Jump to content

Build Theme!
  •  
  • Infected?

WE'RE SURE THAT YOU'LL LOVE US!

Hey there! :wub: Looks like you're enjoying the discussion, but you're not signed up for an account. When you create an account, we remember exactly what you've read, so you always come right back where you left off. You also get notifications, here and via email, whenever new posts are made. You can like posts to share the love. :D Join 92290 other members! Anybody can ask, anybody can answer. Consistently helpful members may be invited to become staff. Here's how it works. Virus cleanup? Start here -> Malware Removal Forum.

Try What the Tech -- It's free!


Photo

Something Seems Wrong With My Machine [Solved]


  • This topic is locked This topic is locked
12 replies to this topic

#1 ONewbieO

ONewbieO

    Authentic Member

  • Authentic Member
  • PipPip
  • 148 posts

Posted 04 June 2019 - 02:50 AM

Been getting some lags on and off sometimes. Could someone kindly offer assistance ? Thanks.


    Advertisements

Register to Remove


#2 Satchfan

Satchfan

    SuperHelper

  • Malware Team
  • 6,453 posts
  • Interests:LFC, music, more LFC, more music

Posted 04 June 2019 - 02:31 PM

Hello ONewbieO and welcome back to the WTT forum.

===================================================

Note: Please run these in the order given in the instructions.

===================================================

Download and run AdwCleaner

Download AdwCleaner from here and save it to your desktop.

  • run AdwCleaner by clicking on Scan Now
  • when it has finished, leave everything that was found checked, (ticked), then click on Clean and Repair
  • if it asks to reboot, allow the reboot
  • on reboot a log will be produced; please attach the content of the log to your next reply.

===================================================

Run Farbar Recovery Scan Tool

Please download Farbar Recovery Scan Tool and save it to your Desktop.

Note: You need to run the version compatible with your system. If you are not sure which version applies to your system download both of them and try to run them. Only one of them will run on your system, that will be the right version.

  • right click to run as administrator (XP users click run after receipt of Windows Security Warning - Open File). When the tool opens click Yes to disclaimer.
  • press Scan button
  • it will produce a log called Frst.txt in the same directory the tool is run from
  • please copy and paste log back here.
  • the first time the tool is run it generates another log (Addition.txt - also located in the same directory as FRST.exe/FRST64.exe). Please also paste that along with the Frst.txt into your reply.

Logs to include with next post:

AdwCleaner log
Frst.txt
Addition.txt


Thanks

Satchfan

 


NINA - Proud graduate of the WTT Classroom

Member of UNITE

The help you receive here is free but if you feel I have helped, you may consider making a Donation.

#3 ONewbieO

ONewbieO

    Authentic Member

  • Authentic Member
  • PipPip
  • 148 posts

Posted 07 June 2019 - 03:13 PM

Adwcleaner says no threats detected.

 

# -------------------------------
# Malwarebytes AdwCleaner 7.3.0.0
# -------------------------------
# Build:    04-04-2019
# Database: 2019-05-27.1 (Cloud)
#
# -------------------------------
# Mode: Scan
# -------------------------------
# Start:    06-08-2019
# Duration: 00:00:10
# OS:       Windows 10 Home
# Scanned:  27501
# Detected: 0
 
 
***** [ Services ] *****
 
No malicious services found.
 
***** [ Folders ] *****
 
No malicious folders found.
 
***** [ Files ] *****
 
No malicious files found.
 
***** [ DLL ] *****
 
No malicious DLLs found.
 
***** [ WMI ] *****
 
No malicious WMI found.
 
***** [ Shortcuts ] *****
 
No malicious shortcuts found.
 
***** [ Tasks ] *****
 
No malicious tasks found.
 
***** [ Registry ] *****
 
No malicious registry entries found.
 
***** [ Chromium (and derivatives) ] *****
 
No malicious Chromium entries found.
 
***** [ Chromium URLs ] *****
 
No malicious Chromium URLs found.
 
***** [ Firefox (and derivatives) ] *****
 
No malicious Firefox entries found.
 
***** [ Firefox URLs ] *****
 
No malicious Firefox URLs found.
 
 
 
########## EOF - C:\AdwCleaner\Logs\AdwCleaner[S00].txt ##########


#4 ONewbieO

ONewbieO

    Authentic Member

  • Authentic Member
  • PipPip
  • 148 posts

Posted 07 June 2019 - 03:17 PM

FRST log

 

Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 06-06-2019
Ran by lenovo (administrator) on LENOVO-PC (LENOVO 20378) (08-06-2019 05:14:07)
Running from C:\Users\lenovo\Desktop
Loaded Profiles: lenovo (Available Profiles: lenovo)
Platform: Windows 10 Home Version 1803 17134.765 (X64) Language: English (United States)
Default browser: Chrome
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo...very-scan-tool/
 
==================== Processes (Whitelisted) =================
 
(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
 
() [File not signed] C:\Program Files\Lenovo PhoneCompanion\adb.exe
() [File not signed] C:\Program Files\WindowsApps\Microsoft.SkypeApp_14.46.60.0_x64__kzf8qxf38zg5c\SkypeBackgroundHost.exe
() [File not signed] C:\Program Files\WindowsApps\Microsoft.Windows.Photos_2019.19041.16510.0_x64__8wekyb3d8bbwe\Microsoft.Photos.exe
(Adobe Systems, Incorporated -> Adobe Systems Incorporated) C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
(CyberLink -> ) C:\Program Files\CyberLink\Shared files\RichVideo64.exe
(Emsisoft Ltd -> Emsisoft Ltd) C:\Program Files\Emsisoft Anti-Malware\a2service.exe
(Fortemedia Inc. -> ) C:\Program Files\Realtek\Audio\HDA\FMAPP.exe
(Google Inc -> Google LLC) C:\Program Files (x86)\Google\Update\1.3.34.11\GoogleCrashHandler.exe
(Google Inc -> Google LLC) C:\Program Files (x86)\Google\Update\1.3.34.11\GoogleCrashHandler64.exe
(Google LLC -> Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google LLC -> Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google LLC -> Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google LLC -> Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google LLC -> Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google LLC -> Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google LLC -> Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google LLC -> Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google LLC -> Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google LLC -> Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google LLC -> Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google LLC -> Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google LLC -> Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google LLC -> Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google LLC -> Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google LLC -> Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google LLC -> Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google LLC -> Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google LLC -> Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google LLC -> Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google LLC -> Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google LLC -> Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google LLC -> Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google LLC -> Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(GZ Systems Limited -> ) C:\Program Files (x86)\PureVPN\Dns\DnsLeakProtector.exe
(GZ Systems Limited -> ) C:\Program Files (x86)\PureVPN\purevpn.exe
(GZ Systems Limited -> ) C:\Program Files (x86)\PureVPN\PureVPNService.exe
(Intel Corporation - Intel® Management Engine Firmware -> Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\DAL\jhi_service.exe
(Intel Corporation - Intel® Management Engine Firmware -> Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\FWService\IntelMeFWService.exe
(Intel Corporation-Wireless Connectivity Solutions -> Intel Corporation) C:\Windows\System32\ibtsiva.exe
(Intel® Corporation) [File not signed] C:\Program Files\Intel\iCLS Client\HeciServer.exe
(Intel® pGFX -> ) C:\Windows\System32\igfxTray.exe
(Intel® pGFX -> Intel Corporation) C:\Windows\System32\igfxCUIService.exe
(Intel® pGFX -> Intel Corporation) C:\Windows\System32\igfxEM.exe
(Intel® pGFX -> Intel Corporation) C:\Windows\System32\igfxHK.exe
(Lenovo (Beijing) Limited -> Lenovo(beijing) Limited) C:\Program Files (x86)\Lenovo\Energy Manager\Energy Manager.exe
(Lenovo (Beijing) Limited -> Lenovo(beijing) Limited) C:\Program Files (x86)\Lenovo\Energy Manager\utility.exe
(Lenovo (Beijing) Limited -> Lenovo(beijing) Limited) C:\Program Files (x86)\Lenovo\Lenovo Settings\LenovoSetSvr.exe
(Lenovo (Beijing) Limited -> Lenovo(beijing) Limited) C:\Windows\System32\LenovoWiFiHotspotSvr.exe
(Lenovo (Beijing) Limited -> Lenovo) C:\Program Files (x86)\Lenovo\Lenovo Smart Voice\LsvController.exe
(Lenovo (Beijing) Limited -> Lenovo) C:\Program Files (x86)\Lenovo\Lenovo Smart Voice\LsvTrayLoad.exe
(Lenovo (Beijing) Limited -> Lenovo) C:\Program Files (x86)\Lenovo\Lenovo Smart Voice\LsvUIService.exe
(Lenovo (Beijing) Limited -> Lenovo) C:\Program Files\Lenovo PhoneCompanion\Phone Companion.exe
(Lenovo (Beijing) Limited -> Lenovo) C:\Program Files\Lenovo PhoneCompanion\PhoneCompanionPusher.exe
(Lenovo (Beijing) Limited -> Lenovo) C:\Program Files\Lenovo\Onekey Theater\OnekeyStudio.exe
(Maxthon (Asia) Limited. -> Maxthon) C:\Program Files (x86)\Maxthon\Modules\Service\Update\MaxthonUpdateSvc.exe
(Microsoft Corporation -> Microsoft Corporation) C:\Program Files (x86)\Microsoft Office\root\Office16\ONENOTEM.EXE
(Microsoft Corporation -> Microsoft Corporation) C:\Program Files\Common Files\microsoft shared\ClickToRun\OfficeClickToRun.exe
(Microsoft Corporation -> Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v3.0\WPF\PresentationFontCache.exe
(Microsoft Corporation) [File not signed] C:\Program Files\WindowsApps\Microsoft.SkypeApp_14.46.60.0_x64__kzf8qxf38zg5c\SkypeApp.exe
(Microsoft Windows -> Microsoft Corporation) C:\Program Files\rempl\sedlauncher.exe
(Microsoft Windows -> Microsoft Corporation) C:\Program Files\Windows Defender\MSASCuiL.exe
(Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\InputMethod\CHS\ChsIME.exe
(Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\smartscreen.exe
(Microsoft Windows Publisher -> Microsoft Corporation) C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.1905.4-0\MsMpEng.exe
(Microsoft Windows Publisher -> Microsoft Corporation) C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.1905.4-0\NisSrv.exe
(NVIDIA Corporation -> NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe
(NVIDIA Corporation -> NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe
(NVIDIA Corporation -> NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display.NvContainer\NVDisplay.Container.exe
(NVIDIA Corporation -> NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
(NVIDIA Corporation -> NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe
(NVIDIA Corporation -> NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe
(Realtek Semiconductor Corp -> Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe
(Realtek Semiconductor Corp -> Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe
(Realtek Semiconductor Corp -> Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe
(Realtek Semiconductor Corp -> Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
(Realtek Semiconductor Corp -> Realtek semiconductor) C:\Windows\RTFTrack.exe
(SEIKO EPSON CORPORATION -> Seiko Epson Corporation) C:\Windows\System32\escsvc64.exe
(SEIKO EPSON CORPORATION -> SEIKO EPSON CORPORATION) C:\Windows\System32\spool\drivers\x64\3\E_YATIRFE.EXE
(Synaptics Incorporated -> Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
(Synaptics Incorporated -> Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
 
==================== Registry (Whitelisted) ===========================
 
(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
 
HKLM\...\Run: [SecurityHealth] => C:\Program Files\Windows Defender\MSASCuiL.exe [638872 2018-04-12] (Microsoft Windows -> Microsoft Corporation)
HKLM\...\Run: [RtHDVCpl] => C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [13885696 2015-06-04] (Realtek Semiconductor Corp -> Realtek Semiconductor)
HKLM\...\Run: [RtHDVBg_LENOVO_DOLBYDRAGON] => C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe [1402624 2015-06-04] (Realtek Semiconductor Corp -> Realtek Semiconductor)
HKLM\...\Run: [RtHDVBg_LENOVO_MICPKEY] => C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe [1402624 2015-06-04] (Realtek Semiconductor Corp -> Realtek Semiconductor)
HKLM\...\Run: [RtsFT] => C:\WINDOWS\RTFTrack.exe [5060864 2015-06-16] (Realtek Semiconductor Corp -> Realtek semiconductor)
HKLM\...\Run: [NvBackend] => C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe [2234144 2014-01-21] (NVIDIA Corporation -> NVIDIA Corporation)
HKLM\...\Run: [ShadowPlay] => C:\windows\system32\nvspcap64.dll [1179576 2014-01-21] (NVIDIA CORPORATION -> NVIDIA Corporation) [File not signed]
HKLM\...\Run: [OnekeyStudio] => C:\Program Files\Lenovo\Onekey Theater\OnekeyStudio.exe [4196432 2012-09-15] (Lenovo (Beijing) Limited -> Lenovo)
HKLM\...\Run: [PhoneCompanion] => C:\Program Files\Lenovo PhoneCompanion\Phone Companion.exe [836592 2015-07-03] (Lenovo (Beijing) Limited -> Lenovo)
HKLM\...\Run: [Energy Manager] => C:\Program Files (x86)\Lenovo\Energy Manager\Energy Manager.exe [16094704 2015-07-03] (Lenovo (Beijing) Limited -> Lenovo(beijing) Limited)
HKLM\...\Run: [Lenovo Utility] => C:\Program Files (x86)\Lenovo\Energy Manager\Utility.exe [10973168 2015-07-03] (Lenovo (Beijing) Limited -> Lenovo(beijing) Limited)
HKLM\...\Run: [RtHDVBg_Dolby] => C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe [1402624 2015-06-04] (Realtek Semiconductor Corp -> Realtek Semiconductor)
HKLM\...\Run: [SynTPEnh] => C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [3947704 2015-08-29] (Synaptics Incorporated -> Synaptics Incorporated)
HKLM\...\Run: [Emsisoft Anti-Malware] => C:\Program Files\Emsisoft Anti-Malware\a2guard.exe [9668984 2019-04-16] (Emsisoft Ltd -> Emsisoft Ltd)
HKLM-x32\...\Run: [UpdateP2GShortCut] => C:\Program Files (x86)\Lenovo\Power2Go\MUITransfer\MUIStartMenu.exe [214312 2011-12-07] (CyberLink -> CyberLink Corp.)
HKU\S-1-5-19\...\RunOnce: [WAB Migrate] => C:\Program Files\Windows Mail\wab.exe [518144 2018-04-12] (Microsoft Windows -> Microsoft Corporation)
HKU\S-1-5-20\...\RunOnce: [WAB Migrate] => C:\Program Files\Windows Mail\wab.exe [518144 2018-04-12] (Microsoft Windows -> Microsoft Corporation)
HKU\S-1-5-21-427439225-1213319809-2569054467-1001\...\Run: [EPLTarget\P0000000000000000] => C:\WINDOWS\system32\spool\DRIVERS\x64\3\E_YATIRFE.EXE [417776 2014-11-14] (SEIKO EPSON CORPORATION -> SEIKO EPSON CORPORATION)
HKU\S-1-5-21-427439225-1213319809-2569054467-1001\...\Run: [PureVPN] => C:\Program Files (x86)\PureVPN\purevpn.exe [7277320 2019-05-17] (GZ Systems Limited -> )
HKU\S-1-5-21-427439225-1213319809-2569054467-1001\...\RunOnce: [Delete Cached Update Binary] => C:\WINDOWS\system32\cmd.exe /q /c del /q "C:\Users\lenovo\AppData\Local\Microsoft\OneDrive\Update\OneDriveSetup.exe"
HKU\S-1-5-21-427439225-1213319809-2569054467-1001\...\RunOnce: [Delete Cached Standalone Update Binary] => C:\WINDOWS\system32\cmd.exe /q /c del /q "C:\Users\lenovo\AppData\Local\Microsoft\OneDrive\StandaloneUpdater\OneDriveSetup.exe"
HKU\S-1-5-21-427439225-1213319809-2569054467-1001\...\RunOnce: [Uninstall 19.070.0410.0005\amd64] => C:\WINDOWS\system32\cmd.exe /q /c rmdir /s /q "C:\Users\lenovo\AppData\Local\Microsoft\OneDrive\19.070.0410.0005\amd64"
HKU\S-1-5-21-427439225-1213319809-2569054467-1001\...\RunOnce: [Uninstall 19.070.0410.0005] => C:\WINDOWS\system32\cmd.exe /q /c rmdir /s /q "C:\Users\lenovo\AppData\Local\Microsoft\OneDrive\19.070.0410.0005"
HKLM\...\Drivers32: [msacm.clmp3enc] => C:\Program Files (x86)\Lenovo\Power2Go\CLMP3Enc.ACM [217088 2005-05-14] (CyberLink Corp.) [File not signed]
HKLM\Software\Microsoft\Active Setup\Installed Components: [{8A69D345-D564-463c-AFF1-A69D9E530F96}] -> C:\Program Files (x86)\Google\Chrome\Application\74.0.3729.169\Installer\chrmstp.exe [2019-05-23] (Google LLC -> Google Inc.)
Startup: C:\Users\lenovo\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Send to OneNote.lnk [2019-06-04]
ShortcutTarget: Send to OneNote.lnk -> C:\Program Files (x86)\Microsoft Office\root\Office16\ONENOTEM.EXE (Microsoft Corporation -> Microsoft Corporation)
 
==================== Scheduled Tasks (Whitelisted) =============
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
Task: {0215DD50-2E02-47A4-81AB-095BC66B46F5} - System32\Tasks\Microsoft\Windows\Windows Defender\Windows Defender Cleanup => C:\ProgramData\Microsoft\Windows Defender\platform\4.18.1905.4-0\MpCmdRun.exe [469960 2019-06-05] (Microsoft Windows Publisher -> Microsoft Corporation)
Task: {08A182D1-576E-4B45-A78B-4602F88B2C4E} - System32\Tasks\Microsoft\Office\Office Automatic Updates 2.0 => C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeC2RClient.exe [23966000 2019-05-02] (Microsoft Corporation -> Microsoft Corporation)
Task: {096BA725-BB49-4FEF-A048-54B75F6432EB} - System32\Tasks\Adobe Acrobat Update Task => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [1195544 2018-12-16] (Adobe Systems, Incorporated -> Adobe Systems Incorporated)
Task: {0AFCF5D8-B491-4A63-881B-6240CC5D2749} - System32\Tasks\Maxthon Update => C:\Program Files (x86)\Maxthon\Bin\mxup.exe [1799448 2015-05-08] (Maxthon (Asia) Limited. -> Maxthon International ltd.)
Task: {1452DBB4-8078-47AA-9818-FF5CCC13DE5B} - System32\Tasks\Microsoft\Windows\Windows Defender\Windows Defender Scheduled Scan => C:\ProgramData\Microsoft\Windows Defender\platform\4.18.1905.4-0\MpCmdRun.exe [469960 2019-06-05] (Microsoft Windows Publisher -> Microsoft Corporation)
Task: {1AA60EC8-9F91-4EAB-A4FC-D014DA4E3B4C} - System32\Tasks\Microsoft\Office\OfficeTelemetryAgentFallBack2016 => C:\Program Files (x86)\Microsoft Office\root\Office16\msoia.exe [2417456 2019-05-21] (Microsoft Corporation -> Microsoft Corporation)
Task: {1EFC8E91-281B-4AB6-9B7D-B702B30E91B3} - System32\Tasks\Microsoft\Office\OfficeBackgroundTaskHandlerRegistration => C:\Program Files (x86)\Microsoft Office\root\Office16\officebackgroundtaskhandler.exe [1526880 2019-05-21] (Microsoft Corporation -> Microsoft Corporation)
Task: {2652084D-7D00-41AF-8AD4-7CC6749B088F} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [156456 2019-04-01] (Google Inc -> Google LLC)
Task: {318EA2C2-821F-4E88-9A5E-60DD836367B1} - System32\Tasks\Microsoft\Office\OfficeTelemetryAgentLogOn2016 => C:\Program Files (x86)\Microsoft Office\root\Office16\msoia.exe [2417456 2019-05-21] (Microsoft Corporation -> Microsoft Corporation)
Task: {352E6CA0-7314-4DF4-89C4-682368D80D57} - System32\Tasks\Microsoft\Windows\Workplace Join\Automatic-Workplace-Join => C:\WINDOWS\System32\AutoWorkplace.exe
Task: {5A3FB241-0B11-4EA5-BC66-0D9F1B406040} - System32\Tasks\Microsoft\Windows\Customer Experience Improvement Program\BthSQM => {C8367320-6F85-11E0-A1F0-0800200C9A66} C:\WINDOWS\System32\BthTelemetry.dll [33280 2018-04-12] (Microsoft Windows -> Microsoft Corporation)
Task: {5B79840E-AE03-4654-81BA-5CE3ACBBF343} - System32\Tasks\Microsoft\Office\OfficeOsfInstaller => C:\Program Files (x86)\Microsoft Office\root\VFS\ProgramFilesCommonX86\Microsoft Shared\Office16\osfinstaller.exe [87344 2019-05-21] (Microsoft Corporation -> Microsoft Corporation)
Task: {627ADC19-E9AB-441C-8B6D-20B38F2F8372} - System32\Tasks\Microsoft\Office\Office Subscription Maintenance => C:\Program Files (x86)\Microsoft Office\root\vfs\ProgramFilesCommonx86\Microsoft Shared\Office16\OLicenseHeartbeat.exe [753456 2019-05-21] (Microsoft Corporation -> Microsoft Corporation)
Task: {6C6E7AD7-55CB-4138-9A34-68D26CDB53C2} - System32\Tasks\Microsoft\Office\Office ClickToRun Service Monitor => C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeC2RClient.exe [23966000 2019-05-02] (Microsoft Corporation -> Microsoft Corporation)
Task: {6DB4E952-F5DF-4BFC-91A7-14DD4C4724BD} - System32\Tasks\Adobe Flash Player PPAPI Notifier => C:\WINDOWS\SysWOW64\Macromed\Flash\FlashUtil32_32_0_0_192_pepper.exe [1452600 2019-05-15] (Adobe Inc. -> Adobe)
Task: {6DFCB649-0769-4F83-BB10-F60F235F6D3D} - System32\Tasks\Microsoft\Windows\SkyDrive\Idle Sync Maintenance Task => {BF6C1E47-86EC-4194-9CE5-13C15DCB2001}
Task: {77C7D347-DB90-4CF1-93D2-72352CAE24F3} - System32\Tasks\PDVDServ Task => C:\Program Files (x86)\Lenovo\PowerDVD10\PDVD10Serv.EXE [95192 2013-03-09] (CyberLink Corp. -> CyberLink Corp.)
Task: {79CC6212-67EE-461F-91B9-04770B6A9C68} - System32\Tasks\Adobe Flash Player NPAPI Notifier => C:\WINDOWS\SysWOW64\Macromed\Flash\FlashUtil32_32_0_0_192_Plugin.exe [1457208 2019-05-15] (Adobe Inc. -> Adobe)
Task: {8451AED5-D0E6-43A2-B393-33F8EC326A15} - System32\Tasks\ISM-UpdateService-4e00205a-2ab1-4423-8f77-cc25b82cde1d => C:\Program Files (x86)\Intel\Intel® ME FW Recovery Agent\bin\Bootstrap.exe [233760 2013-03-08] (Intel® Services Manager -> Intel Corporation)
Task: {872D0E53-FD2E-41E3-B431-698AF82882CE} - System32\Tasks\Microsoft\Windows\SkyDrive\Routine Maintenance Task => {1B1F472E-3221-4826-97DB-2C2324D389AE}
Task: {8E7C313D-80AB-4674-BEDB-8FAF06BBBDAF} - System32\Tasks\ISM-UpdateService-4e00205a-2ab1-4423-8f77-cc25b82cde1d-Logon => C:\Program Files (x86)\Intel\Intel® ME FW Recovery Agent\bin\Bootstrap.exe [233760 2013-03-08] (Intel® Services Manager -> Intel Corporation)
Task: {969C70D2-D6D0-4B0B-B3BC-80F7B24EC4DC} - System32\Tasks\Microsoft\Office\OfficeBackgroundTaskHandlerLogon => C:\Program Files (x86)\Microsoft Office\root\Office16\officebackgroundtaskhandler.exe [1526880 2019-05-21] (Microsoft Corporation -> Microsoft Corporation)
Task: {A35FC4CB-90DE-44AA-92AE-DCE7CE67BFB8} - System32\Tasks\DolbySelectorTask => C:\Program Files\Dolby Digital Plus\ddp.exe
Task: {A6C79FCB-D0D9-4B9B-B486-993BDF36B3B1} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [156456 2019-04-01] (Google Inc -> Google LLC)
Task: {BB38B400-DE2D-4F64-99F8-F8694005BB33} - System32\Tasks\EPSON XP-243 245 247 Series Update {C92F089D-AF6B-428E-A685-3A76B7D4AFD7} => C:\WINDOWS\system32\spool\DRIVERS\x64\3\E_YTSRFE.EXE [690536 2013-11-22] (SEIKO EPSON CORPORATION -> SEIKO EPSON CORPORATION)
Task: {C197E6DB-52EC-48C0-8A1A-404F3BCFDFF5} - System32\Tasks\Microsoft\Windows\Windows Defender\Windows Defender Cache Maintenance => C:\ProgramData\Microsoft\Windows Defender\platform\4.18.1905.4-0\MpCmdRun.exe [469960 2019-06-05] (Microsoft Windows Publisher -> Microsoft Corporation)
Task: {C91E6DD6-C70B-426C-8602-8297E0A5B4B7} - System32\Tasks\Microsoft\Windows\Windows Defender\Windows Defender Verification => C:\ProgramData\Microsoft\Windows Defender\platform\4.18.1905.4-0\MpCmdRun.exe [469960 2019-06-05] (Microsoft Windows Publisher -> Microsoft Corporation)
Task: {CE2DE968-E342-40D7-9566-427D45E4A886} - System32\Tasks\Microsoft\Windows\PerfTrack\BackgroundConfigSurveyor => {EA9155A3-8A39-40B4-8963-D3C761B18371}
Task: {EAC7CFAD-63D4-43A1-846B-845970CAD46F} - System32\Tasks\Lenovo Smart Voice => C:\Program Files (x86)\Lenovo\Lenovo Smart Voice\LsvTrayLoad.exe [154896 2015-07-03] (Lenovo (Beijing) Limited -> Lenovo)
Task: {EB770AE7-02D1-4D2B-A930-BD614356156B} - System32\Tasks\Microsoft\Windows\Shell\FamilySafetyUpload => {EBF00FCB-0769-4B81-9BEC-6C05514111AA}
Task: {EE4032F7-799E-4C32-A992-E10118ECA854} - System32\Tasks\Synaptics TouchPad Enhancements => C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [3947704 2015-08-29] (Synaptics Incorporated -> Synaptics Incorporated)
Task: {F99E03E8-E2E0-433F-BBB8-F316DB7B8284} - System32\Tasks\Adobe Flash Player Updater => C:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [335416 2019-05-15] (Adobe Inc. -> Adobe)
 
(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)
 
Task: C:\WINDOWS\Tasks\EPSON XP-243 245 247 Series Update {C92F089D-AF6B-428E-A685-3A76B7D4AFD7}.job => C:\WINDOWS\system32\spool\DRIVERS\x64\3\E_YTSRFE.EXE:/EXE:{C92F089D-AF6B-428E-A685-3A76B7D4AFD7} /F:UpdateWORKGROUP\LENOVO-PC$ĊSearches for EPSON software updates, and notifies you when updates are available.If this task is disabled or stopped, your EPSON software will not be automatically kept up to date.Thi
 
==================== Internet (Whitelisted) ====================
 
(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
 
Tcpip\..\Interfaces\{50B3B552-9C67-48EF-8117-15D8A3CFABBC}: [NameServer] 37.230.173.3 37.230.173.5
Tcpip\..\Interfaces\{f9fbae75-18b5-4eae-b208-3fe16d557b12}: [DhcpNameServer] 192.168.1.1
 
Internet Explorer:
==================
HKU\S-1-5-21-427439225-1213319809-2569054467-1001\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://lenovo13.msn.com/?pc=LCJB
HKU\S-1-5-21-427439225-1213319809-2569054467-1001\Software\Microsoft\Internet Explorer\Main,Secondary Start Pages = hxxp://www.lenovo.com
BHO: Skype for Business Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files (x86)\Microsoft Office\root\VFS\ProgramFilesX64\Microsoft Office\Office16\OCHelper.dll [2019-05-21] (Microsoft Corporation -> Microsoft Corporation)
BHO-x32: Skype for Business Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files (x86)\Microsoft Office\root\Office16\OCHelper.dll [2019-01-12] (Microsoft Corporation -> Microsoft Corporation)
Handler-x32: mso-minsb-roaming.16 - {83C25742-A9F7-49FB-9138-434302C88D07} - C:\Program Files (x86)\Microsoft Office\root\Office16\MSOSB.DLL [2019-01-12] (Microsoft Corporation -> Microsoft Corporation)
Handler-x32: mso-minsb.16 - {42089D2D-912D-4018-9087-2B87803E93FB} - C:\Program Files (x86)\Microsoft Office\root\Office16\MSOSB.DLL [2019-01-12] (Microsoft Corporation -> Microsoft Corporation)
Handler-x32: osf-roaming.16 - {42089D2D-912D-4018-9087-2B87803E93FB} - C:\Program Files (x86)\Microsoft Office\root\Office16\MSOSB.DLL [2019-01-12] (Microsoft Corporation -> Microsoft Corporation)
Handler-x32: osf.16 - {5504BE45-A83B-4808-900A-3A5C36E7F77A} - C:\Program Files (x86)\Microsoft Office\root\Office16\MSOSB.DLL [2019-01-12] (Microsoft Corporation -> Microsoft Corporation)
 
FireFox:
========
FF ProfilePath: C:\Users\lenovo\AppData\Roaming\Mozilla\Firefox\Profiles\8okj97py.default-1554129111805 [2019-04-02]
FF Plugin: @adobe.com/FlashPlayer -> C:\WINDOWS\system32\Macromed\Flash\NPSWF64_32_0_0_192.dll [2019-05-15] (Adobe Inc. -> )
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.50918.0\npctrl.dll [2018-10-23] (Microsoft Corporation ->  Microsoft Corporation)
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\WINDOWS\SysWOW64\Macromed\Flash\NPSWF32_32_0_0_192.dll [2019-05-15] (Adobe Inc. -> )
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI ipt;version=4.0.5 -> C:\Program Files (x86)\Intel\Intel® Management Engine Components\IPT\npIntelWebAPIIPT.dll [2013-09-17] (Intel® Identity Protection Technology Software -> Intel Corporation)
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI updater -> C:\Program Files (x86)\Intel\Intel® Management Engine Components\IPT\npIntelWebAPIUpdater.dll [2013-09-17] (Intel® Identity Protection Technology Software -> Intel Corporation)
FF Plugin-x32: @microsoft.com/Lync,version=15.0 -> C:\Program Files (x86)\Microsoft Office\root\VFS\ProgramFilesX86\Mozilla Firefox\plugins\npmeetingjoinpluginoc.dll [2019-01-12] (Microsoft Corporation -> Microsoft Corporation)
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files (x86)\Microsoft Silverlight\5.1.50918.0\npctrl.dll [2018-10-23] (Microsoft Corporation ->  Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\Program Files (x86)\Microsoft Office\root\Office16\NPSPWRAP.DLL [2019-01-12] (Microsoft Corporation -> Microsoft Corporation)
FF Plugin-x32: @nvidia.com/3DVision -> C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll [2016-12-29] (NVIDIA Corporation PE Sign v2016 -> NVIDIA Corporation) [File not signed]
FF Plugin-x32: @nvidia.com/3DVisionStreaming -> C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll [2016-12-29] (NVIDIA Corporation PE Sign v2016 -> NVIDIA Corporation) [File not signed]
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.34.11\npGoogleUpdate3.dll [2019-05-15] (Google Inc -> Google LLC)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.34.11\npGoogleUpdate3.dll [2019-05-15] (Google Inc -> Google LLC)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AIR\nppdf32.dll [2019-05-03] (Adobe Inc. -> Adobe Systems Inc.)
 
Chrome: 
=======
CHR Profile: C:\Users\lenovo\AppData\Local\Google\Chrome\User Data\Default [2019-06-08]
CHR Extension: (Slides) - C:\Users\lenovo\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2019-04-01]
CHR Extension: (Docs) - C:\Users\lenovo\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2019-04-01]
CHR Extension: (Google Drive) - C:\Users\lenovo\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2019-04-01]
CHR Extension: (YouTube) - C:\Users\lenovo\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2019-04-01]
CHR Extension: (Sheets) - C:\Users\lenovo\AppData\Local\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2019-04-01]
CHR Extension: (Google Docs Offline) - C:\Users\lenovo\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2019-04-02]
CHR Extension: (AdBlock) - C:\Users\lenovo\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom [2019-06-05]
CHR Extension: (Chrome Web Store Payments) - C:\Users\lenovo\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2019-04-02]
CHR Extension: (Gmail) - C:\Users\lenovo\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2019-04-01]
CHR Extension: (Chrome Media Router) - C:\Users\lenovo\AppData\Local\Google\Chrome\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm [2019-05-23]
 
==================== Services (Whitelisted) ====================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
R2 a2AntiMalware; C:\Program Files\Emsisoft Anti-Malware\a2service.exe [9639384 2019-04-16] (Emsisoft Ltd -> Emsisoft Ltd)
R2 ClickToRunSvc; C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exe [9677912 2019-05-02] (Microsoft Corporation -> Microsoft Corporation)
R2 EpsonScanSvc; C:\WINDOWS\system32\EscSvc64.exe [145224 2016-11-08] (SEIKO EPSON CORPORATION -> Seiko Epson Corporation)
R2 ibtsiva; C:\WINDOWS\system32\ibtsiva.exe [184064 2017-01-13] (Intel Corporation-Wireless Connectivity Solutions -> Intel Corporation)
R2 ibtsiva; C:\WINDOWS\SysWOW64\ibtsiva.exe [121288 2014-03-11] (Intel Corporation-Mobile Wireless Group -> Intel Corporation)
R2 igfxCUIService2.0.0.0; C:\WINDOWS\system32\igfxCUIService.exe [373752 2017-04-23] (Intel® pGFX -> Intel Corporation)
R2 Intel® Capability Licensing Service Interface; C:\Program Files\Intel\iCLS Client\HeciServer.exe [747520 2013-08-28] (Intel® Corporation) [File not signed]
S3 Intel® Capability Licensing Service TCP IP Interface; C:\Program Files\Intel\iCLS Client\SocketHeciServer.exe [828376 2013-08-28] (Intel® Trusted Connect Service -> Intel® Corporation)
R2 Intel® ME Service; C:\Program Files (x86)\Intel\Intel® Management Engine Components\FWService\IntelMeFWService.exe [131544 2013-09-17] (Intel Corporation - Intel® Management Engine Firmware -> Intel Corporation)
R2 jhi_service; C:\Program Files (x86)\Intel\Intel® Management Engine Components\DAL\jhi_service.exe [169432 2013-09-17] (Intel Corporation - Intel® Management Engine Firmware -> Intel Corporation)
R2 LenovoSetSvr; C:\Program Files (x86)\Lenovo\Lenovo Settings\LenovoSetSvr.exe [389680 2015-07-03] (Lenovo (Beijing) Limited -> Lenovo(beijing) Limited)
R2 LenovoWiFiHotspotSvr; C:\Windows\System32\LenovoWiFiHotspotSvr.exe [198192 2015-07-03] (Lenovo (Beijing) Limited -> Lenovo(beijing) Limited)
R2 LsvUIService; C:\Program Files (x86)\Lenovo\Lenovo Smart Voice\LsvUIService.exe [70416 2015-07-03] (Lenovo (Beijing) Limited -> Lenovo)
R2 MaxthonUpdateSvc; C:\Program Files (x86)\Maxthon\Modules\Service\Update\MaxthonUpdateSvc.exe [1880864 2018-02-10] (Maxthon (Asia) Limited. -> Maxthon)
R2 NvNetworkService; C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe [1593632 2014-01-21] (NVIDIA Corporation -> NVIDIA Corporation)
R2 NvStreamSvc; C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe [16939296 2014-01-21] (NVIDIA Corporation -> NVIDIA Corporation)
S2 PGService; C:\Program Files (x86)\Lenovo\Motion Control\PGService.exe [163624 2014-01-08] (PointGrab Ltd -> PointGrab LTD)
R2 PhoneCompanionPusher; C:\Program Files\Lenovo PhoneCompanion\PhoneCompanionPusher.exe [288240 2015-07-03] (Lenovo (Beijing) Limited -> Lenovo)
S3 PhoneCompanionVap; C:\Program Files\Lenovo PhoneCompanion\PhoneCompanionVap.exe [308720 2015-07-03] (Lenovo (Beijing) Limited -> Lenovo)
R2 PureVPNService; C:\Program Files (x86)\PureVPN\PureVPNService.exe [189192 2019-05-17] (GZ Systems Limited -> )
R2 RichVideo64; C:\Program Files\CyberLink\Shared files\RichVideo64.exe [390632 2012-04-25] (CyberLink -> )
S3 TESHelper; c:\Program Files\Common Files\Lenovo\Magic Transfer\x64\MagicTransferTESHelper.exe [104696 2015-07-03] (Lenovo -> Lenovo)
R3 WdNisSvc; C:\ProgramData\Microsoft\Windows Defender\platform\4.18.1905.4-0\NisSrv.exe [2433136 2019-06-05] (Microsoft Windows Publisher -> Microsoft Corporation)
R2 WinDefend; C:\ProgramData\Microsoft\Windows Defender\platform\4.18.1905.4-0\MsMpEng.exe [109896 2019-06-05] (Microsoft Windows Publisher -> Microsoft Corporation)
S2 WsAppService; C:\Program Files (x86)\Wondershare\WAF\2.4.3.236\WsAppService.exe [495840 2018-01-26] (Wondershare Technology Co.,Ltd -> Wondershare)
S2 WsDrvInst; C:\Program Files (x86)\Wondershare\drfone\Library\DriverInstaller\DriverInstall.exe [120096 2018-01-16] (Wondershare Technology Co.,Ltd -> Wondershare)
R2 NVDisplay.ContainerLocalSystem; "C:\Program Files\NVIDIA Corporation\Display.NvContainer\NVDisplay.Container.exe" -s NVDisplay.ContainerLocalSystem -f "C:\ProgramData\NVIDIA\NVDisplay.ContainerLocalSystem.log" -l 3 -d "C:\Program Files\NVIDIA Corporation\Display.NvContainer\plugins\LocalSystem"
 
===================== Drivers (Whitelisted) ======================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
R1 epp; C:\Program Files\Emsisoft Anti-Malware\epp.sys [168328 2019-04-08] (Emsisoft Ltd -> Emsisoft Ltd)
R0 eppdisk; C:\WINDOWS\System32\drivers\eppdisk.sys [37064 2018-04-02] (Emsisoft Ltd -> Emsisoft Ltd)
R1 eppwfp; C:\Program Files\Emsisoft Anti-Malware\eppwfp.sys [131952 2019-01-02] (Emsisoft Ltd -> Emsisoft Ltd)
R3 ibtusb; C:\WINDOWS\system32\DRIVERS\ibtusb.sys [231168 2017-01-13] (Intel Corporation-Wireless Connectivity Solutions -> Intel Corporation)
R3 MEIx64; C:\WINDOWS\system32\DRIVERS\TeeDriverx64.sys [99288 2013-09-17] (Intel Corporation - Intel® Management Engine Firmware -> Intel Corporation)
R3 Neo_VPN; C:\WINDOWS\System32\drivers\neo_vpn.sys [29744 2016-07-22] (GZ Systems Limited -> PureVPN)
R3 NETwNb64; C:\WINDOWS\System32\drivers\Netwbw02.sys [3485696 2018-04-12] (Microsoft Windows -> Intel Corporation)
R3 nvlddmkm; C:\WINDOWS\System32\DriverStore\FileRepository\nvltwu.inf_amd64_dc8ffafad3ea7ddd\nvlddmkm.sys [14190520 2017-01-17] (NVIDIA Corporation -> NVIDIA Corporation)
R3 nvvad_WaveExtensible; C:\WINDOWS\system32\drivers\nvvad64v.sys [39200 2013-12-28] (NVIDIA Corporation -> NVIDIA Corporation)
R3 rt640x64; C:\WINDOWS\System32\drivers\rt640x64.sys [886528 2015-07-22] (Realtek Semiconductor Corp -> Realtek )
R3 RTSPER; C:\WINDOWS\system32\DRIVERS\RtsPer.sys [761600 2015-06-15] (Realtek Semiconductor Corp -> Realsil Semiconductor Corporation)
R3 rtsuvc; C:\WINDOWS\system32\DRIVERS\rtsuvc.sys [3068160 2015-06-16] (Realtek Semiconductor Corp -> Realtek Semiconductor Corp.)
R3 SmbDrvI; C:\WINDOWS\system32\DRIVERS\Smb_driver_Intel.sys [42696 2015-08-29] (Synaptics Incorporated -> Synaptics Incorporated)
R3 tap0901; C:\WINDOWS\System32\drivers\tap0901.sys [39040 2018-02-06] (GZ Systems Limited -> The OpenVPN Project)
U3 TrueSight; C:\Windows\System32\drivers\truesight.sys [28272 2019-03-29] (Adlice -> )
S0 WdBoot; C:\WINDOWS\System32\drivers\wd\WdBoot.sys [47496 2019-06-05] (Microsoft Windows Early Launch Anti-malware Publisher -> Microsoft Corporation)
R0 WdFilter; C:\WINDOWS\System32\drivers\wd\WdFilter.sys [337632 2019-06-05] (Microsoft Windows -> Microsoft Corporation)
R3 WdNisDrv; C:\WINDOWS\System32\drivers\wd\WdNisDrv.sys [53984 2019-06-05] (Microsoft Windows -> Microsoft Corporation)
S3 wsvd; C:\WINDOWS\system32\DRIVERS\wsvd.sys [102376 2012-06-14] (CyberLink -> "CyberLink)
 
==================== NetSvcs (Whitelisted) ===================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
 
==================== One month (created) ========
 
(If an entry is included in the fixlist, the file/folder will be moved.)
 
2019-06-08 05:14 - 2019-06-08 05:15 - 000034825 _____ C:\Users\lenovo\Desktop\FRST.txt
2019-06-08 05:13 - 2019-06-08 05:14 - 000000000 ____D C:\FRST
2019-06-08 05:12 - 2019-06-08 05:12 - 002417664 _____ (Farbar) C:\Users\lenovo\Desktop\FRST64.exe
2019-06-08 05:10 - 2019-06-08 05:11 - 000000000 ____D C:\AdwCleaner
2019-06-08 05:10 - 2019-06-08 05:10 - 007025360 _____ (Malwarebytes) C:\Users\lenovo\Desktop\adwcleaner_7.3.exe
2019-05-29 08:55 - 2019-05-29 08:55 - 000126938 _____ C:\Users\lenovo\Downloads\0429954775 (1).PDF
2019-05-22 10:19 - 2019-02-13 13:47 - 001909560 _____ (Microsoft Corporation) C:\WINDOWS\system32\mcupdate_GenuineIntel.dll
2019-05-21 04:00 - 2019-05-21 04:00 - 000002509 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Skype for Business.lnk
2019-05-21 04:00 - 2019-05-21 04:00 - 000002504 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Word.lnk
2019-05-21 04:00 - 2019-05-21 04:00 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Office Tools
2019-05-16 00:40 - 2019-05-03 20:14 - 000790208 _____ (Microsoft Corporation) C:\WINDOWS\system32\fontdrvhost.exe
2019-05-16 00:40 - 2019-05-03 20:13 - 001376472 _____ (Microsoft Corporation) C:\WINDOWS\system32\ole32.dll
2019-05-16 00:40 - 2019-05-03 20:13 - 000396088 _____ (Adobe Systems Incorporated) C:\WINDOWS\system32\atmfd.dll
2019-05-16 00:40 - 2019-05-03 19:55 - 000123392 _____ (Microsoft Corporation) C:\WINDOWS\system32\fontsub.dll
2019-05-16 00:40 - 2019-05-03 19:54 - 000177664 _____ (Microsoft Corporation) C:\WINDOWS\system32\t2embed.dll
2019-05-16 00:40 - 2019-05-03 19:52 - 000119808 _____ (Microsoft Corporation) C:\WINDOWS\system32\wercplsupport.dll
2019-05-16 00:40 - 2019-05-03 19:51 - 003613696 _____ (Microsoft Corporation) C:\WINDOWS\system32\win32kfull.sys
2019-05-16 00:40 - 2019-05-03 19:51 - 001364992 _____ (Microsoft Corporation) C:\WINDOWS\system32\bcastdvruserservice.dll
2019-05-16 00:40 - 2019-05-03 19:50 - 004054528 _____ (Microsoft Corporation) C:\WINDOWS\system32\msi.dll
2019-05-16 00:40 - 2019-05-03 19:50 - 001663488 _____ (Microsoft Corporation) C:\WINDOWS\system32\GdiPlus.dll
2019-05-16 00:40 - 2019-05-03 19:49 - 001288704 _____ (Microsoft Corporation) C:\WINDOWS\system32\werconcpl.dll
2019-05-16 00:40 - 2019-05-03 19:49 - 000488448 _____ (Microsoft Corporation) C:\WINDOWS\system32\werui.dll
2019-05-16 00:40 - 2019-05-03 19:49 - 000210944 _____ (Microsoft Corporation) C:\WINDOWS\system32\DWWIN.EXE
2019-05-16 00:40 - 2019-05-03 19:43 - 001027008 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ole32.dll
2019-05-16 00:40 - 2019-05-03 19:43 - 000662328 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\fontdrvhost.exe
2019-05-16 00:40 - 2019-05-03 19:30 - 000138752 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\t2embed.dll
2019-05-16 00:40 - 2019-05-03 19:30 - 000098304 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\fontsub.dll
2019-05-16 00:40 - 2019-05-03 19:28 - 002882048 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\win32kfull.sys
2019-05-16 00:40 - 2019-05-03 19:28 - 000089600 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\olepro32.dll
2019-05-16 00:40 - 2019-05-03 19:27 - 000176640 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\DWWIN.EXE
2019-05-16 00:40 - 2019-05-03 19:26 - 000425472 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\werui.dll
2019-05-16 00:40 - 2019-05-03 19:25 - 004055040 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msi.dll
2019-05-16 00:40 - 2019-05-03 19:25 - 001471488 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\GdiPlus.dll
2019-05-16 00:40 - 2019-05-03 14:43 - 000177128 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\intelpep.sys
2019-05-16 00:40 - 2019-05-03 14:36 - 001035256 _____ (Microsoft Corporation) C:\WINDOWS\system32\ApplyTrustOffline.exe
2019-05-16 00:40 - 2019-05-03 14:34 - 000159864 _____ (Microsoft Corporation) C:\WINDOWS\system32\WerFaultSecure.exe
2019-05-16 00:40 - 2019-05-03 14:33 - 005625152 _____ (Microsoft Corporation) C:\WINDOWS\system32\StartTileData.dll
2019-05-16 00:40 - 2019-05-03 14:33 - 001219896 _____ (Microsoft Corporation) C:\WINDOWS\system32\hvix64.exe
2019-05-16 00:40 - 2019-05-03 14:33 - 001027384 _____ (Microsoft Corporation) C:\WINDOWS\system32\hvax64.exe
2019-05-16 00:40 - 2019-05-03 14:33 - 000709720 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\cng.sys
2019-05-16 00:40 - 2019-05-03 14:33 - 000568104 _____ (Microsoft Corporation) C:\WINDOWS\system32\tcblaunch.exe
2019-05-16 00:40 - 2019-05-03 14:33 - 000134968 _____ (Microsoft Corporation) C:\WINDOWS\system32\hvloader.dll
2019-05-16 00:40 - 2019-05-03 14:33 - 000076088 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\hvservice.sys
2019-05-16 00:40 - 2019-05-03 14:33 - 000063072 _____ (Microsoft Corporation) C:\WINDOWS\system32\cryptdll.dll
2019-05-16 00:40 - 2019-05-03 14:32 - 000793640 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\dxgmms2.sys
2019-05-16 00:40 - 2019-05-03 14:32 - 000776784 _____ (Microsoft Corporation) C:\WINDOWS\system32\wer.dll
2019-05-16 00:40 - 2019-05-03 14:32 - 000493880 _____ (Microsoft Corporation) C:\WINDOWS\system32\WerFault.exe
2019-05-16 00:40 - 2019-05-03 14:32 - 000438984 _____ (Microsoft Corporation) C:\WINDOWS\system32\Faultrep.dll
2019-05-16 00:40 - 2019-05-03 14:32 - 000209208 _____ (Microsoft Corporation) C:\WINDOWS\system32\wermgr.exe
2019-05-16 00:40 - 2019-05-03 14:32 - 000170296 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\ksecpkg.sys
2019-05-16 00:40 - 2019-05-03 14:32 - 000164664 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\wfplwfs.sys
2019-05-16 00:40 - 2019-05-03 14:31 - 009084432 _____ (Microsoft Corporation) C:\WINDOWS\system32\ntoskrnl.exe
2019-05-16 00:40 - 2019-05-03 14:31 - 007519888 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Media.Protection.PlayReady.dll
2019-05-16 00:40 - 2019-05-03 14:31 - 007436536 _____ (Microsoft Corporation) C:\WINDOWS\system32\windows.storage.dll
2019-05-16 00:40 - 2019-05-03 14:31 - 002811192 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\dxgkrnl.sys
2019-05-16 00:40 - 2019-05-03 14:31 - 002771256 _____ (Microsoft Corporation) C:\WINDOWS\system32\iertutil.dll
2019-05-16 00:40 - 2019-05-03 14:31 - 001459328 _____ (Microsoft Corporation) C:\WINDOWS\system32\winload.efi
2019-05-16 00:40 - 2019-05-03 14:31 - 001260480 _____ (Microsoft Corporation) C:\WINDOWS\system32\winload.exe
2019-05-16 00:40 - 2019-05-03 14:31 - 001141224 _____ (Microsoft Corporation) C:\WINDOWS\system32\winresume.efi
2019-05-16 00:40 - 2019-05-03 14:31 - 001098064 _____ (Microsoft Corporation) C:\WINDOWS\system32\msvproc.dll
2019-05-16 00:40 - 2019-05-03 14:31 - 000983632 _____ (Microsoft Corporation) C:\WINDOWS\system32\winresume.exe
2019-05-16 00:40 - 2019-05-03 14:31 - 000545808 _____ (Microsoft Corporation) C:\WINDOWS\system32\hal.dll
2019-05-16 00:40 - 2019-05-03 14:31 - 000412984 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\dxgmms1.sys
2019-05-16 00:40 - 2019-05-03 14:31 - 000115728 _____ (Microsoft Corporation) C:\WINDOWS\system32\kdnet.dll
2019-05-16 00:40 - 2019-05-03 14:20 - 000434704 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\WerFault.exe
2019-05-16 00:40 - 2019-05-03 14:20 - 000384976 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Faultrep.dll
2019-05-16 00:40 - 2019-05-03 14:20 - 000192016 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wermgr.exe
2019-05-16 00:40 - 2019-05-03 14:20 - 000146920 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\WerFaultSecure.exe
2019-05-16 00:40 - 2019-05-03 14:19 - 006043712 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\windows.storage.dll
2019-05-16 00:40 - 2019-05-03 14:19 - 000665224 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wer.dll
2019-05-16 00:40 - 2019-05-03 14:19 - 000056288 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\cryptdll.dll
2019-05-16 00:40 - 2019-05-03 14:18 - 006569344 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Media.Protection.PlayReady.dll
2019-05-16 00:40 - 2019-05-03 14:18 - 002258640 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\iertutil.dll
2019-05-16 00:40 - 2019-05-03 14:18 - 001130568 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msvproc.dll
2019-05-16 00:40 - 2019-05-03 14:12 - 025855488 _____ (Microsoft Corporation) C:\WINDOWS\system32\edgehtml.dll
2019-05-16 00:40 - 2019-05-03 14:10 - 022017024 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\edgehtml.dll
2019-05-16 00:40 - 2019-05-03 14:05 - 022716416 _____ (Microsoft Corporation) C:\WINDOWS\system32\mshtml.dll
2019-05-16 00:40 - 2019-05-03 14:02 - 019401216 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mshtml.dll
2019-05-16 00:40 - 2019-05-03 14:02 - 004866048 _____ (Microsoft Corporation) C:\WINDOWS\system32\jscript9.dll
2019-05-16 00:40 - 2019-05-03 14:01 - 008189440 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Data.Pdf.dll
2019-05-16 00:40 - 2019-05-03 14:00 - 006661632 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Data.Pdf.dll
2019-05-16 00:40 - 2019-05-03 14:00 - 003400192 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppXDeploymentServer.dll
2019-05-16 00:40 - 2019-05-03 14:00 - 000120832 _____ (Microsoft Corporation) C:\WINDOWS\system32\microsoft-windows-kernel-processor-power-events.dll
2019-05-16 00:40 - 2019-05-03 14:00 - 000099328 _____ (Microsoft Corporation) C:\WINDOWS\system32\utcutil.dll
2019-05-16 00:40 - 2019-05-03 13:59 - 007593472 _____ (Microsoft Corporation) C:\WINDOWS\system32\Chakra.dll
2019-05-16 00:40 - 2019-05-03 13:59 - 005788672 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Chakra.dll
2019-05-16 00:40 - 2019-05-03 13:59 - 003710976 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\jscript9.dll
2019-05-16 00:40 - 2019-05-03 13:59 - 001307648 _____ (Microsoft Corporation) C:\WINDOWS\system32\MSVPXENC.dll
2019-05-16 00:40 - 2019-05-03 13:59 - 000514560 _____ (Microsoft Corporation) C:\WINDOWS\system32\nltest.exe
2019-05-16 00:40 - 2019-05-03 13:59 - 000209408 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppXApplicabilityBlob.dll
2019-05-16 00:40 - 2019-05-03 13:59 - 000204288 _____ (Microsoft Corporation) C:\WINDOWS\system32\wersvc.dll
2019-05-16 00:40 - 2019-05-03 13:59 - 000154112 _____ (Microsoft Corporation) C:\WINDOWS\system32\Chakradiag.dll
2019-05-16 00:40 - 2019-05-03 13:58 - 002175488 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppXDeploymentExtensions.onecore.dll
2019-05-16 00:40 - 2019-05-03 13:58 - 001708544 _____ (Microsoft Corporation) C:\WINDOWS\system32\MSPhotography.dll
2019-05-16 00:40 - 2019-05-03 13:58 - 001361408 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MSPhotography.dll
2019-05-16 00:40 - 2019-05-03 13:58 - 000894464 _____ (Microsoft Corporation) C:\WINDOWS\system32\webplatstorageserver.dll
2019-05-16 00:40 - 2019-05-03 13:58 - 000726528 _____ (Microsoft Corporation) C:\WINDOWS\system32\jscript9diag.dll
2019-05-16 00:40 - 2019-05-03 13:58 - 000462336 _____ (Microsoft Corporation) C:\WINDOWS\system32\bcdedit.exe
2019-05-16 00:40 - 2019-05-03 13:58 - 000074240 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dtdump.exe
2019-05-16 00:40 - 2019-05-03 13:57 - 001826816 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.CloudStore.dll
2019-05-16 00:40 - 2019-05-03 13:57 - 001560576 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppXDeploymentExtensions.desktop.dll
2019-05-16 00:40 - 2019-05-03 13:57 - 001549824 _____ (Microsoft Corporation) C:\WINDOWS\system32\lsasrv.dll
2019-05-16 00:40 - 2019-05-03 13:57 - 001295872 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MSVPXENC.dll
2019-05-16 00:40 - 2019-05-03 13:57 - 000808448 _____ (Microsoft Corporation) C:\WINDOWS\system32\EdgeManager.dll
2019-05-16 00:40 - 2019-05-03 13:57 - 000608768 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\EdgeManager.dll
2019-05-16 00:40 - 2019-05-03 13:57 - 000561152 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\jscript9diag.dll
2019-05-16 00:40 - 2019-05-03 13:56 - 005350912 _____ (Microsoft Corporation) C:\WINDOWS\system32\wininet.dll
2019-05-16 00:40 - 2019-05-03 13:56 - 001803776 _____ (Microsoft Corporation) C:\WINDOWS\system32\urlmon.dll
2019-05-16 00:40 - 2019-05-03 13:56 - 000773632 _____ (Microsoft Corporation) C:\WINDOWS\system32\netlogon.dll
2019-05-16 00:40 - 2019-05-03 13:56 - 000578560 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\webplatstorageserver.dll
2019-05-16 00:40 - 2019-05-03 13:56 - 000333824 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\edgeIso.dll
2019-05-16 00:40 - 2019-05-03 13:55 - 003090432 _____ (Microsoft Corporation) C:\WINDOWS\system32\diagtrack.dll
2019-05-16 00:40 - 2019-05-03 13:55 - 002166784 _____ (Microsoft Corporation) C:\WINDOWS\system32\win32kbase.sys
2019-05-16 00:40 - 2019-05-03 13:55 - 000659968 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\netlogon.dll
2019-05-16 00:40 - 2019-05-03 13:54 - 004929024 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wininet.dll
2019-05-16 00:40 - 2019-05-03 13:54 - 001628672 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\urlmon.dll
2019-05-16 00:40 - 2019-05-03 13:54 - 001097728 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\bthport.sys
2019-05-16 00:40 - 2019-05-03 13:54 - 000961024 _____ (Microsoft Corporation) C:\WINDOWS\system32\StorSvc.dll
2019-05-16 00:40 - 2019-05-03 13:54 - 000845824 _____ (Microsoft Corporation) C:\WINDOWS\system32\fveapi.dll
2019-05-16 00:40 - 2019-05-03 13:54 - 000778752 _____ (Microsoft Corporation) C:\WINDOWS\system32\BFE.DLL
2019-05-16 00:40 - 2019-05-03 13:54 - 000776192 _____ (Microsoft Corporation) C:\WINDOWS\system32\jscript.dll
2019-05-16 00:40 - 2019-05-03 13:54 - 000669184 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\jscript.dll
2019-05-16 00:40 - 2019-05-03 13:54 - 000667136 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\fveapi.dll
2019-05-16 00:40 - 2019-05-03 13:54 - 000543744 _____ (Microsoft Corporation) C:\WINDOWS\system32\vbscript.dll
2019-05-16 00:40 - 2019-05-03 13:54 - 000535552 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\vbscript.dll
2019-05-16 00:40 - 2019-05-03 13:54 - 000507392 _____ (Microsoft Corporation) C:\WINDOWS\system32\edgeIso.dll
2019-05-16 00:40 - 2019-05-03 13:54 - 000251904 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msIso.dll
2019-05-16 00:40 - 2019-05-03 13:53 - 000204800 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\intelppm.sys
2019-05-16 00:40 - 2019-05-03 13:53 - 000186880 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\amdk8.sys
2019-05-16 00:40 - 2019-05-03 13:53 - 000184320 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\amdppm.sys
2019-05-16 00:40 - 2019-05-03 13:53 - 000181760 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\processr.sys
2019-05-16 00:40 - 2019-05-03 12:38 - 000001310 _____ C:\WINDOWS\system32\tcbres.wim
2019-05-16 00:40 - 2019-04-23 15:13 - 001008640 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Media.MixedRealityCapture.dll
2019-05-16 00:40 - 2019-04-23 14:14 - 000868864 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Media.MixedRealityCapture.dll
2019-05-16 00:40 - 2019-04-19 18:55 - 001634920 _____ (Microsoft Corporation) C:\WINDOWS\system32\gdi32full.dll
2019-05-16 00:40 - 2019-04-19 18:54 - 000720200 _____ (Microsoft Corporation) C:\WINDOWS\system32\kernel32.dll
2019-05-16 00:40 - 2019-04-19 18:40 - 000064000 _____ (Microsoft Corporation) C:\WINDOWS\system32\iemigplugin.dll
2019-05-16 00:40 - 2019-04-19 18:39 - 012754944 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieframe.dll
2019-05-16 00:40 - 2019-04-19 18:38 - 000058368 _____ (Microsoft Corporation) C:\WINDOWS\system32\RDSPnf.exe
2019-05-16 00:40 - 2019-04-19 18:38 - 000040960 _____ (Microsoft Corporation) C:\WINDOWS\system32\perfproc.dll
2019-05-16 00:40 - 2019-04-19 18:36 - 000346112 _____ (Microsoft Corporation) C:\WINDOWS\system32\AcGenral.dll
2019-05-16 00:40 - 2019-04-19 18:34 - 000522240 _____ (Microsoft Corporation) C:\WINDOWS\system32\winspool.drv
2019-05-16 00:40 - 2019-04-19 17:44 - 001454648 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\gdi32full.dll
2019-05-16 00:40 - 2019-04-19 17:37 - 000607960 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\kernel32.dll
2019-05-16 00:40 - 2019-04-19 17:30 - 000036864 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\perfproc.dll
2019-05-16 00:40 - 2019-04-19 17:28 - 011940864 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ieframe.dll
2019-05-16 00:40 - 2019-04-19 17:26 - 002405888 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\AcGenral.dll
2019-05-16 00:40 - 2019-04-19 17:25 - 000423936 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\winspool.drv
2019-05-16 00:40 - 2019-04-19 13:07 - 000985400 _____ (Microsoft Corporation) C:\WINDOWS\system32\SettingSyncHost.exe
2019-05-16 00:40 - 2019-04-19 13:06 - 002571632 _____ (Microsoft Corporation) C:\WINDOWS\system32\KernelBase.dll
2019-05-16 00:40 - 2019-04-19 13:06 - 000798520 _____ (Microsoft Corporation) C:\WINDOWS\system32\NetSetupEngine.dll
2019-05-16 00:40 - 2019-04-19 13:06 - 000713264 _____ (Microsoft Corporation) C:\WINDOWS\system32\MSVideoDSP.dll
2019-05-16 00:40 - 2019-04-19 13:06 - 000436024 _____ (Microsoft Corporation) C:\WINDOWS\system32\msv1_0.dll
2019-05-16 00:40 - 2019-04-19 13:06 - 000274232 _____ (Microsoft Corporation) C:\WINDOWS\system32\browserbroker.dll
2019-05-16 00:40 - 2019-04-19 13:02 - 000831800 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\SettingSyncHost.exe
2019-05-16 00:40 - 2019-04-19 13:01 - 001982008 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\KernelBase.dll
2019-05-16 00:40 - 2019-04-19 13:01 - 000581592 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MSVideoDSP.dll
2019-05-16 00:40 - 2019-04-19 13:01 - 000576016 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\NetSetupEngine.dll
2019-05-16 00:40 - 2019-04-19 13:01 - 000380728 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msv1_0.dll
2019-05-16 00:40 - 2019-04-19 12:43 - 000150016 _____ (Microsoft Corporation) C:\WINDOWS\system32\fcon.dll
2019-05-16 00:40 - 2019-04-19 12:42 - 004384256 _____ (Microsoft Corporation) C:\WINDOWS\system32\EdgeContent.dll
2019-05-16 00:40 - 2019-04-19 12:41 - 000140288 _____ (Microsoft Corporation) C:\WINDOWS\system32\mdmmigrator.dll
2019-05-16 00:40 - 2019-04-19 12:41 - 000095232 _____ (Microsoft Corporation) C:\WINDOWS\system32\EduPrintProv.exe
2019-05-16 00:40 - 2019-04-19 12:40 - 000342528 _____ (Microsoft Corporation) C:\WINDOWS\system32\browserexport.exe
2019-05-16 00:40 - 2019-04-19 12:40 - 000243712 _____ (Microsoft Corporation) C:\WINDOWS\system32\JpnServiceDS.dll
2019-05-16 00:40 - 2019-04-19 12:40 - 000172544 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\enrollmentapi.dll
2019-05-16 00:40 - 2019-04-19 12:40 - 000167936 _____ (Microsoft Corporation) C:\WINDOWS\system32\FilterDS.dll
2019-05-16 00:40 - 2019-04-19 12:40 - 000081408 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\NetDriverInstall.dll
2019-05-16 00:40 - 2019-04-19 12:39 - 005307392 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\d2d1.dll
2019-05-16 00:40 - 2019-04-19 12:39 - 000567296 _____ (Microsoft Corporation) C:\WINDOWS\system32\daxexec.dll
2019-05-16 00:40 - 2019-04-19 12:39 - 000425472 _____ (Microsoft Corporation) C:\WINDOWS\system32\SDDS.dll
2019-05-16 00:40 - 2019-04-19 12:39 - 000374784 _____ (Microsoft Corporation) C:\WINDOWS\system32\BingASDS.dll
2019-05-16 00:40 - 2019-04-19 12:39 - 000361472 _____ (Microsoft Corporation) C:\WINDOWS\system32\DeviceEnroller.exe
2019-05-16 00:40 - 2019-04-19 12:39 - 000204288 _____ (Microsoft Corporation) C:\WINDOWS\system32\enrollmentapi.dll
2019-05-16 00:40 - 2019-04-19 12:38 - 002368512 _____ (Microsoft Corporation) C:\WINDOWS\system32\WebRuntimeManager.dll
2019-05-16 00:40 - 2019-04-19 12:38 - 000593408 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Internal.Management.dll
2019-05-16 00:40 - 2019-04-19 12:38 - 000391680 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\daxexec.dll
2019-05-16 00:40 - 2019-04-19 12:38 - 000304128 _____ (Microsoft Corporation) C:\WINDOWS\system32\domgmt.dll
2019-05-16 00:40 - 2019-04-19 12:38 - 000300544 _____ (Microsoft Corporation) C:\WINDOWS\system32\dmenterprisediagnostics.dll
2019-05-16 00:40 - 2019-04-19 12:38 - 000140800 _____ (Microsoft Corporation) C:\WINDOWS\system32\updatepolicy.dll
2019-05-16 00:40 - 2019-04-19 12:37 - 000953856 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\SettingSyncCore.dll
2019-05-16 00:40 - 2019-04-19 12:37 - 000445952 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dmenrollengine.dll
2019-05-16 00:40 - 2019-04-19 12:37 - 000397312 _____ (Microsoft Corporation) C:\WINDOWS\system32\profsvc.dll
2019-05-16 00:40 - 2019-04-19 12:37 - 000381952 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\FirewallAPI.dll
2019-05-16 00:40 - 2019-04-19 12:37 - 000366080 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ieproxy.dll
2019-05-16 00:40 - 2019-04-19 12:37 - 000221184 _____ (Microsoft Corporation) C:\WINDOWS\system32\mdmregistration.dll
2019-05-16 00:40 - 2019-04-19 12:37 - 000118272 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\updatepolicy.dll
2019-05-16 00:40 - 2019-04-19 12:36 - 002909696 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuaueng.dll
2019-05-16 00:40 - 2019-04-19 12:36 - 001300992 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\AzureSettingSyncProvider.dll
2019-05-16 00:40 - 2019-04-19 12:36 - 000827392 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Internal.Management.dll
2019-05-16 00:40 - 2019-04-19 12:36 - 000814592 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieproxy.dll
2019-05-16 00:40 - 2019-04-19 12:36 - 000546816 _____ (Microsoft Corporation) C:\WINDOWS\system32\FirewallAPI.dll
2019-05-16 00:40 - 2019-04-19 12:36 - 000357888 _____ (Microsoft Corporation) C:\WINDOWS\system32\fveapibase.dll
2019-05-16 00:40 - 2019-04-19 12:36 - 000186368 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mdmregistration.dll
2019-05-16 00:40 - 2019-04-19 12:35 - 001938944 _____ (Microsoft Corporation) C:\WINDOWS\system32\AzureSettingSyncProvider.dll
2019-05-16 00:40 - 2019-04-19 12:35 - 001458688 _____ (Microsoft Corporation) C:\WINDOWS\system32\dosvc.dll
2019-05-16 00:40 - 2019-04-19 12:35 - 001175552 _____ (Microsoft Corporation) C:\WINDOWS\system32\SettingSyncCore.dll
2019-05-16 00:40 - 2019-04-19 12:35 - 001156608 _____ (Microsoft Corporation) C:\WINDOWS\system32\rpcss.dll
2019-05-16 00:40 - 2019-04-19 12:35 - 000784896 _____ (Microsoft Corporation) C:\WINDOWS\system32\ngcsvc.dll
2019-05-16 00:40 - 2019-04-19 12:35 - 000607232 _____ (Microsoft Corporation) C:\WINDOWS\system32\updatehandlers.dll
2019-05-16 00:40 - 2019-04-19 12:35 - 000535040 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\OneDriveSettingSyncProvider.dll
2019-05-16 00:40 - 2019-04-19 12:35 - 000523776 _____ (Microsoft Corporation) C:\WINDOWS\system32\dmenrollengine.dll
2019-05-16 00:40 - 2019-04-19 12:35 - 000312320 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\fveapibase.dll
2019-05-16 00:40 - 2019-04-19 12:34 - 000935936 _____ (Microsoft Corporation) C:\WINDOWS\system32\rasmans.dll
2019-05-16 00:40 - 2019-04-19 12:34 - 000899584 _____ (Microsoft Corporation) C:\WINDOWS\system32\kerberos.dll
2019-05-16 00:40 - 2019-04-19 12:34 - 000885760 _____ (Microsoft Corporation) C:\WINDOWS\system32\MPSSVC.dll
2019-05-16 00:40 - 2019-04-19 12:34 - 000778240 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\kerberos.dll
2019-05-16 00:40 - 2019-04-19 12:34 - 000653312 _____ (Microsoft Corporation) C:\WINDOWS\system32\OneDriveSettingSyncProvider.dll
2019-05-16 00:40 - 2019-04-19 11:18 - 000806360 _____ C:\WINDOWS\SysWOW64\locale.nls
2019-05-16 00:40 - 2019-04-19 11:18 - 000806360 _____ C:\WINDOWS\system32\locale.nls
2019-05-16 00:40 - 2019-04-09 09:48 - 001311744 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msjet40.dll
2019-05-16 00:40 - 2019-04-09 09:48 - 000376320 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mspbde40.dll
2019-05-16 00:40 - 2019-04-09 09:48 - 000353280 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msrd3x40.dll
2019-05-16 00:40 - 2019-04-09 09:48 - 000341504 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msexcl40.dll
2019-05-16 00:40 - 2019-04-09 09:48 - 000240640 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msltus40.dll
2019-05-09 17:28 - 2019-05-09 17:28 - 000126938 _____ C:\Users\lenovo\Downloads\0429954775.PDF
 
==================== One month (modified) ========
 
(If an entry is included in the fixlist, the file/folder will be moved.)
 
2019-06-08 05:03 - 2018-04-12 07:38 - 000000000 ____D C:\ProgramData\regid.1991-06.com.microsoft
2019-06-08 04:26 - 2019-03-31 01:23 - 000000000 ____D C:\Program Files\Emsisoft Anti-Malware
2019-06-08 04:01 - 2018-05-19 14:59 - 000000000 ____D C:\WINDOWS\system32\SleepStudy
2019-06-07 23:43 - 2018-05-19 15:29 - 000004156 _____ C:\WINDOWS\System32\Tasks\User_Feed_Synchronization-{1580B647-47B2-4502-AA6B-8EFADCB38DA5}
2019-06-06 23:21 - 2018-05-19 15:29 - 000003368 _____ C:\WINDOWS\System32\Tasks\OneDrive Standalone Update Task-S-1-5-21-427439225-1213319809-2569054467-1001
2019-06-06 23:20 - 2018-05-19 15:09 - 000002377 _____ C:\Users\lenovo\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\OneDrive.lnk
2019-06-06 23:20 - 2018-04-12 07:38 - 000000000 ____D C:\WINDOWS\AppReadiness
2019-06-06 23:20 - 2016-07-05 01:25 - 000000000 ___RD C:\Users\lenovo\OneDrive
2019-06-06 07:55 - 2018-04-12 07:38 - 000000000 ___HD C:\Program Files\WindowsApps
2019-06-05 16:09 - 2018-07-30 20:08 - 000000000 ____D C:\ProgramData\purevpn
2019-06-05 16:07 - 2016-07-29 23:27 - 000000000 __SHD C:\Users\lenovo\IntelGraphicsProfiles
2019-06-05 16:06 - 2017-07-09 22:27 - 000000180 _____ C:\WINDOWS\system32\{A6D608F0-0BDE-491A-97AE-5C4B05D86E01}.bat
2019-06-05 09:24 - 2018-02-16 11:31 - 000000000 ____D C:\WINDOWS\system32\Drivers\wd
2019-05-23 16:32 - 2018-07-30 20:09 - 000001115 _____ C:\Users\lenovo\Desktop\PureVPN.lnk
2019-05-23 16:32 - 2018-07-06 21:18 - 000001419 _____ C:\Users\lenovo\AppData\Roaming\Microsoft\Windows\Start Menu\Uninstall PureVPN.lnk
2019-05-23 16:32 - 2015-07-03 04:24 - 000000000 ____D C:\ProgramData\Package Cache
2019-05-23 16:31 - 2016-04-19 10:06 - 000000000 ____D C:\Program Files (x86)\PureVPN
2019-05-23 16:30 - 2018-07-06 21:15 - 000000281 _____ C:\Users\lenovo\AppData\Local\temp.bat
2019-05-23 04:59 - 2019-04-01 22:32 - 000002312 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk
2019-05-23 04:59 - 2019-04-01 22:32 - 000002271 _____ C:\Users\Public\Desktop\Google Chrome.lnk
2019-05-22 16:01 - 2018-04-12 07:38 - 000000000 ____D C:\WINDOWS\system32\NDF
2019-05-22 16:01 - 2017-11-13 13:23 - 000000000 ____D C:\Users\lenovo\AppData\Local\ElevatedDiagnostics
2019-05-22 15:56 - 2016-09-20 01:52 - 000000000 ____D C:\ProgramData\NVIDIA
2019-05-22 15:55 - 2018-05-19 15:29 - 000000006 ____H C:\WINDOWS\Tasks\SA.DAT
2019-05-22 11:15 - 2018-04-12 05:04 - 000786432 _____ C:\WINDOWS\system32\config\BBI
2019-05-22 11:05 - 2018-04-12 07:30 - 000000000 ____D C:\WINDOWS\CbsTemp
2019-05-22 09:40 - 2017-03-11 07:54 - 000000000 ____D C:\Users\lenovo\AppData\Local\CrashDumps
2019-05-21 04:00 - 2019-05-04 21:20 - 000002503 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\PowerPoint.lnk
2019-05-21 04:00 - 2019-05-04 21:20 - 000002467 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Access.lnk
2019-05-21 04:00 - 2019-05-04 21:20 - 000002466 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Excel.lnk
2019-05-21 04:00 - 2019-05-04 21:20 - 000002460 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Outlook.lnk
2019-05-21 04:00 - 2019-05-04 21:20 - 000002454 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Publisher.lnk
2019-05-21 04:00 - 2019-05-04 21:20 - 000002446 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\OneNote 2016.lnk
2019-05-21 03:59 - 2016-07-05 01:11 - 000000000 ____D C:\Program Files (x86)\Microsoft Office
2019-05-21 01:10 - 2018-04-12 07:36 - 000000000 ____D C:\WINDOWS\INF
2019-05-18 08:05 - 2018-11-16 07:36 - 000000000 ____D C:\Program Files\rempl
2019-05-17 20:16 - 2018-07-06 21:16 - 000022280 _____ C:\WINDOWS\SysWOW64\fix-dns-leak-32.dll
2019-05-17 04:24 - 2018-05-19 15:19 - 000838560 _____ C:\WINDOWS\system32\PerfStringBackup.INI
2019-05-17 04:18 - 2018-05-19 14:58 - 000433496 _____ C:\WINDOWS\system32\FNTCACHE.DAT
2019-05-17 04:15 - 2018-05-19 15:09 - 000000000 ____D C:\Users\lenovo
2019-05-17 04:14 - 2018-04-12 07:38 - 000000000 ___SD C:\WINDOWS\system32\DiagSvcs
2019-05-17 04:14 - 2018-04-12 07:38 - 000000000 ____D C:\WINDOWS\TextInput
2019-05-17 04:14 - 2018-04-12 07:38 - 000000000 ____D C:\WINDOWS\ShellExperiences
2019-05-17 04:14 - 2018-04-12 07:38 - 000000000 ____D C:\WINDOWS\bcastdvr
2019-05-17 02:29 - 2016-10-26 08:33 - 000002457 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Acrobat Reader DC.lnk
2019-05-16 00:39 - 2015-07-05 06:21 - 000000000 ____D C:\WINDOWS\system32\MRT
2019-05-16 00:37 - 2015-07-05 06:21 - 132445408 ____C (Microsoft Corporation) C:\WINDOWS\system32\MRT.exe
2019-05-15 12:38 - 2019-04-01 22:32 - 000003418 _____ C:\WINDOWS\System32\Tasks\GoogleUpdateTaskMachineUA
2019-05-15 12:38 - 2019-04-01 22:32 - 000003294 _____ C:\WINDOWS\System32\Tasks\GoogleUpdateTaskMachineCore
2019-05-15 03:18 - 2018-09-30 14:58 - 000004590 _____ C:\WINDOWS\System32\Tasks\Adobe Flash Player PPAPI Notifier
2019-05-15 03:18 - 2018-04-12 07:38 - 000000000 ____D C:\WINDOWS\SysWOW64\Macromed
2019-05-15 03:18 - 2018-04-12 07:38 - 000000000 ____D C:\WINDOWS\system32\Macromed
2019-05-15 02:18 - 2018-05-19 15:29 - 000004578 _____ C:\WINDOWS\System32\Tasks\Adobe Flash Player NPAPI Notifier
2019-05-15 01:34 - 2018-09-24 20:20 - 000020107 _____ C:\Users\lenovo\Desktop\Alvin.xlsx
 
==================== Files in the root of some directories =======
 
2018-01-08 20:31 - 2018-01-08 20:31 - 000293966 _____ () C:\Users\lenovo\AppData\Local\ars.cache
2018-01-08 20:32 - 2018-01-08 20:32 - 000803937 _____ () C:\Users\lenovo\AppData\Local\census.cache
2018-01-08 19:23 - 2018-01-08 19:23 - 000000036 _____ () C:\Users\lenovo\AppData\Local\housecall.guid.cache
2018-01-08 20:17 - 2018-01-08 20:17 - 000000010 _____ () C:\Users\lenovo\AppData\Local\sponge.last.runtime.cache
2018-07-06 21:15 - 2019-05-23 16:30 - 000000281 _____ () C:\Users\lenovo\AppData\Local\temp.bat
2017-03-30 22:50 - 2017-03-30 22:50 - 000000552 _____ () C:\Users\lenovo\AppData\Local\TroubleshooterConfig.json
 
==================== SigCheck ===============================
 
(There is no automatic fix for files that do not pass verification.)
 
==================== End of FRST.txt ============================


#5 ONewbieO

ONewbieO

    Authentic Member

  • Authentic Member
  • PipPip
  • 148 posts

Posted 07 June 2019 - 03:17 PM

Addition log

 

Additional scan result of Farbar Recovery Scan Tool (x64) Version: 06-06-2019
Ran by lenovo (08-06-2019 05:15:44)
Running from C:\Users\lenovo\Desktop
Windows 10 Home Version 1803 17134.765 (X64) (2018-05-19 07:30:18)
Boot Mode: Normal
==========================================================
 
 
==================== Accounts: =============================
 
Administrator (S-1-5-21-427439225-1213319809-2569054467-500 - Administrator - Disabled)
DefaultAccount (S-1-5-21-427439225-1213319809-2569054467-503 - Limited - Disabled)
Guest (S-1-5-21-427439225-1213319809-2569054467-501 - Limited - Disabled)
lenovo (S-1-5-21-427439225-1213319809-2569054467-1001 - Administrator - Enabled) => C:\Users\lenovo
WDAGUtilityAccount (S-1-5-21-427439225-1213319809-2569054467-504 - Limited - Disabled)
 
==================== Security Center ========================
 
(If an entry is included in the fixlist, it will be removed.)
 
AV: Emsisoft Anti-Malware (Disabled - Out of date) {67773CDD-EA83-AD98-A2ED-386463EB3B0D}
AV: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: Emsisoft Anti-Malware (Disabled - Out of date) {DC16DD39-CCB9-A216-985D-0316186C71B0}
AS: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
 
==================== Installed Programs ======================
 
(Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)
 
Adobe Acrobat Reader DC (HKLM-x32\...\{AC76BA86-7AD7-1033-7B44-AC0F074E4100}) (Version: 19.012.20034 - Adobe Systems Incorporated)
Adobe Flash Player 32 NPAPI (HKLM-x32\...\Adobe Flash Player NPAPI) (Version: 32.0.0.192 - Adobe)
Adobe Flash Player 32 PPAPI (HKLM-x32\...\Adobe Flash Player PPAPI) (Version: 32.0.0.192 - Adobe)
CyberLink PhotoDirector 3 (HKLM-x32\...\InstallShield_{39337565-330E-4ab6-A9AE-AC81E0720B10}) (Version: 3.0.1.4107 - CyberLink Corp.)
CyberLink PowerDirector 10 (HKLM\...\{B0B4F6D2-F2AE-451A-9496-6F2F6A897B32}) (Version: 10.0.0.2810 - CyberLink Corp.) Hidden
CyberLink PowerDirector 10 (HKLM-x32\...\InstallShield_{B0B4F6D2-F2AE-451A-9496-6F2F6A897B32}) (Version: 10.0.0.2810 - CyberLink Corp.)
Dolby Digital Plus Home Theater (HKLM\...\{7E3D8FA1-6092-469A-955B-68FC4A2C67CA}) (Version: 7.5.1.1 - Dolby Laboratories Inc)
Emsisoft Anti-Malware (HKLM\...\{5502032C-88C1-4303-99FE-B5CBD7684CEA}_is1) (Version: 2019.2 - Emsisoft Ltd.)
Energy Manager (HKLM-x32\...\{AC768037-7079-4658-AC24-2897650E0ABE}) (Version: 1.5.0.16 - Lenovo) Hidden
Energy Manager (HKLM-x32\...\InstallShield_{AC768037-7079-4658-AC24-2897650E0ABE}) (Version: 1.5.0.16 - Lenovo)
EPSON Manuals (HKLM-x32\...\{84CECC1B-21EF-41B1-9A91-3E724E5D99D3}) (Version: 1.54.0.0 - Seiko Epson Corporation)
Epson Scan 2 (HKLM-x32\...\Epson Scan 2) (Version:  - Seiko Epson Corporation)
Epson Software Updater (HKLM-x32\...\{60A3CB9F-4429-4C7A-AA97-77CC4FE10671}) (Version: 4.4.9 - Seiko Epson Corporation)
EPSON XP-243 245 247 Series Printer Uninstall (HKLM\...\EPSON XP-243 245 247 Series) (Version:  - Seiko Epson Corporation)
FoneLab for Android 3.0.8 (HKLM-x32\...\{7A7ACBDD-FED6-4ec5-BD26-5549FEB5B968}_is1) (Version: 3.0.8 - Aiseesoft Studio)
Geeks Toy - Betfair (HKLM-x32\...\{9BA606D4-A6A9-4A59-B988-CD3BD92818AB}) (Version: 1.3.14 - The Geek)
GeForce Experience NvStream Client Components (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_GFExperience.NvStreamC) (Version: 1.6.28 - NVIDIA Corporation) Hidden
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 74.0.3729.169 - Google Inc.)
Google Update Helper (HKLM-x32\...\{60EC980A-BDA2-4CB6-A427-B07A5498B4CA}) (Version: 1.3.34.11 - Google LLC) Hidden
Imperial Casino (HKU\S-1-5-21-427439225-1213319809-2569054467-1001\...\Imperial Casino) (Version:  - )
Intel® Manageability Engine Firmware Recovery Agent (HKLM-x32\...\{0EC7F9CC-4741-45AE-9F55-6E9343F726F5}) (Version: 1.1.0.36960 - Intel Corporation)
Intel® Management Engine Components (HKLM-x32\...\{65153EA5-8B6E-43B6-857B-C6E4FC25798A}) (Version: 9.5.15.1730 - Intel Corporation)
Intel® Processor Graphics (HKLM-x32\...\{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}) (Version: 20.19.15.4624 - Intel Corporation)
Intel® Wireless Bluetooth® (HKLM-x32\...\{B2913DAE-3EBC-4C88-8245-0AA34B2E461D}) (Version: 17.1.1450.0402 - Intel Corporation)
Intel® PROSet/Wireless Software (HKLM-x32\...\{7e493493-a430-4b7b-b8a2-48d61599e220}) (Version: 17.0.0 - Intel Corporation)
IPVanish (HKLM-x32\...\{84A3D623-3A5D-422A-BE1E-28C33C463655}) (Version: 2.1.2.0 - IPVanish.com) Hidden
IPVanish VPN (HKLM-x32\...\{9b58fca3-3c0a-45ee-96a6-d60ecb68e75e}) (Version: 2.1.2.0 - IPVanish.com)
Lenovo EasyCamera (HKLM-x32\...\{E0A7ED39-8CD6-4351-93C3-69CCA00D12B4}) (Version: 6.2.9200.10260 - Realtek Semiconductor Corp.)
Lenovo EasyCamera (HKLM-x32\...\{E399A5B3-ED53-4DEA-AF04-8011E1EB1EAC}) (Version: 6.3.9600.11105 - Realtek Semiconductor Corp.)
Lenovo Motion Control (HKLM-x32\...\{0D740B00-2307-44AC-B91B-F3E67444ECA6}) (Version: 2.0.1.0107 - PointGrab) Hidden
Lenovo Motion Control (HKLM-x32\...\InstallShield_{0D740B00-2307-44AC-B91B-F3E67444ECA6}) (Version: 2.0.1.0107 - PointGrab)
Lenovo OneKey Recovery (HKLM\...\{46F4D124-20E5-4D12-BE52-EC177A7A4B42}) (Version: 8.1.0.2326 - CyberLink Corp.) Hidden
Lenovo OneKey Recovery (HKLM-x32\...\InstallShield_{46F4D124-20E5-4D12-BE52-EC177A7A4B42}) (Version: 8.1.0.2326 - CyberLink Corp.)
Lenovo PhoneCompanion (HKLM-x32\...\{0F82EA83-B0C5-4AB9-9695-DFE92C5FD57B}) (Version: 1.2.0.2 - Lenovo) Hidden
Lenovo PhoneCompanion (HKLM-x32\...\InstallShield_{0F82EA83-B0C5-4AB9-9695-DFE92C5FD57B}) (Version: 1.2.0.2 - Lenovo)
Lenovo PowerDVD10 (HKLM-x32\...\{DEC235ED-58A4-4517-A278-C41E8DAEAB3B}) (Version: 10.0.5630.52 - CyberLink Corp.) Hidden
Lenovo PowerDVD10 (HKLM-x32\...\InstallShield_{DEC235ED-58A4-4517-A278-C41E8DAEAB3B}) (Version: 10.0.5630.52 - CyberLink Corp.)
Lenovo Settings (HKLM-x32\...\{42F8AFC3-7944-46CC-9689-94FF9869D0A7}) (Version: 1.0.0.44 - Lenovo) Hidden
Lenovo Settings (HKLM-x32\...\InstallShield_{42F8AFC3-7944-46CC-9689-94FF9869D0A7}) (Version: 1.0.0.44 - Lenovo)
Lenovo Smart Voice (HKLM\...\Lenovo SmartVoice) (Version: 1.0.2.2 - Lenovo)
Magic Transfer (HKLM\...\{AD2B2BD1-A1D7-4798-8FDD-B2A58FD94E68}) (Version: 1.1.1.11 - )
Magic Transfer (HKLM-x32\...\{AD2B2BD1-A1D7-4798-8FDD-B2A58FD94E68}) (Version: 1.1.1.11 - Lenovo) Hidden
Magic Transfer (HKLM-x32\...\InstallShield_{AD2B2BD1-A1D7-4798-8FDD-B2A58FD94E68}) (Version: 1.1.1.11 - Lenovo)
Maxthon Cloud Browser (HKLM-x32\...\Maxthon3) (Version: 4.1.3.5000 - Maxthon International Limited)
Microsoft Office 365 ProPlus - en-us (HKLM\...\O365ProPlusRetail - en-us) (Version: 16.0.10730.20344 - Microsoft Corporation)
Microsoft OneDrive (HKU\.DEFAULT\...\OneDriveSetup.exe) (Version: 17.3.6743.1212 - Microsoft Corporation)
Microsoft OneDrive (HKU\S-1-5-21-427439225-1213319809-2569054467-1001\...\OneDriveSetup.exe) (Version: 19.070.0410.0007 - Microsoft Corporation)
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.50918.0 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010  x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x64) - 12.0.30501 (HKLM-x32\...\{050d4fc8-5d48-4b8f-8972-47c82c46020f}) (Version: 12.0.30501.0 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.30501 (HKLM-x32\...\{f65db027-aff3-4070-886a-0d87064aabb1}) (Version: 12.0.30501.0 - Microsoft Corporation)
Mozilla Firefox 43.0.4 (x86 en-US) (HKLM-x32\...\Mozilla Firefox 43.0.4 (x86 en-US)) (Version: 43.0.4 - Mozilla)
Mozilla Maintenance Service (HKLM-x32\...\MozillaMaintenanceService) (Version: 43.0.4.5848 - Mozilla)
NVIDIA 3D Vision Driver 376.54 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.3DVision) (Version: 376.54 - NVIDIA Corporation)
NVIDIA GeForce Experience 1.8.2 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.GFExperience) (Version: 1.8.2 - NVIDIA Corporation)
NVIDIA Graphics Driver 376.54 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver) (Version: 376.54 - NVIDIA Corporation)
NVIDIA PhysX System Software 9.13.0927 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.PhysX) (Version: 9.13.0927 - NVIDIA Corporation)
NVIDIA Virtual Audio 1.2.20 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_VirtualAudio.Driver) (Version: 1.2.20 - NVIDIA Corporation)
Office 16 Click-to-Run Extensibility Component (HKLM-x32\...\{90160000-008C-0000-0000-0000000FF1CE}) (Version: 16.0.10730.20344 - Microsoft Corporation) Hidden
Office 16 Click-to-Run Extensibility Component 64-bit Registration (HKLM\...\{90160000-00DD-0000-1000-0000000FF1CE}) (Version: 16.0.10730.20344 - Microsoft Corporation) Hidden
Office 16 Click-to-Run Licensing Component (HKLM\...\{90160000-008F-0000-1000-0000000FF1CE}) (Version: 16.0.10730.20344 - Microsoft Corporation) Hidden
Office 16 Click-to-Run Localization Component (HKLM-x32\...\{90160000-008C-0409-0000-0000000FF1CE}) (Version: 16.0.10730.20344 - Microsoft Corporation) Hidden
Onekey Theater (HKLM-x32\...\{91CC5BAE-A098-40D3-A43B-C0DC7CE263FE}) (Version: 3.0.1.2 - Lenovo)
Power2Go (HKLM-x32\...\{40BF1E83-20EB-11D8-97C5-0009C5020658}) (Version: 5.6.0.10525 - CyberLink Corp.)
PureVPN (HKLM-x32\...\{c676d648-f124-439f-86d1-94a6737e951d}) (Version: 7.0.4.0 - ) Hidden
PureVPN (HKLM-x32\...\PureVPN) (Version: 7.0.4.0 - PureVPN)
Realtek Card Reader (HKLM-x32\...\{5BC2B5AB-80DE-4E83-B8CF-426902051D0A}) (Version: 6.2.9600.21243 - Realtek Semiconductor Corp.)
Realtek Ethernet Controller Driver (HKLM-x32\...\{8833FFB6-5B0C-4764-81AA-06DFEED9A476}) (Version: 8.20.815.2013 - Realtek)
Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.7525 - Realtek Semiconductor Corp.)
SHIELD Streaming (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_GFExperience.NvStreamSrv) (Version: 1.7.306 - NVIDIA Corporation) Hidden
Synaptics Pointing Device Driver (HKLM\...\SynTPDeinstKey) (Version: 19.0.17.5 - Synaptics Incorporated)
Update for Windows 10 for x64-based Systems (KB4023057) (HKLM\...\{C3ACFCEA-240F-4DCC-A0C3-DD55FEE6C3C2}) (Version: 2.58.0.0 - Microsoft Corporation)
User Manuals (HKLM-x32\...\{F07C2CF8-4C53-4EC3-8162-A6221E36EB88}) (Version: 3.0.0.3 - Lenovo) Hidden
User Manuals (HKLM-x32\...\InstallShield_{F07C2CF8-4C53-4EC3-8162-A6221E36EB88}) (Version: 3.0.0.3 - Lenovo)
Vulkan Run Time Libraries 1.0.26.0 (HKLM\...\VulkanRT1.0.26.0) (Version: 1.0.26.0 - LunarG, Inc.)
Windows Driver Package - Lenovo (ACPIVPC) System  (09/24/2013 19.29.2.34) (HKLM\...\EE9B1F2037C580F36D92FA431CC02BFF04C31F15) (Version: 09/24/2013 19.29.2.34 - Lenovo)
Windows Driver Package - Lenovo (WUDFRd) LenovoVhid  (07/25/2013 10.30.0.288) (HKLM\...\6BCA401E9CBEED970D75F55FA5320F60D11984E9) (Version: 07/25/2013 10.30.0.288 - Lenovo)
 
Packages:
=========
AccuWeather - Weather for Life -> C:\Program Files\WindowsApps\AccuWeather.AccuWeatherforWindows8_10.0.348.1000_x64__8zz2pj9h1h1d8 [2018-04-08] (AccuWeather) [MS Ad]
Camera Man -> C:\Program Files\WindowsApps\E0469640.CameraMan_1.0.1929.30229_x86__5grkq8ppsgwt4 [2015-07-05] (LENOVO INC)
Candy Crush Soda Saga -> C:\Program Files\WindowsApps\king.com.CandyCrushSodaSaga_1.140.300.0_x86__kgqvnymyfvs32 [2019-05-28] (king.com)
Evernote -> C:\Program Files\WindowsApps\Evernote.Evernote_6.18.8489.0_x86__q4d96b2w5wcc2 [2019-05-16] (Evernote)
Go Movie (香港電影) for Lenovo -> C:\Program Files\WindowsApps\SINODynamicSolutionsLimit.GoMovieforLenovo_1.0.1.25_neutral__exmbepzzjy9m2 [2015-07-03] (SINO Dynamic Solutions Ltd)
Hightail for Lenovo -> C:\Program Files\WindowsApps\YouSendIt.HighTailForLenovo_1.3.0.1278_neutral__069rkrpjefrbc [2015-07-05] (Hightail)
Lenovo Support -> C:\Program Files\WindowsApps\E046963F.LenovoSupport_2.0.5.0_x86__k1h2ywk1493x8 [2015-07-05] (Lenovo, INC.)
Lenovo Vantage -> C:\Program Files\WindowsApps\E046963F.LenovoCompanion_4.27.32.0_x86__k1h2ywk1493x8 [2019-03-26] (LENOVO INC.)
Live TV -> C:\Program Files\WindowsApps\FilmOnLiveTVFree.FilmOnLiveTVFree_1.3.6.115_x64__zx03kxexxb716 [2015-07-05] (FilmOn TV Inc.)
Mail and Calendar -> C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_16005.11629.20174.0_x64__8wekyb3d8bbwe [2019-05-30] (Microsoft Corporation) [MS Ad]
McAfee® Central for Lenovo -> C:\Program Files\WindowsApps\McAfeeInc.06.McAfeeSecurityAdvisorforLenovo_5.0.173.1_x64__bq6yxensn79aw [2018-04-03] (McAfee_Inc)
Microsoft Advertising SDK for XAML -> C:\Program Files\WindowsApps\Microsoft.Advertising.Xaml_10.1811.1.0_x64__8wekyb3d8bbwe [2019-01-19] (Microsoft Corporation) [MS Ad]
Microsoft Advertising SDK for XAML -> C:\Program Files\WindowsApps\Microsoft.Advertising.Xaml_10.1811.1.0_x86__8wekyb3d8bbwe [2019-01-19] (Microsoft Corporation) [MS Ad]
Microsoft News -> C:\Program Files\WindowsApps\Microsoft.BingNews_4.30.10924.0_x64__8wekyb3d8bbwe [2019-04-04] (Microsoft Corporation) [MS Ad]
Microsoft Phone -> C:\Program Files\WindowsApps\Microsoft.CommsPhone_3.43.20002.1000_x64__8wekyb3d8bbwe [2018-09-09] (Microsoft Corporation)
Microsoft Phone Companion -> C:\Program Files\WindowsApps\Microsoft.WindowsPhone_10.1802.311.0_x64__8wekyb3d8bbwe [2018-02-13] (Microsoft Corporation)
Microsoft Solitaire Collection -> C:\Program Files\WindowsApps\Microsoft.MicrosoftSolitaireCollection_4.3.4032.0_x86__8wekyb3d8bbwe [2019-04-12] (Microsoft Studios) [MS Ad]
MSN Food & Drink -> C:\Program Files\WindowsApps\Microsoft.BingFoodAndDrink_3.0.4.336_x64__8wekyb3d8bbwe [2015-07-28] (Microsoft Corporation) [MS Ad]
MSN Health & Fitness -> C:\Program Files\WindowsApps\Microsoft.BingHealthAndFitness_3.0.4.336_x64__8wekyb3d8bbwe [2015-07-28] (Microsoft Corporation) [MS Ad]
MSN Money -> C:\Program Files\WindowsApps\Microsoft.BingFinance_4.29.10701.0_x64__8wekyb3d8bbwe [2019-03-22] (Microsoft Corporation) [MS Ad]
MSN Sport -> C:\Program Files\WindowsApps\Microsoft.BingSports_4.28.3242.0_x64__8wekyb3d8bbwe [2018-12-15] (Microsoft Corporation) [MS Ad]
MSN Travel -> C:\Program Files\WindowsApps\Microsoft.BingTravel_3.0.4.336_x64__8wekyb3d8bbwe [2015-07-28] (Microsoft Corporation) [MS Ad]
MSN Weather -> C:\Program Files\WindowsApps\Microsoft.BingWeather_4.28.10351.0_x64__8wekyb3d8bbwe [2019-02-13] (Microsoft Corporation) [MS Ad]
Phone Companion -> C:\Program Files\WindowsApps\E0469640.DeviceCollaboration_2.0.0.9_x64__5grkq8ppsgwt4 [2015-07-05] (LENOVO INC)
PowerDVD for Lenovo Idea -> C:\Program Files\WindowsApps\CyberLinkCorp.id.PowerDVDforLenovoIdea_1.1.2618.24808_x86__hgg5mn3xps74a [2015-07-05] (CYBERLINK COM CORPORATION)
Twitter -> C:\Program Files\WindowsApps\9E2F88E3.Twitter_6.1.4.1000_neutral__wgeqdkkx372wm [2018-09-09] (Twitter Inc.)
Zinio -> C:\Program Files\WindowsApps\ZinioLLC.Zinio_2.1.0.317_x64__0q6dqzpp40p2e [2015-07-05] (Zinio LLC)
 
==================== Custom CLSID (Whitelisted): ==========================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
CustomCLSID: HKU\S-1-5-21-427439225-1213319809-2569054467-1001_Classes\CLSID\{A804CF1A-91E5-4F0C-9E8C-DB39E74056DD}\InprocServer32 -> C:\Users\lenovo\AppData\Local\Google\Update\1.3.33.23\psuser_64.dll => No File
ContextMenuHandlers2-x32: [Emsisoft Shell Extension] -> {AB77609F-2178-4E6F-9C4B-44AC179D937A} => C:\Program Files\Emsisoft Anti-Malware\A2CONTMENU.DLL [2015-10-21] (Emsisoft Ltd -> Emsisoft Ltd)
ContextMenuHandlers2: [Emsisoft Shell Extension x64] -> {E3F21FC7-6D65-48E7-B62B-E9ED8200C764} => C:\Program Files\Emsisoft Anti-Malware\A2CONTMENU64.DLL [2015-10-21] (Emsisoft Ltd -> Emsisoft Ltd)
ContextMenuHandlers3-x32: [Emsisoft Shell Extension] -> {AB77609F-2178-4E6F-9C4B-44AC179D937A} => C:\Program Files\Emsisoft Anti-Malware\A2CONTMENU.DLL [2015-10-21] (Emsisoft Ltd -> Emsisoft Ltd)
ContextMenuHandlers3: [Emsisoft Shell Extension x64] -> {E3F21FC7-6D65-48E7-B62B-E9ED8200C764} => C:\Program Files\Emsisoft Anti-Malware\A2CONTMENU64.DLL [2015-10-21] (Emsisoft Ltd -> Emsisoft Ltd)
ContextMenuHandlers5: [igfxDTCM] -> {9B5F5829-A529-4B12-814A-E81BCB8D93FC} => C:\WINDOWS\system32\igfxDTCM.dll [2017-04-23] (Microsoft Windows Hardware Compatibility Publisher -> Intel Corporation)
ContextMenuHandlers5: [NvCplDesktopContext] -> {3D1975AF-48C6-4f8e-A182-BE0E08FA86A9} => C:\WINDOWS\system32\nvshext.dll [2016-12-29] (NVIDIA Corporation -> NVIDIA Corporation)
ContextMenuHandlers6-x32: [Emsisoft Shell Extension] -> {AB77609F-2178-4E6F-9C4B-44AC179D937A} => C:\Program Files\Emsisoft Anti-Malware\A2CONTMENU.DLL [2015-10-21] (Emsisoft Ltd -> Emsisoft Ltd)
ContextMenuHandlers6: [Emsisoft Shell Extension x64] -> {E3F21FC7-6D65-48E7-B62B-E9ED8200C764} => C:\Program Files\Emsisoft Anti-Malware\A2CONTMENU64.DLL [2015-10-21] (Emsisoft Ltd -> Emsisoft Ltd)
 
==================== Shortcuts & WMI ========================
 
(The entries could be listed to be restored or removed.)
 
 
==================== Loaded Modules (Whitelisted) ==============
 
2015-07-03 04:54 - 2015-07-03 04:54 - 000815104 _____ () [File not signed] C:\Program Files\Lenovo PhoneCompanion\adb.exe
2015-07-03 04:54 - 2015-07-03 04:54 - 000096256 _____ (Google, inc) [File not signed] C:\Program Files\Lenovo PhoneCompanion\AdbWinApi.dll
2015-07-03 04:54 - 2015-07-03 04:54 - 000060928 _____ (Google, inc) [File not signed] C:\Program Files\Lenovo PhoneCompanion\AdbWinUsbApi.dll
2013-08-28 05:32 - 2013-08-28 05:32 - 000747520 _____ (Intel® Corporation) [File not signed] C:\Program Files\Intel\iCLS Client\HeciServer.exe
2016-07-05 01:11 - 2016-07-05 01:11 - 000000000 ____L (Microsoft Corporation) C:\Program Files (x86)\Microsoft Office\root\Office16\AppVIsvSubsystems32.dll
2016-07-05 01:11 - 2016-07-05 01:11 - 000000000 ____L (Microsoft Corporation) C:\Program Files (x86)\Microsoft Office\root\Office16\c2r32.dll
2018-05-19 15:07 - 2016-12-29 20:29 - 000339072 _____ (NVIDIA Corporation PE Sign v2016 -> NVIDIA Corporation) [File not signed] C:\Program Files\NVIDIA Corporation\Display.NvContainer\plugins\LocalSystem\_nvstapisvr64.dll
 
==================== Alternate Data Streams (Whitelisted) =========
 
(If an entry is included in the fixlist, only the ADS will be removed.)
 
 
==================== Safe Mode (Whitelisted) ===================
 
(If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)
 
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MBAMService => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\MBAMService => ""="Service"
 
==================== Association (Whitelisted) ===============
 
(If an entry is included in the fixlist, the registry item will be restored to default or removed.)
 
 
==================== Internet Explorer trusted/restricted ===============
 
(If an entry is included in the fixlist, it will be removed from the registry.)
 
IE trusted site: HKU\S-1-5-21-427439225-1213319809-2569054467-1001\...\sharepoint.com -> hxxps://entuedu-files.sharepoint.com
 
==================== Hosts content: ===============================
 
(If needed Hosts: directive could be included in the fixlist to reset Hosts.)
 
2013-08-22 21:25 - 2019-03-22 19:25 - 000000000 _____ C:\WINDOWS\system32\drivers\etc\hosts
 
 
==================== Other Areas ============================
 
(Currently there is no automatic fix for this section.)
 
HKLM\System\CurrentControlSet\Control\Session Manager\Environment\\Path -> C:\Program Files (x86)\NVIDIA Corporation\PhysX\Common;C:\Program Files (x86)\Intel\iCLS Client\;C:\Program Files\Intel\iCLS Client\;%SystemRoot%\system32;%SystemRoot%;%SystemRoot%\System32\Wbem;%SYSTEMROOT%\System32\WindowsPowerShell\v1.0\;C:\Program Files\Intel\Intel® Management Engine Components\DAL;C:\Program Files\Intel\Intel® Management Engine Components\IPT;C:\Program Files (x86)\Intel\Intel® Management Engine Components\DAL;C:\Program Files (x86)\Intel\Intel® Management Engine Components\IPT;C:\Program Files\Intel\WiFi\bin\;C:\Program Files\Common Files\Intel\WirelessCommon\;%SYSTEMROOT%\System32\OpenSSH\
HKU\S-1-5-21-427439225-1213319809-2569054467-1001\Control Panel\Desktop\\Wallpaper -> C:\Windows\Web\Wallpaper\Lenovo\LenovoWallPaper.jpg
DNS Servers: 37.230.173.3 - 37.230.173.5
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1)
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer => (SmartScreenEnabled: RequireAdmin)
Windows Firewall is enabled.
 
==================== MSCONFIG/TASK MANAGER disabled items ==
 
If an entry is included in the fixlist, it will be removed.
 
 
==================== FirewallRules (Whitelisted) ===============
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
FirewallRules: [{204FB074-ADC1-4777-84B2-E771742DE4F3}] => (Allow) C:\Program Files (x86)\PureVPN\vpnclient.exe No File
FirewallRules: [{F69BB1C2-5959-4DB6-B4D9-31D10EA8CA49}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Mozilla Corporation -> Mozilla Corporation)
FirewallRules: [{E7C8035E-A324-4C1C-886F-50057186A78C}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Mozilla Corporation -> Mozilla Corporation)
FirewallRules: [{54B4868A-F252-4F8B-9D8B-4B8B80BEDE96}] => (Allow) C:\Program Files (x86)\Lenovo\PowerDVD10\PowerDVD10.EXE (CyberLink Corp. -> CyberLink Corp.)
FirewallRules: [{9C6B2BE5-1D65-4702-B107-473821DDFB6D}] => (Allow) C:\Program Files (x86)\Lenovo\PowerDVD10\PowerDVD Cinema\PowerDVDCinema10.exe (CyberLink Corp. -> CyberLink Corp.)
FirewallRules: [{F9B7ACA0-1B65-43D7-BE9C-05FF23A025D7}] => (Allow) C:\Program Files\CyberLink\PowerDirector10\PDR10.EXE (CyberLink Corp. -> CyberLink Corp.)
FirewallRules: [{2FEB93DA-BBC2-43C3-B169-96304C04458D}] => (Allow) C:\Program Files\Common Files\mcafee\platform\McSvcHost\McSvHost.exe No File
FirewallRules: [{ED1AAB04-821F-4358-A013-DC739061AEC1}] => (Allow) C:\Program Files (x86)\Maxthon\Bin\MxUp.exe (Maxthon (Asia) Limited. -> Maxthon International ltd.)
FirewallRules: [{5A75BF02-B95B-41A2-9253-D8B2DA8223CD}] => (Allow) C:\Program Files (x86)\Maxthon\Bin\MxUp.exe (Maxthon (Asia) Limited. -> Maxthon International ltd.)
FirewallRules: [{D2CA8AC0-6746-41EC-98E3-AD3D925CCFE4}] => (Allow) C:\Program Files (x86)\Maxthon\Bin\Maxthon.exe (Maxthon (Asia) Limited. -> Maxthon International ltd.)
FirewallRules: [{5DE9923E-C2B2-4B3B-85A8-1140DC535F0A}] => (Allow) C:\Program Files (x86)\Maxthon\Bin\Maxthon.exe (Maxthon (Asia) Limited. -> Maxthon International ltd.)
FirewallRules: [{E107CFD1-7456-4CF4-9030-793CE75C6911}] => (Allow) C:\Program Files\Intel\WiFi\bin\PanDhcpDns.exe No File
FirewallRules: [{3EC81E2F-AAA4-4DFD-A781-D7A07647048C}] => (Allow) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamer.exe (NVIDIA Corporation -> NVIDIA Corporation)
FirewallRules: [{FC995C30-84A2-4D8C-9E96-DB82C27A216E}] => (Allow) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamer.exe (NVIDIA Corporation -> NVIDIA Corporation)
FirewallRules: [{FABF2637-C738-42A7-AF2D-8E7F7156F2E3}] => (Allow) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe (NVIDIA Corporation -> NVIDIA Corporation)
FirewallRules: [{95494EA1-5DB2-424A-BFD2-E50F6E276E44}] => (Allow) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe (NVIDIA Corporation -> NVIDIA Corporation)
FirewallRules: [{1A9C1F60-64DE-4D34-9B56-8FB84526BF1B}] => (Allow) C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe (NVIDIA Corporation -> NVIDIA Corporation)
FirewallRules: [{FAE10890-AF27-4DB6-9116-129DD75FEDA9}] => (Allow) C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe (NVIDIA Corporation -> NVIDIA Corporation)
FirewallRules: [{32900551-281D-47FF-975D-E55D9F9E0409}] => (Allow) C:\Program Files (x86)\Microsoft Office\root\Office16\outlook.exe (Microsoft Corporation -> Microsoft Corporation)
FirewallRules: [{29DCF765-E3C7-453F-A7D8-00124C8A0A64}] => (Allow) C:\Program Files (x86)\Microsoft Office\root\Office16\Lync.exe (Microsoft Corporation -> Microsoft Corporation)
FirewallRules: [{E519150C-BA39-449B-83DE-FC10A530EFE3}] => (Allow) C:\Program Files (x86)\Microsoft Office\root\Office16\Lync.exe (Microsoft Corporation -> Microsoft Corporation)
FirewallRules: [{C7FD28F6-9CB7-49A6-A7A4-1D0C99A0F9FA}] => (Allow) C:\Program Files (x86)\Microsoft Office\root\Office16\UcMapi.exe (Microsoft Corporation -> Microsoft Corporation)
FirewallRules: [{29CF2E45-B554-49D7-B8E0-F3C6D315E0DC}] => (Allow) C:\Program Files (x86)\Microsoft Office\root\Office16\UcMapi.exe (Microsoft Corporation -> Microsoft Corporation)
FirewallRules: [{698B779D-D86A-4541-94D5-956AB87A6F05}] => (Allow) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google LLC -> Google Inc.)
 
==================== Restore Points =========================
 
22-05-2019 11:05:28 Windows Update
30-05-2019 04:48:46 Scheduled Checkpoint
 
==================== Faulty Device Manager Devices =============
 
 
==================== Event log errors: =========================
 
Application errors:
==================
Error: (06/08/2019 04:01:42 AM) (Source: Microsoft-Windows-EapHost) (EventID: 2002) (User: Lenovo-PC)
Description: Skipping: Eap method DLL path validation failed. Error: typeId=43, authorId=9, vendorId=0, vendorType=0
 
Error: (06/08/2019 04:01:42 AM) (Source: Microsoft-Windows-EapHost) (EventID: 2002) (User: Lenovo-PC)
Description: Skipping: Eap method DLL path validation failed. Error: typeId=25, authorId=9, vendorId=0, vendorType=0
 
Error: (06/08/2019 04:01:42 AM) (Source: Microsoft-Windows-EapHost) (EventID: 2002) (User: Lenovo-PC)
Description: Skipping: Eap method DLL path validation failed. Error: typeId=17, authorId=9, vendorId=0, vendorType=0
 
Error: (06/08/2019 04:01:42 AM) (Source: Microsoft-Windows-EapHost) (EventID: 2002) (User: Lenovo-PC)
Description: Skipping: Eap method DLL path validation failed. Error: typeId=254, authorId=311, vendorId=14122, vendorType=1
 
Error: (06/08/2019 04:01:41 AM) (Source: Microsoft-Windows-EapHost) (EventID: 2002) (User: NT AUTHORITY)
Description: Skipping: Eap method DLL path validation failed. Error: typeId=43, authorId=9, vendorId=0, vendorType=0
 
Error: (06/08/2019 04:01:41 AM) (Source: Microsoft-Windows-EapHost) (EventID: 2002) (User: NT AUTHORITY)
Description: Skipping: Eap method DLL path validation failed. Error: typeId=25, authorId=9, vendorId=0, vendorType=0
 
Error: (06/08/2019 04:01:41 AM) (Source: Microsoft-Windows-EapHost) (EventID: 2002) (User: NT AUTHORITY)
Description: Skipping: Eap method DLL path validation failed. Error: typeId=17, authorId=9, vendorId=0, vendorType=0
 
Error: (06/08/2019 04:01:41 AM) (Source: Microsoft-Windows-EapHost) (EventID: 2002) (User: Lenovo-PC)
Description: Skipping: Eap method DLL path validation failed. Error: typeId=43, authorId=9, vendorId=0, vendorType=0
 
 
System errors:
=============
Error: (06/08/2019 04:01:51 AM) (Source: Server) (EventID: 2505) (User: )
Description: The server could not bind to the transport \Device\NetBT_Tcpip_{F9FBAE75-18B5-4EAE-B208-3FE16D557B12} because another computer on the network has the same name.  The server could not start.
 
Error: (06/08/2019 04:01:51 AM) (Source: Server) (EventID: 2505) (User: )
Description: The server could not bind to the transport \Device\NetBT_Tcpip_{50B3B552-9C67-48EF-8117-15D8A3CFABBC} because another computer on the network has the same name.  The server could not start.
 
Error: (06/08/2019 04:01:36 AM) (Source: DCOM) (EventID: 10016) (User: Lenovo-PC)
Description: The application-specific permission settings do not grant Local Activation permission for the COM Server application with CLSID 
{8BC3F05E-D86B-11D0-A075-00C04FB68820}
 and APPID 
{8BC3F05E-D86B-11D0-A075-00C04FB68820}
 to the user Lenovo-PC\lenovo SID (S-1-5-21-427439225-1213319809-2569054467-1001) from address LocalHost (Using LRPC) running in the application container Microsoft.Windows.ContentDeliveryManager_10.0.17134.1_neutral_neutral_cw5n1h2txyewy SID (S-1-15-2-350187224-1905355452-1037786396-3028148496-2624191407-3283318427-1255436723). This security permission can be modified using the Component Services administrative tool.
 
Error: (06/08/2019 02:01:24 AM) (Source: Server) (EventID: 2505) (User: )
Description: The server could not bind to the transport \Device\NetBT_Tcpip_{F9FBAE75-18B5-4EAE-B208-3FE16D557B12} because another computer on the network has the same name.  The server could not start.
 
Error: (06/07/2019 11:58:46 PM) (Source: DCOM) (EventID: 10016) (User: Lenovo-PC)
Description: The application-specific permission settings do not grant Local Activation permission for the COM Server application with CLSID 
{8BC3F05E-D86B-11D0-A075-00C04FB68820}
 and APPID 
{8BC3F05E-D86B-11D0-A075-00C04FB68820}
 to the user Lenovo-PC\lenovo SID (S-1-5-21-427439225-1213319809-2569054467-1001) from address LocalHost (Using LRPC) running in the application container Microsoft.Windows.ContentDeliveryManager_10.0.17134.1_neutral_neutral_cw5n1h2txyewy SID (S-1-15-2-350187224-1905355452-1037786396-3028148496-2624191407-3283318427-1255436723). This security permission can be modified using the Component Services administrative tool.
 
Error: (06/07/2019 11:48:24 PM) (Source: Server) (EventID: 2505) (User: )
Description: The server could not bind to the transport \Device\NetBT_Tcpip_{F9FBAE75-18B5-4EAE-B208-3FE16D557B12} because another computer on the network has the same name.  The server could not start.
 
Error: (06/07/2019 11:48:24 PM) (Source: Server) (EventID: 2505) (User: )
Description: The server could not bind to the transport \Device\NetBT_Tcpip_{50B3B552-9C67-48EF-8117-15D8A3CFABBC} because another computer on the network has the same name.  The server could not start.
 
Error: (06/07/2019 11:41:04 PM) (Source: Server) (EventID: 2505) (User: )
Description: The server could not bind to the transport \Device\NetBT_Tcpip_{F9FBAE75-18B5-4EAE-B208-3FE16D557B12} because another computer on the network has the same name.  The server could not start.
 
 
Windows Defender:
===================================
Date: 2019-05-22 18:31:05.037
Description: 
Windows Defender Antivirus scan has been stopped before completion.
Scan ID: {4015C879-D95C-4A3F-8AEE-05AB54E95275}
Scan Type: Antimalware
Scan Parameters: Quick Scan
 
Date: 2019-05-22 18:17:17.272
Description: 
Windows Defender Antivirus scan has been stopped before completion.
Scan ID: {5046DD9A-952D-4DC6-857E-EB44A722ABE6}
Scan Type: Antimalware
Scan Parameters: Quick Scan
 
Date: 2019-05-21 10:16:01.633
Description: 
Windows Defender Antivirus scan has been stopped before completion.
Scan ID: {DABE718C-CE03-4722-9E46-E3AA7ED18479}
Scan Type: Antimalware
Scan Parameters: Quick Scan
 
Date: 2019-05-21 10:05:34.816
Description: 
Windows Defender Antivirus scan has been stopped before completion.
Scan ID: {C5670B9B-3AC3-417F-B077-E92F4F6E6B9E}
Scan Type: Antimalware
Scan Parameters: Quick Scan
 
Date: 2019-05-17 18:52:42.271
Description: 
Windows Defender Antivirus scan has been stopped before completion.
Scan ID: {CCCD6F82-36BB-4D78-9B75-3D429EC57745}
Scan Type: Antimalware
Scan Parameters: Quick Scan
 
Date: 2019-05-22 09:52:49.934
Description: 
Windows Defender Antivirus has encountered an error trying to update signatures.
New Signature Version: 
Previous Signature Version: 1.293.1997.0
Update Source: Microsoft Update Server
Signature Type: AntiVirus
Update Type: Full
Current Engine Version: 
Previous Engine Version: 1.1.15900.4
Error code: 0x80072ee2
Error description: The operation timed out 
 
Date: 2019-05-22 08:52:30.069
Description: 
Windows Defender Antivirus has encountered an error trying to update signatures.
New Signature Version: 
Previous Signature Version: 1.293.1997.0
Update Source: Microsoft Update Server
Signature Type: AntiVirus
Update Type: Full
Current Engine Version: 
Previous Engine Version: 1.1.15900.4
Error code: 0x80072ee2
Error description: The operation timed out 
 
Date: 2019-05-21 01:02:09.873
Description: 
Windows Defender Antivirus has encountered an error trying to update signatures.
New Signature Version: 
Previous Signature Version: 1.293.1947.0
Update Source: Microsoft Update Server
Signature Type: AntiVirus
Update Type: Full
Current Engine Version: 
Previous Engine Version: 1.1.15900.4
Error code: 0x8024402c
Error description: An unexpected problem occurred while checking for updates. For information on installing or troubleshooting updates, see Help and Support. 
 
CodeIntegrity:
===================================
 
Date: 2019-06-08 05:03:06.284
Description: 
Code Integrity determined that a process (\Device\HarddiskVolume5\Windows\System32\svchost.exe) attempted to load \Device\HarddiskVolume5\Program Files\Emsisoft Anti-Malware\a2hooks64.dll that did not meet the Windows signing level requirements.
 
Date: 2019-06-08 04:32:34.713
Description: 
Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume5\Program Files\Emsisoft Anti-Malware\a2hooks64.dll because the set of per-page image hashes could not be found on the system.
 
Date: 2019-06-08 04:30:28.539
Description: 
Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume5\Program Files\Emsisoft Anti-Malware\a2hooks64.dll because the set of per-page image hashes could not be found on the system.
 
Date: 2019-06-08 04:30:24.834
Description: 
Code Integrity determined that a process (\Device\HarddiskVolume5\Windows\System32\svchost.exe) attempted to load \Device\HarddiskVolume5\Program Files\Emsisoft Anti-Malware\a2hooks64.dll that did not meet the Windows signing level requirements.
 
Date: 2019-06-08 04:01:33.998
Description: 
Code Integrity determined that a process (\Device\HarddiskVolume5\Windows\System32\svchost.exe) attempted to load \Device\HarddiskVolume5\Program Files\Emsisoft Anti-Malware\a2hooks64.dll that did not meet the Windows signing level requirements.
 
Date: 2019-06-08 01:05:13.655
Description: 
Code Integrity determined that a process (\Device\HarddiskVolume5\Windows\System32\svchost.exe) attempted to load \Device\HarddiskVolume5\Program Files\Emsisoft Anti-Malware\a2hooks64.dll that did not meet the Windows signing level requirements.
 
Date: 2019-06-08 00:10:55.858
Description: 
Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume5\Program Files\Emsisoft Anti-Malware\a2hooks64.dll because the set of per-page image hashes could not be found on the system.
 
Date: 2019-06-08 00:05:13.658
Description: 
Code Integrity determined that a process (\Device\HarddiskVolume5\Windows\System32\svchost.exe) attempted to load \Device\HarddiskVolume5\Program Files\Emsisoft Anti-Malware\a2hooks64.dll that did not meet the Windows signing level requirements.
 
==================== Memory info =========================== 
 
BIOS: LENOVO 9ECN26WW(V1.09) 05/27/2014
Motherboard: LENOVO Lenovo Y50-70
Processor: Intel® Core™ i7-4710HQ CPU @ 2.50GHz
Percentage of memory in use: 38%
Total physical RAM: 16296.27 MB
Available physical RAM: 10072.25 MB
Total Virtual: 18728.27 MB
Available Virtual: 12147.88 MB
 
==================== Drives ================================
 
Drive c: (Windows8_OS) (Fixed) (Total:890.9 GB) (Free:834.37 GB) NTFS ==>[system with boot components (obtained from drive)]
Drive d: (LENOVO) (Fixed) (Total:25 GB) (Free:22 GB) NTFS
 
\\?\Volume{9d0b5c3f-2b50-4d50-80e4-5777bcd73009}\ (WINRE_DRV) (Fixed) (Total:0.98 GB) (Free:0.54 GB) NTFS
\\?\Volume{62f27c8a-44af-452b-81ff-906c761516c4}\ (PBR_DRV) (Fixed) (Total:13.28 GB) (Free:4.34 GB) NTFS
\\?\Volume{dc8114d3-61a8-424d-b388-ec243ade8157}\ (SYSTEM_DRV) (Fixed) (Total:0.25 GB) (Free:0.22 GB) FAT32
 
==================== MBR & Partition Table ==================
 
========================================================
Disk: 0 (Size: 931.5 GB) (Disk ID: 4FA4877A)
 
Partition: GPT.
 
==================== End of Addition.txt ============================


#6 Satchfan

Satchfan

    SuperHelper

  • Malware Team
  • 6,453 posts
  • Interests:LFC, music, more LFC, more music

Posted 08 June 2019 - 05:17 AM

I see no instances of malware in your logs but if this is a company computer then I would suggest you ask for more advice from your IT department or the person who maintains your network.

A couple of things to clear up:

Run Farbar Recovery Scan Tool

  • right-click FRST/FRST64 and select ‘Run as administrator’
  • highlight the contents of the code box below, then press Ctrl+c):

CloseProcesses:
2019-05-23 16:30 - 2018-07-06 21:15 - 000000281 _____ C:\Users\lenovo\AppData\Local\temp.bat
CustomCLSID: HKU\S-1-5-21-427439225-1213319809-2569054467-1001_Classes\CLSID\{A804CF1A-91E5-4F0C-9E8C-DB39E74056DD}\InprocServer32 -> C:\Users\lenovo\AppData\Local\Google\Update\1.3.33.23\psuser_64.dll => No File
C:\Program Files\WindowsApps\McAfeeInc.06.McAfeeSecurityAdvisorforLenovo_5.0.173.1_x64__bq6yxensn79aw
EmptyTemp:

NOTE: This script was written specifically for this user, for use on that particular machine. Running this on another machine may cause damage to your operating system
  • in the FRST window, press the ‘Fix’ button once and wait
  • please reboot the computer if requested
  • it will create a log on your desktop, (Fixlog.txt); please post it to your reply.

Thanks

Satchfan

NINA - Proud graduate of the WTT Classroom

Member of UNITE

The help you receive here is free but if you feel I have helped, you may consider making a Donation.

#7 Satchfan

Satchfan

    SuperHelper

  • Malware Team
  • 6,453 posts
  • Interests:LFC, music, more LFC, more music

Posted 11 June 2019 - 03:10 PM

Hello ONiewbieO

It has been several days since I sent my last set of instructions to help with your computer problem.

Please let me know if you still need help. If I don't get a reply within 24 hours I'll assume all is well and close this topic.

Satchfan


NINA - Proud graduate of the WTT Classroom

Member of UNITE

The help you receive here is free but if you feel I have helped, you may consider making a Donation.

#8 ONewbieO

ONewbieO

    Authentic Member

  • Authentic Member
  • PipPip
  • 148 posts

Posted 11 June 2019 - 08:11 PM

Apologies, kind of forgot about this.

 

No fixlist.txt found.

The fixlist.txt should be in the same folder/directory the tool is located.

 

I left everything that i had in the desktop.



#9 Satchfan

Satchfan

    SuperHelper

  • Malware Team
  • 6,453 posts
  • Interests:LFC, music, more LFC, more music

Posted 12 June 2019 - 05:18 AM

it will create a log on your desktop, (Fixlog.txt)

 


NINA - Proud graduate of the WTT Classroom

Member of UNITE

The help you receive here is free but if you feel I have helped, you may consider making a Donation.

#10 ONewbieO

ONewbieO

    Authentic Member

  • Authentic Member
  • PipPip
  • 148 posts

Posted 12 June 2019 - 08:17 AM

this is the error message i received after i typed your commands in.



#11 Satchfan

Satchfan

    SuperHelper

  • Malware Team
  • 6,453 posts
  • Interests:LFC, music, more LFC, more music

Posted 12 June 2019 - 09:20 AM

I see no error message. Are you talking about using the script for the 'fix'?


NINA - Proud graduate of the WTT Classroom

Member of UNITE

The help you receive here is free but if you feel I have helped, you may consider making a Donation.

#12 Satchfan

Satchfan

    SuperHelper

  • Malware Team
  • 6,453 posts
  • Interests:LFC, music, more LFC, more music

Posted 15 June 2019 - 06:13 AM

It has been 3 days since I sent my last post.

 

If I hear nothing within 24 hours I shall assume that all is well and close this topic as 'solved'.

 

Satchfan


NINA - Proud graduate of the WTT Classroom

Member of UNITE

The help you receive here is free but if you feel I have helped, you may consider making a Donation.

#13 Satchfan

Satchfan

    SuperHelper

  • Malware Team
  • 6,453 posts
  • Interests:LFC, music, more LFC, more music

Posted 16 June 2019 - 02:42 PM

Since this issue appears to be resolved ... this Topic has been closed. Glad we could be of assistance.

If you're the topic starter, and need this topic reopened, please contact a staff member with the address of the thread.

Everyone else please follow the instructions here http://forums.whatth...ed_t106388.html
and start a New Topic.


NINA - Proud graduate of the WTT Classroom

Member of UNITE

The help you receive here is free but if you feel I have helped, you may consider making a Donation.

Related Topics



0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users