 000050688 _____ (Microsoft Corporation) C:\Windows\system32\wermgr.exe
2019-10-08 19:35 - 2019-09-10 01:53 - 000026112 _____ (Microsoft Corporation) C:\Windows\system32\WerFaultSecure.exe
2019-10-08 19:35 - 2019-09-10 01:52 - 000030208 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\monitor.sys
2019-10-08 19:35 - 2019-09-10 01:49 - 000317440 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\rdbss.sys
2019-10-03 09:05 - 2019-10-03 09:00 - 000236024 _____ (AVAST Software) C:\Windows\system32\Drivers\aswStm.sys
2019-10-03 09:05 - 2019-10-03 09:00 - 000171520 _____ (AVAST Software) C:\Windows\system32\Drivers\aswMonFlt.sys
2019-10-03 09:05 - 2019-10-03 08:59 - 000355720 _____ (AVAST Software) C:\Windows\system32\aswBoot.exe
 
==================== One month (modified) ==================
 
(If an entry is included in the fixlist, the file/folder will be moved.)
 
2019-10-30 19:04 - 2009-07-14 04:45 - 000021888 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2019-10-30 19:04 - 2009-07-14 04:45 - 000021888 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2019-10-30 19:01 - 2009-07-14 05:13 - 000781790 _____ C:\Windows\system32\PerfStringBackup.INI
2019-10-30 19:01 - 2009-07-14 03:20 - 000000000 ____D C:\Windows\inf
2019-10-30 18:58 - 2018-01-08 20:25 - 000000908 _____ C:\Windows\Tasks\DropboxUpdateTaskMachineUA.job
2019-10-30 18:57 - 2018-07-14 20:19 - 000000000 ____D C:\Users\lenovo\AppData\Local\AVAST Software
2019-10-30 18:54 - 2018-01-08 20:25 - 000000904 _____ C:\Windows\Tasks\DropboxUpdateTaskMachineCore.job
2019-10-30 18:54 - 2018-01-08 16:29 - 000000000 ____D C:\Program Files (x86)\Mozilla Maintenance Service
2019-10-30 18:54 - 2009-07-14 05:08 - 000000006 ____H C:\Windows\Tasks\SA.DAT
2019-10-30 17:07 - 2018-01-08 16:29 - 000000000 ____D C:\Users\lenovo\AppData\LocalLow\Mozilla
2019-10-30 16:54 - 2018-02-25 20:54 - 000241152 ___SH C:\Users\lenovo\Documents\Thumbs.db
2019-10-30 16:48 - 2018-03-28 08:44 - 000000000 ____D C:\Users\lenovo\AppData\Roaming\Syncios Data Transfer
2019-10-30 09:56 - 2019-04-07 07:58 - 000002226 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk
2019-10-30 09:56 - 2019-04-07 07:58 - 000002185 _____ C:\Users\Public\Desktop\Google Chrome.lnk
2019-10-30 09:56 - 2019-04-07 07:58 - 000002185 _____ C:\ProgramData\Desktop\Google Chrome.lnk
2019-10-30 09:41 - 2017-11-30 07:15 - 000777216 ___SH C:\Users\lenovo\Desktop\Thumbs.db
2019-10-30 09:39 - 2018-01-10 20:50 - 115388416 _____ C:\Windows\system32\config\SOFTWARE.iodefrag.bak
2019-10-30 09:39 - 2018-01-10 20:50 - 000917504 _____ C:\Windows\system32\config\DEFAULT.iodefrag.bak
2019-10-30 09:39 - 2018-01-10 20:50 - 000065536 _____ C:\Windows\system32\config\SAM.iodefrag.bak
2019-10-30 09:39 - 2018-01-10 20:50 - 000028672 _____ C:\Windows\system32\config\SECURITY.iodefrag.bak
2019-10-29 21:35 - 2018-01-08 17:19 - 000000000 ____D C:\ProgramData\AVAST Software
2019-10-29 12:11 - 2019-09-09 06:33 - 000002122 _____ C:\Users\Public\Desktop\IObit Software Updater.lnk
2019-10-29 12:11 - 2019-09-09 06:33 - 000002122 _____ C:\ProgramData\Desktop\IObit Software Updater.lnk
2019-10-28 09:26 - 2018-01-08 17:20 - 000004168 _____ C:\Windows\system32\Tasks\Avast Emergency Update
2019-10-27 21:08 - 2016-12-04 13:00 - 000385024 ___SH C:\Users\lenovo\Downloads\Thumbs.db
2019-10-27 20:13 - 2018-10-29 09:42 - 000000000 ____D C:\ProgramData\regid.1991-06.com.microsoft
2019-10-27 20:13 - 2009-07-14 03:20 - 000000000 ____D C:\Program Files\Common Files\Microsoft Shared
2019-10-27 20:11 - 2018-01-08 18:39 - 000000000 ____D C:\Program Files\Microsoft Office
2019-10-25 09:05 - 2009-07-14 03:20 - 000000000 ____D C:\Windows\rescache
2019-10-25 08:25 - 2018-04-25 13:04 - 051224576 _____ C:\Windows\system32\config\components.iodefrag.bak
2019-10-25 08:05 - 2018-01-08 17:17 - 000000000 ____D C:\ProgramData\ProductData
2019-10-23 21:22 - 2018-11-04 19:17 - 000000000 ____D C:\Users\lenovo\Desktop\poems for buzz
2019-10-23 19:53 - 2018-11-21 15:09 - 000004194 _____ C:\Windows\system32\Tasks\Avast Cleanup Update
2019-10-23 19:46 - 2019-07-04 07:08 - 000004188 _____ C:\Windows\system32\Tasks\Avast SecureLine VPN Update
2019-10-19 19:57 - 2018-09-16 13:26 - 000000000 ____D C:\Users\lenovo\Documents\M Miller Quiz
2019-10-19 16:00 - 2018-01-08 16:50 - 000000000 ___SD C:\Windows\system32\CompatTel
2019-10-19 16:00 - 2018-01-08 16:50 - 000000000 ____D C:\Windows\system32\appraiser
2019-10-19 13:13 - 2018-01-08 20:25 - 000000000 ____D C:\Users\lenovo\AppData\Local\Dropbox
2019-10-19 13:10 - 2018-01-08 20:25 - 000000000 ____D C:\Program Files (x86)\Dropbox
2019-10-17 09:09 - 2018-01-08 20:27 - 000000000 ___RD C:\Users\lenovo\Dropbox
2019-10-11 13:33 - 2018-09-11 13:16 - 000000000 ____D C:\Users\lenovo\Documents\Beeford Buzz stuff
2019-10-11 13:18 - 2016-02-14 08:26 - 000000000 ____D C:\Users\lenovo\Documents\Accounts
2019-10-10 07:58 - 2018-10-29 10:51 - 000003178 _____ C:\Windows\system32\Tasks\OneDrive Standalone Update Task-S-1-5-21-3575293515-844785542-2696234256-1000
2019-10-10 07:58 - 2018-10-29 09:48 - 000002160 _____ C:\Users\lenovo\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Microsoft OneDrive.lnk
2019-10-10 07:58 - 2018-10-29 09:48 - 000000000 ___RD C:\Users\lenovo\OneDrive
2019-10-08 20:55 - 2019-08-12 16:03 - 000003376 _____ C:\Windows\system32\Tasks\SU_AutoUpdate
2019-10-08 20:12 - 2019-01-20 16:35 - 000441656 _____ C:\Windows\system32\FNTCACHE.DAT
2019-10-08 20:05 - 2009-07-14 03:20 - 000000000 ____D C:\Windows\PolicyDefinitions
2019-10-08 20:00 - 2017-12-14 11:10 - 000766100 _____ C:\Windows\SysWOW64\PerfStringBackup.INI
2019-10-08 19:59 - 2017-12-14 13:18 - 000000000 ____D C:\Windows\system32\MRT
2019-10-08 19:54 - 2017-12-14 13:18 - 127230528 ____C (Microsoft Corporation) C:\Windows\system32\MRT.exe
2019-10-08 19:11 - 2019-04-07 07:58 - 000003334 _____ C:\Windows\system32\Tasks\GoogleUpdateTaskMachineUA
2019-10-08 19:11 - 2019-04-07 07:58 - 000003206 _____ C:\Windows\system32\Tasks\GoogleUpdateTaskMachineCore
2019-10-08 19:11 - 2018-01-08 17:21 - 000000000 ____D C:\Program Files (x86)\Google
2019-10-03 09:08 - 2018-01-08 17:20 - 000848432 _____ (AVAST Software) C:\Windows\system32\Drivers\aswSnx.sys
2019-10-03 09:08 - 2018-01-08 17:20 - 000460448 _____ (AVAST Software) C:\Windows\system32\Drivers\aswSP.sys
2019-10-03 09:00 - 2019-02-14 13:55 - 000276952 _____ (AVAST Software) C:\Windows\system32\Drivers\aswHdsKe.sys
2019-10-03 09:00 - 2018-10-20 15:43 - 000042736 _____ (AVAST Software) C:\Windows\system32\Drivers\aswKbd.sys
2019-10-03 09:00 - 2018-01-08 17:20 - 000316528 _____ (AVAST Software) C:\Windows\system32\Drivers\aswVmm.sys
2019-10-03 09:00 - 2018-01-08 17:20 - 000110320 _____ (AVAST Software) C:\Windows\system32\Drivers\aswRdr2.sys
2019-10-03 09:00 - 2018-01-08 17:20 - 000083792 _____ (AVAST Software) C:\Windows\system32\Drivers\aswRvrt.sys
2019-10-03 08:59 - 2019-01-14 14:29 - 000274456 _____ (AVAST Software) C:\Windows\system32\Drivers\aswbidsdriver.sys
2019-10-03 08:59 - 2019-01-05 17:02 - 000209552 _____ (AVAST Software) C:\Windows\system32\Drivers\aswbidsh.sys
2019-10-03 08:59 - 2019-01-05 17:02 - 000065120 _____ (AVAST Software) C:\Windows\system32\Drivers\aswbuniv.sys
2019-10-03 08:59 - 2019-01-05 17:02 - 000037616 _____ (AVAST Software) C:\Windows\system32\Drivers\aswArDisk.sys
2019-10-03 08:59 - 2018-01-08 17:20 - 000204824 _____ (AVAST Software) C:\Windows\system32\Drivers\aswArPot.sys
 
==================== SigCheck ============================
 
(There is no automatic fix for files that do not pass verification.)
 
 
LastRegBack: 2019-10-21 19:52
==================== End of FRST.txt ========================

 


  • 0

#4
bigyin43

bigyin43

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 114 posts

process explorer reply :-

Process CPU Private Bytes Working Set PID Description Company Name Verified Signer
System Idle Process 97.09 0 K 24 K 0
procexp (2)64.exe 0.84 26,232 K 47,412 K 7304 Sysinternals Process Explorer Sysinternals - www.sysinternals.com
AvastUI.exe 0.42 26,244 K 27,436 K 4988 Avast Antivirus AVAST Software
Monitor.exe 0.38 60,308 K 7,792 K 2544
Dropbox.exe 0.27 185,540 K 157,516 K 5188 Dropbox Dropbox, Inc.
Interrupts 0.24 0 K 0 K n/a Hardware Interrupts and DPCs
UninstallMonitor.exe 0.19 26,492 K 11,940 K 5596
System 0.12 352 K 10,828 K 4
dwm.exe 0.11 38,620 K 31,400 K 2072 Desktop Window Manager Microsoft Corporation
csrss.exe 0.09 3,720 K 32,556 K 668
FRST64.exe 0.08 1,483,400 K 1,501,216 K 7860
svchost.exe 0.04 4,744 K 5,504 K 880 Host Process for Windows Services Microsoft Corporation
chrome.exe 0.03 124,744 K 168,680 K 4356 Google Chrome Google LLC
AvastSvc.exe 0.02 151,016 K 184,928 K 1680 Avast Antivirus  Service AVAST Software
ASCService.exe 0.02 21,452 K 6,332 K 948 Advanced SystemCare Service IObit
LMS.exe 0.01 2,568 K 2,456 K 1068 Local Manageability Service Intel Corporation
explorer.exe 0.01 45,904 K 53,344 K 2208 Windows Explorer Microsoft Corporation
svchost.exe 0.01 2,164 K 2,512 K 3872 Host Process for Windows Services Microsoft Corporation
QtWebEngineProcess.exe 0.01 42,912 K 31,548 K 4260 Qt Qtwebengineprocess The Qt Company Ltd.
QtWebEngineProcess.exe < 0.01 41,704 K 37,544 K 5028 Qt Qtwebengineprocess The Qt Company Ltd.
FMAPP.exe < 0.01 1,648 K 1,404 K 1696 FMAPP Application
svchost.exe < 0.01 5,988 K 5,064 K 1392 Host Process for Windows Services Microsoft Corporation
svchost.exe < 0.01 10,504 K 10,640 K 1148 Host Process for Windows Services Microsoft Corporation
svchost.exe < 0.01 24,464 K 26,108 K 1172 Host Process for Windows Services Microsoft Corporation
OfficeClickToRun.exe < 0.01 15,840 K 8,816 K 2832 Microsoft Office Click-to-Run (SxS) Microsoft Corporation
wmpnetwk.exe < 0.01 7,132 K 8,208 K 2900 Windows Media Player Network Sharing Service Microsoft Corporation
Dropbox.exe < 0.01 4,388 K 3,704 K 5368 Dropbox Dropbox, Inc.
taskhost.exe < 0.01 12,844 K 8,928 K 2096 Host Process for Windows Tasks Microsoft Corporation
PubMonitor.exe < 0.01 6,040 K 776 K 3916
svchost.exe < 0.01 15,600 K 10,208 K 1572 Host Process for Windows Services Microsoft Corporation
TuneupSvc.exe < 0.01 30,392 K 19,812 K 2052 Avast Cleanup Service AVAST Software
SynTPEnh.exe < 0.01 9,160 K 1,708 K 2684 Synaptics TouchPad 64-bit Enhancements Synaptics Incorporated
aswidsagent.exe < 0.01 30,396 K 28,424 K 4192 Avast Behavior Shield AVAST Software
WmiPrvSE.exe < 0.01 10,096 K 10,148 K 6228
svchost.exe < 0.01 172,356 K 166,292 K 1120 Host Process for Windows Services Microsoft Corporation
csrss.exe < 0.01 2,712 K 2,944 K 564
WSHelper.exe 8,988 K 5,448 K 5264 Wondershare Studio Wondershare
winlogon.exe 3,128 K 2,860 K 840
wininit.exe 1,716 K 1,436 K 636
VpnSvc.exe 11,244 K 10,256 K 3108 Avast SecureLine VPN Service AVAST Software
Vpn.exe 8,820 K 6,452 K 5240 Avast SecureLine VPN AVAST Software
unsecapp.exe 1,984 K 3,040 K 3528
UNS.exe 3,368 K 4,680 K 6780 User Notification Service Intel Corporation
TPKNRSVC.exe 1,060 K 1,208 K 3020 Microphone volume control service Lenovo Group Limited
taskhost.exe 6,436 K 10,068 K 5208
taskeng.exe 2,532 K 3,492 K 2436
taskeng.exe 2,440 K 2,880 K 2536 Task Scheduler Engine Microsoft Corporation
SynTPLpr.exe 2,136 K 792 K 2992 TouchPad Driver Helper Application Synaptics Incorporated
SynTPHelper.exe 1,360 K 312 K 4516
SynTPEnhService.exe 2,304 K 1,876 K 3184 64-bit Synaptics Pointing Enhance Service Synaptics Incorporated
svchost.exe 5,180 K 5,508 K 696 Host Process for Windows Services Microsoft Corporation
svchost.exe 26,084 K 14,504 K 1040 Host Process for Windows Services Microsoft Corporation
svchost.exe 14,760 K 9,964 K 1852 Host Process for Windows Services Microsoft Corporation
svchost.exe 1,844 K 3,140 K 3628 Host Process for Windows Services Microsoft Corporation
svchost.exe 2,948 K 2,484 K 1304 Host Process for Windows Services Microsoft Corporation
svchost.exe 4,196 K 2,992 K 3164 Host Process for Windows Services Microsoft Corporation
svchost.exe 2,508 K 1,708 K 3076 Host Process for Windows Services Microsoft Corporation
svchost.exe 5,492 K 3,308 K 5548 Host Process for Windows Services Microsoft Corporation
svchost.exe 6,028 K 7,872 K 2124 Host Process for Windows Services Microsoft Corporation
SUService.exe 12,136 K 6,676 K 5820 Lenovo System Update Service
spoolsv.exe 7,268 K 6,388 K 1824 Spooler SubSystem App Microsoft Corporation
smss.exe 588 K 572 K 412
SmartDefrag.exe 50,420 K 528 K 2488
services.exe 6,388 K 6,176 K 716
SearchIndexer.exe 27,020 K 8,028 K 4696 Microsoft Windows Search Indexer Microsoft Corporation
RtkAudioService64.exe 2,004 K 1,612 K 1508 Realtek Audio Service Realtek Semiconductor
RAVCpl64.exe 9,772 K 4,000 K 4924 Realtek HD Audio Manager Realtek Semiconductor
RAVBg64.exe 15,336 K 2,980 K 1544
QtWebEngineProcess.exe 43,036 K 30,620 K 6560 Qt Qtwebengineprocess The Qt Company Ltd.
procexp (2).exe 2,604 K 8,156 K 8560 Sysinternals Process Explorer Sysinternals - www.sysinternals.com
notepad.exe 2,392 K 7,528 K 4376
notepad.exe 2,160 K 7,352 K 8756
lsm.exe 2,640 K 2,376 K 732
LSCNotify.exe 1,412 K 712 K 5228 Lenovo Solution Center Notifications Lenovo
lsass.exe 6,072 K 9,052 K 724 Local Security Authority Process Microsoft Corporation
LPlatSvc.exe 2,060 K 2,132 K 444 Lenovo Platform Service Lenovo.
LPlatSvc.exe 1,864 K 2,168 K 2300 Lenovo Platform Service Lenovo.
ibmpmsvc.exe 1,760 K 1,516 K 356 Lenovo Power Management Service Lenovo.
hkcmd.exe 2,816 K 2,764 K 4940 hkcmd Module Intel Corporation
GoogleCrashHandler64.exe 1,648 K 172 K 1436
GoogleCrashHandler.exe 1,504 K 528 K 1448
Dropbox.exe 2,180 K 2,584 K 5296 Dropbox Dropbox, Inc.
DbxSvc.exe 3,256 K 1,352 K 2944 Dropbox Service Dropbox, Inc.
chrome.exe 65,552 K 94,892 K 6256 Google Chrome Google LLC
chrome.exe 22,276 K 40,020 K 5500 Google Chrome Google LLC
chrome.exe 46,820 K 49,316 K 5464 Google Chrome Google LLC
chrome.exe 76,784 K 55,800 K 5584 Google Chrome Google LLC
chrome.exe 11,716 K 14,448 K 7220 Google Chrome Google LLC
chrome.exe 23,992 K 42,096 K 6824 Google Chrome Google LLC
chrome.exe 20,420 K 36,928 K 5588 Google Chrome Google LLC
chrome.exe 36,168 K 43,940 K 3060 Google Chrome Google LLC
chrome.exe 2,804 K 4,240 K 3708 Google Chrome Google LLC
chrome.exe 3,020 K 4,168 K 3624 Google Chrome Google LLC
btwdins.exe 3,072 K 2,004 K 1372 Bluetooth Support Server Broadcom Corporation.
audiodg.exe 19,040 K 18,848 K 5808
ASCTray.exe 16,324 K 3,672 K 4320 Advanced SystemCare Tray IObit
AQNotif.exe 5,120 K 5,028 K 5112 Avanquest Message Avanquest Software

  • 0

#5
bigyin43

bigyin43

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 114 posts

reply 

 

 

 

 

 

Attached File  LENOVO-PC.txt   91.43KB   167 downloads


  • 0

#6
RKinner

RKinner

    Malware Expert

  • Expert
  • 24,598 posts
  • MVP

You posted the FRST log twice.  Can I see the Addition.txt? 

 

So far all looks normal except that you are using Channel 36 and there are two other routers on the same channel with equally strong signals.  This is going to make your Internet very slow.  Do you control the router you are using?  Download inssider

http://www.techspot....6-inssider.html
Double click to install it. Then run it by right click and Run As Admin.

It will show you a graph in the bottom left that has your signal in blue and competing signals in orange and yellow.  It may also recommend a different channel which might have less interference.

Moving to a different channel (by logging on to your router) can drastically improve performance.  If you don't know how give me the router's make and model number and I'll look it up for you.

 

I would uninstall Advanced System Care and anything else you have from iobit.

 

You might want to let Avast run a boot-time scan tonight while you sleep to rule out an infection:

Click on the Avast ball.  Then click on Protection, then on Antivirus, then on Other Scans then on Boot-time Scan.  Click on Install Special Definitions.  Click on Run on Next PC Reboot.

  Reboot and let it run a scan.  It may take hours.
Once it finishes it should load windows.   Mute your speakers so it doesn't wake you up when Windows boots.

When you reboot you will see the scan start.  It will tell you where it saves its log.  Usually it's C:\ProgramData\AVAST Software\Avast\report\aswBoot.txt but it might change so verify the location.   This is a hidden location so you will need to tell Windows to let you see it:

http://www.howtogeek...-windows-vista/

Copy and paste the text from the log to a Reply when done.

 


  • 0

#7
bigyin43

bigyin43

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 114 posts
Additional scan result of Farbar Recovery Scan Tool (x64) Version: 30-10-2019
Ran by lenovo (30-10-2019 19:18:19)
Running from C:\Users\lenovo\Downloads
Windows 7 Professional Service Pack 1 (X64) (2017-12-14 10:20:06)
Boot Mode: Normal
==========================================================
 
 
==================== Accounts: =============================
 
Administrator (S-1-5-21-3575293515-844785542-2696234256-500 - Administrator - Disabled)
Guest (S-1-5-21-3575293515-844785542-2696234256-501 - Limited - Enabled)
HomeGroupUser$ (S-1-5-21-3575293515-844785542-2696234256-1002 - Limited - Enabled)
lenovo (S-1-5-21-3575293515-844785542-2696234256-1000 - Administrator - Enabled) => C:\Users\lenovo
 
==================== Security Center ========================
 
(If an entry is included in the fixlist, it will be removed.)
 
AV: Avast Antivirus (Enabled - Up to date) {8EA8924E-BC81-DC44-8BB0-8BAE75D86EBF}
AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: Avast Antivirus (Enabled - Up to date) {35C973AA-9ABB-D3CA-B100-B0DC0E5F2402}
 
==================== Installed Programs ======================
 
(Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)
 
Adobe Shockwave Player 12.3 (HKLM-x32\...\Adobe Shockwave Player) (Version: 12.3.5.205 - Adobe, Inc.)
Advanced SystemCare 12 (HKLM-x32\...\Advanced SystemCare_is1) (Version: 12.6.0 - IObit)
ANT Drivers Installer x64 (HKLM\...\{D559687A-60C5-4786-9429-C21EC195789D}) (Version: 2.3.4 - Garmin Ltd or its subsidiaries) Hidden
AppNHost 1.0.5.1 (HKLM-x32\...\{A8CB86C7-CD4C-4C4F-AF6A-33D1CAC63562}) (Version: 1.0.5.1 - Mixesoft Project)
Ashampoo Burning Studio FREE (HKLM-x32\...\{91B33C97-91F8-FFB3-581B-BC952C901685}_is1) (Version: 1.20.2 - Ashampoo GmbH & Co. KG)
Avanquest Message (HKU\S-1-5-21-3575293515-844785542-2696234256-1000\...\{20573C69-4A68-4BEF-A23D-365CB66924CE}) (Version: 2.08.0 - Avanquest Software)
Avast Cleanup Premium (HKLM-x32\...\{075CC190-59EE-499F-828B-0B5C098C8C15}_is1) (Version: 19.1.7734 - AVAST Software)
Avast Free Antivirus (HKLM-x32\...\Avast Antivirus) (Version: 19.8.2393 - AVAST Software)
Avast SecureLine (HKLM\...\{2CD3C92F-EDC5-4B02-9B0A-9C1D37C58EF5}_is1) (Version: 5.0.407 - AVAST Software)
Cisco EAP-FAST Module (HKLM-x32\...\{64BF0187-F3D2-498B-99EA-163AF9AE6EC9}) (Version: 2.2.14 - Cisco Systems, Inc.)
Cisco LEAP Module (HKLM-x32\...\{AF312B06-5C5C-468E-89B3-BE6DE2645722}) (Version: 1.0.19 - Cisco Systems, Inc.)
Cisco PEAP Module (HKLM-x32\...\{0A4EF0E6-A912-4CDE-A7F3-6E56E7C13A2F}) (Version: 1.1.6 - Cisco Systems, Inc.)
Driver Booster 7 (HKLM-x32\...\Driver Booster_is1) (Version: 7.0.2 - IObit)
Dropbox (HKLM-x32\...\Dropbox) (Version: 83.4.152 - Dropbox, Inc.)
Dropbox Update Helper (HKLM-x32\...\{099218A5-A723-43DC-8DB5-6173656A1E94}) (Version: 1.3.241.1 - Dropbox, Inc.) Hidden
Elevated Installer (HKLM-x32\...\{0BF90608-2F95-4C7C-9A85-E90E0CAF4FE9}) (Version: 6.9.1.0 - Garmin Ltd or its subsidiaries) Hidden
FUJIFILM MyFinePix Studio 4.2b (HKLM-x32\...\MyFinePix Studio_is1) (Version:  - )
Garmin Express (HKLM-x32\...\{95D0EADA-5123-41C0-931A-F37946BC0E8E}) (Version: 6.9.1.0 - Garmin Ltd or its subsidiaries) Hidden
Garmin Express (HKLM-x32\...\{eab4691c-4022-41cd-8d39-c3097ba62d4b}) (Version: 6.9.1.0 - Garmin Ltd or its subsidiaries)
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 78.0.3904.70 - Google LLC)
Google Update Helper (HKLM-x32\...\{60EC980A-BDA2-4CB6-A427-B07A5498B4CA}) (Version: 1.3.35.301 - Google LLC) Hidden
Google Update Helper (HKLM-x32\...\{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}) (Version: 1.3.21.123 - Google Inc.) Hidden
HP DeskJet 3630 series Basic Device Software (HKLM\...\{2125FB8B-5542-495A-B0F7-CD6DDBE99C2A}) (Version: 40.11.1107.1739 - HP Inc.)
HP DeskJet 3630 series Help (HKLM-x32\...\{5F074370-FEB0-4477-820F-A59DF28A933E}) (Version: 35.0.0 - Hewlett Packard)
HP Dropbox Plugin (HKLM-x32\...\{D12BC084-97D6-438A-AA7C-5962608D17A0}) (Version: 36.0.41.58587 - HP)
HP Google Drive Plugin (HKLM-x32\...\{BFA42100-DB54-467A-BB87-CF70732B4065}) (Version: 36.0.41.58587 - HP)
HP Photo Creations (HKLM-x32\...\HP Photo Creations) (Version: 1.0.0.9572 - HP)
inPixio Photo Editor 8 (HKLM-x32\...\{86CB275A-E5BE-46BD-9DAA-F225A8DFB5A9}) (Version: 8.5 - InPixio)
Intel PROSet Wireless (HKLM-x32\...\ProInst) (Version:  - ) Hidden
Intel® Control Center (HKLM-x32\...\{F8A9085D-4C7A-41a9-8A77-C8998A96C421}) (Version: 1.2.1.1007 - Intel Corporation)
Intel® Management Engine Components (HKLM-x32\...\{65153EA5-8B6E-43B6-857B-C6E4FC25798A}) (Version: 7.0.0.1144 - Intel Corporation)
Intel® Processor Graphics (HKLM-x32\...\{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}) (Version: 9.17.10.4229 - Intel Corporation)
Intel® PROSet/Wireless WiFi Software (HKLM\...\{D61E4101-9E15-4D0E-ABD1-1ABD36B43330}) (Version: 14.03.0000 - Intel Corporation)
IObit Software Updater (HKLM-x32\...\IObit Software Updater_is1) (Version: 2.1.0.2663 - IObit)
IObit Uninstaller 9 (HKLM-x32\...\IObitUninstall) (Version: 9.0.2.40 - IObit)
IP Camera Viewer 4 (HKLM-x32\...\IP Camera Viewer_is1) (Version:  - DeskShare Inc.)
Lenovo Patch Utility 64 bit (HKLM\...\{0369F866-2CE0-4EB9-B426-88FA122C6E82}) (Version: 1.3.0.9 - Lenovo Group Limited)
Lenovo Solution Center (HKLM\...\{06913C0C-88EB-42AF-9D94-3E9136CEE9BC}) (Version: 3.6.002.003 - Lenovo)
Lenovo System Update (HKLM-x32\...\TVSU_is1) (Version: 5.07.0088 - Lenovo)
Microsoft .NET Framework 4.8 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.8.03761 - Microsoft Corporation)
Microsoft ASP.NET MVC 2 (HKLM-x32\...\{DD8FF2F3-0D97-4CF3-AF78-FA0E1B242244}) (Version: 2.0.60926.0 - Microsoft Corporation)
Microsoft Office 365 - en-us (HKLM\...\O365HomePremRetail - en-us) (Version: 16.0.12026.20344 - Microsoft Corporation)
Microsoft OneDrive (HKU\S-1-5-21-3575293515-844785542-2696234256-1000\...\OneDriveSetup.exe) (Version: 19.152.0927.0012 - Microsoft Corporation)
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.50918.0 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010  x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2015 Redistributable (x64) - 14.0.24212 (HKLM-x32\...\{323dad84-0974-4d90-a1c1-e006c7fdbb7d}) (Version: 14.0.24212.0 - Microsoft Corporation)
Microsoft Visual C++ 2017 Redistributable (x86) - 14.14.26429 (HKLM-x32\...\{2019b6a0-8533-4a04-ac0e-b2c10bdb9841}) (Version: 14.14.26429.4 - Microsoft Corporation)
Microsoft Visual Studio 2010 Tools for Office Runtime (x64) (HKLM\...\Microsoft Visual Studio 2010 Tools for Office Runtime (x64)) (Version: 10.0.50903 - Microsoft Corporation)
Mozilla Firefox 70.0 (x64 en-GB) (HKLM\...\Mozilla Firefox 70.0 (x64 en-GB)) (Version: 70.0 - Mozilla)
Mozilla Firefox 70.0 (x86 en-US) (HKLM-x32\...\Mozilla Firefox 70.0 (x86 en-US)) (Version: 70.0 - Mozilla)
Mozilla Maintenance Service (HKLM\...\MozillaMaintenanceService) (Version: 69.0 - Mozilla)
Office 16 Click-to-Run Extensibility Component (HKLM\...\{90160000-008C-0000-1000-0000000FF1CE}) (Version: 16.0.12026.20344 - Microsoft Corporation) Hidden
Office 16 Click-to-Run Licensing Component (HKLM\...\{90160000-007E-0000-1000-0000000FF1CE}) (Version: 16.0.12026.20344 - Microsoft Corporation) Hidden
Office 16 Click-to-Run Localization Component (HKLM\...\{90160000-008C-0409-1000-0000000FF1CE}) (Version: 16.0.12026.20344 - Microsoft Corporation) Hidden
OnePlus USB Drivers 1.00 (HKLM-x32\...\OnePlus USB Drivers 1.00) (Version: 1.00 - OnePlus, Inc)
Product Improvement Study for HP DeskJet 3630 series (HKLM\...\{416B7D0C-0AEC-4FE6-AE40-4E12857CCA55}) (Version: 40.11.1107.1739 - HP Inc.)
Realtek Card Reader (HKLM-x32\...\{5BC2B5AB-80DE-4E83-B8CF-426902051D0A}) (Version: 10.0.15063.28162 - Realtek Semiconduct Corp.)
Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.6418 - Realtek Semiconductor Corp.)
Realtek PCIE Card Reader (HKLM-x32\...\{C1594429-8296-4652-BF54-9DBE4932A44C}) (Version: 6.1.7601.82 - Realtek Semiconductor Corp.)
Smart Defrag 6 (HKLM-x32\...\Smart Defrag_is1) (Version: 6.3 - IObit)
Spotify (HKU\S-1-5-21-3575293515-844785542-2696234256-1000\...\Spotify) (Version: 1.1.15.448.g00fba0e3 - Spotify AB)
swMSM (HKLM-x32\...\{612C34C7-5E90-47D8-9B5C-0F717DD82726}) (Version: 12.0.0.1 - Adobe Systems, Inc) Hidden
Synaptics Pointing Device Driver (HKLM\...\SynTPDeinstKey) (Version: 19.3.4.214 - Synaptics Incorporated)
ThinkPad Bluetooth with Enhanced Data Rate Software (HKLM\...\{A1439D4F-FD46-47F2-A1D3-FEE097C29A09}) (Version: 6.5.1.4500 - Broadcom Corporation)
ThinkVantage Communications Utility (HKLM\...\{88C6A6D9-324C-46E8-BA87-563D14021442}_is1) (Version: 2.11.0.0 - Lenovo)
ThinkVantage Password Manager (HKLM-x32\...\{70EE2BAA-F82A-4B8A-950E-649EFD64D5B9}) (Version: 4.70.22.0 - Lenovo Group Limited)
Windows Driver Package - Dynastream Innovations, Inc. ANT LibUSB Drivers (04/11/2012 1.2.40.201) (HKLM\...\F9D2A789F9CFF8CEC36B544F53877C80F1F73C46) (Version: 04/11/2012 1.2.40.201 - Dynastream Innovations, Inc.)
Windows Driver Package - Google, Inc. (WinUSB) AndroidUsbDeviceClass  (11/11/2015 2.0.0020.00000) (HKLM\...\B02D55DC05C888A284041A2F8A294C0D557A218C) (Version: 11/11/2015 2.0.0020.00000 - Google, Inc.)
Windows Driver Package - OnePlus, Inc. (WinUSB) AndroidUsbDeviceClass  (05/24/2012 6.0.0000.00000) (HKLM\...\59AFF6524BE5C0983F2711DEB8D25D511D4F4924) (Version: 05/24/2012 6.0.0000.00000 - OnePlus, Inc.)
Windows Driver Package - Silicon Labs Software (DSI_SiUSBXp_3_1) USB  (02/06/2007 3.1) (HKLM\...\D1506E0025B5A3F9EB8270FE81C1EEDD9388B8A2) (Version: 02/06/2007 3.1 - Silicon Labs Software)
Wondershare Helper Compact 2.5.2 (HKLM-x32\...\{5363CE84-5F09-48A1-8B6C-6BB590FFEDF2}_is1) (Version: 2.5.2 - Wondershare)
 
==================== Custom CLSID (Whitelisted): ==============
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
ShellIconOverlayIdentifiers: [   DropboxExt01] -> {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.27.0.dll [2019-05-07] (Dropbox, Inc -> Dropbox, Inc.)
ShellIconOverlayIdentifiers: [   DropboxExt02] -> {FB314EDF-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.27.0.dll [2019-05-07] (Dropbox, Inc -> Dropbox, Inc.)
ShellIconOverlayIdentifiers: [   DropboxExt03] -> {FB314EE1-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.27.0.dll [2019-05-07] (Dropbox, Inc -> Dropbox, Inc.)
ShellIconOverlayIdentifiers: [   DropboxExt04] -> {FB314EDB-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.27.0.dll [2019-05-07] (Dropbox, Inc -> Dropbox, Inc.)
ShellIconOverlayIdentifiers: [   DropboxExt05] -> {FB314EDA-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.27.0.dll [2019-05-07] (Dropbox, Inc -> Dropbox, Inc.)
ShellIconOverlayIdentifiers: [   DropboxExt06] -> {FB314EDC-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.27.0.dll [2019-05-07] (Dropbox, Inc -> Dropbox, Inc.)
ShellIconOverlayIdentifiers: [   DropboxExt07] -> {FB314EDD-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.27.0.dll [2019-05-07] (Dropbox, Inc -> Dropbox, Inc.)
ShellIconOverlayIdentifiers: [   DropboxExt08] -> {FB314EE0-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.27.0.dll [2019-05-07] (Dropbox, Inc -> Dropbox, Inc.)
ShellIconOverlayIdentifiers: [   DropboxExt09] -> {FB314EE2-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.27.0.dll [2019-05-07] (Dropbox, Inc -> Dropbox, Inc.)
ShellIconOverlayIdentifiers: [   DropboxExt10] -> {FB314EDE-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.27.0.dll [2019-05-07] (Dropbox, Inc -> Dropbox, Inc.)
ShellIconOverlayIdentifiers: [00asw] -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Program Files\AVAST Software\Avast\ashShell.dll [2019-10-03] (AVAST Software s.r.o. -> AVAST Software)
ShellIconOverlayIdentifiers-x32: [   DropboxExt01] -> {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.27.0.dll [2019-05-07] (Dropbox, Inc -> Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [   DropboxExt02] -> {FB314EDF-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.27.0.dll [2019-05-07] (Dropbox, Inc -> Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [   DropboxExt03] -> {FB314EE1-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.27.0.dll [2019-05-07] (Dropbox, Inc -> Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [   DropboxExt04] -> {FB314EDB-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.27.0.dll [2019-05-07] (Dropbox, Inc -> Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [   DropboxExt05] -> {FB314EDA-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.27.0.dll [2019-05-07] (Dropbox, Inc -> Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [   DropboxExt06] -> {FB314EDC-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.27.0.dll [2019-05-07] (Dropbox, Inc -> Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [   DropboxExt07] -> {FB314EDD-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.27.0.dll [2019-05-07] (Dropbox, Inc -> Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [   DropboxExt08] -> {FB314EE0-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.27.0.dll [2019-05-07] (Dropbox, Inc -> Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [   DropboxExt09] -> {FB314EE2-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.27.0.dll [2019-05-07] (Dropbox, Inc -> Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [   DropboxExt10] -> {FB314EDE-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.27.0.dll [2019-05-07] (Dropbox, Inc -> Dropbox, Inc.)
ContextMenuHandlers1: [Advanced SystemCare] -> {2803063F-4B8D-4dc6-8874-D1802487FE2D} => C:\Program Files (x86)\IObit\Advanced SystemCare\ASCExtMenu_64.dll [2018-07-06] (IObit Information Technology -> IObit)
ContextMenuHandlers1: [avast] -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Program Files\AVAST Software\Avast\ashShell.dll [2019-10-03] (AVAST Software s.r.o. -> AVAST Software)
ContextMenuHandlers1: [DropboxExt] -> {ECD97DE5-3C8F-4ACB-AEEE-CCAB78F7711C} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.27.0.dll [2019-05-07] (Dropbox, Inc -> Dropbox, Inc.)
ContextMenuHandlers1: [IObitUnstaler] -> {836AB26C-2DE4-41D3-AC24-4C6C2699B960} => C:\Program Files (x86)\IObit\IObit Uninstaller\IUMenuRight.dll [2019-07-30] (IObit Information Technology -> IObit)
ContextMenuHandlers1: [SmartDefragExtension] -> {189F1E63-33A7-404B-B2F6-8C76A452CC54} => C:\Windows\System32\IObitSmartDefragExtension.dll [2016-03-25] (IObit Information Technology -> IObit)
ContextMenuHandlers2: [Advanced SystemCare] -> {2803063F-4B8D-4dc6-8874-D1802487FE2D} => C:\Program Files (x86)\IObit\Advanced SystemCare\ASCExtMenu_64.dll [2018-07-06] (IObit Information Technology -> IObit)
ContextMenuHandlers3: [00asw] -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Program Files\AVAST Software\Avast\ashShell.dll [2019-10-03] (AVAST Software s.r.o. -> AVAST Software)
ContextMenuHandlers4: [Advanced SystemCare] -> {2803063F-4B8D-4dc6-8874-D1802487FE2D} => C:\Program Files (x86)\IObit\Advanced SystemCare\ASCExtMenu_64.dll [2018-07-06] (IObit Information Technology -> IObit)
ContextMenuHandlers4: [IObitUnstaler] -> {836AB26C-2DE4-41D3-AC24-4C6C2699B960} => C:\Program Files (x86)\IObit\IObit Uninstaller\IUMenuRight.dll [2019-07-30] (IObit Information Technology -> IObit)
ContextMenuHandlers6: [avast] -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Program Files\AVAST Software\Avast\ashShell.dll [2019-10-03] (AVAST Software s.r.o. -> AVAST Software)
ContextMenuHandlers6: [IObitUnstaler] -> {836AB26C-2DE4-41D3-AC24-4C6C2699B960} => C:\Program Files (x86)\IObit\IObit Uninstaller\IUMenuRight.dll [2019-07-30] (IObit Information Technology -> IObit)
ContextMenuHandlers6: [SmartDefragExtension] -> {189F1E63-33A7-404B-B2F6-8C76A452CC54} => C:\Windows\System32\IObitSmartDefragExtension.dll [2016-03-25] (IObit Information Technology -> IObit)
 
==================== Codecs (Whitelisted) ====================
 
==================== Shortcuts & WMI ========================
 
(The entries could be listed to be restored or removed.)
 
WMI:subscription\__FilterToConsumerBinding->CommandLineEventConsumer.Name=\"BVTConsumer\"",Filter="__EventFilter.Name=\"BVTFilter\"::
WMI:subscription\__EventFilter->BVTFilter::[Query => SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 99]
WMI:subscription\CommandLineEventConsumer->BVTConsumer::[CommandLineTemplate => cscript KernCap.vbs][WorkingDirectory => C:\\tools\\kernrate]
 
==================== Loaded Modules (Whitelisted) =============
 
2019-06-28 17:08 - 2016-07-21 09:54 - 000137728 _____ () [File not signed] C:\Program Files (x86)\Common Files\Wondershare\Wondershare Helper Compact\CBSCreateVC.dll
2019-06-28 17:08 - 2016-10-08 15:48 - 001506304 _____ () [File not signed] C:\Program Files (x86)\Common Files\Wondershare\Wondershare Helper Compact\DAQExp.dll
2017-12-14 11:52 - 2011-02-22 11:45 - 001892352 _____ (Apache Software Foundation) [File not signed] C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\xerces-c_2_7.dll
2017-12-14 11:52 - 2011-02-22 11:41 - 000069632 _____ (Intel Corporation) [File not signed] C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\StatusStrings.dll
2018-11-21 17:48 - 2018-09-05 22:32 - 002095104 _____ (The OpenSSL Project, hxxp://www.openssl.org/) [File not signed] C:\Program Files\AVAST Software\SecureLine\libcrypto-1_1.dll
2019-06-28 17:08 - 2016-10-08 15:49 - 000708608 _____ (Wondershare) [File not signed] C:\Program Files (x86)\Common Files\Wondershare\Wondershare Helper Compact\CBSProducstInfo.dll
 
==================== Alternate Data Streams (Whitelisted) ========
 
(If an entry is included in the fixlist, only the ADS will be removed.)
 
AlternateDataStreams: C:\ProgramData:Easy$Duplicate$Finder [129]
AlternateDataStreams: C:\Users\All Users:Easy$Duplicate$Finder [129]
AlternateDataStreams: C:\ProgramData\Application Data:Easy$Duplicate$Finder [129]
AlternateDataStreams: C:\Users\lenovo\Documents\IMG_20190108_155639.jpg:com.dropbox.attributes [168]
AlternateDataStreams: C:\Users\lenovo\Documents\IMG_20190108_155639.jpg:com.dropbox.attrs [58]
AlternateDataStreams: C:\Users\lenovo\Documents\IMG_20190108_155651.jpg:com.dropbox.attributes [168]
AlternateDataStreams: C:\Users\lenovo\Documents\IMG_20190108_155651.jpg:com.dropbox.attrs [58]
 
==================== Safe Mode (Whitelisted) ==================
 
==================== Association (Whitelisted) =================
 
==================== Internet Explorer trusted/restricted ==========
 
(If an entry is included in the fixlist, it will be removed from the registry.)
 
IE trusted site: HKU\S-1-5-21-3575293515-844785542-2696234256-1000\...\dell.com -> dell.com
IE restricted site: HKU\S-1-5-21-3575293515-844785542-2696234256-1000\...\008i.com -> 008i.com
IE restricted site: HKU\S-1-5-21-3575293515-844785542-2696234256-1000\...\008k.com -> 008k.com
IE restricted site: HKU\S-1-5-21-3575293515-844785542-2696234256-1000\...\00hq.com -> 00hq.com
IE restricted site: HKU\S-1-5-21-3575293515-844785542-2696234256-1000\...\0190-dialers.com -> 0190-dialers.com
IE restricted site: HKU\S-1-5-21-3575293515-844785542-2696234256-1000\...\01i.info -> 01i.info
IE restricted site: HKU\S-1-5-21-3575293515-844785542-2696234256-1000\...\02pmnzy5eo29bfk4.com -> 02pmnzy5eo29bfk4.com
IE restricted site: HKU\S-1-5-21-3575293515-844785542-2696234256-1000\...\05p.com -> 05p.com
IE restricted site: HKU\S-1-5-21-3575293515-844785542-2696234256-1000\...\07ic5do2myz3vzpk.com -> 07ic5do2myz3vzpk.com
IE restricted site: HKU\S-1-5-21-3575293515-844785542-2696234256-1000\...\08nigbmwk43i01y6.com -> 08nigbmwk43i01y6.com
IE restricted site: HKU\S-1-5-21-3575293515-844785542-2696234256-1000\...\093qpeuqpmz6ebfa.com -> 093qpeuqpmz6ebfa.com
IE restricted site: HKU\S-1-5-21-3575293515-844785542-2696234256-1000\...\0calories.net -> 0calories.net
IE restricted site: HKU\S-1-5-21-3575293515-844785542-2696234256-1000\...\0cj.net -> 0cj.net
IE restricted site: HKU\S-1-5-21-3575293515-844785542-2696234256-1000\...\0scan.com -> 0scan.com
IE restricted site: HKU\S-1-5-21-3575293515-844785542-2696234256-1000\...\1-britney-spears-nude.com -> 1-britney-spears-nude.com
IE restricted site: HKU\S-1-5-21-3575293515-844785542-2696234256-1000\...\1-domains-registrations.com -> 1-domains-registrations.com
IE restricted site: HKU\S-1-5-21-3575293515-844785542-2696234256-1000\...\1-se.com -> 1-se.com
IE restricted site: HKU\S-1-5-21-3575293515-844785542-2696234256-1000\...\1001movie.com -> 1001movie.com
IE restricted site: HKU\S-1-5-21-3575293515-844785542-2696234256-1000\...\1001night.biz -> 1001night.biz
IE restricted site: HKU\S-1-5-21-3575293515-844785542-2696234256-1000\...\100gal.net -> 100gal.net
IE restricted site: HKU\S-1-5-21-3575293515-844785542-2696234256-1000\...\100sexlinks.com -> 100sexlinks.com
 
There are 4789 more sites.
 
 
==================== Hosts content: =========================
 
(If needed Hosts: directive could be included in the fixlist to reset Hosts.)
 
2009-07-14 02:34 - 2019-06-26 17:39 - 000000822 _____ C:\Windows\system32\drivers\etc\hosts
 
==================== Other Areas ===========================
 
(Currently there is no automatic fix for this section.)
 
HKU\S-1-5-21-3575293515-844785542-2696234256-1000\Control Panel\Desktop\\Wallpaper -> C:\Users\lenovo\AppData\Roaming\Microsoft\Windows\Themes\TranscodedWallpaper.jpg
DNS Servers: 1.1.1.1 - 8.8.8.8
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1)
Windows Firewall is enabled.
 
==================== MSCONFIG/TASK MANAGER disabled items ==
 
==================== FirewallRules (Whitelisted) ================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
FirewallRules: [SPPSVC-In-TCP] => (Allow) %SystemRoot%\system32\sppsvc.exe No File
FirewallRules: [SPPSVC-In-TCP-NoScope] => (Allow) %SystemRoot%\system32\sppsvc.exe No File
FirewallRules: [{594E46B5-EC1B-49DE-8C83-00896F2B1F1C}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Mozilla Corporation -> Mozilla Corporation)
FirewallRules: [{495202BA-6D9E-40D9-8493-A4798A5E916B}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Mozilla Corporation -> Mozilla Corporation)
FirewallRules: [{40D44837-14D2-4006-8267-2F3290BADF28}] => (Allow) C:\Windows\System32\migwiz\migwiz.exe (Microsoft Windows -> Microsoft Corporation)
FirewallRules: [{5526C65F-F8E0-4EFC-AE39-86506A60108A}] => (Allow) C:\Windows\System32\migwiz\migwiz.exe (Microsoft Windows -> Microsoft Corporation)
FirewallRules: [{AC04712E-A44A-4DFB-B61F-4F4CCC466422}] => (Allow) LPort=7000
FirewallRules: [{072FE1E2-CFAC-41FB-884C-1CA17F43E5C7}] => (Allow) LPort=7000
FirewallRules: [{9BB5DC1B-C1F6-4EFF-8F5D-9D9114595205}] => (Allow) C:\Program Files\HP\HP DeskJet 3630 series\Bin\DeviceSetup.exe (Hewlett Packard -> HP Inc.)
FirewallRules: [{796E42E0-EA46-457C-9016-5BD65FF69DA1}] => (Allow) LPort=5357
FirewallRules: [{E76C8754-4ACC-4AC7-B634-6A417D85F388}] => (Allow) C:\Program Files\HP\HP DeskJet 3630 series\Bin\HPNetworkCommunicatorCom.exe (Hewlett Packard -> HP Inc.)
FirewallRules: [{7839DB8A-6A29-4A46-AEF6-5D4CC5AB8A4E}] => (Allow) C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation -> Mozilla Corporation)
FirewallRules: [{C425E273-9148-4737-B672-A1414F88D30D}] => (Allow) C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation -> Mozilla Corporation)
FirewallRules: [{83711AFF-66E0-439C-A154-07EBDE5064BC}] => (Allow) C:\Program Files (x86)\AVAST Software\Avast Cleanup\TUNEUpdate.exe (AVAST Software s.r.o. -> AVAST Software)
FirewallRules: [{7FBFD966-2A03-48D8-8D2F-36A01C43F056}] => (Allow) C:\Program Files (x86)\AVAST Software\Avast Cleanup\TUNEUpdate.exe (AVAST Software s.r.o. -> AVAST Software)
FirewallRules: [{11305C63-5D72-46AF-B1F3-00E679DDD5F1}] => (Allow) C:\Program Files\AVAST Software\SecureLine\VpnUpdate.exe (AVAST Software s.r.o. -> AVAST Software)
FirewallRules: [{4D41454E-ADB7-4B97-89C2-7C7AD6540ED9}] => (Allow) C:\Program Files\AVAST Software\SecureLine\VpnUpdate.exe (AVAST Software s.r.o. -> AVAST Software)
FirewallRules: [TCP Query User{64A3F68F-0FD0-42F1-A4DB-9BF9AD1465E6}C:\users\lenovo\appdata\roaming\spotify\spotify.exe] => (Allow) C:\users\lenovo\appdata\roaming\spotify\spotify.exe (Spotify AB -> Spotify Ltd)
FirewallRules: [UDP Query User{B1D75463-4529-406F-BA26-C5ECECF3E38B}C:\users\lenovo\appdata\roaming\spotify\spotify.exe] => (Allow) C:\users\lenovo\appdata\roaming\spotify\spotify.exe (Spotify AB -> Spotify Ltd)
FirewallRules: [{17CC5FC0-E9A9-428A-849C-BA1F9EEA994A}] => (Allow) C:\Program Files\Microsoft Office\root\Office16\outlook.exe (Microsoft Corporation -> Microsoft Corporation)
FirewallRules: [{129A1877-2815-48DC-B418-1DE6C60BEE97}] => (Allow) C:\Program Files (x86)\Deskshare\IP Camera Viewer 4\IP Camera Viewer.exe (DeskShare, Inc. -> Deskshare.com)
FirewallRules: [{54BED01C-AF0E-4CE4-8234-BF3B643616DF}] => (Allow) C:\Program Files (x86)\Deskshare\IP Camera Viewer 4\IP Camera Viewer.exe (DeskShare, Inc. -> Deskshare.com)
FirewallRules: [{5C9B1390-678F-4DB2-991F-D30BD9A542DC}] => (Allow) C:\Program Files (x86)\Lenovo\System Update\uncserver.exe (Lenovo -> )
FirewallRules: [{961D481F-14BD-4BE0-8541-D68111BE958D}] => (Allow) C:\Program Files (x86)\Lenovo\System Update\uncserver.exe (Lenovo -> )
FirewallRules: [{0A8D6B6C-429D-4391-B988-507EFAE8906C}] => (Allow) C:\Program Files (x86)\Dropbox\Client\Dropbox.exe (Dropbox, Inc -> Dropbox, Inc.)
FirewallRules: [{1029A51E-3C0E-4737-ABEE-330905E181B7}] => (Allow) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google LLC -> Google LLC)
FirewallRules: [{0FEC75FB-7423-4BD3-9744-D179FC019F45}] => (Allow) C:\Program Files (x86)\Anvsoft\Syncios\pdt_syncios.exe No File
 
==================== Restore Points =========================
 
17-10-2019 11:16:24 Windows Modules Installer
17-10-2019 11:18:12 Windows Modules Installer
19-10-2019 13:50:13 Windows Update
28-10-2019 21:19:22 Scheduled Checkpoint
 
==================== Faulty Device Manager Devices ============
 
 
==================== Event log errors: ========================
 
Application errors:
==================
Error: (10/30/2019 06:54:48 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: Event filter with query "SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 99" could not be reactivated in namespace "//./root/CIMV2" because of error 0x80041003. Events cannot be delivered through this filter until the problem is corrected.
 
Error: (10/30/2019 03:51:08 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: Event filter with query "SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 99" could not be reactivated in namespace "//./root/CIMV2" because of error 0x80041003. Events cannot be delivered through this filter until the problem is corrected.
 
Error: (10/30/2019 01:15:54 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: Event filter with query "SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 99" could not be reactivated in namespace "//./root/CIMV2" because of error 0x80041003. Events cannot be delivered through this filter until the problem is corrected.
 
Error: (10/30/2019 10:58:06 AM) (Source: Microsoft Office 16) (EventID: 2011) (User: )
Description: Office Subscription licensing exception: Error Code: 0x803D0006; CorrelationId: {BEAAF657-B2A4-47A8-B385-DCBC96FF1302}
 
Error: (10/30/2019 09:40:54 AM) (Source: WinMgmt) (EventID: 10) (User: )
Description: Event filter with query "SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 99" could not be reactivated in namespace "//./root/CIMV2" because of error 0x80041003. Events cannot be delivered through this filter until the problem is corrected.
 
Error: (10/29/2019 11:41:54 AM) (Source: WinMgmt) (EventID: 10) (User: )
Description: Event filter with query "SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 99" could not be reactivated in namespace "//./root/CIMV2" because of error 0x80041003. Events cannot be delivered through this filter until the problem is corrected.
 
Error: (10/28/2019 08:22:27 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: Event filter with query "SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 99" could not be reactivated in namespace "//./root/CIMV2" because of error 0x80041003. Events cannot be delivered through this filter until the problem is corrected.
 
Error: (10/28/2019 09:22:11 AM) (Source: WinMgmt) (EventID: 10) (User: )
Description: Event filter with query "SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 99" could not be reactivated in namespace "//./root/CIMV2" because of error 0x80041003. Events cannot be delivered through this filter until the problem is corrected.
 
 
System errors:
=============
Error: (10/30/2019 03:50:10 PM) (Source: EventLog) (EventID: 6008) (User: )
Description: The previous system shutdown at 14:08:54 on ‎30/‎10/‎2019 was unexpected.
 
Error: (10/30/2019 01:21:26 PM) (Source: Service Control Manager) (EventID: 7022) (User: )
Description: The Windows Update service hung on starting.
 
Error: (10/30/2019 12:23:04 PM) (Source: DCOM) (EventID: 10010) (User: )
Description: The server {995C996E-D918-4A8C-A302-45719A6F4EA7} did not register with DCOM within the required timeout.
 
Error: (10/30/2019 09:57:00 AM) (Source: Schannel) (EventID: 4119) (User: NT AUTHORITY)
Description: The following fatal alert was received: 70.
 
Error: (10/30/2019 09:57:00 AM) (Source: Schannel) (EventID: 4119) (User: NT AUTHORITY)
Description: The following fatal alert was received: 70.
 
Error: (10/30/2019 09:56:58 AM) (Source: Schannel) (EventID: 4119) (User: NT AUTHORITY)
Description: The following fatal alert was received: 70.
 
Error: (10/30/2019 09:56:58 AM) (Source: Schannel) (EventID: 4119) (User: NT AUTHORITY)
Description: The following fatal alert was received: 70.
 
Error: (10/30/2019 09:39:43 AM) (Source: volmgr) (EventID: 46) (User: )
Description: Crash dump initialization failed!
 
 
CodeIntegrity:
===================================
 
Date: 2019-06-28 11:08:02.959
Description: 
Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\dsound.dll because the set of per-page image hashes could not be found on the system.
 
Date: 2019-06-28 11:08:02.539
Description: 
Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\dsound.dll because the set of per-page image hashes could not be found on the system.
 
Date: 2019-06-19 20:54:15.427
Description: 
Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\dsound.dll because the set of per-page image hashes could not be found on the system.
 
Date: 2019-06-19 20:54:15.122
Description: 
Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\dsound.dll because the set of per-page image hashes could not be found on the system.
 
Date: 2019-03-25 08:27:17.275
Description: 
Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\dsound.dll because the set of per-page image hashes could not be found on the system.
 
Date: 2019-03-25 08:27:16.995
Description: 
Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\dsound.dll because the set of per-page image hashes could not be found on the system.
 
Date: 2019-03-19 08:09:31.149
Description: 
Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\dsound.dll because the set of per-page image hashes could not be found on the system.
 
Date: 2019-03-19 08:09:30.646
Description: 
Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\dsound.dll because the set of per-page image hashes could not be found on the system.
 
==================== Memory info =========================== 
 
BIOS: LENOVO 8GET46WW (1.23 ) 09/16/2013
Motherboard: LENOVO 7829E78
Processor: Intel® Core™ i5-2520M CPU @ 2.50GHz
Percentage of memory in use: 87%
Total physical RAM: 3936.48 MB
Available physical RAM: 491.04 MB
Total Virtual: 7871.11 MB
Available Virtual: 3658.77 MB
 
==================== Drives ================================
 
Drive c: () (Fixed) (Total:297.99 GB) (Free:213.62 GB) NTFS
 
\\?\Volume{53a44143-e0b7-11e7-a891-806e6f6e6963}\ (System Reserved) (Fixed) (Total:0.1 GB) (Free:0.06 GB) NTFS
 
==================== MBR & Partition Table ====================
 
==========================================================
Disk: 0 (MBR Code: Windows 7/8/10) (Size: 298.1 GB) (Disk ID: 6467CAB0)
Partition 1: (Active) - (Size=100 MB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=298 GB) - (Type=07 NTFS)
 
==================== End of Addition.txt =======================

  • 0

#8
RKinner

RKinner

    Malware Expert

  • Expert
  • 24,598 posts
  • MVP

I assume by SatNav you mean your Garmin.  I recently updated mine and got a similar error but the problem was with the Garmin and not the PC.  I bought a 32GB microSD Flash card and plugged it into the Garmin, made sure it recognized and formatted the card then the update went without problems.


  • 0

#9
bigyin43

bigyin43

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 114 posts
10/30/2019 22:35
Scan of C:
 
Scan of *STARTUP
 
File C:\Users\lenovo\AppData\Local\Spotify\Browser\Cache\f_00057a|>widevinecdm.dll Error 42125 {ZIP archive is corrupted.}
File C:\Users\lenovo\Downloads\This computer is BLOCKED.htm is infected by HTML:FakeAlert-O [Trj], Moved to chest
Number of searched folders: 34972
Number of tested files: 1162773
Number of infected files: 1

  • 0

#10
RKinner

RKinner

    Malware Expert

  • Expert
  • 24,598 posts
  • MVP

Right click on (My) Computer and select Manage (Continue) Then click on the arrow in front of Event Viewer. Next Click on the arrow in front of Windows Logs Right click on System and Clear Log, Clear. Repeat for Application.

Reboot.

Start, All Programs, Accessories then right click on Command Prompt and Run as Administrator.  Then type (with an Enter after each line).

sfc  /scannow

(This will check your critical system files. Does this finish without complaint?  IF it says it couldn't fix everything then:

Copy the next two lines:

findstr  /c:"[SR]"  \windows\logs\cbs\cbs.log  >  %UserProfile%\desktop\junk.txt
notepad %UserProfile%\desktop\junk.txt

Start, All Programs, Accessories, right click on Command Prompt and Run as Administrator, Continue.  Right click and Paste or Edit then Paste and the copied line should appear.
Hit Enter. Copy and paste the text from notepad or if it is too big, just attach the file.)


1. Please download the Event Viewer Tool by Vino Rosso
http://images.malwar...om/vino/VEW.exe
and save it to your Desktop:
2. Right-click VEW.exe and Run AS Administrator
3. Under 'Select log to query', select:

* System
4. Under 'Select type to list', select:
* Error
* Warning


Then use the 'Number of events' as follows:


1. Click the radio button for 'Number of events'
Type 20 in the 1 to 20 box
Then click the Run button.
Notepad will open with the output log.


Please post the Output log in your next reply then repeat but select Application.  (Each time you run VEW it overwrites the log so copy the first one to a Reply or rename it before running it a second time.)
 

 

 Let's also try Latency Monitor:

Go to

http://www.resplendence.com/downloads

Scroll down to

System Monitoring Tools

and then find

LatencyMon 6.70 (or it may be a higher number if they update)

Click on Download free home edition

Save it then right click and Run As Admin.  It will install and then start the program.  
It will tell you to click on the Start button but there isn't one.  
Instead click on the green arrowhead (looks like a Play button).   Let it run for at least 20 seconds.  Then hit the red box to stop it.

Edit, Copy Report text to Clipboard then move to a REPLY and Ctrl + v to paste the text into a reply.


  • 0

Advertisements


#11
bigyin43

bigyin43

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 114 posts

the scan said verification complete

Didn't find any integrity violation.

 

so haven't done the other bits 

 

is that correct ?


  • 0

#12
RKinner

RKinner

    Malware Expert

  • Expert
  • 24,598 posts
  • MVP

Do VEW and Latency Monitor


  • 0

#13
bigyin43

bigyin43

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 114 posts
Vino's Event Viewer v01c run on Windows 2008 in English
Report run at 31/10/2019 11:57:05
 
Note: All dates below are in the format dd/mm/yyyy
 
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
'System' Log - Critical Type
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
'System' Log - Error Type
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Log: 'System' Date/Time: 31/10/2019 11:12:00
Type: Error Category: 0
Event: 10010 Source: Microsoft-Windows-DistributedCOM
The server {995C996E-D918-4A8C-A302-45719A6F4EA7} did not register with DCOM within the required timeout.
 
Log: 'System' Date/Time: 31/10/2019 10:10:54
Type: Error Category: 0
Event: 7022 Source: Service Control Manager
The Windows Update service hung on starting.
 
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
'System' Log - Warning Type
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Log: 'System' Date/Time: 31/10/2019 10:31:16
Type: Warning Category: 0
Event: 1014 Source: Microsoft-Windows-DNS-Client
Name resolution for the name a.tribalfusion.com timed out after none of the configured DNS servers responded.

  • 0

#14
bigyin43

bigyin43

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 114 posts
Vino's Event Viewer v01c run on Windows 2008 in English
Report run at 31/10/2019 11:57:57
 
Note: All dates below are in the format dd/mm/yyyy
 
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
'Application' Log - Critical Type
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
'Application' Log - Error Type
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Log: 'Application' Date/Time: 31/10/2019 11:37:39
Type: Error Category: 0
Event: 10 Source: Microsoft-Windows-WMI
Event filter with query "SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 99" could not be reactivated in namespace "//./root/CIMV2" because of error 0x80041003. Events cannot be delivered through this filter until the problem is corrected.
 
Log: 'Application' Date/Time: 31/10/2019 10:05:03
Type: Error Category: 0
Event: 10 Source: Microsoft-Windows-WMI
Event filter with query "SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 99" could not be reactivated in namespace "//./root/CIMV2" because of error 0x80041003. Events cannot be delivered through this filter until the problem is corrected.
 
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
'Application' Log - Warning Type
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Log: 'Application' Date/Time: 31/10/2019 11:12:02
Type: Warning Category: 0
Event: 1530 Source: Microsoft-Windows-User Profiles Service
Windows detected your registry file is still in use by other applications or services. The file will be unloaded now. The applications or services that hold your registry file may not function properly afterwards.     DETAIL -   24 user registry handles leaked from \Registry\User\S-1-5-21-3575293515-844785542-2696234256-1000:
Process 1588 (\Device\HarddiskVolume2\Program Files (x86)\AVAST Software\Avast Cleanup\TuneupSvc.exe) has opened key \REGISTRY\USER\S-1-5-21-3575293515-844785542-2696234256-1000
Process 1616 (\Device\HarddiskVolume2\Program Files\AVAST Software\Avast\AvastSvc.exe) has opened key \REGISTRY\USER\S-1-5-21-3575293515-844785542-2696234256-1000
Process 1616 (\Device\HarddiskVolume2\Program Files\AVAST Software\Avast\AvastSvc.exe) has opened key \REGISTRY\USER\S-1-5-21-3575293515-844785542-2696234256-1000
Process 1616 (\Device\HarddiskVolume2\Program Files\AVAST Software\Avast\AvastSvc.exe) has opened key \REGISTRY\USER\S-1-5-21-3575293515-844785542-2696234256-1000
Process 1588 (\Device\HarddiskVolume2\Program Files (x86)\AVAST Software\Avast Cleanup\TuneupSvc.exe) has opened key \REGISTRY\USER\S-1-5-21-3575293515-844785542-2696234256-1000
Process 1616 (\Device\HarddiskVolume2\Program Files\AVAST Software\Avast\AvastSvc.exe) has opened key \REGISTRY\USER\S-1-5-21-3575293515-844785542-2696234256-1000\Software\Microsoft\Internet Explorer\Main\FeatureControl
Process 1616 (\Device\HarddiskVolume2\Program Files\AVAST Software\Avast\AvastSvc.exe) has opened key \REGISTRY\USER\S-1-5-21-3575293515-844785542-2696234256-1000\Software
Process 1588 (\Device\HarddiskVolume2\Program Files (x86)\AVAST Software\Avast Cleanup\TuneupSvc.exe) has opened key \REGISTRY\USER\S-1-5-21-3575293515-844785542-2696234256-1000\Software\Mozilla\Mozilla Firefox
Process 1588 (\Device\HarddiskVolume2\Program Files (x86)\AVAST Software\Avast Cleanup\TuneupSvc.exe) has opened key \REGISTRY\USER\S-1-5-21-3575293515-844785542-2696234256-1000\Software\Mozilla\Mozilla Firefox
Process 1588 (\Device\HarddiskVolume2\Program Files (x86)\AVAST Software\Avast Cleanup\TuneupSvc.exe) has opened key \REGISTRY\USER\S-1-5-21-3575293515-844785542-2696234256-1000\Software\Mozilla\Mozilla Firefox
Process 1588 (\Device\HarddiskVolume2\Program Files (x86)\AVAST Software\Avast Cleanup\TuneupSvc.exe) has opened key \REGISTRY\USER\S-1-5-21-3575293515-844785542-2696234256-1000\Software\Mozilla\Mozilla Firefox
Process 1588 (\Device\HarddiskVolume2\Program Files (x86)\AVAST Software\Avast Cleanup\TuneupSvc.exe) has opened key \REGISTRY\USER\S-1-5-21-3575293515-844785542-2696234256-1000\Software\Mozilla\Mozilla Firefox
Process 1616 (\Device\HarddiskVolume2\Program Files\AVAST Software\Avast\AvastSvc.exe) has opened key \REGISTRY\USER\S-1-5-21-3575293515-844785542-2696234256-1000\Software\Policies
Process 1588 (\Device\HarddiskVolume2\Program Files (x86)\AVAST Software\Avast Cleanup\TuneupSvc.exe) has opened key \REGISTRY\USER\S-1-5-21-3575293515-844785542-2696234256-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts
Process 1616 (\Device\HarddiskVolume2\Program Files\AVAST Software\Avast\AvastSvc.exe) has opened key \REGISTRY\USER\S-1-5-21-3575293515-844785542-2696234256-1000\Software\Microsoft\Internet Explorer\Main
Process 1616 (\Device\HarddiskVolume2\Program Files\AVAST Software\Avast\AvastSvc.exe) has opened key \REGISTRY\USER\S-1-5-21-3575293515-844785542-2696234256-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap
Process 1616 (\Device\HarddiskVolume2\Program Files\AVAST Software\Avast\AvastSvc.exe) has opened key \REGISTRY\USER\S-1-5-21-3575293515-844785542-2696234256-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings\5.0\Cache
Process 1588 (\Device\HarddiskVolume2\Program Files (x86)\AVAST Software\Avast Cleanup\TuneupSvc.exe) has opened key \REGISTRY\USER\S-1-5-21-3575293515-844785542-2696234256-1000\Software\Mozilla\Mozilla Firefox\70.0 (x86 en-US)\Main
Process 1588 (\Device\HarddiskVolume2\Program Files (x86)\AVAST Software\Avast Cleanup\TuneupSvc.exe) has opened key \REGISTRY\USER\S-1-5-21-3575293515-844785542-2696234256-1000\Software\Mozilla\Mozilla Firefox\70.0 (x86 en-US)\Main
Process 1588 (\Device\HarddiskVolume2\Program Files (x86)\AVAST Software\Avast Cleanup\TuneupSvc.exe) has opened key \REGISTRY\USER\S-1-5-21-3575293515-844785542-2696234256-1000\Software\Mozilla\Mozilla Firefox\70.0 (x86 en-US)\Main
Process 1616 (\Device\HarddiskVolume2\Program Files\AVAST Software\Avast\AvastSvc.exe) has opened key \REGISTRY\USER\S-1-5-21-3575293515-844785542-2696234256-1000\Software\Microsoft\Windows\CurrentVersion\Explorer
Process 1616 (\Device\HarddiskVolume2\Program Files\AVAST Software\Avast\AvastSvc.exe) has opened key \REGISTRY\USER\S-1-5-21-3575293515-844785542-2696234256-1000\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings
Process 1616 (\Device\HarddiskVolume2\Program Files\AVAST Software\Avast\AvastSvc.exe) has opened key \REGISTRY\USER\S-1-5-21-3575293515-844785542-2696234256-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings
Process 1616 (\Device\HarddiskVolume2\Program Files\AVAST Software\Avast\AvastSvc.exe) has opened key \REGISTRY\USER\S-1-5-21-3575293515-844785542-2696234256-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings
 
 
Log: 'Application' Date/Time: 31/10/2019 10:02:45
Type: Warning Category: 0
Event: 1530 Source: Microsoft-Windows-User Profiles Service
Windows detected your registry file is still in use by other applications or services. The file will be unloaded now. The applications or services that hold your registry file may not function properly afterwards.     DETAIL -   11 user registry handles leaked from \Registry\User\S-1-5-21-3575293515-844785542-2696234256-1000:
Process 1964 (\Device\HarddiskVolume2\Program Files (x86)\AVAST Software\Avast Cleanup\TuneupSvc.exe) has opened key \REGISTRY\USER\S-1-5-21-3575293515-844785542-2696234256-1000
Process 1964 (\Device\HarddiskVolume2\Program Files (x86)\AVAST Software\Avast Cleanup\TuneupSvc.exe) has opened key \REGISTRY\USER\S-1-5-21-3575293515-844785542-2696234256-1000
Process 1572 (\Device\HarddiskVolume2\Program Files\AVAST Software\Avast\AvastSvc.exe) has opened key \REGISTRY\USER\S-1-5-21-3575293515-844785542-2696234256-1000
Process 1964 (\Device\HarddiskVolume2\Program Files (x86)\AVAST Software\Avast Cleanup\TuneupSvc.exe) has opened key \REGISTRY\USER\S-1-5-21-3575293515-844785542-2696234256-1000\Software\Mozilla\Mozilla Firefox
Process 1964 (\Device\HarddiskVolume2\Program Files (x86)\AVAST Software\Avast Cleanup\TuneupSvc.exe) has opened key \REGISTRY\USER\S-1-5-21-3575293515-844785542-2696234256-1000\Software\Mozilla\Mozilla Firefox
Process 1964 (\Device\HarddiskVolume2\Program Files (x86)\AVAST Software\Avast Cleanup\TuneupSvc.exe) has opened key \REGISTRY\USER\S-1-5-21-3575293515-844785542-2696234256-1000\Software\Mozilla\Mozilla Firefox
Process 1964 (\Device\HarddiskVolume2\Program Files (x86)\AVAST Software\Avast Cleanup\TuneupSvc.exe) has opened key \REGISTRY\USER\S-1-5-21-3575293515-844785542-2696234256-1000\Software\Mozilla\Mozilla Firefox
Process 1964 (\Device\HarddiskVolume2\Program Files (x86)\AVAST Software\Avast Cleanup\TuneupSvc.exe) has opened key \REGISTRY\USER\S-1-5-21-3575293515-844785542-2696234256-1000\Software\Mozilla\Mozilla Firefox
Process 1964 (\Device\HarddiskVolume2\Program Files (x86)\AVAST Software\Avast Cleanup\TuneupSvc.exe) has opened key \REGISTRY\USER\S-1-5-21-3575293515-844785542-2696234256-1000\Software\Mozilla\Mozilla Firefox\70.0 (x86 en-US)\Main
Process 1964 (\Device\HarddiskVolume2\Program Files (x86)\AVAST Software\Avast Cleanup\TuneupSvc.exe) has opened key \REGISTRY\USER\S-1-5-21-3575293515-844785542-2696234256-1000\Software\Mozilla\Mozilla Firefox\70.0 (x86 en-US)\Main
Process 1964 (\Device\HarddiskVolume2\Program Files (x86)\AVAST Software\Avast Cleanup\TuneupSvc.exe) has opened key \REGISTRY\USER\S-1-5-21-3575293515-844785542-2696234256-1000\Software\Mozilla\Mozilla Firefox\70.0 (x86 en-US)\Main

  • 0

#15
bigyin43

bigyin43

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 114 posts

Latency checker .. disables my mouse pad , been unable to stop the program , without shutting down computer .

sorry 


  • 0






Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP