Jump to content


Photo

Family PC running slow, just wanted to check

Started by Tyrellcorp , May 11 2020 10:11 AM

  • This topic is locked This topic is locked
14 replies to this topic

#1 Tyrellcorp

Tyrellcorp

    Member

  • Full Member
  • Pip
  • 13 posts

Posted 11 May 2020 - 10:11 AM

Dear SWI Forums,

 

Thanks so much for providing this service. The forums seem a bit quiet (hopefully because your advice is working!).

 

There's not any major identifiable issue, but the PC runs a lot slower, making it difficult for people to do Zoom and Skype etc. The Wifi also cuts out a lot, that may be connected to having a crappy router, but thought I'd mention it just in case.

 

My family asked me to see if I could find anything. Did a few scans but not really sure if I found anything. If you have a spare moment to check over these logs, would definitely be much appreciated, but no worries if it's not possible.

 

Thanks for running this site and volunteering your time and skills, it's really helpful for us tech noobs.

 

Malwarebytes
www.malwarebytes.com

-Log Details-
Scan Date: 5/11/20
Scan Time: 3:38 PM
Log File: 0c3f3542-9395-11ea-925d-c03fd507503d.json

-Software Information-
Version: 4.1.0.56
Components Version: 1.0.896
Update Package Version: 1.0.23670
License: Trial

-System Information-
OS: Windows 10 (Build 18362.778)
CPU: x64
File System: NTFS
User: PAULINE-PC\Pauline

-Scan Summary-
Scan Type: Threat Scan
Scan Initiated By: Manual
Result: Completed
Objects Scanned: 318568
Threats Detected: 46
Threats Quarantined: 0
Time Elapsed: 24 min, 48 sec

-Scan Options-
Memory: Enabled
Startup: Enabled
Filesystem: Enabled
Archives: Enabled
Rootkits: Disabled
Heuristics: Enabled
PUP: Detect
PUM: Detect

-Scan Details-
Process: 0
(No malicious items detected)

Module: 0
(No malicious items detected)

Registry Key: 3
PUP.Optional.Conduit, HKLM\SOFTWARE\MICROSOFT\INTERNET EXPLORER\SEARCHSCOPES\{0633EE93-D776-472F-A0FF-E1416B8B2E3A}, No Action By User, 194, 236865, , , ,
PUP.Optional.Conduit, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\INTERNET EXPLORER\SEARCHSCOPES\{0633EE93-D776-472F-A0FF-E1416B8B2E3A}, No Action By User, 194, 236865, , , ,
PUP.Optional.Conduit, HKU\S-1-5-21-3106986344-3918020473-2541437126-1002\SOFTWARE\MICROSOFT\INTERNET EXPLORER\SEARCHSCOPES\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}, No Action By User, 194, 236865, 1.0.23670, , ame,

Registry Value: 5
PUP.Optional.Conduit, HKU\S-1-5-21-3106986344-3918020473-2541437126-1002\SOFTWARE\MICROSOFT\INTERNET EXPLORER\SEARCHSCOPES\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}|URL, No Action By User, 194, 236865, 1.0.23670, , ame,
PUP.Optional.Conduit, HKU\S-1-5-21-3106986344-3918020473-2541437126-1002\SOFTWARE\MICROSOFT\INTERNET EXPLORER\SEARCHSCOPES\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}|TOPRESULTURL, No Action By User, 194, 236865, 1.0.23670, , ame,
PUP.Optional.MindSpark.Generic, HKU\S-1-5-21-3106986344-3918020473-2541437126-1002\SOFTWARE\GOOGLE\CHROME\PREFERENCEMACS\Default\extensions.settings|kohoehgoafblafjinhplmhcbphgaaobc, No Action By User, 1812, 443121, , , ,
PUP.Optional.MindSpark.Generic, HKU\S-1-5-21-3106986344-3918020473-2541437126-1002\SOFTWARE\GOOGLE\CHROME\PREFERENCEMACS\Default\extensions.settings|jbdhaekeogebjjbaldibekfepbhogdng, No Action By User, 1812, 443122, , , ,
PUP.Optional.SearchEncrypt.Generic, HKU\S-1-5-21-3106986344-3918020473-2541437126-1002\SOFTWARE\GOOGLE\CHROME\PREFERENCEMACS\Default\extensions.settings|miccbchdddoellcffocmhaankbmiapll, No Action By User, 15152, 448980, , , ,

Registry Data: 1
PUP.Optional.Conduit, HKU\S-1-5-21-3106986344-3918020473-2541437126-1002\SOFTWARE\MICROSOFT\INTERNET EXPLORER\MAIN|START PAGE, No Action By User, 194, 293058, 1.0.23670, , ame,

Data Stream: 0
(No malicious items detected)

Folder: 5
PUP.Optional.MindSpark.Generic, C:\USERS\PAULINE\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\Default\Local Extension Settings\kohoehgoafblafjinhplmhcbphgaaobc, No Action By User, 1812, 443121, , , ,
PUP.Optional.MindSpark.Generic, C:\USERS\PAULINE\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\EXTENSIONS\KOHOEHGOAFBLAFJINHPLMHCBPHGAAOBC, No Action By User, 1812, 443121, 1.0.23670, , ame,
PUP.Optional.MindSpark.Generic, C:\USERS\PAULINE\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\EXTENSIONS\JBDHAEKEOGEBJJBALDIBEKFEPBHOGDNG, No Action By User, 1812, 443122, 1.0.23670, , ame,
PUP.Optional.SearchEncrypt.Generic, C:\USERS\PAULINE\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\Default\Sync Extension Settings\miccbchdddoellcffocmhaankbmiapll, No Action By User, 15152, 448980, , , ,
PUP.Optional.SearchEncrypt.Generic, C:\USERS\PAULINE\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\EXTENSIONS\MICCBCHDDDOELLCFFOCMHAANKBMIAPLL, No Action By User, 15152, 448980, 1.0.23670, , ame,

File: 32
PUP.Optional.StartPage24, C:\USERS\PAULINE\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\YNMZWUN2.DEFAULT\EXTENSIONS\FFEXT_BASICVIDEOEXT@STARTPAGE24.XPI, No Action By User, 4602, 186354, 1.0.23670, , ame,
PUP.Optional.MindSpark.Generic, C:\USERS\PAULINE\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\Default\LOCAL STORAGE\http_inboxace.dl.tb.ask.com_0.localstorage, No Action By User, 1812, 443123, 1.0.23670, , ame,
PUP.Optional.MindSpark.Generic, C:\USERS\PAULINE\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\Default\LOCAL STORAGE\http_inboxace.dl.tb.ask.com_0.localstorage-journal, No Action By User, 1812, 443123, 1.0.23670, , ame,
PUP.Optional.Conduit, C:\USERS\PAULINE\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\YNMZWUN2.DEFAULT\PREFS.JS, No Action By User, 194, 301520, 1.0.23670, , ame,
PUP.Optional.MindSpark.Generic, C:\USERS\PAULINE\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\Default\Secure Preferences, No Action By User, 1812, 443121, , , ,
PUP.Optional.MindSpark.Generic, C:\USERS\PAULINE\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\Default\Preferences, No Action By User, 1812, 443121, , , ,
PUP.Optional.MindSpark.Generic, C:\Users\Pauline\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\kohoehgoafblafjinhplmhcbphgaaobc\000003.log, No Action By User, 1812, 443121, , , ,
PUP.Optional.MindSpark.Generic, C:\Users\Pauline\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\kohoehgoafblafjinhplmhcbphgaaobc\CURRENT, No Action By User, 1812, 443121, , , ,
PUP.Optional.MindSpark.Generic, C:\Users\Pauline\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\kohoehgoafblafjinhplmhcbphgaaobc\LOCK, No Action By User, 1812, 443121, , , ,
PUP.Optional.MindSpark.Generic, C:\Users\Pauline\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\kohoehgoafblafjinhplmhcbphgaaobc\LOG, No Action By User, 1812, 443121, , , ,
PUP.Optional.MindSpark.Generic, C:\Users\Pauline\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\kohoehgoafblafjinhplmhcbphgaaobc\LOG.old, No Action By User, 1812, 443121, , , ,
PUP.Optional.MindSpark.Generic, C:\Users\Pauline\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\kohoehgoafblafjinhplmhcbphgaaobc\MANIFEST-000001, No Action By User, 1812, 443121, , , ,
PUP.Optional.MindSpark.Generic, C:\USERS\PAULINE\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\EXTENSIONS\KOHOEHGOAFBLAFJINHPLMHCBPHGAAOBC\13.917.17.3591_0\MANIFEST.JSON, No Action By User, 1812, 443121, 1.0.23670, , ame,
PUP.Optional.MindSpark.Generic, C:\USERS\PAULINE\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\Default\Secure Preferences, No Action By User, 1812, 443122, , , ,
PUP.Optional.MindSpark.Generic, C:\USERS\PAULINE\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\Default\Preferences, No Action By User, 1812, 443122, , , ,
PUP.Optional.MindSpark.Generic, C:\USERS\PAULINE\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\EXTENSIONS\JBDHAEKEOGEBJJBALDIBEKFEPBHOGDNG\12.9.6.8604_0\MANIFEST.JSON, No Action By User, 1812, 443122, 1.0.23670, , ame,
PUP.Optional.MindSpark.Generic, C:\USERS\PAULINE\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\EXTENSIONS\KOHOEHGOAFBLAFJINHPLMHCBPHGAAOBC\13.917.17.3591_0\CONFIG\CONFIG.JSON, No Action By User, 1812, 456842, 1.0.23670, , ame,
PUP.Optional.SearchEncrypt.Generic, C:\USERS\PAULINE\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\Default\Secure Preferences, No Action By User, 15152, 448980, , , ,
PUP.Optional.SearchEncrypt.Generic, C:\USERS\PAULINE\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\Default\Preferences, No Action By User, 15152, 448980, , , ,
PUP.Optional.SearchEncrypt.Generic, C:\Users\Pauline\AppData\Local\Google\Chrome\User Data\Default\Sync Extension Settings\miccbchdddoellcffocmhaankbmiapll\000003.log, No Action By User, 15152, 448980, , , ,
PUP.Optional.SearchEncrypt.Generic, C:\Users\Pauline\AppData\Local\Google\Chrome\User Data\Default\Sync Extension Settings\miccbchdddoellcffocmhaankbmiapll\CURRENT, No Action By User, 15152, 448980, , , ,
PUP.Optional.SearchEncrypt.Generic, C:\Users\Pauline\AppData\Local\Google\Chrome\User Data\Default\Sync Extension Settings\miccbchdddoellcffocmhaankbmiapll\LOCK, No Action By User, 15152, 448980, , , ,
PUP.Optional.SearchEncrypt.Generic, C:\Users\Pauline\AppData\Local\Google\Chrome\User Data\Default\Sync Extension Settings\miccbchdddoellcffocmhaankbmiapll\LOG, No Action By User, 15152, 448980, , , ,
PUP.Optional.SearchEncrypt.Generic, C:\Users\Pauline\AppData\Local\Google\Chrome\User Data\Default\Sync Extension Settings\miccbchdddoellcffocmhaankbmiapll\LOG.old, No Action By User, 15152, 448980, , , ,
PUP.Optional.SearchEncrypt.Generic, C:\Users\Pauline\AppData\Local\Google\Chrome\User Data\Default\Sync Extension Settings\miccbchdddoellcffocmhaankbmiapll\MANIFEST-000001, No Action By User, 15152, 448980, , , ,
PUP.Optional.SearchEncrypt.Generic, C:\USERS\PAULINE\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\EXTENSIONS\MICCBCHDDDOELLCFFOCMHAANKBMIAPLL\2.2.19_0\MANIFEST.JSON, No Action By User, 15152, 448980, 1.0.23670, , ame,
PUP.Optional.InboxTB, C:\USERS\PAULINE\DOCUMENTS\DOWNLOADS\PUBLICTRANSPORTSETUP.EXE, No Action By User, 671, 603680, 1.0.23670, , ame,
Generic.Malware/Suspicious, C:\USERS\PAULINE\DOCUMENTS\DOWNLOADS\MUSICNOTESSUITE.EXE, No Action By User, 0, 392686, 1.0.23670, , shuriken,
PUP.Optional.InboxTB, C:\USERS\PAULINE\DOCUMENTS\DOWNLOADS\PUBLICTRANSPORTSETUP(3).EXE, No Action By User, 671, 603680, 1.0.23670, , ame,
Generic.Malware/Suspicious, C:\USERS\PAULINE\DOCUMENTS\DOWNLOADS\MUSICNOTESSUITE(2).EXE, No Action By User, 0, 392686, 1.0.23670, , shuriken,
PUP.Optional.InboxTB, C:\USERS\PAULINE\DOCUMENTS\DOWNLOADS\PUBLICTRANSPORTSETUP(2).EXE, No Action By User, 671, 603680, 1.0.23670, , ame,
PUP.Optional.BundleInstaller, C:\USERS\PAULINE\DOWNLOADS\UTORRENT.EXE, No Action By User, 504, 790622, 1.0.23670, , ame,

Physical Sector: 0
(No malicious items detected)

WMI: 0
(No malicious items detected)


(end)

 

 

 

Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 11-05-2020
Ran by Pauline (administrator) on PAULINE-PC (LENOVO 10126) (11-05-2020 16:10:51)
Running from C:\Users\Pauline\Downloads
Loaded Profiles: Pauline
Platform: Windows 10 Home Version 1903 18362.778 (X64) Language: English (United States)
Default browser: "C:\Program Files (x86)\AVAST Software\Browser\Application\AvastBrowser.exe" -- "%1"
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo...very-scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

() [File not signed] C:\Windows\jmesoft\JME_LOAD.exe
() [File not signed] C:\Windows\jmesoft\Service.exe
(Adobe Inc. -> Adobe Systems) C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
(Advanced Micro Devices, Inc. -> Advanced Micro Devices, Inc.) C:\Program Files\AMD\CNext\CNext\amdow.exe
(Advanced Micro Devices, Inc. -> Advanced Micro Devices, Inc.) C:\Program Files\AMD\CNext\CNext\AMDRSServ.exe
(Advanced Micro Devices, Inc. -> Advanced Micro Devices, Inc.) C:\Program Files\AMD\CNext\CNext\RadeonSettings.exe
(Advanced Micro Devices, Inc. -> AMD) C:\Windows\System32\DriverStore\FileRepository\c0346830.inf_amd64_f723e13ffb3b2652\B345901\atieclxx.exe
(Advanced Micro Devices, Inc. -> AMD) C:\Windows\System32\DriverStore\FileRepository\c0346830.inf_amd64_f723e13ffb3b2652\B345901\atiesrxx.exe
(Apple Inc. -> Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(Apple Inc. -> Apple Inc.) C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(Apple Inc. -> Apple Inc.) C:\Program Files\iPod\bin\iPodService.exe
(Apple Inc. -> Apple Inc.) C:\Program Files\iTunes\iTunesHelper.exe
(AVAST Software s.r.o. -> AVAST Software) C:\Program Files (x86)\AVAST Software\Browser\Update\1.4.136.333\AvastBrowserCrashHandler.exe
(AVAST Software s.r.o. -> AVAST Software) C:\Program Files (x86)\AVAST Software\Browser\Update\1.4.136.333\AvastBrowserCrashHandler64.exe
(Avast Software s.r.o. -> AVAST Software) C:\Program Files\AVAST Software\Avast\aswEngSrv.exe
(Avast Software s.r.o. -> AVAST Software) C:\Program Files\AVAST Software\Avast\aswidsagent.exe
(Avast Software s.r.o. -> AVAST Software) C:\Program Files\AVAST Software\Avast\AvastSvc.exe
(Avast Software s.r.o. -> AVAST Software) C:\Program Files\AVAST Software\Avast\AvastUI.exe <2>
(Avast Software s.r.o. -> AVAST Software) C:\Program Files\AVAST Software\Avast\wsc_proxy.exe
(CyberLink -> ) C:\Program Files\CyberLink\Shared files\RichVideo64.exe
(CyberLink -> CyberLink) C:\Program Files (x86)\Lenovo\Power2Go\CLMLSvc.exe
(CyberLink Corp. -> CyberLink Corp.) C:\Program Files (x86)\Lenovo\PowerDVD10\PDVD10Serv.exe
(Dropbox, Inc -> Dropbox, Inc.) C:\Users\Pauline\AppData\Local\Dropbox\Update\DropboxUpdate.exe <3>
(Google LLC -> Google LLC) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe <11>
(Hewlett Packard -> HP Inc.) C:\Program Files\HP\HP ENVY 5540 series\Bin\ScanToPCActivationApp.exe
(HP Inc. -> HP Inc.) C:\Program Files (x86)\Hewlett-Packard\HP Support Solutions\HPSupportSolutionsFrameworkService.exe
(Huawei Technologies Co., Ltd. -> ) [File not signed] C:\Program Files (x86)\HiSuite\HandSetService\HuaweiHiSuiteService64.exe
(IBM -> IBM Corp.) C:\Program Files (x86)\Trusteer\Rapport\bin\RapportHelper.exe <2>
(IBM -> IBM Corp.) C:\Program Files (x86)\Trusteer\Rapport\bin\RapportMgmtService.exe
(IBM -> IBM Corp.) C:\Program Files (x86)\Trusteer\Rapport\bin\RapportService.exe
(IBM -> IBM Corp.) C:\Program Files (x86)\Trusteer\Rapport\bin\x64\RapportInjService_x64.exe <2>
(LAVASOFT SOFTWARE CANADA INC -> ) C:\Program Files (x86)\Lavasoft\Web Companion\Application\Lavasoft.WCAssistant.WinService.exe
(Lenovo -> Lenovo Group Ltd.) C:\Windows\Lenovo\ImController\PluginHost86\Lenovo.Modern.ImController.PluginHost.Device.exe
(Lenovo -> Lenovo Group Ltd.) C:\Windows\Lenovo\ImController\Service\Lenovo.Modern.ImController.exe
(LENOVO -> Lenovo) C:\Program Files\lenovo\Lenovo Solution Center\LSCNotify.exe
(Lenovo) [File not signed] C:\Windows\jmesoft\hotkey.exe
(Malwarebytes Inc -> Malwarebytes) C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe
(Malwarebytes Inc -> Malwarebytes) C:\Program Files\Malwarebytes\Anti-Malware\mbamtray.exe
(Maxthon (Asia) Limited. -> Maxthon) C:\Program Files (x86)\Maxthon\Modules\Service\Update\MaxthonUpdateSvc.exe
(Microsoft Corporation -> Microsoft Corporation) C:\Program Files\Microsoft Office 15\ClientX64\officeclicktorun.exe
(Microsoft Corporation -> Microsoft Corporation) C:\Users\Pauline\AppData\Local\Microsoft\OneDrive\OneDrive.exe
(Microsoft Windows -> Microsoft Corporation) C:\Windows\ImmersiveControlPanel\SystemSettings.exe
(Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\cmd.exe
(Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\CompatTelRunner.exe
(Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\smartscreen.exe
(Microsoft Windows -> Microsoft Corporation) C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\RemindersServer.exe
(Mozilla Corporation -> Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe <9>
(Nitro PDF Software -> Nalpeiron Ltd.) C:\Windows\SysWOW64\NLSSRV32.EXE
(Nitro PDF Software -> Nitro PDF Software) C:\Program Files\Common Files\Nitro\Pro\8.0\NitroPDFDriverService8x64.exe
(Realtek Semiconductor Corp -> Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe
(Realtek Semiconductor Corp -> Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
(SEIKO EPSON CORPORATION -> Seiko Epson Corporation) C:\Windows\System32\escsvc64.exe
(SEIKO EPSON CORPORATION -> SEIKO EPSON CORPORATION) C:\Windows\System32\spool\drivers\x64\3\E_YATIRDE.EXE

==================== Registry (Whitelisted) ===================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [RTHDVCPL] => C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [13885696 2015-06-24] (Realtek Semiconductor Corp -> Realtek Semiconductor)
HKLM\...\Run: [RtHDVBg_LENOVO_MICPKEY] => C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe [1402624 2015-06-24] (Realtek Semiconductor Corp -> Realtek Semiconductor)
HKLM\...\Run: [EKIJ5000StatusMonitor] => C:\WINDOWS\system32\spool\DRIVERS\x64\3\EKIJ5000MUI.exe [2045440 2010-09-02] (Microsoft Windows Hardware Compatibility Publisher -> Eastman Kodak Company)
HKLM\...\Run: [AvastUI.exe] => C:\Program Files\AVAST Software\Avast\AvLaunch.exe [108216 2020-04-15] (Avast Software s.r.o. -> AVAST Software)
HKLM\...\Run: [iTunesHelper] => C:\Program Files\iTunes\iTunesHelper.exe [302392 2020-03-28] (Apple Inc. -> Apple Inc.)
HKLM-x32\...\Run: [jmekey] => C:\windows\jmesoft\hotkey.exe [118784 2013-07-24] (Lenovo) [File not signed]
HKLM-x32\...\Run: [jmesoft] => C:\Windows\jmesoft\ServiceLoader.exe [28672 2011-08-17] () [File not signed]
HKLM-x32\...\Run: [LVT] => C:\Program Files\Lenovo\LVT\LJYZ.exe [886112 2011-11-24] (Lenovo (Beijing) Limited -> Lenovo)
HKLM-x32\...\Run: [RemoteControl10] => C:\Program Files (x86)\Lenovo\PowerDVD10\PDVD10Serv.exe [95192 2013-03-09] (CyberLink Corp. -> CyberLink Corp.)
HKLM-x32\...\Run: [CLMLServer] => C:\Program Files (x86)\Lenovo\Power2Go\CLMLSvc.exe [103720 2009-12-05] (CyberLink -> CyberLink)
HKLM-x32\...\Run: [UpdateP2GoShortCut] => C:\Program Files (x86)\Lenovo\Power2Go\MUITransfer\MUIStartMenu.exe [214312 2011-12-07] (CyberLink -> CyberLink Corp.)
HKLM-x32\...\Run: [Lenovo App Shop] => C:\Program Files (x86)\Lenovo\LenovoAppShop\bin\ismagent.exe [156000 2013-07-18] (Intel® Services Manager -> Intel Corporation)
HKLM-x32\...\Run: [SunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [271744 2014-09-26] (Oracle America, Inc. -> Oracle Corporation)
HKLM-x32\...\Run: [EKIJ5000StatusMonitor] => C:\Windows\System32\spool\drivers\x64\3\EKIJ5000MUI.exe [2045440 2010-09-02] (Microsoft Windows Hardware Compatibility Publisher -> Eastman Kodak Company)
HKLM Group Policy restriction on software: %systemroot%\system32\mrt.exe <==== ATTENTION
HKU\S-1-5-21-3106986344-3918020473-2541437126-1002\...\Run: [STManager] => C:\Program Files (x86)\SpeedTouch\Dr SpeedTouch\drst.exe [118784 2003-10-16] (THOMSON) [File not signed]
HKU\S-1-5-21-3106986344-3918020473-2541437126-1002\...\Run: [Dropbox Update] => C:\Users\Pauline\AppData\Local\Dropbox\Update\DropboxUpdate.exe [143144 2016-03-02] (Dropbox, Inc -> Dropbox, Inc.)
HKU\S-1-5-21-3106986344-3918020473-2541437126-1002\...\Run: [HP ENVY 5540 series (NET)] => C:\Program Files\HP\HP ENVY 5540 series\Bin\ScanToPCActivationApp.exe [3770504 2017-03-27] (Hewlett Packard -> HP Inc.)
HKU\S-1-5-21-3106986344-3918020473-2541437126-1002\...\Run: [EPLTarget\P0000000000000000] => C:\WINDOWS\system32\spool\DRIVERS\x64\3\E_YATIRDE.EXE [417776 2014-11-14] (SEIKO EPSON CORPORATION -> SEIKO EPSON CORPORATION)
HKU\S-1-5-21-3106986344-3918020473-2541437126-1002\...\Run: [EPLTarget\P0000000000000001] => C:\WINDOWS\system32\spool\DRIVERS\x64\3\E_YATIRDE.EXE [417776 2014-11-14] (SEIKO EPSON CORPORATION -> SEIKO EPSON CORPORATION)
HKU\S-1-5-21-3106986344-3918020473-2541437126-1002\...\Run: [Web Companion] => C:\Program Files (x86)\Lavasoft\Web Companion\Application\WebCompanion.exe [7908440 2019-11-07] (LAVASOFT SOFTWARE CANADA INC -> Lavasoft)
HKU\S-1-5-21-3106986344-3918020473-2541437126-1002\...\Run: [AvastBrowserAutoLaunch_C9BDCEAD8556B71B9ADF3D344F2B8E05] => C:\Program Files (x86)\AVAST Software\Browser\Application\AvastBrowser.exe [1853360 2020-04-08] (Avast Software s.r.o. -> AVAST Software)
HKU\S-1-5-21-3106986344-3918020473-2541437126-1002\...\MountPoints2: {ecc7164e-57cc-11e3-8250-806e6f6e6963} - "D:\InstallNavi.exe"
HKLM\Software\Microsoft\Active Setup\Installed Components: [{8A69D345-D564-463c-AFF1-A69D9E530F96}] -> C:\Program Files (x86)\Google\Chrome\Application\81.0.4044.138\Installer\chrmstp.exe [2020-05-07] (Google LLC -> Google LLC)
HKLM\Software\Wow6432Node\Microsoft\Active Setup\Installed Components: [{30C521FB-255B-46C8-9F0D-EE5AE371C9AA}] -> C:\Program Files (x86)\AVAST Software\Browser\Application\81.0.3970.92\Installer\chrmstp.exe [2020-05-04] (Avast Software s.r.o. -> AVAST Software)
FF HKLM\SOFTWARE\Policies\Mozilla\Firefox: Restriction <==== ATTENTION
CHR HKLM\SOFTWARE\Policies\Google: Restriction <==== ATTENTION

==================== Scheduled Tasks (Whitelisted) ============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

Task: {005038F6-0B41-470F-85CA-0DED2A92EAE4} - \Microsoft\Windows\Setup\gwx\refreshgwxconfigandcontent -> No File <==== ATTENTION
Task: {02773121-4506-4203-A153-927B28A98CA2} - \Microsoft\Windows\UNP\RunCampaignManager -> No File <==== ATTENTION
Task: {045A323D-10B8-4C71-843E-E687B3D23403} - System32\Tasks\AVAST Software\Avast settings backup => C:\Program Files\Common Files\AV\avast! Antivirus\backup.exe
Task: {098A71CC-2BB1-4008-9122-A2A0286B7473} - System32\Tasks\Lenovo\LSC\LSCTaskService => C:\Program Files\Lenovo\Lenovo Solution Center\App\LSCTaskService.exe
Task: {0B628AA5-4D07-4948-AA02-53CCD3FA0710} - \Microsoft\Windows\Setup\GWXTriggers\OutOfSleep-5d -> No File <==== ATTENTION
Task: {118FB6EB-5451-4206-A6CA-12AED9DCD08A} - System32\Tasks\Apple\AppleSoftwareUpdate => C:\Program Files (x86)\Apple Software Update\SoftwareUpdate.exe [616832 2019-09-04] (Apple Inc. -> Apple Inc.)
Task: {12E2BF0B-8366-460E-B550-0C3D15BB87D8} - System32\Tasks\Microsoft\Windows\Shell\FamilySafetyUpload => {EBF00FCB-0769-4B81-9BEC-6C05514111AA}
Task: {168B3367-DEE9-4699-B749-E30F883505B7} - System32\Tasks\Lenovo\LSC\LSCHardwareScan => C:\Program Files\Lenovo\Lenovo Solution Center\LSC.exe [10165384 2016-12-07] (LENOVO -> Lenovo)
Task: {16A7B259-AC17-4116-A712-DDD3B6192D53} - System32\Tasks\AvastUpdateTaskMachineUA => C:\Program Files (x86)\AVAST Software\Browser\Update\AvastBrowserUpdate.exe [164984 2018-05-28] (AVAST Software s.r.o. -> AVAST Software)
Task: {1B44623E-5C7C-4ED9-A001-524E129B269A} - System32\Tasks\EPSON XP-442 445 Series Update {B5E386D4-ECC6-44A7-9E11-A936D17B0526} => C:\WINDOWS\system32\spool\DRIVERS\x64\3\E_YTSRDE.EXE [690536 2013-11-22] (SEIKO EPSON CORPORATION -> SEIKO EPSON CORPORATION)
Task: {21248F16-8AC0-4E0D-81EC-C4B2BAAB4325} - System32\Tasks\Maxthon Update => C:\Program Files (x86)\Maxthon\Bin\mxup.exe [1671480 2013-08-01] (Maxthon (Asia) Limited. -> Maxthon International ltd.)
Task: {21D11642-DF6C-485D-9D8F-29AB11502CB3} - System32\Tasks\Hewlett-Packard\HP Support Assistant\WarrantyChecker_DeviceScan => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPWarrantyCheck\HPWarrantyChecker.exe [1117048 2020-03-26] (HP Inc. -> HP Inc.)
Task: {241A7246-A67A-4770-BCA4-8B98F314B201} - System32\Tasks\Hewlett-Packard\HP Support Assistant\Product Configurator => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\ProductConfig.exe [320856 2020-04-23] (HP Inc. -> HP Inc.)
Task: {253564D8-2B4E-4A16-8ED7-5F57DEB2E347} - System32\Tasks\Hewlett-Packard\HP Support Assistant\WarrantyChecker_TH58H1R040 => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPWarrantyCheck\HPWarrantyChecker.exe [1117048 2020-03-26] (HP Inc. -> HP Inc.)
Task: {263EC160-9C76-4EDA-A167-FE909FB3E790} - System32\Tasks\Lenovo\ImController\Lenovo iM Controller Scheduled Maintenance => "%windir%\system32\sc.exe" START ImControllerService
Task: {2B49C405-788E-48C8-9D7A-9605436C1513} - \WPD\SqmUpload_S-1-5-21-3106986344-3918020473-2541437126-1002 -> No File <==== ATTENTION
Task: {2C802084-475E-448A-9B5E-F714D0B76E13} - System32\Tasks\Lenovo\Lenovo Customer Feedback Program => C:\Program Files\Lenovo\Customer Feedback Program\Lenovo.TVT.CustomerFeedback.Agent.exe
Task: {317BE622-9209-42DA-9FF6-7C2F8F6DB8E9} - System32\Tasks\StartCN => C:\Program Files\AMD\CNext\CNext\cncmd.exe [61112 2019-08-16] (Advanced Micro Devices, Inc. -> Advanced Micro Devices, Inc.)
Task: {352E6CA0-7314-4DF4-89C4-682368D80D57} - System32\Tasks\Microsoft\Windows\Workplace Join\Automatic-Workplace-Join => C:\WINDOWS\System32\AutoWorkplace.exe
Task: {35BAED70-52F8-4040-BAA3-F73CBE4FC89D} - System32\Tasks\Microsoft\Windows\PLA\LSC Memory => C:\windows\system32\rundll32.exe C:\windows\system32\pla.dll,PlaHost "LSC Memory" "$(Arg0)"
Task: {36C7DA80-7C3C-4BB7-92D4-83CF59A44F72} - System32\Tasks\CreateChoiceProcessTask => C:\Windows\BrowserChoice\browserchoice.exe
Task: {3B80290B-755B-4048-A093-FCFE57B7D17F} - System32\Tasks\Lenovo\LSC\Time72Task => C:\Program Files\Lenovo\Lenovo Solution Center\App\LSCService.exe
Task: {46C206C1-4055-4DFD-B73C-0B55DDAEE405} - \Microsoft\Windows\Setup\GWXTriggers\Time-5d -> No File <==== ATTENTION
Task: {55D3C4FF-D2A0-41D7-9371-C07C58662E4E} - System32\Tasks\Hewlett-Packard\HP Support Assistant\HP Support Assistant Quick Start => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSF.exe [1506680 2019-06-14] (HP Inc. -> HP Inc.)
Task: {5610FCBB-F1AD-4BE4-A4A7-C9D6142F6770} - System32\Tasks\AvastUpdateTaskMachineCore => C:\Program Files (x86)\AVAST Software\Browser\Update\AvastBrowserUpdate.exe [164984 2018-05-28] (AVAST Software s.r.o. -> AVAST Software)
Task: {5A3FB241-0B11-4EA5-BC66-0D9F1B406040} - System32\Tasks\Microsoft\Windows\Customer Experience Improvement Program\BthSQM => {C8367320-6F85-11E0-A1F0-0800200C9A66} C:\WINDOWS\System32\BthTelemetry.dll [32256 2019-03-19] (Microsoft Windows -> Microsoft Corporation)
Task: {654E2860-3E79-40AF-8B62-F35CA7584746} - System32\Tasks\Avast Secure Browser Heartbeat Task (Hourly) => C:\Program Files (x86)\AVAST Software\Browser\Application\AvastBrowser.exe [1853360 2020-04-08] (Avast Software s.r.o. -> AVAST Software)
Task: {6B8E0F2F-FA72-4BE3-B721-032C29903871} - System32\Tasks\TnI CheckExplorer Function => C:\Program Files (x86)\TPV-INVENTA\TnI CheckExplorer Function\CheckExploer.exe [9728 2013-10-05] (TPV-INVENTA TECHNOLOGY CO,LTD ) [File not signed]
Task: {6DFCB649-0769-4F83-BB10-F60F235F6D3D} - System32\Tasks\Microsoft\Windows\SkyDrive\Idle Sync Maintenance Task => {BF6C1E47-86EC-4194-9CE5-13C15DCB2001}
Task: {74BAA659-8859-4A05-B1EF-D7149873C7EF} - System32\Tasks\RealDownloaderRealUpgradeLogonTaskS-1-5-21-3106986344-3918020473-2541437126-1002 => C:\Program Files (x86)\RealNetworks\RealDownloader\realupgrade.exe
Task: {766F3208-E7A3-44A0-AD28-3FAC29636893} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [144200 2015-08-29] (Google Inc -> Google Inc.)
Task: {792EF7DB-BF82-480D-81D9-D21BC7B9A9CE} - System32\Tasks\DropboxUpdateTaskUserS-1-5-21-3106986344-3918020473-2541437126-1002Core1d23736a6594058 => C:\Users\Pauline\AppData\Local\Dropbox\Update\DropboxUpdate.exe [143144 2016-03-02] (Dropbox, Inc -> Dropbox, Inc.)
Task: {7B347771-346D-4460-80AE-B29273C948B6} - System32\Tasks\Microsoft\Office\Office ClickToRun Service Monitor => C:\Program Files\Microsoft Office 15\ClientX64\OfficeC2RClient.exe [979024 2019-02-13] (Microsoft Corporation -> Microsoft Corporation)
Task: {7BFD2EC9-C0FE-41AC-8FE3-0A738E65DE84} - System32\Tasks\Mozilla\Firefox Default Browser Agent E7CF176E110C211B => C:\Program Files (x86)\Mozilla Firefox\default-browser-agent.exe [127176 2020-05-08] (Mozilla Corporation -> Mozilla Foundation)
Task: {7CDAA5E0-B13C-495E-8958-E4AEAFE7DC54} - System32\Tasks\Lenovo\ImController\TimeBasedEvents\37f18a2f-6fb7-42b4-90c5-735aebd2c1c6 => C:\WINDOWS\Lenovo\ImController\Service\Lenovo.Modern.ImController.exe [80536 2020-02-11] (Lenovo -> Lenovo Group Ltd.)
Task: {872D0E53-FD2E-41E3-B431-698AF82882CE} - System32\Tasks\Microsoft\Windows\SkyDrive\Routine Maintenance Task => {1B1F472E-3221-4826-97DB-2C2324D389AE}
Task: {881B5522-604C-4201-940F-1299E171C134} - System32\Tasks\Microsoft\Office\Office Automatic Updates => C:\Program Files\Microsoft Office 15\ClientX64\OfficeC2RClient.exe [979024 2019-02-13] (Microsoft Corporation -> Microsoft Corporation)
Task: {8A3F959C-F0E6-4FBA-9352-47B5B24AE0BA} - \Microsoft\Windows\Setup\gwx\refreshgwxcontent -> No File <==== ATTENTION
Task: {8E27E30D-FE5F-4F10-8946-06A8D3181000} - System32\Tasks\Hewlett-Packard\HP Support Assistant\HP Support Solutions Framework Updater => C:\Program Files (x86)\Hewlett-Packard\HP Support Solutions\Modules\HPSSFUpdater.exe [655736 2019-07-31] (HP Inc. -> HP Inc.)
Task: {8EF20D9C-7A36-4CC3-9611-A22C4A1856D0} - System32\Tasks\HPCeeScheduleForPauline => C:\Program Files (x86)\Hewlett-Packard\HP Ceement\HPCEE.exe [97656 2018-09-11] (HP Inc. -> HP Inc.)
Task: {96B15CCD-B702-49EC-8CC3-14522B7B3BC6} - System32\Tasks\{B5CCE973-6964-425E-A771-496052B3339B} => C:\windows\system32\pcalua.exe -a C:\Users\Pauline\Downloads\FirmwareFlashLauncher.exe -d C:\Users\Pauline\Downloads
Task: {9BE22A1F-4F65-441B-A55B-92F98190D16A} - System32\Tasks\Hewlett-Packard\HP Support Assistant\HP Support Solutions Framework Report => C:\Program Files (x86)\Hewlett-Packard\HP Support Solutions\Modules\HPSFReport.exe [134008 2020-03-25] (HP Inc. -> HP Inc.)
Task: {9E688F45-A365-44E9-A597-ADD201A556CD} - System32\Tasks\Adobe Flash Player Updater => C:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [335416 2020-04-14] (Adobe Inc. -> Adobe)
Task: {A15C16EF-3862-4184-ABAF-7CBA87A6F6A0} - System32\Tasks\Lenovo\ImController\TimeBasedEvents\1dee8492-bdd7-4e24-a901-c7a1a84b2cfd => C:\WINDOWS\Lenovo\ImController\Service\Lenovo.Modern.ImController.exe [80536 2020-02-11] (Lenovo -> Lenovo Group Ltd.)
Task: {A23E1459-E574-4CD3-B2FF-C74EBDF25205} - System32\Tasks\Lenovo\LSC\RebootCountTask => C:\Program Files\Lenovo\Lenovo Solution Center\App\LSCService.exe
Task: {A661B027-1EC9-42B9-AD22-CB4602398913} - System32\Tasks\Lenovo\BatteryGauge\BatteryGaugeMaintenance => C:\ProgramData\Lenovo\ImController\Plugins\LenovoBatteryGaugePackage\x64\BGHelper.exe [158648 2020-03-31] (Lenovo -> Lenovo Group Ltd.)
Task: {A68AE276-32CE-4E9A-93BC-FC95C82A8AB5} - System32\Tasks\Lenovo\ImController\Lenovo iM Controller Monitor => C:\WINDOWS\system32\ImController.InfInstaller.exe [54424 2020-02-11] (Lenovo -> Lenovo Group Ltd.)
Task: {A97D4BB5-0183-4C62-8319-B7757C7FF33C} - \Microsoft\Windows\Setup\GWXTriggers\Logon-5d -> No File <==== ATTENTION
Task: {A9962C79-06C5-458F-BCA0-B8EA1925D7BC} - System32\Tasks\Avast Software\Overseer => C:\Program Files\Common Files\Avast Software\Overseer\overseer.exe [1660520 2020-02-27] (Avast Software s.r.o. -> Avast Software)
Task: {ABBF0116-7589-4D9D-B8F9-3D9B6C9E3954} - \Microsoft\Windows\Setup\gwx\launchtrayprocess -> No File <==== ATTENTION
Task: {B1FE7693-D071-4F01-9CA5-4277D8C39F73} - System32\Tasks\Adobe Acrobat Update Task => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [1242704 2020-02-25] (Adobe Inc. -> Adobe Systems)
Task: {B33FBB15-11D3-4375-A3F1-BCD9659FF504} - \Microsoft\Windows\Setup\GWXTriggers\refreshgwxconfig-B -> No File <==== ATTENTION
Task: {B3F41EE1-DD20-4A7B-881B-C041E4752187} - \Microsoft\Windows\Setup\gwx\refreshgwxconfig -> No File <==== ATTENTION
Task: {B45BFF10-2B49-43FB-B4B0-C33F9E2EF957} - System32\Tasks\{E3455DCB-3EB4-4CC3-858E-800C122FC8CC} => C:\windows\system32\pcalua.exe -a "C:\Users\Pauline\Downloads\FirmwareFlashLauncher (1).exe" -d C:\Users\Pauline\Downloads
Task: {B57B951A-489A-45FF-A03C-8CF8D75F3B68} - System32\Tasks\Lenovo\LSC\Lenovo Solution Center Notifications => C:\Program Files\Lenovo\Lenovo Solution Center\LSCNotify.exe [1321608 2016-12-07] (LENOVO -> Lenovo)
Task: {B8F298BC-EBB2-4163-8EE7-9D640AAB63BE} - System32\Tasks\Lenovo\LSC\LSCHardwareScanPostpone => C:\Program Files\Lenovo\Lenovo Solution Center\LSC.exe [10165384 2016-12-07] (LENOVO -> Lenovo)
Task: {BE90992F-5AC5-4B4B-AB08-7F40B8C0355C} - System32\Tasks\Avast Emergency Update => C:\Program Files\AVAST Software\Avast\AvEmUpdate.exe [3325032 2020-04-15] (Avast Software s.r.o. -> AVAST Software)
Task: {C31A8421-A445-4E5F-8918-1F7F5B1B36FA} - \Microsoft\Windows\Setup\GWXTriggers\Telemetry-4xd -> No File <==== ATTENTION
Task: {C5691CEC-EFBA-40D5-8336-14BCEFA58588} - \Microsoft\Windows\Setup\GWXTriggers\OutOfIdle-5d -> No File <==== ATTENTION
Task: {C5902B67-5F2F-4DEF-A90C-B8240F8021DE} - System32\Tasks\RealDownloaderRealUpgradeScheduledTaskS-1-5-21-3106986344-3918020473-2541437126-1002 => C:\Program Files (x86)\RealNetworks\RealDownloader\realupgrade.exe
Task: {C619A76C-31D4-4B40-BB06-20D311532BDD} - System32\Tasks\StartDVR => C:\Program Files\AMD\CNext\CNext\RSServCmd.exe [68280 2019-08-16] (Advanced Micro Devices, Inc. -> Advanced Micro Devices, Inc.)
Task: {CE2DE968-E342-40D7-9566-427D45E4A886} - System32\Tasks\Microsoft\Windows\PerfTrack\BackgroundConfigSurveyor => {EA9155A3-8A39-40B4-8963-D3C761B18371}
Task: {CE305600-7B4F-4D8C-9ABC-37F025025355} - System32\Tasks\Hewlett-Packard\HP Support Assistant\PC Health Analysis => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSF.exe [1506680 2019-06-14] (HP Inc. -> HP Inc.)
Task: {D5BBED77-012D-49B3-9FD7-0C76506FE290} - System32\Tasks\Adobe Flash Player NPAPI Notifier => C:\WINDOWS\SysWOW64\Macromed\Flash\FlashUtil32_32_0_0_363_Plugin.exe [1458232 2020-04-14] (Adobe Inc. -> Adobe)
Task: {DE601883-5019-4061-B766-5EAF3F98DE55} - \Microsoft\Windows\Setup\GWXTriggers\MachineUnlock-5d -> No File <==== ATTENTION
Task: {E0F44717-10DE-4780-B299-29EB71CD39C1} - System32\Tasks\Lenovo\Lenovo Solution Center Launcher => C:\Program Files\Lenovo\Lenovo Solution Center\App\LSC.Services.UpdateStatusService.exe [264328 2016-12-07] (LENOVO -> )
Task: {E1015442-585B-4754-B159-D2DBB59A0515} - System32\Tasks\Avast Secure Browser Heartbeat Task (Logon) => C:\Program Files (x86)\AVAST Software\Browser\Application\AvastBrowser.exe [1853360 2020-04-08] (Avast Software s.r.o. -> AVAST Software)
Task: {E1CE6930-2BF5-4CE4-B394-6C45910DA14B} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [144200 2015-08-29] (Google Inc -> Google Inc.)
Task: {E26E0C03-7C65-42C8-B87D-CA094B573294} - System32\Tasks\Lenovo\ImController\Plugins\LenovoSystemUpdatePlugin_WeeklyTask => %windir%\System32\reg.exe add hklm\SOFTWARE\Lenovo\SystemUpdatePlugin\scheduler  /v start /t reg_dword /d 1 /f /reg:32
Task: {E7AA0A13-F351-4607-B414-3096A8B66002} - System32\Tasks\Hewlett-Packard\HP Support Assistant\HP Support Solutions Framework Updater - Resources => C:\Program Files (x86)\Hewlett-Packard\HP Support Solutions\Modules\HPSSFUpdater.exe [655736 2019-07-31] (HP Inc. -> HP Inc.)
Task: {F2A920FC-484E-4D53-80C3-A41C1DFC21F8} - System32\Tasks\DropboxUpdateTaskUserS-1-5-21-3106986344-3918020473-2541437126-1002UA1d23736a6a268ea => C:\Users\Pauline\AppData\Local\Dropbox\Update\DropboxUpdate.exe [143144 2016-03-02] (Dropbox, Inc -> Dropbox, Inc.)
Task: {F2EB3E2D-6C7C-4C9D-8B75-FBC57B4DE0DE} - System32\Tasks\Hewlett-Packard\HP Active Health\HP Active Health Scan (HPSA) => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPActiveHealth\ActiveHealth.exe [25128 2017-11-16] (HP Inc. -> )
Task: {F4AC1F4E-5956-4D7F-ADA5-B5363D9FED40} - System32\Tasks\Lenovo\ImController\TimeBasedEvents\2152c9ed-8832-49f4-b2e5-e6887ee9fb28 => C:\WINDOWS\Lenovo\ImController\Service\Lenovo.Modern.ImController.exe [80536 2020-02-11] (Lenovo -> Lenovo Group Ltd.)
Task: {F92C35E5-2A3B-4794-815B-55CADE4D72AD} - System32\Tasks\Lenovo\ImController\TimeBasedEvents\61cc2fc2-af9c-4b4e-916f-06484f057d9c => C:\WINDOWS\Lenovo\ImController\Service\Lenovo.Modern.ImController.exe [80536 2020-02-11] (Lenovo -> Lenovo Group Ltd.)

(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)

Task: C:\WINDOWS\Tasks\DropboxUpdateTaskUserS-1-5-21-3106986344-3918020473-2541437126-1002Core1d23736a6594058.job => C:\Users\Pauline\AppData\Local\Dropbox\Update\DropboxUpdate.exe
Task: C:\WINDOWS\Tasks\DropboxUpdateTaskUserS-1-5-21-3106986344-3918020473-2541437126-1002UA1d23736a6a268ea.job => C:\Users\Pauline\AppData\Local\Dropbox\Update\DropboxUpdate.exe
Task: C:\WINDOWS\Tasks\EPSON XP-442 445 Series Update {B5E386D4-ECC6-44A7-9E11-A936D17B0526}.job => C:\WINDOWS\system32\spool\DRIVERS\x64\3\E_YTSRDE.EXE:/EXE:{B5E386D4-ECC6-44A7-9E11-A936D17B0526} /F:UpdateWORKGROUP\PAULINE-PC$ĊSearches for EPSON software updates, and notifies you when updates are available.If this task is disabled or stopped, your EPSON software will not be automatically kept up to date.Thi
Task: C:\WINDOWS\Tasks\HPCeeScheduleForPauline.job => C:\Program Files (x86)\Hewlett-Packard\HP Ceement\HPCEE.exe

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

Tcpip\Parameters: [DhcpNameServer] 192.168.0.1
Tcpip\..\Interfaces\{1d88e481-2564-4293-9309-baa81f458c47}: [DhcpNameServer] 192.168.0.1
Tcpip\..\Interfaces\{52653dd8-45a2-4393-9e17-f0b57a2a7f2e}: [DhcpNameServer] 192.168.0.1

Internet Explorer:
==================
HKU\S-1-5-21-3106986344-3918020473-2541437126-1002\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.bing.com/?pc=COS2&ptag=D051819-A915F698E57&form=CONMHP&conlogo=CT3335818
HKU\S-1-5-21-3106986344-3918020473-2541437126-1002\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://lenovo13.msn.com/?pc=LCJB
HKU\S-1-5-21-3106986344-3918020473-2541437126-1002\Software\Microsoft\Internet Explorer\Main,Secondary Start Pages = hxxp://www.lenovo.com
SearchScopes: HKU\S-1-5-21-3106986344-3918020473-2541437126-1002 -> DefaultScope {BF9B3202-A8F4-4774-882D-96C8A21F6C46} URL =
SearchScopes: HKU\S-1-5-21-3106986344-3918020473-2541437126-1002 -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxp://www.bing.com/search?pc=COS2&ptag=D051819-N0700A915F698E57&form=CONBDF&conlogo=CT3335818&q={searchTerms}
SearchScopes: HKU\S-1-5-21-3106986344-3918020473-2541437126-1002 -> {BF9B3202-A8F4-4774-882D-96C8A21F6C46} URL =
BHO: Skype for Business Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX64\Microsoft Office\Office15\OCHelper.dll [2019-08-20] (Microsoft Corporation -> Microsoft Corporation)
BHO: Microsoft SkyDrive Pro Browser Helper -> {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} -> C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX64\Microsoft Office\Office15\GROOVEEX.DLL [2019-08-18] (Microsoft Corporation -> Microsoft Corporation)
BHO-x32: Java™ Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre7\bin\ssv.dll [2014-11-27] (Oracle America, Inc. -> Oracle Corporation)
BHO-x32: Java™ Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll [2014-11-27] (Oracle America, Inc. -> Oracle Corporation)
Handler-x32: osf - {D924BDC6-C83A-4BD5-90D0-095128A113D1} - C:\Program Files\Microsoft Office 15\root\Office15\MSOSB.DLL [2017-07-18] (Microsoft Corporation -> Microsoft Corporation)

FireFox:
========
FF DefaultProfile: ynmzwun2.default
FF ProfilePath: C:\Users\Pauline\AppData\Roaming\Mozilla\Firefox\Profiles\ynmzwun2.default [2020-05-11]
FF Homepage: Mozilla\Firefox\Profiles\ynmzwun2.default -> hxxps://findajob.dwp.gov.uk/
FF NewTab: Mozilla\Firefox\Profiles\ynmzwun2.default -> hxxp://www.bing.com/?pc=COS2&ptag=D051819-N0600A915F698E57&form=CONMHP&conlogo=CT3335818
FF Notifications: Mozilla\Firefox\Profiles\ynmzwun2.default -> hxxps://pogohomecounties.com; hxxps://boardgamearena.com
FF Extension: (IBM Security Rapport) - C:\Users\Pauline\AppData\Roaming\Mozilla\Extensions\{ec8030f7-c20a-464f-9b0e-13a3a9e97384}\rapportext@trusteer.com (1).xpi [2018-04-12] [UpdateUrl:hxxps://clients2.google.com/service/update2/crx]
FF Extension: (IBM Security Rapport) - C:\Users\Pauline\AppData\Roaming\Mozilla\Extensions\{ec8030f7-c20a-464f-9b0e-13a3a9e97384}\rapportext@trusteer.com.xpi [2020-03-23] [UpdateUrl:hxxps://clients2.google.com/service/update2/crx]
FF Extension: (Video Downloader professional) - C:\Users\Pauline\AppData\Roaming\Mozilla\Firefox\Profiles\ynmzwun2.default\Extensions\ffext_basicvideoext@startpage24.xpi [2020-03-10]
FF Extension: (DuckDuckGo Privacy Essentials) - C:\Users\Pauline\AppData\Roaming\Mozilla\Firefox\Profiles\ynmzwun2.default\Extensions\jid1-ZAdIEUB7XOzOJw@jetpack.xpi [2020-05-01]
FF Extension: (Avast SafePrice | Comparison, deals, coupons) - C:\Users\Pauline\AppData\Roaming\Mozilla\Firefox\Profiles\ynmzwun2.default\Extensions\sp@avast.com.xpi [2020-04-30]
FF Extension: (Avast Online Security) - C:\Users\Pauline\AppData\Roaming\Mozilla\Firefox\Profiles\ynmzwun2.default\Extensions\wrc@avast.com.xpi [2020-04-16]
FF Extension: (Google Analytics Opt-out Add-on (by Google)) - C:\Users\Pauline\AppData\Roaming\Mozilla\Firefox\Profiles\ynmzwun2.default\Extensions\{6d96bb5e-1175-4ebf-8ab5-5f56f1c79f65}.xpi [2017-03-31] [UpdateUrl:hxxps://tools.google.com/service/update2/ff?guid=%ITEM_ID%&version=%ITEM_VERSION%&application=%APP_ID%&appversion=%APP_VERSION%]
FF Plugin: @adobe.com/FlashPlayer -> C:\WINDOWS\system32\Macromed\Flash\NPSWF64_32_0_0_363.dll [2020-04-14] (Adobe Inc. -> )
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\WINDOWS\SysWOW64\Macromed\Flash\NPSWF32_32_0_0_363.dll [2020-04-14] (Adobe Inc. -> )
FF Plugin-x32: @java.com/DTPlugin,version=10.71.2 -> C:\Program Files (x86)\Java\jre7\bin\dtplugin\npDeployJava1.dll [2014-11-27] (Oracle America, Inc. -> Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=10.71.2 -> C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll [2014-11-27] (Oracle America, Inc. -> Oracle Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\Program Files\Microsoft Office 15\root\Office15\NPSPWRAP.DLL [2017-06-13] (Microsoft Corporation -> Microsoft Corporation)
FF Plugin-x32: @nitropdf.com/NitroPDF -> C:\Program Files (x86)\Nitro\Pro 8\npnitromozilla.dll [2013-08-18] (Nitro PDF Software -> Nitro PDF)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll [2017-11-01] (Adobe Systems, Incorporated -> Adobe Systems Inc.)
FF Plugin HKU\S-1-5-21-3106986344-3918020473-2541437126-1002: @zoom.us/ZoomVideoPlugin -> C:\Users\Pauline\AppData\Roaming\Zoom\bin\npzoomplugin.dll [2020-04-20] (Zoom Video Communications, Inc. -> Zoom Video Communications, Inc.)
FF Plugin HKU\S-1-5-21-3106986344-3918020473-2541437126-1002: intel.com/AppUp -> C:\Program Files (x86)\Lenovo\LenovoAppShop\bin\npAppUp.dll [2013-07-18] (Intel) [File not signed]
FF Plugin HKU\S-1-5-21-3106986344-3918020473-2541437126-1002: intel.com/AppUpx64 -> C:\Program Files (x86)\Lenovo\LenovoAppShop\bin\npAppUp_x64.dll [2013-07-18] (Intel) [File not signed]

Chrome:
=======
CHR DefaultProfile: Default
CHR Profile: C:\Users\Pauline\AppData\Local\Google\Chrome\User Data\Default [2020-05-11]
CHR StartupUrls: Default -> "hxxp://www.gmail.com/"
CHR NewTab: Default ->  Active:"chrome-extension://kohoehgoafblafjinhplmhcbphgaaobc/product.html"
CHR Extension: (Slides) - C:\Users\Pauline\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2017-10-15]
CHR Extension: (Docs) - C:\Users\Pauline\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2017-10-15]
CHR Extension: (Google Drive) - C:\Users\Pauline\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2018-10-17]
CHR Extension: (IBM Security Rapport) - C:\Users\Pauline\AppData\Local\Google\Chrome\User Data\Default\Extensions\bbjllphbppobebmjpjcijfbakobcheof [2019-12-02]
CHR Extension: (YouTube) - C:\Users\Pauline\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2015-09-25]
CHR Extension: (Google Search) - C:\Users\Pauline\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2015-10-27]
CHR Extension: (Avast SafePrice | Comparison, deals, coupons) - C:\Users\Pauline\AppData\Local\Google\Chrome\User Data\Default\Extensions\eofcbnmajmjmplflapaojjnihcjkigck [2020-03-20]
CHR Extension: (Sheets) - C:\Users\Pauline\AppData\Local\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2017-10-15]
CHR Extension: (Google Docs Offline) - C:\Users\Pauline\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2020-04-21]
CHR Extension: (MagicScroll eBook Reader) - C:\Users\Pauline\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghgnmgfdoiplfmhgghbmlphanpfmjble [2014-04-11]
CHR Extension: (InboxAce) - C:\Users\Pauline\AppData\Local\Google\Chrome\User Data\Default\Extensions\jbdhaekeogebjjbaldibekfepbhogdng [2015-03-12]
CHR Extension: (InternetSpeedRadar) - C:\Users\Pauline\AppData\Local\Google\Chrome\User Data\Default\Extensions\kohoehgoafblafjinhplmhcbphgaaobc [2019-12-19]
CHR Extension: (Search Encrypt) - C:\Users\Pauline\AppData\Local\Google\Chrome\User Data\Default\Extensions\miccbchdddoellcffocmhaankbmiapll [2018-04-26]
CHR Extension: (Chrome Web Store Payments) - C:\Users\Pauline\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2019-10-04]
CHR Extension: (Gmail) - C:\Users\Pauline\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2019-04-30]
CHR Extension: (Chrome Media Router) - C:\Users\Pauline\AppData\Local\Google\Chrome\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm [2020-04-22]
CHR Profile: C:\Users\Pauline\AppData\Local\Google\Chrome\User Data\System Profile [2015-07-28]
CHR Extension: (Google Slides) - C:\Users\Pauline\AppData\Local\Google\Chrome\User Data\System Profile\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2015-07-23]
CHR Extension: (Google Docs) - C:\Users\Pauline\AppData\Local\Google\Chrome\User Data\System Profile\Extensions\aohghmighlieiainnegkcijnfilokake [2015-07-23]
CHR Extension: (Google Drive) - C:\Users\Pauline\AppData\Local\Google\Chrome\User Data\System Profile\Extensions\apdfllckaahabafndbhieahigkjlhalf [2015-07-23]
CHR Extension: (Rapport) - C:\Users\Pauline\AppData\Local\Google\Chrome\User Data\System Profile\Extensions\bbjllphbppobebmjpjcijfbakobcheof [2015-07-23]
CHR Extension: (YouTube) - C:\Users\Pauline\AppData\Local\Google\Chrome\User Data\System Profile\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2015-07-23]
CHR Extension: (Google Search) - C:\Users\Pauline\AppData\Local\Google\Chrome\User Data\System Profile\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2015-07-23]
CHR Extension: (Google Sheets) - C:\Users\Pauline\AppData\Local\Google\Chrome\User Data\System Profile\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2015-07-23]
CHR Extension: (Avast Online Security) - C:\Users\Pauline\AppData\Local\Google\Chrome\User Data\System Profile\Extensions\gomekmidlodglbbmalcneegieacbdmki [2015-07-23]
CHR Extension: (Chrome Hotword Shared Module) - C:\Users\Pauline\AppData\Local\Google\Chrome\User Data\System Profile\Extensions\lccekmodgklaepjeofjdjpbminllajkg [2015-07-23]
CHR Extension: (Chrome Web Store Payments) - C:\Users\Pauline\AppData\Local\Google\Chrome\User Data\System Profile\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2015-07-28]
CHR Extension: (Gmail) - C:\Users\Pauline\AppData\Local\Google\Chrome\User Data\System Profile\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2015-07-23]
CHR HKU\S-1-5-21-3106986344-3918020473-2541437126-1002\SOFTWARE\Google\Chrome\Extensions\...\Chrome\Extension: [bbjllphbppobebmjpjcijfbakobcheof]
CHR HKLM-x32\...\Chrome\Extension: [eofcbnmajmjmplflapaojjnihcjkigck]
CHR HKLM-x32\...\Chrome\Extension: [gomekmidlodglbbmalcneegieacbdmki] - C:\Program Files\AVAST Software\Avast\WebRep\Chrome\aswWebRepChrome.crx <not found>

==================== Services (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R2 AMD External Events Utility; C:\WINDOWS\System32\DriverStore\FileRepository\c0346830.inf_amd64_f723e13ffb3b2652\B345901\atiesrxx.exe [508008 2019-09-18] (Advanced Micro Devices, Inc. -> AMD)
R2 Apple Mobile Device Service; C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe [96056 2020-03-27] (Apple Inc. -> Apple Inc.)
R3 aswbIDSAgent; C:\Program Files\AVAST Software\Avast\aswidsagent.exe [5504928 2020-04-15] (Avast Software s.r.o. -> AVAST Software)
S2 avast; C:\Program Files (x86)\AVAST Software\Browser\Update\AvastBrowserUpdate.exe [164984 2018-05-28] (AVAST Software s.r.o. -> AVAST Software)
R2 avast! Antivirus; C:\Program Files\AVAST Software\Avast\AvastSvc.exe [345384 2020-04-15] (Avast Software s.r.o. -> AVAST Software)
S3 avastm; C:\Program Files (x86)\AVAST Software\Browser\Update\AvastBrowserUpdate.exe [164984 2018-05-28] (AVAST Software s.r.o. -> AVAST Software)
S3 AvastSecureBrowserElevationService; C:\Program Files (x86)\AVAST Software\Browser\Application\81.0.3970.92\elevation_service.exe [954600 2020-04-08] (Avast Software s.r.o. -> AVAST Software)
R2 AvastWscReporter; C:\Program Files\AVAST Software\Avast\wsc_proxy.exe [58048 2020-04-15] (Avast Software s.r.o. -> AVAST Software)
R2 ClickToRunSvc; C:\Program Files\Microsoft Office 15\ClientX64\OfficeClickToRun.exe [3058256 2019-02-13] (Microsoft Corporation -> Microsoft Corporation)
R2 EpsonScanSvc; C:\WINDOWS\system32\EscSvc64.exe [145224 2016-11-08] (SEIKO EPSON CORPORATION -> Seiko Epson Corporation)
R2 HPSupportSolutionsFrameworkService; C:\Program Files (x86)\Hewlett-Packard\HP Support Solutions\HPSupportSolutionsFrameworkService.exe [378744 2020-03-31] (HP Inc. -> HP Inc.)
S2 HPTouchpointAnalyticsService; C:\Program Files\HP\HP Touchpoint Analytics Client\TouchpointAnalyticsClientService.exe [332216 2017-11-22] (HP Inc. -> HP Inc.)
R2 HuaweiHiSuiteService64.exe; C:\Program Files (x86)\HiSuite\HandSetService\HuaweiHiSuiteService64.exe [190784 2019-12-27] (Huawei Technologies Co., Ltd. -> ) [File not signed]
R2 ImControllerService; C:\WINDOWS\Lenovo\ImController\Service\Lenovo.Modern.ImController.exe [80536 2020-02-11] (Lenovo -> Lenovo Group Ltd.)
R2 JME Keyboard; C:\Windows\jmesoft\Service.exe [32768 2011-08-17] () [File not signed]
S3 LSC.Services.SystemService; C:\Program Files\lenovo\Lenovo Solution Center\App\LSC.Services.SystemService.exe [273544 2016-12-07] (LENOVO -> Lenovo)
R2 MaxthonUpdateSvc; C:\Program Files (x86)\Maxthon\Modules\Service\Update\MaxthonUpdateSvc.exe [84280 2013-08-19] (Maxthon (Asia) Limited. -> Maxthon)
R2 MBAMService; C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe [6933272 2020-05-11] (Malwarebytes Inc -> Malwarebytes)
R2 NitroDriverReadSpool8; C:\Program Files\Common Files\Nitro\Pro\8.0\NitroPDFDriverService8x64.exe [230408 2013-08-18] (Nitro PDF Software -> Nitro PDF Software)
R2 nlsX86cc; C:\windows\SysWOW64\NLSSRV32.EXE [69640 2013-08-18] (Nitro PDF Software -> Nalpeiron Ltd.)
R2 RapportMgmtService; C:\Program Files (x86)\Trusteer\Rapport\bin\RapportMgmtService.exe [3001632 2019-10-06] (IBM -> IBM Corp.)
R2 RichVideo64; C:\Program Files\CyberLink\Shared files\RichVideo64.exe [390632 2013-05-14] (CyberLink -> )
R2 WCAssistantService; C:\Program Files (x86)\Lavasoft\Web Companion\Application\Lavasoft.WCAssistant.WinService.exe [28760 2019-11-07] (LAVASOFT SOFTWARE CANADA INC -> )
S3 WdNisSvc; C:\ProgramData\Microsoft\Windows Defender\platform\4.18.1911.3-0\NisSrv.exe [3206472 2019-12-12] (Microsoft Windows Publisher -> Microsoft Corporation)
S3 WinDefend; C:\ProgramData\Microsoft\Windows Defender\platform\4.18.1911.3-0\MsMpEng.exe [103376 2019-12-12] (Microsoft Windows Publisher -> Microsoft Corporation)

===================== Drivers (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R3 amdkmdag; C:\WINDOWS\System32\DriverStore\FileRepository\c0346830.inf_amd64_f723e13ffb3b2652\B345901\atikmdag.sys [55249512 2019-09-18] (Advanced Micro Devices, Inc. -> Advanced Micro Devices, Inc.)
R3 amdkmdap; C:\WINDOWS\System32\DriverStore\FileRepository\c0346830.inf_amd64_f723e13ffb3b2652\B345901\atikmpag.sys [595048 2019-09-18] (Advanced Micro Devices, Inc. -> Advanced Micro Devices, Inc.)
R0 amd_sata; C:\WINDOWS\System32\drivers\amd_sata.sys [80640 2013-07-22] (Advanced Micro Devices, Inc. -> Advanced Micro Devices)
R0 amd_xata; C:\WINDOWS\System32\drivers\amd_xata.sys [25344 2013-07-22] (Advanced Micro Devices, Inc. -> Advanced Micro Devices)
R0 aswArDisk; C:\WINDOWS\System32\drivers\aswArDisk.sys [37856 2020-04-15] (Avast Software s.r.o. -> AVAST Software)
R1 aswArPot; C:\WINDOWS\System32\drivers\aswArPot.sys [206120 2020-04-15] (Avast Software s.r.o. -> AVAST Software)
R1 aswbidsdriver; C:\WINDOWS\System32\drivers\aswbidsdriver.sys [234776 2020-04-15] (Avast Software s.r.o. -> AVAST Software)
R0 aswbidsh; C:\WINDOWS\System32\drivers\aswbidsh.sys [178968 2020-04-15] (Avast Software s.r.o. -> AVAST Software)
R0 aswbuniv; C:\WINDOWS\System32\drivers\aswbuniv.sys [60696 2020-04-15] (Avast Software s.r.o. -> AVAST Software)
R0 aswElam; C:\WINDOWS\System32\drivers\aswElam.sys [16304 2020-02-26] (Microsoft Windows Early Launch Anti-malware Publisher -> AVAST Software)
R1 aswKbd; C:\WINDOWS\System32\drivers\aswKbd.sys [42984 2020-04-15] (Avast Software s.r.o. -> AVAST Software)
R2 aswMonFlt; C:\WINDOWS\System32\drivers\aswMonFlt.sys [175920 2020-04-15] (Avast Software s.r.o. -> AVAST Software)
R1 aswNetHub; C:\WINDOWS\System32\drivers\aswNetHub.sys [500960 2020-04-20] (Avast Software s.r.o. -> AVAST Software)
R1 aswRdr; C:\WINDOWS\System32\drivers\aswRdr2.sys [109480 2020-04-15] (Avast Software s.r.o. -> AVAST Software)
R0 aswRvrt; C:\WINDOWS\System32\drivers\aswRvrt.sys [85056 2020-04-15] (Avast Software s.r.o. -> AVAST Software)
R1 aswSnx; C:\WINDOWS\System32\drivers\aswSnx.sys [851808 2020-04-15] (Avast Software s.r.o. -> AVAST Software)
R1 aswSP; C:\WINDOWS\System32\drivers\aswSP.sys [459408 2020-04-16] (Avast Software s.r.o. -> AVAST Software)
R2 aswStm; C:\WINDOWS\System32\drivers\aswStm.sys [235696 2020-04-15] (Avast Software s.r.o. -> AVAST Software)
R0 aswVmm; C:\WINDOWS\System32\drivers\aswVmm.sys [317280 2020-04-15] (Avast Software s.r.o. -> AVAST Software)
R3 AtiHDAudioService; C:\WINDOWS\system32\drivers\AtihdWT6.sys [102912 2015-05-28] (Microsoft Windows Hardware Compatibility Publisher -> Advanced Micro Devices)
S3 BthA2dp; C:\WINDOWS\System32\drivers\BthA2dp.sys [231936 2019-09-11] (Microsoft Corporation) [File not signed]
R1 ESProtectionDriver; C:\WINDOWS\system32\drivers\mbae64.sys [153312 2020-05-11] (Malwarebytes Corporation -> Malwarebytes)
S3 ew_usbccgpfilter; C:\WINDOWS\System32\drivers\ew_usbccgpfilter.sys [18944 2019-12-27] (Microsoft Windows Hardware Compatibility Publisher -> Huawei Technologies Co., Ltd.)
U5 hw_usbdev; C:\Windows\System32\Drivers\hw_usbdev.sys [116864 2019-12-27] (Microsoft Windows Hardware Compatibility Publisher -> Huawei Technologies Co., Ltd.)
R2 MBAMChameleon; C:\WINDOWS\System32\Drivers\MbamChameleon.sys [214496 2020-05-11] (Malwarebytes Inc -> Malwarebytes)
S0 MbamElam; C:\WINDOWS\System32\DRIVERS\MbamElam.sys [20936 2020-05-11] (Microsoft Windows Early Launch Anti-malware Publisher -> Malwarebytes)
R3 MBAMFarflt; C:\WINDOWS\System32\DRIVERS\farflt.sys [195432 2020-05-11] (Malwarebytes Inc -> Malwarebytes)
R3 MBAMProtection; C:\WINDOWS\system32\DRIVERS\mbam.sys [73368 2020-05-11] (Malwarebytes Inc -> Malwarebytes)
R3 MBAMSwissArmy; C:\WINDOWS\System32\Drivers\mbamswissarmy.sys [248968 2020-05-11] (Malwarebytes Inc -> Malwarebytes)
R3 MBAMWebProtection; C:\WINDOWS\system32\DRIVERS\mwac.sys [125088 2020-05-11] (Malwarebytes Inc -> Malwarebytes)
R1 RapportAegle64; C:\Program Files (x86)\Trusteer\Rapport\bin\x64\RapportAegle64.sys [429112 2019-10-06] (IBM -> IBM Corp.)
R1 RapportCerberus_1950099; c:\programdata\trusteer\rapport\store\exts\RapportCerberus\baseline\RapportCerberus64_1950099.sys [1466824 2019-12-03] (IBM -> IBM Corp.)
R1 RapportEI64; C:\Program Files (x86)\Trusteer\Rapport\bin\x64\RapportEI64.sys [542112 2019-10-06] (IBM -> IBM Corp.)
R0 RapportHades64; C:\WINDOWS\System32\Drivers\RapportHades64.sys [395384 2019-10-06] (IBM -> IBM Corp.)
R0 RapportKE64; C:\WINDOWS\System32\Drivers\RapportKE64.sys [445240 2019-10-06] (IBM -> IBM Corp.)
R1 RapportPG64; C:\Program Files (x86)\Trusteer\Rapport\bin\x64\RapportPG64.sys [560568 2019-10-06] (IBM -> IBM Corp.)
R3 rt640x64; C:\WINDOWS\System32\drivers\rt640x64.sys [711968 2019-06-04] (Realtek Semiconductor Corp. -> Realtek )
R3 RTSUER; C:\WINDOWS\system32\Drivers\RtsUer.sys [402960 2015-05-14] (Microsoft Windows Hardware Compatibility Publisher -> Realsil Semiconductor Corporation)
R3 RTWlanE01; C:\WINDOWS\System32\drivers\rtwlane01.sys [8169472 2019-03-19] (Microsoft Windows -> Realtek Semiconductor Corporation )
R3 usbfilter; C:\WINDOWS\system32\DRIVERS\usbfilter.sys [58536 2013-03-08] (Advanced Micro Devices, Inc. -> Advanced Micro Devices)
S3 WdBoot; C:\WINDOWS\system32\drivers\wd\WdBoot.sys [45664 2019-12-12] (Microsoft Windows Early Launch Anti-malware Publisher -> Microsoft Corporation)
S3 WdFilter; C:\WINDOWS\system32\drivers\wd\WdFilter.sys [355760 2019-12-12] (Microsoft Windows -> Microsoft Corporation)
S3 WdNisDrv; C:\WINDOWS\System32\drivers\wd\WdNisDrv.sys [54192 2019-12-12] (Microsoft Windows -> Microsoft Corporation)
S3 wsvd; C:\WINDOWS\system32\DRIVERS\wsvd.sys [102376 2012-06-14] (CyberLink -> "CyberLink)

==================== NetSvcs (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)


==================== One month (created) ===================

(If an entry is included in the fixlist, the file/folder will be moved.)

2020-05-11 16:10 - 2020-05-11 16:15 - 000048157 _____ C:\Users\Pauline\Downloads\FRST.txt
2020-05-11 16:09 - 2020-05-11 16:13 - 000000000 ____D C:\FRST
2020-05-11 16:09 - 2020-05-11 16:10 - 000899584 _____ C:\Users\Pauline\Downloads\RGSA.exe
2020-05-11 16:06 - 2020-05-11 16:06 - 000009791 _____ C:\Users\Pauline\Desktop\MBAM 11 May.txt
2020-05-11 15:43 - 2020-05-11 15:44 - 002285568 _____ (Farbar) C:\Users\Pauline\Downloads\FRST64.exe
2020-05-11 15:38 - 2020-05-11 16:12 - 000000000 ____D C:\Users\Pauline\AppData\LocalLow\IGDump
2020-05-11 15:38 - 2020-05-11 15:38 - 000073368 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\mbam.sys
2020-05-11 15:37 - 2020-05-11 15:37 - 000195432 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\farflt.sys
2020-05-11 15:37 - 2020-05-11 15:37 - 000125088 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\mwac.sys
2020-05-11 15:36 - 2020-05-11 15:36 - 000248968 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\mbamswissarmy.sys
2020-05-11 15:36 - 2020-05-11 15:36 - 000214496 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\MbamChameleon.sys
2020-05-11 15:36 - 2020-05-11 15:36 - 000002044 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes.lnk
2020-05-11 15:36 - 2020-05-11 15:36 - 000002032 _____ C:\Users\Public\Desktop\Malwarebytes.lnk
2020-05-11 15:36 - 2020-05-11 15:36 - 000002032 _____ C:\ProgramData\Desktop\Malwarebytes.lnk
2020-05-11 15:36 - 2020-05-11 15:36 - 000000000 ____D C:\Users\Pauline\AppData\Local\mbamtray
2020-05-11 15:36 - 2020-05-11 15:36 - 000000000 ____D C:\Users\Pauline\AppData\Local\mbam
2020-05-11 15:35 - 2020-05-11 15:35 - 000153312 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\mbae64.sys
2020-05-11 15:35 - 2020-05-11 15:35 - 000020936 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\MbamElam.sys
2020-05-11 15:35 - 2020-05-11 15:35 - 000000000 ____D C:\ProgramData\Malwarebytes
2020-05-11 15:33 - 2020-05-11 15:33 - 001980016 _____ (Malwarebytes) C:\Users\Pauline\Downloads\MBSetup.exe
2020-05-11 15:33 - 2020-05-11 15:33 - 000000000 ____D C:\Program Files\Malwarebytes
2020-05-11 01:28 - 2020-05-11 01:28 - 007754184 _____ C:\Users\Pauline\Downloads\pBXR3E2 - Imgur.mp4
2020-05-11 01:28 - 2020-05-11 01:28 - 001641247 _____ C:\Users\Pauline\Downloads\d0Cyc5J - Imgur.mp4
2020-05-09 21:41 - 2020-05-09 21:41 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\iTunes
2020-05-09 21:41 - 2020-05-09 21:41 - 000000000 ____D C:\Program Files\iPod
2020-05-09 21:39 - 2020-05-09 21:41 - 000000000 ____D C:\Program Files\iTunes
2020-05-09 21:22 - 2020-05-09 21:22 - 000000000 ____D C:\WINDOWS\system32\Tasks\Apple
2020-05-09 21:22 - 2020-05-09 21:22 - 000000000 ____D C:\Program Files (x86)\Apple Software Update
2020-05-09 14:45 - 2020-05-09 14:45 - 000000000 ____D C:\WINDOWS\system32\Tasks\Mozilla
2020-05-09 14:12 - 2020-05-09 14:12 - 005524684 _____ C:\Users\Pauline\Downloads\VIDEO-2020-05-01-17-41-42 (2).mov
2020-05-09 14:11 - 2020-05-09 14:11 - 005524684 _____ C:\Users\Pauline\Downloads\VIDEO-2020-05-01-17-41-42.mov
2020-05-09 14:11 - 2020-05-09 14:11 - 005524684 _____ C:\Users\Pauline\Downloads\VIDEO-2020-05-01-17-41-42 (1).mov
2020-05-08 22:30 - 2020-05-09 21:57 - 000000000 ____D C:\Program Files (x86)\Mozilla Firefox
2020-05-03 11:26 - 2020-05-03 11:26 - 000000000 ___HD C:\OneDriveTemp
2020-04-30 10:11 - 2020-04-30 10:11 - 000000000 ____D C:\Users\Pauline\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Dropbox
2020-04-27 16:11 - 2020-04-27 16:11 - 005512256 _____ C:\Users\Pauline\Downloads\VID-20200424-WA0009 (3).mp4
2020-04-27 15:48 - 2020-04-27 15:48 - 005512256 _____ C:\Users\Pauline\Downloads\VID-20200424-WA0009 (2).mp4
2020-04-27 15:30 - 2020-04-27 15:30 - 005512256 _____ C:\Users\Pauline\Downloads\VID-20200424-WA0009.mp4
2020-04-27 15:30 - 2020

#2 Android 8888

Android 8888

    SWI Malware Tracker

  • Trusted Advisor*
  • PipPipPipPipPip
  • 1,202 posts

Posted 11 May 2020 - 12:37 PM

Hello Tyrellcorp.
Welcome to SpywareInfo Forum.
I'm Android 8888 and I'll be helping you with your computer issues. Please ask questions if anything is unclear.

I will suggest you click the 'Follow this topic' button so you can receive a notification each time I post a new response for you. It's located at the right top corner of this topic's page.

You posted the contents of FRST.txt log. I will also need to check the entire content of the Addition.txt log. The log is located within the same folder as FRST which in your case is at C:\Users\Pauline\Downloads

Thank you.

Android8888


Android 8888
 
Website: http://android8888.comlu.com
 
Tavira - Here's where I live!
 
Please read the Instructions for posting requested logs and the article "So how did I get infected in the first place?"
 
Our help is free, but if you wish to help keep these forums running please consider a donation; Please see This Topic for details.

#3 Tyrellcorp

Tyrellcorp

    Member

  • Full Member
  • Pip
  • 13 posts

Posted 11 May 2020 - 02:46 PM

Hi Android,

 

Thanks so much for your reply :) Have followed as suggested, good idea!

 

Additional scan result of Farbar Recovery Scan Tool (x64) Version: 11-05-2020
Ran by Pauline (11-05-2020 16:18:58)
Running from C:\Users\Pauline\Downloads
Windows 10 Home Version 1903 18362.778 (X64) (2019-08-22 16:45:40)
Boot Mode: Normal
==========================================================


==================== Accounts: =============================

Administrator (S-1-5-21-3106986344-3918020473-2541437126-500 - Administrator - Disabled)
DefaultAccount (S-1-5-21-3106986344-3918020473-2541437126-503 - Limited - Disabled)
Guest (S-1-5-21-3106986344-3918020473-2541437126-501 - Limited - Disabled)
HomeGroupUser$ (S-1-5-21-3106986344-3918020473-2541437126-1004 - Limited - Enabled)
Pauline (S-1-5-21-3106986344-3918020473-2541437126-1002 - Administrator - Enabled) => C:\Users\Pauline
WDAGUtilityAccount (S-1-5-21-3106986344-3918020473-2541437126-504 - Limited - Disabled)

==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AV: Avast Antivirus (Enabled - Up to date) {8EA8924E-BC81-DC44-8BB0-8BAE75D86EBF}
AV: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AV: Avast Antivirus (Enabled - Up to date) {EB19B86E-3998-C706-90EF-92B41EB091AF}
AV: Malwarebytes (Enabled - Up to date) {23007AD3-69FE-687C-2629-D584AFFAF72B}
AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: Avast Antivirus (Enabled - Up to date) {35C973AA-9ABB-D3CA-B100-B0DC0E5F2402}

==================== Installed Programs ======================

(Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

µTorrent (HKU\S-1-5-21-3106986344-3918020473-2541437126-1002\...\uTorrent) (Version: 3.5.5.45231 - BitTorrent Inc.)
Adobe AIR (HKLM-x32\...\Adobe AIR) (Version: 26.0.0.127 - Adobe Systems Incorporated)
Adobe Flash Player 32 NPAPI (HKLM-x32\...\Adobe Flash Player NPAPI) (Version: 32.0.0.363 - Adobe)
Adobe Reader XI (11.0.23) (HKLM-x32\...\{AC76BA86-7AD7-1033-7B44-AB0000000001}) (Version: 11.0.23 - Adobe Systems Incorporated)
AMD Catalyst Install Manager (HKLM\...\{4D2B0FCD-A725-6DB5-060F-9A2E7151F977}) (Version: 8.0.915.0 - Advanced Micro Devices, Inc.)
AMD Radeon Settings (HKLM\...\WUCCCApp) (Version: 2019.0816.1152.21357 - Advanced Micro Devices, Inc.)
Apple Application Support (32-bit) (HKLM-x32\...\{6CF0CAEE-54B6-4D84-A055-3AF110F189D3}) (Version: 8.4 - Apple Inc.)
Apple Application Support (64-bit) (HKLM\...\{8B127943-89E7-4691-A7A4-D05807920A84}) (Version: 8.4 - Apple Inc.)
Apple Mobile Device Support (HKLM\...\{0A394C41-FBA7-4930-85FC-3A973B34E6C6}) (Version: 13.5.0.26 - Apple Inc.)
Apple Software Update (HKLM-x32\...\{A3985C05-7386-411F-A4BF-32A73F37EB44}) (Version: 2.6.3.1 - Apple Inc.)
Avast Free Antivirus (HKLM-x32\...\Avast Antivirus) (Version: 20.2.2401 - Avast Software)
Avast Secure Browser (HKLM-x32\...\Avast Secure Browser) (Version: 81.0.3970.92 - AVAST Software)
BBC iPlayer Downloads (HKLM-x32\...\{148784F3-3B6E-4DFA-B7A1-3400B277DAF3}) (Version: 1.14.2 - BBC)
Bonjour (HKLM\...\{56DDDFB8-7F79-4480-89D5-25E1F52AB28F}) (Version: 3.1.0.1 - Apple Inc.)
Catalyst Control Center Next Localization BR (HKLM\...\{118C2119-84B6-E32C-63E2-B56DBCF41CE5}) (Version: 2016.0624.1251.21301 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization BR (HKLM\...\{3E245378-BF77-6946-C6F6-096DBE5EAB82}) (Version: 2016.1121.1657.30480 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization BR (HKLM\...\{51F85784-6799-5CA3-97B2-2E5904FC3E58}) (Version: 2016.0916.1515.27418 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization BR (HKLM\...\{55A4D3AB-C8DF-26B2-89A8-7E16E1E40700}) (Version: 2015.1129.2307.41591 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization BR (HKLM\...\{A16E186C-58C4-3BDC-5CCE-714EFEF5F27F}) (Version: 2017.0922.1659.28737 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization BR (HKLM\...\{E7AA1A02-575C-14C6-FBEF-4BE6D46A5B74}) (Version: 2017.0424.2119.36535 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization CHS (HKLM\...\{365AEAB2-4CF3-7CBB-0DAC-E9E14B688E65}) (Version: 2015.1129.2307.41591 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization CHS (HKLM\...\{45907537-804A-514F-5280-5F4F12A6DCBC}) (Version: 2016.1121.1657.30480 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization CHS (HKLM\...\{5A083A57-10D6-D4E5-292C-F274870E73A4}) (Version: 2016.0624.1251.21301 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization CHS (HKLM\...\{8E6F5592-ED7E-9C50-74AC-BF417B1FE291}) (Version: 2016.0916.1515.27418 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization CHS (HKLM\...\{E42911E5-48F8-8557-ED20-D72AD1907D25}) (Version: 2017.0922.1659.28737 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization CHS (HKLM\...\{EB6C44F1-0F78-FE10-BC63-90BA50AB0CE9}) (Version: 2017.0424.2119.36535 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization CHT (HKLM\...\{7ABC6D83-816E-6D48-E65D-B0CEDD294E4E}) (Version: 2015.1129.2307.41591 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization CHT (HKLM\...\{962364E4-08BB-347D-32E7-2B789F37BF8A}) (Version: 2016.1121.1657.30480 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization CHT (HKLM\...\{AD28960A-6190-C991-C964-308B86EAA2E2}) (Version: 2016.0916.1515.27418 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization CHT (HKLM\...\{B26D75B8-FAB7-6F8B-767F-BAF975383D91}) (Version: 2017.0424.2119.36535 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization CHT (HKLM\...\{B4C30EF4-B2C5-1395-B534-7B63BCB6E8E4}) (Version: 2017.0922.1659.28737 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization CHT (HKLM\...\{DF0D7C1C-72B6-9FFB-DF66-B3720237BB80}) (Version: 2016.0624.1251.21301 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization CS (HKLM\...\{238F6F6F-2544-86CF-3AB6-2CDADAB58CF0}) (Version: 2016.0624.1251.21301 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization CS (HKLM\...\{36EDC500-E4C0-371C-9865-08450415C1E9}) (Version: 2017.0424.2119.36535 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization CS (HKLM\...\{62098A5F-E03B-31A3-5F9C-51A7F7D25744}) (Version: 2017.0922.1659.28737 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization CS (HKLM\...\{84C3F2C5-F7B2-2F08-CDF4-79EF7CC55D74}) (Version: 2016.0916.1515.27418 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization CS (HKLM\...\{A0407E39-2AA4-60B3-885F-3C5347B6909E}) (Version: 2016.1121.1657.30480 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization CS (HKLM\...\{C3EE628C-7394-FE2C-0C90-C05284EB528D}) (Version: 2015.1129.2307.41591 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization DA (HKLM\...\{0989D0EA-AFF3-5F9A-3D25-20EE133E409B}) (Version: 2016.1121.1657.30480 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization DA (HKLM\...\{0E8A3B17-D603-B1B6-C205-1685EBDD23E9}) (Version: 2016.0916.1515.27418 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization DA (HKLM\...\{1757AD9B-0E3C-05F9-FE43-4343BED7DA85}) (Version: 2017.0922.1659.28737 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization DA (HKLM\...\{2F544F46-5F6E-97BB-3550-A0242A3C5754}) (Version: 2015.1129.2307.41591 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization DA (HKLM\...\{4C2FB7FD-89FD-BA5C-585A-3811F326AD34}) (Version: 2017.0424.2119.36535 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization DA (HKLM\...\{EC688BD0-240D-AE40-55F3-234E54919AE6}) (Version: 2016.0624.1251.21301 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization DE (HKLM\...\{1E7D3072-1D28-E33A-99DF-85D9F7ECD06E}) (Version: 2016.0916.1515.27418 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization DE (HKLM\...\{66B06F29-EE4F-9130-D96A-754826093FEA}) (Version: 2017.0922.1659.28737 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization DE (HKLM\...\{A8689A0F-5928-7300-B82B-C5E85131B7BA}) (Version: 2016.1121.1657.30480 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization DE (HKLM\...\{D74218A3-C503-57EF-AC9F-2220082E7ADE}) (Version: 2017.0424.2119.36535 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization DE (HKLM\...\{E27224E3-7913-DA1E-5B08-9BEEC8FEE3D1}) (Version: 2016.0624.1251.21301 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization DE (HKLM\...\{FC4086D6-E345-5F43-08BB-280FB57DAF49}) (Version: 2015.1129.2307.41591 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization EL (HKLM\...\{76AAF56B-93D8-161D-809A-EC05F3B913DA}) (Version: 2016.1121.1657.30480 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization EL (HKLM\...\{821D0A0E-F246-BE40-0D68-93883C14C410}) (Version: 2017.0922.1659.28737 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization EL (HKLM\...\{95A52FC1-C728-841D-1BFC-CC793B77B0A4}) (Version: 2016.0624.1251.21301 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization EL (HKLM\...\{BA26B70C-3D8C-2D14-4122-211FB3E6F691}) (Version: 2016.0916.1515.27418 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization EL (HKLM\...\{DA433FCF-90A1-19A5-65A7-FDF82DE4826D}) (Version: 2017.0424.2119.36535 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization EL (HKLM\...\{F8EBE530-A4D5-BF51-F623-3787E6B8A878}) (Version: 2015.1129.2307.41591 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization ES (HKLM\...\{063CED74-F5F0-870E-DC9C-2D78FDEDA3EE}) (Version: 2016.1121.1657.30480 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization ES (HKLM\...\{42FBD43F-DE53-6D4D-5134-E3C93B45CBEF}) (Version: 2015.1129.2307.41591 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization ES (HKLM\...\{5FEACE78-C338-9AED-FF05-7DE7E273C774}) (Version: 2016.0916.1515.27418 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization ES (HKLM\...\{88BD74C4-23AB-4554-915C-6E1F0C81F6CD}) (Version: 2017.0922.1659.28737 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization ES (HKLM\...\{949F125B-A6CC-5A5E-EEE7-4AC50305C1FA}) (Version: 2017.0424.2119.36535 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization ES (HKLM\...\{A22CDEBA-6DB5-12CD-F6CE-6238C2D78363}) (Version: 2016.0624.1251.21301 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization FI (HKLM\...\{13BB60AA-88F7-4B1F-2DEC-D81EEDE8B3AA}) (Version: 2016.1121.1657.30480 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization FI (HKLM\...\{20D46801-147B-30AD-7C5A-AC4560A79096}) (Version: 2017.0424.2119.36535 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization FI (HKLM\...\{A3795528-F572-6314-C4E3-EE9DAF0FBF02}) (Version: 2016.0916.1515.27418 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization FI (HKLM\...\{A48E2AB0-0866-7783-9657-E1709EB18D02}) (Version: 2017.0922.1659.28737 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization FI (HKLM\...\{AC85CF50-9A55-0103-ADBF-365C37603AA4}) (Version: 2015.1129.2307.41591 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization FI (HKLM\...\{C0BFC67D-E447-02C8-6046-C078DFE9EC97}) (Version: 2016.0624.1251.21301 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization FR (HKLM\...\{22C39711-2747-D264-319A-1550BEEAAEC6}) (Version: 2017.0424.2119.36535 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization FR (HKLM\...\{37AA6227-FF2C-95AC-87C0-45DCC0BB87DA}) (Version: 2016.1121.1657.30480 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization FR (HKLM\...\{4853A56D-7931-A08B-5BA7-8E2D61043DF9}) (Version: 2016.0916.1515.27418 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization FR (HKLM\...\{94C72EBE-2908-F0AC-62DA-D61951830F8F}) (Version: 2016.0624.1251.21301 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization FR (HKLM\...\{B349892D-B015-033C-4CA8-3635E6B655D7}) (Version: 2015.1129.2307.41591 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization FR (HKLM\...\{E61CEF9A-BAC3-EAEE-F735-E257D2354DF2}) (Version: 2017.0922.1659.28737 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization HU (HKLM\...\{1DBACFDB-5E43-7882-36BD-53526D34BD22}) (Version: 2017.0424.2119.36535 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization HU (HKLM\...\{5B987681-3652-492B-6A11-E02AC0FE5959}) (Version: 2016.0624.1251.21301 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization HU (HKLM\...\{B28CF677-E2C8-12CA-52BB-19B6F066D36A}) (Version: 2016.0916.1515.27418 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization HU (HKLM\...\{BE8D6AB1-3049-2F0C-67FA-00C0A5D321A3}) (Version: 2015.1129.2307.41591 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization HU (HKLM\...\{DA0326BB-657D-AAFC-752C-363E8FA33755}) (Version: 2017.0922.1659.28737 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization HU (HKLM\...\{EB328356-1DF0-1CCE-3607-6361DD329219}) (Version: 2016.1121.1657.30480 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization IT (HKLM\...\{26567561-DFB2-2B63-9BA8-6A490ED37016}) (Version: 2015.1129.2307.41591 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization IT (HKLM\...\{43F6D22B-E0E9-EE90-9B62-1C5FC5D15A55}) (Version: 2016.0916.1515.27418 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization IT (HKLM\...\{86BFE5B4-1FCE-3C02-6373-92B1AE6431E8}) (Version: 2016.0624.1251.21301 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization IT (HKLM\...\{87E6EC29-AEC5-28CB-F773-93EB6C1B8A2B}) (Version: 2016.1121.1657.30480 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization IT (HKLM\...\{A91FC4BF-C1EC-ADCA-79D1-F4F0671F1D60}) (Version: 2017.0424.2119.36535 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization IT (HKLM\...\{B873A1FB-5EA0-EE5F-A861-1E38880AD08E}) (Version: 2017.0922.1659.28737 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization JA (HKLM\...\{0742432E-42D9-2240-4CA1-8595CCCBAA77}) (Version: 2016.0624.1251.21301 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization JA (HKLM\...\{0809FEC1-EF86-51E9-8210-DC1B1BDB6745}) (Version: 2015.1129.2307.41591 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization JA (HKLM\...\{CA55697D-BD74-3ED8-6B21-D7EDAD3B7D02}) (Version: 2016.1121.1657.30480 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization JA (HKLM\...\{D4490E0F-8E7B-1097-B56A-7643C75F1C28}) (Version: 2016.0916.1515.27418 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization JA (HKLM\...\{EC9DF9FF-9D75-4CDD-1D58-A2E887B0A42E}) (Version: 2017.0922.1659.28737 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization JA (HKLM\...\{ED75A775-03A7-F214-868D-497748707968}) (Version: 2017.0424.2119.36535 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization KO (HKLM\...\{07BFBD5C-2F63-6828-1B61-B41A44113F3B}) (Version: 2017.0424.2119.36535 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization KO (HKLM\...\{5FD706FF-6AD8-E372-A35A-879409982655}) (Version: 2015.1129.2307.41591 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization KO (HKLM\...\{7ABACA7E-6E59-0EF9-8FA3-6B32E5F58127}) (Version: 2017.0922.1659.28737 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization KO (HKLM\...\{CFC860C8-4F51-E08C-A74C-2E444ED06160}) (Version: 2016.1121.1657.30480 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization KO (HKLM\...\{DAB44116-0266-C65B-B643-AC11217C3041}) (Version: 2016.0916.1515.27418 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization KO (HKLM\...\{EAEAA839-44F4-22DF-D1CC-88C3B2A3D4B1}) (Version: 2016.0624.1251.21301 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization NL (HKLM\...\{3AF70346-52C7-0334-606F-118D1C1CB7A2}) (Version: 2016.0916.1515.27418 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization NL (HKLM\...\{3E196AAF-F81C-B384-E2AB-28EE2398FE5F}) (Version: 2017.0922.1659.28737 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization NL (HKLM\...\{9338D693-38B7-1ED4-9B42-BFA1D5600CCB}) (Version: 2016.1121.1657.30480 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization NL (HKLM\...\{A3973655-E448-4A1B-477C-988A79D132D9}) (Version: 2016.0624.1251.21301 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization NL (HKLM\...\{A4E7CA0C-84EB-5E29-2F04-06C4E4790C2F}) (Version: 2015.1129.2307.41591 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization NL (HKLM\...\{E6038D3E-5D87-8DF7-6D05-BE7532C3E73E}) (Version: 2017.0424.2119.36535 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization NO (HKLM\...\{53AE8AC7-5213-67AF-0DC0-CED696B77643}) (Version: 2016.0916.1515.27418 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization NO (HKLM\...\{59D2664C-949B-7FA7-9880-ECB993B6616A}) (Version: 2015.1129.2307.41591 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization NO (HKLM\...\{6DC92550-D065-4B36-C4D3-D8D7A702A7A7}) (Version: 2016.0624.1251.21301 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization NO (HKLM\...\{C971C145-258D-6650-7088-13DDB161327A}) (Version: 2016.1121.1657.30480 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization NO (HKLM\...\{DAEFFE0C-CD05-1355-6AFC-7B3D4106A820}) (Version: 2017.0922.1659.28737 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization NO (HKLM\...\{DFAD9DAC-4768-C8BB-4E0E-5239605A9BEA}) (Version: 2017.0424.2119.36535 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization PL (HKLM\...\{970A40CA-46AB-986C-1798-976ED0EA00FA}) (Version: 2015.1129.2307.41591 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization PL (HKLM\...\{B2A83706-3F14-1532-20CD-B4EE715A8945}) (Version: 2016.0624.1251.21301 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization PL (HKLM\...\{DC9DFCBF-87DA-892C-6151-99CC9EF46E3E}) (Version: 2016.0916.1515.27418 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization PL (HKLM\...\{E392A425-53A7-DF90-96A0-E287A75DD3B2}) (Version: 2017.0922.1659.28737 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization PL (HKLM\...\{EBA09DAF-14B4-7BE7-676E-6E2FB21EDBDD}) (Version: 2016.1121.1657.30480 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization PL (HKLM\...\{FFBFBD1F-B160-A119-7C43-8584FA2E5665}) (Version: 2017.0424.2119.36535 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization RU (HKLM\...\{44ED2CDA-4197-E9E9-B328-26E1FB749116}) (Version: 2016.0624.1251.21301 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization RU (HKLM\...\{4707CBFC-8ED4-463E-0FF9-DE86F4A743E9}) (Version: 2015.1129.2307.41591 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization RU (HKLM\...\{4D1D5407-9B69-6422-629C-8518A26004A4}) (Version: 2017.0424.2119.36535 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization RU (HKLM\...\{9AA4DD93-94BF-22EA-C9D2-7084F304A31B}) (Version: 2016.1121.1657.30480 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization RU (HKLM\...\{C1EFF2A2-DF4A-F6D1-B99C-1ED194AE9E78}) (Version: 2016.0916.1515.27418 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization RU (HKLM\...\{D6F47BB4-700A-F612-0671-5F69EA311BB7}) (Version: 2017.0922.1659.28737 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization SV (HKLM\...\{01FD9A26-3F61-9236-B360-BE5D043D82C0}) (Version: 2017.0922.1659.28737 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization SV (HKLM\...\{3450566C-4561-0EE8-B1AB-D5C79CCE8D2C}) (Version: 2016.0624.1251.21301 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization SV (HKLM\...\{379D900B-A785-6DB0-012E-434356A365B3}) (Version: 2016.1121.1657.30480 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization SV (HKLM\...\{46EB68BE-8AAC-8C2B-7284-8DEDE6B5CD2A}) (Version: 2016.0916.1515.27418 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization SV (HKLM\...\{A8379BAB-59A9-C0A3-8BCC-4852EA403692}) (Version: 2017.0424.2119.36535 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization SV (HKLM\...\{C14A3A5B-8A86-C239-37D7-158211778C54}) (Version: 2015.1129.2307.41591 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization TH (HKLM\...\{24DF617A-CD23-6E6A-126B-23630D2781CE}) (Version: 2017.0424.2119.36535 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization TH (HKLM\...\{366C4FB5-CF6E-258B-418D-E6D29549A278}) (Version: 2016.1121.1657.30480 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization TH (HKLM\...\{64D4CCC3-63DF-252D-D29D-03491670225D}) (Version: 2017.0922.1659.28737 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization TH (HKLM\...\{7A6E431B-CF43-EC3E-FD7E-0A0AAB1B25FC}) (Version: 2016.0916.1515.27418 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization TH (HKLM\...\{A50C89BC-8D8E-8828-824A-7171F6D583D5}) (Version: 2015.1129.2307.41591 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization TH (HKLM\...\{FCE8438C-3272-D63F-479F-670F082B294B}) (Version: 2016.0624.1251.21301 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization TR (HKLM\...\{0B5633F0-C415-2F08-671E-4C9E2FAACD45}) (Version: 2015.1129.2307.41591 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization TR (HKLM\...\{25D1751E-7CA2-5F6D-0125-0A16E47AF9FE}) (Version: 2016.0624.1251.21301 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization TR (HKLM\...\{83DDDFD8-AD42-72F9-E4F1-5456FDB304C9}) (Version: 2017.0424.2119.36535 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization TR (HKLM\...\{89A1F076-19B8-A2B1-D5A3-E8247EFAF157}) (Version: 2016.0916.1515.27418 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization TR (HKLM\...\{8DF90937-B869-9F76-5D45-5A8BDA0A33B6}) (Version: 2017.0922.1659.28737 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization TR (HKLM\...\{B10089DE-934F-6E0F-683A-B788F89348DF}) (Version: 2016.1121.1657.30480 - Advanced Micro Devices, Inc.) Hidden
Cisco EAP-FAST Module (HKLM-x32\...\{64BF0187-F3D2-498B-99EA-163AF9AE6EC9}) (Version: 2.2.14 - Cisco Systems, Inc.)
Cisco LEAP Module (HKLM-x32\...\{AF312B06-5C5C-468E-89B3-BE6DE2645722}) (Version: 1.0.19 - Cisco Systems, Inc.)
Cisco PEAP Module (HKLM-x32\...\{0A4EF0E6-A912-4CDE-A7F3-6E56E7C13A2F}) (Version: 1.1.6 - Cisco Systems, Inc.)
CyberLink PhotoDirector 3 (HKLM-x32\...\InstallShield_{39337565-330E-4ab6-A9AE-AC81E0720B10}) (Version: 3.0.1.4107 - CyberLink Corp.)
CyberLink PowerDirector 10 (HKLM\...\{B0B4F6D2-F2AE-451A-9496-6F2F6A897B32}) (Version: 10.0.0.2810 - CyberLink Corp.) Hidden
CyberLink PowerDirector 10 (HKLM-x32\...\InstallShield_{B0B4F6D2-F2AE-451A-9496-6F2F6A897B32}) (Version: 10.0.0.2810 - CyberLink Corp.)
Dependency Package Update (HKLM-x32\...\{3117B53D-A409-4D99-A0DE-11A1A40696FA}) (Version: 1.6.32.00 - Lenovo Group Limited) Hidden
Dependency Package Update (HKLM-x32\...\{4430150F-61B3-4142-BE04-EAC68C8DDA18}) (Version: 1.6.32.00 - Lenovo Group Limited) Hidden
Dependency Package Update (HKLM-x32\...\{4AF6C9BC-D8DB-4286-94D9-474CE54ADAA2}) (Version: 1.6.32.00 - Lenovo Group Limited) Hidden
Dependency Package Update (HKLM-x32\...\{503B47A9-E34A-4841-ADD7-417191D5DB5E}) (Version: 1.6.32.00 - Lenovo Group Limited) Hidden
Dependency Package Update (HKLM-x32\...\{546FF45D-2467-4950-AAFB-0A06ACBB6B2C}) (Version: 1.6.32.00 - Lenovo Group Limited) Hidden
Dependency Package Update (HKLM-x32\...\{5B2190E9-199D-450A-94B3-4D6826C770C2}) (Version: 1.6.32.00 - Lenovo Group Limited) Hidden
Dependency Package Update (HKLM-x32\...\{5BEFE1E1-F597-4B79-913B-15FFDB25B744}) (Version: 1.6.32.00 - Lenovo Group Limited) Hidden
Dependency Package Update (HKLM-x32\...\{63DE35C9-B080-4D03-B110-99E14FD35BCE}) (Version: 1.6.32.00 - Lenovo Group Limited) Hidden
Dependency Package Update (HKLM-x32\...\{65316098-0220-4D5C-B37A-6136083A0897}) (Version: 1.6.32.00 - Lenovo Group Limited) Hidden
Dependency Package Update (HKLM-x32\...\{E966DBE4-5075-465E-BA81-BC9A3A3204B3}) (Version: 1.6.32.00 - Lenovo Group Limited) Hidden
Dr SpeedTouch (HKLM-x32\...\{CE6D39E2-D4CB-4C49-ABD9-8724B095D1EF}) (Version:  - )
Driver & Application Installation (HKLM-x32\...\{BFECCF2A-F094-4066-8BFA-29CCBB7F6602}) (Version: 6.13.0621 - Lenovo)
Dropbox (HKU\S-1-5-21-3106986344-3918020473-2541437126-1002\...\Dropbox) (Version: 96.4.172 - Dropbox, Inc.)
E-Prime 1.2 (1.2.1.849) (HKLM-x32\...\{D74D1E6E-AAA4-4A28-AA54-CF84B4F3F72F}) (Version: E-Prime 1.2 (1.2.1.849) - Psychology Software Tools)
EPSON Manuals (HKLM-x32\...\{84CECC1B-21EF-41B1-9A91-3E724E5D99D3}) (Version: 1.56.1.0 - Seiko Epson Corporation)
Epson Scan 2 (HKLM-x32\...\Epson Scan 2) (Version:  - Seiko Epson Corporation)
EPSON Scan OCR Component (HKLM-x32\...\{563B99D8-8895-4E3E-AE8D-15BE8C05F1C1}) (Version: 3.00.04 - SEIKO EPSON Corp.)
Epson Software Updater (HKLM-x32\...\{FD036A57-F81D-4865-AAF0-811558EA76AE}) (Version: 4.5.1 - Seiko Epson Corporation)
EPSON XP-442 445 Series Printer Uninstall (HKLM\...\EPSON XP-442 445 Series) (Version:  - Seiko Epson Corporation)
EpsonNet Print (HKLM\...\{96ED1D58-440C-4345-8FEE-C4781366C67F}) (Version: 3.1.4.0 - SEIKO EPSON Corporation)
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 81.0.4044.138 - Google LLC)
Google Update Helper (HKLM-x32\...\{60EC980A-BDA2-4CB6-A427-B07A5498B4CA}) (Version: 1.3.35.451 - Google LLC) Hidden
Google Update Helper (HKLM-x32\...\{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}) (Version: 1.3.25.11 - Google Inc.) Hidden
HiSuite (HKLM-x32\...\Hi Suite) (Version: 10.0.1.100 - )
HP Dropbox Plugin (HKLM-x32\...\{D12BC084-97D6-438A-AA7C-5962608D17A0}) (Version: 36.0.41.58587 - HP)
HP ENVY 5540 series Basic Device Software (HKLM\...\{7F9C00D2-32F6-4844-AC17-290D5F06F186}) (Version: 40.11.1119.1786 - HP Inc.)
HP ENVY 5540 series Help (HKLM-x32\...\{3B1BE080-D477-4B94-AAE4-8B0BEC5D0CE3}) (Version: 35.0.0 - Hewlett Packard)
HP Google Drive Plugin (HKLM-x32\...\{BFA42100-DB54-467A-BB87-CF70732B4065}) (Version: 36.0.41.58587 - HP)
HP Support Assistant (HKLM-x32\...\{05F81C27-62A5-4A0C-8519-60CB66CF87C6}) (Version: 8.8.24.33 - HP Inc.)
HP Support Solutions Framework (HKLM-x32\...\{183BD477-774B-4700-B40B-EE43886E74D2}) (Version: 12.15.14.3 - HP Inc.)
HP Touchpoint Analytics Client (HKLM\...\{E5FB98E0-0784-44F0-8CEC-95CD4690C43F}) (Version: 4.0.2.1439 - HP Inc.)
IBM SPSS Statistics 20 (HKLM-x32\...\{2AF8017B-E503-408F-AACE-8A335452CAD2}) (Version: 20.0.0.0 - IBM Corp)
iTunes (HKLM\...\{429A2000-B4CC-4EE5-8820-CE2F89B98FEE}) (Version: 12.10.6.2 - Apple Inc.)
Java 7 Update 71 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F03217071FF}) (Version: 7.0.710 - Oracle)
Lenovo App Shop (HKLM-x32\...\Lenovo App Shop 45246) (Version: 3.10.0.45246.24 - Lenovo)
Lenovo Assistant (HKLM-x32\...\{B2DE4F30-B8C7-49C0-85B9-2F37A5290F00}) (Version: 2.0.0.29 - Lenovo)
Lenovo Blacksilk USB Keyboard Driver (HKLM-x32\...\{B266E062-D6C5-485B-B426-51B152B041A6}) (Version: V1.6.13.0724 - Lenovo)
Lenovo Power2Go (HKLM-x32\...\{40BF1E83-20EB-11D8-97C5-0009C5020658}) (Version: 6.0.7408 - CyberLink Corp.) Hidden
Lenovo Power2Go (HKLM-x32\...\InstallShield_{40BF1E83-20EB-11D8-97C5-0009C5020658}) (Version: 6.0.7408 - CyberLink Corp.)
Lenovo PowerDVD10 (HKLM-x32\...\{DEC235ED-58A4-4517-A278-C41E8DAEAB3B}) (Version: 10.0.5108.52 - CyberLink Corp.) Hidden
Lenovo PowerDVD10 (HKLM-x32\...\InstallShield_{DEC235ED-58A4-4517-A278-C41E8DAEAB3B}) (Version: 10.0.5108.52 - CyberLink Corp.)
Lenovo Rescue System (HKLM\...\{46F4D124-20E5-4D12-BE52-EC177A7A4B42}) (Version: 4.0.0.1901 - CyberLink Corp.) Hidden
Lenovo Rescue System (HKLM-x32\...\InstallShield_{46F4D124-20E5-4D12-BE52-EC177A7A4B42}) (Version: 4.0.0.1901 - CyberLink Corp.)
Lenovo Solution Center (HKLM\...\{AFDE512F-7BCD-46B6-91C0-230812139EEF}) (Version: 3.4.002.006 - Lenovo)
LVT (HKLM-x32\...\{9E3469A6-443A-452C-BF44-8D7CE3A9A7E2}) (Version: 5.00.0914 - Lenovo)
Malwarebytes version 4.1.0.56 (HKLM\...\{35065F43-4BB2-439A-BFF7-0F1014F2E0CD}_is1) (Version: 4.1.0.56 - Malwarebytes)
Maxthon Cloud Browser (HKLM-x32\...\Maxthon3) (Version: 4.1.2.4000 - Maxthon International Limited)
Microsoft Office Home and Student 2013 - en-us (HKLM\...\HomeStudentRetail - en-us) (Version: 15.0.5215.1000 - Microsoft Corporation)
Microsoft OneDrive (HKU\S-1-5-21-3106986344-3918020473-2541437126-1002\...\OneDriveSetup.exe) (Version: 19.232.1124.0012 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{837b34e3-7c30-493c-8f6a-2b0f04e2912c}) (Version: 8.0.59193 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010  x64 Redistributable - 10.0.30319 (HKLM\...\{DA5E371C-6333-3D8A-93A4-6FD5B20BCC6E}) (Version: 10.0.30319 - Microsoft Corporation)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.50727 (HKLM-x32\...\{15134cb0-b767-4960-a911-f2d16ae54797}) (Version: 11.0.50727.1 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.50727 (HKLM-x32\...\{22154f09-719a-4619-bb71-5b3356999fbf}) (Version: 11.0.50727.1 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x64) - 12.0.30501 (HKLM-x32\...\{050d4fc8-5d48-4b8f-8972-47c82c46020f}) (Version: 12.0.30501.0 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.30501 (HKLM-x32\...\{f65db027-aff3-4070-886a-0d87064aabb1}) (Version: 12.0.30501.0 - Microsoft Corporation)
Microsoft Visual C++ 2017 Redistributable (x64) - 14.14.26429 (HKLM-x32\...\{80586c77-db42-44bb-bfc8-7aebbb220c00}) (Version: 14.14.26429.4 - Microsoft Corporation)
Microsoft Visual C++ 2017 Redistributable (x86) - 14.14.26429 (HKLM-x32\...\{2019b6a0-8533-4a04-ac0e-b2c10bdb9841}) (Version: 14.14.26429.4 - Microsoft Corporation)
Mozilla Firefox 76.0.1 (x64 en-GB) (HKLM\...\Mozilla Firefox 76.0.1 (x64 en-GB)) (Version: 76.0.1 - Mozilla)
Mozilla Maintenance Service (HKLM-x32\...\MozillaMaintenanceService) (Version: 76.0.1.7432 - Mozilla)
Nitro Pro 8 (HKLM\...\{392C767D-4EE2-49B5-A3B4-A4C3AB6DC145}) (Version: 8.5.7.1 - Nitro)
Office 15 Click-to-Run Extensibility Component (HKLM-x32\...\{90150000-008C-0000-0000-0000000FF1CE}) (Version: 15.0.5215.1000 - Microsoft Corporation) Hidden
Office 15 Click-to-Run Licensing Component (HKLM\...\{90150000-008F-0000-1000-0000000FF1CE}) (Version: 15.0.5215.1000 - Microsoft Corporation) Hidden
Office 15 Click-to-Run Localization Component (HKLM-x32\...\{90150000-008C-0409-0000-0000000FF1CE}) (Version: 15.0.5215.1000 - Microsoft Corporation) Hidden
OU SPSS data for DD303 (HKLM-x32\...\OU SPSS data for DD303) (Version:  - )
Rapport (HKLM-x32\...\{1DD81E7D-0D28-4CEB-87B2-C041A4FCB215}) (Version: 3.5.1950.120 - Trusteer) Hidden
Realtek Card Reader (HKLM-x32\...\{5BC2B5AB-80DE-4E83-B8CF-426902051D0A}) (Version: 6.2.9200.39048 - Realtek Semiconductor Corp.)
Realtek Ethernet Controller Driver (HKLM-x32\...\{8833FFB6-5B0C-4764-81AA-06DFEED9A476}) (Version: 8.18.621.2013 - Realtek)
Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.7535 - Realtek Semiconductor Corp.)
REALTEK Wireless LAN Driver (HKLM-x32\...\{9DAABC60-A5EF-41FF-B2B9-17329590CD5}) (Version: 1.00.0227 - REALTEK Semiconductor Corp.)
TnI CheckExplorer Project (HKLM\...\{EBFA3741-71F4-48C3-BEAE-B140AEDCC19B}) (Version: 1.0.0.0 - TPV-INVENTA TECHNOLOGY CO., LTD.) Hidden
TnI CheckExplorer Project (HKLM-x32\...\InstallShield_{EBFA3741-71F4-48C3-BEAE-B140AEDCC19B}) (Version: 1.0.0.0 - TPV-INVENTA TECHNOLOGY CO., LTD.)
Trusteer Endpoint Protection (HKLM-x32\...\Rapport_msi) (Version: 3.5.1950.120 - Trusteer)
Update for Windows 10 for x64-based Systems (KB4023057) (HKLM\...\{16AD6161-2E47-4BF1-AA77-0946EFE93E08}) (Version: 2.61.0.0 - Microsoft Corporation)
VLC media player (HKLM\...\VLC media player) (Version: 3.0.8 - VideoLAN)
Web Companion (HKLM-x32\...\{d977fa78-a092-40bd-92eb-777f181191f0}) (Version: 4.9.2146.4004 - Lavasoft)
WinRAR 5.70 (64-bit) (HKLM\...\WinRAR archiver) (Version: 5.70.0 - win.rar GmbH)
Zoom (HKU\S-1-5-21-3106986344-3918020473-2541437126-1002\...\ZoomUMX) (Version: 4.6 - Zoom Video Communications, Inc.)

Packages:
=========
FreeRide Games for Lenovo -> C:\Program Files\WindowsApps\Exent.FreeRideGamesforLenovo_1.0.0.0_x64__fq5x03g7fwkgm [2014-03-03] (Exent Technologies LTD) [MS Ad]
HP Smart -> C:\Program Files\WindowsApps\AD2F1837.HPPrinterControl_110.1.728.0_x64__v10z8vjag6ke6 [2020-04-14] (HP Inc.)
Lenovo Vantage -> C:\Program Files\WindowsApps\E046963F.LenovoCompanion_10.2003.10.0_x64__k1h2ywk1493x8 [2020-03-25] (LENOVO INC.)
Microsoft Advertising SDK for XAML -> C:\Program Files\WindowsApps\Microsoft.Advertising.Xaml_10.1811.1.0_x64__8wekyb3d8bbwe [2019-01-21] (Microsoft Corporation) [MS Ad]
Microsoft Advertising SDK for XAML -> C:\Program Files\WindowsApps\Microsoft.Advertising.Xaml_10.1811.1.0_x86__8wekyb3d8bbwe [2019-01-21] (Microsoft Corporation) [MS Ad]
Microsoft News -> C:\Program Files\WindowsApps\Microsoft.BingNews_4.36.20714.0_x64__8wekyb3d8bbwe [2020-03-25] (Microsoft Corporation) [MS Ad]
Microsoft Solitaire Collection -> C:\Program Files\WindowsApps\Microsoft.MicrosoftSolitaireCollection_4.7.5012.0_x64__8wekyb3d8bbwe [2020-05-02] (Microsoft Studios) [MS Ad]
MSN Money -> C:\Program Files\WindowsApps\Microsoft.BingFinance_4.36.20714.0_x64__8wekyb3d8bbwe [2020-03-25] (Microsoft Corporation) [MS Ad]
MSN Sport -> C:\Program Files\WindowsApps\Microsoft.BingSports_4.36.20714.0_x64__8wekyb3d8bbwe [2020-03-25] (Microsoft Corporation) [MS Ad]
MSN Travel -> C:\Program Files\WindowsApps\Microsoft.BingTravel_3.0.4.336_x64__8wekyb3d8bbwe [2015-07-14] (Microsoft Corporation) [MS Ad]
MSN Weather -> C:\Program Files\WindowsApps\Microsoft.BingWeather_4.36.20714.0_x64__8wekyb3d8bbwe [2020-03-25] (Microsoft Corporation) [MS Ad]
Photos Media Engine Add-on -> C:\Program Files\WindowsApps\Microsoft.Photos.MediaEngineDLC_1.0.0.0_x64__8wekyb3d8bbwe [2019-12-15] (Microsoft Corporation)
PowerDVD for Lenovo Idea -> C:\Program Files\WindowsApps\CyberLinkCorp.id.PowerDVDforLenovoIdea_1.1.2618.24808_x86__hgg5mn3xps74a [2014-03-06] (CYBERLINK COM CORPORATION)
Twitter -> C:\Program Files\WindowsApps\9E2F88E3.Twitter_6.1.4.1000_neutral__wgeqdkkx372wm [2018-09-09] (Twitter Inc.)
Xbox One SmartGlass -> C:\Program Files\WindowsApps\Microsoft.XboxOneSmartGlass_2.2.1702.2004_x64__8wekyb3d8bbwe [2019-04-30] (Microsoft Corporation)

==================== Custom CLSID (Whitelisted): ==============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

CustomCLSID: HKU\S-1-5-21-3106986344-3918020473-2541437126-1002_Classes\CLSID\{005A3A96-BAC4-4B0A-94EA-C0CE100EA736}\localserver32 -> C:\Users\Pauline\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc -> Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-3106986344-3918020473-2541437126-1002_Classes\CLSID\{9E506282-69D3-5ABA-9C1D-15994B37F4AC}\InprocServer32 -> C:\Program Files (x86)\Lenovo\LenovoAppShop\bin\npAppUp_x64.dll (Intel) [File not signed]
CustomCLSID: HKU\S-1-5-21-3106986344-3918020473-2541437126-1002_Classes\CLSID\{9E506282-69D3-5ABA-9C1D-15994B37F4AD}\InprocServer32 -> C:\Program Files (x86)\Lenovo\LenovoAppShop\bin\npAppUp_x64.dll (Intel) [File not signed]
CustomCLSID: HKU\S-1-5-21-3106986344-3918020473-2541437126-1002_Classes\CLSID\{E31EA727-12ED-4702-820C-4B6445F28E1A} -> [dropbox-NamespaceExtensionRole.Personal] => C:\Users\Pauline\Dropbox [2014-08-21 17:26]
CustomCLSID: HKU\S-1-5-21-3106986344-3918020473-2541437126-1002_Classes\CLSID\{E31EA727-12ED-4702-820C-4B6445F28E1B} -> [dropbox-NamespaceExtensionRole.Business] => 0
CustomCLSID: HKU\S-1-5-21-3106986344-3918020473-2541437126-1002_Classes\CLSID\{ECD97DE5-3C8F-4ACB-AEEE-CCAB78F7711C}\InprocServer32 -> C:\Users\Pauline\AppData\Roaming\Dropbox\bin\DropboxExt64.37.0.dll (Dropbox, Inc -> Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-3106986344-3918020473-2541437126-1002_Classes\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Pauline\AppData\Roaming\Dropbox\bin\DropboxExt64.37.0.dll (Dropbox, Inc -> Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-3106986344-3918020473-2541437126-1002_Classes\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Pauline\AppData\Roaming\Dropbox\bin\DropboxExt64.37.0.dll (Dropbox, Inc -> Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-3106986344-3918020473-2541437126-1002_Classes\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Pauline\AppData\Roaming\Dropbox\bin\DropboxExt64.37.0.dll (Dropbox, Inc -> Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-3106986344-3918020473-2541437126-1002_Classes\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Pauline\AppData\Roaming\Dropbox\bin\DropboxExt64.37.0.dll (Dropbox, Inc -> Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-3106986344-3918020473-2541437126-1002_Classes\CLSID\{FB314EDD-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Pauline\AppData\Roaming\Dropbox\bin\DropboxExt64.37.0.dll (Dropbox, Inc -> Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-3106986344-3918020473-2541437126-1002_Classes\CLSID\{FB314EDE-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Pauline\AppData\Roaming\Dropbox\bin\DropboxExt64.37.0.dll (Dropbox, Inc -> Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-3106986344-3918020473-2541437126-1002_Classes\CLSID\{FB314EDF-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Pauline\AppData\Roaming\Dropbox\bin\DropboxExt64.37.0.dll (Dropbox, Inc -> Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-3106986344-3918020473-2541437126-1002_Classes\CLSID\{FB314EE0-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Pauline\AppData\Roaming\Dropbox\bin\DropboxExt64.37.0.dll (Dropbox, Inc -> Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-3106986344-3918020473-2541437126-1002_Classes\CLSID\{FB314EE1-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Pauline\AppData\Roaming\Dropbox\bin\DropboxExt64.37.0.dll (Dropbox, Inc -> Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-3106986344-3918020473-2541437126-1002_Classes\CLSID\{FB314EE2-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Pauline\AppData\Roaming\Dropbox\bin\DropboxExt64.37.0.dll (Dropbox, Inc -> Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-3106986344-3918020473-2541437126-1002_Classes\CLSID\{FBC9D74C-AF55-4309-9FB2-C426E071637F}\InprocServer32 -> C:\Users\Pauline\AppData\Roaming\Dropbox\bin\DropboxExt64.37.0.dll (Dropbox, Inc -> Dropbox, Inc.)
ShellIconOverlayIdentifiers: ["DropboxExt1"] -> {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Pauline\AppData\Roaming\Dropbox\bin\DropboxExt64.37.0.dll [2020-04-01] (Dropbox, Inc -> Dropbox, Inc.)
ShellIconOverlayIdentifiers: ["DropboxExt2"] -> {FB314EDA-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Pauline\AppData\Roaming\Dropbox\bin\DropboxExt64.37.0.dll [2020-04-01] (Dropbox, Inc -> Dropbox, Inc.)
ShellIconOverlayIdentifiers: ["DropboxExt3"] -> {FB314EDD-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Pauline\AppData\Roaming\Dropbox\bin\DropboxExt64.37.0.dll [2020-04-01] (Dropbox, Inc -> Dropbox, Inc.)
ShellIconOverlayIdentifiers: ["DropboxExt4"] -> {FB314EDE-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Pauline\AppData\Roaming\Dropbox\bin\DropboxExt64.37.0.dll [2020-04-01] (Dropbox, Inc -> Dropbox, Inc.)
ShellIconOverlayIdentifiers: ["DropboxExt5"] -> {FB314EDB-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Pauline\AppData\Roaming\Dropbox\bin\DropboxExt64.37.0.dll [2020-04-01] (Dropbox, Inc -> Dropbox, Inc.)
ShellIconOverlayIdentifiers: ["DropboxExt6"] -> {FB314EDF-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Pauline\AppData\Roaming\Dropbox\bin\DropboxExt64.37.0.dll [2020-04-01] (Dropbox, Inc -> Dropbox, Inc.)
ShellIconOverlayIdentifiers: ["DropboxExt7"] -> {FB314EDC-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Pauline\AppData\Roaming\Dropbox\bin\DropboxExt64.37.0.dll [2020-04-01] (Dropbox, Inc -> Dropbox, Inc.)
ShellIconOverlayIdentifiers: ["DropboxExt8"] -> {FB314EE0-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Pauline\AppData\Roaming\Dropbox\bin\DropboxExt64.37.0.dll [2020-04-01] (Dropbox, Inc -> Dropbox, Inc.)
ShellIconOverlayIdentifiers: [00asw] -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Program Files\AVAST Software\Avast\ashShell.dll [2020-04-15] (Avast Software s.r.o. -> AVAST Software)
ShellIconOverlayIdentifiers: [00avast] -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Program Files\AVAST Software\Avast\ashShell.dll [2020-04-15] (Avast Software s.r.o. -> AVAST Software)
ContextMenuHandlers1: [avast] -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Program Files\AVAST Software\Avast\ashShell.dll [2020-04-15] (Avast Software s.r.o. -> AVAST Software)
ContextMenuHandlers1: [NP8ShellExtension] -> {9C4B85B8-956C-49BF-9BA5-101384E562B2} => C:\Program Files\Common Files\Nitro\Pro\8.0\NPShellExtension64.dll [2013-08-18] (Nitro PDF Software -> Nitro PDF)
ContextMenuHandlers1: [WinRAR] -> {B41DB860-64E4-11D2-9906-E49FADC173CA} => C:\Program Files\WinRAR\rarext.dll [2019-02-24] (win.rar GmbH -> Alexander Roshal)
ContextMenuHandlers1-x32: [WinRAR32] -> {B41DB860-8EE4-11D2-9906-E49FADC173CA} => C:\Program Files\WinRAR\rarext32.dll [2019-02-24] (win.rar GmbH -> Alexander Roshal)
ContextMenuHandlers3: [00asw] -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Program Files\AVAST Software\Avast\ashShell.dll [2020-04-15] (Avast Software s.r.o. -> AVAST Software)
ContextMenuHandlers3: [MBAMShlExt] -> {57CE581A-0CB6-4266-9CA0-19364C90A0B3} => C:\Program Files\Malwarebytes\Anti-Malware\mbshlext.dll [2020-05-11] (Malwarebytes Corporation -> Malwarebytes)
ContextMenuHandlers5: [ACE] -> {5E2121EE-0300-11D4-8D3B-444553540000} => C:\Program Files\AMD\CNext\CNext\atiacm64.dll [2019-08-16] (Advanced Micro Devices, Inc. -> Advanced Micro Devices, Inc.)
ContextMenuHandlers6: [avast] -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Program Files\AVAST Software\Avast\ashShell.dll [2020-04-15] (Avast Software s.r.o. -> AVAST Software)
ContextMenuHandlers6: [MBAMShlExt] -> {57CE581A-0CB6-4266-9CA0-19364C90A0B3} => C:\Program Files\Malwarebytes\Anti-Malware\mbshlext.dll [2020-05-11] (Malwarebytes Corporation -> Malwarebytes)
ContextMenuHandlers6: [WinRAR] -> {B41DB860-64E4-11D2-9906-E49FADC173CA} => C:\Program Files\WinRAR\rarext.dll [2019-02-24] (win.rar GmbH -> Alexander Roshal)
ContextMenuHandlers6-x32: [WinRAR32] -> {B41DB860-8EE4-11D2-9906-E49FADC173CA} => C:\Program Files\WinRAR\rarext32.dll [2019-02-24] (win.rar GmbH -> Alexander Roshal)
ContextMenuHandlers1_S-1-5-21-3106986344-3918020473-2541437126-1002: [DropboxExt] -> {ECD97DE5-3C8F-4ACB-AEEE-CCAB78F7711C} => C:\Users\Pauline\AppData\Roaming\Dropbox\bin\DropboxExt64.37.0.dll [2020-04-01] (Dropbox, Inc -> Dropbox, Inc.)
ContextMenuHandlers4_S-1-5-21-3106986344-3918020473-2541437126-1002: [DropboxExt] -> {ECD97DE5-3C8F-4ACB-AEEE-CCAB78F7711C} => C:\Users\Pauline\AppData\Roaming\Dropbox\bin\DropboxExt64.37.0.dll [2020-04-01] (Dropbox, Inc -> Dropbox, Inc.)
ContextMenuHandlers5_S-1-5-21-3106986344-3918020473-2541437126-1002: [DropboxExt] -> {ECD97DE5-3C8F-4ACB-AEEE-CCAB78F7711C} => C:\Users\Pauline\AppData\Roaming\Dropbox\bin\DropboxExt64.37.0.dll [2020-04-01] (Dropbox, Inc -> Dropbox, Inc.)

==================== Codecs (Whitelisted) ====================

==================== Shortcuts & WMI ========================

==================== Loaded Modules (Whitelisted) =============

2018-07-18 16:27 - 2018-07-18 16:27 - 000747520 _____ () [File not signed] C:\Program Files (x86)\Trusteer\Rapport\bin\js32.dll
2019-06-28 18:32 - 2019-06-28 18:32 - 000017920 _____ () [File not signed] C:\Program Files\AMD\CNext\CNext\libEGL.DLL
2019-06-28 18:32 - 2019-06-28 18:32 - 003598336 _____ () [File not signed] C:\Program Files\AMD\CNext\CNext\libGLESv2.dll
2013-11-28 02:43 - 2011-05-17 22:27 - 000028672 _____ () [File not signed] C:\Windows\jmesoft\hidhook.dll
2019-08-16 12:37 - 2019-08-16 12:37 - 000158208 _____ (Advanced Micro Devices, Inc.) [File not signed] C:\WINDOWS\SYSTEM32\amdihk64.dll
2013-11-28 03:11 - 2013-11-28 03:11 - 000348160 ____N (Microsoft Corporation) [File not signed] C:\Program Files (x86)\Lenovo\PowerDVD10\MSVCR71.dll
2020-05-06 09:32 - 2020-04-05 18:36 - 001343488 _____ (Robert Simpson, et al.) [File not signed] C:\ProgramData\Lenovo\iMController\Plugins\GenericMessagingPlugin\x86\SQLite.Interop.dll
2016-09-14 15:31 - 2016-09-14 15:31 - 000500736 _____ (SEIKO EPSON CORPORATION) [File not signed] C:\WINDOWS\System32\enppmon.dll
2019-06-28 18:32 - 2019-06-28 18:32 - 000031744 _____ (The Qt Company Ltd.) [File not signed] C:\Program Files\AMD\CNext\CNext\imageformats\qgif.dll
2019-06-28 18:32 - 2019-06-28 18:32 - 000040960 _____ (The Qt Company Ltd.) [File not signed] C:\Program Files\AMD\CNext\CNext\imageformats\qicns.dll
2019-06-28 18:32 - 2019-06-28 18:32 - 000031744 _____ (The Qt Company Ltd.) [File not signed] C:\Program Files\AMD\CNext\CNext\imageformats\qico.dll
2019-06-28 18:32 - 2019-06-28 18:32 - 000414208 _____ (The Qt Company Ltd.) [File not signed] C:\Program Files\AMD\CNext\CNext\imageformats\qjpeg.dll
2019-06-28 18:32 - 2019-06-28 18:32 - 000025088 _____ (The Qt Company Ltd.) [File not signed] C:\Program Files\AMD\CNext\CNext\imageformats\qsvg.dll
2019-06-28 18:32 - 2019-06-28 18:32 - 000025088 _____ (The Qt Company Ltd.) [File not signed] C:\Program Files\AMD\CNext\CNext\imageformats\qtga.dll
2019-06-28 18:32 - 2019-06-28 18:32 - 000023552 _____ (The Qt Company Ltd.) [File not signed] C:\Program Files\AMD\CNext\CNext\imageformats\qwbmp.dll
2019-06-28 18:32 - 2019-06-28 18:32 - 000516608 _____ (The Qt Company Ltd.) [File not signed] C:\Program Files\AMD\CNext\CNext\imageformats\qwebp.dll
2019-06-28 18:32 - 2019-06-28 18:32 - 001441280 _____ (The Qt Company Ltd.) [File not signed] C:\Program Files\AMD\CNext\CNext\platforms\qwindows.dll
2019-08-16 12:49 - 2019-08-16 12:49 - 005999104 _____ (The Qt Company Ltd.) [File not signed] C:\Program Files\AMD\CNext\CNext\Qt5Core.dll
2019-06-28 18:32 - 2019-06-28 18:32 - 006413824 _____ (The Qt Company Ltd.) [File not signed] C:\Program Files\AMD\CNext\CNext\Qt5Gui.dll
2019-06-28 18:32 - 2019-06-28 18:32 - 001141760 _____ (The Qt Company Ltd.) [File not signed] C:\Program Files\AMD\CNext\CNext\Qt5Network.dll
2019-06-28 18:32 - 2019-06-28 18:32 - 000339968 _____ (The Qt Company Ltd.) [File not signed] C:\Program Files\AMD\CNext\CNext\Qt5Positioning.dll
2019-06-28 18:32 - 2019-06-28 18:32 - 004143104 _____ (The Qt Company Ltd.) [File not signed] C:\Program Files\AMD\CNext\CNext\Qt5Qml.dll
2019-06-28 18:32 - 2019-06-28 18:32 - 003840000 _____ (The Qt Company Ltd.) [File not signed] C:\Program Files\AMD\CNext\CNext\Qt5Quick.dll
2019-06-28 18:32 - 2019-06-28 18:32 - 000332800 _____ (The Qt Company Ltd.) [File not signed] C:\Program Files\AMD\CNext\CNext\Qt5Svg.dll
2019-06-28 18:32 - 2019-06-28 18:32 - 000113152 _____ (The Qt Company Ltd.) [File not signed] C:\Program Files\AMD\CNext\CNext\Qt5WebChannel.dll
2019-06-28 18:32 - 2019-06-28 18:32 - 000349184 _____ (The Qt Company Ltd.) [File not signed] C:\Program Files\AMD\CNext\CNext\Qt5WebEngine.dll
2019-06-28 18:32 - 2019-06-28 18:32 - 080959488 _____ (The Qt Company Ltd.) [File not signed] C:\Program Files\AMD\CNext\CNext\Qt5WebEngineCore.dll
2019-06-28 18:32 - 2019-06-28 18:32 - 005622272 _____ (The Qt Company Ltd.) [File not signed] C:\Program Files\AMD\CNext\CNext\Qt5Widgets.dll
2019-06-28 18:32 - 2019-06-28 18:32 - 000463360 _____ (The Qt Company Ltd.) [File not signed] C:\Program Files\AMD\CNext\CNext\Qt5WinExtras.dll
2019-06-28 18:32 - 2019-06-28 18:32 - 000190464 _____ (The Qt Company Ltd.) [File not signed] C:\Program Files\AMD\CNext\CNext\Qt5Xml.dll
2019-06-28 18:32 - 2019-06-28 18:32 - 002825216 _____ (The Qt Company Ltd.) [File not signed] C:\Program Files\AMD\CNext\CNext\Qt5XmlPatterns.dll
2019-06-28 18:33 - 2019-06-28 18:33 - 000053760 _____ (The Qt Company Ltd.) [File not signed] C:\Program Files\AMD\CNext\CNext\QtGraphicalEffects\private\qtgraphicaleffectsprivate.dll
2019-06-28 18:33 - 2019-06-28 18:33 - 000059392 _____ (The Qt Company Ltd.) [File not signed] C:\Program Files\AMD\CNext\CNext\QtGraphicalEffects\qtgraphicaleffectsplugin.dll
2019-06-28 18:33 - 2019-06-28 18:33 - 000017408 _____ (The Qt Company Ltd.) [File not signed] C:\Program Files\AMD\CNext\CNext\QtQuick.2\qtquick2plugin.dll
2019-06-28 18:33 - 2019-06-28 18:33 - 000330752 _____ (The Qt Company Ltd.) [File not signed] C:\Program Files\AMD\CNext\CNext\QtQuick\Controls\qtquickcontrolsplugin.dll
2019-06-28 18:33 - 2019-06-28 18:33 - 000137216 _____ (The Qt Company Ltd.) [File not signed] C:\Program Files\AMD\CNext\CNext\QtQuick\Dialogs\dialogplugin.dll
2019-06-28 18:33 - 2019-06-28 18:33 - 000090112 _____ (The Qt Company Ltd.) [File not signed] C:\Program Files\AMD\CNext\CNext\QtQuick\Layouts\qquicklayoutsplugin.dll
2019-06-28 18:33 - 2019-06-28 18:33 - 000017920 _____ (The Qt Company Ltd.) [File not signed] C:\Program Files\AMD\CNext\CNext\QtQuick\Window.2\windowplugin.dll
2019-06-28 18:33 - 2019-06-28 18:33 - 000136192 _____ (The Qt Company Ltd.) [File not signed] C:\Program Files\AMD\CNext\CNext\styles\qwindowsvistastyle.dll

==================== Alternate Data Streams (Whitelisted) ========

==================== Safe Mode (Whitelisted) ==================

(If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)

HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MBAMService => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\MBAMService => ""="Service"

==================== Association (Whitelisted) =================

==================== Internet Explorer trusted/restricted ==========

(If an entry is included in the fixlist, it will be removed from the registry.)

IE trusted site: HKU\.DEFAULT\...\localhost -> localhost
IE trusted site: HKU\.DEFAULT\...\webcompanion.com -> hxxp://webcompanion.com
IE trusted site: HKU\S-1-5-21-3106986344-3918020473-2541437126-1002\...\localhost -> localhost
IE trusted site: HKU\S-1-5-21-3106986344-3918020473-2541437126-1002\...\webcompanion.com -> hxxp://webcompanion.com

==================== Hosts content: =========================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2013-08-22 14:25 - 2019-01-04 09:12 - 000000828 _____ C:\WINDOWS\system32\drivers\etc\hosts

==================== Other Areas ===========================

(Currently there is no automatic fix for this section.)

HKU\S-1-5-21-3106986344-3918020473-2541437126-1002\Control Panel\Desktop\\Wallpaper -> C:\windows\Web\Wallpaper\Lenovo\LenovoWallPaper.jpg
DNS Servers: 192.168.0.1
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1)
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer => (SmartScreenEnabled: RequireAdmin)
Windows Firewall is enabled.

==================== MSCONFIG/TASK MANAGER disabled items ==

(If an entry is included in the fixlist, it will be removed.)

HKLM\...\StartupApproved\StartupFolder: => "FamilySafetyGuide.lnk"
HKLM\...\StartupApproved\Run32: => "SunJavaUpdateSched"

==================== FirewallRules (Whitelisted) ================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

FirewallRules: [{3828428C-5F69-48D0-BD9D-A12AB94626C1}] => (Allow) C:\Users\Pauline\AppData\Roaming\uTorrent\uTorrent.exe (BitTorrent Inc -> BitTorrent Inc.)
FirewallRules: [{A954C457-6240-4CE7-B174-5CD18722A759}] => (Allow) C:\Users\Pauline\AppData\Roaming\uTorrent\uTorrent.exe (BitTorrent Inc -> BitTorrent Inc.)
FirewallRules: [{A802CB58-8A5C-4AD5-A6B3-90A06DC86336}] => (Allow) C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc. -> Apple Inc.)
FirewallRules: [{49C1769A-FBD7-4C05-81AC-4FADDA756553}] => (Allow) C:\Users\Pauline\AppData\Local\Temp\EpInsNav\DL\3013\Network\EpsonNetSetup\Data\ENEasyApp.exe => No File
FirewallRules: [{64CBD3F0-45E2-43ED-A824-9CB74B3268C3}] => (Allow) C:\Users\Pauline\AppData\Local\Temp\EpInsNav\DL\3013\Network\EpsonNetSetup\Data\ENEasyApp.exe => No File
FirewallRules: [{3E07AD9B-860C-494E-A604-3FD23FCE3790}] => (Allow) C:\Program Files\AVAST Software\Avast\ng\vbox\aswFe.exe => No File
FirewallRules: [{19442169-ADB0-4E5B-8B40-ADE5F3419811}] => (Allow) C:\Program Files\AVAST Software\Avast\ng\vbox\aswFe.exe => No File
FirewallRules: [{CFC66B4D-9678-47A0-AC63-B49B9AA589EA}] => (Allow) C:\Users\Pauline\AppData\Local\Temp\7zS356D\HPDiagnosticCoreUI.exe => No File
FirewallRules: [{879BB6B9-4B42-470F-9771-181A9169F60C}] => (Allow) C:\Users\Pauline\AppData\Local\Temp\7zS356D\HPDiagnosticCoreUI.exe => No File
FirewallRules: [{573D3238-9EF2-4D83-8F71-411C748215D7}] => (Allow) C:\Users\Pauline\AppData\Local\Temp\7zS2BDB\HPDiagnosticCoreUI.exe => No File
FirewallRules: [{6927EB13-6672-4BC6-A19F-96169A147774}] => (Allow) C:\Users\Pauline\AppData\Local\Temp\7zS2BDB\HPDiagnosticCoreUI.exe => No File
FirewallRules: [UDP Query User{75189070-1BFE-4955-AC8C-159F01A47EE7}C:\users\pauline\appdata\roaming\dropbox\bin\dropbox.exe] => (Block) C:\users\pauline\appdata\roaming\dropbox\bin\dropbox.exe (Dropbox, Inc -> Dropbox, Inc.)
FirewallRules: [TCP Query User{9D640CEA-C075-450C-AC63-70E11A45C0CB}C:\users\pauline\appdata\roaming\dropbox\bin\dropbox.exe] => (Block) C:\users\pauline\appdata\roaming\dropbox\bin\dropbox.exe (Dropbox, Inc -> Dropbox, Inc.)
FirewallRules: [{18B09901-E5BD-4834-81D9-DA2AAB0641CA}] => (Allow) C:\Users\Pauline\AppData\Local\Temp\7zS7262\HP.EasyStart.exe => No File
FirewallRules: [{29A4985A-A7EE-4537-9B50-138474CA7B85}] => (Allow) C:\Users\Pauline\AppData\Local\Temp\7zS3A00\HP.EasyStart.exe => No File
FirewallRules: [{5D695CAC-8258-474D-A5D4-6C27C740C073}] => (Allow) C:\Users\Pauline\AppData\Local\Temp\7zS2433\HP.EasyStart.exe => No File
FirewallRules: [{B096545E-7D4C-4DF3-A1F3-53763FC9B5AC}] => (Allow) C:\Program Files\AVAST Software\Avast\ng\vbox\aswFe.exe => No File
FirewallRules: [{EE212A33-A6BD-433A-AFD0-75A85B9F106A}] => (Allow) C:\Program Files\AVAST Software\Avast\ng\vbox\aswFe.exe => No File
FirewallRules: [UDP Query User{CDA55194-8A17-4F63-9AFF-D91732DDF55A}C:\program files (x86)\spss\jre\bin\javaw.exe] => (Allow) C:\program files (x86)\spss\jre\bin\javaw.exe
FirewallRules: [TCP Query User{CD5686A2-D602-47E9-BD0E-1453C0C9D915}C:\program files (x86)\spss\jre\bin\javaw.exe] => (Allow) C:\program files (x86)\spss\jre\bin\javaw.exe
FirewallRules: [{79997ACB-9215-45AD-AF27-16ACA6F0DEC5}] => (Allow) C:\Program Files (x86)\SPSS\stats.com (International Business Machines Corporation -> IBM Corp.) [File not signed]
FirewallRules: [{0D8BF589-28DA-4DDC-B48F-7B14B821BFA5}] => (Allow) C:\Program Files (x86)\SPSS\WinWrapIDE.exe (International Business Machines Corporation -> IBM Corp.) [File not signed]
FirewallRules: [{A37EE120-0829-48B9-A39C-9B96B9C80EBC}] => (Allow) C:\Program Files (x86)\SPSS\stats.exe (International Business Machines Corporation -> IBM Corp.) [File not signed]
FirewallRules: [{2F3B8F77-CD3B-424E-95C8-2AB444EBB821}] => (Allow) C:\Program Files (x86)\SPSS\stats.com (International Business Machines Corporation -> IBM Corp.) [File not signed]
FirewallRules: [{8062050A-3055-4C7F-806F-549F9DA10036}] => (Allow) C:\Program Files (x86)\SPSS\WinWrapIDE.exe (International Business Machines Corporation -> IBM Corp.) [File not signed]
FirewallRules: [{5F071C36-DFC9-41D5-9A1D-8635C9B58B51}] => (Allow) C:\Program Files (x86)\SPSS\stats.exe (International Business Machines Corporation -> IBM Corp.) [File not signed]
FirewallRules: [UDP Query User{0257390E-4C5F-43EF-A79D-5765341F342D}C:\program files (x86)\mozilla firefox\firefox.exe] => (Block) C:\program files (x86)\mozilla firefox\firefox.exe (Mozilla Corporation -> Mozilla Corporation)
FirewallRules: [TCP Query User{821CE340-2D06-44D0-8C7C-490E86231084}C:\program files (x86)\mozilla firefox\firefox.exe] => (Block) C:\program files (x86)\mozilla firefox\firefox.exe (Mozilla Corporation -> Mozilla Corporation)
FirewallRules: [{5185ADA7-EB55-4B31-8BC6-1D404DEDD48B}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Mozilla Corporation -> Mozilla Corporation)
FirewallRules: [{07756E60-ED56-4A1F-B1E5-8D44A24815ED}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Mozilla Corporation -> Mozilla Corporation)
FirewallRules: [{AFA37683-7D2F-413A-A87F-68F462A3B754}] => (Allow) C:\Users\Pauline\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc -> Dropbox, Inc.)
FirewallRules: [{4002A716-6838-428A-AF30-0E51A9D16B06}] => (Allow) C:\Users\Pauline\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc -> Dropbox, Inc.)
FirewallRules: [UDP Query User{903B8581-FCF8-45CA-9274-D9298E979926}C:\program files (x86)\speedtouch\dr speedtouch\drst.exe] => (Block) C:\program files (x86)\speedtouch\dr speedtouch\drst.exe (THOMSON) [File not signed]
FirewallRules: [TCP Query User{F1CC34B7-0F9B-49E0-8DB4-3B0518E6D06E}C:\program files (x86)\speedtouch\dr speedtouch\drst.exe] => (Block) C:\program files (x86)\speedtouch\dr speedtouch\drst.exe (THOMSON) [File not signed]
FirewallRules: [UDP Query User{655CABCD-D93D-4F79-90FD-51D2FD81484D}C:\program files (x86)\speedtouch\dr speedtouch\drst.exe] => (Block) C:\program files (x86)\speedtouch\dr speedtouch\drst.exe (THOMSON) [File not signed]
FirewallRules: [TCP Query User{37914DDE-16CB-431B-8138-642454D3089A}C:\program files (x86)\speedtouch\dr speedtouch\drst.exe] => (Block) C:\program files (x86)\speedtouch\dr speedtouch\drst.exe (THOMSON) [File not signed]
FirewallRules: [UDP Query User{382156BB-B55C-4093-8C9F-57BC965A0359}C:\program files (x86)\java\jre7\bin\javaw.exe] => (Allow) C:\program files (x86)\java\jre7\bin\javaw.exe
FirewallRules: [TCP Query User{7A62AD09-378B-499E-B1C3-3B286378EB42}C:\program files (x86)\java\jre7\bin\javaw.exe] => (Allow) C:\program files (x86)\java\jre7\bin\javaw.exe
FirewallRules: [{5CAAA95A-5745-4CC0-86E0-7FD312735156}] => (Allow) C:\Program Files\Common Files\mcafee\platform\McSvcHost\McSvHost.exe => No File
FirewallRules: [{964A953E-F081-4B65-8C5D-5108BF81124F}] => (Allow) C:\Program Files\Common Files\mcafee\platform\McSvcHost\McSvHost.exe => No File
FirewallRules: [{35EAE3D4-F480-4DBB-A5EC-F3B062984401}] => (Allow) C:\Users\Pauline\AppData\Local\Microsoft\SkyDrive\SkyDrive.exe => No File
FirewallRules: [{FC0929F2-EED6-4D8E-B4D1-97DB885494CF}] => (Allow) C:\Program Files (x86)\Lenovo\LenovoAppShop\bin\ismloader.exe (Intel AppUp® center -> Intel Corporation)
FirewallRules: [{ADDA57F9-6998-4914-B27F-FF37283467C9}] => (Allow) C:\Program Files (x86)\Lenovo\LenovoAppShop\bin\ismagent.exe (Intel® Services Manager -> Intel Corporation)
FirewallRules: [{36A3148C-6DCA-4E77-A2B0-279D40956C73}] => (Allow) C:\Program Files (x86)\Maxthon\Bin\Maxthon.exe (Maxthon (Asia) Limited. -> Maxthon International ltd.)
FirewallRules: [{31A46AC8-508A-464C-B513-CFA6542E79C5}] => (Allow) C:\Program Files (x86)\Maxthon\Bin\Maxthon.exe (Maxthon (Asia) Limited. -> Maxthon International ltd.)
FirewallRules: [{F965EA8B-8527-414E-911C-5813C42D6D6E}] => (Allow) C:\Program Files (x86)\Maxthon\Bin\MxUp.exe (Maxthon (Asia) Limited. -> Maxthon International ltd.)
FirewallRules: [{85F2BAA5-48D8-4DD1-AF47-4A2C713D9DEA}] => (Allow) C:\Program Files (x86)\Maxthon\Bin\MxUp.exe (Maxthon (Asia) Limited. -> Maxthon International ltd.)
FirewallRules: [{4457018A-6795-4B11-8ED7-6C85E912FD15}] => (Allow) C:\Program Files\CyberLink\PowerDirector10\PDR10.EXE (CyberLink Corp. -> CyberLink Corp.)
FirewallRules: [{E278BD0E-21AA-4E7B-B433-302F2209539C}] => (Allow) C:\Program Files (x86)\Lenovo\PowerDVD10\PowerDVD10.EXE (CyberLink Corp. -> CyberLink Corp.)
FirewallRules: [{988FB48E-70B8-4963-BA3E-95932E5E618D}] => (Allow) C:\Program Files (x86)\Lenovo\PowerDVD10\PowerDVD Cinema\PowerDVDCinema10.exe (CyberLink Corp. -> CyberLink Corp.)
FirewallRules: [{636C7DE4-2344-461F-8775-75FD799C2F98}] => (Allow) C:\Program Files\Common Files\mcafee\platform\McSvcHost\McSvHost.exe => No File
FirewallRules: [{07EE119F-61CA-4DF6-83E0-475B8B56C132}] => (Allow) C:\Program Files\Common Files\mcafee\platform\McSvcHost\McSvHost.exe =>

#4 Android 8888

Android 8888

    SWI Malware Tracker

  • Trusted Advisor*
  • PipPipPipPipPip
  • 1,202 posts

Posted 11 May 2020 - 03:25 PM

Hello Tyrellcorp,

 

The content of the Addition.txt log is not complete.

Copy and paste its entire content for my review, please.

 

Thank you.

 

Android8888


Android 8888
 
Website: http://android8888.comlu.com
 
Tavira - Here's where I live!
 
Please read the Instructions for posting requested logs and the article "So how did I get infected in the first place?"
 
Our help is free, but if you wish to help keep these forums running please consider a donation; Please see This Topic for details.

#5 Tyrellcorp

Tyrellcorp

    Member

  • Full Member
  • Pip
  • 13 posts

Posted 11 May 2020 - 03:54 PM

Sorry! I've no idea how i managed that :blush:. Hopefully should all be below now

 

Additional scan result of Farbar Recovery Scan Tool (x64) Version: 11-05-2020
Ran by Pauline (11-05-2020 16:18:58)
Running from C:\Users\Pauline\Downloads
Windows 10 Home Version 1903 18362.778 (X64) (2019-08-22 16:45:40)
Boot Mode: Normal
==========================================================


==================== Accounts: =============================

Administrator (S-1-5-21-3106986344-3918020473-2541437126-500 - Administrator - Disabled)
DefaultAccount (S-1-5-21-3106986344-3918020473-2541437126-503 - Limited - Disabled)
Guest (S-1-5-21-3106986344-3918020473-2541437126-501 - Limited - Disabled)
HomeGroupUser$ (S-1-5-21-3106986344-3918020473-2541437126-1004 - Limited - Enabled)
Pauline (S-1-5-21-3106986344-3918020473-2541437126-1002 - Administrator - Enabled) => C:\Users\Pauline
WDAGUtilityAccount (S-1-5-21-3106986344-3918020473-2541437126-504 - Limited - Disabled)

==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AV: Avast Antivirus (Enabled - Up to date) {8EA8924E-BC81-DC44-8BB0-8BAE75D86EBF}
AV: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AV: Avast Antivirus (Enabled - Up to date) {EB19B86E-3998-C706-90EF-92B41EB091AF}
AV: Malwarebytes (Enabled - Up to date) {23007AD3-69FE-687C-2629-D584AFFAF72B}
AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: Avast Antivirus (Enabled - Up to date) {35C973AA-9ABB-D3CA-B100-B0DC0E5F2402}

==================== Installed Programs ======================

(Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

µTorrent (HKU\S-1-5-21-3106986344-3918020473-2541437126-1002\...\uTorrent) (Version: 3.5.5.45231 - BitTorrent Inc.)
Adobe AIR (HKLM-x32\...\Adobe AIR) (Version: 26.0.0.127 - Adobe Systems Incorporated)
Adobe Flash Player 32 NPAPI (HKLM-x32\...\Adobe Flash Player NPAPI) (Version: 32.0.0.363 - Adobe)
Adobe Reader XI (11.0.23) (HKLM-x32\...\{AC76BA86-7AD7-1033-7B44-AB0000000001}) (Version: 11.0.23 - Adobe Systems Incorporated)
AMD Catalyst Install Manager (HKLM\...\{4D2B0FCD-A725-6DB5-060F-9A2E7151F977}) (Version: 8.0.915.0 - Advanced Micro Devices, Inc.)
AMD Radeon Settings (HKLM\...\WUCCCApp) (Version: 2019.0816.1152.21357 - Advanced Micro Devices, Inc.)
Apple Application Support (32-bit) (HKLM-x32\...\{6CF0CAEE-54B6-4D84-A055-3AF110F189D3}) (Version: 8.4 - Apple Inc.)
Apple Application Support (64-bit) (HKLM\...\{8B127943-89E7-4691-A7A4-D05807920A84}) (Version: 8.4 - Apple Inc.)
Apple Mobile Device Support (HKLM\...\{0A394C41-FBA7-4930-85FC-3A973B34E6C6}) (Version: 13.5.0.26 - Apple Inc.)
Apple Software Update (HKLM-x32\...\{A3985C05-7386-411F-A4BF-32A73F37EB44}) (Version: 2.6.3.1 - Apple Inc.)
Avast Free Antivirus (HKLM-x32\...\Avast Antivirus) (Version: 20.2.2401 - Avast Software)
Avast Secure Browser (HKLM-x32\...\Avast Secure Browser) (Version: 81.0.3970.92 - AVAST Software)
BBC iPlayer Downloads (HKLM-x32\...\{148784F3-3B6E-4DFA-B7A1-3400B277DAF3}) (Version: 1.14.2 - BBC)
Bonjour (HKLM\...\{56DDDFB8-7F79-4480-89D5-25E1F52AB28F}) (Version: 3.1.0.1 - Apple Inc.)
Catalyst Control Center Next Localization BR (HKLM\...\{118C2119-84B6-E32C-63E2-B56DBCF41CE5}) (Version: 2016.0624.1251.21301 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization BR (HKLM\...\{3E245378-BF77-6946-C6F6-096DBE5EAB82}) (Version: 2016.1121.1657.30480 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization BR (HKLM\...\{51F85784-6799-5CA3-97B2-2E5904FC3E58}) (Version: 2016.0916.1515.27418 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization BR (HKLM\...\{55A4D3AB-C8DF-26B2-89A8-7E16E1E40700}) (Version: 2015.1129.2307.41591 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization BR (HKLM\...\{A16E186C-58C4-3BDC-5CCE-714EFEF5F27F}) (Version: 2017.0922.1659.28737 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization BR (HKLM\...\{E7AA1A02-575C-14C6-FBEF-4BE6D46A5B74}) (Version: 2017.0424.2119.36535 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization CHS (HKLM\...\{365AEAB2-4CF3-7CBB-0DAC-E9E14B688E65}) (Version: 2015.1129.2307.41591 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization CHS (HKLM\...\{45907537-804A-514F-5280-5F4F12A6DCBC}) (Version: 2016.1121.1657.30480 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization CHS (HKLM\...\{5A083A57-10D6-D4E5-292C-F274870E73A4}) (Version: 2016.0624.1251.21301 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization CHS (HKLM\...\{8E6F5592-ED7E-9C50-74AC-BF417B1FE291}) (Version: 2016.0916.1515.27418 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization CHS (HKLM\...\{E42911E5-48F8-8557-ED20-D72AD1907D25}) (Version: 2017.0922.1659.28737 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization CHS (HKLM\...\{EB6C44F1-0F78-FE10-BC63-90BA50AB0CE9}) (Version: 2017.0424.2119.36535 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization CHT (HKLM\...\{7ABC6D83-816E-6D48-E65D-B0CEDD294E4E}) (Version: 2015.1129.2307.41591 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization CHT (HKLM\...\{962364E4-08BB-347D-32E7-2B789F37BF8A}) (Version: 2016.1121.1657.30480 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization CHT (HKLM\...\{AD28960A-6190-C991-C964-308B86EAA2E2}) (Version: 2016.0916.1515.27418 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization CHT (HKLM\...\{B26D75B8-FAB7-6F8B-767F-BAF975383D91}) (Version: 2017.0424.2119.36535 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization CHT (HKLM\...\{B4C30EF4-B2C5-1395-B534-7B63BCB6E8E4}) (Version: 2017.0922.1659.28737 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization CHT (HKLM\...\{DF0D7C1C-72B6-9FFB-DF66-B3720237BB80}) (Version: 2016.0624.1251.21301 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization CS (HKLM\...\{238F6F6F-2544-86CF-3AB6-2CDADAB58CF0}) (Version: 2016.0624.1251.21301 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization CS (HKLM\...\{36EDC500-E4C0-371C-9865-08450415C1E9}) (Version: 2017.0424.2119.36535 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization CS (HKLM\...\{62098A5F-E03B-31A3-5F9C-51A7F7D25744}) (Version: 2017.0922.1659.28737 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization CS (HKLM\...\{84C3F2C5-F7B2-2F08-CDF4-79EF7CC55D74}) (Version: 2016.0916.1515.27418 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization CS (HKLM\...\{A0407E39-2AA4-60B3-885F-3C5347B6909E}) (Version: 2016.1121.1657.30480 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization CS (HKLM\...\{C3EE628C-7394-FE2C-0C90-C05284EB528D}) (Version: 2015.1129.2307.41591 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization DA (HKLM\...\{0989D0EA-AFF3-5F9A-3D25-20EE133E409B}) (Version: 2016.1121.1657.30480 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization DA (HKLM\...\{0E8A3B17-D603-B1B6-C205-1685EBDD23E9}) (Version: 2016.0916.1515.27418 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization DA (HKLM\...\{1757AD9B-0E3C-05F9-FE43-4343BED7DA85}) (Version: 2017.0922.1659.28737 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization DA (HKLM\...\{2F544F46-5F6E-97BB-3550-A0242A3C5754}) (Version: 2015.1129.2307.41591 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization DA (HKLM\...\{4C2FB7FD-89FD-BA5C-585A-3811F326AD34}) (Version: 2017.0424.2119.36535 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization DA (HKLM\...\{EC688BD0-240D-AE40-55F3-234E54919AE6}) (Version: 2016.0624.1251.21301 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization DE (HKLM\...\{1E7D3072-1D28-E33A-99DF-85D9F7ECD06E}) (Version: 2016.0916.1515.27418 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization DE (HKLM\...\{66B06F29-EE4F-9130-D96A-754826093FEA}) (Version: 2017.0922.1659.28737 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization DE (HKLM\...\{A8689A0F-5928-7300-B82B-C5E85131B7BA}) (Version: 2016.1121.1657.30480 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization DE (HKLM\...\{D74218A3-C503-57EF-AC9F-2220082E7ADE}) (Version: 2017.0424.2119.36535 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization DE (HKLM\...\{E27224E3-7913-DA1E-5B08-9BEEC8FEE3D1}) (Version: 2016.0624.1251.21301 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization DE (HKLM\...\{FC4086D6-E345-5F43-08BB-280FB57DAF49}) (Version: 2015.1129.2307.41591 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization EL (HKLM\...\{76AAF56B-93D8-161D-809A-EC05F3B913DA}) (Version: 2016.1121.1657.30480 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization EL (HKLM\...\{821D0A0E-F246-BE40-0D68-93883C14C410}) (Version: 2017.0922.1659.28737 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization EL (HKLM\...\{95A52FC1-C728-841D-1BFC-CC793B77B0A4}) (Version: 2016.0624.1251.21301 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization EL (HKLM\...\{BA26B70C-3D8C-2D14-4122-211FB3E6F691}) (Version: 2016.0916.1515.27418 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization EL (HKLM\...\{DA433FCF-90A1-19A5-65A7-FDF82DE4826D}) (Version: 2017.0424.2119.36535 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization EL (HKLM\...\{F8EBE530-A4D5-BF51-F623-3787E6B8A878}) (Version: 2015.1129.2307.41591 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization ES (HKLM\...\{063CED74-F5F0-870E-DC9C-2D78FDEDA3EE}) (Version: 2016.1121.1657.30480 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization ES (HKLM\...\{42FBD43F-DE53-6D4D-5134-E3C93B45CBEF}) (Version: 2015.1129.2307.41591 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization ES (HKLM\...\{5FEACE78-C338-9AED-FF05-7DE7E273C774}) (Version: 2016.0916.1515.27418 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization ES (HKLM\...\{88BD74C4-23AB-4554-915C-6E1F0C81F6CD}) (Version: 2017.0922.1659.28737 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization ES (HKLM\...\{949F125B-A6CC-5A5E-EEE7-4AC50305C1FA}) (Version: 2017.0424.2119.36535 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization ES (HKLM\...\{A22CDEBA-6DB5-12CD-F6CE-6238C2D78363}) (Version: 2016.0624.1251.21301 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization FI (HKLM\...\{13BB60AA-88F7-4B1F-2DEC-D81EEDE8B3AA}) (Version: 2016.1121.1657.30480 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization FI (HKLM\...\{20D46801-147B-30AD-7C5A-AC4560A79096}) (Version: 2017.0424.2119.36535 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization FI (HKLM\...\{A3795528-F572-6314-C4E3-EE9DAF0FBF02}) (Version: 2016.0916.1515.27418 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization FI (HKLM\...\{A48E2AB0-0866-7783-9657-E1709EB18D02}) (Version: 2017.0922.1659.28737 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization FI (HKLM\...\{AC85CF50-9A55-0103-ADBF-365C37603AA4}) (Version: 2015.1129.2307.41591 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization FI (HKLM\...\{C0BFC67D-E447-02C8-6046-C078DFE9EC97}) (Version: 2016.0624.1251.21301 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization FR (HKLM\...\{22C39711-2747-D264-319A-1550BEEAAEC6}) (Version: 2017.0424.2119.36535 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization FR (HKLM\...\{37AA6227-FF2C-95AC-87C0-45DCC0BB87DA}) (Version: 2016.1121.1657.30480 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization FR (HKLM\...\{4853A56D-7931-A08B-5BA7-8E2D61043DF9}) (Version: 2016.0916.1515.27418 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization FR (HKLM\...\{94C72EBE-2908-F0AC-62DA-D61951830F8F}) (Version: 2016.0624.1251.21301 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization FR (HKLM\...\{B349892D-B015-033C-4CA8-3635E6B655D7}) (Version: 2015.1129.2307.41591 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization FR (HKLM\...\{E61CEF9A-BAC3-EAEE-F735-E257D2354DF2}) (Version: 2017.0922.1659.28737 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization HU (HKLM\...\{1DBACFDB-5E43-7882-36BD-53526D34BD22}) (Version: 2017.0424.2119.36535 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization HU (HKLM\...\{5B987681-3652-492B-6A11-E02AC0FE5959}) (Version: 2016.0624.1251.21301 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization HU (HKLM\...\{B28CF677-E2C8-12CA-52BB-19B6F066D36A}) (Version: 2016.0916.1515.27418 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization HU (HKLM\...\{BE8D6AB1-3049-2F0C-67FA-00C0A5D321A3}) (Version: 2015.1129.2307.41591 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization HU (HKLM\...\{DA0326BB-657D-AAFC-752C-363E8FA33755}) (Version: 2017.0922.1659.28737 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization HU (HKLM\...\{EB328356-1DF0-1CCE-3607-6361DD329219}) (Version: 2016.1121.1657.30480 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization IT (HKLM\...\{26567561-DFB2-2B63-9BA8-6A490ED37016}) (Version: 2015.1129.2307.41591 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization IT (HKLM\...\{43F6D22B-E0E9-EE90-9B62-1C5FC5D15A55}) (Version: 2016.0916.1515.27418 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization IT (HKLM\...\{86BFE5B4-1FCE-3C02-6373-92B1AE6431E8}) (Version: 2016.0624.1251.21301 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization IT (HKLM\...\{87E6EC29-AEC5-28CB-F773-93EB6C1B8A2B}) (Version: 2016.1121.1657.30480 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization IT (HKLM\...\{A91FC4BF-C1EC-ADCA-79D1-F4F0671F1D60}) (Version: 2017.0424.2119.36535 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization IT (HKLM\...\{B873A1FB-5EA0-EE5F-A861-1E38880AD08E}) (Version: 2017.0922.1659.28737 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization JA (HKLM\...\{0742432E-42D9-2240-4CA1-8595CCCBAA77}) (Version: 2016.0624.1251.21301 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization JA (HKLM\...\{0809FEC1-EF86-51E9-8210-DC1B1BDB6745}) (Version: 2015.1129.2307.41591 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization JA (HKLM\...\{CA55697D-BD74-3ED8-6B21-D7EDAD3B7D02}) (Version: 2016.1121.1657.30480 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization JA (HKLM\...\{D4490E0F-8E7B-1097-B56A-7643C75F1C28}) (Version: 2016.0916.1515.27418 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization JA (HKLM\...\{EC9DF9FF-9D75-4CDD-1D58-A2E887B0A42E}) (Version: 2017.0922.1659.28737 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization JA (HKLM\...\{ED75A775-03A7-F214-868D-497748707968}) (Version: 2017.0424.2119.36535 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization KO (HKLM\...\{07BFBD5C-2F63-6828-1B61-B41A44113F3B}) (Version: 2017.0424.2119.36535 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization KO (HKLM\...\{5FD706FF-6AD8-E372-A35A-879409982655}) (Version: 2015.1129.2307.41591 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization KO (HKLM\...\{7ABACA7E-6E59-0EF9-8FA3-6B32E5F58127}) (Version: 2017.0922.1659.28737 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization KO (HKLM\...\{CFC860C8-4F51-E08C-A74C-2E444ED06160}) (Version: 2016.1121.1657.30480 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization KO (HKLM\...\{DAB44116-0266-C65B-B643-AC11217C3041}) (Version: 2016.0916.1515.27418 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization KO (HKLM\...\{EAEAA839-44F4-22DF-D1CC-88C3B2A3D4B1}) (Version: 2016.0624.1251.21301 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization NL (HKLM\...\{3AF70346-52C7-0334-606F-118D1C1CB7A2}) (Version: 2016.0916.1515.27418 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization NL (HKLM\...\{3E196AAF-F81C-B384-E2AB-28EE2398FE5F}) (Version: 2017.0922.1659.28737 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization NL (HKLM\...\{9338D693-38B7-1ED4-9B42-BFA1D5600CCB}) (Version: 2016.1121.1657.30480 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization NL (HKLM\...\{A3973655-E448-4A1B-477C-988A79D132D9}) (Version: 2016.0624.1251.21301 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization NL (HKLM\...\{A4E7CA0C-84EB-5E29-2F04-06C4E4790C2F}) (Version: 2015.1129.2307.41591 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization NL (HKLM\...\{E6038D3E-5D87-8DF7-6D05-BE7532C3E73E}) (Version: 2017.0424.2119.36535 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization NO (HKLM\...\{53AE8AC7-5213-67AF-0DC0-CED696B77643}) (Version: 2016.0916.1515.27418 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization NO (HKLM\...\{59D2664C-949B-7FA7-9880-ECB993B6616A}) (Version: 2015.1129.2307.41591 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization NO (HKLM\...\{6DC92550-D065-4B36-C4D3-D8D7A702A7A7}) (Version: 2016.0624.1251.21301 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization NO (HKLM\...\{C971C145-258D-6650-7088-13DDB161327A}) (Version: 2016.1121.1657.30480 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization NO (HKLM\...\{DAEFFE0C-CD05-1355-6AFC-7B3D4106A820}) (Version: 2017.0922.1659.28737 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization NO (HKLM\...\{DFAD9DAC-4768-C8BB-4E0E-5239605A9BEA}) (Version: 2017.0424.2119.36535 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization PL (HKLM\...\{970A40CA-46AB-986C-1798-976ED0EA00FA}) (Version: 2015.1129.2307.41591 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization PL (HKLM\...\{B2A83706-3F14-1532-20CD-B4EE715A8945}) (Version: 2016.0624.1251.21301 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization PL (HKLM\...\{DC9DFCBF-87DA-892C-6151-99CC9EF46E3E}) (Version: 2016.0916.1515.27418 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization PL (HKLM\...\{E392A425-53A7-DF90-96A0-E287A75DD3B2}) (Version: 2017.0922.1659.28737 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization PL (HKLM\...\{EBA09DAF-14B4-7BE7-676E-6E2FB21EDBDD}) (Version: 2016.1121.1657.30480 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization PL (HKLM\...\{FFBFBD1F-B160-A119-7C43-8584FA2E5665}) (Version: 2017.0424.2119.36535 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization RU (HKLM\...\{44ED2CDA-4197-E9E9-B328-26E1FB749116}) (Version: 2016.0624.1251.21301 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization RU (HKLM\...\{4707CBFC-8ED4-463E-0FF9-DE86F4A743E9}) (Version: 2015.1129.2307.41591 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization RU (HKLM\...\{4D1D5407-9B69-6422-629C-8518A26004A4}) (Version: 2017.0424.2119.36535 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization RU (HKLM\...\{9AA4DD93-94BF-22EA-C9D2-7084F304A31B}) (Version: 2016.1121.1657.30480 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization RU (HKLM\...\{C1EFF2A2-DF4A-F6D1-B99C-1ED194AE9E78}) (Version: 2016.0916.1515.27418 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization RU (HKLM\...\{D6F47BB4-700A-F612-0671-5F69EA311BB7}) (Version: 2017.0922.1659.28737 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization SV (HKLM\...\{01FD9A26-3F61-9236-B360-BE5D043D82C0}) (Version: 2017.0922.1659.28737 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization SV (HKLM\...\{3450566C-4561-0EE8-B1AB-D5C79CCE8D2C}) (Version: 2016.0624.1251.21301 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization SV (HKLM\...\{379D900B-A785-6DB0-012E-434356A365B3}) (Version: 2016.1121.1657.30480 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization SV (HKLM\...\{46EB68BE-8AAC-8C2B-7284-8DEDE6B5CD2A}) (Version: 2016.0916.1515.27418 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization SV (HKLM\...\{A8379BAB-59A9-C0A3-8BCC-4852EA403692}) (Version: 2017.0424.2119.36535 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization SV (HKLM\...\{C14A3A5B-8A86-C239-37D7-158211778C54}) (Version: 2015.1129.2307.41591 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization TH (HKLM\...\{24DF617A-CD23-6E6A-126B-23630D2781CE}) (Version: 2017.0424.2119.36535 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization TH (HKLM\...\{366C4FB5-CF6E-258B-418D-E6D29549A278}) (Version: 2016.1121.1657.30480 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization TH (HKLM\...\{64D4CCC3-63DF-252D-D29D-03491670225D}) (Version: 2017.0922.1659.28737 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization TH (HKLM\...\{7A6E431B-CF43-EC3E-FD7E-0A0AAB1B25FC}) (Version: 2016.0916.1515.27418 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization TH (HKLM\...\{A50C89BC-8D8E-8828-824A-7171F6D583D5}) (Version: 2015.1129.2307.41591 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization TH (HKLM\...\{FCE8438C-3272-D63F-479F-670F082B294B}) (Version: 2016.0624.1251.21301 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization TR (HKLM\...\{0B5633F0-C415-2F08-671E-4C9E2FAACD45}) (Version: 2015.1129.2307.41591 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization TR (HKLM\...\{25D1751E-7CA2-5F6D-0125-0A16E47AF9FE}) (Version: 2016.0624.1251.21301 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization TR (HKLM\...\{83DDDFD8-AD42-72F9-E4F1-5456FDB304C9}) (Version: 2017.0424.2119.36535 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization TR (HKLM\...\{89A1F076-19B8-A2B1-D5A3-E8247EFAF157}) (Version: 2016.0916.1515.27418 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization TR (HKLM\...\{8DF90937-B869-9F76-5D45-5A8BDA0A33B6}) (Version: 2017.0922.1659.28737 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization TR (HKLM\...\{B10089DE-934F-6E0F-683A-B788F89348DF}) (Version: 2016.1121.1657.30480 - Advanced Micro Devices, Inc.) Hidden
Cisco EAP-FAST Module (HKLM-x32\...\{64BF0187-F3D2-498B-99EA-163AF9AE6EC9}) (Version: 2.2.14 - Cisco Systems, Inc.)
Cisco LEAP Module (HKLM-x32\...\{AF312B06-5C5C-468E-89B3-BE6DE2645722}) (Version: 1.0.19 - Cisco Systems, Inc.)
Cisco PEAP Module (HKLM-x32\...\{0A4EF0E6-A912-4CDE-A7F3-6E56E7C13A2F}) (Version: 1.1.6 - Cisco Systems, Inc.)
CyberLink PhotoDirector 3 (HKLM-x32\...\InstallShield_{39337565-330E-4ab6-A9AE-AC81E0720B10}) (Version: 3.0.1.4107 - CyberLink Corp.)
CyberLink PowerDirector 10 (HKLM\...\{B0B4F6D2-F2AE-451A-9496-6F2F6A897B32}) (Version: 10.0.0.2810 - CyberLink Corp.) Hidden
CyberLink PowerDirector 10 (HKLM-x32\...\InstallShield_{B0B4F6D2-F2AE-451A-9496-6F2F6A897B32}) (Version: 10.0.0.2810 - CyberLink Corp.)
Dependency Package Update (HKLM-x32\...\{3117B53D-A409-4D99-A0DE-11A1A40696FA}) (Version: 1.6.32.00 - Lenovo Group Limited) Hidden
Dependency Package Update (HKLM-x32\...\{4430150F-61B3-4142-BE04-EAC68C8DDA18}) (Version: 1.6.32.00 - Lenovo Group Limited) Hidden
Dependency Package Update (HKLM-x32\...\{4AF6C9BC-D8DB-4286-94D9-474CE54ADAA2}) (Version: 1.6.32.00 - Lenovo Group Limited) Hidden
Dependency Package Update (HKLM-x32\...\{503B47A9-E34A-4841-ADD7-417191D5DB5E}) (Version: 1.6.32.00 - Lenovo Group Limited) Hidden
Dependency Package Update (HKLM-x32\...\{546FF45D-2467-4950-AAFB-0A06ACBB6B2C}) (Version: 1.6.32.00 - Lenovo Group Limited) Hidden
Dependency Package Update (HKLM-x32\...\{5B2190E9-199D-450A-94B3-4D6826C770C2}) (Version: 1.6.32.00 - Lenovo Group Limited) Hidden
Dependency Package Update (HKLM-x32\...\{5BEFE1E1-F597-4B79-913B-15FFDB25B744}) (Version: 1.6.32.00 - Lenovo Group Limited) Hidden
Dependency Package Update (HKLM-x32\...\{63DE35C9-B080-4D03-B110-99E14FD35BCE}) (Version: 1.6.32.00 - Lenovo Group Limited) Hidden
Dependency Package Update (HKLM-x32\...\{65316098-0220-4D5C-B37A-6136083A0897}) (Version: 1.6.32.00 - Lenovo Group Limited) Hidden
Dependency Package Update (HKLM-x32\...\{E966DBE4-5075-465E-BA81-BC9A3A3204B3}) (Version: 1.6.32.00 - Lenovo Group Limited) Hidden
Dr SpeedTouch (HKLM-x32\...\{CE6D39E2-D4CB-4C49-ABD9-8724B095D1EF}) (Version:  - )
Driver & Application Installation (HKLM-x32\...\{BFECCF2A-F094-4066-8BFA-29CCBB7F6602}) (Version: 6.13.0621 - Lenovo)
Dropbox (HKU\S-1-5-21-3106986344-3918020473-2541437126-1002\...\Dropbox) (Version: 96.4.172 - Dropbox, Inc.)
E-Prime 1.2 (1.2.1.849) (HKLM-x32\...\{D74D1E6E-AAA4-4A28-AA54-CF84B4F3F72F}) (Version: E-Prime 1.2 (1.2.1.849) - Psychology Software Tools)
EPSON Manuals (HKLM-x32\...\{84CECC1B-21EF-41B1-9A91-3E724E5D99D3}) (Version: 1.56.1.0 - Seiko Epson Corporation)
Epson Scan 2 (HKLM-x32\...\Epson Scan 2) (Version:  - Seiko Epson Corporation)
EPSON Scan OCR Component (HKLM-x32\...\{563B99D8-8895-4E3E-AE8D-15BE8C05F1C1}) (Version: 3.00.04 - SEIKO EPSON Corp.)
Epson Software Updater (HKLM-x32\...\{FD036A57-F81D-4865-AAF0-811558EA76AE}) (Version: 4.5.1 - Seiko Epson Corporation)
EPSON XP-442 445 Series Printer Uninstall (HKLM\...\EPSON XP-442 445 Series) (Version:  - Seiko Epson Corporation)
EpsonNet Print (HKLM\...\{96ED1D58-440C-4345-8FEE-C4781366C67F}) (Version: 3.1.4.0 - SEIKO EPSON Corporation)
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 81.0.4044.138 - Google LLC)
Google Update Helper (HKLM-x32\...\{60EC980A-BDA2-4CB6-A427-B07A5498B4CA}) (Version: 1.3.35.451 - Google LLC) Hidden
Google Update Helper (HKLM-x32\...\{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}) (Version: 1.3.25.11 - Google Inc.) Hidden
HiSuite (HKLM-x32\...\Hi Suite) (Version: 10.0.1.100 - )
HP Dropbox Plugin (HKLM-x32\...\{D12BC084-97D6-438A-AA7C-5962608D17A0}) (Version: 36.0.41.58587 - HP)
HP ENVY 5540 series Basic Device Software (HKLM\...\{7F9C00D2-32F6-4844-AC17-290D5F06F186}) (Version: 40.11.1119.1786 - HP Inc.)
HP ENVY 5540 series Help (HKLM-x32\...\{3B1BE080-D477-4B94-AAE4-8B0BEC5D0CE3}) (Version: 35.0.0 - Hewlett Packard)
HP Google Drive Plugin (HKLM-x32\...\{BFA42100-DB54-467A-BB87-CF70732B4065}) (Version: 36.0.41.58587 - HP)
HP Support Assistant (HKLM-x32\...\{05F81C27-62A5-4A0C-8519-60CB66CF87C6}) (Version: 8.8.24.33 - HP Inc.)
HP Support Solutions Framework (HKLM-x32\...\{183BD477-774B-4700-B40B-EE43886E74D2}) (Version: 12.15.14.3 - HP Inc.)
HP Touchpoint Analytics Client (HKLM\...\{E5FB98E0-0784-44F0-8CEC-95CD4690C43F}) (Version: 4.0.2.1439 - HP Inc.)
IBM SPSS Statistics 20 (HKLM-x32\...\{2AF8017B-E503-408F-AACE-8A335452CAD2}) (Version: 20.0.0.0 - IBM Corp)
iTunes (HKLM\...\{429A2000-B4CC-4EE5-8820-CE2F89B98FEE}) (Version: 12.10.6.2 - Apple Inc.)
Java 7 Update 71 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F03217071FF}) (Version: 7.0.710 - Oracle)
Lenovo App Shop (HKLM-x32\...\Lenovo App Shop 45246) (Version: 3.10.0.45246.24 - Lenovo)
Lenovo Assistant (HKLM-x32\...\{B2DE4F30-B8C7-49C0-85B9-2F37A5290F00}) (Version: 2.0.0.29 - Lenovo)
Lenovo Blacksilk USB Keyboard Driver (HKLM-x32\...\{B266E062-D6C5-485B-B426-51B152B041A6}) (Version: V1.6.13.0724 - Lenovo)
Lenovo Power2Go (HKLM-x32\...\{40BF1E83-20EB-11D8-97C5-0009C5020658}) (Version: 6.0.7408 - CyberLink Corp.) Hidden
Lenovo Power2Go (HKLM-x32\...\InstallShield_{40BF1E83-20EB-11D8-97C5-0009C5020658}) (Version: 6.0.7408 - CyberLink Corp.)
Lenovo PowerDVD10 (HKLM-x32\...\{DEC235ED-58A4-4517-A278-C41E8DAEAB3B}) (Version: 10.0.5108.52 - CyberLink Corp.) Hidden
Lenovo PowerDVD10 (HKLM-x32\...\InstallShield_{DEC235ED-58A4-4517-A278-C41E8DAEAB3B}) (Version: 10.0.5108.52 - CyberLink Corp.)
Lenovo Rescue System (HKLM\...\{46F4D124-20E5-4D12-BE52-EC177A7A4B42}) (Version: 4.0.0.1901 - CyberLink Corp.) Hidden
Lenovo Rescue System (HKLM-x32\...\InstallShield_{46F4D124-20E5-4D12-BE52-EC177A7A4B42}) (Version: 4.0.0.1901 - CyberLink Corp.)
Lenovo Solution Center (HKLM\...\{AFDE512F-7BCD-46B6-91C0-230812139EEF}) (Version: 3.4.002.006 - Lenovo)
LVT (HKLM-x32\...\{9E3469A6-443A-452C-BF44-8D7CE3A9A7E2}) (Version: 5.00.0914 - Lenovo)
Malwarebytes version 4.1.0.56 (HKLM\...\{35065F43-4BB2-439A-BFF7-0F1014F2E0CD}_is1) (Version: 4.1.0.56 - Malwarebytes)
Maxthon Cloud Browser (HKLM-x32\...\Maxthon3) (Version: 4.1.2.4000 - Maxthon International Limited)
Microsoft Office Home and Student 2013 - en-us (HKLM\...\HomeStudentRetail - en-us) (Version: 15.0.5215.1000 - Microsoft Corporation)
Microsoft OneDrive (HKU\S-1-5-21-3106986344-3918020473-2541437126-1002\...\OneDriveSetup.exe) (Version: 19.232.1124.0012 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{837b34e3-7c30-493c-8f6a-2b0f04e2912c}) (Version: 8.0.59193 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010  x64 Redistributable - 10.0.30319 (HKLM\...\{DA5E371C-6333-3D8A-93A4-6FD5B20BCC6E}) (Version: 10.0.30319 - Microsoft Corporation)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.50727 (HKLM-x32\...\{15134cb0-b767-4960-a911-f2d16ae54797}) (Version: 11.0.50727.1 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.50727 (HKLM-x32\...\{22154f09-719a-4619-bb71-5b3356999fbf}) (Version: 11.0.50727.1 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x64) - 12.0.30501 (HKLM-x32\...\{050d4fc8-5d48-4b8f-8972-47c82c46020f}) (Version: 12.0.30501.0 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.30501 (HKLM-x32\...\{f65db027-aff3-4070-886a-0d87064aabb1}) (Version: 12.0.30501.0 - Microsoft Corporation)
Microsoft Visual C++ 2017 Redistributable (x64) - 14.14.26429 (HKLM-x32\...\{80586c77-db42-44bb-bfc8-7aebbb220c00}) (Version: 14.14.26429.4 - Microsoft Corporation)
Microsoft Visual C++ 2017 Redistributable (x86) - 14.14.26429 (HKLM-x32\...\{2019b6a0-8533-4a04-ac0e-b2c10bdb9841}) (Version: 14.14.26429.4 - Microsoft Corporation)
Mozilla Firefox 76.0.1 (x64 en-GB) (HKLM\...\Mozilla Firefox 76.0.1 (x64 en-GB)) (Version: 76.0.1 - Mozilla)
Mozilla Maintenance Service (HKLM-x32\...\MozillaMaintenanceService) (Version: 76.0.1.7432 - Mozilla)
Nitro Pro 8 (HKLM\...\{392C767D-4EE2-49B5-A3B4-A4C3AB6DC145}) (Version: 8.5.7.1 - Nitro)
Office 15 Click-to-Run Extensibility Component (HKLM-x32\...\{90150000-008C-0000-0000-0000000FF1CE}) (Version: 15.0.5215.1000 - Microsoft Corporation) Hidden
Office 15 Click-to-Run Licensing Component (HKLM\...\{90150000-008F-0000-1000-0000000FF1CE}) (Version: 15.0.5215.1000 - Microsoft Corporation) Hidden
Office 15 Click-to-Run Localization Component (HKLM-x32\...\{90150000-008C-0409-0000-0000000FF1CE}) (Version: 15.0.5215.1000 - Microsoft Corporation) Hidden
OU SPSS data for DD303 (HKLM-x32\...\OU SPSS data for DD303) (Version:  - )
Rapport (HKLM-x32\...\{1DD81E7D-0D28-4CEB-87B2-C041A4FCB215}) (Version: 3.5.1950.120 - Trusteer) Hidden
Realtek Card Reader (HKLM-x32\...\{5BC2B5AB-80DE-4E83-B8CF-426902051D0A}) (Version: 6.2.9200.39048 - Realtek Semiconductor Corp.)
Realtek Ethernet Controller Driver (HKLM-x32\...\{8833FFB6-5B0C-4764-81AA-06DFEED9A476}) (Version: 8.18.621.2013 - Realtek)
Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.7535 - Realtek Semiconductor Corp.)
REALTEK Wireless LAN Driver (HKLM-x32\...\{9DAABC60-A5EF-41FF-B2B9-17329590CD5}) (Version: 1.00.0227 - REALTEK Semiconductor Corp.)
TnI CheckExplorer Project (HKLM\...\{EBFA3741-71F4-48C3-BEAE-B140AEDCC19B}) (Version: 1.0.0.0 - TPV-INVENTA TECHNOLOGY CO., LTD.) Hidden
TnI CheckExplorer Project (HKLM-x32\...\InstallShield_{EBFA3741-71F4-48C3-BEAE-B140AEDCC19B}) (Version: 1.0.0.0 - TPV-INVENTA TECHNOLOGY CO., LTD.)
Trusteer Endpoint Protection (HKLM-x32\...\Rapport_msi) (Version: 3.5.1950.120 - Trusteer)
Update for Windows 10 for x64-based Systems (KB4023057) (HKLM\...\{16AD6161-2E47-4BF1-AA77-0946EFE93E08}) (Version: 2.61.0.0 - Microsoft Corporation)
VLC media player (HKLM\...\VLC media player) (Version: 3.0.8 - VideoLAN)
Web Companion (HKLM-x32\...\{d977fa78-a092-40bd-92eb-777f181191f0}) (Version: 4.9.2146.4004 - Lavasoft)
WinRAR 5.70 (64-bit) (HKLM\...\WinRAR archiver) (Version: 5.70.0 - win.rar GmbH)
Zoom (HKU\S-1-5-21-3106986344-3918020473-2541437126-1002\...\ZoomUMX) (Version: 4.6 - Zoom Video Communications, Inc.)

Packages:
=========
FreeRide Games for Lenovo -> C:\Program Files\WindowsApps\Exent.FreeRideGamesforLenovo_1.0.0.0_x64__fq5x03g7fwkgm [2014-03-03] (Exent Technologies LTD) [MS Ad]
HP Smart -> C:\Program Files\WindowsApps\AD2F1837.HPPrinterControl_110.1.728.0_x64__v10z8vjag6ke6 [2020-04-14] (HP Inc.)
Lenovo Vantage -> C:\Program Files\WindowsApps\E046963F.LenovoCompanion_10.2003.10.0_x64__k1h2ywk1493x8 [2020-03-25] (LENOVO INC.)
Microsoft Advertising SDK for XAML -> C:\Program Files\WindowsApps\Microsoft.Advertising.Xaml_10.1811.1.0_x64__8wekyb3d8bbwe [2019-01-21] (Microsoft Corporation) [MS Ad]
Microsoft Advertising SDK for XAML -> C:\Program Files\WindowsApps\Microsoft.Advertising.Xaml_10.1811.1.0_x86__8wekyb3d8bbwe [2019-01-21] (Microsoft Corporation) [MS Ad]
Microsoft News -> C:\Program Files\WindowsApps\Microsoft.BingNews_4.36.20714.0_x64__8wekyb3d8bbwe [2020-03-25] (Microsoft Corporation) [MS Ad]
Microsoft Solitaire Collection -> C:\Program Files\WindowsApps\Microsoft.MicrosoftSolitaireCollection_4.7.5012.0_x64__8wekyb3d8bbwe [2020-05-02] (Microsoft Studios) [MS Ad]
MSN Money -> C:\Program Files\WindowsApps\Microsoft.BingFinance_4.36.20714.0_x64__8wekyb3d8bbwe [2020-03-25] (Microsoft Corporation) [MS Ad]
MSN Sport -> C:\Program Files\WindowsApps\Microsoft.BingSports_4.36.20714.0_x64__8wekyb3d8bbwe [2020-03-25] (Microsoft Corporation) [MS Ad]
MSN Travel -> C:\Program Files\WindowsApps\Microsoft.BingTravel_3.0.4.336_x64__8wekyb3d8bbwe [2015-07-14] (Microsoft Corporation) [MS Ad]
MSN Weather -> C:\Program Files\WindowsApps\Microsoft.BingWeather_4.36.20714.0_x64__8wekyb3d8bbwe [2020-03-25] (Microsoft Corporation) [MS Ad]
Photos Media Engine Add-on -> C:\Program Files\WindowsApps\Microsoft.Photos.MediaEngineDLC_1.0.0.0_x64__8wekyb3d8bbwe [2019-12-15] (Microsoft Corporation)
PowerDVD for Lenovo Idea -> C:\Program Files\WindowsApps\CyberLinkCorp.id.PowerDVDforLenovoIdea_1.1.2618.24808_x86__hgg5mn3xps74a [2014-03-06] (CYBERLINK COM CORPORATION)
Twitter -> C:\Program Files\WindowsApps\9E2F88E3.Twitter_6.1.4.1000_neutral__wgeqdkkx372wm [2018-09-09] (Twitter Inc.)
Xbox One SmartGlass -> C:\Program Files\WindowsApps\Microsoft.XboxOneSmartGlass_2.2.1702.2004_x64__8wekyb3d8bbwe [2019-04-30] (Microsoft Corporation)

==================== Custom CLSID (Whitelisted): ==============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

CustomCLSID: HKU\S-1-5-21-3106986344-3918020473-2541437126-1002_Classes\CLSID\{005A3A96-BAC4-4B0A-94EA-C0CE100EA736}\localserver32 -> C:\Users\Pauline\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc -> Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-3106986344-3918020473-2541437126-1002_Classes\CLSID\{9E506282-69D3-5ABA-9C1D-15994B37F4AC}\InprocServer32 -> C:\Program Files (x86)\Lenovo\LenovoAppShop\bin\npAppUp_x64.dll (Intel) [File not signed]
CustomCLSID: HKU\S-1-5-21-3106986344-3918020473-2541437126-1002_Classes\CLSID\{9E506282-69D3-5ABA-9C1D-15994B37F4AD}\InprocServer32 -> C:\Program Files (x86)\Lenovo\LenovoAppShop\bin\npAppUp_x64.dll (Intel) [File not signed]
CustomCLSID: HKU\S-1-5-21-3106986344-3918020473-2541437126-1002_Classes\CLSID\{E31EA727-12ED-4702-820C-4B6445F28E1A} -> [dropbox-NamespaceExtensionRole.Personal] => C:\Users\Pauline\Dropbox [2014-08-21 17:26]
CustomCLSID: HKU\S-1-5-21-3106986344-3918020473-2541437126-1002_Classes\CLSID\{E31EA727-12ED-4702-820C-4B6445F28E1B} -> [dropbox-NamespaceExtensionRole.Business] => 0
CustomCLSID: HKU\S-1-5-21-3106986344-3918020473-2541437126-1002_Classes\CLSID\{ECD97DE5-3C8F-4ACB-AEEE-CCAB78F7711C}\InprocServer32 -> C:\Users\Pauline\AppData\Roaming\Dropbox\bin\DropboxExt64.37.0.dll (Dropbox, Inc -> Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-3106986344-3918020473-2541437126-1002_Classes\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Pauline\AppData\Roaming\Dropbox\bin\DropboxExt64.37.0.dll (Dropbox, Inc -> Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-3106986344-3918020473-2541437126-1002_Classes\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Pauline\AppData\Roaming\Dropbox\bin\DropboxExt64.37.0.dll (Dropbox, Inc -> Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-3106986344-3918020473-2541437126-1002_Classes\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Pauline\AppData\Roaming\Dropbox\bin\DropboxExt64.37.0.dll (Dropbox, Inc -> Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-3106986344-3918020473-2541437126-1002_Classes\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Pauline\AppData\Roaming\Dropbox\bin\DropboxExt64.37.0.dll (Dropbox, Inc -> Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-3106986344-3918020473-2541437126-1002_Classes\CLSID\{FB314EDD-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Pauline\AppData\Roaming\Dropbox\bin\DropboxExt64.37.0.dll (Dropbox, Inc -> Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-3106986344-3918020473-2541437126-1002_Classes\CLSID\{FB314EDE-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Pauline\AppData\Roaming\Dropbox\bin\DropboxExt64.37.0.dll (Dropbox, Inc -> Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-3106986344-3918020473-2541437126-1002_Classes\CLSID\{FB314EDF-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Pauline\AppData\Roaming\Dropbox\bin\DropboxExt64.37.0.dll (Dropbox, Inc -> Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-3106986344-3918020473-2541437126-1002_Classes\CLSID\{FB314EE0-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Pauline\AppData\Roaming\Dropbox\bin\DropboxExt64.37.0.dll (Dropbox, Inc -> Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-3106986344-3918020473-2541437126-1002_Classes\CLSID\{FB314EE1-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Pauline\AppData\Roaming\Dropbox\bin\DropboxExt64.37.0.dll (Dropbox, Inc -> Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-3106986344-3918020473-2541437126-1002_Classes\CLSID\{FB314EE2-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Pauline\AppData\Roaming\Dropbox\bin\DropboxExt64.37.0.dll (Dropbox, Inc -> Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-3106986344-3918020473-2541437126-1002_Classes\CLSID\{FBC9D74C-AF55-4309-9FB2-C426E071637F}\InprocServer32 -> C:\Users\Pauline\AppData\Roaming\Dropbox\bin\DropboxExt64.37.0.dll (Dropbox, Inc -> Dropbox, Inc.)
ShellIconOverlayIdentifiers: ["DropboxExt1"] -> {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Pauline\AppData\Roaming\Dropbox\bin\DropboxExt64.37.0.dll [2020-04-01] (Dropbox, Inc -> Dropbox, Inc.)
ShellIconOverlayIdentifiers: ["DropboxExt2"] -> {FB314EDA-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Pauline\AppData\Roaming\Dropbox\bin\DropboxExt64.37.0.dll [2020-04-01] (Dropbox, Inc -> Dropbox, Inc.)
ShellIconOverlayIdentifiers: ["DropboxExt3"] -> {FB314EDD-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Pauline\AppData\Roaming\Dropbox\bin\DropboxExt64.37.0.dll [2020-04-01] (Dropbox, Inc -> Dropbox, Inc.)
ShellIconOverlayIdentifiers: ["DropboxExt4"] -> {FB314EDE-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Pauline\AppData\Roaming\Dropbox\bin\DropboxExt64.37.0.dll [2020-04-01] (Dropbox, Inc -> Dropbox, Inc.)
ShellIconOverlayIdentifiers: ["DropboxExt5"] -> {FB314EDB-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Pauline\AppData\Roaming\Dropbox\bin\DropboxExt64.37.0.dll [2020-04-01] (Dropbox, Inc -> Dropbox, Inc.)
ShellIconOverlayIdentifiers: ["DropboxExt6"] -> {FB314EDF-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Pauline\AppData\Roaming\Dropbox\bin\DropboxExt64.37.0.dll [2020-04-01] (Dropbox, Inc -> Dropbox, Inc.)
ShellIconOverlayIdentifiers: ["DropboxExt7"] -> {FB314EDC-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Pauline\AppData\Roaming\Dropbox\bin\DropboxExt64.37.0.dll [2020-04-01] (Dropbox, Inc -> Dropbox, Inc.)
ShellIconOverlayIdentifiers: ["DropboxExt8"] -> {FB314EE0-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Pauline\AppData\Roaming\Dropbox\bin\DropboxExt64.37.0.dll [2020-04-01] (Dropbox, Inc -> Dropbox, Inc.)
ShellIconOverlayIdentifiers: [00asw] -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Program Files\AVAST Software\Avast\ashShell.dll [2020-04-15] (Avast Software s.r.o. -> AVAST Software)
ShellIconOverlayIdentifiers: [00avast] -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Program Files\AVAST Software\Avast\ashShell.dll [2020-04-15] (Avast Software s.r.o. -> AVAST Software)
ContextMenuHandlers1: [avast] -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Program Files\AVAST Software\Avast\ashShell.dll [2020-04-15] (Avast Software s.r.o. -> AVAST Software)
ContextMenuHandlers1: [NP8ShellExtension] -> {9C4B85B8-956C-49BF-9BA5-101384E562B2} => C:\Program Files\Common Files\Nitro\Pro\8.0\NPShellExtension64.dll [2013-08-18] (Nitro PDF Software -> Nitro PDF)
ContextMenuHandlers1: [WinRAR] -> {B41DB860-64E4-11D2-9906-E49FADC173CA} => C:\Program Files\WinRAR\rarext.dll [2019-02-24] (win.rar GmbH -> Alexander Roshal)
ContextMenuHandlers1-x32: [WinRAR32] -> {B41DB860-8EE4-11D2-9906-E49FADC173CA} => C:\Program Files\WinRAR\rarext32.dll [2019-02-24] (win.rar GmbH -> Alexander Roshal)
ContextMenuHandlers3: [00asw] -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Program Files\AVAST Software\Avast\ashShell.dll [2020-04-15] (Avast Software s.r.o. -> AVAST Software)
ContextMenuHandlers3: [MBAMShlExt] -> {57CE581A-0CB6-4266-9CA0-19364C90A0B3} => C:\Program Files\Malwarebytes\Anti-Malware\mbshlext.dll [2020-05-11] (Malwarebytes Corporation -> Malwarebytes)
ContextMenuHandlers5: [ACE] -> {5E2121EE-0300-11D4-8D3B-444553540000} => C:\Program Files\AMD\CNext\CNext\atiacm64.dll [2019-08-16] (Advanced Micro Devices, Inc. -> Advanced Micro Devices, Inc.)
ContextMenuHandlers6: [avast] -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Program Files\AVAST Software\Avast\ashShell.dll [2020-04-15] (Avast Software s.r.o. -> AVAST Software)
ContextMenuHandlers6: [MBAMShlExt] -> {57CE581A-0CB6-4266-9CA0-19364C90A0B3} => C:\Program Files\Malwarebytes\Anti-Malware\mbshlext.dll [2020-05-11] (Malwarebytes Corporation -> Malwarebytes)
ContextMenuHandlers6: [WinRAR] -> {B41DB860-64E4-11D2-9906-E49FADC173CA} => C:\Program Files\WinRAR\rarext.dll [2019-02-24] (win.rar GmbH -> Alexander Roshal)
ContextMenuHandlers6-x32: [WinRAR32] -> {B41DB860-8EE4-11D2-9906-E49FADC173CA} => C:\Program Files\WinRAR\rarext32.dll [2019-02-24] (win.rar GmbH -> Alexander Roshal)
ContextMenuHandlers1_S-1-5-21-3106986344-3918020473-2541437126-1002: [DropboxExt] -> {ECD97DE5-3C8F-4ACB-AEEE-CCAB78F7711C} => C:\Users\Pauline\AppData\Roaming\Dropbox\bin\DropboxExt64.37.0.dll [2020-04-01] (Dropbox, Inc -> Dropbox, Inc.)
ContextMenuHandlers4_S-1-5-21-3106986344-3918020473-2541437126-1002: [DropboxExt] -> {ECD97DE5-3C8F-4ACB-AEEE-CCAB78F7711C} => C:\Users\Pauline\AppData\Roaming\Dropbox\bin\DropboxExt64.37.0.dll [2020-04-01] (Dropbox, Inc -> Dropbox, Inc.)
ContextMenuHandlers5_S-1-5-21-3106986344-3918020473-2541437126-1002: [DropboxExt] -> {ECD97DE5-3C8F-4ACB-AEEE-CCAB78F7711C} => C:\Users\Pauline\AppData\Roaming\Dropbox\bin\DropboxExt64.37.0.dll [2020-04-01] (Dropbox, Inc -> Dropbox, Inc.)

==================== Codecs (Whitelisted) ====================

==================== Shortcuts & WMI ========================

==================== Loaded Modules (Whitelisted) =============

2018-07-18 16:27 - 2018-07-18 16:27 - 000747520 _____ () [File not signed] C:\Program Files (x86)\Trusteer\Rapport\bin\js32.dll
2019-06-28 18:32 - 2019-06-28 18:32 - 000017920 _____ () [File not signed] C:\Program Files\AMD\CNext\CNext\libEGL.DLL
2019-06-28 18:32 - 2019-06-28 18:32 - 003598336 _____ () [File not signed] C:\Program Files\AMD\CNext\CNext\libGLESv2.dll
2013-11-28 02:43 - 2011-05-17 22:27 - 000028672 _____ () [File not signed] C:\Windows\jmesoft\hidhook.dll
2019-08-16 12:37 - 2019-08-16 12:37 - 000158208 _____ (Advanced Micro Devices, Inc.) [File not signed] C:\WINDOWS\SYSTEM32\amdihk64.dll
2013-11-28 03:11 - 2013-11-28 03:11 - 000348160 ____N (Microsoft Corporation) [File not signed] C:\Program Files (x86)\Lenovo\PowerDVD10\MSVCR71.dll
2020-05-06 09:32 - 2020-04-05 18:36 - 001343488 _____ (Robert Simpson, et al.) [File not signed] C:\ProgramData\Lenovo\iMController\Plugins\GenericMessagingPlugin\x86\SQLite.Interop.dll
2016-09-14 15:31 - 2016-09-14 15:31 - 000500736 _____ (SEIKO EPSON CORPORATION) [File not signed] C:\WINDOWS\System32\enppmon.dll
2019-06-28 18:32 - 2019-06-28 18:32 - 000031744 _____ (The Qt Company Ltd.) [File not signed] C:\Program Files\AMD\CNext\CNext\imageformats\qgif.dll
2019-06-28 18:32 - 2019-06-28 18:32 - 000040960 _____ (The Qt Company Ltd.) [File not signed] C:\Program Files\AMD\CNext\CNext\imageformats\qicns.dll
2019-06-28 18:32 - 2019-06-28 18:32 - 000031744 _____ (The Qt Company Ltd.) [File not signed] C:\Program Files\AMD\CNext\CNext\imageformats\qico.dll
2019-06-28 18:32 - 2019-06-28 18:32 - 000414208 _____ (The Qt Company Ltd.) [File not signed] C:\Program Files\AMD\CNext\CNext\imageformats\qjpeg.dll
2019-06-28 18:32 - 2019-06-28 18:32 - 000025088 _____ (The Qt Company Ltd.) [File not signed] C:\Program Files\AMD\CNext\CNext\imageformats\qsvg.dll
2019-06-28 18:32 - 2019-06-28 18:32 - 000025088 _____ (The Qt Company Ltd.) [File not signed] C:\Program Files\AMD\CNext\CNext\imageformats\qtga.dll
2019-06-28 18:32 - 2019-06-28 18:32 - 000023552 _____ (The Qt Company Ltd.) [File not signed] C:\Program Files\AMD\CNext\CNext\imageformats\qwbmp.dll
2019-06-28 18:32 - 2019-06-28 18:32 - 000516608 _____ (The Qt Company Ltd.) [File not signed] C:\Program Files\AMD\CNext\CNext\imageformats\qwebp.dll
2019-06-28 18:32 - 2019-06-28 18:32 - 001441280 _____ (The Qt Company Ltd.) [File not signed] C:\Program Files\AMD\CNext\CNext\platforms\qwindows.dll
2019-08-16 12:49 - 2019-08-16 12:49 - 005999104 _____ (The Qt Company Ltd.) [File not signed] C:\Program Files\AMD\CNext\CNext\Qt5Core.dll
2019-06-28 18:32 - 2019-06-28 18:32 - 006413824 _____ (The Qt Company Ltd.) [File not signed] C:\Program Files\AMD\CNext\CNext\Qt5Gui.dll
2019-06-28 18:32 - 2019-06-28 18:32 - 001141760 _____ (The Qt Company Ltd.) [File not signed] C:\Program Files\AMD\CNext\CNext\Qt5Network.dll
2019-06-28 18:32 - 2019-06-28 18:32 - 000339968 _____ (The Qt Company Ltd.) [File not signed] C:\Program Files\AMD\CNext\CNext\Qt5Positioning.dll
2019-06-28 18:32 - 2019-06-28 18:32 - 004143104 _____ (The Qt Company Ltd.) [File not signed] C:\Program Files\AMD\CNext\CNext\Qt5Qml.dll
2019-06-28 18:32 - 2019-06-28 18:32 - 003840000 _____ (The Qt Company Ltd.) [File not signed] C:\Program Files\AMD\CNext\CNext\Qt5Quick.dll
2019-06-28 18:32 - 2019-06-28 18:32 - 000332800 _____ (The Qt Company Ltd.) [File not signed] C:\Program Files\AMD\CNext\CNext\Qt5Svg.dll
2019-06-28 18:32 - 2019-06-28 18:32 - 000113152 _____ (The Qt Company Ltd.) [File not signed] C:\Program Files\AMD\CNext\CNext\Qt5WebChannel.dll
2019-06-28 18:32 - 2019-06-28 18:32 - 000349184 _____ (The Qt Company Ltd.) [File not signed] C:\Program Files\AMD\CNext\CNext\Qt5WebEngine.dll
2019-06-28 18:32 - 2019-06-28 18:32 - 080959488 _____ (The Qt Company Ltd.) [File not signed] C:\Program Files\AMD\CNext\CNext\Qt5WebEngineCore.dll
2019-06-28 18:32 - 2019-06-28 18:32 - 005622272 _____ (The Qt Company Ltd.) [File not signed] C:\Program Files\AMD\CNext\CNext\Qt5Widgets.dll
2019-06-28 18:32 - 2019-06-28 18:32 - 000463360 _____ (The Qt Company Ltd.) [File not signed] C:\Program Files\AMD\CNext\CNext\Qt5WinExtras.dll
2019-06-28 18:32 - 2019-06-28 18:32 - 000190464 _____ (The Qt Company Ltd.) [File not signed] C:\Program Files\AMD\CNext\CNext\Qt5Xml.dll
2019-06-28 18:32 - 2019-06-28 18:32 - 002825216 _____ (The Qt Company Ltd.) [File not signed] C:\Program Files\AMD\CNext\CNext\Qt5XmlPatterns.dll
2019-06-28 18:33 - 2019-06-28 18:33 - 000053760 _____ (The Qt Company Ltd.) [File not signed] C:\Program Files\AMD\CNext\CNext\QtGraphicalEffects\private\qtgraphicaleffectsprivate.dll
2019-06-28 18:33 - 2019-06-28 18:33 - 000059392 _____ (The Qt Company Ltd.) [File not signed] C:\Program Files\AMD\CNext\CNext\QtGraphicalEffects\qtgraphicaleffectsplugin.dll
2019-06-28 18:33 - 2019-06-28 18:33 - 000017408 _____ (The Qt Company Ltd.) [File not signed] C:\Program Files\AMD\CNext\CNext\QtQuick.2\qtquick2plugin.dll
2019-06-28 18:33 - 2019-06-28 18:33 - 000330752 _____ (The Qt Company Ltd.) [File not signed] C:\Program Files\AMD\CNext\CNext\QtQuick\Controls\qtquickcontrolsplugin.dll
2019-06-28 18:33 - 2019-06-28 18:33 - 000137216 _____ (The Qt Company Ltd.) [File not signed] C:\Program Files\AMD\CNext\CNext\QtQuick\Dialogs\dialogplugin.dll
2019-06-28 18:33 - 2019-06-28 18:33 - 000090112 _____ (The Qt Company Ltd.) [File not signed] C:\Program Files\AMD\CNext\CNext\QtQuick\Layouts\qquicklayoutsplugin.dll
2019-06-28 18:33 - 2019-06-28 18:33 - 000017920 _____ (The Qt Company Ltd.) [File not signed] C:\Program Files\AMD\CNext\CNext\QtQuick\Window.2\windowplugin.dll
2019-06-28 18:33 - 2019-06-28 18:33 - 000136192 _____ (The Qt Company Ltd.) [File not signed] C:\Program Files\AMD\CNext\CNext\styles\qwindowsvistastyle.dll

==================== Alternate Data Streams (Whitelisted) ========

==================== Safe Mode (Whitelisted) ==================

(If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)

HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MBAMService => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\MBAMService => ""="Service"

==================== Association (Whitelisted) =================

==================== Internet Explorer trusted/restricted ==========

(If an entry is included in the fixlist, it will be removed from the registry.)

IE trusted site: HKU\.DEFAULT\...\localhost -> localhost
IE trusted site: HKU\.DEFAULT\...\webcompanion.com -> hxxp://webcompanion.com
IE trusted site: HKU\S-1-5-21-3106986344-3918020473-2541437126-1002\...\localhost -> localhost
IE trusted site: HKU\S-1-5-21-3106986344-3918020473-2541437126-1002\...\webcompanion.com -> hxxp://webcompanion.com

==================== Hosts content: =========================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2013-08-22 14:25 - 2019-01-04 09:12 - 000000828 _____ C:\WINDOWS\system32\drivers\etc\hosts

==================== Other Areas ===========================

(Currently there is no automatic fix for this section.)

HKU\S-1-5-21-3106986344-3918020473-2541437126-1002\Control Panel\Desktop\\Wallpaper -> C:\windows\Web\Wallpaper\Lenovo\LenovoWallPaper.jpg
DNS Servers: 192.168.0.1
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1)
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer => (SmartScreenEnabled: RequireAdmin)
Windows Firewall is enabled.

==================== MSCONFIG/TASK MANAGER disabled items ==

(If an entry is included in the fixlist, it will be removed.)

HKLM\...\StartupApproved\StartupFolder: => "FamilySafetyGuide.lnk"
HKLM\...\StartupApproved\Run32: => "SunJavaUpdateSched"

==================== FirewallRules (Whitelisted) ================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

FirewallRules: [{3828428C-5F69-48D0-BD9D-A12AB94626C1}] => (Allow) C:\Users\Pauline\AppData\Roaming\uTorrent\uTorrent.exe (BitTorrent Inc -> BitTorrent Inc.)
FirewallRules: [{A954C457-6240-4CE7-B174-5CD18722A759}] => (Allow) C:\Users\Pauline\AppData\Roaming\uTorrent\uTorrent.exe (BitTorrent Inc -> BitTorrent Inc.)
FirewallRules: [{A802CB58-8A5C-4AD5-A6B3-90A06DC86336}] => (Allow) C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc. -> Apple Inc.)
FirewallRules: [{49C1769A-FBD7-4C05-81AC-4FADDA756553}] => (Allow) C:\Users\Pauline\AppData\Local\Temp\EpInsNav\DL\3013\Network\EpsonNetSetup\Data\ENEasyApp.exe => No File
FirewallRules: [{64CBD3F0-45E2-43ED-A824-9CB74B3268C3}] => (Allow) C:\Users\Pauline\AppData\Local\Temp\EpInsNav\DL\3013\Network\EpsonNetSetup\Data\ENEasyApp.exe => No File
FirewallRules: [{3E07AD9B-860C-494E-A604-3FD23FCE3790}] => (Allow) C:\Program Files\AVAST Software\Avast\ng\vbox\aswFe.exe => No File
FirewallRules: [{19442169-ADB0-4E5B-8B40-ADE5F3419811}] => (Allow) C:\Program Files\AVAST Software\Avast\ng\vbox\aswFe.exe => No File
FirewallRules: [{CFC66B4D-9678-47A0-AC63-B49B9AA589EA}] => (Allow) C:\Users\Pauline\AppData\Local\Temp\7zS356D\HPDiagnosticCoreUI.exe => No File
FirewallRules: [{879BB6B9-4B42-470F-9771-181A9169F60C}] => (Allow) C:\Users\Pauline\AppData\Local\Temp\7zS356D\HPDiagnosticCoreUI.exe => No File
FirewallRules: [{573D3238-9EF2-4D83-8F71-411C748215D7}] => (Allow) C:\Users\Pauline\AppData\Local\Temp\7zS2BDB\HPDiagnosticCoreUI.exe => No File
FirewallRules: [{6927EB13-6672-4BC6-A19F-96169A147774}] => (Allow) C:\Users\Pauline\AppData\Local\Temp\7zS2BDB\HPDiagnosticCoreUI.exe => No File
FirewallRules: [UDP Query User{75189070-1BFE-4955-AC8C-159F01A47EE7}C:\users\pauline\appdata\roaming\dropbox\bin\dropbox.exe] => (Block) C:\users\pauline\appdata\roaming\dropbox\bin\dropbox.exe (Dropbox, Inc -> Dropbox, Inc.)
FirewallRules: [TCP Query User{9D640CEA-C075-450C-AC63-70E11A45C0CB}C:\users\pauline\appdata\roaming\dropbox\bin\dropbox.exe] => (Block) C:\users\pauline\appdata\roaming\dropbox\bin\dropbox.exe (Dropbox, Inc -> Dropbox, Inc.)
FirewallRules: [{18B09901-E5BD-4834-81D9-DA2AAB0641CA}] => (Allow) C:\Users\Pauline\AppData\Local\Temp\7zS7262\HP.EasyStart.exe => No File
FirewallRules: [{29A4985A-A7EE-4537-9B50-138474CA7B85}] => (Allow) C:\Users\Pauline\AppData\Local\Temp\7zS3A00\HP.EasyStart.exe => No File
FirewallRules: [{5D695CAC-8258-474D-A5D4-6C27C740C073}] => (Allow) C:\Users\Pauline\AppData\Local\Temp\7zS2433\HP.EasyStart.exe => No File
FirewallRules: [{B096545E-7D4C-4DF3-A1F3-53763FC9B5AC}] => (Allow) C:\Program Files\AVAST Software\Avast\ng\vbox\aswFe.exe => No File
FirewallRules: [{EE212A33-A6BD-433A-AFD0-75A85B9F106A}] => (Allow) C:\Program Files\AVAST Software\Avast\ng\vbox\aswFe.exe => No File
FirewallRules: [UDP Query User{CDA55194-8A17-4F63-9AFF-D91732DDF55A}C:\program files (x86)\spss\jre\bin\javaw.exe] => (Allow) C:\program files (x86)\spss\jre\bin\javaw.exe
FirewallRules: [TCP Query User{CD5686A2-D602-47E9-BD0E-1453C0C9D915}C:\program files (x86)\spss\jre\bin\javaw.exe] => (Allow) C:\program files (x86)\spss\jre\bin\javaw.exe
FirewallRules: [{79997ACB-9215-45AD-AF27-16ACA6F0DEC5}] => (Allow) C:\Program Files (x86)\SPSS\stats.com (International Business Machines Corporation -> IBM Corp.) [File not signed]
FirewallRules: [{0D8BF589-28DA-4DDC-B48F-7B14B821BFA5}] => (Allow) C:\Program Files (x86)\SPSS\WinWrapIDE.exe (International Business Machines Corporation -> IBM Corp.) [File not signed]
FirewallRules: [{A37EE120-0829-48B9-A39C-9B96B9C80EBC}] => (Allow) C:\Program Files (x86)\SPSS\stats.exe (International Business Machines Corporation -> IBM Corp.) [File not signed]
FirewallRules: [{2F3B8F77-CD3B-424E-95C8-2AB444EBB821}] => (Allow) C:\Program Files (x86)\SPSS\stats.com (International Business Machines Corporation -> IBM Corp.) [File not signed]
FirewallRules: [{8062050A-3055-4C7F-806F-549F9DA10036}] => (Allow) C:\Program Files (x86)\SPSS\WinWrapIDE.exe (International Business Machines Corporation -> IBM Corp.) [File not signed]
FirewallRules: [{5F071C36-DFC9-41D5-9A1D-8635C9B58B51}] => (Allow) C:\Program Files (x86)\SPSS\stats.exe (International Business Machines Corporation -> IBM Corp.) [File not signed]
FirewallRules: [UDP Query User{0257390E-4C5F-43EF-A79D-5765341F342D}C:\program files (x86)\mozilla firefox\firefox.exe] => (Block) C:\program files (x86)\mozilla firefox\firefox.exe (Mozilla Corporation -> Mozilla Corporation)
FirewallRules: [TCP Query User{821CE340-2D06-44D0-8C7C-490E86231084}C:\program files (x86)\mozilla firefox\firefox.exe] => (Block) C:\program files (x86)\mozilla firefox\firefox.exe (Mozilla Corporation -> Mozilla Corporation)
FirewallRules: [{5185ADA7-EB55-4B31-8BC6-1D404DEDD48B}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Mozilla Corporation -> Mozilla Corporation)
FirewallRules: [{07756E60-ED56-4A1F-B1E5-8D44A24815ED}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Mozilla Corporation -> Mozilla Corporation)
FirewallRules: [{AFA37683-7D2F-413A-A87F-68F462A3B754}] => (Allow) C:\Users\Pauline\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc -> Dropbox, Inc.)
FirewallRules: [{4002A716-6838-428A-AF30-0E51A9D16B06}] => (Allow) C:\Users\Pauline\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc -> Dropbox, Inc.)
FirewallRules: [UDP Query User{903B8581-FCF8-45CA-9274-D9298E979926}C:\program files (x86)\speedtouch\dr speedtouch\drst.exe] => (Block) C:\program files (x86)\speedtouch\dr speedtouch\drst.exe (THOMSON) [File not signed]
FirewallRules: [TCP Query User{F1CC34B7-0F9B-49E0-8DB4-3B0518E6D06E}C:\program files (x86)\speedtouch\dr speedtouch\drst.exe] => (Block) C:\program files (x86)\speedtouch\dr speedtouch\drst.exe (THOMSON) [File not signed]
FirewallRules: [UDP Query User{655CABCD-D93D-4F79-90FD-51D2FD81484D}C:\program files (x86)\speedtouch\dr speedtouch\drst.exe] => (Block) C:\program files (x86)\speedtouch\dr speedtouch\drst.exe (THOMSON) [File not signed]
FirewallRules: [TCP Query User{37914DDE-16CB-431B-8138-642454D3089A}C:\program files (x86)\speedtouch\dr speedtouch\drst.exe] => (Block) C:\program files (x86)\speedtouch\dr speedtouch\drst.exe (THOMSON) [File not signed]
FirewallRules: [UDP Query User{382156BB-B55C-4093-8C9F-57BC965A0359}C:\program files (x86)\java\jre7\bin\javaw.exe] => (Allow) C:\program files (x86)\java\jre7\bin\javaw.exe
FirewallRules: [TCP Query User{7A62AD09-378B-499E-B1C3-3B286378EB42}C:\program files (x86)\java\jre7\bin\javaw.exe] => (Allow) C:\program files (x86)\java\jre7\bin\javaw.exe
FirewallRules: [{5CAAA95A-5745-4CC0-86E0-7FD312735156}] => (Allow) C:\Program Files\Common Files\mcafee\platform\McSvcHost\McSvHost.exe => No File
FirewallRules: [{964A953E-F081-4B65-8C5D-5108BF81124F}] => (Allow) C:\Program Files\Common Files\mcafee\platform\McSvcHost\McSvHost.exe => No File
FirewallRules: [{35EAE3D4-F480-4DBB-A5EC-F3B062984401}] => (Allow) C:\Users\Pauline\AppData\Local\Microsoft\SkyDrive\SkyDrive.exe => No File
FirewallRules: [{FC0929F2-EED6-4D8E-B4D1-97DB885494CF}] => (Allow) C:\Program Files (x86)\Lenovo\LenovoAppShop\bin\ismloader.exe (Intel AppUp® center -> Intel Corporation)
FirewallRules: [{ADDA57F9-6998-4914-B27F-FF37283467C9}] => (Allow) C:\Program Files (x86)\Lenovo\LenovoAppShop\bin\ismagent.exe (Intel® Services Manager -> Intel Corporation)
FirewallRules: [{36A3148C-6DCA-4E77-A2B0-279D40956C73}] => (Allow) C:\Program Files (x86)\Maxthon\Bin\Maxthon.exe (Maxthon (Asia) Limited. -> Maxthon International ltd.)
FirewallRules: [{31A46AC8-508A-464C-B513-CFA6542E79C5}] => (Allow) C:\Program Files (x86)\Maxthon\Bin\Maxthon.exe (Maxthon (Asia) Limited. -> Maxthon International ltd.)
FirewallRules: [{F965EA8B-8527-414E-911C-5813C42D6D6E}] => (Allow) C:\Program Files (x86)\Maxthon\Bin\MxUp.exe (Maxthon (Asia) Limited. -> Maxthon International ltd.)
FirewallRules: [{85F2BAA5-48D8-4DD1-AF47-4A2C713D9DEA}] => (Allow) C:\Program Files (x86)\Maxthon\Bin\MxUp.exe (Maxthon (Asia) Limited. -> Maxthon International ltd.)
FirewallRules: [{4457018A-6795-4B11-8ED7-6C85E912FD15}] => (Allow) C:\Program Files\CyberLink\PowerDirector10\PDR10.EXE (CyberLink Corp. -> CyberLink Corp.)
FirewallRules: [{E278BD0E-21AA-4E7B-B433-302F2209539C}] => (Allow) C:\Program Files (x86)\Lenovo\PowerDVD10\PowerDVD10.EXE (CyberLink Corp. -> CyberLink Corp.)
FirewallRules: [{988FB48E-70B8-4963-BA3E-95932E5E618D}] => (Allow) C:\Program Files (x86)\Lenovo\PowerDVD10\PowerDVD Cinema\PowerDVDCinema10.exe (CyberLink Corp. -> CyberLink Corp.)
FirewallRules: [{636C7DE4-2344-461F-8775-75FD799C2F98}] => (Allow) C:\Program Files\Common Files\mcafee\platform\McSvcHost\McSvHost.exe => No File
FirewallRules: [{07EE119F-61CA-4DF6-83E0-475B8B56C132}] => (Allow) C:\Program Files\Common Files\mcafee\platform\McSvcHost\McSvHost.exe => No File
FirewallR

#6 Tyrellcorp

Tyrellcorp

    Member

  • Full Member
  • Pip
  • 13 posts

Posted 11 May 2020 - 03:56 PM

Hmm, it happened again at exactly the same spot. So I'll try and just post the missing part

 

==================== FirewallRules (Whitelisted) ================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

FirewallRules: [{3828428C-5F69-48D0-BD9D-A12AB94626C1}] => (Allow) C:\Users\Pauline\AppData\Roaming\uTorrent\uTorrent.exe (BitTorrent Inc -> BitTorrent Inc.)
FirewallRules: [{A954C457-6240-4CE7-B174-5CD18722A759}] => (Allow) C:\Users\Pauline\AppData\Roaming\uTorrent\uTorrent.exe (BitTorrent Inc -> BitTorrent Inc.)
FirewallRules: [{A802CB58-8A5C-4AD5-A6B3-90A06DC86336}] => (Allow) C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc. -> Apple Inc.)
FirewallRules: [{49C1769A-FBD7-4C05-81AC-4FADDA756553}] => (Allow) C:\Users\Pauline\AppData\Local\Temp\EpInsNav\DL\3013\Network\EpsonNetSetup\Data\ENEasyApp.exe => No File
FirewallRules: [{64CBD3F0-45E2-43ED-A824-9CB74B3268C3}] => (Allow) C:\Users\Pauline\AppData\Local\Temp\EpInsNav\DL\3013\Network\EpsonNetSetup\Data\ENEasyApp.exe => No File
FirewallRules: [{3E07AD9B-860C-494E-A604-3FD23FCE3790}] => (Allow) C:\Program Files\AVAST Software\Avast\ng\vbox\aswFe.exe => No File
FirewallRules: [{19442169-ADB0-4E5B-8B40-ADE5F3419811}] => (Allow) C:\Program Files\AVAST Software\Avast\ng\vbox\aswFe.exe => No File
FirewallRules: [{CFC66B4D-9678-47A0-AC63-B49B9AA589EA}] => (Allow) C:\Users\Pauline\AppData\Local\Temp\7zS356D\HPDiagnosticCoreUI.exe => No File
FirewallRules: [{879BB6B9-4B42-470F-9771-181A9169F60C}] => (Allow) C:\Users\Pauline\AppData\Local\Temp\7zS356D\HPDiagnosticCoreUI.exe => No File
FirewallRules: [{573D3238-9EF2-4D83-8F71-411C748215D7}] => (Allow) C:\Users\Pauline\AppData\Local\Temp\7zS2BDB\HPDiagnosticCoreUI.exe => No File
FirewallRules: [{6927EB13-6672-4BC6-A19F-96169A147774}] => (Allow) C:\Users\Pauline\AppData\Local\Temp\7zS2BDB\HPDiagnosticCoreUI.exe => No File
FirewallRules: [UDP Query User{75189070-1BFE-4955-AC8C-159F01A47EE7}C:\users\pauline\appdata\roaming\dropbox\bin\dropbox.exe] => (Block) C:\users\pauline\appdata\roaming\dropbox\bin\dropbox.exe (Dropbox, Inc -> Dropbox, Inc.)
FirewallRules: [TCP Query User{9D640CEA-C075-450C-AC63-70E11A45C0CB}C:\users\pauline\appdata\roaming\dropbox\bin\dropbox.exe] => (Block) C:\users\pauline\appdata\roaming\dropbox\bin\dropbox.exe (Dropbox, Inc -> Dropbox, Inc.)
FirewallRules: [{18B09901-E5BD-4834-81D9-DA2AAB0641CA}] => (Allow) C:\Users\Pauline\AppData\Local\Temp\7zS7262\HP.EasyStart.exe => No File
FirewallRules: [{29A4985A-A7EE-4537-9B50-138474CA7B85}] => (Allow) C:\Users\Pauline\AppData\Local\Temp\7zS3A00\HP.EasyStart.exe => No File
FirewallRules: [{5D695CAC-8258-474D-A5D4-6C27C740C073}] => (Allow) C:\Users\Pauline\AppData\Local\Temp\7zS2433\HP.EasyStart.exe => No File
FirewallRules: [{B096545E-7D4C-4DF3-A1F3-53763FC9B5AC}] => (Allow) C:\Program Files\AVAST Software\Avast\ng\vbox\aswFe.exe => No File
FirewallRules: [{EE212A33-A6BD-433A-AFD0-75A85B9F106A}] => (Allow) C:\Program Files\AVAST Software\Avast\ng\vbox\aswFe.exe => No File
FirewallRules: [UDP Query User{CDA55194-8A17-4F63-9AFF-D91732DDF55A}C:\program files (x86)\spss\jre\bin\javaw.exe] => (Allow) C:\program files (x86)\spss\jre\bin\javaw.exe
FirewallRules: [TCP Query User{CD5686A2-D602-47E9-BD0E-1453C0C9D915}C:\program files (x86)\spss\jre\bin\javaw.exe] => (Allow) C:\program files (x86)\spss\jre\bin\javaw.exe
FirewallRules: [{79997ACB-9215-45AD-AF27-16ACA6F0DEC5}] => (Allow) C:\Program Files (x86)\SPSS\stats.com (International Business Machines Corporation -> IBM Corp.) [File not signed]
FirewallRules: [{0D8BF589-28DA-4DDC-B48F-7B14B821BFA5}] => (Allow) C:\Program Files (x86)\SPSS\WinWrapIDE.exe (International Business Machines Corporation -> IBM Corp.) [File not signed]
FirewallRules: [{A37EE120-0829-48B9-A39C-9B96B9C80EBC}] => (Allow) C:\Program Files (x86)\SPSS\stats.exe (International Business Machines Corporation -> IBM Corp.) [File not signed]
FirewallRules: [{2F3B8F77-CD3B-424E-95C8-2AB444EBB821}] => (Allow) C:\Program Files (x86)\SPSS\stats.com (International Business Machines Corporation -> IBM Corp.) [File not signed]
FirewallRules: [{8062050A-3055-4C7F-806F-549F9DA10036}] => (Allow) C:\Program Files (x86)\SPSS\WinWrapIDE.exe (International Business Machines Corporation -> IBM Corp.) [File not signed]
FirewallRules: [{5F071C36-DFC9-41D5-9A1D-8635C9B58B51}] => (Allow) C:\Program Files (x86)\SPSS\stats.exe (International Business Machines Corporation -> IBM Corp.) [File not signed]
FirewallRules: [UDP Query User{0257390E-4C5F-43EF-A79D-5765341F342D}C:\program files (x86)\mozilla firefox\firefox.exe] => (Block) C:\program files (x86)\mozilla firefox\firefox.exe (Mozilla Corporation -> Mozilla Corporation)
FirewallRules: [TCP Query User{821CE340-2D06-44D0-8C7C-490E86231084}C:\program files (x86)\mozilla firefox\firefox.exe] => (Block) C:\program files (x86)\mozilla firefox\firefox.exe (Mozilla Corporation -> Mozilla Corporation)
FirewallRules: [{5185ADA7-EB55-4B31-8BC6-1D404DEDD48B}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Mozilla Corporation -> Mozilla Corporation)
FirewallRules: [{07756E60-ED56-4A1F-B1E5-8D44A24815ED}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Mozilla Corporation -> Mozilla Corporation)
FirewallRules: [{AFA37683-7D2F-413A-A87F-68F462A3B754}] => (Allow) C:\Users\Pauline\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc -> Dropbox, Inc.)
FirewallRules: [{4002A716-6838-428A-AF30-0E51A9D16B06}] => (Allow) C:\Users\Pauline\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc -> Dropbox, Inc.)
FirewallRules: [UDP Query User{903B8581-FCF8-45CA-9274-D9298E979926}C:\program files (x86)\speedtouch\dr speedtouch\drst.exe] => (Block) C:\program files (x86)\speedtouch\dr speedtouch\drst.exe (THOMSON) [File not signed]
FirewallRules: [TCP Query User{F1CC34B7-0F9B-49E0-8DB4-3B0518E6D06E}C:\program files (x86)\speedtouch\dr speedtouch\drst.exe] => (Block) C:\program files (x86)\speedtouch\dr speedtouch\drst.exe (THOMSON) [File not signed]
FirewallRules: [UDP Query User{655CABCD-D93D-4F79-90FD-51D2FD81484D}C:\program files (x86)\speedtouch\dr speedtouch\drst.exe] => (Block) C:\program files (x86)\speedtouch\dr speedtouch\drst.exe (THOMSON) [File not signed]
FirewallRules: [TCP Query User{37914DDE-16CB-431B-8138-642454D3089A}C:\program files (x86)\speedtouch\dr speedtouch\drst.exe] => (Block) C:\program files (x86)\speedtouch\dr speedtouch\drst.exe (THOMSON) [File not signed]
FirewallRules: [UDP Query User{382156BB-B55C-4093-8C9F-57BC965A0359}C:\program files (x86)\java\jre7\bin\javaw.exe] => (Allow) C:\program files (x86)\java\jre7\bin\javaw.exe
FirewallRules: [TCP Query User{7A62AD09-378B-499E-B1C3-3B286378EB42}C:\program files (x86)\java\jre7\bin\javaw.exe] => (Allow) C:\program files (x86)\java\jre7\bin\javaw.exe
FirewallRules: [{5CAAA95A-5745-4CC0-86E0-7FD312735156}] => (Allow) C:\Program Files\Common Files\mcafee\platform\McSvcHost\McSvHost.exe => No File
FirewallRules: [{964A953E-F081-4B65-8C5D-5108BF81124F}] => (Allow) C:\Program Files\Common Files\mcafee\platform\McSvcHost\McSvHost.exe => No File
FirewallRules: [{35EAE3D4-F480-4DBB-A5EC-F3B062984401}] => (Allow) C:\Users\Pauline\AppData\Local\Microsoft\SkyDrive\SkyDrive.exe => No File
FirewallRules: [{FC0929F2-EED6-4D8E-B4D1-97DB885494CF}] => (Allow) C:\Program Files (x86)\Lenovo\LenovoAppShop\bin\ismloader.exe (Intel AppUp® center -> Intel Corporation)
FirewallRules: [{ADDA57F9-6998-4914-B27F-FF37283467C9}] => (Allow) C:\Program Files (x86)\Lenovo\LenovoAppShop\bin\ismagent.exe (Intel® Services Manager -> Intel Corporation)
FirewallRules: [{36A3148C-6DCA-4E77-A2B0-279D40956C73}] => (Allow) C:\Program Files (x86)\Maxthon\Bin\Maxthon.exe (Maxthon (Asia) Limited. -> Maxthon International ltd.)
FirewallRules: [{31A46AC8-508A-464C-B513-CFA6542E79C5}] => (Allow) C:\Program Files (x86)\Maxthon\Bin\Maxthon.exe (Maxthon (Asia) Limited. -> Maxthon International ltd.)
FirewallRules: [{F965EA8B-8527-414E-911C-5813C42D6D6E}] => (Allow) C:\Program Files (x86)\Maxthon\Bin\MxUp.exe (Maxthon (Asia) Limited. -> Maxthon International ltd.)
FirewallRules: [{85F2BAA5-48D8-4DD1-AF47-4A2C713D9DEA}] => (Allow) C:\Program Files (x86)\Maxthon\Bin\MxUp.exe (Maxthon (Asia) Limited. -> Maxthon International ltd.)
FirewallRules: [{4457018A-6795-4B11-8ED7-6C85E912FD15}] => (Allow) C:\Program Files\CyberLink\PowerDirector10\PDR10.EXE (CyberLink Corp. -> CyberLink Corp.)
FirewallRules: [{E278BD0E-21AA-4E7B-B433-302F2209539C}] => (Allow) C:\Program Files (x86)\Lenovo\PowerDVD10\PowerDVD10.EXE (CyberLink Corp. -> CyberLink Corp.)
FirewallRules: [{988FB48E-70B8-4963-BA3E-95932E5E618D}] => (Allow) C:\Program Files (x86)\Lenovo\PowerDVD10\PowerDVD Cinema\PowerDVDCinema10.exe (CyberLink Corp. -> CyberLink Corp.)
FirewallRules: [{636C7DE4-2344-461F-8775-75FD799C2F98}] => (Allow) C:\Program Files\Common Files\mcafee\platform\McSvcHost\McSvHost.exe => No File
FirewallRules: [{07EE119F-61CA-4DF6-83E0-475B8B56C132}] => (Allow) C:\Program Files\Common Files\mcafee\platform\McSvcHost\McSvHost.exe => No File
FirewallRules: [TCP Query User{57692D84-6110-4EDC-985E-61C87E9A2050}C:\program files (x86)\spss\stats.exe] => (Allow) C:\program files (x86)\spss\stats.exe (International Business Machines Corporation -> IBM Corp.) [File not signed]
FirewallRules: [UDP Query User{516CDBD5-6B5A-44E5-A2DE-22CBDDA34462}C:\program files (x86)\spss\stats.exe] => (Allow) C:\program files (x86)\spss\stats.exe (International Business Machines Corporation -> IBM Corp.) [File not signed]
FirewallRules: [TCP Query User{B805D6BF-7C42-4791-A67C-9872596E14C6}C:\program files (x86)\spss\jre\bin\javaw.exe] => (Allow) C:\program files (x86)\spss\jre\bin\javaw.exe
FirewallRules: [UDP Query User{848FFA16-5F78-4FC6-9A68-1DEBDB566CE3}C:\program files (x86)\spss\jre\bin\javaw.exe] => (Allow) C:\program files (x86)\spss\jre\bin\javaw.exe
FirewallRules: [{78FA6D58-383C-4DBD-9AD1-F35260822D4E}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Mozilla Corporation -> Mozilla Corporation)
FirewallRules: [{74A2DDFE-6189-4829-97D7-D4B869FF10D5}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Mozilla Corporation -> Mozilla Corporation)
FirewallRules: [{902FB8D8-F7D1-4423-B5F7-E7EC898EE379}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe (Apple Inc. -> Apple Inc.)
FirewallRules: [{E637241F-EE15-4150-82E7-8F263D1FEFD0}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe (Apple Inc. -> Apple Inc.)
FirewallRules: [{33085982-A7B0-4698-9DE1-3805175C4410}] => (Allow) C:\Program Files (x86)\Bonjour\mDNSResponder.exe (Apple Inc. -> Apple Inc.)
FirewallRules: [{83984AE0-7EEB-480B-A4FB-C542756A5646}] => (Allow) C:\Program Files (x86)\Bonjour\mDNSResponder.exe (Apple Inc. -> Apple Inc.)
FirewallRules: [{EA82F4D5-4BDC-4586-8CB5-8D4D96418DCA}] => (Allow) C:\Program Files\HP\HP ENVY 5540 series\Bin\DeviceSetup.exe (Hewlett Packard -> HP Inc.)
FirewallRules: [{7D3D45C2-C6F3-440E-A617-8D378D760FBF}] => (Allow) LPort=5357
FirewallRules: [{E4E263ED-C0CE-46AC-AC0D-07112182D7F2}] => (Allow) C:\Program Files\HP\HP ENVY 5540 series\Bin\HPNetworkCommunicatorCom.exe (Hewlett Packard -> HP Inc.)
FirewallRules: [{14A8B844-A51E-496A-9A49-A860412410D1}] => (Allow) C:\Users\Pauline\AppData\Local\Temp\7zS3B82\HPDiagnosticCoreUI.exe => No File
FirewallRules: [{9E1EE59A-7A39-43BE-97B6-0D8F480B8E0A}] => (Allow) C:\Users\Pauline\AppData\Local\Temp\7zS3B82\HPDiagnosticCoreUI.exe => No File
FirewallRules: [{82076FBC-AC1D-4858-AF62-04D3FE812CC2}] => (Allow) C:\Users\Pauline\AppData\Local\Temp\7zS3C0B\HPDiagnosticCoreUI.exe => No File
FirewallRules: [{1C865480-E445-417C-AD33-2606A5B266E6}] => (Allow) C:\Users\Pauline\AppData\Local\Temp\7zS3C0B\HPDiagnosticCoreUI.exe => No File
FirewallRules: [TCP Query User{67119C02-E945-4099-9EC3-B98DF6C15BBC}C:\program files\videolan\vlc\vlc.exe] => (Block) C:\program files\videolan\vlc\vlc.exe (VideoLAN -> VideoLAN)
FirewallRules: [UDP Query User{B94D4DC9-8F34-4838-BED0-478E6F5624C3}C:\program files\videolan\vlc\vlc.exe] => (Block) C:\program files\videolan\vlc\vlc.exe (VideoLAN -> VideoLAN)
FirewallRules: [{D6279662-59B8-4769-98A3-51220996C297}] => (Allow) C:\Users\Pauline\AppData\Roaming\Zoom\bin\Zoom.exe (Zoom Video Communications, Inc. -> Zoom Video Communications, Inc.)
FirewallRules: [{36A904BB-BFFD-4508-846F-432D6BCD1E70}] => (Allow) C:\Users\Pauline\AppData\Roaming\Zoom\bin\airhost.exe => No File
FirewallRules: [{26349E8D-FE9A-48CA-908A-B5320AC03766}] => (Allow) C:\Program Files (x86)\AVAST Software\Browser\Application\AvastBrowser.exe (Avast Software s.r.o. -> AVAST Software)
FirewallRules: [{3D2A3260-C1B9-4BED-9B42-036CDF4CC98C}] => (Allow) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google LLC -> Google LLC)
FirewallRules: [{272E5C9C-5806-4431-8776-91FB1D4FD9EE}] => (Allow) C:\Program Files\iTunes\iTunes.exe (Apple Inc. -> Apple Inc.)

==================== Restore Points =========================

23-04-2020 10:46:19 Scheduled Checkpoint
30-04-2020 11:27:28 Scheduled Checkpoint
10-05-2020 11:19:51 Scheduled Checkpoint

==================== Faulty Device Manager Devices ============


==================== Event log errors: ========================

Application errors:
==================
Error: (05/11/2020 04:20:23 PM) (Source: MsiInstaller) (EventID: 11316) (User: NT AUTHORITY)
Description: Product: Avast Update Helper -- Error 1316. The specified account already exists.

Error: (05/11/2020 04:16:36 PM) (Source: ESENT) (EventID: 455) (User: )
Description: svchost (9848,R,98) TILEREPOSITORYS-1-5-18: Error -1023 (0xfffffc01) occurred while opening logfile C:\WINDOWS\system32\config\systemprofile\AppData\Local\TileDataLayer\Database\EDB.log.

Error: (05/11/2020 03:47:06 PM) (Source: Application Hang) (EventID: 1002) (User: )
Description: The program SystemSettings.exe version 10.0.18362.628 stopped interacting with Windows and was closed. To see if more information about the problem is available, check the problem history in the Security and Maintenance control panel.

Process ID: 3838

Start Time: 01d6276f51e07013

Termination Time: 4294967295

Application Path: C:\Windows\ImmersiveControlPanel\SystemSettings.exe

Report Id: 7d31d83e-2c83-4c0f-899d-7d4a065f8f66

Faulting package full name: windows.immersivecontrolpanel_10.0.2.1000_neutral_neutral_cw5n1h2txyewy

Faulting package-relative application ID: microsoft.windows.immersivecontrolpanel

Hang type: Quiesce

Error: (05/11/2020 03:41:41 PM) (Source: ESENT) (EventID: 455) (User: )
Description: svchost (9044,R,98) TILEREPOSITORYS-1-5-18: Error -1023 (0xfffffc01) occurred while opening logfile C:\WINDOWS\system32\config\systemprofile\AppData\Local\TileDataLayer\Database\EDB.log.

Error: (05/11/2020 03:20:16 PM) (Source: MsiInstaller) (EventID: 11316) (User: NT AUTHORITY)
Description: Product: Avast Update Helper -- Error 1316. The specified account already exists.

Error: (05/11/2020 02:46:32 PM) (Source: MsiInstaller) (EventID: 11316) (User: NT AUTHORITY)
Description: Product: Avast Update Helper -- Error 1316. The specified account already exists.

Error: (05/11/2020 02:20:15 PM) (Source: MsiInstaller) (EventID: 11316) (User: NT AUTHORITY)
Description: Product: Avast Update Helper -- Error 1316. The specified account already exists.

Error: (05/11/2020 01:46:33 PM) (Source: MsiInstaller) (EventID: 11316) (User: NT AUTHORITY)
Description: Product: Avast Update Helper -- Error 1316. The specified account already exists.


System errors:
=============
Error: (05/11/2020 08:44:21 AM) (Source: DCOM) (EventID: 10010) (User: NT AUTHORITY)
Description: The server {784E29F4-5EBE-4279-9948-1E8FE941646D} did not register with DCOM within the required timeout.

Error: (05/10/2020 11:41:54 PM) (Source: DCOM) (EventID: 10001) (User: PAULINE-PC)
Description: Unable to start a DCOM Server: E046963F.LenovoSupport_2.0.5.0_x86__k1h2ywk1493x8!App.AppX1222w7mnscdhak8wye3bynztq2t5x6q9.mca as Unavailable/Unavailable. The error:
"2147958031"
Happened while starting this command:
"C:\WINDOWS\SysWOW64\backgroundTaskHost.exe" -ServerName:App.AppXeswb5ba1hz6dgh65e6kd4vazsqwqzdcn.mca

Error: (05/10/2020 11:41:54 PM) (Source: DCOM) (EventID: 10001) (User: PAULINE-PC)
Description: Unable to start a DCOM Server: E046963F.LenovoSupport_2.0.5.0_x86__k1h2ywk1493x8!App.AppX6v65ke6xy52mzp48tbdgqddy15h0mcbk.mca as Unavailable/Unavailable. The error:
"2147958031"
Happened while starting this command:
"C:\WINDOWS\SysWOW64\backgroundTaskHost.exe" -ServerName:App.AppXeswb5ba1hz6dgh65e6kd4vazsqwqzdcn.mca

Error: (05/10/2020 11:06:23 PM) (Source: DCOM) (EventID: 10001) (User: PAULINE-PC)
Description: Unable to start a DCOM Server: E046963F.LenovoSupport_2.0.5.0_x86__k1h2ywk1493x8!App.AppX1222w7mnscdhak8wye3bynztq2t5x6q9.mca as Unavailable/Unavailable. The error:
"2147958031"
Happened while starting this command:
"C:\WINDOWS\SysWOW64\backgroundTaskHost.exe" -ServerName:App.AppXeswb5ba1hz6dgh65e6kd4vazsqwqzdcn.mca

Error: (05/10/2020 11:06:23 PM) (Source: DCOM) (EventID: 10001) (User: PAULINE-PC)
Description: Unable to start a DCOM Server: E046963F.LenovoSupport_2.0.5.0_x86__k1h2ywk1493x8!App.AppX6v65ke6xy52mzp48tbdgqddy15h0mcbk.mca as Unavailable/Unavailable. The error:
"2147958031"
Happened while starting this command:
"C:\WINDOWS\SysWOW64\backgroundTaskHost.exe" -ServerName:App.AppXeswb5ba1hz6dgh65e6kd4vazsqwqzdcn.mca

Error: (05/10/2020 10:35:12 PM) (Source: DCOM) (EventID: 10010) (User: NT AUTHORITY)
Description: The server {784E29F4-5EBE-4279-9948-1E8FE941646D} did not register with DCOM within the required timeout.

Error: (05/10/2020 05:50:50 PM) (Source: DCOM) (EventID: 10001) (User: PAULINE-PC)
Description: Unable to start a DCOM Server: E046963F.LenovoSupport_2.0.5.0_x86__k1h2ywk1493x8!App.AppX6v65ke6xy52mzp48tbdgqddy15h0mcbk.mca as Unavailable/Unavailable. The error:
"2147958031"
Happened while starting this command:
"C:\WINDOWS\SysWOW64\backgroundTaskHost.exe" -ServerName:App.AppXeswb5ba1hz6dgh65e6kd4vazsqwqzdcn.mca

Error: (05/10/2020 05:50:50 PM) (Source: DCOM) (EventID: 10001) (User: PAULINE-PC)
Description: Unable to start a DCOM Server: E046963F.LenovoSupport_2.0.5.0_x86__k1h2ywk1493x8!App.AppX1222w7mnscdhak8wye3bynztq2t5x6q9.mca as Unavailable/Unavailable. The error:
"2147958031"
Happened while starting this command:
"C:\WINDOWS\SysWOW64\backgroundTaskHost.exe" -ServerName:App.AppXeswb5ba1hz6dgh65e6kd4vazsqwqzdcn.mca


Windows Defender:
===================================
Date: 2020-01-02 20:02:07.404
Description:
Windows Defender Antivirus scan has been stopped before completion.
Scan ID: {074B2630-1F26-4960-BF68-DA0C64AFDF33}
Scan Type: Antimalware
Scan Parameters: Quick Scan

Date: 2020-01-02 19:38:28.097
Description:
Windows Defender Antivirus scan has been stopped before completion.
Scan ID: {66B1E804-485E-4531-83C5-CBC56DB53BF0}
Scan Type: Antimalware
Scan Parameters: Quick Scan

Date: 2020-01-02 19:14:06.151
Description:
Windows Defender Antivirus scan has been stopped before completion.
Scan ID: {4B2E288C-933D-4F7F-9593-5766F8A01F96}
Scan Type: Antimalware
Scan Parameters: Quick Scan

Date: 2020-01-02 18:55:22.569
Description:
Windows Defender Antivirus scan has been stopped before completion.
Scan ID: {0EF0D4ED-9E26-4BD3-9259-FBEFD7EFED84}
Scan Type: Antimalware
Scan Parameters: Quick Scan

Date: 2019-12-13 11:24:06.535
Description:
Windows Defender Antivirus scan has been stopped before completion.
Scan ID: {519E3B14-43D7-4ACC-A3A8-666B16A4F24F}
Scan Type: Antimalware
Scan Parameters: Quick Scan

Date: 2019-12-28 15:50:10.619
Description:
Windows Defender Antivirus has encountered an error trying to update security intelligence.
New security intelligence Version:
Previous security intelligence Version: 1.307.1060.0
Update Source: Microsoft Malware Protection Center
Security intelligence Type: AntiVirus
Update Type: Full
Current Engine Version:
Previous Engine Version: 1.1.16600.7
Error code: 0x80072ee7
Error description: The server name or address could not be resolved

Date: 2019-12-28 15:50:10.616
Description:
Windows Defender Antivirus has encountered an error trying to update security intelligence.
New security intelligence Version:
Previous security intelligence Version: 1.307.1060.0
Update Source: Microsoft Malware Protection Center
Security intelligence Type: AntiSpyware
Update Type: Full
Current Engine Version:
Previous Engine Version: 1.1.16600.7
Error code: 0x80072ee7
Error description: The server name or address could not be resolved

Date: 2019-12-28 15:50:10.613
Description:
Windows Defender Antivirus has encountered an error trying to update security intelligence.
New security intelligence Version:
Previous security intelligence Version: 1.307.1060.0
Update Source: Microsoft Malware Protection Center
Security intelligence Type: AntiVirus
Update Type: Full
Current Engine Version:
Previous Engine Version: 1.1.16600.7
Error code: 0x80072ee7
Error description: The server name or address could not be resolved

Date: 2019-12-28 15:50:09.887
Description:
Windows Defender Antivirus has encountered an error trying to update security intelligence.
New security intelligence Version:
Previous security intelligence Version: 1.307.1060.0
Update Source: Microsoft Malware Protection Center
Security intelligence Type: AntiVirus
Update Type: Full
Current Engine Version:
Previous Engine Version: 1.1.16600.7
Error code: 0x80072ee7
Error description: The server name or address could not be resolved

Date: 2019-12-28 15:50:09.883
Description:
Windows Defender Antivirus has encountered an error trying to update security intelligence.
New security intelligence Version:
Previous security intelligence Version: 1.307.1060.0
Update Source: Microsoft Malware Protection Center
Security intelligence Type: AntiSpyware
Update Type: Full
Current Engine Version:
Previous Engine Version: 1.1.16600.7
Error code: 0x80072ee7
Error description: The server name or address could not be resolved

CodeIntegrity:
===================================

Date: 2020-05-11 15:53:59.952
Description:
Code Integrity determined that a process (\Device\HarddiskVolume5\Program Files (x86)\Google\Chrome\Application\chrome.exe) attempted to load \Device\HarddiskVolume5\Program Files\AVAST Software\Avast\aswhook.dll that did not meet the Microsoft signing level requirements.

Date: 2020-05-11 15:53:57.428
Description:
Code Integrity determined that a process (\Device\HarddiskVolume5\Program Files (x86)\Google\Chrome\Application\chrome.exe) attempted to load \Device\HarddiskVolume5\Program Files\AVAST Software\Avast\snxhk.dll that did not meet the Microsoft signing level requirements.

Date: 2020-05-11 15:53:53.223
Description:
Code Integrity determined that a process (\Device\HarddiskVolume5\Program Files (x86)\Google\Chrome\Application\chrome.exe) attempted to load \Device\HarddiskVolume5\Program Files\AVAST Software\Avast\aswhook.dll that did not meet the Microsoft signing level requirements.

Date: 2020-05-11 15:53:53.195
Description:
Code Integrity determined that a process (\Device\HarddiskVolume5\Program Files (x86)\Google\Chrome\Application\chrome.exe) attempted to load \Device\HarddiskVolume5\Program Files\AVAST Software\Avast\snxhk.dll that did not meet the Microsoft signing level requirements.

Date: 2020-05-11 15:53:53.017
Description:
Code Integrity determined that a process (\Device\HarddiskVolume5\Program Files (x86)\Google\Chrome\Application\chrome.exe) attempted to load \Device\HarddiskVolume5\Program Files\AVAST Software\Avast\aswhook.dll that did not meet the Microsoft signing level requirements.

Date: 2020-05-11 15:53:52.900
Description:
Code Integrity determined that a process (\Device\HarddiskVolume5\Program Files (x86)\Google\Chrome\Application\chrome.exe) attempted to load \Device\HarddiskVolume5\Program Files\AVAST Software\Avast\snxhk.dll that did not meet the Microsoft signing level requirements.

Date: 2020-05-11 15:52:16.733
Description:
Windows blocked file \Device\HarddiskVolume5\Windows\System32\scrobj.dll which has been disallowed for protected processes.

Date: 2020-05-11 15:47:22.103
Description:
Code Integrity determined that a process (\Device\HarddiskVolume5\Program Files (x86)\Google\Chrome\Application\chrome.exe) attempted to load \Device\HarddiskVolume5\Program Files\AVAST Software\Avast\aswhook.dll that did not meet the Microsoft signing level requirements.

==================== Memory info ===========================

BIOS: LENOVO I9KT35AUS 10/17/2013
Motherboard: LENOVO Kabini CRB
Processor: AMD A4-5000 APU with Radeon™ HD Graphics
Percentage of memory in use: 68%
Total physical RAM: 5581.92 MB
Available physical RAM: 1762.27 MB
Total Virtual: 8744.29 MB
Available Virtual: 1677.8 MB

==================== Drives ================================

Drive c: (Windows8_OS) (Fixed) (Total:905.25 GB) (Free:597 GB) NTFS ==>[system with boot components (obtained from drive)]
Drive d: (EPSON) (CDROM) (Total:0.46 GB) (Free:0 GB) CDFS

\\?\Volume{f922c1fc-4a8e-4cd8-ba2a-024e1057ae9b}\ (WINRE_DRV) (Fixed) (Total:0.98 GB) (Free:0.58 GB) NTFS
\\?\Volume{a9e72970-1ee6-4aa9-9134-8bf61695ef8e}\ (PBR_DRV) (Fixed) (Total:24.41 GB) (Free:14.57 GB) NTFS
\\?\Volume{9d913261-fc78-46a3-9b4f-e076f4b89cca}\ (SYSTEM_DRV) (Fixed) (Total:0.25 GB) (Free:0.22 GB) FAT32

==================== MBR & Partition Table ====================

==========================================================
Disk: 0 (Size: 931.5 GB) (Disk ID: 9525E828)

Partition: GPT.

==================== End of Addition.txt =======================


#7 Android 8888

Android 8888

    SWI Malware Tracker

  • Trusted Advisor*
  • PipPipPipPipPip
  • 1,202 posts

Posted 12 May 2020 - 10:20 AM

Hello Tyrellcorp,

Thank you for posting the log.

 

 

The Wifi also cuts out a lot, that may be connected to having a crappy router, but thought I'd mention it just in case.

First and before we start I will ask you to reset the Router.

 

 

Going over your logs I noticed that you have uTorrent installed.

  • Avoid gaming sites, pirated software, cracking tools, keygens, and peer-to-peer (P2P) file sharing programs.
  • They are a security risk which can make your computer susceptible to a wide variety of malware infections, remote attacks, exposure of personal information, and identity theft. Many malicious worms and Trojans spread across P2P file sharing networks, gaming and underground sites.
  • Users visiting such pages may see innocuous-looking banner ads containing code which can trigger pop-up ads and malicious Flash ads that install viruses, Trojans and spyware. Ads are a target for hackers because they offer a stealthy way to distribute malware to a wide range of Internet users.
  • The best way to reduce the risk of infection is to avoid these types of web sites and not use any P2P applications.

Many users who asked for help in removing malware from their computer, got infected through file sharing programs. It is pretty much certain that if you continue to use P2P programs, you will get infected again.

 

I would recommend that you uninstall uTorrent, however that choice is up to you. If you choose to remove these programs, you can do so via Start > Settings > Apps and Features, then select the program from the list and click Uninstall button.

If you wish to keep it, please do not use it until your computer is cleaned.


Next,

The Malwarebytes log you posted shows that you did not take any action over the threats it found (below is just one of many items):
PUP.Optional.Conduit, HKLM\SOFTWARE\MICROSOFT\INTERNET EXPLORER\SEARCHSCOPES\{0633EE93-D776-472F-A0FF-E1416B8B2E3A}, No Action By User, 194, 236865, , , ,

Can you tell me why? If you do not quarantine all infected items it found, they will remain active in your system. The instructions below will show you on how to do that. Please do it now.

  • Open Malwarebytes.
  • Go to "Settings" (upper right corner wheel), "Security" tab, and ensure that Automatic quarantine button is turned On.
  • Now scroll down a bit until "Scan options" and ensure the Scan for rootkits button is turned On.
  • Close the "Settings" panel and click the Scan blue button to perform a new scan.
  • Once the scan is completed click on the View report button, then on Export and select Export to TXT.
  • Save the file as a Text file to your Desktop or other location you can find it.
  • Please copy and paste the entire content of that file in your reply.

 

 

Next,

Please download the latest version of AdwCleaner by Malwarebytes and save the file to your computer Desktop.

  • Right-click on AdwCleaner.exe and select Run as Administrator to start the tool.
  • Click Yes to accept the UAC security warning that may appear.
  • Click Agree to accept the EULA (End User License Agreement).
  • Click the Scan Now blue button and wait until the scan is complete.
  • Once the scan completes, a Scan Results window will open.
  • Make sure that every item listed is checked and then click the Quarantine button.
  • Click Next.
  • If any pre-installed software was found on your machine, a prompt window will open.
  • Click OK to close it.
  • Now check any pre-installed software items you want to remove (if they're not causing you a problem I recommend you don't select any).
  • Click Quarantine.
  • A prompt to save your work will appear.
  • Click Continue when you're ready to proceed.
  • A prompt to restart your computer will appear.
  • Click Restart Now.
  • Once your computer has restarted a Notepad file will open after logging in.
  • If it doesn't open automatically, please start AdwCleaner.
  • Click the Log Files tab on the left pane.
  • Double click on the latest Clean log (Clean logs are like AdwCleaner[Cxx].txt, where xx is replaced by a number, the latest scan will have the largest number)
  • Please copy and paste the entire content of that file into your next reply.

 

 

Next,

NOTICE: The following script was written specifically for this user, for use on this particular machine. Running this on another machine may cause damage to your operating system.

Press the Windows key + R on your keyboard at the same time. This will open the RUN BOX.
Type Notepad and click the OK button.
Please copy the entire contents of the code box below. To do this highlight the contents of the box and right click on it and select Copy.
Paste this into the open Notepad.
 

Start::
CreateRestorePoint:
CloseProcesses:
HKLM Group Policy restriction on software: %systemroot%\system32\mrt.exe <==== ATTENTION
FF HKLM\SOFTWARE\Policies\Mozilla\Firefox: Restriction <==== ATTENTION
CHR HKLM\SOFTWARE\Policies\Google: Restriction <==== ATTENTION
Task: {005038F6-0B41-470F-85CA-0DED2A92EAE4} - \Microsoft\Windows\Setup\gwx\refreshgwxconfigandcontent -> No File <==== ATTENTION
Task: {02773121-4506-4203-A153-927B28A98CA2} - \Microsoft\Windows\UNP\RunCampaignManager -> No File <==== ATTENTION
Task: {0B628AA5-4D07-4948-AA02-53CCD3FA0710} - \Microsoft\Windows\Setup\GWXTriggers\OutOfSleep-5d -> No File <==== ATTENTION
Task: {2B49C405-788E-48C8-9D7A-9605436C1513} - \WPD\SqmUpload_S-1-5-21-3106986344-3918020473-2541437126-1002 -> No File <==== ATTENTION
Task: {46C206C1-4055-4DFD-B73C-0B55DDAEE405} - \Microsoft\Windows\Setup\GWXTriggers\Time-5d -> No File <==== ATTENTION
Task: {8A3F959C-F0E6-4FBA-9352-47B5B24AE0BA} - \Microsoft\Windows\Setup\gwx\refreshgwxcontent -> No File <==== ATTENTION
Task: {A97D4BB5-0183-4C62-8319-B7757C7FF33C} - \Microsoft\Windows\Setup\GWXTriggers\Logon-5d -> No File <==== ATTENTION
Task: {ABBF0116-7589-4D9D-B8F9-3D9B6C9E3954} - \Microsoft\Windows\Setup\gwx\launchtrayprocess -> No File <==== ATTENTION
Task: {B33FBB15-11D3-4375-A3F1-BCD9659FF504} - \Microsoft\Windows\Setup\GWXTriggers\refreshgwxconfig-B -> No File <==== ATTENTION
Task: {B3F41EE1-DD20-4A7B-881B-C041E4752187} - \Microsoft\Windows\Setup\gwx\refreshgwxconfig -> No File <==== ATTENTION
Task: {C31A8421-A445-4E5F-8918-1F7F5B1B36FA} - \Microsoft\Windows\Setup\GWXTriggers\Telemetry-4xd -> No File <==== ATTENTION
Task: {C5691CEC-EFBA-40D5-8336-14BCEFA58588} - \Microsoft\Windows\Setup\GWXTriggers\OutOfIdle-5d -> No File <==== ATTENTION
Task: {DE601883-5019-4061-B766-5EAF3F98DE55} - \Microsoft\Windows\Setup\GWXTriggers\MachineUnlock-5d -> No File <==== ATTENTION
HKU\S-1-5-21-3106986344-3918020473-2541437126-1002\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.bing.com/?pc=COS2&ptag=D051819-A915F698E57&form=CONMHP&conlogo=CT3335818
SearchScopes: HKU\S-1-5-21-3106986344-3918020473-2541437126-1002 -> DefaultScope {BF9B3202-A8F4-4774-882D-96C8A21F6C46} URL =
SearchScopes: HKU\S-1-5-21-3106986344-3918020473-2541437126-1002 -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxp://www.bing.com/search?pc=COS2&ptag=D051819-N0700A915F698E57&form=CONBDF&conlogo=CT3335818&q={searchTerms}
SearchScopes: HKU\S-1-5-21-3106986344-3918020473-2541437126-1002 -> {BF9B3202-A8F4-4774-882D-96C8A21F6C46} URL =
FF NewTab: Mozilla\Firefox\Profiles\ynmzwun2.default -> hxxp://www.bing.com/?pc=COS2&ptag=D051819-N0600A915F698E57&form=CONMHP&conlogo=CT3335818
FF Extension: (Video Downloader professional) - C:\Users\Pauline\AppData\Roaming\Mozilla\Firefox\Profiles\ynmzwun2.default\Extensions\ffext_basicvideoext@startpage24.xpi [2020-03-10]
CHR NewTab: Default ->  Active:"chrome-extension://kohoehgoafblafjinhplmhcbphgaaobc/product.html"
CHR HKLM-x32\...\Chrome\Extension: [eofcbnmajmjmplflapaojjnihcjkigck]
CHR HKLM-x32\...\Chrome\Extension: [gomekmidlodglbbmalcneegieacbdmki] - C:\Program Files\AVAST Software\Avast\WebRep\Chrome\aswWebRepChrome.crx <not found>
IE trusted site: HKU\.DEFAULT\...\localhost -> localhost
IE trusted site: HKU\.DEFAULT\...\webcompanion.com -> hxxp://webcompanion.com
IE trusted site: HKU\S-1-5-21-3106986344-3918020473-2541437126-1002\...\localhost -> localhost
IE trusted site: HKU\S-1-5-21-3106986344-3918020473-2541437126-1002\...\webcompanion.com -> hxxp://webcompanion.com
FirewallRules: [{49C1769A-FBD7-4C05-81AC-4FADDA756553}] => (Allow) C:\Users\Pauline\AppData\Local\Temp\EpInsNav\DL\3013\Network\EpsonNetSetup\Data\ENEasyApp.exe => No File
FirewallRules: [{64CBD3F0-45E2-43ED-A824-9CB74B3268C3}] => (Allow) C:\Users\Pauline\AppData\Local\Temp\EpInsNav\DL\3013\Network\EpsonNetSetup\Data\ENEasyApp.exe => No File
FirewallRules: [{3E07AD9B-860C-494E-A604-3FD23FCE3790}] => (Allow) C:\Program Files\AVAST Software\Avast\ng\vbox\aswFe.exe => No File
FirewallRules: [{19442169-ADB0-4E5B-8B40-ADE5F3419811}] => (Allow) C:\Program Files\AVAST Software\Avast\ng\vbox\aswFe.exe => No File
FirewallRules: [{CFC66B4D-9678-47A0-AC63-B49B9AA589EA}] => (Allow) C:\Users\Pauline\AppData\Local\Temp\7zS356D\HPDiagnosticCoreUI.exe => No File
FirewallRules: [{879BB6B9-4B42-470F-9771-181A9169F60C}] => (Allow) C:\Users\Pauline\AppData\Local\Temp\7zS356D\HPDiagnosticCoreUI.exe => No File
FirewallRules: [{573D3238-9EF2-4D83-8F71-411C748215D7}] => (Allow) C:\Users\Pauline\AppData\Local\Temp\7zS2BDB\HPDiagnosticCoreUI.exe => No File
FirewallRules: [{6927EB13-6672-4BC6-A19F-96169A147774}] => (Allow) C:\Users\Pauline\AppData\Local\Temp\7zS2BDB\HPDiagnosticCoreUI.exe => No File
FirewallRules: [{18B09901-E5BD-4834-81D9-DA2AAB0641CA}] => (Allow) C:\Users\Pauline\AppData\Local\Temp\7zS7262\HP.EasyStart.exe => No File
FirewallRules: [{29A4985A-A7EE-4537-9B50-138474CA7B85}] => (Allow) C:\Users\Pauline\AppData\Local\Temp\7zS3A00\HP.EasyStart.exe => No File
FirewallRules: [{5D695CAC-8258-474D-A5D4-6C27C740C073}] => (Allow) C:\Users\Pauline\AppData\Local\Temp\7zS2433\HP.EasyStart.exe => No File
FirewallRules: [{B096545E-7D4C-4DF3-A1F3-53763FC9B5AC}] => (Allow) C:\Program Files\AVAST Software\Avast\ng\vbox\aswFe.exe => No File
FirewallRules: [{EE212A33-A6BD-433A-AFD0-75A85B9F106A}] => (Allow) C:\Program Files\AVAST Software\Avast\ng\vbox\aswFe.exe => No File
FirewallRules: [{5CAAA95A-5745-4CC0-86E0-7FD312735156}] => (Allow) C:\Program Files\Common Files\mcafee\platform\McSvcHost\McSvHost.exe => No File
FirewallRules: [{964A953E-F081-4B65-8C5D-5108BF81124F}] => (Allow) C:\Program Files\Common Files\mcafee\platform\McSvcHost\McSvHost.exe => No File
FirewallRules: [{35EAE3D4-F480-4DBB-A5EC-F3B062984401}] => (Allow) C:\Users\Pauline\AppData\Local\Microsoft\SkyDrive\SkyDrive.exe => No File
FirewallRules: [{636C7DE4-2344-461F-8775-75FD799C2F98}] => (Allow) C:\Program Files\Common Files\mcafee\platform\McSvcHost\McSvHost.exe => No File
FirewallRules: [{07EE119F-61CA-4DF6-83E0-475B8B56C132}] => (Allow) C:\Program Files\Common Files\mcafee\platform\McSvcHost\McSvHost.exe => No File
FirewallRules: [{14A8B844-A51E-496A-9A49-A860412410D1}] => (Allow) C:\Users\Pauline\AppData\Local\Temp\7zS3B82\HPDiagnosticCoreUI.exe => No File
FirewallRules: [{9E1EE59A-7A39-43BE-97B6-0D8F480B8E0A}] => (Allow) C:\Users\Pauline\AppData\Local\Temp\7zS3B82\HPDiagnosticCoreUI.exe => No File
FirewallRules: [{82076FBC-AC1D-4858-AF62-04D3FE812CC2}] => (Allow) C:\Users\Pauline\AppData\Local\Temp\7zS3C0B\HPDiagnosticCoreUI.exe => No File
FirewallRules: [{1C865480-E445-417C-AD33-2606A5B266E6}] => (Allow) C:\Users\Pauline\AppData\Local\Temp\7zS3C0B\HPDiagnosticCoreUI.exe => No File
FirewallRules: [{36A904BB-BFFD-4508-846F-432D6BCD1E70}] => (Allow) C:\Users\Pauline\AppData\Roaming\Zoom\bin\airhost.exe => No File
CMD: ipconfig /flushdns
Hosts:
EmptyTemp:
End::

Save the file as fixlist.txt in to the same folder as FRST.
Right-click on FRST icon and select Run as administrator to run the tool.
Click the Fix button only once and wait.
When finished FRST will generate a log (Fixlog.txt) on the same folder as FRST is running from. Please post its content to your next reply.

NOTE. It's important that both files, FRST and fixlist.txt are in the same location or the fix will not work.

If for some reason the tool needs a restart, please make sure you let the system restart normally. If for whatever reason it does not restart by it self, please do it on your own.


In your next reply I will need to see the contents of:
Malwarebytes quarantine log.
AdwCleaner clean log.
Fixlog.txt

Also, let me know how is the computer running now.


Thank you

Android8888


Android 8888
 
Website: http://android8888.comlu.com
 
Tavira - Here's where I live!
 
Please read the Instructions for posting requested logs and the article "So how did I get infected in the first place?"
 
Our help is free, but if you wish to help keep these forums running please consider a donation; Please see This Topic for details.

#8 Tyrellcorp

Tyrellcorp

    Member

  • Full Member
  • Pip
  • 13 posts

Posted 13 May 2020 - 07:25 PM

Dear Android 8888,

 

Thanks so much for your help, I'm so appreciative of you sharing your time and expertise.

 

Thanks for the advice, I uninstalled uTorrent and reset the router.

 

I honestly can't say why I didn't quarantine the threats! I think I was simply follwing the protocol of scanning and copying the logs. Perhaps a family member closed the program at that point when they came to use the PC, but I'm not sure. (I'm doing at night time now so as I'm the only one using it).

 

Anyway, I'll post the logs, I do hope I've done this correctly. I got two logs for Malwarebytes, I think one before quarantining and one after. I guess you want the one after, but posted both just in case.

 

Original Malwarebytes log (before quarantined)

 

Malwarebytes
www.malwarebytes.com

-Log Details-
Scan Date: 5/13/20
Scan Time: 10:20 AM
Log File: 0b9ef52b-94fb-11ea-9c98-c03fd507503d.json

-Software Information-
Version: 4.1.0.56
Components Version: 1.0.896
Update Package Version: 1.0.23754
License: Trial

-System Information-
OS: Windows 10 (Build 18362.778)
CPU: x64
File System: NTFS
User: System

-Scan Summary-
Scan Type: Threat Scan
Scan Initiated By: Scheduler
Result: Completed
Objects Scanned: 318363
Threats Detected: 46
Threats Quarantined: 46
Time Elapsed: 45 min, 21 sec

-Scan Options-
Memory: Enabled
Startup: Enabled
Filesystem: Enabled
Archives: Enabled
Rootkits: Disabled
Heuristics: Enabled
PUP: Detect
PUM: Detect

-Scan Details-
Process: 0
(No malicious items detected)

Module: 0
(No malicious items detected)

Registry Key: 3
PUP.Optional.Conduit, HKLM\SOFTWARE\MICROSOFT\INTERNET EXPLORER\SEARCHSCOPES\{0633EE93-D776-472F-A0FF-E1416B8B2E3A}, Delete-on-Reboot, 194, 236865, , , ,
PUP.Optional.Conduit, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\INTERNET EXPLORER\SEARCHSCOPES\{0633EE93-D776-472F-A0FF-E1416B8B2E3A}, Delete-on-Reboot, 194, 236865, , , ,
PUP.Optional.Conduit, HKU\S-1-5-21-3106986344-3918020473-2541437126-1002\SOFTWARE\MICROSOFT\INTERNET EXPLORER\SEARCHSCOPES\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}, Delete-on-Reboot, 194, 236865, 1.0.23754, , ame,

Registry Value: 5
PUP.Optional.Conduit, HKU\S-1-5-21-3106986344-3918020473-2541437126-1002\SOFTWARE\MICROSOFT\INTERNET EXPLORER\SEARCHSCOPES\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}|URL, Delete-on-Reboot, 194, 236865, 1.0.23754, , ame,
PUP.Optional.Conduit, HKU\S-1-5-21-3106986344-3918020473-2541437126-1002\SOFTWARE\MICROSOFT\INTERNET EXPLORER\SEARCHSCOPES\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}|TOPRESULTURL, Delete-on-Reboot, 194, 236865, 1.0.23754, , ame,
PUP.Optional.MindSpark.Generic, HKU\S-1-5-21-3106986344-3918020473-2541437126-1002\SOFTWARE\GOOGLE\CHROME\PREFERENCEMACS\Default\extensions.settings|jbdhaekeogebjjbaldibekfepbhogdng, Delete-on-Reboot, 1811, 443122, , , ,
PUP.Optional.MindSpark.Generic, HKU\S-1-5-21-3106986344-3918020473-2541437126-1002\SOFTWARE\GOOGLE\CHROME\PREFERENCEMACS\Default\extensions.settings|kohoehgoafblafjinhplmhcbphgaaobc, Delete-on-Reboot, 1811, 443121, , , ,
PUP.Optional.SearchEncrypt.Generic, HKU\S-1-5-21-3106986344-3918020473-2541437126-1002\SOFTWARE\GOOGLE\CHROME\PREFERENCEMACS\Default\extensions.settings|miccbchdddoellcffocmhaankbmiapll, Delete-on-Reboot, 15155, 448980, , , ,

Registry Data: 1
PUP.Optional.Conduit, HKU\S-1-5-21-3106986344-3918020473-2541437126-1002\SOFTWARE\MICROSOFT\INTERNET EXPLORER\MAIN|START PAGE, Replace-on-Reboot, 194, 293058, 1.0.23754, , ame,

Data Stream: 0
(No malicious items detected)

Folder: 5
PUP.Optional.MindSpark.Generic, C:\USERS\PAULINE\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\EXTENSIONS\JBDHAEKEOGEBJJBALDIBEKFEPBHOGDNG, Delete-on-Reboot, 1811, 443122, 1.0.23754, , ame,
PUP.Optional.MindSpark.Generic, C:\USERS\PAULINE\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\Default\Local Extension Settings\kohoehgoafblafjinhplmhcbphgaaobc, Delete-on-Reboot, 1811, 443121, , , ,
PUP.Optional.MindSpark.Generic, C:\USERS\PAULINE\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\EXTENSIONS\KOHOEHGOAFBLAFJINHPLMHCBPHGAAOBC, Delete-on-Reboot, 1811, 443121, 1.0.23754, , ame,
PUP.Optional.SearchEncrypt.Generic, C:\USERS\PAULINE\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\Default\Sync Extension Settings\miccbchdddoellcffocmhaankbmiapll, Delete-on-Reboot, 15155, 448980, , , ,
PUP.Optional.SearchEncrypt.Generic, C:\USERS\PAULINE\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\EXTENSIONS\MICCBCHDDDOELLCFFOCMHAANKBMIAPLL, Delete-on-Reboot, 15155, 448980, 1.0.23754, , ame,

File: 32
PUP.Optional.StartPage24, C:\USERS\PAULINE\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\YNMZWUN2.DEFAULT\EXTENSIONS\FFEXT_BASICVIDEOEXT@STARTPAGE24.XPI, Delete-on-Reboot, 4602, 186354, 1.0.23754, , ame,
PUP.Optional.MindSpark.Generic, C:\USERS\PAULINE\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\Default\LOCAL STORAGE\http_inboxace.dl.tb.ask.com_0.localstorage, Delete-on-Reboot, 1811, 443123, 1.0.23754, , ame,
PUP.Optional.MindSpark.Generic, C:\USERS\PAULINE\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\Default\LOCAL STORAGE\http_inboxace.dl.tb.ask.com_0.localstorage-journal, Delete-on-Reboot, 1811, 443123, 1.0.23754, , ame,
PUP.Optional.Conduit, C:\USERS\PAULINE\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\YNMZWUN2.DEFAULT\PREFS.JS, Replaced, 194, 301520, 1.0.23754, , ame,
PUP.Optional.MindSpark.Generic, C:\USERS\PAULINE\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\Default\Secure Preferences, Replaced, 1811, 443122, , , ,
PUP.Optional.MindSpark.Generic, C:\USERS\PAULINE\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\Default\Preferences, Replaced, 1811, 443122, , , ,
PUP.Optional.MindSpark.Generic, C:\USERS\PAULINE\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\EXTENSIONS\JBDHAEKEOGEBJJBALDIBEKFEPBHOGDNG\12.9.6.8604_0\MANIFEST.JSON, Delete-on-Reboot, 1811, 443122, 1.0.23754, , ame,
PUP.Optional.MindSpark.Generic, C:\USERS\PAULINE\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\Default\Secure Preferences, Replaced, 1811, 443121, , , ,
PUP.Optional.MindSpark.Generic, C:\USERS\PAULINE\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\Default\Preferences, Replaced, 1811, 443121, , , ,
PUP.Optional.MindSpark.Generic, C:\Users\Pauline\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\kohoehgoafblafjinhplmhcbphgaaobc\000003.log, Delete-on-Reboot, 1811, 443121, , , ,
PUP.Optional.MindSpark.Generic, C:\Users\Pauline\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\kohoehgoafblafjinhplmhcbphgaaobc\CURRENT, Delete-on-Reboot, 1811, 443121, , , ,
PUP.Optional.MindSpark.Generic, C:\Users\Pauline\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\kohoehgoafblafjinhplmhcbphgaaobc\LOCK, Delete-on-Reboot, 1811, 443121, , , ,
PUP.Optional.MindSpark.Generic, C:\Users\Pauline\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\kohoehgoafblafjinhplmhcbphgaaobc\LOG, Delete-on-Reboot, 1811, 443121, , , ,
PUP.Optional.MindSpark.Generic, C:\Users\Pauline\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\kohoehgoafblafjinhplmhcbphgaaobc\LOG.old, Delete-on-Reboot, 1811, 443121, , , ,
PUP.Optional.MindSpark.Generic, C:\Users\Pauline\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\kohoehgoafblafjinhplmhcbphgaaobc\MANIFEST-000001, Delete-on-Reboot, 1811, 443121, , , ,
PUP.Optional.MindSpark.Generic, C:\USERS\PAULINE\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\EXTENSIONS\KOHOEHGOAFBLAFJINHPLMHCBPHGAAOBC\13.917.17.3591_0\MANIFEST.JSON, Delete-on-Reboot, 1811, 443121, 1.0.23754, , ame,
PUP.Optional.SearchEncrypt.Generic, C:\USERS\PAULINE\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\Default\Secure Preferences, Replaced, 15155, 448980, , , ,
PUP.Optional.SearchEncrypt.Generic, C:\USERS\PAULINE\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\Default\Preferences, Replaced, 15155, 448980, , , ,
PUP.Optional.SearchEncrypt.Generic, C:\Users\Pauline\AppData\Local\Google\Chrome\User Data\Default\Sync Extension Settings\miccbchdddoellcffocmhaankbmiapll\000003.log, Delete-on-Reboot, 15155, 448980, , , ,
PUP.Optional.SearchEncrypt.Generic, C:\Users\Pauline\AppData\Local\Google\Chrome\User Data\Default\Sync Extension Settings\miccbchdddoellcffocmhaankbmiapll\CURRENT, Delete-on-Reboot, 15155, 448980, , , ,
PUP.Optional.SearchEncrypt.Generic, C:\Users\Pauline\AppData\Local\Google\Chrome\User Data\Default\Sync Extension Settings\miccbchdddoellcffocmhaankbmiapll\LOCK, Delete-on-Reboot, 15155, 448980, , , ,
PUP.Optional.SearchEncrypt.Generic, C:\Users\Pauline\AppData\Local\Google\Chrome\User Data\Default\Sync Extension Settings\miccbchdddoellcffocmhaankbmiapll\LOG, Delete-on-Reboot, 15155, 448980, , , ,
PUP.Optional.SearchEncrypt.Generic, C:\Users\Pauline\AppData\Local\Google\Chrome\User Data\Default\Sync Extension Settings\miccbchdddoellcffocmhaankbmiapll\LOG.old, Delete-on-Reboot, 15155, 448980, , , ,
PUP.Optional.SearchEncrypt.Generic, C:\Users\Pauline\AppData\Local\Google\Chrome\User Data\Default\Sync Extension Settings\miccbchdddoellcffocmhaankbmiapll\MANIFEST-000001, Delete-on-Reboot, 15155, 448980, , , ,
PUP.Optional.SearchEncrypt.Generic, C:\USERS\PAULINE\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\EXTENSIONS\MICCBCHDDDOELLCFFOCMHAANKBMIAPLL\2.2.19_0\MANIFEST.JSON, Delete-on-Reboot, 15155, 448980, 1.0.23754, , ame,
PUP.Optional.MindSpark.Generic, C:\USERS\PAULINE\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\EXTENSIONS\KOHOEHGOAFBLAFJINHPLMHCBPHGAAOBC\13.917.17.3591_0\CONFIG\CONFIG.JSON, Delete-on-Reboot, 1811, 456842, 1.0.23754, , ame,
Generic.Malware/Suspicious, C:\USERS\PAULINE\DOCUMENTS\DOWNLOADS\MUSICNOTESSUITE(2).EXE, Delete-on-Reboot, 0, 392686, 1.0.23754, , shuriken,
Generic.Malware/Suspicious, C:\USERS\PAULINE\DOCUMENTS\DOWNLOADS\MUSICNOTESSUITE.EXE, Delete-on-Reboot, 0, 392686, 1.0.23754, , shuriken,
PUP.Optional.InboxTB, C:\USERS\PAULINE\DOCUMENTS\DOWNLOADS\PUBLICTRANSPORTSETUP(2).EXE, Delete-on-Reboot, 671, 603680, 1.0.23754, , ame,
PUP.Optional.InboxTB, C:\USERS\PAULINE\DOCUMENTS\DOWNLOADS\PUBLICTRANSPORTSETUP(3).EXE, Delete-on-Reboot, 671, 603680, 1.0.23754, , ame,
PUP.Optional.InboxTB, C:\USERS\PAULINE\DOCUMENTS\DOWNLOADS\PUBLICTRANSPORTSETUP.EXE, Delete-on-Reboot, 671, 603680, 1.0.23754, , ame,
PUP.Optional.BundleInstaller, C:\USERS\PAULINE\DOWNLOADS\UTORRENT.EXE, Delete-on-Reboot, 504, 790622, 1.0.23754, , ame,

Physical Sector: 0
(No malicious items detected)

WMI: 0
(No malicious items detected)


(end)

 

Malwarebytes log after quarantined

 

Malwarebytes
www.malwarebytes.com

-Log Details-
Scan Date: 5/13/20
Scan Time: 2:09 PM
Log File: f169afc2-951a-11ea-987a-c03fd507503d.json

-Software Information-
Version: 4.1.0.56
Components Version: 1.0.896
Update Package Version: 1.0.23762
License: Trial

-System Information-
OS: Windows 10 (Build 18362.778)
CPU: x64
File System: NTFS
User: PAULINE-PC\Pauline

-Scan Summary-
Scan Type: Threat Scan
Scan Initiated By: Manual
Result: Completed
Objects Scanned: 321723
Threats Detected: 1
Threats Quarantined: 1
Time Elapsed: 39 min, 30 sec

-Scan Options-
Memory: Enabled
Startup: Enabled
Filesystem: Enabled
Archives: Enabled
Rootkits: Enabled
Heuristics: Enabled
PUP: Detect
PUM: Detect

-Scan Details-
Process: 0
(No malicious items detected)

Module: 0
(No malicious items detected)

Registry Key: 0
(No malicious items detected)

Registry Value: 0
(No malicious items detected)

Registry Data: 0
(No malicious items detected)

Data Stream: 0
(No malicious items detected)

Folder: 0
(No malicious items detected)

File: 1
PUP.Optional.Conduit, C:\USERS\PAULINE\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\YNMZWUN2.DEFAULT\PREFS.JS, Replaced, 194, 301520, 1.0.23762, , ame,

Physical Sector: 0
(No malicious items detected)

WMI: 0
(No malicious items detected)


(end)

 

 

 

 

 

 

Adwcleaner log

 

# -------------------------------
# Malwarebytes AdwCleaner 8.0.4.0
# -------------------------------
# Build:    04-03-2020
# Database: 2020-04-08.2 (Cloud)
# Support:  https://www.malwarebytes.com/support
#
# -------------------------------
# Mode: Clean
# -------------------------------
# Start:    05-13-2020
# Duration: 00:00:57
# OS:       Windows 10 Home
# Cleaned:  52
# Failed:   12


***** [ Services ] *****

Deleted       WCAssistantService

***** [ Folders ] *****

Deleted       C:\Program Files (x86)\Amazon\ABB
Deleted       C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Lavasoft\WebCompanion
Deleted       C:\Users\Pauline\AppData\Local\Lavasoft\WEBCOMPANION.EXE_URL_SIQ0LWF3TZGXP2KHFKLLYBK3IDTBEHNG
Deleted       C:\Users\Pauline\AppData\Roaming\Lavasoft\Web Companion
Not Deleted   C:\Program Files (x86)\Lavasoft\Web Companion
Not Deleted   C:\ProgramData\Application Data\Lavasoft\Web Companion
Not Deleted   C:\ProgramData\Lavasoft\Web Companion

***** [ Files ] *****

No malicious files cleaned.

***** [ DLL ] *****

No malicious DLLs cleaned.

***** [ WMI ] *****

No malicious WMI cleaned.

***** [ Shortcuts ] *****

No malicious shortcuts cleaned.

***** [ Tasks ] *****

No malicious tasks cleaned.

***** [ Registry ] *****

Deleted       HKCU\Software\Lavasoft\Web Companion
Deleted       HKCU\Software\Microsoft\Internet Explorer\DOMStorage\castplatform.com
Deleted       HKCU\Software\Microsoft\Internet Explorer\DOMStorage\cdn.castplatform.com
Deleted       HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\StartupApproved\Run|Web Companion
Deleted       HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\webcompanion.com
Deleted       HKCU\Software\Microsoft\Windows\CurrentVersion\Run|Web Companion
Deleted       HKLM\SYSTEM\Setup\FirstBoot\Services\WCAssistantService
Deleted       HKLM\Software\Wow6432Node\Lavasoft\Web Companion
Deleted       HKLM\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{d977fa78-a092-40bd-92eb-777f181191f0}|DisplayIcon
Deleted       HKLM\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{d977fa78-a092-40bd-92eb-777f181191f0}|DisplayName
Deleted       HKLM\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{d977fa78-a092-40bd-92eb-777f181191f0}|UninstallString
Deleted       HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\webcompanion.com
Deleted       HKU\.DEFAULT\Software\Mozilla\NativeMessagingHosts\com.webcompanion.native
Deleted       HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\webcompanion.com

***** [ Chromium (and derivatives) ] *****

No malicious Chromium entries cleaned.

***** [ Chromium URLs ] *****

No malicious Chromium URLs cleaned.

***** [ Firefox (and derivatives) ] *****

No malicious Firefox entries cleaned.

***** [ Firefox URLs ] *****

No malicious Firefox URLs cleaned.

***** [ Hosts File Entries ] *****

No malicious hosts file entries cleaned.

***** [ Preinstalled Software ] *****

Deleted       Preinstalled.HPSupportAssistant   Folder   C:\Program Files (x86)\HEWLETT-PACKARD\HP CUSTOMER FEEDBACK
Deleted       Preinstalled.HPSupportAssistant   Folder   C:\ProgramData\HEWLETT-PACKARD\HP SUPPORT FRAMEWORK
Deleted       Preinstalled.HPSupportAssistant   Folder   C:\Users\Pauline\AppData\Local\HEWLETT-PACKARD\HP SUPPORT FRAMEWORK
Deleted       Preinstalled.HPSupportAssistant   Folder   C:\Users\Pauline\AppData\Roaming\HEWLETT-PACKARD\HP SUPPORT FRAMEWORK
Deleted       Preinstalled.HPSupportAssistant   Folder   C:\Windows\System32\config\systemprofile\AppData\Local\HEWLETT-PACKARD\HP SUPPORT FRAMEWORK
Deleted       Preinstalled.HPSupportAssistant   Registry   HKLM\Software\Wow6432Node\\Classes\CLSID\{C0ABBA07-B636-47B8-B9E1-BB96D7CD4831}
Deleted       Preinstalled.HPSupportAssistant   Registry   HKLM\Software\Wow6432Node\\Microsoft\Windows\CurrentVersion\Uninstall\{05F81C27-62A5-4A0C-8519-60CB66CF87C6}
Deleted       Preinstalled.HPSupportAssistant   Registry   HKLM\Software\Wow6432Node\\Microsoft\Windows\CurrentVersion\Uninstall\{183BD477-774B-4700-B40B-EE43886E74D2}
Deleted       Preinstalled.HPTouchpointAnalyticsClient   Folder   C:\ProgramData\HP\HP TOUCHPOINT ANALYTICS CLIENT
Deleted       Preinstalled.HPTouchpointAnalyticsClient   Registry   HKLM\Software\Microsoft\Windows\CurrentVersion\Uninstall\{E5FB98E0-0784-44F0-8CEC-95CD4690C43F}
Deleted       Preinstalled.LenovoAppShop   Folder   C:\ProgramData\LENOVO\LENOVOAPPSHOP
Deleted       Preinstalled.LenovoAppShop   Registry   HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\StartupApproved\Run32|Lenovo App Shop
Deleted       Preinstalled.LenovoAppShop   Registry   HKLM\Software\Wow6432Node\\Microsoft\Windows\CurrentVersion\Run|Lenovo App Shop
Deleted       Preinstalled.LenovoAppShop   Registry   HKLM\Software\Wow6432Node\\Microsoft\Windows\CurrentVersion\Uninstall\Lenovo App Shop 45246
Deleted       Preinstalled.LenovoIMController   Folder   C:\Users\Pauline\AppData\Local\LENOVO\IMCONTROLLER
Deleted       Preinstalled.LenovoIMController   Folder   C:\Windows\System32\Tasks\LENOVO\IMCONTROLLER
Deleted       Preinstalled.LenovoIMController   Registry   HKLM\Software\Wow6432Node\\Microsoft\Windows\CurrentVersion\Uninstall\Lenovo Dependency Package_is1
Deleted       Preinstalled.LenovoIMController   Registry   HKLM\Software\Wow6432Node\\Microsoft\Windows\CurrentVersion\Uninstall\{3117B53D-A409-4D99-A0DE-11A1A40696FA}
Deleted       Preinstalled.LenovoLVT   Registry   HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\StartupApproved\Run32|LVT
Deleted       Preinstalled.LenovoLVT   Registry   HKLM\Software\Wow6432Node\\Microsoft\Windows\CurrentVersion\Run|LVT
Deleted       Preinstalled.LenovoLVT   Registry   HKLM\Software\Wow6432Node\\Microsoft\Windows\CurrentVersion\Uninstall\{9E3469A6-443A-452C-BF44-8D7CE3A9A7E2}
Deleted       Preinstalled.LenovoPower2Go   Folder   C:\ProgramData\Microsoft\Windows\Start Menu\Programs\LENOVO\POWER2GO
Deleted       Preinstalled.LenovoPower2Go   Registry   HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\StartupApproved\Run32|CLMLServer
Deleted       Preinstalled.LenovoPower2Go   Registry   HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\StartupApproved\Run32|UpdateP2GoShortCut
Deleted       Preinstalled.LenovoPower2Go   Registry   HKLM\Software\Wow6432Node\\Microsoft\Windows\CurrentVersion\Run|CLMLServer
Deleted       Preinstalled.LenovoPower2Go   Registry   HKLM\Software\Wow6432Node\\Microsoft\Windows\CurrentVersion\Run|UpdateP2GoShortCut
Deleted       Preinstalled.LenovoPower2Go   Registry   HKLM\Software\Wow6432Node\\Microsoft\Windows\CurrentVersion\Uninstall\InstallShield_{40BF1E83-20EB-11D8-97C5-0009C5020658}
Deleted       Preinstalled.LenovoPower2Go   Registry   HKLM\Software\Wow6432Node\\Microsoft\Windows\CurrentVersion\Uninstall\{40BF1E83-20EB-11D8-97C5-0009C5020658}
Deleted       Preinstalled.LenovoPowerDVD   Registry   HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\StartupApproved\Run32|RemoteControl10
Deleted       Preinstalled.LenovoPowerDVD   Registry   HKLM\Software\Wow6432Node\\Microsoft\Windows\CurrentVersion\Run|RemoteControl10
Deleted       Preinstalled.LenovoPowerDVD   Registry   HKLM\Software\Wow6432Node\\Microsoft\Windows\CurrentVersion\Uninstall\InstallShield_{DEC235ED-58A4-4517-A278-C41E8DAEAB3B}
Deleted       Preinstalled.LenovoPowerDVD   Registry   HKLM\Software\Wow6432Node\\Microsoft\Windows\CurrentVersion\Uninstall\{DEC235ED-58A4-4517-A278-C41E8DAEAB3B}
Deleted       Preinstalled.LenovoSolutionCenter   Registry   HKLM\Software\Microsoft\Windows\CurrentVersion\Uninstall\{AFDE512F-7BCD-46B6-91C0-230812139EEF}
Not Deleted   Preinstalled.HPSupportAssistant   Folder   C:\Program Files (x86)\HEWLETT-PACKARD\HP SUPPORT FRAMEWORK
Not Deleted   Preinstalled.HPSupportAssistant   Folder   C:\Program Files (x86)\HEWLETT-PACKARD\HP SUPPORT SOLUTIONS
Not Deleted   Preinstalled.HPTouchpointAnalyticsClient   Folder   C:\Program Files\HP\HP TOUCHPOINT ANALYTICS CLIENT
Not Deleted   Preinstalled.LenovoAppShop   Folder   C:\Program Files (x86)\LENOVO\LENOVOAPPSHOP
Not Deleted   Preinstalled.LenovoIMController   Folder   C:\ProgramData\LENOVO\IMCONTROLLER
Not Deleted   Preinstalled.LenovoIMController   Folder   C:\Windows\LENOVO\IMCONTROLLER
Not Deleted   Preinstalled.LenovoLVT   Folder   C:\Program Files\LENOVO\LVT
Not Deleted   Preinstalled.LenovoPower2Go   Folder   C:\Program Files (x86)\LENOVO\POWER2GO
Not Deleted   Preinstalled.LenovoSolutionCenter   Folder   C:\Program Files\LENOVO\LENOVO SOLUTION CENTER


*************************

[+] Delete Tracing Keys
[+] Reset Winsock

*************************

AdwCleaner[S00].txt - [8662 octets] - [13/05/2020 14:55:55]

########## EOF - C:\AdwCleaner\Logs\AdwCleaner[C00].txt ##########

 

 

 

 

 

 

Fixlist txt

 

Fix result of Farbar Recovery Scan Tool (x64) Version: 13-05-2020 01
Ran by Pauline (13-05-2020 15:26:18) Run:1
Running from C:\Users\Pauline\Desktop\New folder (2)
Loaded Profiles: Pauline
Boot Mode: Normal
==============================================

fixlist content:
*****************
CreateRestorePoint:
CloseProcesses:
HKLM Group Policy restriction on software: %systemroot%\system32\mrt.exe <==== ATTENTION
FF HKLM\SOFTWARE\Policies\Mozilla\Firefox: Restriction <==== ATTENTION
CHR HKLM\SOFTWARE\Policies\Google: Restriction <==== ATTENTION
Task: {005038F6-0B41-470F-85CA-0DED2A92EAE4} - \Microsoft\Windows\Setup\gwx\refreshgwxconfigandcontent -> No File <==== ATTENTION
Task: {02773121-4506-4203-A153-927B28A98CA2} - \Microsoft\Windows\UNP\RunCampaignManager -> No File <==== ATTENTION
Task: {0B628AA5-4D07-4948-AA02-53CCD3FA0710} - \Microsoft\Windows\Setup\GWXTriggers\OutOfSleep-5d -> No File <==== ATTENTION
Task: {2B49C405-788E-48C8-9D7A-9605436C1513} - \WPD\SqmUpload_S-1-5-21-3106986344-3918020473-2541437126-1002 -> No File <==== ATTENTION
Task: {46C206C1-4055-4DFD-B73C-0B55DDAEE405} - \Microsoft\Windows\Setup\GWXTriggers\Time-5d -> No File <==== ATTENTION
Task: {8A3F959C-F0E6-4FBA-9352-47B5B24AE0BA} - \Microsoft\Windows\Setup\gwx\refreshgwxcontent -> No File <==== ATTENTION
Task: {A97D4BB5-0183-4C62-8319-B7757C7FF33C} - \Microsoft\Windows\Setup\GWXTriggers\Logon-5d -> No File <==== ATTENTION
Task: {ABBF0116-7589-4D9D-B8F9-3D9B6C9E3954} - \Microsoft\Windows\Setup\gwx\launchtrayprocess -> No File <==== ATTENTION
Task: {B33FBB15-11D3-4375-A3F1-BCD9659FF504} - \Microsoft\Windows\Setup\GWXTriggers\refreshgwxconfig-B -> No File <==== ATTENTION
Task: {B3F41EE1-DD20-4A7B-881B-C041E4752187} - \Microsoft\Windows\Setup\gwx\refreshgwxconfig -> No File <==== ATTENTION
Task: {C31A8421-A445-4E5F-8918-1F7F5B1B36FA} - \Microsoft\Windows\Setup\GWXTriggers\Telemetry-4xd -> No File <==== ATTENTION
Task: {C5691CEC-EFBA-40D5-8336-14BCEFA58588} - \Microsoft\Windows\Setup\GWXTriggers\OutOfIdle-5d -> No File <==== ATTENTION
Task: {DE601883-5019-4061-B766-5EAF3F98DE55} - \Microsoft\Windows\Setup\GWXTriggers\MachineUnlock-5d -> No File <==== ATTENTION
HKU\S-1-5-21-3106986344-3918020473-2541437126-1002\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.bing.com/?pc=COS2&ptag=D051819-A915F698E57&form=CONMHP&conlogo=CT3335818
SearchScopes: HKU\S-1-5-21-3106986344-3918020473-2541437126-1002 -> DefaultScope {BF9B3202-A8F4-4774-882D-96C8A21F6C46} URL =
SearchScopes: HKU\S-1-5-21-3106986344-3918020473-2541437126-1002 -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxp://www.bing.com/search?pc=COS2&ptag=D051819-N0700A915F698E57&form=CONBDF&conlogo=CT3335818&q={searchTerms}
SearchScopes: HKU\S-1-5-21-3106986344-3918020473-2541437126-1002 -> {BF9B3202-A8F4-4774-882D-96C8A21F6C46} URL =
FF NewTab: Mozilla\Firefox\Profiles\ynmzwun2.default -> hxxp://www.bing.com/?pc=COS2&ptag=D051819-N0600A915F698E57&form=CONMHP&conlogo=CT3335818
FF Extension: (Video Downloader professional) - C:\Users\Pauline\AppData\Roaming\Mozilla\Firefox\Profiles\ynmzwun2.default\Extensions\ffext_basicvideoext@startpage24.xpi [2020-03-10]
CHR NewTab: Default ->  Active:"chrome-extension://kohoehgoafblafjinhplmhcbphgaaobc/product.html"
CHR HKLM-x32\...\Chrome\Extension: [eofcbnmajmjmplflapaojjnihcjkigck]
CHR HKLM-x32\...\Chrome\Extension: [gomekmidlodglbbmalcneegieacbdmki] - C:\Program Files\AVAST Software\Avast\WebRep\Chrome\aswWebRepChrome.crx <not found>
IE trusted site: HKU\.DEFAULT\...\localhost -> localhost
IE trusted site: HKU\.DEFAULT\...\webcompanion.com -> hxxp://webcompanion.com
IE trusted site: HKU\S-1-5-21-3106986344-3918020473-2541437126-1002\...\localhost -> localhost
IE trusted site: HKU\S-1-5-21-3106986344-3918020473-2541437126-1002\...\webcompanion.com -> hxxp://webcompanion.com
FirewallRules: [{49C1769A-FBD7-4C05-81AC-4FADDA756553}] => (Allow) C:\Users\Pauline\AppData\Local\Temp\EpInsNav\DL\3013\Network\EpsonNetSetup\Data\ENEasyApp.exe => No File
FirewallRules: [{64CBD3F0-45E2-43ED-A824-9CB74B3268C3}] => (Allow) C:\Users\Pauline\AppData\Local\Temp\EpInsNav\DL\3013\Network\EpsonNetSetup\Data\ENEasyApp.exe => No File
FirewallRules: [{3E07AD9B-860C-494E-A604-3FD23FCE3790}] => (Allow) C:\Program Files\AVAST Software\Avast\ng\vbox\aswFe.exe => No File
FirewallRules: [{19442169-ADB0-4E5B-8B40-ADE5F3419811}] => (Allow) C:\Program Files\AVAST Software\Avast\ng\vbox\aswFe.exe => No File
FirewallRules: [{CFC66B4D-9678-47A0-AC63-B49B9AA589EA}] => (Allow) C:\Users\Pauline\AppData\Local\Temp\7zS356D\HPDiagnosticCoreUI.exe => No File
FirewallRules: [{879BB6B9-4B42-470F-9771-181A9169F60C}] => (Allow) C:\Users\Pauline\AppData\Local\Temp\7zS356D\HPDiagnosticCoreUI.exe => No File
FirewallRules: [{573D3238-9EF2-4D83-8F71-411C748215D7}] => (Allow) C:\Users\Pauline\AppData\Local\Temp\7zS2BDB\HPDiagnosticCoreUI.exe => No File
FirewallRules: [{6927EB13-6672-4BC6-A19F-96169A147774}] => (Allow) C:\Users\Pauline\AppData\Local\Temp\7zS2BDB\HPDiagnosticCoreUI.exe => No File
FirewallRules: [{18B09901-E5BD-4834-81D9-DA2AAB0641CA}] => (Allow) C:\Users\Pauline\AppData\Local\Temp\7zS7262\HP.EasyStart.exe => No File
FirewallRules: [{29A4985A-A7EE-4537-9B50-138474CA7B85}] => (Allow) C:\Users\Pauline\AppData\Local\Temp\7zS3A00\HP.EasyStart.exe => No File
FirewallRules: [{5D695CAC-8258-474D-A5D4-6C27C740C073}] => (Allow) C:\Users\Pauline\AppData\Local\Temp\7zS2433\HP.EasyStart.exe => No File
FirewallRules: [{B096545E-7D4C-4DF3-A1F3-53763FC9B5AC}] => (Allow) C:\Program Files\AVAST Software\Avast\ng\vbox\aswFe.exe => No File
FirewallRules: [{EE212A33-A6BD-433A-AFD0-75A85B9F106A}] => (Allow) C:\Program Files\AVAST Software\Avast\ng\vbox\aswFe.exe => No File
FirewallRules: [{5CAAA95A-5745-4CC0-86E0-7FD312735156}] => (Allow) C:\Program Files\Common Files\mcafee\platform\McSvcHost\McSvHost.exe => No File
FirewallRules: [{964A953E-F081-4B65-8C5D-5108BF81124F}] => (Allow) C:\Program Files\Common Files\mcafee\platform\McSvcHost\McSvHost.exe => No File
FirewallRules: [{35EAE3D4-F480-4DBB-A5EC-F3B062984401}] => (Allow) C:\Users\Pauline\AppData\Local\Microsoft\SkyDrive\SkyDrive.exe => No File
FirewallRules: [{636C7DE4-2344-461F-8775-75FD799C2F98}] => (Allow) C:\Program Files\Common Files\mcafee\platform\McSvcHost\McSvHost.exe => No File
FirewallRules: [{07EE119F-61CA-4DF6-83E0-475B8B56C132}] => (Allow) C:\Program Files\Common Files\mcafee\platform\McSvcHost\McSvHost.exe => No File
FirewallRules: [{14A8B844-A51E-496A-9A49-A860412410D1}] => (Allow) C:\Users\Pauline\AppData\Local\Temp\7zS3B82\HPDiagnosticCoreUI.exe => No File
FirewallRules: [{9E1EE59A-7A39-43BE-97B6-0D8F480B8E0A}] => (Allow) C:\Users\Pauline\AppData\Local\Temp\7zS3B82\HPDiagnosticCoreUI.exe => No File
FirewallRules: [{82076FBC-AC1D-4858-AF62-04D3FE812CC2}] => (Allow) C:\Users\Pauline\AppData\Local\Temp\7zS3C0B\HPDiagnosticCoreUI.exe => No File
FirewallRules: [{1C865480-E445-417C-AD33-2606A5B266E6}] => (Allow) C:\Users\Pauline\AppData\Local\Temp\7zS3C0B\HPDiagnosticCoreUI.exe => No File
FirewallRules: [{36A904BB-BFFD-4508-846F-432D6BCD1E70}] => (Allow) C:\Users\Pauline\AppData\Roaming\Zoom\bin\airhost.exe => No File
CMD: ipconfig /flushdns
Hosts:
EmptyTemp:

*****************

Restore point was successfully created.
Processes closed successfully.
HKLM Group Policy restriction on software: %systemroot%\system32\mrt.exe <==== ATTENTION => restored successfully
HKLM\SOFTWARE\Policies\Mozilla => removed successfully
HKLM\SOFTWARE\Policies\Google => removed successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{005038F6-0B41-470F-85CA-0DED2A92EAE4}" => removed successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{005038F6-0B41-470F-85CA-0DED2A92EAE4}" => removed successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Setup\gwx\refreshgwxconfigandcontent" => removed successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{02773121-4506-4203-A153-927B28A98CA2}" => removed successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{02773121-4506-4203-A153-927B28A98CA2}" => removed successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\UNP\RunCampaignManager" => not found
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{0B628AA5-4D07-4948-AA02-53CCD3FA0710}" => removed successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{0B628AA5-4D07-4948-AA02-53CCD3FA0710}" => removed successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Setup\GWXTriggers\OutOfSleep-5d" => removed successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{2B49C405-788E-48C8-9D7A-9605436C1513}" => removed successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{2B49C405-788E-48C8-9D7A-9605436C1513}" => removed successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\WPD\SqmUpload_S-1-5-21-3106986344-3918020473-2541437126-1002" => removed successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{46C206C1-4055-4DFD-B73C-0B55DDAEE405}" => removed successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{46C206C1-4055-4DFD-B73C-0B55DDAEE405}" => removed successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Setup\GWXTriggers\Time-5d" => removed successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{8A3F959C-F0E6-4FBA-9352-47B5B24AE0BA}" => removed successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{8A3F959C-F0E6-4FBA-9352-47B5B24AE0BA}" => removed successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Setup\gwx\refreshgwxcontent" => removed successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{A97D4BB5-0183-4C62-8319-B7757C7FF33C}" => removed successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{A97D4BB5-0183-4C62-8319-B7757C7FF33C}" => removed successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Setup\GWXTriggers\Logon-5d" => removed successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{ABBF0116-7589-4D9D-B8F9-3D9B6C9E3954}" => removed successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{ABBF0116-7589-4D9D-B8F9-3D9B6C9E3954}" => removed successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Setup\gwx\launchtrayprocess" => removed successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{B33FBB15-11D3-4375-A3F1-BCD9659FF504}" => removed successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{B33FBB15-11D3-4375-A3F1-BCD9659FF504}" => removed successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Setup\GWXTriggers\refreshgwxconfig-B" => removed successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{B3F41EE1-DD20-4A7B-881B-C041E4752187}" => removed successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{B3F41EE1-DD20-4A7B-881B-C041E4752187}" => removed successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Setup\gwx\refreshgwxconfig" => removed successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{C31A8421-A445-4E5F-8918-1F7F5B1B36FA}" => removed successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{C31A8421-A445-4E5F-8918-1F7F5B1B36FA}" => removed successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Setup\GWXTriggers\Telemetry-4xd" => removed successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{C5691CEC-EFBA-40D5-8336-14BCEFA58588}" => removed successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{C5691CEC-EFBA-40D5-8336-14BCEFA58588}" => removed successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Setup\GWXTriggers\OutOfIdle-5d" => removed successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{DE601883-5019-4061-B766-5EAF3F98DE55}" => removed successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{DE601883-5019-4061-B766-5EAF3F98DE55}" => removed successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Setup\GWXTriggers\MachineUnlock-5d" => removed successfully
HKU\S-1-5-21-3106986344-3918020473-2541437126-1002\Software\Microsoft\Internet Explorer\Main\\"Start Page"="http://go.microsoft..../?LinkId=69157"=> value restored successfully
"HKU\S-1-5-21-3106986344-3918020473-2541437126-1002\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope" => removed successfully
HKU\S-1-5-21-3106986344-3918020473-2541437126-1002\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A} => not found
HKU\S-1-5-21-3106986344-3918020473-2541437126-1002\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{BF9B3202-A8F4-4774-882D-96C8A21F6C46} => removed successfully
"Firefox newtab" => removed successfully
"C:\Users\Pauline\AppData\Roaming\Mozilla\Firefox\Profiles\ynmzwun2.default\Extensions\ffext_basicvideoext@startpage24.xpi" => not found
"Chrome NewTab" => removed successfully
HKLM\SOFTWARE\Wow6432Node\Google\Chrome\Extensions\eofcbnmajmjmplflapaojjnihcjkigck => removed successfully
HKLM\SOFTWARE\Wow6432Node\Google\Chrome\Extensions\gomekmidlodglbbmalcneegieacbdmki => removed successfully
HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\localhost => removed successfully
HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\webcompanion.com => not found
HKU\S-1-5-21-3106986344-3918020473-2541437126-1002\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\localhost => removed successfully
HKU\S-1-5-21-3106986344-3918020473-2541437126-1002\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\webcompanion.com => not found
"HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{49C1769A-FBD7-4C05-81AC-4FADDA756553}" => removed successfully
"HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{64CBD3F0-45E2-43ED-A824-9CB74B3268C3}" => removed successfully
"HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{3E07AD9B-860C-494E-A604-3FD23FCE3790}" => removed successfully
"HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{19442169-ADB0-4E5B-8B40-ADE5F3419811}" => removed successfully
"HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{CFC66B4D-9678-47A0-AC63-B49B9AA589EA}" => removed successfully
"HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{879BB6B9-4B42-470F-9771-181A9169F60C}" => removed successfully
"HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{573D3238-9EF2-4D83-8F71-411C748215D7}" => removed successfully
"HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{6927EB13-6672-4BC6-A19F-96169A147774}" => removed successfully
"HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{18B09901-E5BD-4834-81D9-DA2AAB0641CA}" => removed successfully
"HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{29A4985A-A7EE-4537-9B50-138474CA7B85}" => removed successfully
"HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{5D695CAC-8258-474D-A5D4-6C27C740C073}" => removed successfully
"HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{B096545E-7D4C-4DF3-A1F3-53763FC9B5AC}" => removed successfully
"HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{EE212A33-A6BD-433A-AFD0-75A85B9F106A}" => removed successfully
"HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{5CAAA95A-5745-4CC0-86E0-7FD312735156}" => removed successfully
"HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{964A953E-F081-4B65-8C5D-5108BF81124F}" => removed successfully
"HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{35EAE3D4-F480-4DBB-A5EC-F3B062984401}" => removed successfully
"HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{636C7DE4-2344-461F-8775-75FD799C2F98}" => removed successfully
"HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{07EE119F-61CA-4DF6-83E0-475B8B56C132}" => removed successfully
"HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{14A8B844-A51E-496A-9A49-A860412410D1}" => removed successfully
"HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{9E1EE59A-7A39-43BE-97B6-0D8F480B8E0A}" => removed successfully
"HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{82076FBC-AC1D-4858-AF62-04D3FE812CC2}" => removed successfully
"HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{1C865480-E445-417C-AD33-2606A5B266E6}" => removed successfully
"HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{36A904BB-BFFD-4508-846F-432D6BCD1E70}" => removed successfully

========= ipconfig /flushdns =========


Windows IP Configuration

Successfully flushed the DNS Resolver Cache.

========= End 1 CMD: =========

C:\Windows\System32\Drivers\etc\hosts => moved successfully
Hosts restored successfully.

=========== EmptyTemp: ==========

BITS transfer queue => 10510336 B
DOMStore, IE Recovery, AppCache, Feeds Cache, Thumbcache, IconCache => 220717213 B
Java, Flash, Steam htmlcache => 129761 B
Windows/system/drivers => 68348937 B
Edge => 19861209 B
Chrome => 615848909 B
Firefox => 1259060988 B
Opera => 0 B

Temp, IE cache, history, cookies, recent:
Default => 7680 B
Users => 7680 B
ProgramData => 7680 B
Public => 7680 B
systemprofile => 7680 B
systemprofile32 => 7680 B
LocalService => 178310 B
NetworkService => 5360610 B
Pauline => 136451230 B

RecycleBin => 32049854 B
EmptyTemp: => 2.2 GB temporary data Removed.

================================


The system needed a reboot.

==== End 1 Fixlog 17:02:04 ====

 

 

As for the PC, seems to be a bit quicker at first glance so you've already helped us :)

 

Thanks again

 


#9 Android 8888

Android 8888

    SWI Malware Tracker

  • Trusted Advisor*
  • PipPipPipPipPip
  • 1,202 posts

Posted 14 May 2020 - 08:11 AM

Hello Tyrellcorp,
 

Thanks so much for your help, I'm so appreciative of you sharing your time and expertise.

You're welcome! :good:

 

Thank you for posting the logs. They're looking good.

 

However I see some items were not deleted by AdwCleaner. Did you uncheck these items before deletion?

 

Not Deleted   C:\Program Files (x86)\Lavasoft\Web Companion
Not Deleted   C:\ProgramData\Application Data\Lavasoft\Web Companion
Not Deleted   C:\ProgramData\Lavasoft\Web Companion

 

 

 
Now I will ask you to run an online scan with ESET. This scan is very thorough and can take some time to complete but it's worth it. Please be patient and do not interrupt the scan.
 

Note: It is recommend to not run other programs while running this scan.
 
 
Please download ESET Online Scanner and save it to your Desktop.

NOTICE:

  • Temporarily turn off your antivirus program while you are running this scan in order to avoid conflicts between them. If you don't disable it you may be warned by ESET to do so. See here how to do this.
  • Be aware that this a very thorough scan that can find and quarantine some applications/programs that although they may not be classified as malware, are considered potential threats. Therefore, and before you start this scan I suggest you also disconnect any external device drives (flashdrive, external disk, etc.) that you may have connected to the computer, unless you want to include them on this scan.
    • Right-click on esetonlinescanner.exe and select Run as Administrator.
    • When the tool opens, click Get started.
    • Click Yes to accept the UAC that may appear, then read and accept the license agreement.
    • At the Welcome to ESET Online Scanner window, click Get started.
    • Select whether you would like to send anonymous data to ESET such as Customer Experience Improvement Program data and Detection feedback system data.
    • Note: if you see the "Welcome Back to ESET Online Scanner" screen, click Computer Scan > Full Scan.
    • Click on the Full Scan option.
    • Select Enable ESET to detect and quarantine potentially unwanted applications, then click Start scan.
    • ESET will now begin scanning your computer. This may take some time to finish.
    • When the scan is finished and if threats have been detected, select Save scan log. Save it to your Desktop as eset.txt. Click on Continue.
    • ESET Online Scanner may ask if you'd like to turn on the Periodic Scan feature. Click on Continue.
    • On the next screen, you can leave feedback about the program if you wish. Check the box for Delete application data on closing. If you left feedback, click Submit and continue. If not, Close without feedback.
    • Open the scan log on your Desktop (eset.txt) and copy and paste its entire contents into your next reply.

NOTE: If no threats were found it will not produce a log.

 

 

Please post the entire content of ESET log (if it produced one) and let me know how is the computer running. Is it running faster or does it still slow?

 

 

Thank you.

 

Android 8888


Android 8888
 
Website: http://android8888.comlu.com
 
Tavira - Here's where I live!
 
Please read the Instructions for posting requested logs and the article "So how did I get infected in the first place?"
 
Our help is free, but if you wish to help keep these forums running please consider a donation; Please see This Topic for details.

#10 Tyrellcorp

Tyrellcorp

    Member

  • Full Member
  • Pip
  • 13 posts

Posted 16 May 2020 - 07:45 PM

Dear Android 8888,

 

Thanks again for your help, patience, and clear instructions! Sorry to take a while to reply, a couple of things came up.

 

> However I see some items were not deleted by AdwCleaner. Did you uncheck these items before deletion?

 

> Not Deleted   C:\Program Files (x86)\Lavasoft\Web Companion
> Not Deleted   C:\ProgramData\Application Data\Lavasoft\Web Companion
> Not Deleted   C:\ProgramData\Lavasoft\Web Companion

 

I did not knowingly uncheck these, it's possible I did by mistake but it's unlikely. I notice the ESET scan seemed to have cleaned them.

 

The PC is definitely faster than before, so your magic touch has worked! Internet is intermittant, but I suspect we may need a new router.

 

The ESET log:

 

15/05/2020 11:06:28
Files scanned: 580176
Detected files: 6
Cleaned files: 6
Total scan time 03:58:29
Scan status: Finished


C:\Program Files (x86)\Lavasoft\Web Companion\Application\Lavasoft.WCAssistant.WinService.exe    a variant of MSIL/WebCompanion.D potentially unwanted application    cleaned by deleting
C:\Program Files (x86)\Lavasoft\Web Companion\Application\WebCompanion.exe    a variant of MSIL/WebCompanion.D potentially unwanted application    cleaned by deleting
C:\Program Files (x86)\Lavasoft\Web Companion\Application\WebCompanionInstaller.exe    a variant of MSIL/WebCompanion.C potentially unwanted application    cleaned by deleting
C:\Users\Pauline\AppData\Roaming\uTorrent\uTorrent.exe    a variant of Win32/uTorrent.C potentially unwanted application    cleaned by deleting
C:\Users\Pauline\Downloads\EN5540_72.exe    Win32/Bundled.Toolbar.Google.D potentially unsafe application    cleaned by deleting
C:\Users\Pauline\Downloads\EN5540_Full_WebPack_1119.exe    Win32/Bundled.Toolbar.Google.D potentially unsafe application    cleaned by deleting

Thanks again, all you're hard work is really appreciated.


#11 Android 8888

Android 8888

    SWI Malware Tracker

  • Trusted Advisor*
  • PipPipPipPipPip
  • 1,202 posts

Posted 17 May 2020 - 10:46 AM

Hello Tyrellcorp,
 

Thanks again, all you're hard work is really appreciated.

You're welcome!
 
It's good to know your computer is running faster.

 

However I see some items were not deleted by AdwCleaner. Did you uncheck these items before deletion?

> Not Deleted   C:\Program Files (x86)\Lavasoft\Web Companion
> Not Deleted   C:\ProgramData\Application Data\Lavasoft\Web Companion
> Not Deleted   C:\ProgramData\Lavasoft\Web Companion

I did not knowingly uncheck these, it's possible I did by mistake but it's unlikely. I notice the ESET scan seemed to have cleaned them.

ESET deleted the files, not the folders.

Please re-run AdwCleaner with administrator privileges and execute a new scan. It only take a few seconds to complete. Then delete the folders it find and let the system restart.
 
 
After that is done, it's time for tidy up by uninstalling the tools used in this process.
 

To uninstall FRST
Rename FRST.exe to Uninstall.exe
Right-click on the file and select Run as administrator.
Click Yes to accept the UAC security warning that may appear.
In a few seconds the tool and its files/folders are removed from your computer.

To remove AdwCleaner
Right-click on AdwCleaner and select Run as administrator.
Click Yes to accept the UAC security warning that may appear.
Select Settings on the left pane.
Scroll down until the bottom and click the Remove button.
In a few seconds the tool and its files/folders are removed from your computer.

To remove ESET Online Scanner
Delete the file esetonlinescanner.exe and its created shortcut ESET Online Scanner.
Now you'll have to check Show hidden files, folders and drives in Explorer to see the AppData folder which is hidden.
Within AppData folder delete the ESET directory from the following location: C:\Users\your username\AppData\Local\ESET\ESETOnlineScanner
After that uncheck Show hidden files, folders and drives in Explorer.
 
 
Concerning Malwarebytes, I suggest you keep it as a on-demand anti-malware tool and perform a regular scan once a week or whenever you see anything suspicious on computer's behavior.
 
 
I can see you have outdated software installed:
Java (7.0.710) ==> is out of Date

This version of Java is outdated and needs to be updated to take advantage of fixes that have eliminated security vulnerabilities.
The latest version is Java 8 Update 251. You can download it from here

First, remove the old version of Java if you are not developing Java programs.
You can do that in the normal way using the built-in installer software for Windows:

  • Click on Start (Windows logo) > Settings wheel > Apps/Programs
  • Select Java (7.0.710) from the list and click Uninstall.
  • Follow the prompts to complete the removal process.

Once old version is gone, please install the newest version.
 
 
I also recommend you remove this program as is no longer supported by Adobe.
Adobe Reader XI (11.0.23) ==> is no longer supported

As an alternative you can use the Microsoft Edge PDF reader as your default PDF reader.
If you still prefer a stand alone PDF reader you can also install Adobe Acrobat Reader DC or Foxit Reader. Both have free versions.


System Restore maintains a backup of your programs and may also backup infections, so please reset it to make a clean Restore Point.

Follow the instructions below to delete all but the most recent Restore Point:

  • Right-click on Start (Windows logo) > select Search > type Create a restore point > press Enter button
  • On a new window click the Settings... button.
  • Click the Delete button. Click Continue to accept the security warning that may appear. Wait so it can delete the old Restore Points.
  • When done, click the Create... button.
  • Give a name to the new Restore Point and click Create button and wait.
  • When done, System Restore will be working again and will have a new Restore Point.

 

 

Are there any remaining issues or questions you may want to ask concerning your computer?
 

 

Thank you.
 
Android8888


Android 8888
 
Website: http://android8888.comlu.com
 
Tavira - Here's where I live!
 
Please read the Instructions for posting requested logs and the article "So how did I get infected in the first place?"
 
Our help is free, but if you wish to help keep these forums running please consider a donation; Please see This Topic for details.

#12 Tyrellcorp

Tyrellcorp

    Member

  • Full Member
  • Pip
  • 13 posts

Posted 20 May 2020 - 08:50 PM

Dear Android8888,

 

thanks so much for all the help.

 

I've completed all your suggestions and everything seems to have gone well.

 

I don't have any other issues or questions, so just want to really express our gratitude and thanks for your intelligent, patient and sincere help. Thanks!


#13 Android 8888

Android 8888

    SWI Malware Tracker

  • Trusted Advisor*
  • PipPipPipPipPip
  • 1,202 posts

Posted 21 May 2020 - 02:36 AM

Dear Android8888,
 
thanks so much for all the help.

You're welcome!
 
Below I have included several recommendations to help keep your computer safe.
 
Please note: Many programs installer offer third-party downloads that are installed automatically when you do not uncheck certain check-boxes. While most of the time not being malicious you usually do not want these on your computer. Be careful during the installation process and you will avoid seeing tons of new unwanted toolbars in your favorite web browser.
 
Keep Malwarebytes updated and perform a regular scan to your system as it will make it harder for malware to reside on your computer.
A complete guide on using the program can be found here
 
A number of programs have resident protection and it is a good idea to run it to maintain active protection. However, it is important to run only one resident protection program of each type since they can conflict and become less effective. That means only one antivirus, firewall and scanning anti-spyware program with resident protection at a time.
Windows 10 has a good built-in antivirus and firewall which offers an excellent active protection.
 
Note that there are a lot of rogue programs out there that want to scare you into giving them your money and some malware actually claims to be security programs. If you get a popup for a security program that you did not install yourself, DO NOT click on it and ask for help immediately. It is very important to run an antivirus and firewall, but you can't always rely on reviews and ads for information. Ask in a security forum that you trust if you are not sure.
 
A similar category of programs is called "scareware" or Rogue programs. Rogue programs are active infections that will pop-up on your computer and tell you that you are infected when you are not. If you look closely, it will usually have a name that looks like it might be legitimate, but it is NOT one of the programs you installed. It tells you to click and install it right away. If you click on any part of it, including the 'X' to close it, you may actually help it infect your computer further. Keeping protection updated and running resident protection can help prevent these infections. If it happens anyway, get offline as quickly as you can. Pull the internet connection cable or shut down the computer if you have to. Contact someone to help by using another computer if possible.
 
Another most feared threat at the moment is an infection by a Ransomware. A Ransomware infection is a program that ransoms the data or functionality of your computer until you perform an action. This action is typically to pay a ransom in the form of Bitcoins or another payment method. I advise you to read more info on this terrible threat here and here.
 
Vulnerabilities in your system are often exploited in order to install malware on your PC. To keep your operating system up-to-date, make sure that Windows Update is enabled on your computer.
Keeping software up-to-date is important as well. Programs such as UCheck, Heimdal Free, or PatchMyPC can help keep software on your computer up-to-date.
 
Be careful with flash drives, as they can spread infections. See this post on USB/flash drive safety
 
Stay away from P2P software; even with a clean P2P program, their networks are often riddled with malware.
 
Don't click on attachments or links in e-mail, and read your e-mail in text-only mode for the highest safety.
 
Don't click on links received in instant message programs.
 
A HOSTS file will prevent Internet Explorer from communicating with sites known to be associated with adware or spyware. A good regularly updated HOST file is MVPS HOSTS File, available here
 

In addition, I also recommend you reading the following articles for more complete information about cybersecurity:
 
How Malware Spreads - How your system gets infected?
Answers to common security questions - Best Practices - by quietman7
Simple and easy ways to keep your computer safe and secure on the Internet - by Lawrence Abrams
How to Keep Your Windows PC and Apps Up to Date
What’s the Best Way to Back Up My Computer?
Pirated Software is All Fun and Games Until Your Data is Stolen
Do You Need Anti-Ransomware Software for Your PC?
How Safe Are Password Managers?
Why Windows Slows Down Over Time

 
I hope these steps will help to keep you malware free. If you run into more difficulty, we will certainly do what we can to help.
 
Happy surfing and stay safe. :wavey:
 
Best regards,
 
Android8888


Android 8888
 
Website: http://android8888.comlu.com
 
Tavira - Here's where I live!
 
Please read the Instructions for posting requested logs and the article "So how did I get infected in the first place?"
 
Our help is free, but if you wish to help keep these forums running please consider a donation; Please see This Topic for details.

#14 Tyrellcorp

Tyrellcorp

    Member

  • Full Member
  • Pip
  • 13 posts

Posted 23 May 2020 - 05:56 PM

Dear Android8888,

 

Wow that's quite the reading list! Thanks so much for all the info, I have read about half so far and will certainly finish the rest.

 

Thank you again so much for all your help and friendly advice. You're a great person, and it's much appreciated!


#15 Android 8888

Android 8888

    SWI Malware Tracker

  • Trusted Advisor*
  • PipPipPipPipPip
  • 1,202 posts

Posted 04 June 2020 - 02:54 PM

Glad we could help. :)

If you need this topic reopened, please tell the moderating team by replying here with the address of the thread. This applies only to the original topic starter.

Everyone else, please begin a new topic.


Android 8888
 
Website: http://android8888.comlu.com
 
Tavira - Here's where I live!
 
Please read the Instructions for posting requested logs and the article "So how did I get infected in the first place?"
 
Our help is free, but if you wish to help keep these forums running please consider a donation; Please see This Topic for details.
Back to Resolved or inactive Malware Removal


  1. SpywareInfo Forum
  2. Spyware, thiefware, browser hijackers, and other advertising parasites
  3. Malware Removal
  4. Resolved or inactive Malware Removal
  5. Privacy Policy
Member of UNITE
Support SpywareInfo Forum - click the button