Hello! My computer is infected with random highlighted text and underlined words as well as it redirects me to random sites at times.
I'm pretty sure I got the issue this past weekend, late last week, when I was working on my paid to click and get paid to sites.
Usually running my usual stuff, Disk Cleanup, Disk Defrag, Maleware Bytes, Spybot Search and Destroy, CCleaner, and Microsoft Security Essentials, enough to catch whatever is on my computer from when I work on my sites, but this time they are all missing it. I'm not sure why they are missing it this time. However, I ran all of them a few times and even tried downloading Avast and running it as well as the Windows Malicious finder thing, which found something, but then after the results showed up, didn't show me what it was *sighs* So, any help in catching what is going on with where my stuff is missing it would be extremely helpful. Thank you so very much in advance for any help I am given for this issue.
Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 03-07-2017 01
Ran by LenovoThinkPadOwner (administrator) on LENOVOTHINKPAD (04-07-2017 00:12:03)
Running from C:\Users\LenovoThinkPadOwner\Downloads
Loaded Profiles: LenovoThinkPadOwner (Available Profiles: LenovoThinkPadOwner)
Platform: Windows 7 Professional Service Pack 1 (X64) Language: English (United States)
Internet Explorer Version 11 (Default browser: Chrome)
Boot Mode: Normal
==================== Processes (Whitelisted) =================
(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
(Lenovo.) C:\Windows\System32\ibmpmsvc.exe
(Lenovo.) C:\Windows\System32\LPlatSvc.exe
(Microsoft Corporation) C:\Program Files\Microsoft Security Client\MsMpEng.exe
(Intel Corporation) C:\Windows\System32\igfxCUIService.exe
(DisplayLink Corp.) C:\Program Files\DisplayLink Core Software\DisplayLinkManager.exe
(Lenovo.) C:\Windows\System32\LPlatSvc.exe
(DisplayLink Corp.) C:\Program Files\DisplayLink Core Software\DisplayLinkUserAgent.exe
(AVAST Software) C:\Program Files\AVAST Software\Avast\AvastSvc.exe
(Microsoft Corporation) C:\Windows\System32\wlanext.exe
(AVAST Software) C:\Program Files\AVAST Software\Avast\afwServ.exe
(Alps Electric Co., Ltd.) C:\Program Files\Apoint2K\HidMonitorSvc.exe
(Lenovo) C:\Program Files (x86)\Lenovo\Connect2\Connect2.Service.exe
(Lenovo.) C:\Windows\System32\TpShocks.exe
(Alps Electric Co., Ltd.) C:\Program Files\Apoint2K\Apoint.exe
(Conexant Systems Inc.) C:\Windows\System32\CxAudMsg64.exe
(Intel® Corporation) C:\Program Files\Intel\WiFi\bin\EvtEng.exe
(Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v3.0\WPF\PresentationFontCache.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Bluetooth\ibtsiva.exe
(CyberLink Corp.) C:\Program Files (x86)\CyberLink\PowerDVD12\PDVD12Serv.exe
(CyberLink) C:\Program Files (x86)\CyberLink\Power2Go\CLMLSvc.exe
(Intel Corporation) C:\Windows\System32\igfxEM.exe
(Lenovo Group Limited) C:\Program Files\Lenovo\Communications Utility\CamMute.exe
(Intel Corporation) C:\Windows\System32\igfxHK.exe
(Lenovo Group Limited) C:\Program Files\Lenovo\Communications Utility\TPKNRSVC.exe
(Lenovo Group Limited) C:\Program Files\Lenovo\Communications Utility\vcamsvc.exe
(Lenovo Group Limited) C:\Program Files\Lenovo\VIRTSCRL\lvvsst.exe
(Nitro PDF Software) C:\Program Files\Nitro\Pro 9\NitroPDFDriverService9x64.exe
(Lenovo Group Limited) C:\Program Files\Lenovo\VIRTSCRL\virtscrl.exe
() C:\Program Files\Nitro\Pro 9\Nitro_UpdateService.exe
(Nalpeiron Ltd.) C:\Windows\SysWOW64\NLSSRV32.EXE
(Intel® Corporation) C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe
(Conexant Systems, Inc.) C:\Windows\SysWOW64\SASrv.exe
(Safer-Networking Ltd.) C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe
(Safer-Networking Ltd.) C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe
(Lenovo Group Limited) C:\Program Files\Lenovo\HOTKEY\TPHKSVC.exe
(Synaptics Incorporated) C:\Windows\System32\valWBFPolicyService.exe
(Lenovo Group Limited) C:\Program Files\Lenovo\HOTKEY\tpnumlkd.exe
(Lenovo Group Limited) C:\Program Files\Lenovo\HOTKEY\tpnumlk.exe
(Intel® Corporation) C:\Program Files\Intel\WiFi\bin\ZeroConfigService.exe
(Lenovo Group Limited) C:\Program Files\Lenovo\HOTKEY\micmute.exe
(Malwarebytes) C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe
(Lenovo Group Limited) C:\Program Files\Lenovo\HOTKEY\tphkload.exe
(Safer-Networking Ltd.) C:\Program Files (x86)\Spybot - Search & Destroy 2\SDWSCSvc.exe
(Microsoft Corporation) C:\Windows\System32\rundll32.exe
(Lenovo Group Limited) C:\Program Files (x86)\Lenovo\QuickControl\QuickControlService.exe
(Lenovo Group Limited) C:\Program Files\Lenovo\HOTKEY\TPONSCR.exe
(Lenovo Group Limited) C:\Program Files\Lenovo\HOTKEY\shtctky.exe
(Alps Electric Co., Ltd.) C:\Program Files\Apoint2K\ApMsgFwd.exe
(Microsoft Corporation) C:\Program Files\Microsoft Security Client\NisSrv.exe
(Lenovo Group Limited) C:\Program Files (x86)\Lenovo\QuickControl\QuickControl.exe
(Lenovo) C:\Program Files\Lenovo\Lenovo Solution Center\LSCNotify.exe
(Lenovo) C:\Program Files (x86)\Lenovo\Message Center Plus\MCPLaunch.exe
(AVAST Software s.r.o.) C:\Program Files\AVAST Software\Avast\x64\aswidsagenta.exe
(Alps Electric Co., Ltd.) C:\Program Files\Apoint2K\ApntEx.exe
(Microsoft Corporation) C:\Windows\System32\rundll32.exe
(Lenovo Group Limited) C:\Program Files\Lenovo\Communications Utility\TpKnrres.exe
(Malwarebytes) C:\Program Files\Malwarebytes\Anti-Malware\mbamtray.exe
(Conexant Systems, Inc.) C:\Program Files\CONEXANT\cAudioFilterAgent\CAudioFilterAgent64.exe
(Microsoft Corporation) C:\Program Files\Microsoft Security Client\msseces.exe
(AVAST Software) C:\Program Files\AVAST Software\Avast\AvastUI.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Motorola Solutions, Inc.) C:\Program Files (x86)\Intel\Bluetooth\devmonsrv.exe
(Piriform Ltd) C:\Program Files\CCleaner\CCleaner64.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Microsoft Corporation) C:\Windows\SysWOW64\rundll32.exe
(Inmar, Inc.) C:\Program Files (x86)\Digital Coupon Printer\DigitalCouponPrinter.exe
(Microsoft Corporation) C:\Windows\System32\rundll32.exe
(Safer-Networking Ltd.) C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe
(Motorola Solutions, Inc.) C:\Program Files (x86)\Intel\Bluetooth\obexsrv.exe
(Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Motorola Solutions, Inc.) C:\Program Files (x86)\Intel\Bluetooth\mediasrv.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Lenovo Group Limited) C:\Program Files (x86)\ThinkPad\Utilities\SCHTASK.EXE
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\DAL\jhi_service.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe
(Lenovo) C:\Program Files\Lenovo\Lenovo Peer Connect\LenovoDiscoverySvc.exe
(Lenovo) C:\Program Files (x86)\ThinkPad\Utilities\PWMDBSVC.exe
(Validity Sensors, Inc.) C:\Program Files\Lenovo Fingerprint Reader\ValBioService.exe
(Validity Sensors, Inc.) C:\Program Files\Lenovo Fingerprint Reader\SwipeMonitor.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
==================== Registry (Whitelisted) ====================
(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
HKLM\...\Run: [Apoint] => C:\Program Files\Apoint2K\Apoint.exe [317240 2014-12-12] (Alps Electric Co., Ltd.)
HKLM\...\Run: [BTMTrayAgent] => rundll32.exe "C:\Program Files (x86)\Intel\Bluetooth\btmshellex.dll",TrayApp
HKLM\...\Run: [LENOVO.TPKNRRES] => C:\Program Files\Lenovo\Communications Utility\TPKNRRES.exe [295712 2014-08-07] (Lenovo Group Limited)
HKLM\...\Run: [SmartAudio] => C:\Program Files\CONEXANT\SAII\SACpl.exe [1830616 2014-04-09] (Conexant Systems, Inc.)
HKLM\...\Run: [cAudioFilterAgent] => C:\Program Files\Conexant\cAudioFilterAgent\cAudioFilterAgent64.exe [916184 2014-07-02] (Conexant Systems, Inc.)
HKLM\...\Run: [AvastUI.exe] => C:\Program Files\AVAST Software\Avast\AvLaunch.exe [213832 2017-06-29] (AVAST Software)
HKLM\...\Run: [MSC] => c:\Program Files\Microsoft Security Client\msseces.exe [1353680 2016-11-14] (Microsoft Corporation)
HKLM\...\Run: [Malwarebytes TrayApp] => C:\PROGRAM FILES\MALWAREBYTES\ANTI-MALWARE\mbamtray.exe [3146704 2017-05-09] (Malwarebytes)
HKLM-x32\...\Run: [USB3MON] => C:\Program Files (x86)\Intel\Intel® USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe [296208 2014-12-02] (Intel Corporation)
HKLM-x32\...\Run: [PWMTRV] => rundll32 "C:\Program Files (x86)\ThinkPad\Utilities\PWMTR64V.DLL",PwrMgrBkGndMonitor
HKLM-x32\...\Run: [] => [X]
HKLM-x32\...\Run: [Digital Coupon Print Driver] => C:\Program Files (x86)\Digital Coupon Printer\DigitalCouponPrinter.exe [90048 2015-09-22] (Inmar, Inc.)
HKLM-x32\...\Run: [SDTray] => C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe [4101576 2014-06-24] (Safer-Networking Ltd.)
HKLM-x32\...\Run: [SunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [587288 2017-03-15] (Oracle Corporation)
Winlogon\Notify\SDWinLogon-x32: SDWinLogon.dll [X]
HKLM\SOFTWARE\Policies\Microsoft\Windows Defender: Restriction <==== ATTENTION
HKU\S-1-5-21-3035152817-1234986613-3461963699-1000\...\Run: [CCleaner Monitoring] => C:\Program Files\CCleaner\CCleaner64.exe [8891608 2016-07-13] (Piriform Ltd)
HKU\S-1-5-21-3035152817-1234986613-3461963699-1000\...\Run: [GoogleChromeAutoLaunch_311ED15B9F59AFF57647FE448C1F9B8D] => C:\Program Files (x86)\Google\Chrome\Application\chrome.exe [1197912 2017-06-22] (Google Inc.)
HKU\S-1-5-21-3035152817-1234986613-3461963699-1000\...\Run: [SpybotPostWindows10UpgradeReInstall] => C:\Program Files\Common Files\AV\Spybot - Search and Destroy\Test.exe [1011200 2015-07-28] (Safer-Networking Ltd.)
HKU\S-1-5-21-3035152817-1234986613-3461963699-1000\...\MountPoints2: {9b260b78-5fdf-11e7-9793-34e6ad03fb46} - WinCleaner Application Setup.exe
HKU\S-1-5-21-3035152817-1234986613-3461963699-1000\...\MountPoints2: {eb730243-4dd3-11e6-8661-806e6f6e6963} - Q:\LenovoQDrive.cmd
BootExecute: autocheck autochk * sdnclean64.exe
==================== Internet (Whitelisted) ====================
(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
Hosts: There are more than one entry in Hosts. See Hosts section of Addition.txt
Tcpip\Parameters: [DhcpNameServer] 10.0.0.1
Tcpip\..\Interfaces\{9EC25985-FB3D-4ECA-81B3-B0EBB212B995}: [DhcpNameServer] 10.0.0.1
Internet Explorer:
==================
HKU\S-1-5-21-3035152817-1234986613-3461963699-1000\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.bing.com/
HKU\S-1-5-21-3035152817-1234986613-3461963699-1000\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://lenovo13-comm.msn.com/?pc=LNJB
SearchScopes: HKLM -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKLM-x32 -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-21-3035152817-1234986613-3461963699-1000 -> DefaultScope {BA5620C9-A3AF-414B-830C-5B76322C736A} URL =
SearchScopes: HKU\S-1-5-21-3035152817-1234986613-3461963699-1000 -> {BA5620C9-A3AF-414B-830C-5B76322C736A} URL =
BHO: Java Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files\Java\jre1.8.0_131\bin\ssv.dll [2017-05-15] (Oracle Corporation)
BHO: avast! Online Security -> {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} -> C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll [2017-06-29] (AVAST Software)
BHO: Java Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Java\jre1.8.0_131\bin\jp2ssv.dll [2017-05-15] (Oracle Corporation)
BHO-x32: Java Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre1.8.0_131\bin\ssv.dll [2017-05-15] (Oracle Corporation)
BHO-x32: avast! Online Security -> {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} -> C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll [2017-06-29] (AVAST Software)
BHO-x32: Java Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre1.8.0_131\bin\jp2ssv.dll [2017-05-15] (Oracle Corporation)
FireFox:
========
FF Plugin: @java.com/DTPlugin,version=11.131.2 -> C:\Program Files\Java\jre1.8.0_131\bin\dtplugin\npDeployJava1.dll [2017-05-15] (Oracle Corporation)
FF Plugin: @java.com/JavaPlugin,version=11.131.2 -> C:\Program Files\Java\jre1.8.0_131\bin\plugin2\npjp2.dll [2017-05-15] (Oracle Corporation)
FF Plugin: @microsoft.com/GENUINE -> disabled [No File]
FF Plugin: @videolan.org/vlc,version=2.2.4 -> C:\Program Files\VideoLAN\VLC\npvlc.dll [2017-05-24] (VideoLAN)
FF Plugin: @videolan.org/vlc,version=2.2.6 -> C:\Program Files\VideoLAN\VLC\npvlc.dll [2017-05-24] (VideoLAN)
FF Plugin-x32: @adobe.com/ShockwavePlayer -> C:\Windows\SysWOW64\Adobe\Director\np32dsw_1229199.dll [2017-03-31] (Adobe Systems, Inc.)
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI ipt;version=4.0.56 -> C:\Program Files (x86)\Intel\Intel® Management Engine Components\IPT\npIntelWebAPIIPT.dll [2014-10-10] (Intel Corporation)
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI updater -> C:\Program Files (x86)\Intel\Intel® Management Engine Components\IPT\npIntelWebAPIUpdater.dll [2014-10-10] (Intel Corporation)
FF Plugin-x32: @java.com/DTPlugin,version=11.131.2 -> C:\Program Files (x86)\Java\jre1.8.0_131\bin\dtplugin\npDeployJava1.dll [2017-05-15] (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=11.131.2 -> C:\Program Files (x86)\Java\jre1.8.0_131\bin\plugin2\npjp2.dll [2017-05-15] (Oracle Corporation)
FF Plugin-x32: @microsoft.com/GENUINE -> disabled [No File]
FF Plugin-x32: @nitropdf.com/NitroPDF -> C:\Program Files (x86)\Nitro\Pro 9\npnitromozilla.dll [2016-07-28] (Nitro PDF)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.33.5\npGoogleUpdate3.dll [2017-04-27] (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.33.5\npGoogleUpdate3.dll [2017-04-27] (Google Inc.)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AIR\nppdf32.dll [2017-04-04] (Adobe Systems Inc.)
Chrome:
=======
CHR HomePage: Default -> hxxp://www.bing.com/?pc=U162&form=U162HP
CHR StartupUrls: Default -> "hxxp://www.bing.com/?pc=U162&form=U162HP"
CHR DefaultSearchURL: Default -> hxxp://www.cassiopessa.com/results.php?f=4&q={searchTerms}&a=csp_tight2_15_27&cd=2XzuyEtN2Y1L1Qzu0FzztD0FyEtCtAtA0D0AtB0A0EtCyCtDtN0D0Tzu0StCtByBzztN1L2XzutAtFtCtCtFtAtFtDtN1L1CzutN1L1G1B1V1N2Y1L1Qzu2StC0AtDtAyBzzyCyDtGtBzzyD0AtGyDzztBzztGyEzytB0CtGtDyDzyyEyBzyyCzytAtC0E0B2QtN1M1F1B2Z1V1N2Y1L1Qzu2StDzytCzyzz0F0AyCtGyE0DtC0BtGyEyEtB0CtGzyzyyDyCtGyC0EyD0CyEtAyEtB0A0D0DyB2QtN0A0LzuyEtN1B2Z1V1T1S1NzuzztCzy&cr=1511828159&ir=
CHR DefaultSearchKeyword: Default -> cassiopesa.com
CHR DefaultSuggestURL: Default -> {google:baseSuggestURL}search?client=chrome&hl={language}&q={searchTerms}
CHR Profile: C:\Users\LenovoThinkPadOwner\AppData\Local\Google\Chrome\User Data\Default [2017-07-04]
CHR Extension: (Google Slides) - C:\Users\LenovoThinkPadOwner\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2017-01-14]
CHR Extension: (Google Docs) - C:\Users\LenovoThinkPadOwner\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2017-01-14]
CHR Extension: (Google Drive) - C:\Users\LenovoThinkPadOwner\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2017-01-14]
CHR Extension: (YouTube) - C:\Users\LenovoThinkPadOwner\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2017-01-14]
CHR Extension: (Supernatural) - C:\Users\LenovoThinkPadOwner\AppData\Local\Google\Chrome\User Data\Default\Extensions\eaejimcbahonbhigeacmlmjiofegplpn [2017-01-14]
CHR Extension: (Adobe Acrobat) - C:\Users\LenovoThinkPadOwner\AppData\Local\Google\Chrome\User Data\Default\Extensions\efaidnbmnnnibpcajpcglclefindmkaj [2017-04-07]
CHR Extension: (Avast SafePrice) - C:\Users\LenovoThinkPadOwner\AppData\Local\Google\Chrome\User Data\Default\Extensions\eofcbnmajmjmplflapaojjnihcjkigck [2017-06-02]
CHR Extension: (Google Sheets) - C:\Users\LenovoThinkPadOwner\AppData\Local\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2017-01-14]
CHR Extension: (Office Editing for Docs, Sheets & Slides) - C:\Users\LenovoThinkPadOwner\AppData\Local\Google\Chrome\User Data\Default\Extensions\gbkeegbaiigmenfmjfclcdgdpimamgkj [2017-06-23]
CHR Extension: (Savings Alerts) - C:\Users\LenovoThinkPadOwner\AppData\Local\Google\Chrome\User Data\Default\Extensions\gflpeapppfijfecjmibidlnfggdifmic [2017-01-15]
CHR Extension: (Google Docs Offline) - C:\Users\LenovoThinkPadOwner\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2017-01-15]
CHR Extension: (Screenwise Meter) - C:\Users\LenovoThinkPadOwner\AppData\Local\Google\Chrome\User Data\Default\Extensions\gmieefkpoaagiboijfjhidningfpomge [2017-06-07]
CHR Extension: (SwagButton) - C:\Users\LenovoThinkPadOwner\AppData\Local\Google\Chrome\User Data\Default\Extensions\gngocbkfmikdgphklgmmehbjjlfgdemm [2017-07-03]
CHR Extension: (Avast Online Security) - C:\Users\LenovoThinkPadOwner\AppData\Local\Google\Chrome\User Data\Default\Extensions\gomekmidlodglbbmalcneegieacbdmki [2017-06-12]
CHR Extension: (Piggy - Automatic Coupons & Cash Back) - C:\Users\LenovoThinkPadOwner\AppData\Local\Google\Chrome\User Data\Default\Extensions\hfapbcheiepjppjbnkphkmegjlipojba [2017-06-29]
CHR Extension: (Supernatural Photo Gallery) - C:\Users\LenovoThinkPadOwner\AppData\Local\Google\Chrome\User Data\Default\Extensions\jddhkngnpofgkagacodjmnicclhjjokk [2017-01-14]
CHR Extension: (Klout) - C:\Users\LenovoThinkPadOwner\AppData\Local\Google\Chrome\User Data\Default\Extensions\jjaakbhpcbpmojkhpiaacepfcaniglak [2017-01-15]
CHR Extension: (Qmee) - C:\Users\LenovoThinkPadOwner\AppData\Local\Google\Chrome\User Data\Default\Extensions\mbaanpgkpkoamihninlcegnjclcpibde [2017-01-14]
CHR Extension: (MyPoints Score) - C:\Users\LenovoThinkPadOwner\AppData\Local\Google\Chrome\User Data\Default\Extensions\mcglgmippekbdbmniknikdgkmnnpdnmh [2017-01-15]
CHR Extension: (TubeBuddy for YouTube) - C:\Users\LenovoThinkPadOwner\AppData\Local\Google\Chrome\User Data\Default\Extensions\mhkhmbddkmdggbhaaaodilponhnccicb [2017-07-03]
CHR Extension: (Chrome Web Store Payments) - C:\Users\LenovoThinkPadOwner\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2017-03-18]
CHR Extension: (Gmail) - C:\Users\LenovoThinkPadOwner\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2017-01-14]
CHR Extension: (Chrome Media Router) - C:\Users\LenovoThinkPadOwner\AppData\Local\Google\Chrome\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm [2017-06-29]
CHR HKU\S-1-5-21-3035152817-1234986613-3461963699-1000\SOFTWARE\Google\Chrome\Extensions\...\Chrome\Extension: [efaidnbmnnnibpcajpcglclefindmkaj] - hxxps://clients2.google.com/service/update2/crx
CHR HKLM-x32\...\Chrome\Extension: [eofcbnmajmjmplflapaojjnihcjkigck] - hxxps://clients2.google.com/service/update2/crx
CHR HKLM-x32\...\Chrome\Extension: [gomekmidlodglbbmalcneegieacbdmki] - hxxps://clients2.google.com/service/update2/crx
==================== Services (Whitelisted) ====================
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
R2 ApHidMonitorService; C:\Program Files\Apoint2K\HidMonitorSvc.exe [87384 2014-11-06] (Alps Electric Co., Ltd.)
R3 aswbIDSAgent; C:\Program Files\AVAST Software\Avast\x64\aswidsagenta.exe [7430992 2017-06-29] (AVAST Software s.r.o.)
R2 avast! Antivirus; C:\Program Files\AVAST Software\Avast\AvastSvc.exe [263312 2017-06-29] (AVAST Software)
R2 avast! Firewall; C:\Program Files\AVAST Software\Avast\afwServ.exe [311592 2017-06-29] (AVAST Software)
R2 connect2hotspot; C:\Program Files (x86)\Lenovo\Connect2\Connect2.Service.exe [100680 2017-02-08] (Lenovo)
R2 DisplayLinkService; C:\Program Files\DisplayLink Core Software\DisplayLinkManager.exe [9954096 2014-03-31] (DisplayLink Corp.)
R2 iBtSiva; C:\Program Files (x86)\Intel\Bluetooth\ibtsiva.exe [121304 2014-08-10] (Intel Corporation)
R2 igfxCUIService1.0.0.0; C:\Windows\system32\igfxCUIService.exe [354280 2016-06-02] (Intel Corporation)
S3 Intel® Capability Licensing Service TCP IP Interface; C:\Program Files\Intel\iCLS Client\SocketHeciServer.exe [887256 2014-05-13] (Intel® Corporation)
S3 iumsvc; C:\Program Files (x86)\Intel\Intel® Update Manager\bin\iumsvc.exe [174368 2014-06-09] ()
R2 jhi_service; C:\Program Files (x86)\Intel\Intel® Management Engine Components\DAL\jhi_service.exe [158496 2014-10-10] (Intel Corporation)
S3 Lenovo EasyPlus Hotspot; C:\Program Files (x86)\Common Files\lenovo\easyplussdk\bin\EPHotspot64.exe [619776 2014-12-05] (Lenovo)
R2 LENOVO.TVTVCAM; C:\Program Files\Lenovo\Communications Utility\vcamsvc.exe [197408 2014-08-07] (Lenovo Group Limited)
R2 Lenovo.VIRTSCRLSVC; C:\Program Files\LENOVO\VIRTSCRL\lvvsst.exe [115184 2014-07-08] (Lenovo Group Limited)
S3 LenovoProdRegManager; C:\Program Files (x86)\Lenovo Registration\EngageService.exe [293416 2015-01-09] (Aviata, Inc.)
R2 lnvDiscoveryWinSvc; C:\Program Files\Lenovo\Lenovo Peer Connect\LenovoDiscoverySvc.exe [21552 2014-02-21] (Lenovo)
R2 LPlatSvc; C:\Windows\system32\LPlatSvc.exe [711248 2017-04-01] (Lenovo.)
S3 LSC.Services.SystemService; C:\Program Files\Lenovo\Lenovo Solution Center\App\LSC.Services.SystemService.exe [273232 2016-06-02] (Lenovo)
R2 MBAMService; C:\Program Files\Malwarebytes\Anti-Malware\mbamservice.exe [4470736 2017-05-09] (Malwarebytes)
R2 MsMpSvc; c:\Program Files\Microsoft Security Client\MsMpEng.exe [119864 2016-11-14] (Microsoft Corporation)
S3 MyWiFiDHCPDNS; C:\Program Files\Intel\WiFi\bin\PanDhcpDns.exe [268192 2014-12-04] ()
R3 NisSrv; c:\Program Files\Microsoft Security Client\NisSrv.exe [361816 2016-11-14] (Microsoft Corporation)
R2 NitroDriverReadSpool9; C:\Program Files\Nitro\Pro 9\NitroPDFDriverService9x64.exe [233112 2016-07-28] (Nitro PDF Software)
R2 NitroUpdateService; C:\Program Files\Nitro\Pro 9\Nitro_UpdateService.exe [420504 2016-07-28] ()
S2 QuickControlMasterSvc; C:\Program Files (x86)\Lenovo\QuickControl\QuickControlMasterSvc.exe [61232 2014-12-05] (Lenovo Group Limited)
R3 QuickControlService; C:\Program Files (x86)\Lenovo\QuickControl\QuickControlService.exe [317224 2014-12-05] (Lenovo Group Limited)
R2 SDScannerService; C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe [1738168 2014-06-24] (Safer-Networking Ltd.)
R2 SDUpdateService; C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe [2088408 2014-06-27] (Safer-Networking Ltd.)
R2 SDWSCService; C:\Program Files (x86)\Spybot - Search & Destroy 2\SDWSCSvc.exe [235984 2016-11-24] (Safer-Networking Ltd.) [File not signed]
S3 SUService; C:\Program Files (x86)\Lenovo\System Update\SUService.exe [23416 2017-05-09] ()
R2 ValBioService; C:\Program Files\Lenovo Fingerprint Reader\ValBioService.exe [22776 2015-12-02] (Validity Sensors, Inc.)
R2 valWBFPolicyService; C:\Windows\system32\valWBFPolicyService.exe [88400 2015-12-06] (Synaptics Incorporated)
S3 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [1011712 2013-05-27] (Microsoft Corporation)
R2 ZeroConfigService; C:\Program Files\Intel\WiFi\bin\ZeroConfigService.exe [3820960 2014-12-04] (Intel® Corporation)
===================== Drivers (Whitelisted) ======================
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
R1 aswbidsdriver; C:\Windows\system32\drivers\aswbidsdrivera.sys [319984 2017-06-29] (AVAST Software s.r.o.)
R0 aswbidsh; C:\Windows\system32\drivers\aswbidsha.sys [198944 2017-06-29] (AVAST Software s.r.o.)
R0 aswblog; C:\Windows\system32\drivers\aswbloga.sys [343264 2017-06-29] (AVAST Software s.r.o.)
R0 aswbuniv; C:\Windows\system32\drivers\aswbuniva.sys [57704 2017-06-29] (AVAST Software s.r.o.)
S3 aswHwid; C:\Windows\system32\drivers\aswHwid.sys [46984 2017-06-29] (AVAST Software)
R1 aswKbd; C:\Windows\system32\drivers\aswKbd.sys [41800 2017-06-29] (AVAST Software)
R2 aswMonFlt; C:\Windows\system32\drivers\aswMonFlt.sys [146664 2017-06-29] (AVAST Software)
R3 aswNetNd6; C:\Windows\System32\DRIVERS\aswNetNd6.sys [38152 2017-06-29] (AVAST Software)
R1 aswNetSec; C:\Windows\system32\drivers\aswNetSec.sys [554528 2017-06-29] (AVAST Software)
R1 aswRdr; C:\Windows\system32\drivers\aswRdr2.sys [110352 2017-06-29] (AVAST Software)
R0 aswRvrt; C:\Windows\system32\drivers\aswRvrt.sys [84392 2017-06-29] (AVAST Software)
R1 aswSnx; C:\Windows\system32\drivers\aswSnx.sys [1015848 2017-06-29] (AVAST Software)
R1 aswSP; C:\Windows\system32\drivers\aswSP.sys [585608 2017-06-29] (AVAST Software)
R2 aswStm; C:\Windows\system32\drivers\aswStm.sys [198768 2017-06-29] (AVAST Software)
R0 aswVmm; C:\Windows\system32\drivers\aswVmm.sys [361336 2017-07-01] (AVAST Software)
R3 btmaux; C:\Windows\System32\DRIVERS\btmaux.sys [141624 2014-05-13] (Motorola Solutions, Inc.)
R3 btmhsf; C:\Windows\System32\DRIVERS\btmhsf.sys [1424184 2014-06-17] (Motorola Solutions, Inc.)
R3 e1dexpress; C:\Windows\System32\DRIVERS\e1d62x64.sys [533496 2017-02-01] (Intel Corporation)
R1 ESProtectionDriver; C:\Windows\system32\drivers\mbae64.sys [77376 2017-06-27] ()
R0 iaStorF; C:\Windows\System32\DRIVERS\iaStorF.sys [30360 2014-10-09] (Intel Corporation)
R3 ibtusb; C:\Windows\System32\DRIVERS\ibtusb.sys [220104 2014-08-10] (Intel Corporation)
R2 MBAMChameleon; C:\Windows\system32\drivers\MBAMChameleon.sys [188352 2017-06-30] (Malwarebytes)
R3 MBAMFarflt; C:\Windows\system32\drivers\farflt.sys [101784 2017-07-03] (Malwarebytes)
R3 MBAMProtection; C:\Windows\system32\drivers\mbam.sys [45472 2017-07-03] (Malwarebytes)
R3 MBAMSwissArmy; C:\Windows\system32\drivers\MBAMSwissArmy.sys [253856 2017-07-03] (Malwarebytes)
R3 MBAMWebProtection; C:\Windows\system32\drivers\mwac.sys [84256 2017-07-03] (Malwarebytes)
R3 MEIx64; C:\Windows\System32\DRIVERS\TeeDriverx64.sys [129312 2014-10-10] (Intel Corporation)
R0 MpFilter; C:\Windows\System32\DRIVERS\MpFilter.sys [295000 2016-08-25] (Microsoft Corporation)
R3 NETwNs64; C:\Windows\System32\DRIVERS\Netwsw02.sys [3437848 2014-12-08] (Intel Corporation)
R3 NisDrv; C:\Windows\System32\DRIVERS\NisDrvWFP.sys [135928 2016-08-25] (Microsoft Corporation)
R3 RTSPER; C:\Windows\System32\DRIVERS\RtsPer.sys [466136 2014-01-14] (Realsil Semiconductor Corporation)
R3 SPUVCbv; C:\Windows\System32\Drivers\SPUVCbv_x64.sys [682272 2014-09-04] (Sunplus)
==================== NetSvcs (Whitelisted) ===================
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
==================== One Month Created files and folders ========
(If an entry is included in the fixlist, the file/folder will be moved.)
2017-07-04 00:12 - 2017-07-04 00:13 - 00027581 _____ C:\Users\LenovoThinkPadOwner\Downloads\FRST.txt
2017-07-04 00:11 - 2017-07-04 00:11 - 00013410 _____ C:\Users\LenovoThinkPadOwner\Desktop\FRST64 - Shortcut.lnk
2017-07-04 00:09 - 2017-07-04 00:12 - 00000000 ____D C:\FRST
2017-07-04 00:07 - 2017-07-04 00:08 - 02436096 _____ (Farbar) C:\Users\LenovoThinkPadOwner\Downloads\FRST64 (1).exe
2017-07-04 00:07 - 2017-07-04 00:07 - 02436096 _____ (Farbar) C:\Users\LenovoThinkPadOwner\Downloads\FRST64.exe
2017-07-03 22:04 - 2017-07-03 22:44 - 00000000 ____D C:\AdwCleaner
2017-07-03 22:03 - 2017-07-03 22:04 - 04110280 _____ C:\Users\LenovoThinkPadOwner\Downloads\adwcleaner_6.047.exe
2017-07-03 21:20 - 2017-07-03 21:20 - 00001401 _____ C:\Users\LenovoThinkPadOwner\AppData\Roaming\Microsoft\Windows\Start Menu\WinCleaner OneClick Professional.lnk
2017-07-03 21:20 - 2017-07-03 21:20 - 00001377 _____ C:\Users\LenovoThinkPadOwner\Desktop\WinCleaner OneClick Professional.lnk
2017-07-03 21:20 - 2017-07-03 21:20 - 00000000 ____D C:\Users\LenovoThinkPadOwner\AppData\Roaming\Business Logic
2017-07-03 21:20 - 2017-07-03 21:20 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\WinCleaner OneClick Professional
2017-07-03 21:20 - 2017-07-03 21:20 - 00000000 ____D C:\Program Files (x86)\Business Logic Corporation
2017-07-03 21:15 - 2017-07-03 21:15 - 00000464 _____ C:\Users\LenovoThinkPadOwner\Documents\cc_20170703_211501.reg
2017-07-03 15:52 - 2017-07-03 15:55 - 00000000 ____D C:\Users\LenovoThinkPadOwner\Desktop\Mystery shopping sites I use
2017-07-01 21:33 - 2017-06-29 18:55 - 00400464 _____ (AVAST Software) C:\Windows\system32\aswBoot.exe
2017-07-01 16:07 - 2017-07-01 16:07 - 00000000 ____D C:\Users\LenovoThinkPadOwner\Documents\ProcAlyzer Dumps
2017-07-01 14:17 - 2017-07-01 14:17 - 00000610 ____H C:\Windows\Tasks\Norton Product InstallerIdle.job
2017-07-01 14:17 - 2017-07-01 14:17 - 00000602 _____ C:\Windows\Tasks\Norton Product Installer.job
2017-07-01 14:15 - 2017-07-01 14:22 - 00000000 ____D C:\Program Files (x86)\NortonInstaller
2017-07-01 14:15 - 2017-07-01 14:16 - 00000482 ____H C:\Windows\Tasks\Norton Security Scan for LenovoThinkPadOwner.job
2017-07-01 14:02 - 2017-07-01 14:03 - 131450640 _____ (Microsoft Corporation) C:\Users\LenovoThinkPadOwner\Downloads\msert.exe
2017-07-01 00:26 - 2017-07-01 00:26 - 44060880 _____ (Microsoft Corporation) C:\Users\LenovoThinkPadOwner\Downloads\Windows-KB890830-x64-V5.49.exe
2017-06-30 15:31 - 2017-06-30 15:31 - 00000512 _____ C:\Users\LenovoThinkPadOwner\Documents\cc_20170630_153100.reg
2017-06-30 02:09 - 2017-07-03 22:16 - 00253856 _____ (Malwarebytes) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2017-06-30 02:09 - 2017-07-03 22:16 - 00101784 _____ (Malwarebytes) C:\Windows\system32\Drivers\farflt.sys
2017-06-30 02:09 - 2017-07-03 22:16 - 00084256 _____ (Malwarebytes) C:\Windows\system32\Drivers\mwac.sys
2017-06-30 02:09 - 2017-07-03 22:16 - 00045472 _____ (Malwarebytes) C:\Windows\system32\Drivers\mbam.sys
2017-06-30 02:09 - 2017-07-01 20:45 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes
2017-06-30 02:09 - 2017-06-30 02:10 - 00188352 _____ (Malwarebytes) C:\Windows\system32\Drivers\MBAMChameleon.sys
2017-06-30 02:09 - 2017-06-30 02:09 - 00001878 _____ C:\Users\Public\Desktop\Malwarebytes.lnk
2017-06-30 02:09 - 2017-06-30 02:09 - 00000000 ____D C:\Program Files\Malwarebytes
2017-06-30 02:09 - 2017-06-27 12:06 - 00077376 _____ C:\Windows\system32\Drivers\mbae64.sys
2017-06-30 02:07 - 2017-06-30 02:07 - 65033984 _____ (Malwarebytes ) C:\Users\LenovoThinkPadOwner\Downloads\mb3-setup-consumer-3.1.2.1733-1.0.160-1.0.2251.exe
2017-06-30 00:58 - 2017-06-30 00:58 - 00002128 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Security Essentials.lnk
2017-06-30 00:58 - 2017-06-30 00:58 - 00001945 _____ C:\Windows\epplauncher.mif
2017-06-30 00:57 - 2017-07-01 20:46 - 00000000 ____D C:\Program Files\Microsoft Security Client
2017-06-30 00:57 - 2017-07-01 20:46 - 00000000 ____D C:\Program Files (x86)\Microsoft Security Client
2017-06-30 00:45 - 2017-06-30 00:46 - 15065792 _____ (Microsoft Corporation) C:\Users\LenovoThinkPadOwner\Downloads\mseinstall.exe
2017-06-29 20:52 - 2017-06-19 19:14 - 25731584 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2017-06-29 20:52 - 2017-06-19 19:10 - 02724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2017-06-29 20:52 - 2017-06-19 18:43 - 00615936 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2017-06-29 20:52 - 2017-06-19 18:21 - 02724864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2017-06-29 20:52 - 2017-06-19 18:09 - 20270592 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2017-06-29 20:52 - 2017-06-19 18:00 - 00476160 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2017-06-29 20:52 - 2017-06-19 17:50 - 15252480 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2017-06-29 20:52 - 2017-06-19 17:29 - 13664256 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2017-06-29 20:52 - 2017-06-16 11:29 - 02319872 _____ (Microsoft Corporation) C:\Windows\system32\tquery.dll
2017-06-29 20:52 - 2017-06-16 11:29 - 02222080 _____ (Microsoft Corporation) C:\Windows\system32\mssrch.dll
2017-06-29 20:52 - 2017-06-16 11:29 - 00778240 _____ (Microsoft Corporation) C:\Windows\system32\mssvp.dll
2017-06-29 20:52 - 2017-06-16 11:29 - 00491520 _____ (Microsoft Corporation) C:\Windows\system32\mssph.dll
2017-06-29 20:52 - 2017-06-16 11:29 - 00288256 _____ (Microsoft Corporation) C:\Windows\system32\mssphtb.dll
2017-06-29 20:52 - 2017-06-16 11:29 - 00115200 _____ (Microsoft Corporation) C:\Windows\system32\mssitlb.dll
2017-06-29 20:52 - 2017-06-16 11:29 - 00099840 _____ (Microsoft Corporation) C:\Windows\system32\mssprxy.dll
2017-06-29 20:52 - 2017-06-16 11:29 - 00075264 _____ (Microsoft Corporation) C:\Windows\system32\msscntrs.dll
2017-06-29 20:52 - 2017-06-16 11:29 - 00014336 _____ (Microsoft Corporation) C:\Windows\system32\msshooks.dll
2017-06-29 20:52 - 2017-06-16 11:13 - 00591872 _____ (Microsoft Corporation) C:\Windows\system32\SearchIndexer.exe
2017-06-29 20:52 - 2017-06-16 11:12 - 00249856 _____ (Microsoft Corporation) C:\Windows\system32\SearchProtocolHost.exe
2017-06-29 20:52 - 2017-06-16 11:11 - 01549312 _____ (Microsoft Corporation) C:\Windows\SysWOW64\tquery.dll
2017-06-29 20:52 - 2017-06-16 11:11 - 01400320 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mssrch.dll
2017-06-29 20:52 - 2017-06-16 11:11 - 00666624 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mssvp.dll
2017-06-29 20:52 - 2017-06-16 11:11 - 00337408 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mssph.dll
2017-06-29 20:52 - 2017-06-16 11:11 - 00197120 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mssphtb.dll
2017-06-29 20:52 - 2017-06-16 11:11 - 00113664 _____ (Microsoft Corporation) C:\Windows\system32\SearchFilterHost.exe
2017-06-29 20:52 - 2017-06-16 11:11 - 00104448 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mssitlb.dll
2017-06-29 20:52 - 2017-06-16 11:11 - 00059392 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msscntrs.dll
2017-06-29 20:52 - 2017-06-16 11:11 - 00034816 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mssprxy.dll
2017-06-29 20:52 - 2017-06-16 11:00 - 00427520 _____ (Microsoft Corporation) C:\Windows\SysWOW64\SearchIndexer.exe
2017-06-29 20:52 - 2017-06-16 11:00 - 00164352 _____ (Microsoft Corporation) C:\Windows\SysWOW64\SearchProtocolHost.exe
2017-06-29 20:52 - 2017-06-16 10:59 - 00086528 _____ (Microsoft Corporation) C:\Windows\SysWOW64\SearchFilterHost.exe
2017-06-29 20:52 - 2017-06-16 10:59 - 00009728 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msshooks.dll
2017-06-29 20:52 - 2017-05-21 00:24 - 00002048 _____ (Microsoft Corporation) C:\Windows\system32\tzres.dll
2017-06-29 20:52 - 2017-05-21 00:06 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\tzres.dll
2017-06-29 20:52 - 2017-05-16 11:35 - 00986856 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\dxgkrnl.sys
2017-06-29 20:52 - 2017-05-16 11:35 - 00265448 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\dxgmms1.sys
2017-06-29 20:52 - 2017-05-16 11:30 - 00144384 _____ (Microsoft Corporation) C:\Windows\system32\cdd.dll
2017-06-29 20:51 - 2017-05-03 11:34 - 00094952 _____ (Microsoft Corporation) C:\Windows\system32\CompatTelRunner.exe
2017-06-29 20:51 - 2017-05-03 11:29 - 01206272 _____ (Microsoft Corporation) C:\Windows\system32\aeinv.dll
2017-06-29 20:51 - 2017-05-03 09:05 - 01555968 _____ (Microsoft Corporation) C:\Windows\system32\appraiser.dll
2017-06-29 20:51 - 2017-05-03 09:05 - 00620544 _____ (Microsoft Corporation) C:\Windows\system32\generaltel.dll
2017-06-29 20:51 - 2017-05-03 09:05 - 00535552 _____ (Microsoft Corporation) C:\Windows\system32\devinv.dll
2017-06-29 20:51 - 2017-05-03 09:05 - 00325632 _____ (Microsoft Corporation) C:\Windows\system32\invagent.dll
2017-06-29 20:51 - 2017-05-03 09:05 - 00311296 _____ (Microsoft Corporation) C:\Windows\system32\centel.dll
2017-06-29 20:51 - 2017-05-03 09:05 - 00217088 _____ (Microsoft Corporation) C:\Windows\system32\aepic.dll
2017-06-29 20:51 - 2017-05-03 09:05 - 00127488 _____ (Microsoft Corporation) C:\Windows\system32\acmigration.dll
2017-06-29 20:51 - 2017-03-22 22:06 - 01691136 _____ (Microsoft Corporation) C:\Windows\system32\aitstatic.exe
2017-06-29 18:54 - 2017-06-29 18:54 - 00038152 _____ (AVAST Software) C:\Windows\system32\Drivers\aswNetNd6.sys
2017-06-23 15:42 - 2017-06-23 15:42 - 10714974 _____ C:\Users\LenovoThinkPadOwner\Downloads\Powered-by-Mom-Simply-Sweet-Recipes-to-Try-Today.pdf
2017-06-21 11:52 - 2017-06-21 11:52 - 00000362 _____ C:\Users\LenovoThinkPadOwner\Documents\cc_20170621_115250.reg
2017-06-21 08:25 - 2017-06-30 16:43 - 00000000 ____D C:\Users\LenovoThinkPadOwner\AppData\Local\ElevatedDiagnostics
2017-06-14 05:24 - 2017-06-02 04:10 - 00733696 _____ (Microsoft Corporation) C:\Windows\HelpPane.exe
2017-06-14 05:24 - 2017-05-14 15:55 - 05975040 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2017-06-14 05:24 - 2017-05-14 14:52 - 03240960 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2017-06-14 05:24 - 2017-05-14 14:44 - 04549120 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2017-06-14 05:24 - 2017-05-14 14:15 - 02767872 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2017-06-14 05:24 - 2017-05-12 14:26 - 05547752 _____ (Microsoft Corporation) C:\Windows\system32\ntoskrnl.exe
2017-06-14 05:24 - 2017-05-12 14:22 - 00806912 _____ (Microsoft Corporation) C:\Windows\system32\usp10.dll
2017-06-14 05:24 - 2017-05-12 14:07 - 04001000 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntkrnlpa.exe
2017-06-14 05:24 - 2017-05-12 14:07 - 03945704 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntoskrnl.exe
2017-06-14 05:24 - 2017-05-12 14:03 - 00629760 _____ (Microsoft Corporation) C:\Windows\SysWOW64\usp10.dll
2017-06-14 05:24 - 2017-05-12 14:03 - 00313344 _____ (Microsoft Corporation) C:\Windows\SysWOW64\gdi32.dll
2017-06-14 05:24 - 2017-05-12 13:52 - 03222528 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys
2017-06-14 05:24 - 2017-05-10 11:29 - 14183936 _____ (Microsoft Corporation) C:\Windows\system32\shell32.dll
2017-06-14 05:24 - 2017-05-10 11:29 - 01867776 _____ (Microsoft Corporation) C:\Windows\system32\ExplorerFrame.dll
2017-06-14 05:24 - 2017-05-10 11:14 - 02651136 _____ (Microsoft Corporation) C:\Windows\system32\wuaueng.dll
2017-06-14 05:24 - 2017-05-10 11:12 - 12880896 _____ (Microsoft Corporation) C:\Windows\SysWOW64\shell32.dll
2017-06-14 05:24 - 2017-05-10 10:52 - 00117248 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\tdx.sys
2017-06-14 05:24 - 2017-05-09 11:30 - 00757248 _____ (Microsoft Corporation) C:\Windows\system32\win32spl.dll
2017-06-14 05:24 - 2017-05-09 11:29 - 00970240 _____ (Microsoft Corporation) C:\Windows\system32\localspl.dll
2017-06-14 05:24 - 2017-05-09 11:11 - 00497664 _____ (Microsoft Corporation) C:\Windows\SysWOW64\win32spl.dll
2017-06-14 05:24 - 2017-04-27 18:50 - 03550208 _____ (Microsoft Corporation) C:\Windows\SysWOW64\D3DCompiler_47.dll
2017-06-14 05:24 - 2017-04-12 09:05 - 04296704 _____ (Microsoft Corporation) C:\Windows\system32\D3DCompiler_47.dll
2017-06-14 05:23 - 2017-05-21 00:28 - 00154856 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecpkg.sys
2017-06-14 05:23 - 2017-05-21 00:28 - 00095464 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecdd.sys
2017-06-14 05:23 - 2017-05-21 00:24 - 01460736 _____ (Microsoft Corporation) C:\Windows\system32\lsasrv.dll
2017-06-14 05:23 - 2017-05-21 00:24 - 01212928 _____ (Microsoft Corporation) C:\Windows\system32\rpcrt4.dll
2017-06-14 05:23 - 2017-05-21 00:24 - 00730624 _____ (Microsoft Corporation) C:\Windows\system32\kerberos.dll
2017-06-14 05:23 - 2017-05-21 00:24 - 00690688 _____ (Microsoft Corporation) C:\Windows\system32\adtschema.dll
2017-06-14 05:23 - 2017-05-21 00:24 - 00463872 _____ (Microsoft Corporation) C:\Windows\system32\certcli.dll
2017-06-14 05:23 - 2017-05-21 00:24 - 00345600 _____ (Microsoft Corporation) C:\Windows\system32\schannel.dll
2017-06-14 05:23 - 2017-05-21 00:24 - 00316928 _____ (Microsoft Corporation) C:\Windows\system32\msv1_0.dll
2017-06-14 05:23 - 2017-05-21 00:24 - 00312320 _____ (Microsoft Corporation) C:\Windows\system32\ncrypt.dll
2017-06-14 05:23 - 2017-05-21 00:24 - 00210432 _____ (Microsoft Corporation) C:\Windows\system32\wdigest.dll
2017-06-14 05:23 - 2017-05-21 00:24 - 00190464 _____ (Microsoft Corporation) C:\Windows\system32\rpchttp.dll
2017-06-14 05:23 - 2017-05-21 00:24 - 00146432 _____ (Microsoft Corporation) C:\Windows\system32\msaudite.dll
2017-06-14 05:23 - 2017-05-21 00:24 - 00135680 _____ (Microsoft Corporation) C:\Windows\system32\sspicli.dll
2017-06-14 05:23 - 2017-05-21 00:24 - 00123904 _____ (Microsoft Corporation) C:\Windows\system32\bcrypt.dll
2017-06-14 05:23 - 2017-05-21 00:24 - 00086528 _____ (Microsoft Corporation) C:\Windows\system32\TSpkg.dll
2017-06-14 05:23 - 2017-05-21 00:24 - 00060416 _____ (Microsoft Corporation) C:\Windows\system32\msobjs.dll
2017-06-14 05:23 - 2017-05-21 00:24 - 00043520 _____ (Microsoft Corporation) C:\Windows\system32\cryptbase.dll
2017-06-14 05:23 - 2017-05-21 00:24 - 00028672 _____ (Microsoft Corporation) C:\Windows\system32\sspisrv.dll
2017-06-14 05:23 - 2017-05-21 00:24 - 00028160 _____ (Microsoft Corporation) C:\Windows\system32\secur32.dll
2017-06-14 05:23 - 2017-05-21 00:24 - 00022016 _____ (Microsoft Corporation) C:\Windows\system32\credssp.dll
2017-06-14 05:23 - 2017-05-21 00:06 - 00690688 _____ (Microsoft Corporation) C:\Windows\SysWOW64\adtschema.dll
2017-06-14 05:23 - 2017-05-21 00:06 - 00666112 _____ (Microsoft Corporation) C:\Windows\SysWOW64\rpcrt4.dll
2017-06-14 05:23 - 2017-05-21 00:06 - 00553472 _____ (Microsoft Corporation) C:\Windows\SysWOW64\kerberos.dll
2017-06-14 05:23 - 2017-05-21 00:06 - 00342528 _____ (Microsoft Corporation) C:\Windows\SysWOW64\certcli.dll
2017-06-14 05:23 - 2017-05-21 00:06 - 00261120 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msv1_0.dll
2017-06-14 05:23 - 2017-05-21 00:06 - 00254464 _____ (Microsoft Corporation) C:\Windows\SysWOW64\schannel.dll
2017-06-14 05:23 - 2017-05-21 00:06 - 00223232 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ncrypt.dll
2017-06-14 05:23 - 2017-05-21 00:06 - 00172032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wdigest.dll
2017-06-14 05:23 - 2017-05-21 00:06 - 00146432 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msaudite.dll
2017-06-14 05:23 - 2017-05-21 00:06 - 00141312 _____ (Microsoft Corporation) C:\Windows\SysWOW64\rpchttp.dll
2017-06-14 05:23 - 2017-05-21 00:06 - 00096768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\sspicli.dll
2017-06-14 05:23 - 2017-05-21 00:06 - 00082944 _____ (Microsoft Corporation) C:\Windows\SysWOW64\bcrypt.dll
2017-06-14 05:23 - 2017-05-21 00:06 - 00065536 _____ (Microsoft Corporation) C:\Windows\SysWOW64\TSpkg.dll
2017-06-14 05:23 - 2017-05-21 00:06 - 00060416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msobjs.dll
2017-06-14 05:23 - 2017-05-21 00:06 - 00022016 _____ (Microsoft Corporation) C:\Windows\SysWOW64\secur32.dll
2017-06-14 05:23 - 2017-05-21 00:06 - 00017408 _____ (Microsoft Corporation) C:\Windows\SysWOW64\credssp.dll
2017-06-14 05:23 - 2017-05-20 23:55 - 00064000 _____ (Microsoft Corporation) C:\Windows\system32\auditpol.exe
2017-06-14 05:23 - 2017-05-20 23:48 - 00291328 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxsmb10.sys
2017-06-14 05:23 - 2017-05-20 23:48 - 00159744 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxsmb.sys
2017-06-14 05:23 - 2017-05-20 23:48 - 00129536 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxsmb20.sys
2017-06-14 05:23 - 2017-05-20 23:47 - 00030720 _____ (Microsoft Corporation) C:\Windows\system32\lsass.exe
2017-06-14 05:23 - 2017-05-20 23:46 - 00050176 _____ (Microsoft Corporation) C:\Windows\SysWOW64\auditpol.exe
2017-06-14 05:23 - 2017-05-20 23:42 - 00036352 _____ (Microsoft Corporation) C:\Windows\SysWOW64\cryptbase.dll
2017-06-14 05:23 - 2017-05-16 14:19 - 00394448 _____ (Microsoft Corporation) C:\Windows\system32\iedkcs32.dll
2017-06-14 05:23 - 2017-05-16 13:35 - 00346320 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iedkcs32.dll
2017-06-14 05:23 - 2017-05-14 16:46 - 00004096 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollectorres.dll
2017-06-14 05:23 - 2017-05-14 16:28 - 00066560 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll
2017-06-14 05:23 - 2017-05-14 16:27 - 00417792 _____ (Microsoft Corporation) C:\Windows\system32\html.iec
2017-06-14 05:23 - 2017-05-14 16:27 - 00088064 _____ (Microsoft Corporation) C:\Windows\system32\MshtmlDac.dll
2017-06-14 05:23 - 2017-05-14 16:27 - 00048640 _____ (Microsoft Corporation) C:\Windows\system32\ieetwproxystub.dll
2017-06-14 05:23 - 2017-05-14 16:26 - 00576512 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
2017-06-14 05:23 - 2017-05-14 16:24 - 02899456 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2017-06-14 05:23 - 2017-05-14 16:17 - 00054784 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2017-06-14 05:23 - 2017-05-14 16:16 - 00034304 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll
2017-06-14 05:23 - 2017-05-14 16:10 - 00817664 _____ (Microsoft Corporation) C:\Windows\system32\jscript.dll
2017-06-14 05:23 - 2017-05-14 16:10 - 00814080 _____ (Microsoft Corporation) C:\Windows\system32\jscript9diag.dll
2017-06-14 05:23 - 2017-05-14 16:10 - 00144384 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe
2017-06-14 05:23 - 2017-05-14 16:10 - 00116224 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollector.exe
2017-06-14 05:23 - 2017-05-14 16:01 - 00968704 _____ (Microsoft Corporation) C:\Windows\system32\MsSpellCheckingFacility.exe
2017-06-14 05:23 - 2017-05-14 15:57 - 00489984 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll
2017-06-14 05:23 - 2017-05-14 15:48 - 00077824 _____ (Microsoft Corporation) C:\Windows\system32\JavaScriptCollectionAgent.dll
2017-06-14 05:23 - 2017-05-14 15:47 - 00087552 _____ (Microsoft Corporation) C:\Windows\system32\tdc.ocx
2017-06-14 05:23 - 2017-05-14 15:46 - 00107520 _____ (Microsoft Corporation) C:\Windows\system32\inseng.dll
2017-06-14 05:23 - 2017-05-14 15:42 - 00199680 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll
2017-06-14 05:23 - 2017-05-14 15:41 - 00092160 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
2017-06-14 05:23 - 2017-05-14 15:38 - 00315392 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll
2017-06-14 05:23 - 2017-05-14 15:36 - 00152064 _____ (Microsoft Corporation) C:\Windows\system32\occache.dll
2017-06-14 05:23 - 2017-05-14 15:23 - 00262144 _____ (Microsoft Corporation) C:\Windows\system32\webcheck.dll
2017-06-14 05:23 - 2017-05-14 15:23 - 00062464 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll
2017-06-14 05:23 - 2017-05-14 15:22 - 00499200 _____ (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll
2017-06-14 05:23 - 2017-05-14 15:22 - 00341504 _____ (Microsoft Corporation) C:\Windows\SysWOW64\html.iec
2017-06-14 05:23 - 2017-05-14 15:22 - 00047616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieetwproxystub.dll
2017-06-14 05:23 - 2017-05-14 15:21 - 00064000 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MshtmlDac.dll
2017-06-14 05:23 - 2017-05-14 15:20 - 00725504 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2017-06-14 05:23 - 2017-05-14 15:19 - 00806912 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2017-06-14 05:23 - 2017-05-14 15:18 - 01359360 _____ (Microsoft Corporation) C:\Windows\system32\mshtmlmedia.dll
2017-06-14 05:23 - 2017-05-14 15:17 - 02132992 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2017-06-14 05:23 - 2017-05-14 15:16 - 02290176 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2017-06-14 05:23 - 2017-05-14 15:15 - 00047104 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2017-06-14 05:23 - 2017-05-14 15:14 - 00030720 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll
2017-06-14 05:23 - 2017-05-14 15:11 - 00115712 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe
2017-06-14 05:23 - 2017-05-14 15:10 - 00663552 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript.dll
2017-06-14 05:23 - 2017-05-14 15:10 - 00620032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9diag.dll
2017-06-14 05:23 - 2017-05-14 15:02 - 00416256 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtmsft.dll
2017-06-14 05:23 - 2017-05-14 14:57 - 00073216 _____ (Microsoft Corporation) C:\Windows\SysWOW64\tdc.ocx
2017-06-14 05:23 - 2017-05-14 14:57 - 00060416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\JavaScriptCollectionAgent.dll
2017-06-14 05:23 - 2017-05-14 14:56 - 00091136 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inseng.dll
2017-06-14 05:23 - 2017-05-14 14:53 - 00168960 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msrating.dll
2017-06-14 05:23 - 2017-05-14 14:52 - 00076288 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll
2017-06-14 05:23 - 2017-05-14 14:50 - 00279040 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtrans.dll
2017-06-14 05:23 - 2017-05-14 14:49 - 00130048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\occache.dll
2017-06-14 05:23 - 2017-05-14 14:42 - 00230400 _____ (Microsoft Corporation) C:\Windows\SysWOW64\webcheck.dll
2017-06-14 05:23 - 2017-05-14 14:40 - 00693248 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2017-06-14 05:23 - 2017-05-14 14:39 - 02057216 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
2017-06-14 05:23 - 2017-05-14 14:38 - 01155072 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmlmedia.dll
2017-06-14 05:23 - 2017-05-14 14:37 - 01544704 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2017-06-14 05:23 - 2017-05-14 14:27 - 00800768 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll
2017-06-14 05:23 - 2017-05-14 14:11 - 01314816 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2017-06-14 05:23 - 2017-05-14 14:11 - 00710144 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dll
2017-06-14 05:23 - 2017-05-12 14:27 - 00631176 _____ (Microsoft Corporation) C:\Windows\system32\winresume.efi
2017-06-14 05:23 - 2017-05-12 14:26 - 00706792 _____ (Microsoft Corporation) C:\Windows\system32\winload.efi
2017-06-14 05:23 - 2017-05-12 14:26 - 00382696 _____ (Adobe Systems Incorporated) C:\Windows\system32\atmfd.dll
2017-06-14 05:23 - 2017-05-12 14:24 - 01732864 _____ (Microsoft Corporation) C:\Windows\system32\ntdll.dll
2017-06-14 05:23 - 2017-05-12 14:22 - 01163264 _____ (Microsoft Corporation) C:\Windows\system32\kernel32.dll
2017-06-14 05:23 - 2017-05-12 14:22 - 00880640 _____ (Microsoft Corporation) C:\Windows\system32\advapi32.dll
2017-06-14 05:23 - 2017-05-12 14:22 - 00503808 _____ (Microsoft Corporation) C:\Windows\system32\srcore.dll
2017-06-14 05:23 - 2017-05-12 14:22 - 00419840 _____ (Microsoft Corporation) C:\Windows\system32\KernelBase.dll
2017-06-14 05:23 - 2017-05-12 14:22 - 00405504 _____ (Microsoft Corporation) C:\Windows\system32\gdi32.dll
2017-06-14 05:23 - 2017-05-12 14:22 - 00362496 _____ (Microsoft Corporation) C:\Windows\system32\wow64win.dll
2017-06-14 05:23 - 2017-05-12 14:22 - 00243712 _____ (Microsoft Corporation) C:\Windows\system32\wow64.dll
2017-06-14 05:23 - 2017-05-12 14:22 - 00215552 _____ (Microsoft Corporation) C:\Windows\system32\winsrv.dll
2017-06-14 05:23 - 2017-05-12 14:22 - 00100864 _____ (Microsoft Corporation) C:\Windows\system32\fontsub.dll
2017-06-14 05:23 - 2017-05-12 14:22 - 00063488 _____ (Microsoft Corporation) C:\Windows\system32\setbcdlocale.dll
2017-06-14 05:23 - 2017-05-12 14:22 - 00059904 _____ (Microsoft Corporation) C:\Windows\system32\appidapi.dll
2017-06-14 05:23 - 2017-05-12 14:22 - 00050176 _____ (Microsoft Corporation) C:\Windows\system32\srclient.dll
2017-06-14 05:23 - 2017-05-12 14:22 - 00046080 _____ (Adobe Systems) C:\Windows\system32\atmlib.dll
2017-06-14 05:23 - 2017-05-12 14:22 - 00044032 _____ (Microsoft Corporation) C:\Windows\system32\csrsrv.dll
2017-06-14 05:23 - 2017-05-12 14:22 - 00041472 _____ (Microsoft Corporation) C:\Windows\system32\lpk.dll
2017-06-14 05:23 - 2017-05-12 14:22 - 00034816 _____ (Microsoft Corporation) C:\Windows\system32\appidsvc.dll
2017-06-14 05:23 - 2017-05-12 14:22 - 00016384 _____ (Microsoft Corporation) C:\Windows\system32\ntvdm64.dll
2017-06-14 05:23 - 2017-05-12 14:22 - 00014336 _____ (Microsoft Corporation) C:\Windows\system32\dciman32.dll
2017-06-14 05:23 - 2017-05-12 14:22 - 00013312 _____ (Microsoft Corporation) C:\Windows\system32\wow64cpu.dll
2017-06-14 05:23 - 2017-05-12 14:22 - 00006656 _____ (Microsoft Corporation) C:\Windows\system32\apisetschema.dll
2017-06-14 05:23 - 2017-05-12 14:22 - 00006144 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-security-base-l1-1-0.dll
2017-06-14 05:23 - 2017-05-12 14:22 - 00005120 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-file-l1-1-0.dll
2017-06-14 05:23 - 2017-05-12 14:22 - 00004608 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-threadpool-l1-1-0.dll
2017-06-14 05:23 - 2017-05-12 14:22 - 00004608 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-processthreads-l1-1-0.dll
2017-06-14 05:23 - 2017-05-12 14:22 - 00004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-sysinfo-l1-1-0.dll
2017-06-14 05:23 - 2017-05-12 14:22 - 00004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-synch-l1-1-0.dll
2017-06-14 05:23 - 2017-05-12 14:22 - 00004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-localregistry-l1-1-0.dll
2017-06-14 05:23 - 2017-05-12 14:22 - 00004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-localization-l1-1-0.dll
2017-06-14 05:23 - 2017-05-12 14:22 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-rtlsupport-l1-1-0.dll
2017-06-14 05:23 - 2017-05-12 14:22 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-processenvironment-l1-1-0.dll
2017-06-14 05:23 - 2017-05-12 14:22 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-namedpipe-l1-1-0.dll
2017-06-14 05:23 - 2017-05-12 14:22 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-misc-l1-1-0.dll
2017-06-14 05:23 - 2017-05-12 14:22 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-memory-l1-1-0.dll
2017-06-14 05:23 - 2017-05-12 14:22 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-libraryloader-l1-1-0.dll
2017-06-14 05:23 - 2017-05-12 14:22 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-heap-l1-1-0.dll
2017-06-14 05:23 - 2017-05-12 14:22 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-xstate-l1-1-0.dll
2017-06-14 05:23 - 2017-05-12 14:22 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-util-l1-1-0.dll
2017-06-14 05:23 - 2017-05-12 14:22 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-string-l1-1-0.dll
2017-06-14 05:23 - 2017-05-12 14:22 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-profile-l1-1-0.dll
2017-06-14 05:23 - 2017-05-12 14:22 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-io-l1-1-0.dll
2017-06-14 05:23 - 2017-05-12 14:22 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-interlocked-l1-1-0.dll
2017-06-14 05:23 - 2017-05-12 14:22 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-handle-l1-1-0.dll
2017-06-14 05:23 - 2017-05-12 14:22 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-fibers-l1-1-0.dll
2017-06-14 05:23 - 2017-05-12 14:22 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-errorhandling-l1-1-0.dll
2017-06-14 05:23 - 2017-05-12 14:22 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-delayload-l1-1-0.dll
2017-06-14 05:23 - 2017-05-12 14:22 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-debug-l1-1-0.dll
2017-06-14 05:23 - 2017-05-12 14:22 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-datetime-l1-1-0.dll
2017-06-14 05:23 - 2017-05-12 14:22 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-console-l1-1-0.dll
2017-06-14 05:23 - 2017-05-12 14:07 - 00308456 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\atmfd.dll
2017-06-14 05:23 - 2017-05-12 14:04 - 01314112 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntdll.dll
2017-06-14 05:23 - 2017-05-12 14:03 - 01114112 _____ (Microsoft Corporation) C:\Windows\SysWOW64\kernel32.dll
2017-06-14 05:23 - 2017-05-12 14:03 - 00644096 _____ (Microsoft Corporation) C:\Windows\SysWOW64\advapi32.dll
2017-06-14 05:23 - 2017-05-12 14:03 - 00275456 _____ (Microsoft Corporation) C:\Windows\SysWOW64\KernelBase.dll
2017-06-14 05:23 - 2017-05-12 14:03 - 00070656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\fontsub.dll
2017-06-14 05:23 - 2017-05-12 14:03 - 00050688 _____ (Microsoft Corporation) C:\Windows\SysWOW64\appidapi.dll
2017-06-14 05:23 - 2017-05-12 14:03 - 00043008 _____ (Microsoft Corporation) C:\Windows\SysWOW64\srclient.dll
2017-06-14 05:23 - 2017-05-12 14:03 - 00025600 _____ (Microsoft Corporation) C:\Windows\SysWOW64\lpk.dll
2017-06-14 05:23 - 2017-05-12 14:03 - 00010240 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dciman32.dll
2017-06-14 05:23 - 2017-05-12 14:03 - 00006656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\apisetschema.dll
2017-06-14 05:23 - 2017-05-12 14:03 - 00005120 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-file-l1-1-0.dll
2017-06-14 05:23 - 2017-05-12 14:03 - 00005120 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wow32.dll
2017-06-14 05:23 - 2017-05-12 14:03 - 00004608 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-processthreads-l1-1-0.dll
2017-06-14 05:23 - 2017-05-12 14:03 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-sysinfo-l1-1-0.dll
2017-06-14 05:23 - 2017-05-12 14:03 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-synch-l1-1-0.dll
2017-06-14 05:23 - 2017-05-12 14:03 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-misc-l1-1-0.dll
2017-06-14 05:23 - 2017-05-12 14:03 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-localregistry-l1-1-0.dll
2017-06-14 05:23 - 2017-05-12 14:03 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-localization-l1-1-0.dll
2017-06-14 05:23 - 2017-05-12 14:03 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-processenvironment-l1-1-0.dll
2017-06-14 05:23 - 2017-05-12 14:03 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-namedpipe-l1-1-0.dll
2017-06-14 05:23 - 2017-05-12 14:03 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-memory-l1-1-0.dll
2017-06-14 05:23 - 2017-05-12 14:03 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-libraryloader-l1-1-0.dll
2017-06-14 05:23 - 2017-05-12 14:03 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-interlocked-l1-1-0.dll
2017-06-14 05:23 - 2017-05-12 14:03 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-heap-l1-1-0.dll
2017-06-14 05:23 - 2017-05-12 14:03 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-string-l1-1-0.dll
2017-06-14 05:23 - 2017-05-12 14:03 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-rtlsupport-l1-1-0.dll
2017-06-14 05:23 - 2017-05-12 14:03 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-profile-l1-1-0.dll
2017-06-14 05:23 - 2017-05-12 14:03 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-io-l1-1-0.dll
2017-06-14 05:23 - 2017-05-12 14:03 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-handle-l1-1-0.dll
2017-06-14 05:23 - 2017-05-12 14:03 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-fibers-l1-1-0.dll
2017-06-14 05:23 - 2017-05-12 14:03 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-errorhandling-l1-1-0.dll
2017-06-14 05:23 - 2017-05-12 14:03 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-delayload-l1-1-0.dll
2017-06-14 05:23 - 2017-05-12 14:03 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-debug-l1-1-0.dll
2017-06-14 05:23 - 2017-05-12 14:03 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-datetime-l1-1-0.dll
2017-06-14 05:23 - 2017-05-12 14:03 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-console-l1-1-0.dll
2017-06-14 05:23 - 2017-05-12 13:55 - 00148480 _____ (Microsoft Corporation) C:\Windows\system32\appidpolicyconverter.exe
2017-06-14 05:23 - 2017-05-12 13:54 - 00062464 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\appid.sys
2017-06-14 05:23 - 2017-05-12 13:54 - 00017920 _____ (Microsoft Corporation) C:\Windows\system32\appidcertstorecheck.exe
2017-06-14 05:23 - 2017-05-12 13:51 - 00338432 _____ (Microsoft Corporation) C:\Windows\system32\conhost.exe
2017-06-14 05:23 - 2017-05-12 13:50 - 00296960 _____ (Microsoft Corporation) C:\Windows\system32\rstrui.exe
2017-06-14 05:23 - 2017-05-12 13:46 - 00112640 _____ (Microsoft Corporation) C:\Windows\system32\smss.exe
2017-06-14 05:23 - 2017-05-12 13:43 - 00034304 _____ (Adobe Systems) C:\Windows\SysWOW64\atmlib.dll
2017-06-14 05:23 - 2017-05-12 13:41 - 00025600 _____ (Microsoft Corporation) C:\Windows\SysWOW64\setup16.exe
2017-06-14 05:23 - 2017-05-12 13:41 - 00014336 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntvdm64.dll
2017-06-14 05:23 - 2017-05-12 13:41 - 00007680 _____ (Microsoft Corporation) C:\Windows\SysWOW64\instnm.exe
2017-06-14 05:23 - 2017-05-12 13:41 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\user.exe
2017-06-14 05:23 - 2017-05-12 13:40 - 00006144 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-security-base-l1-1-0.dll
2017-06-14 05:23 - 2017-05-12 13:40 - 00004608 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-threadpool-l1-1-0.dll
2017-06-14 05:23 - 2017-05-12 13:40 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-xstate-l1-1-0.dll
2017-06-14 05:23 - 2017-05-12 13:40 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-util-l1-1-0.dll
2017-06-14 05:23 - 2017-05-12 12:25 - 01251328 _____ (Microsoft Corporation) C:\Windows\SysWOW64\DWrite.dll
2017-06-14 05:23 - 2017-05-12 11:58 - 01648128 _____ (Microsoft Corporation) C:\Windows\system32\DWrite.dll
2017-06-14 05:23 - 2017-05-12 11:58 - 01180160 _____ (Microsoft Corporation) C:\Windows\system32\FntCache.dll
2017-06-14 05:23 - 2017-05-10 11:33 - 00091368 _____ (Microsoft Corporation) C:\Windows\system32\MigAutoPlay.exe
2017-06-14 05:23 - 2017-05-10 11:29 - 03165184 _____ (Microsoft Corporation) C:\Windows\system32\wucltux.dll
2017-06-14 05:23 - 2017-05-10 11:29 - 00192512 _____ (Microsoft Corporation) C:\Windows\system32\wuwebv.dll
2017-06-14 05:23 - 2017-05-10 11:29 - 00098816 _____ (Microsoft Corporation) C:\Windows\system32\wudriver.dll
2017-06-14 05:23 - 2017-05-10 11:28 - 00091136 _____ (Microsoft Corporation) C:\Windows\system32\WinSetupUI.dll
2017-06-14 05:23 - 2017-05-10 11:16 - 00091368 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MigAutoPlay.exe
2017-06-14 05:23 - 2017-05-10 11:13 - 00709120 _____ (Microsoft Corporation) C:\Windows\system32\wuapi.dll
2017-06-14 05:23 - 2017-05-10 11:13 - 00140288 _____ (Microsoft Corporation) C:\Windows\system32\wuauclt.exe
2017-06-14 05:23 - 2017-05-10 11:13 - 00037888 _____ (Microsoft Corporation) C:\Windows\system32\wups2.dll
2017-06-14 05:23 - 2017-05-10 11:13 - 00037888 _____ (Microsoft Corporation) C:\Windows\system32\wuapp.exe
2017-06-14 05:23 - 2017-05-10 11:13 - 00036864 _____ (Microsoft Corporation) C:\Windows\system32\wups.dll
2017-06-14 05:23 - 2017-05-10 11:13 - 00012288 _____ (Microsoft Corporation) C:\Windows\system32\wu.upgrade.ps.dll
2017-06-14 05:23 - 2017-05-10 11:12 - 01499648 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ExplorerFrame.dll
2017-06-14 05:23 - 2017-05-10 11:12 - 00174080 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wuwebv.dll
2017-06-14 05:23 - 2017-05-10 11:00 - 00573440 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wuapi.dll
2017-06-14 05:23 - 2017-05-10 11:00 - 00093696 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wudriver.dll
2017-06-14 05:23 - 2017-05-10 11:00 - 00035328 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wuapp.exe
2017-06-14 05:23 - 2017-05-10 11:00 - 00030208 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wups.dll
2017-06-14 05:23 - 2017-05-09 11:15 - 00071680 _____ C:\Windows\system32\PrintBrmUi.exe
2017-06-14 05:23 - 2017-05-07 11:33 - 00094440 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mountmgr.sys
2017-06-14 05:23 - 2017-05-07 11:29 - 00011264 _____ (Microsoft Corporation) C:\Windows\system32\msmmsp.dll
2017-06-14 05:23 - 2017-03-30 11:03 - 00046080 _____ (Microsoft Corporation) C:\Windows\system32\rundll32.exe
2017-06-14 05:23 - 2017-03-30 10:58 - 00045056 _____ (Microsoft Corporation) C:\Windows\SysWOW64\rundll32.exe
2017-06-12 18:32 - 2017-06-12 18:32 - 00005466 _____ C:\Users\LenovoThinkPadOwner\Documents\cc_20170612_183220.reg
2017-06-11 18:16 - 2017-06-11 18:16 - 00000000 ____D C:\Users\LenovoThinkPadOwner\AppData\Local\Tvsukernel
2017-06-08 03:17 - 2017-06-08 03:17 - 01060549 _____ C:\Users\LenovoThinkPadOwner\Downloads\PVT9005_pdf (1).pdf
2017-06-08 03:15 - 2017-06-08 03:15 - 01060549 _____ C:\Users\LenovoThinkPadOwner\Downloads\PVT9005_pdf.pdf
2017-06-05 13:48 - 2017-06-05 13:48 - 00534741 _____ C:\Users\LenovoThinkPadOwner\Downloads\fa2fbb49-a4af-4ca7-95b7-e8a479282dd9.pdf
==================== One Month Modified files and folders ========
(If an entry is included in the fixlist, the file/folder will be moved.)
2017-07-04 00:07 - 2009-07-14 00:45 - 00032208 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2017-07-04 00:07 - 2009-07-14 00:45 - 00032208 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2017-07-03 22:22 - 2009-07-14 01:13 - 00781790 _____ C:\Windows\system32\PerfStringBackup.INI
2017-07-03 22:22 - 2009-07-13 23:20 - 00000000 ____D C:\Windows\inf
2017-07-03 22:20 - 2016-07-19 11:20 - 00007140 _____ C:\IFRToolLog.txt
2017-07-03 22:15 - 2016-07-19 10:15 - 00000000 __SHD C:\Users\LenovoThinkPadOwner\IntelGraphicsProfiles
2017-07-03 22:14 - 2017-05-15 11:18 - 00000222 _____ C:\Windows\Tasks\Lenovo Active Protection System.job
2017-07-03 22:14 - 2009-07-14 01:08 - 00000006 ____H C:\Windows\Tasks\SA.DAT
2017-07-03 22:13 - 2016-07-21 04:44 - 00000000 ____D C:\ProgramData\Synaptics
2017-07-03 21:28 - 2017-01-19 10:13 - 00000000 ____D C:\Program Files (x86)\Steam
2017-07-03 20:49 - 2017-03-16 07:13 - 00004172 _____ C:\Windows\System32\Tasks\Avast Emergency Update
2017-07-03 16:00 - 2017-01-14 19:11 - 133627792 ____C (Microsoft Corporation) C:\Windows\system32\MRT.exe
2017-07-03 15:45 - 2017-04-17 03:04 - 00000000 ____D C:\swshare
2017-07-01 23:43 - 2009-07-13 23:20 - 00000000 ____D C:\Windows\rescache
2017-07-01 21:53 - 2017-02-06 12:10 - 00003924 _____ C:\Windows\System32\Tasks\SafeZone scheduled Autoupdate 1486397404
2017-07-01 21:35 - 2017-03-18 03:04 - 00001933 _____ C:\Users\Public\Desktop\Avast Internet Security.lnk
2017-07-01 20:46 - 2017-04-24 23:55 - 00000000 ____D C:\Program Files (x86)\Spybot - Search & Destroy 2
2017-07-01 20:46 - 2015-05-04 18:09 - 00000000 ____D C:\ProgramData\Lenovo
2017-07-01 20:45 - 2017-04-24 23:55 - 00000000 ____D C:\ProgramData\Spybot - Search & Destroy
2017-07-01 20:45 - 2016-07-22 11:43 - 00000000 ____D C:\Windows\System32\Tasks\AVAST Software
2017-07-01 20:45 - 2016-07-21 16:52 - 00000000 ____D C:\Windows\SysWOW64\Adobe
2017-07-01 20:45 - 2016-07-21 11:14 - 00000000 ___SD C:\Windows\system32\CompatTel
2017-07-01 20:45 - 2016-07-21 11:14 - 00000000 ____D C:\Windows\system32\appraiser
2017-07-01 20:45 - 2016-07-19 10:15 - 00000000 ____D C:\Users\LenovoThinkPadOwner
2017-07-01 20:45 - 2015-05-05 11:21 - 00000000 ____D C:\ProgramData\Norton
2017-07-01 20:45 - 2015-05-05 11:03 - 00000000 ___HD C:\Windows\system32\WLANProfiles
2017-07-01 20:45 - 2014-11-14 15:29 - 00000000 ___RD C:\Users\Public\Recorded TV
2017-07-01 20:45 - 2009-07-13 23:20 - 00000000 ____D C:\Windows\system32\NDF
2017-07-01 20:45 - 2009-07-13 23:20 - 00000000 ____D C:\Windows\servicing
2017-07-01 20:45 - 2009-07-13 23:20 - 00000000 ____D C:\Windows\registration
2017-07-01 16:06 - 2009-07-13 22:34 - 00454436 ____R C:\Windows\system32\Drivers\etc\hosts.20170703-191627.backup
2017-07-01 15:07 - 2016-07-22 11:42 - 00361336 _____ (AVAST Software) C:\Windows\system32\Drivers\aswVmm.sys
2017-07-01 14:16 - 2015-05-05 11:21 - 00000000 ____D C:\ProgramData\NortonInstaller
2017-06-30 16:30 - 2009-07-13 22:34 - 00454436 ____R C:\Windows\system32\Drivers\etc\hosts.20170701-160627.backup
2017-06-30 02:09 - 2016-07-21 17:19 - 00000000 ____D C:\ProgramData\Malwarebytes
2017-06-29 20:56 - 2014-11-13 18:07 - 00774404 _____ C:\Windows\SysWOW64\PerfStringBackup.INI
2017-06-29 20:13 - 2009-07-13 22:34 - 00454436 ____R C:\Windows\system32\Drivers\etc\hosts.20170630-162046.backup
2017-06-29 19:01 - 2009-07-13 22:34 - 00454436 ____R C:\Windows\system32\Drivers\etc\hosts.20170629-201334.backup
2017-06-29 18:55 - 2016-07-22 11:42 - 00585608 _____ (AVAST Software) C:\Windows\system32\Drivers\aswSP.sys
2017-06-29 18:55 - 2016-07-22 11:42 - 00198768 _____ (AVAST Software) C:\Windows\system32\Drivers\aswStm.sys
2017-06-29 18:55 - 2016-07-22 11:42 - 00146664 _____ (AVAST Software) C:\Windows\system32\Drivers\aswMonFlt.sys
2017-06-29 18:55 - 2016-07-22 11:42 - 00110352 _____ (AVAST Software) C:\Windows\system32\Drivers\aswRdr2.sys
2017-06-29 18:55 - 2016-07-22 11:42 - 00084392 _____ (AVAST Software) C:\Windows\system32\Drivers\aswRvrt.sys
2017-06-29 18:55 - 2016-07-22 11:42 - 00046984 _____ (AVAST Software) C:\Windows\system32\Drivers\aswHwid.sys
2017-06-29 18:54 - 2017-03-18 03:01 - 00554528 _____ (AVAST Software) C:\Windows\system32\Drivers\aswNetSec.sys
2017-06-29 18:54 - 2017-03-16 07:13 - 00343264 _____ (AVAST Software s.r.o.) C:\Windows\system32\Drivers\aswbloga.sys
2017-06-29 18:54 - 2017-03-16 07:13 - 00319984 _____ (AVAST Software s.r.o.) C:\Windows\system32\Drivers\aswbidsdrivera.sys
2017-06-29 18:54 - 2017-03-16 07:13 - 00198944 _____ (AVAST Software s.r.o.) C:\Windows\system32\Drivers\aswbidsha.sys
2017-06-29 18:54 - 2017-03-16 07:13 - 00057704 _____ (AVAST Software s.r.o.) C:\Windows\system32\Drivers\aswbuniva.sys
2017-06-29 18:54 - 2016-07-22 11:42 - 01015848 _____ (AVAST Software) C:\Windows\system32\Drivers\aswSnx.sys
2017-06-29 18:54 - 2016-07-22 11:42 - 00041800 _____ (AVAST Software) C:\Windows\system32\Drivers\aswKbd.sys
2017-06-28 20:54 - 2016-07-21 16:42 - 00002206 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk
2017-06-28 20:54 - 2016-07-21 16:42 - 00002194 _____ C:\Users\Public\Desktop\Google Chrome.lnk
2017-06-25 17:54 - 2017-01-14 01:37 - 00000000 ____D C:\Users\LenovoThinkPadOwner\AppData\Roaming\Nitro PDF
2017-06-21 08:27 - 2017-02-06 12:10 - 00001289 _____ C:\Users\Public\Desktop\Avast SafeZone Browser.lnk
2017-06-19 14:56 - 2009-07-14 00:45 - 00278656 _____ C:\Windows\system32\FNTCACHE.DAT
2017-06-19 14:54 - 2009-07-13 23:20 - 00000000 ____D C:\Windows\SysWOW64\migwiz
2017-06-19 14:54 - 2009-07-13 23:20 - 00000000 ____D C:\Windows\system32\migwiz
2017-06-19 14:53 - 2017-01-14 19:11 - 00000000 ____D C:\Windows\system32\MRT
2017-06-16 09:45 - 2017-01-19 01:47 - 00803328 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2017-06-16 09:45 - 2017-01-19 01:47 - 00144896 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2017-06-16 09:45 - 2017-01-19 01:47 - 00004312 _____ C:\Windows\System32\Tasks\Adobe Flash Player Updater
2017-06-16 09:45 - 2017-01-19 01:47 - 00000000 ____D C:\Windows\SysWOW64\Macromed
2017-06-16 09:45 - 2017-01-19 01:47 - 00000000 ____D C:\Windows\system32\Macromed
==================== Files in the root of some directories =======
2017-01-18 21:59 - 2017-01-18 21:59 - 0000057 _____ () C:\ProgramData\Ament.ini
2015-05-05 11:03 - 2015-05-05 11:03 - 0000000 ____H () C:\ProgramData\DP45977C.lfl
2015-05-05 11:17 - 2015-05-05 11:17 - 0000107 _____ () C:\ProgramData\{324F76CC-D8DD-4D87-B77D-D4AF5E1AA7B3}.log
2015-05-05 11:14 - 2015-05-05 11:15 - 0000105 _____ () C:\ProgramData\{40BF1E83-20EB-11D8-97C5-0009C5020658}.log
2015-05-05 11:15 - 2015-05-05 11:16 - 0000110 _____ () C:\ProgramData\{B7A0CE06-068E-11D6-97FD-0050BACBF861}.log
2015-05-05 11:17 - 2015-05-05 11:17 - 0000115 _____ () C:\ProgramData\{D6E853EC-8960-4D44-AF03-7361BB93227C}.log
Some zero byte size files/folders:
==========================
C:\Windows\SysWOW64\dlumd10.dll
C:\Windows\SysWOW64\dlumd11.dll
C:\Windows\SysWOW64\dlumd9.dll
C:\Windows\System32\dlumd10.dll
C:\Windows\System32\dlumd11.dll
C:\Windows\System32\dlumd9.dll
==================== Bamital & volsnap ======================
(There is no automatic fix for files that do not pass verification.)
C:\Windows\system32\winlogon.exe => File is digitally signed
C:\Windows\system32\wininit.exe => File is digitally signed
C:\Windows\SysWOW64\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\system32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\system32\services.exe => File is digitally signed
C:\Windows\system32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\system32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\system32\rpcss.dll => File is digitally signed
C:\Windows\system32\dnsapi.dll => File is digitally signed
C:\Windows\SysWOW64\dnsapi.dll => File is digitally signed
C:\Windows\system32\Drivers\volsnap.sys => File is digitally signed
LastRegBack: 2017-07-02 00:29
==================== End of FRST.txt ============================
Additional scan result of Farbar Recovery Scan Tool (x64) Version: 03-07-2017 01
Ran by LenovoThinkPadOwner (04-07-2017 00:13:56)
Running from C:\Users\LenovoThinkPadOwner\Downloads
Windows 7 Professional Service Pack 1 (X64) (2016-07-19 14:15:07)
Boot Mode: Normal
==========================================================
==================== Accounts: =============================
Administrator (S-1-5-21-3035152817-1234986613-3461963699-500 - Administrator - Disabled)
Guest (S-1-5-21-3035152817-1234986613-3461963699-501 - Limited - Disabled)
HomeGroupUser$ (S-1-5-21-3035152817-1234986613-3461963699-1002 - Limited - Enabled)
LenovoThinkPadOwner (S-1-5-21-3035152817-1234986613-3461963699-1000 - Administrator - Enabled) => C:\Users\LenovoThinkPadOwner
==================== Security Center ========================
(If an entry is included in the fixlist, it will be removed.)
AV: Avast Antivirus (Enabled - Up to date) {8EA8924E-BC81-DC44-8BB0-8BAE75D86EBF}
AV: Microsoft Security Essentials (Enabled - Up to date) {71A27EC9-3DA6-45FC-60A7-004F623C6189}
AS: Spybot - Search and Destroy (Enabled - Up to date) {A16C3F68-9280-E053-1818-342707FECF4D}
AS: Microsoft Security Essentials (Enabled - Up to date) {CAC39F2D-1B9C-4A72-5A17-3B3D19BB2B34}
AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: Avast Antivirus (Enabled - Up to date) {35C973AA-9ABB-D3CA-B100-B0DC0E5F2402}
FW: Avast Antivirus (Enabled) {B693136B-F6EE-DD1C-A0EF-229B8B0B29C4}
==================== Installed Programs ======================
(Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)
Adobe Acrobat Reader DC (HKLM-x32\...\{AC76BA86-7AD7-1033-7B44-AC0F074E4100}) (Version: 17.009.20044 - Adobe Systems Incorporated)
Adobe AIR (HKLM-x32\...\Adobe AIR) (Version: 26.0.0.118 - Adobe Systems Incorporated)
Adobe Flash Player 26 ActiveX (HKLM-x32\...\Adobe Flash Player ActiveX) (Version: 26.0.0.131 - Adobe Systems Incorporated)
Adobe Shockwave Player 12.2 (HKLM-x32\...\Adobe Shockwave Player) (Version: 12.2.9.199 - Adobe Systems, Inc.)
Avast Internet Security (HKLM-x32\...\Avast Antivirus) (Version: 17.5.2302 - AVAST Software)
AVS Video Editor 7.4.1 (HKLM-x32\...\AVS Video Editor_is1) (Version: 7.4.1.281 - Online Media Technologies Ltd.)
CCleaner (HKLM\...\CCleaner) (Version: 5.20 - Piriform)
Conexant HD Audio (HKLM\...\CNXT_AUDIO_HDA) (Version: 8.65.55.62 - Conexant)
Connect2 (HKLM-x32\...\Connect2_is1) (Version: 4.2.1.3973 - Lenovo)
Create Recovery Media (HKLM-x32\...\{50DC5136-21E8-48BC-97E5-1AD055F6B0B6}) (Version: 1.20.0.00 - Lenovo Group Limited)
CyberLink PowerDVD 12 (HKLM-x32\...\InstallShield_{B46BEA36-0B71-4A4E-AE41-87241643FA0A}) (Version: 12.0.4331.55 - CyberLink Corp.)
Digital Coupon Printer (HKLM-x32\...\{2CDD20A5-DFDE-4AC0-97DD-F60B1196BF98}) (Version: 3.50.0.0 - Hopster, Inc. an Inmar company)
DisplayLink Core Software (HKLM\...\{58F4C39B-D946-4A45-A314-DEFC2AFDF397}) (Version: 7.5.54609.0 - DisplayLink Corp.)
Dolby Advanced Audio v2 (HKLM-x32\...\{B9E70C7A-9F85-4A39-A4A3-BFA3C3BF7613}) (Version: 7.2.8000.17 - Dolby Laboratories Inc)
Dropbox 15 GB (HKLM-x32\...\{597A58EC-42D6-4940-8739-FB94491B013C}) (Version: 0.9.0 - Dropbox, Inc.)
Google Chrome (HKLM-x32\...\{A58EE139-F99A-3991-B9D2-EBB6A6E2F9AE}) (Version: 59.0.3071.115 - Google, Inc.)
Google Update Helper (HKLM-x32\...\{60EC980A-BDA2-4CB6-A427-B07A5498B4CA}) (Version: 1.3.33.5 - Google Inc.) Hidden
HP Officejet Pro 6830 Basic Device Software (HKLM\...\{98040AB6-D667-409C-81E7-DB65836B3EE0}) (Version: 33.1.73.49987 - Hewlett-Packard Co.)
HP Officejet Pro 6830 Help (HKLM-x32\...\{28693307-6F99-4B5D-9FA3-4D9132DDA716}) (Version: 34.0.0 - Hewlett Packard)
HP Update (HKLM-x32\...\{912D30CF-F39E-4B31-AD9A-123C6B794EE2}) (Version: 5.005.002.002 - Hewlett-Packard)
I.R.I.S. OCR (HKLM-x32\...\{CA6BCA2F-EDEB-408F-850B-31404BE16A61}) (Version: 12.3.4.0 - HP)
Integrated Camera (HKLM-x32\...\Sunplus SPUVCb) (Version: 3.4.7.36 - SunplusIT)
Intel® Chipset Device Software (HKLM-x32\...\{f5d71765-7cd1-4e68-998f-5b379e725da3}) (Version: 10.0.22 - Intel® Corporation) Hidden
Intel® Management Engine Components (HKLM\...\{1CEAC85D-2590-4760-800F-8DE5E91F3700}) (Version: 10.0.30.1072 - Intel Corporation)
Intel® Processor Graphics (HKLM-x32\...\{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}) (Version: 10.18.14.4432 - Intel Corporation)
Intel® Update Manager (HKLM-x32\...\{43FA4AC8-46F8-423F-96FD-9A7D67048F1C}) (Version: 2.5.1634 - Intel Corporation)
Intel® USB 3.0 eXtensible Host Controller Driver (HKLM-x32\...\{240C3DDD-C5E9-4029-9DF7-95650D040CF2}) (Version: 3.0.3.60 - Intel Corporation)
Intel® WiDi (HKLM\...\{5BBC7722-E4D9-4406-A8B9-1E11A23B9EAF}) (Version: 5.0.32.0 - Intel Corporation)
Intel® Wireless Bluetooth®(patch version 17.1.1431.1) (HKLM\...\{302600C1-6BDF-4FD1-1407-148929CC1385}) (Version: 17.1.1407.0480 - Intel Corporation)
Intel® PROSet/Wireless Software (HKLM-x32\...\{a9888f41-68ae-43df-bd7d-d93405a44106}) (Version: 17.13.11 - Intel Corporation)
Java 8 Update 121 (64-bit) (HKLM\...\{26A24AE4-039D-4CA4-87B4-2F64180121F0}) (Version: 8.0.1210.13 - Oracle Corporation)
Java 8 Update 121 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F32180121F0}) (Version: 8.0.1210.13 - Oracle Corporation)
Java 8 Update 131 (64-bit) (HKLM\...\{26A24AE4-039D-4CA4-87B4-2F64180131F0}) (Version: 8.0.1310.11 - Oracle Corporation)
Java 8 Update 131 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F32180131F0}) (Version: 8.0.1310.11 - Oracle Corporation)
Lenovo Active Protection System (HKLM\...\{46A84694-59EC-48F0-964C-7E76E9F8A2ED}) (Version: 1.82.00.14 - Lenovo)
Lenovo Auto Scroll Utility (HKLM\...\LenovoAutoScrollUtility) (Version: 2.12 - )
Lenovo Communications Utility (HKLM\...\{88C6A6D9-324C-46E8-BA87-563D14021442}_is1) (Version: 3.1.16.0 - Lenovo)
Lenovo Fingerprint Manager (HKLM\...\{CAED159A-4D69-4016-92AB-0C4644C8E690}) (Version: 4.5.327.0 - Synaptics)
Lenovo Fingerprint Manager (HKLM\...\{F7AB2C19-6A27-4C75-A92A-8CC7C59E5FA2}) (Version: 4.5.327.0 - )
Lenovo Peer Connect SDK (HKLM\...\{75C87855-9CBB-4892-B1A9-74C73A19CACA}_is1) (Version: 1.0.0.7 - Lenovo)
Lenovo Power Management Driver (HKLM\...\Power Management Driver) (Version: 1.67.12.24 - Lenovo) Hidden
Lenovo PowerENGAGE (HKLM-x32\...\{15B15395-FF53-44E1-ADAD-FCC279E3CA10}) (Version: 2.51.0040 - Lenovo Inc.)
Lenovo QuickControl (HKLM-x32\...\{04128C8C-7812-4DCC-816E-9C8AB1D6EECE}) (Version: 2.40 - Lenovo Group Limited)
Lenovo Solution Center (HKLM\...\{C1FC707B-AE6B-4DC4-89A5-6628A01F8103}) (Version: 3.3.003.00 - Lenovo)
Lenovo System Update (HKLM-x32\...\{25C64847-B900-48AD-A164-1B4F9B774650}) (Version: 5.07.0053 - Lenovo)
Lenovo USB Graphics (HKLM\...\{E6B1FE9A-CB1E-4096-A0AF-163419CB971C}) (Version: 7.5.54614.0 - Lenovo)
Lenovo USB3.0 to DVI VGA Monitor Adapter (HKLM-x32\...\{454D32AD-C149-49BE-9F2E-8C089C3D6620}) (Version: 1.07.17 - Lenovo)
Lenovo User Guide (HKLM-x32\...\{13F59938-C595-479C-B479-F171AB9AF64F}) (Version: 1.0.0009.00 - Lenovo Group Limited)
Lenovo Warranty Information (HKLM-x32\...\{FD4EC278-C1B1-4496-99ED-C0BE1B0AA521}) (Version: 1.0.0011.00 - Lenovo)
Malwarebytes version 3.1.2.1733 (HKLM\...\{35065F43-4BB2-439A-BFF7-0F1014F2E0CD}_is1) (Version: 3.1.2.1733 - Malwarebytes)
MapleStory (HKLM\...\Steam App 216150) (Version: - Nexon)
Message Center Plus (HKLM\...\{C2C2DB64-1BCE-4FA7-962D-457795ECCEC0}) (Version: 3.3.0004.00 - Lenovo Group Limited)
Metric Collection SDK (HKLM-x32\...\{DDAA788F-52E6-44EA-ADB8-92837B11BF26}) (Version: 1.1.0012.00 - Lenovo Group Limited) Hidden
Metric Collection SDK 35 (HKLM-x32\...\{C2B5B5B0-2545-4E94-B4BA-548D4BF0B196}) (Version: 1.2.0006.00 - Lenovo Group Limited) Hidden
Microsoft .NET Framework 4.7 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.7.02053 - Microsoft Corporation)
Microsoft Office (HKLM-x32\...\{90150000-0138-0409-0000-0000000FF1CE}) (Version: 15.0.4641.1005 - Microsoft Corporation)
Microsoft Security Essentials (HKLM\...\Microsoft Security Client) (Version: 4.10.209.0 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{837b34e3-7c30-493c-8f6a-2b0f04e2912c}) (Version: 8.0.59193 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.60610 (HKLM-x32\...\{a1909659-0a08-4554-8af1-2175904903a1}) (Version: 11.0.60610.1 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.61030 (HKLM-x32\...\{ca67548a-5ebe-413a-b50c-4b9ceb6d66c6}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.60610 (HKLM-x32\...\{95716cce-fc71-413f-8ad5-56c2892d4b3a}) (Version: 11.0.60610.1 - Microsoft Corporation)
Nitro Pro 9 (HKLM\...\{1E347E8D-DB86-43EE-B301-EE953C44BF3C}) (Version: 9.5.4.22 - Nitro)
On Screen Display (HKLM\...\OnScreenDisplay) (Version: 8.51.00 - )
Power Manager (HKLM-x32\...\{DAC01CEE-5BAE-42D5-81FC-B687E84E8405}) (Version: 6.68.10 - Lenovo Group Limited)
PowerDVD Create (HKLM-x32\...\InstallShield_{DE485075-8CD3-4A1E-9ABC-6412EBA44872}) (Version: 10.0 - CyberLink Corp.)
PowerDVD Create 10 (HKLM-x32\...\{D6E853EC-8960-4D44-AF03-7361BB93227C}) (Version: 10.0.1.3710 - CyberLink Corp.) Hidden
Product Improvement Study for HP Officejet Pro 6830 (HKLM\...\{96ABEAD3-67AE-4BF7-8A16-F745352049B3}) (Version: 33.1.73.49987 - Hewlett-Packard Co.)
REACHit (HKLM-x32\...\{4532E4C5-C84D-4040-A044-ECFCC5C6995B}) (Version: 2.5.005.12 - Lenovo)
Realtek Card Reader (HKLM-x32\...\{5BC2B5AB-80DE-4E83-B8CF-426902051D0A}) (Version: 6.3.9600.21247 - Realtek Semiconductor Corp.)
SafeZone Stable 3.55.2393.609 (HKLM-x32\...\SafeZone 3.55.2393.609) (Version: 3.55.2393.609 - Avast Software) Hidden
Spybot - Search & Destroy (HKLM-x32\...\{B4092C6D-E886-4CB2-BA68-FE5A99D31DE7}_is1) (Version: 2.4.40 - Safer-Networking Ltd.)
Steam (HKLM-x32\...\Steam) (Version: 2.10.91.91 - Valve Corporation)
swMSM (HKLM-x32\...\{612C34C7-5E90-47D8-9B5C-0F717DD82726}) (Version: 12.0.0.1 - Adobe Systems, Inc) Hidden
ThinkPad OneLink Dock (HKLM-x32\...\{8E1CACF5-2493-4950-9AD5-189903FE57E7}) (Version: 1.08.30 - Lenovo)
ThinkPad UltraNav Driver (HKLM\...\{9F72EF8B-AEC9-4CA5-B483-143980AFD6FD}) (Version: 8.216.1616.115 - ALPS ELECTRIC CO., LTD.)
Thinkpad USB 3.0 Ethernet Adapter Driver (HKLM-x32\...\{D8102684-7BA1-4948-88B9-535F84E6E588}) (Version: 7.4.911.2013 - Lenovo)
VLC media player (HKLM\...\VLC media player) (Version: 2.2.6 - VideoLAN)
WaveEditor (HKLM-x32\...\{324F76CC-D8DD-4D87-B77D-D4AF5E1AA7B3}) (Version: 1.0.1.4514 - CyberLink Corp.) Hidden
WaveEditor (HKLM-x32\...\InstallShield_{324F76CC-D8DD-4D87-B77D-D4AF5E1AA7B3}) (Version: 1.0.1.4514 - CyberLink Corp.)
WinCleaner OneClick Professional Version 12 (HKLM-x32\...\WinCleaner OneClick Professional_is1) (Version: 12.5.0.0 - Business Logic Corporation) <==== ATTENTION
Windows Driver Package - Intel (e1dexpress) Net (09/29/2014 12.12.80.19) (HKLM\...\4ED8788498CF43D3423E6F8A41D0FAAF62902DB0) (Version: 09/29/2014 12.12.80.19 - Intel)
Windows Driver Package - Intel Corporation (iaStorA) HDC (08/22/2014 13.5.0.1056) (HKLM\...\5EC6580D569A9D3B15C34964E5BB5BC263F05FE5) (Version: 08/22/2014 13.5.0.1056 - Intel Corporation)
Windows Driver Package - Lenovo 1.67.09.03 (11/07/2014 1.67.09.03) (HKLM\...\FA3F6F3D6E8958FDDEE1E09CC77DFA71B0D7835A) (Version: 11/07/2014 1.67.09.03 - Lenovo)
==================== Custom CLSID (Whitelisted): ==========================
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
CustomCLSID: HKU\S-1-5-21-3035152817-1234986613-3461963699-1000_Classes\CLSID\{820D63D5-8CFF-46DE-86AF-4997DEDD6DB5}\localserver32 -> C:\Windows\system32\igfxEM.exe (Intel Corporation)
ShellIconOverlayIdentifiers: [ SkyDrive1] -> {F241C880-6982-4CE5-8CF7-7085BA96DA5A} => -> No File
ShellIconOverlayIdentifiers: [ SkyDrive2] -> {A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E} => -> No File
ShellIconOverlayIdentifiers: [ SkyDrive3] -> {BBACC218-34EA-4666-9D7A-C78F2274A524} => -> No File
ShellIconOverlayIdentifiers: [00asw] -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Program Files\AVAST Software\Avast\ashShA64.dll [2017-06-29] (AVAST Software)
ShellIconOverlayIdentifiers: [00avast] -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Program Files\AVAST Software\Avast\ashShA64.dll [2017-06-29] (AVAST Software)
ShellIconOverlayIdentifiers-x32: [ SkyDrive1] -> {F241C880-6982-4CE5-8CF7-7085BA96DA5A} => -> No File
ShellIconOverlayIdentifiers-x32: [ SkyDrive2] -> {A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E} => -> No File
ShellIconOverlayIdentifiers-x32: [ SkyDrive3] -> {BBACC218-34EA-4666-9D7A-C78F2274A524} => -> No File
ContextMenuHandlers01: [avast] -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Program Files\AVAST Software\Avast\ashShA64.dll [2017-06-29] (AVAST Software)
ContextMenuHandlers01: [EPP] -> {09A47860-11B0-4DA5-AFA5-26D86198A780} => c:\Program Files\Microsoft Security Client\shellext.dll [2016-11-14] (Microsoft Corporation)
ContextMenuHandlers01: [NP8ShellExtension] -> {9C4B85B8-956C-49BF-9BA5-101384E562B2} => C:\Program Files\Nitro\Pro 9\NPShellExtension.dll [2016-07-28] (Nitro PDF)
ContextMenuHandlers01: [SDECon32] -> {44176360-2BBF-4EC1-93CE-384B8681A0BC} => C:\Program Files (x86)\Spybot - Search & Destroy 2\SDECon64.dll [2014-06-24] (Safer-Networking Ltd.)
ContextMenuHandlers01: [SDECon64] -> {44176360-2BBF-4EC1-93CE-384B8681A0BC} => C:\Program Files (x86)\Spybot - Search & Destroy 2\SDECon64.dll [2014-06-24] (Safer-Networking Ltd.)
ContextMenuHandlers02: [EPP] -> {09A47860-11B0-4DA5-AFA5-26D86198A780} => c:\Program Files\Microsoft Security Client\shellext.dll [2016-11-14] (Microsoft Corporation)
ContextMenuHandlers03: [00asw] -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Program Files\AVAST Software\Avast\ashShA64.dll [2017-06-29] (AVAST Software)
ContextMenuHandlers03: [MBAMShlExt] -> {57CE581A-0CB6-4266-9CA0-19364C90A0B3} => C:\Program Files\Malwarebytes\Anti-Malware\mbshlext.dll [2017-05-09] (Malwarebytes)
ContextMenuHandlers04: [EPP] -> {09A47860-11B0-4DA5-AFA5-26D86198A780} => c:\Program Files\Microsoft Security Client\shellext.dll [2016-11-14] (Microsoft Corporation)
ContextMenuHandlers05: [igfxcui] -> {3AB1675A-CCFF-11D2-8B20-00A0C93CB1F4} => -> No File
ContextMenuHandlers05: [igfxDTCM] -> {9B5F5829-A529-4B12-814A-E81BCB8D93FC} => C:\Windows\system32\igfxDTCM.dll [2016-06-02] (Intel Corporation)
ContextMenuHandlers06: [avast] -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Program Files\AVAST Software\Avast\ashShA64.dll [2017-06-29] (AVAST Software)
ContextMenuHandlers06: [MBAMShlExt] -> {57CE581A-0CB6-4266-9CA0-19364C90A0B3} => C:\Program Files\Malwarebytes\Anti-Malware\mbshlext.dll [2017-05-09] (Malwarebytes)
ContextMenuHandlers06: [SDECon32] -> {44176360-2BBF-4EC1-93CE-384B8681A0BC} => C:\Program Files (x86)\Spybot - Search & Destroy 2\SDECon64.dll [2014-06-24] (Safer-Networking Ltd.)
ContextMenuHandlers06: [SDECon64] -> {44176360-2BBF-4EC1-93CE-384B8681A0BC} => C:\Program Files (x86)\Spybot - Search & Destroy 2\SDECon64.dll [2014-06-24] (Safer-Networking Ltd.)
==================== Scheduled Tasks (Whitelisted) =============
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
Task: {0867DD5F-489C-4D48-81BE-A95EEA1CFBDE} - System32\Tasks\Lenovo\REACHit Agent Startup => C:\Program Files (x86)\Lenovo\REACHit\REACHitAgent.exe [2016-05-18] (Lenovo)
Task: {0C43C10A-A4E7-4E0C-8C31-EE0C71267432} - System32\Tasks\PDVDServ12 Task => C:\Program Files (x86)\CyberLink\PowerDVD12\PDVD12Serv.exe [2014-07-31] (CyberLink Corp.)
Task: {1A4643C4-77E7-47AB-B2F9-4E39932A9963} - System32\Tasks\IUM-F1E24CA0-B63E-4F13-A9E3-4ADE3BFF3473-Logon => C:\Program Files (x86)\Intel\Intel® Update Manager\bin\iumsvc.exe [2014-06-09] ()
Task: {23E6E8AB-C1A6-44EC-9B8F-C9303EADE81D} - System32\Tasks\Lenovo\LSC\Lenovo Solution Center Notifications => C:\Program Files\Lenovo\Lenovo Solution Center\LSCNotify.exe [2016-06-02] (Lenovo)
Task: {26E853C0-0300-4FBB-A8A6-3CA8CFE52E6F} - System32\Tasks\DiskUpdate => C:\SWTOOLS\OSFIXES\DISKUPDT\DiskUpdate.exe [2009-02-09] ()
Task: {2C355016-6F34-41D1-8B75-676DB3E31430} - System32\Tasks\TVT\LaunchFR => C:\Program Files (x86)\Lenovo\Factory Recovery\FRReminder.exe [2014-08-21] (TODO: <Company name>)
Task: {2FB8016D-7A35-4D86-9964-6B33C9015C30} - System32\Tasks\CCleanerSkipUAC => C:\Program Files\CCleaner\CCleaner.exe [2016-07-13] (Piriform Ltd)
Task: {3BE0DE28-0428-4C45-B3F8-CF670EA9396D} - System32\Tasks\TVT\TVSUUpdateTask => C:\Program Files (x86)\Lenovo\System Update\tvsuShim.exe [2017-05-09] ()
Task: {452C8399-0490-4FAD-942B-67D60D36CE8C} - System32\Tasks\IUM-F1E24CA0-B63E-4F13-A9E3-4ADE3BFF3473 => C:\Program Files (x86)\Intel\Intel® Update Manager\bin\iumsvc.exe [2014-06-09] ()
Task: {4867DD27-7338-4AA7-A86E-726A4FA52CA2} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2016-07-21] (Google Inc.)
Task: {4A3547D1-04C2-4DD5-AFE1-6813824C2BFF} - System32\Tasks\AVAST Software\Avast settings backup => C:\Program Files\Common Files\AV\avast! Antivirus\backup.exe [2017-04-13] (AVAST Software)
Task: {4F3BBF6C-8B16-472C-9D95-2C0032594C66} - System32\Tasks\Safer-Networking\Spybot - Search and Destroy\Refresh immunization => C:\Program Files (x86)\Spybot - Search & Destroy 2\SDImmunize.exe [2016-03-21] (Safer-Networking Ltd.)
Task: {52AA1E00-7FC2-4707-A087-DCF8DE2AEB1A} - System32\Tasks\SafeZone scheduled Autoupdate 1486397404 => C:\Program Files\AVAST Software\SZBrowser\launcher.exe [2017-06-13] (Avast Software)
Task: {539625E0-B39B-4D6B-9277-65E8D1361596} - System32\Tasks\Safer-Networking\Spybot - Search and Destroy\Scan the system => C:\Program Files (x86)\Spybot - Search & Destroy 2\SDScan.exe [2016-03-21] (Safer-Networking Ltd.)
Task: {5640496B-C6A7-4731-9727-4837B79318E2} - System32\Tasks\Adobe Acrobat Update Task => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2017-04-25] (Adobe Systems Incorporated)
Task: {56848E24-B57D-4993-AC2C-87FDA660E68D} - System32\Tasks\Avast Emergency Update => C:\Program Files\AVAST Software\Avast\AvEmUpdate.exe [2017-06-29] (AVAST Software)
Task: {57199E9C-5B86-48E2-84C4-BC6E4532C0C1} - System32\Tasks\Microsoft\Windows\PLA\LSC Memory => Rundll32.exe C:\Windows\system32\pla.dll,PlaHost "LSC Memory" "$(Arg0)"
Task: {57A3CB54-426B-4BB9-B538-5B9F8F6E049C} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2017-06-16] (Adobe Systems Incorporated)
Task: {5C5524EE-5548-4768-9BF4-FEA48DE743DA} - System32\Tasks\Lenovo\Lenovo Solution Center Launcher => C:\Program Files\lenovo\lenovo solution center\App\LSC.Services.UpdateStatusService.exe [2016-06-02] ()
Task: {6495478D-2F77-4E05-AE2F-92D4A25B0918} - System32\Tasks\Lenovo\Message Center Plus Launcher => C:\Program Files (x86)\Lenovo\message center plus\mcplaunch.exe [2014-09-13] (Lenovo)
Task: {69293E2A-91A0-43DB-A7BB-6A1DBC557837} - System32\Tasks\StartPowerDVDService => C:\PROGRAM FILES (x86)\Cyberlink\PowerDVD10\PDVD10Serv.exe
Task: {6B1A499A-A6E7-4EDD-B3C7-4BBC1A9DF53F} - System32\Tasks\DropboxOEM => C:\Program Files (x86)\Dropbox\DropboxOEM\DropboxOEM.exe [2014-12-12] ()
Task: {778B87D0-4B6F-4792-830E-6050A43086D0} - System32\Tasks\Lenovo\LSC\LSCHardwareScan => C:\Program Files\Lenovo\Lenovo Solution Center\LSC.exe [2016-06-02] (Lenovo)
Task: {7A17ECBA-BF1B-49A6-99E2-B178F48751DB} - System32\Tasks\Lenovo\Lenovo Customer Feedback Program => C:\Program Files\Lenovo\Customer Feedback Program\Lenovo.TVT.CustomerFeedback.Agent.exe
Task: {9638A2F1-725D-44AC-80B2-D64A38B6B245} - System32\Tasks\Lenovo Active Protection System => C:\Windows\system32\TpShUI.exe [2017-03-21] (Lenovo.)
Task: {97EC1405-F6A4-4EE7-BEF7-1D34102251FA} - System32\Tasks\Microsoft\Microsoft Antimalware\Microsoft Antimalware Scheduled Scan => c:\Program Files\Microsoft Security Client\\MpCmdRun.exe [2016-11-14] (Microsoft Corporation)
Task: {A49C967F-D7F2-4E7A-A2E7-60871152547A} - System32\Tasks\CLMLSvc => C:\Program Files (x86)\CyberLink\Power2Go\CLMLSvc.exe [2013-03-07] (CyberLink)
Task: {A6313626-95F5-4313-89E4-6EEF3ED9ABC6} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2016-07-21] (Google Inc.)
Task: {AD0FE383-939C-405E-84EF-CE8266162E70} - System32\Tasks\Lenovo\REACHit Agent Update => C:\Program Files (x86)\Lenovo\REACHit\REACHitAgent.exe [2016-05-18] (Lenovo)
Task: {C12E3B25-74CF-4731-A49C-8428C68A2B6E} - System32\Tasks\PMTask => C:\Program Files (x86)\ThinkPad\Utilities\PwmIdTsv.exe [2016-04-14] (Lenovo Group Limited)
Task: {CD109C3C-A2A4-40E1-9DA5-14006BDF83C7} - System32\Tasks\Lenovo\Lenovo PowerENGAGE Update => C:\Program Files (x86)\Lenovo Registration\lenovoreg.exe [2015-01-09] (Aviata Inc)
Task: {D6F46022-1E70-410C-B9D8-005118ED1B8D} - System32\Tasks\HPCustParticipation HP Officejet Pro 6830 => C:\Program Files\HP\HP Officejet Pro 6830\Bin\HPCustPartic.exe [2014-07-18] (Hewlett-Packard Development Company, LP)
Task: {DA725223-04AC-4D8B-A7C6-14664518AA78} - System32\Tasks\TVT\TVSUUpdateTask_UserLogOn => C:\Program Files (x86)\Lenovo\System Update\tvsuShim.exe [2017-05-09] ()
Task: {F644B4B5-D891-4A43-91A7-E35FC3F0ECF2} - System32\Tasks\Lenovo\Lenovo Customer Feedback Program 64 => C:\Program Files (x86)\Lenovo\Customer Feedback Program\Lenovo.TVT.CustomerFeedback.Agent.exe [2015-07-08] (Lenovo)
Task: {F7533C0C-8F03-4F87-A3F9-95024A1F2F55} - System32\Tasks\Safer-Networking\Spybot - Search and Destroy\Check for updates => C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdate.exe [2014-06-27] (Safer-Networking Ltd.)
Task: {FB23D160-1A2F-45EE-AE10-0C3403114E61} - System32\Tasks\Lenovo\Lenovo PowerENGAGE => C:\Program Files (x86)\Lenovo Registration\lenovoreg.exe [2015-01-09] (Aviata Inc)
(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)
Task: C:\Windows\Tasks\Lenovo Active Protection System.job => C:\Windows\system32\TpShUI.exe
Task: C:\Windows\Tasks\Norton Product Installer.job => C:\Users\LENOVO~1\AppData\Local\Temp\7zS67D.tmp\SymInstallStub.exe K/partnerid=symantec /productlist=nss /staging=false /delay=0 /launchedby=2 C:\Users\LENOVO~1\AppData\Local\Temp\7zS67D.tmp <==== ATTENTION
Task: C:\Windows\Tasks\Norton Product InstallerIdle.job => C:\Users\LENOVO~1\AppData\Local\Temp\7zS67D.tmp\SymInstallStub.exe K/partnerid=symantec /productlist=nss /staging=false /delay=0 /launchedby=4 C:\Users\LENOVO~1\AppData\Local\Temp\7zS67D.tmp <==== ATTENTION
Task: C:\Windows\Tasks\Norton Security Scan for LenovoThinkPadOwner.job => C:\PROGRA~2\NORTON~2\Engine\461~1.84\Nss.exe
==================== Shortcuts & WMI ========================
(The entries could be listed to be restored or removed.)
==================== Loaded Modules (Whitelisted) ==============
2015-05-05 11:09 - 2016-04-14 06:08 - 00107008 ____N () C:\Program Files (x86)\ThinkPad\Utilities\US\PWMRT64V.DLL
2016-07-28 18:44 - 2016-07-28 18:44 - 00420504 _____ () C:\Program Files\Nitro\Pro 9\Nitro_UpdateService.exe
2017-06-30 02:09 - 2017-06-27 12:06 - 02260432 _____ () C:\PROGRAM FILES\MALWAREBYTES\ANTI-MALWARE\MwacLib.dll
2017-06-29 18:54 - 2017-06-29 18:54 - 00162032 _____ () c:\Program Files\AVAST Software\Avast\x64\vaarclient.dll
2017-06-29 18:54 - 2017-06-29 18:54 - 00831664 _____ () C:\Program Files\AVAST Software\Avast\x64\ffl2.dll
2017-06-29 18:54 - 2017-06-29 18:54 - 00276808 _____ () c:\Program Files\AVAST Software\Avast\x64\StreamBack.dll
2017-06-28 20:54 - 2017-06-22 23:21 - 03807064 _____ () C:\Program Files (x86)\Google\Chrome\Application\59.0.3071.115\libglesv2.dll
2017-06-28 20:54 - 2017-06-22 23:21 - 00100184 _____ () C:\Program Files (x86)\Google\Chrome\Application\59.0.3071.115\libegl.dll
2017-06-29 18:54 - 2017-06-29 18:54 - 00170224 _____ () C:\Program Files\AVAST Software\Avast\JsonRpcServer.dll
2017-06-29 18:54 - 2017-06-29 18:54 - 00192664 _____ () C:\Program Files\AVAST Software\Avast\event_routing_rpc.dll
2017-06-29 18:54 - 2017-06-29 18:54 - 00224256 _____ () C:\Program Files\AVAST Software\Avast\tasks_core.dll
2017-07-03 21:24 - 2017-07-03 21:24 - 05784984 _____ () C:\Program Files\AVAST Software\Avast\defs\17070302\algo.dll
2017-06-29 18:54 - 2017-06-29 18:54 - 00689272 _____ () C:\Program Files\AVAST Software\Avast\ffl2.dll
2017-06-29 18:54 - 2017-06-29 18:54 - 00231664 _____ () C:\Program Files\AVAST Software\Avast\streamback.dll
2013-03-07 00:49 - 2013-03-07 00:49 - 00626240 _____ () C:\Program Files (x86)\CyberLink\Power2Go\CLMediaLibrary.dll
2013-03-07 00:52 - 2013-03-07 00:52 - 00015424 _____ () C:\Program Files (x86)\CyberLink\Power2Go\CLMLSvcPS.dll
2015-05-05 11:11 - 2011-08-02 23:58 - 02201088 _____ () C:\Program Files\Lenovo\Communications Utility\cxcore210.dll
2015-05-05 11:11 - 2011-08-02 23:58 - 02085888 _____ () C:\Program Files\Lenovo\Communications Utility\cv210.dll
2017-04-24 23:55 - 2014-05-13 12:04 - 00109400 _____ () C:\Program Files (x86)\Spybot - Search & Destroy 2\snlThirdParty150.bpl
2017-04-24 23:55 - 2014-05-13 12:04 - 00416600 _____ () C:\Program Files (x86)\Spybot - Search & Destroy 2\DEC150.bpl
2017-04-24 23:55 - 2014-05-13 12:04 - 00167768 _____ () C:\Program Files (x86)\Spybot - Search & Destroy 2\snlFileFormats150.bpl
2017-04-24 23:55 - 2012-08-23 10:38 - 00574840 _____ () C:\Program Files (x86)\Spybot - Search & Destroy 2\sqlite3.dll
2017-04-24 23:55 - 2012-04-03 17:06 - 00565640 _____ () C:\Program Files (x86)\Spybot - Search & Destroy 2\av\BDSmartDB.dll
2017-06-29 18:55 - 2017-06-29 18:55 - 01038952 _____ () C:\Program Files\AVAST Software\Avast\AvChrome.dll
2017-06-29 18:55 - 2017-06-29 18:55 - 67109376 _____ () C:\Program Files\AVAST Software\Avast\libcef.dll
2017-06-29 18:54 - 2017-06-29 18:54 - 00292920 _____ () C:\Program Files\AVAST Software\Avast\gaming_mode_ui.dll
2017-06-29 18:54 - 2017-06-29 18:55 - 02962096 _____ () C:\Program Files\AVAST Software\Avast\aswDataScan.dll
2014-10-10 12:37 - 2014-10-10 12:37 - 01243936 _____ () C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\ACE.dll
==================== Alternate Data Streams (Whitelisted) =========
(If an entry is included in the fixlist, only the ADS will be removed.)
AlternateDataStreams: C:\Windows:nlsPreferences [386]
==================== Safe Mode (Whitelisted) ===================
(If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MBAMService => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\MBAMService => ""="Service"
==================== Association (Whitelisted) ===============
(If an entry is included in the fixlist, the registry item will be restored to default or removed.)
==================== Internet Explorer trusted/restricted ===============
(If an entry is included in the fixlist, it will be removed from the registry.)
IE restricted site: HKU\.DEFAULT\...\007guard.com -> install.007guard.com
IE restricted site: HKU\.DEFAULT\...\008i.com -> 008i.com
IE restricted site: HKU\.DEFAULT\...\008k.com -> www.008k.com
IE restricted site: HKU\.DEFAULT\...\00hq.com -> www.00hq.com
IE restricted site: HKU\.DEFAULT\...\010402.com -> 010402.com
IE restricted site: HKU\.DEFAULT\...\032439.com -> 80gw6ry3i3x3qbrkwhxhw.032439.com
IE restricted site: HKU\.DEFAULT\...\0scan.com -> www.0scan.com
IE restricted site: HKU\.DEFAULT\...\1-2005-search.com -> www.1-2005-search.com
IE restricted site: HKU\.DEFAULT\...\1-domains-registrations.com -> www.1-domains-registrations.com
IE restricted site: HKU\.DEFAULT\...\1000gratisproben.com -> www.1000gratisproben.com
IE restricted site: HKU\.DEFAULT\...\1001namen.com -> www.1001namen.com
IE restricted site: HKU\.DEFAULT\...\100888290cs.com -> mir.100888290cs.com
IE restricted site: HKU\.DEFAULT\...\100sexlinks.com -> www.100sexlinks.com
IE restricted site: HKU\.DEFAULT\...\10sek.com -> www.10sek.com
IE restricted site: HKU\.DEFAULT\...\12-26.net -> user1.12-26.net
IE restricted site: HKU\.DEFAULT\...\12-27.net -> user1.12-27.net
IE restricted site: HKU\.DEFAULT\...\123fporn.info -> www.123fporn.info
IE restricted site: HKU\.DEFAULT\...\123haustiereundmehr.com -> www.123haustiereundmehr.com
IE restricted site: HKU\.DEFAULT\...\123moviedownload.com -> www.123moviedownload.com
IE restricted site: HKU\.DEFAULT\...\123simsen.com -> www.123simsen.com
There are 7936 more sites.
IE restricted site: HKU\S-1-5-21-3035152817-1234986613-3461963699-1000\...\007guard.com -> install.007guard.com
IE restricted site: HKU\S-1-5-21-3035152817-1234986613-3461963699-1000\...\008i.com -> 008i.com
IE restricted site: HKU\S-1-5-21-3035152817-1234986613-3461963699-1000\...\008k.com -> www.008k.com
IE restricted site: HKU\S-1-5-21-3035152817-1234986613-3461963699-1000\...\00hq.com -> www.00hq.com
IE restricted site: HKU\S-1-5-21-3035152817-1234986613-3461963699-1000\...\010402.com -> 010402.com
IE restricted site: HKU\S-1-5-21-3035152817-1234986613-3461963699-1000\...\032439.com -> 80gw6ry3i3x3qbrkwhxhw.032439.com
IE restricted site: HKU\S-1-5-21-3035152817-1234986613-3461963699-1000\...\0scan.com -> www.0scan.com
IE restricted site: HKU\S-1-5-21-3035152817-1234986613-3461963699-1000\...\1-2005-search.com -> www.1-2005-search.com
IE restricted site: HKU\S-1-5-21-3035152817-1234986613-3461963699-1000\...\1-domains-registrations.com -> www.1-domains-registrations.com
IE restricted site: HKU\S-1-5-21-3035152817-1234986613-3461963699-1000\...\1000gratisproben.com -> www.1000gratisproben.com
IE restricted site: HKU\S-1-5-21-3035152817-1234986613-3461963699-1000\...\1001namen.com -> www.1001namen.com
IE restricted site: HKU\S-1-5-21-3035152817-1234986613-3461963699-1000\...\100888290cs.com -> mir.100888290cs.com
IE restricted site: HKU\S-1-5-21-3035152817-1234986613-3461963699-1000\...\100sexlinks.com -> www.100sexlinks.com
IE restricted site: HKU\S-1-5-21-3035152817-1234986613-3461963699-1000\...\10sek.com -> www.10sek.com
IE restricted site: HKU\S-1-5-21-3035152817-1234986613-3461963699-1000\...\12-26.net -> user1.12-26.net
IE restricted site: HKU\S-1-5-21-3035152817-1234986613-3461963699-1000\...\12-27.net -> user1.12-27.net
IE restricted site: HKU\S-1-5-21-3035152817-1234986613-3461963699-1000\...\123fporn.info -> www.123fporn.info
IE restricted site: HKU\S-1-5-21-3035152817-1234986613-3461963699-1000\...\123haustiereundmehr.com -> www.123haustiereundmehr.com
IE restricted site: HKU\S-1-5-21-3035152817-1234986613-3461963699-1000\...\123moviedownload.com -> www.123moviedownload.com
IE restricted site: HKU\S-1-5-21-3035152817-1234986613-3461963699-1000\...\123simsen.com -> www.123simsen.com
There are 7936 more sites.
==================== Hosts content: ==========================
(If needed Hosts: directive could be included in the fixlist to reset Hosts.)
2009-07-13 22:34 - 2017-07-03 19:16 - 00454436 ____R C:\Windows\system32\Drivers\etc\hosts
127.0.0.1 www.007guard.com
127.0.0.1 007guard.com
127.0.0.1 008i.com
127.0.0.1 www.008k.com
127.0.0.1 008k.com
127.0.0.1 www.00hq.com
127.0.0.1 00hq.com
127.0.0.1 010402.com
127.0.0.1 www.032439.com
127.0.0.1 032439.com
127.0.0.1 www.0scan.com
127.0.0.1 0scan.com
127.0.0.1 1000gratisproben.com
127.0.0.1 www.1000gratisproben.com
127.0.0.1 1001namen.com
127.0.0.1 www.1001namen.com
127.0.0.1 100888290cs.com
127.0.0.1 www.100888290cs.com
127.0.0.1 www.100sexlinks.com
127.0.0.1 100sexlinks.com
127.0.0.1 10sek.com
127.0.0.1 www.10sek.com
127.0.0.1 www.1-2005-search.com
127.0.0.1 1-2005-search.com
127.0.0.1 123fporn.info
127.0.0.1 www.123fporn.info
127.0.0.1 www.123haustiereundmehr.com
127.0.0.1 123haustiereundmehr.com
127.0.0.1 123moviedownload.com
127.0.0.1 www.123moviedownload.com
There are 15593 more lines.
==================== Other Areas ============================
(Currently there is no automatic fix for this section.)
HKU\S-1-5-21-3035152817-1234986613-3461963699-1000\Control Panel\Desktop\\Wallpaper -> C:\Users\LenovoThinkPadOwner\AppData\Roaming\Microsoft\Windows\Themes\TranscodedWallpaper.jpg
DNS Servers: 10.0.0.1
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1)
Windows Firewall is enabled.
==================== MSCONFIG/TASK MANAGER disabled items ==
==================== FirewallRules (Whitelisted) ===============
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
FirewallRules: [SPPSVC-In-TCP] => (Allow) %SystemRoot%\system32\sppsvc.exe
FirewallRules: [SPPSVC-In-TCP-NoScope] => (Allow) %SystemRoot%\system32\sppsvc.exe
FirewallRules: [{07C18E5C-87A5-45CD-BCF4-8CEED8E2C67E}] => (Allow) C:\Program Files\Intel\WiFi\bin\PanDhcpDns.exe
FirewallRules: [{83C3732F-B394-4356-BC4B-8A7E607FFE14}] => (Allow) C:\Program Files (x86)\Lenovo\QuickControl\QuickControlService.exe
FirewallRules: [{E29365C0-E824-468B-89BD-1A2C2E26BCB4}] => (Allow) C:\Program Files (x86)\Lenovo\QuickControl\QuickControlService.exe
FirewallRules: [{F41BBAD5-E8AD-4730-A53D-95BBA47D3C9F}] => (Allow) C:\Program Files (x86)\CyberLink\PowerDVD12\Movie\PowerDVD Cinema\PowerDVDCinema12.exe
FirewallRules: [{373FB956-0F52-48BD-A7E5-CC2AFEA5978F}] => (Allow) C:\Program Files\Intel Corporation\Intel WiDi\WiDiApp.exe
FirewallRules: [{6FB9E8BF-66AF-49D8-84C5-EE7444B2E208}] => (Allow) C:\Program Files\HP\HP Officejet Pro 6830\bin\FaxApplications.exe
FirewallRules: [{5F8AD6E3-B841-4D12-B88C-BDC124F2D6C3}] => (Allow) C:\Program Files\HP\HP Officejet Pro 6830\bin\DigitalWizards.exe
FirewallRules: [{93E8850C-EC9D-4559-83CC-82AEA019D19E}] => (Allow) C:\Program Files\HP\HP Officejet Pro 6830\bin\SendAFax.exe
FirewallRules: [{56E5B262-F7C8-4930-B23A-4B7D8FDB93D3}] => (Allow) C:\Program Files\HP\HP Officejet Pro 6830\Bin\DeviceSetup.exe
FirewallRules: [{0C13FC03-BECA-413F-A7B4-5132B09581BB}] => (Allow) LPort=5357
FirewallRules: [{D6EF55BA-3FCF-4AE0-A218-D32369BBB652}] => (Allow) C:\Program Files\HP\HP Officejet Pro 6830\Bin\HPNetworkCommunicatorCom.exe
FirewallRules: [{48F2CECA-B015-488A-B4E7-93ED669CE8C4}] => (Allow) C:\Program Files (x86)\Steam\Steam.exe
FirewallRules: [{25DFAE54-9A2D-43A3-A955-2255C93EB7C3}] => (Allow) C:\Program Files (x86)\Steam\Steam.exe
FirewallRules: [{5E5976AC-AEA6-45CB-B655-A3F2CD71F824}] => (Allow) C:\Program Files (x86)\Steam\bin\cef\cef.win7\steamwebhelper.exe
FirewallRules: [{D3B2FA97-01E9-4B8B-AF5E-5458D4A8BCEF}] => (Allow) C:\Program Files (x86)\Steam\bin\cef\cef.win7\steamwebhelper.exe
FirewallRules: [{6AE60B5D-BE01-4F82-A3E6-D4061EFE8530}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\MapleStory\nxsteam.exe
FirewallRules: [{544A5337-199B-45F6-8162-A397CC7BDD1A}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\MapleStory\nxsteam.exe
FirewallRules: [{71EACDBE-1275-4CAA-8EB3-E3499527F0F1}] => (Allow) LPort=15600
FirewallRules: [{1ED07467-4EB0-43D1-A7A1-ADC3B5D267F0}] => (Allow) C:\Program Files (x86)\Lenovo\Connect2\Connect2.exe
FirewallRules: [{450D73AF-2AF9-4AC0-A43B-0A98B944ABC4}] => (Allow) C:\Program Files (x86)\Lenovo\Connect2\Connect2.exe
FirewallRules: [{287CFAAC-20BF-46CB-BF8B-D2C113C65D85}] => (Allow) C:\Program Files (x86)\Lenovo\Connect2\Connect2.exe
FirewallRules: [{B2049ED3-8BEC-4F33-8AC9-FD59655360AE}] => (Allow) C:\Program Files (x86)\Lenovo\System Update\uncserver.exe
FirewallRules: [{1F4626AE-EBD9-4FA0-8070-2463ABD52BF4}] => (Allow) C:\Program Files (x86)\Lenovo\System Update\uncserver.exe
FirewallRules: [{4D02A1FC-B615-4CE1-8ECD-C300CCB37ABF}] => (Allow) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
FirewallRules: [{CB7331F7-2E12-4B61-8A16-2569364528C0}] => (Allow) C:\Program Files\AVAST Software\SZBrowser\3.55.2393.609\SZBrowser.exe
FirewallRules: [{860D7349-8AFA-4C4D-B069-2AC1E48980A5}] => (Allow) C:\Program Files\AVAST Software\SZBrowser\3.55.2393.609_0\SZBrowser.exe
FirewallRules: [{402BFBBE-D526-4AA1-8056-2F4C007FD29C}] => (Allow) C:\Program Files (x86)\Business Logic Corporation\WinCleaner OneClick Pro\WCClean.exe
FirewallRules: [{680F1AB4-C661-4CA7-A9E2-BD7210FC49B5}] => (Allow) C:\Program Files (x86)\Business Logic Corporation\WinCleaner OneClick Pro\WCClean.exe
StandardProfile\AuthorizedApplications: [C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe] => Enabled:Spybot - Search & Destroy tray access
StandardProfile\AuthorizedApplications: [C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe] => Enabled:Spybot-S&D 2 Scanner Service
StandardProfile\AuthorizedApplications: [C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdate.exe] => Enabled:Spybot-S&D 2 Updater
StandardProfile\AuthorizedApplications: [C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe] => Enabled:Spybot-S&D 2 Background update service
==================== Restore Points =========================
29-06-2017 20:53:15 Windows Update
29-06-2017 22:23:53 Windows Update
29-06-2017 22:34:56 Windows Update
30-06-2017 02:45:46 Windows Update
01-07-2017 20:34:07 Restore Operation
03-07-2017 21:56:06 Windows Update
==================== Faulty Device Manager Devices =============
Name: MpKsl01aa92fc
Description: MpKsl01aa92fc
Class Guid: {8ECC055D-047F-11D1-A537-0000F8753ED1}
Manufacturer:
Service: MpKsl01aa92fc
Problem: : This device is not present, is not working properly, or does not have all its drivers installed. (Code 24)
Resolution: The device is installed incorrectly. The problem could be a hardware failure, or a new driver might be needed.
Devices stay in this state if they have been prepared for removal.
After you remove the device, this error disappears.Remove the device, and this error should be resolved.
==================== Event log errors: =========================
Application errors:
==================
Error: (07/03/2017 10:16:02 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: Event filter with query "SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 99" could not be reactivated in namespace "//./root/CIMV2" because of error 0x80041003. Events cannot be delivered through this filter until the problem is corrected.
Error: (07/03/2017 10:10:52 PM) (Source: ESENT) (EventID: 455) (User: )
Description: DllHost (7456) WebCacheLocal: Error -1811 occurred while opening logfile C:\Users\LenovoThinkPadOwner\AppData\Local\Microsoft\Windows\WebCache\V010008E.log.
Error: (07/01/2017 09:38:49 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: Event filter with query "SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 99" could not be reactivated in namespace "//./root/CIMV2" because of error 0x80041003. Events cannot be delivered through this filter until the problem is corrected.
Error: (07/01/2017 08:50:47 PM) (Source: System Restore) (EventID: 8210) (User: )
Description: An unspecified error occurred during System Restore: (Scheduled Checkpoint). Additional information: 0x80070005.
Error: (07/01/2017 08:50:10 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: Event filter with query "SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 99" could not be reactivated in namespace "//./root/CIMV2" because of error 0x80041003. Events cannot be delivered through this filter until the problem is corrected.
Error: (07/01/2017 03:13:14 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: Event filter with query "SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 99" could not be reactivated in namespace "//./root/CIMV2" because of error 0x80041003. Events cannot be delivered through this filter until the problem is corrected.
Error: (07/01/2017 03:10:36 PM) (Source: Application Hang) (EventID: 1002) (User: )
Description: The program SDWelcome.exe version 2.4.40.130 stopped interacting with Windows and was closed. To see if more information about the problem is available, check the problem history in the Action Center control panel.
Process ID: 1f9c
Start Time: 01d2f29d5f9aa8f8
Termination Time: 31
Application Path: C:\Program Files (x86)\Spybot - Search & Destroy 2\SDWelcome.exe
Report Id: b903dcab-5e90-11e7-9d90-34e6ad03fb46
Error: (07/01/2017 02:24:21 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: Event filter with query "SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 99" could not be reactivated in namespace "//./root/CIMV2" because of error 0x80041003. Events cannot be delivered through this filter until the problem is corrected.
Error: (07/01/2017 02:04:14 PM) (Source: PerfNet) (EventID: 2004) (User: )
Description: Unable to open the Server service performance object. The first four bytes (DWORD) of the Data section contains the status code.
Error: (07/01/2017 01:58:15 PM) (Source: PerfNet) (EventID: 2004) (User: )
Description: Unable to open the Server service performance object. The first four bytes (DWORD) of the Data section contains the status code.
System errors:
=============
Error: (07/04/2017 12:09:22 AM) (Source: Schannel) (EventID: 4108) (User: NT AUTHORITY)
Description: The certificate received from the remote server has not validated correctly. The error code is 0x80092012. The SSL connection request has failed. The attached data contains the server certificate.
Error: (07/04/2017 12:09:22 AM) (Source: Schannel) (EventID: 4120) (User: NT AUTHORITY)
Description: The following fatal alert was generated: 43. The internal error state is 552.
Error: (07/04/2017 12:08:36 AM) (Source: Schannel) (EventID: 4108) (User: NT AUTHORITY)
Description: The certificate received from the remote server has not validated correctly. The error code is 0x80092012. The SSL connection request has failed. The attached data contains the server certificate.
Error: (07/04/2017 12:08:36 AM) (Source: Schannel) (EventID: 4120) (User: NT AUTHORITY)
Description: The following fatal alert was generated: 43. The internal error state is 552.
Error: (07/04/2017 12:08:20 AM) (Source: Schannel) (EventID: 4108) (User: NT AUTHORITY)
Description: The certificate received from the remote server has not validated correctly. The error code is 0x80092012. The SSL connection request has failed. The attached data contains the server certificate.
Error: (07/04/2017 12:08:20 AM) (Source: Schannel) (EventID: 4120) (User: NT AUTHORITY)
Description: The following fatal alert was generated: 43. The internal error state is 552.
Error: (07/03/2017 10:20:29 PM) (Source: Schannel) (EventID: 4108) (User: NT AUTHORITY)
Description: The certificate received from the remote server has not validated correctly. The error code is 0x80092012. The SSL connection request has failed. The attached data contains the server certificate.
Error: (07/03/2017 10:20:29 PM) (Source: Schannel) (EventID: 4120) (User: NT AUTHORITY)
Description: The following fatal alert was generated: 43. The internal error state is 552.
Error: (07/03/2017 10:17:58 PM) (Source: Schannel) (EventID: 4108) (User: NT AUTHORITY)
Description: The certificate received from the remote server has not validated correctly. The error code is 0x80092012. The SSL connection request has failed. The attached data contains the server certificate.
Error: (07/03/2017 10:17:58 PM) (Source: Schannel) (EventID: 4120) (User: NT AUTHORITY)
Description: The following fatal alert was generated: 43. The internal error state is 552.
CodeIntegrity:
===================================
Date: 2017-05-15 11:16:42.079
Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\Program Files (x86)\Lenovo\System Update\ApsIns64.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.
Date: 2017-05-15 11:16:42.078
Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\Program Files (x86)\Lenovo\System Update\ApsIns64.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.
Date: 2017-05-07 17:54:59.944
Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\Program Files (x86)\Lenovo\System Update\ApsIns64.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.
Date: 2017-05-07 17:54:59.943
Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\Program Files (x86)\Lenovo\System Update\ApsIns64.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.
Date: 2017-05-07 17:54:11.300
Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\Program Files (x86)\Lenovo\System Update\ApsIns64.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.
Date: 2017-05-07 17:54:11.299
Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\Program Files (x86)\Lenovo\System Update\ApsIns64.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.
Date: 2017-04-30 17:53:11.689
Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\Program Files (x86)\Lenovo\System Update\ApsIns64.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.
Date: 2017-04-30 17:53:11.689
Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\Program Files (x86)\Lenovo\System Update\ApsIns64.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.
Date: 2017-04-30 17:52:48.728
Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\Program Files (x86)\Lenovo\System Update\ApsIns64.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.
Date: 2017-04-30 17:52:48.728
Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\Program Files (x86)\Lenovo\System Update\ApsIns64.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.
==================== Memory info ===========================
Processor: Intel® Core i3-4005U CPU @ 1.70GHz
Percentage of memory in use: 74%
Total physical RAM: 3836.24 MB
Available physical RAM: 989.54 MB
Total Virtual: 7670.67 MB
Available Virtual: 3771.79 MB
==================== Drives ================================
Drive c: (Windows7_OS) (Fixed) (Total:447.43 GB) (Free:292.08 GB) NTFS ==>[system with boot components (obtained from drive)]
Drive q: (Lenovo_Recovery) (Fixed) (Total:16.86 GB) (Free:5 GB) NTFS
==================== MBR & Partition Table ==================
========================================================
Disk: 0 (Size: 465.8 GB) (Disk ID: 675C1CE5)
Partition 1: (Active) - (Size=1.5 GB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=447.4 GB) - (Type=07 NTFS)
Partition 3: (Not Active) - (Size=16.9 GB) - (Type=07 NTFS)
==================== End of Addition.txt ============================