Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

It looks like my computer infected with a malware. Please help.


  • This topic is locked This topic is locked
16 replies to this topic

#1 binder

binder

  • Members
  • 10 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Philippines
  • Local time:03:17 AM

Posted 31 July 2018 - 09:44 PM

My wallpaper suddenly changed yesterday without setting it to slide show mode.

My camera stopped working few days ago.

 

 

 



BC AdBot (Login to Remove)

 


#2 binder

binder
  • Topic Starter

  • Members
  • 10 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Philippines
  • Local time:03:17 AM

Posted 31 July 2018 - 09:46 PM

My wallpaper suddenly changed yesterday without setting it to slide show mode.

My camera stopped working few days ago.

 

 

 



#3 Gunto

Gunto

    Bleepin' Reject Phoenix


  • Malware Response Team
  • 1,291 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:North Las Vegas, Nevada, USA
  • Local time:12:17 PM

Posted 31 July 2018 - 10:07 PM

Hi, binder! I'm going to try to help you out. :)
 
Before we get started, here are some things I need you to remember:
  • Please don't make any changes to your computer, or run programs, without asking me first! This will make it practically impossible for me to assist you.
  • Always read my posts completely before doing anything, and follow the instructions in the order I give them to you, unless stated otherwise.
  • If you're getting help elsewhere, or have already resolved the problem, please let me know so I can close this thread.
  • Please respond to me within five days of me replying to you. If you need more time, please let me know. I will close topics that I have not received a response from within five days.
  • Please be patient with me. I need some time to analyze your logs and responses so I can correctly help you. I should respond to you within two days, but if I haven't, please send me a PM! I may have missed your response. Bribing me with candy for faster replies is not advised.
  • If something goes wrong, you don't understand something, or you don't know what to do, please stop and ask me before proceeding with any further steps!
First, let's run a scan with FRST to get some more information.
 
Farbar Recovery Scan Tool
 
I need you to run a scan with FRST.
  • Download the version of FRST that is designed for your system from here, and save it to your desktop. If you don't know which one is designed for your system, download both and try running both. Only one will work correctly, and that's the one you need to use.
  • Double click the program to run it. If you are using Windows 8 or above, Windows will most likely attempt to block the program from running; if this occurs, click More info and then Run anyway. Once it opens, accept the disclaimer and click the Scan button.
  • Once it's done scanning, FRST will create two logs on your desktop, FRST.txt and Addition.txt. Please copy and paste both into your reply, one at a time.

Gunto


Beautiful avatar by Plumbeck!

 

Bury me in honor; when I'm dead and hit the ground, a love back home, it unfolds...


#4 binder

binder
  • Topic Starter

  • Members
  • 10 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Philippines
  • Local time:03:17 AM

Posted 31 July 2018 - 10:12 PM

Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 21.07.2018
Ran by arlene.mandia (administrator) on LENOVO-PC-AAM (01-08-2018 10:32:56)
Running from C:\Users\arlene.mandia\Downloads
Loaded Profiles: arlene.mandia (Available Profiles: arlene.mandia)
Platform: Windows 10 Home Version 1803 17134.112 (X64) Language: English (United States)
Internet Explorer Version 11 (Default browser: Chrome)
Boot Mode: Normal
 
==================== Processes (Whitelisted) =================
 
(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
 
(Intel Corporation) C:\Windows\System32\igfxCUIService.exe
(Alps Electric Co., Ltd.) C:\Program Files\Apoint2K\HidMonitorSvc.exe
(Lenovo Corporation) C:\Program Files\Lenovo\Communications Utility\AVControlCenter32.exe
(Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(Apple Inc.) C:\Program Files (x86)\Bonjour\mDNSResponder.exe
(Microsoft Corporation) C:\Program Files\Common Files\microsoft shared\ClickToRun\OfficeClickToRun.exe
(Lenovo) C:\Program Files\Lenovo\OneKey Optimizer\bin\FbService.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\GeForce Experience Service\GfExperienceService.exe
(Microsoft Corporation) C:\Windows\SysWOW64\svchost.exe
(Intel Corporation) C:\Windows\System32\ibtsiva.exe
(Lenovo Group Limited) C:\Program Files\Lenovo\ImController\Service\Lenovo.Modern.ImController.exe
(LeapFrog Enterprises, Inc.) C:\Program Files (x86)\LeapFrog\LeapFrog Connect\CommandService.exe
(Lenovo(beijing) Limited) C:\Program Files\Lenovo\OneKey Optimizer\bin\OKOUpdataService.exe
(Lenovo Group Limited) C:\Program Files\Lenovo\SettingsDependency\SettingsService.exe
(Lenovo(beijing) Limited) C:\Program Files (x86)\Lenovo\Lenovo Settings\x86\LenovoSetSvr.exe
() C:\Program Files\Lenovo PhoneCompanion\LPAWDService.exe
(Lenovo(beijing) Limited) C:\Windows\System32\LenovoWiFiHotspotSvr.exe
(McAfee, LLC) C:\Program Files\Common Files\McAfee\SystemCore\mfemms.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display.NvContainer\NVDisplay.Container.exe
(McAfee, Inc.) C:\Program Files\Common Files\McAfee\ModuleCore\ModuleCoreService.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe
(Lenovo(beijing) Limited) C:\Program Files\Lenovo\OneKey Optimizer\bin\OKOControlSvc.exe
(McAfee, Inc.) C:\Program Files\Common Files\McAfee\PEF\CORE\PEFService.exe
(PointGrab LTD) C:\Program Files (x86)\Lenovo\Motion Control\PGService.exe
(PointGrab LTD) C:\Program Files (x86)\Lenovo\Motion Control\PG_Service_Launcher.exe
(Lenovo) C:\Program Files\Lenovo PhoneCompanion\PhoneCompanionPusher.exe
() C:\Program Files\CyberLink\Shared files\RichVideo64.exe
(McAfee, LLC.) C:\Program Files\TrueKey\McTkSchedulerService.exe
(McAfee, LLC.) C:\Program Files\TrueKey\McAfee.TrueKey.Service.exe
(Lenovo) C:\ProgramData\LenovoTransition\Server\x64\ymc.exe
(McAfee, LLC) C:\Windows\System32\mfevtps.exe
(McAfee, Inc.) C:\Program Files\Common Files\McAfee\MMSSHost\MMSSHOST.exe
(McAfee, LLC) C:\Windows\System32\mfevtps.exe
(PointGrab LTD) C:\Program Files (x86)\Lenovo\Motion Control\WebcamSplitterServer.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe
(McAfee, LLC) C:\Program Files\Common Files\McAfee\SystemCore\mfefire.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\DAL\jhi_service.exe
(McAfee, Inc.) C:\Program Files (x86)\McAfee\SiteAdvisor\mcsacore.exe
(McAfee, Inc.) C:\Program Files\Common Files\McAfee\VSCore_15_8\mcapexe.exe
(McAfee, Inc.) C:\Program Files\McAfee\MfeAV\MfeAVSvc.exe
(McAfee LLC.) C:\Program Files\Common Files\McAfee\AMCore\mcshield.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
(McAfee, Inc.) C:\Program Files\Common Files\McAfee\CSP\2.9.175.0\McCSPServiceHost.exe
() C:\Program Files (x86)\Lenovo\CCSDK\CCSDK.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe
(Alps Electric Co., Ltd.) C:\Program Files\Apoint2K\Apoint.exe
(Lenovo Corporation) C:\Program Files\Lenovo\Communications Utility\avfaudiosw.exe
(McAfee, Inc.) C:\Program Files (x86)\McAfee\SiteAdvisor\saUI.exe
(Alps Electric Co., Ltd.) C:\Program Files\Apoint2K\ApMsgFwd.exe
(Alps Electric Co., Ltd.) C:\Program Files\Apoint2K\hidfind.exe
(Alps Electric Co., Ltd.) C:\Program Files\Apoint2K\ApntEx.exe
(Lenovo Group Limited) C:\Program Files (x86)\Lenovo\iMController\PluginHost\Lenovo.Modern.ImController.PluginHost.SettingsApp.exe
(McAfee, Inc.) C:\Program Files\McAfee\Real Protect\RealProtect.exe
(Lenovo Group Limited) C:\Program Files\Lenovo\ImController\PluginHost\Lenovo.Modern.ImController.PluginHost.SettingsApp.exe
(Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v3.0\WPF\PresentationFontCache.exe
(Lenovo Group Limited) C:\Program Files\Lenovo\ImController\PluginHost\Lenovo.Modern.ImController.PluginHost.SettingsApp.exe
() C:\Program Files (x86)\Lenovo\CCSDK\WinGather.exe
(Intel Corporation) C:\Windows\System32\igfxEM.exe
(Intel Corporation) C:\Windows\System32\igfxHK.exe
() C:\Windows\System32\igfxTray.exe
(McAfee, Inc.) C:\Program Files\Common Files\McAfee\ModuleCore\ModuleCoreService.exe
(McAfee, Inc.) C:\Program Files\Common Files\McAfee\Platform\McUICnt.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Microsoft Corporation) C:\Program Files\WindowsApps\Microsoft.MicrosoftOfficeHub_17.9328.1700.0_x64__8wekyb3d8bbwe\Office16\OfficeHubTaskHost.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Microsoft Corporation) C:\Program Files\Windows Defender\MSASCuiL.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe
(Lenovo) C:\Program Files\Lenovo PhoneCompanion\Phone Companion.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Lenovo(beijing) Limited) C:\Program Files\Lenovo\OneKey Optimizer\bin\OneKeyOptimizerTray.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Lenovo(beijing) Limited) C:\ProgramData\Lenovo\iMController\Plugins\IdeaOSDPackage\x64\utility.exe
(Lenovo(beijing) Limited) C:\Program Files\Lenovo\OneKey Optimizer\bin\OnekeyOptimizerUpdata.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Dolby Laboratories Inc.) C:\Program Files\Dolby\DDP_F3\ddpf3.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(© 2015 Microsoft Corporation) C:\Users\arlene.mandia\AppData\Local\Microsoft\BingSvc\BingSvc.exe
(CyberLink Corp.) C:\Program Files (x86)\Lenovo\Lenovo Photo Master\PhotoMasterImportAgent.exe
(Hewlett-Packard Co.) C:\Program Files (x86)\HP\Digital Imaging\bin\hpqtra08.exe
(McAfee, Inc.) C:\Program Files\McAfee Security Scan\3.11.717\SSScheduler.exe
(Microsoft Corporation) C:\Program Files (x86)\Microsoft Office\root\Office16\ONENOTEM.EXE
(Hewlett-Packard) C:\Program Files (x86)\HP\HP Software Update\hpwuschd2.exe
(Microsoft Corporation) C:\Windows\System32\cmd.exe
(McAfee, Inc.) C:\Program Files (x86)\McAfee\SiteAdvisor\McChHost.exe
(Microsoft Corporation) C:\Windows\SysWOW64\svchost.exe
(Google Inc.) C:\Program Files (x86)\Google\Update\1.3.33.17\GoogleCrashHandler.exe
(Google Inc.) C:\Program Files (x86)\Google\Update\1.3.33.17\GoogleCrashHandler64.exe
(Intel Corporation) C:\Program Files\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe
(HP Inc.) C:\Program Files (x86)\Hewlett-Packard\HP Support Solutions\HPSupportSolutionsFrameworkService.exe
(Intel Corporation) C:\Program Files\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\FWService\IntelMeFWService.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Lenovo Corporation) C:\Program Files\Lenovo\Communications Utility\tpknrres.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Lenovo(beijing) Limited) C:\Program Files\Lenovo\OneKey Optimizer\bin\OneKeyOptimizer.exe
(Lenovo Group Limited) C:\Program Files (x86)\Lenovo\iMController\PluginHost\Lenovo.Modern.ImController.PluginHost.Device.exe
() C:\Program Files\Lenovo PhoneCompanion\adb.exe
(Lenovo) C:\ProgramData\Lenovo App Services\Engine\LenovoAppServices.exe
() C:\Program Files\WindowsApps\E046963F.LenovoCompanion_4.12.13.0_x86__k1h2ywk1493x8\Lenovo.Discovery.exe
() C:\Program Files\WindowsApps\Microsoft.Windows.Photos_2018.18041.15530.0_x64__8wekyb3d8bbwe\Microsoft.Photos.exe
(Microsoft Corporation) C:\Program Files\WindowsApps\Microsoft.WindowsStore_11805.1001.42.0_x64__8wekyb3d8bbwe\WinStore.App.exe
(Microsoft Corporation) C:\Program Files\Windows Defender\MsMpEng.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Zhuhai Kingsoft Office Software Co.,Ltd) C:\Program Files (x86)\Kingsoft\Kingsoft Office\10.2.0.7439\office6\wpscloudsvr.exe
(Zhuhai Kingsoft Office Software Co.,Ltd) C:\Program Files (x86)\Kingsoft\Kingsoft Office\10.2.0.7439\office6\wpscenter.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Microsoft Corporation) C:\Windows\System32\smartscreen.exe
 
==================== Registry (Whitelisted) ===========================
 
(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
 
HKLM\...\Run: [SecurityHealth] => C:\Program Files\Windows Defender\MSASCuiL.exe [638872 2018-04-12] (Microsoft Corporation)
HKLM\...\Run: [Apoint] => C:\Program Files\Apoint2K\Apoint.exe [703272 2015-08-30] (Alps Electric Co., Ltd.)
HKLM\...\Run: [RtHDVBg_Dolby] => C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe [1415928 2015-11-18] (Realtek Semiconductor)
HKLM\...\Run: [RtHDVBg_LENOVO_DOLBYDRAGON] => C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe [1415928 2015-11-18] (Realtek Semiconductor)
HKLM\...\Run: [RtHDVBg_LENOVO_MICPKEY] => C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe [1415928 2015-11-18] (Realtek Semiconductor)
HKLM\...\Run: [NvBackend] => C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe [2532168 2014-12-13] (NVIDIA Corporation)
HKLM\...\Run: [ShadowPlay] => C:\windows\system32\rundll32.exe C:\windows\system32\nvspcap64.dll,ShadowPlayOnSystemStart
HKLM\...\Run: [IAStorIcon] => C:\Program Files\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe [322712 2014-10-10] (Intel Corporation)
HKLM\...\Run: [PhoneCompanion] => C:\Program Files\Lenovo PhoneCompanion\Phone Companion.exe [802800 2015-06-19] (Lenovo)
HKLM\...\Run: [OneKeyOptimizer] => C:\Program Files\Lenovo\OneKey Optimizer\bin\OneKeyOptimizerTray.exe [559896 2014-11-19] (Lenovo(beijing) Limited)
HKLM\...\Run: [LMCSSTART1] => C:\Program Files\Lenovo\Communications Utility\lmcsctrl.exe [30152 2015-03-23] (Lenovo Corporation)
HKLM\...\Run: [LMCSSTART2] => C:\Program Files\Lenovo\Communications Utility\lmcsctrl.exe [30152 2015-03-23] (Lenovo Corporation)
HKLM\...\Run: [LMCSSTART3] => C:\Program Files\Lenovo\Communications Utility\lmcsctrl.exe [30152 2015-03-23] (Lenovo Corporation)
HKLM\...\Run: [LenovoUtility] => C:\ProgramData\Lenovo\ImController\Plugins\IdeaOSDPackage\x64\utility.exe [911272 2017-07-27] (Lenovo(beijing) Limited)
HKLM\...\Run: [DDPF3] => C:\Program Files\Dolby\DDP_F3\ddpf3.exe [746496 2014-11-03] (Dolby Laboratories Inc.)
HKLM-x32\...\Run: [iTunesHelper] => C:\Program Files (x86)\iTunes\iTunesHelper.exe [421160 2011-06-07] (Apple Inc.)
HKLM-x32\...\Run: [HP Software Update] => C:\Program Files (x86)\HP\HP Software Update\HPWuSchd2.exe [96056 2013-05-30] (Hewlett-Packard)
HKLM-x32\...\Run: [APSDaemon] => C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe [59720 2013-09-13] (Apple Inc.)
HKLM-x32\...\Run: [Monitor] => C:\Program Files (x86)\LeapFrog\LeapFrog Connect\Monitor.exe [124544 2016-02-11] (LeapFrog Enterprises, Inc.)
HKLM\...\RunOnce: [RealProtect] => C:\Program Files\McAfee\Real Protect\RealProtect.exe [7037608 2018-07-29] (McAfee, Inc.)
HKLM\...\Policies\Explorer: [Max Cached Icons] 2000
HKU\S-1-5-19\...\RunOnce: [WAB Migrate] => C:\Program Files\Windows Mail\wab.exe [518144 2018-04-12] (Microsoft Corporation)
HKU\S-1-5-20\...\RunOnce: [WAB Migrate] => C:\Program Files\Windows Mail\wab.exe [518144 2018-04-12] (Microsoft Corporation)
HKU\S-1-5-21-2204550158-3753436120-1288192212-1001\...\Run: [GoogleChromeAutoLaunch_9DABAC5BEB29F7A89F3C2463DE3BB452] => "C:\Users\arlene.mandia\AppData\Local\Chromium\Application\chrome.exe" --auto-launch-at-startup --profile-directory="Default" --restore-last-session
HKU\S-1-5-21-2204550158-3753436120-1288192212-1001\...\Run: [BingSvc] => C:\Users\arlene.mandia\AppData\Local\Microsoft\BingSvc\BingSvc.exe [144008 2015-11-05] (© 2015 Microsoft Corporation)
HKU\S-1-5-21-2204550158-3753436120-1288192212-1001\...\Run: [PhotoMasterImportAgent] => C:\Program Files (x86)\Lenovo\Lenovo Photo Master\PhotoMasterImportAgent.exe [675608 2016-09-22] (CyberLink Corp.)
HKU\S-1-5-21-2204550158-3753436120-1288192212-1001\...\Policies\Explorer: [NoLowDiskSpaceChecks] 1
Lsa: [Notification Packages] scecli C:\Program Files\TrueKey\McAfeeTrueKeyPasswordFilter "C:\Program Files\TrueKey\McAfeeTrueKeyPasswordFilter"
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\HP Digital Imaging Monitor.lnk [2015-11-06]
ShortcutTarget: HP Digital Imaging Monitor.lnk -> C:\Program Files (x86)\HP\Digital Imaging\bin\hpqtra08.exe (Hewlett-Packard Co.)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\McAfee Security Scan Plus.lnk [2018-04-11]
ShortcutTarget: McAfee Security Scan Plus.lnk -> C:\Program Files\McAfee Security Scan\3.11.717\SSScheduler.exe (McAfee, Inc.)
Startup: C:\Users\arlene.mandia\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\FacebookGamesNotifier.exe.lnk [2016-08-22]
ShortcutTarget: FacebookGamesNotifier.exe.lnk -> C:\Users\arlene.mandia\AppData\Local\Facebook\Games\FacebookGamesNotifier.exe ()
Startup: C:\Users\arlene.mandia\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Send to OneNote.lnk [2016-04-14]
ShortcutTarget: Send to OneNote.lnk -> C:\Program Files (x86)\Microsoft Office\root\Office16\ONENOTEM.EXE (Microsoft Corporation)
GroupPolicy: Restriction - Chrome <==== ATTENTION
CHR HKLM\SOFTWARE\Policies\Google: Restriction <==== ATTENTION
 
==================== Internet (Whitelisted) ====================
 
(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
 
Hosts: 0.0.0.1 mssplus.mcafee.com
Tcpip\Parameters: [DhcpNameServer] 192.168.1.1
Tcpip\..\Interfaces\{5b537722-7664-48ef-9b03-97569fe0c6f7}: [DhcpNameServer] 192.168.1.1
 
Internet Explorer:
==================
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
HKU\S-1-5-21-2204550158-3753436120-1288192212-1001\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
HKU\S-1-5-21-2204550158-3753436120-1288192212-1001\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://lenovo13.msn.com/?pc=LCJB
HKU\S-1-5-21-2204550158-3753436120-1288192212-1001\Software\Microsoft\Internet Explorer\Main,Secondary Start Pages = hxxp://mystart.lenovo.com
SearchScopes: HKLM -> DefaultScope {91F51ED2-4C4F-4B0D-9709-9A94D2B70947} URL = hxxp://searchinterneat-a.akamaihd.net/s?eq=U0EeE1xZE1oZB1ZEfV8MVV1JEwdCbQsMAw9cFQ1CeBRaWAgVDAZHJQoMVlpGRVcQcB9aFQQTSEcFME0FCFwEURNNfXRZD0AjREZWLE1LKUwT&q={searchTerms}
SearchScopes: HKLM -> {91F51ED2-4C4F-4B0D-9709-9A94D2B70947} URL = hxxp://searchinterneat-a.akamaihd.net/s?eq=U0EeE1xZE1oZB1ZEfV8MVV1JEwdCbQsMAw9cFQ1CeBRaWAgVDAZHJQoMVlpGRVcQcB9aFQQTSEcFME0FCFwEURNNfXRZD0AjREZWLE1LKUwT&q={searchTerms}
SearchScopes: HKU\S-1-5-21-2204550158-3753436120-1288192212-1001 -> DefaultScope {91F51ED2-4C4F-4B0D-9709-9A94D2B70947} URL = hxxp://searchinterneat-a.akamaihd.net/s?eq=U0EeE1xZE1oZB1ZEfV8MVV1JEwdCbQsMAw9cFQ1CeBRaWAgVDAZHJQoMVlpGRVcQcB9aFQQTSEcFME0FCFwEURNNfXRZD0AjREZWLE1LKUwT&q={searchTerms}
SearchScopes: HKU\S-1-5-21-2204550158-3753436120-1288192212-1001 -> OldSearch URL = 
SearchScopes: HKU\S-1-5-21-2204550158-3753436120-1288192212-1001 -> {91F51ED2-4C4F-4B0D-9709-9A94D2B70947} URL = hxxp://searchinterneat-a.akamaihd.net/s?eq=U0EeE1xZE1oZB1ZEfV8MVV1JEwdCbQsMAw9cFQ1CeBRaWAgVDAZHJQoMVlpGRVcQcB9aFQQTSEcFME0FCFwEURNNfXRZD0AjREZWLE1LKUwT&q={searchTerms}
SearchScopes: HKU\S-1-5-21-2204550158-3753436120-1288192212-1001 -> {a62abdee-78a2-4ddb-9355-1c334abd6e43} URL = hxxps://sg.search.yahoo.com/yhs/search?hspart=arh&hsimp=yhs-001&type=xy_5e6f625a&param1=ArFaIWJoNqArQGMVHFFoNqAqBbFaISMmQGR7xTVoN9IAy7IsQGR7B7JoN9JbDSk8vFE9GqQANFdcFCk8NVE4JaYTvmk3vGYWwVI9JaYUNVVdIqYTwVM4JqYWwVI9GqYVNUI3wGYGwVM4J6IYvFM9GqUNNos3wCIYwVA9JmIVwVA9ISITwVI9GqUNNFM3wGQENEVcGCIXwVQ9ImIWwVA9ISILNFdcIaUXNEBcGqQANFdcFCk8NoM4IGYUvmo9JaYYvmo4ISIYwVw9JGYYNVRdISISvFM9ISIVvmo9I6IWNVM4ICoUwVw9J6IXwVU4ICoVNVM4IWYXvFNdISIVvFNbFCILNF9cIqUXNolcEqULNopcGWUIvmFbFaYXNVM4ICIWvFQ4ISoUvFE9I6k4NVJdIqYYwVw4IGYVvmo3vmISNVRdJGYUNVM9I6oUvmpdImoUvFE9J6oXwVRdJmIYNVM9JqQIwV5dJGYNvmE4IHFbMnMbQGMVNGt6MqJaLGt7MrFbMnVoN9I4ATsux81cMo1bME0exnwfyXFbMn0aC6AoxrFaIWVdOqZoNqAexbFaIUwkynIew6NoNpRcNXFbJpseyDF%3D&param2=NGV9MWxaLWtcNd%3D%3D&p={searchTerms}
BHO: Lync Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files (x86)\Microsoft Office\root\VFS\ProgramFilesX64\Microsoft Office\Office16\OCHelper.dll [2018-07-22] (Microsoft Corporation)
BHO: McAfee WebAdvisor -> {B164E929-A1B6-4A06-B104-2CD0E90A88FF} -> c:\Program Files (x86)\McAfee\SiteAdvisor\x64\McIEPlg.dll [2018-07-17] (McAfee, Inc.)
BHO-x32: McAfee WebAdvisor -> {B164E929-A1B6-4A06-B104-2CD0E90A88FF} -> c:\Program Files (x86)\McAfee\SiteAdvisor\McIEPlg.dll [2018-07-17] (McAfee, Inc.)
BHO-x32: Many Results Hub -> {be1a5d83-523d-4a57-bc56-65afe77fd42a} -> C:\Program Files (x86)\Many Results Hub\Extensions\be1a5d83-523d-4a57-bc56-65afe77fd42a.dll => No File
Handler-x32: mso-minsb-roaming.16 - {83C25742-A9F7-49FB-9138-434302C88D07} - C:\Program Files (x86)\Microsoft Office\root\Office16\MSOSB.DLL [2018-06-30] (Microsoft Corporation)
Handler-x32: mso-minsb.16 - {42089D2D-912D-4018-9087-2B87803E93FB} - C:\Program Files (x86)\Microsoft Office\root\Office16\MSOSB.DLL [2018-06-30] (Microsoft Corporation)
Handler-x32: osf-roaming.16 - {42089D2D-912D-4018-9087-2B87803E93FB} - C:\Program Files (x86)\Microsoft Office\root\Office16\MSOSB.DLL [2018-06-30] (Microsoft Corporation)
Handler-x32: osf.16 - {5504BE45-A83B-4808-900A-3A5C36E7F77A} - C:\Program Files (x86)\Microsoft Office\root\Office16\MSOSB.DLL [2018-06-30] (Microsoft Corporation)
Handler: sacore - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\Program Files (x86)\McAfee\SiteAdvisor\x64\McIEPlg.dll [2018-07-17] (McAfee, Inc.)
Handler-x32: sacore - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\Program Files (x86)\McAfee\SiteAdvisor\McIEPlg.dll [2018-07-17] (McAfee, Inc.)
Filter: application/x-mfe-ipt - {3EF5086B-5478-4598-A054-786C45D75692} - c:\Program Files\McAfee\MSC\McSnIePl64.dll [2018-06-15] (McAfee, Inc.)
Filter-x32: application/x-mfe-ipt - {3EF5086B-5478-4598-A054-786C45D75692} - c:\Program Files (x86)\McAfee\MSC\McSnIePl.dll [2018-06-15] (McAfee, Inc.)
 
FireFox:
========
FF HKLM\...\Firefox\Extensions: [{4ED1F68A-5463-4931-9384-8FFF5ED91D92}] - C:\Program Files (x86)\McAfee\SiteAdvisor\e10ssaffplg.xpi
FF Extension: (McAfee® WebAdvisor) - C:\Program Files (x86)\McAfee\SiteAdvisor\e10ssaffplg.xpi [2018-05-15]
FF HKLM-x32\...\Firefox\Extensions: [{C7AE725D-FA5C-4027-BB4C-787EF9F8248A}] - C:\Program Files (x86)\PremierOpinion\firefox
FF Extension: (PremierOpinion) - C:\Program Files (x86)\PremierOpinion\firefox [2015-10-24] [Legacy] [not signed]
FF HKLM-x32\...\Firefox\Extensions: [{4ED1F68A-5463-4931-9384-8FFF5ED91D92}] - C:\Program Files (x86)\McAfee\SiteAdvisor\e10ssaffplg.xpi
FF HKLM-x32\...\Thunderbird\Extensions: [msktbird@mcafee.com] - C:\Program Files\McAfee\MSK
FF Extension: (McAfee Anti-Spam Thunderbird Extension) - C:\Program Files\McAfee\MSK [2018-06-07] [Legacy] [not signed]
FF Plugin: @adobe.com/FlashPlayer -> C:\WINDOWS\system32\Macromed\Flash\NPSWF64_30_0_0_134.dll [2018-07-11] ()
FF Plugin: @mcafee.com/MSC,version=10 -> c:\PROGRA~1\mcafee\msc\NPMCSN~1.DLL [2018-06-15] ()
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\WINDOWS\SysWOW64\Macromed\Flash\NPSWF32_30_0_0_134.dll [2018-07-11] ()
FF Plugin-x32: @Apple.com/iTunes,version=1.0 -> C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll [2011-06-07] ()
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI ipt;version=4.0.56 -> C:\Program Files (x86)\Intel\Intel® Management Engine Components\IPT\npIntelWebAPIIPT.dll [2014-10-11] (Intel Corporation)
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI updater -> C:\Program Files (x86)\Intel\Intel® Management Engine Components\IPT\npIntelWebAPIUpdater.dll [2014-10-11] (Intel Corporation)
FF Plugin-x32: @mcafee.com/MSC,version=10 -> c:\PROGRA~2\mcafee\msc\NPMCSN~1.DLL [2018-06-15] ()
FF Plugin-x32: @mcafee.com/MVT -> C:\Program Files (x86)\McAfee\Supportability\MVT\NPMVTPlugin.dll [2017-11-02] (McAfee LLC)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\Program Files (x86)\Microsoft Office\root\Office16\NPSPWRAP.DLL [2018-03-02] (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=16.4.3528.0331 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll [2014-03-31] (Microsoft Corporation)
FF Plugin-x32: @nvidia.com/3DVision -> C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll [2016-12-29] (NVIDIA Corporation)
FF Plugin-x32: @nvidia.com/3DVisionStreaming -> C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll [2016-12-29] (NVIDIA Corporation)
FF Plugin-x32: @t.garena.com/garenatalk -> C:\Program Files (x86)\Garena Plus\bbtalk\plugins\npPlugin\npGarenaTalkPlugin.dll [No File]
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.33.17\npGoogleUpdate3.dll [2018-05-17] (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.33.17\npGoogleUpdate3.dll [2018-05-17] (Google Inc.)
 
Chrome: 
=======
CHR DefaultProfile: Default
CHR HomePage: Default -> msn.com/?pc=__PARAM__&ocid=__PARAM__DHP&osmkt=en-us
CHR RestoreOnStartup: Default -> "hxxp://searchinterneat-a.akamaihd.net/hm?eq=U0EeCFZVBB8SRghFdA1cWQtDQBgRdFsOTA1JQA0OIgAJBRRCRVAQdA5bVl0TEgUFIk0FA1oDB0VXfV5bFElXTwhuIVdBM1wCVFlXM3FNAw=="
CHR StartupUrls: Default -> "hxxp://google.com/"
CHR NewTab: Default ->  Not-active:"chrome-extension://bkcjncmijlkmlignahmdgbjldkmfiikg/newtab/blank.html"
CHR Profile: C:\Users\arlene.mandia\AppData\Local\Google\Chrome\User Data\Default [2018-08-01]
CHR Extension: (Slides) - C:\Users\arlene.mandia\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2017-10-14]
CHR Extension: (Docs) - C:\Users\arlene.mandia\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2017-10-14]
CHR Extension: (Google Drive) - C:\Users\arlene.mandia\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2015-11-06]
CHR Extension: (Directions.cm) - C:\Users\arlene.mandia\AppData\Local\Google\Chrome\User Data\Default\Extensions\bkcjncmijlkmlignahmdgbjldkmfiikg [2018-06-11]
CHR Extension: (Skype Calling) - C:\Users\arlene.mandia\AppData\Local\Google\Chrome\User Data\Default\Extensions\blakpkgjpemejpbmfiglncklihnhjkij [2016-02-29]
CHR Extension: (YouTube) - C:\Users\arlene.mandia\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2015-11-06]
CHR Extension: (Google Search) - C:\Users\arlene.mandia\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2015-11-06]
CHR Extension: (Sheets) - C:\Users\arlene.mandia\AppData\Local\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2017-10-14]
CHR Extension: (McAfee® WebAdvisor) - C:\Users\arlene.mandia\AppData\Local\Google\Chrome\User Data\Default\Extensions\fheoggkfdfchfphceeifdbepaooicaho [2018-07-07]
CHR Extension: (Many Results Hub) - C:\Users\arlene.mandia\AppData\Local\Google\Chrome\User Data\Default\Extensions\gfeloffoaccpdkflcgmmgeeaklgdhjng [2016-07-03] [UpdateUrl: hxxp://cdn.manyresultshub.com/update] <==== ATTENTION
CHR Extension: (Google Docs Offline) - C:\Users\arlene.mandia\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2016-03-16]
CHR Extension: (ShopBack Cashback Button) - C:\Users\arlene.mandia\AppData\Local\Google\Chrome\User Data\Default\Extensions\hjngckebbndpdeeakdgohmcdnecidcjk [2018-07-21]
CHR Extension: (DinoSearch) - C:\Users\arlene.mandia\AppData\Local\Google\Chrome\User Data\Default\Extensions\iipjiaepdofgecmpedkdhcbbnlnlobme [2015-11-06]
CHR Extension: (Home Tab) - C:\Users\arlene.mandia\AppData\Local\Google\Chrome\User Data\Default\Extensions\kofkpgiaknijknhajbhnghkodiccblkg [2016-05-12]
CHR Extension: (EasyPDFCombine) - C:\Users\arlene.mandia\AppData\Local\Google\Chrome\User Data\Default\Extensions\kpocjpoifmommoiiiamepombpeoaehfh [2018-04-29]
CHR Extension: (PremierOpinion) - C:\Users\arlene.mandia\AppData\Local\Google\Chrome\User Data\Default\Extensions\mkndcbhcgphcfkkddanakjiepeknbgle [2016-06-29]
CHR Extension: (Chrome Web Store Payments) - C:\Users\arlene.mandia\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2018-04-03]
CHR Extension: (Gmail) - C:\Users\arlene.mandia\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2015-11-06]
CHR Extension: (Chrome Media Router) - C:\Users\arlene.mandia\AppData\Local\Google\Chrome\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm [2018-06-17]
CHR Profile: C:\Users\arlene.mandia\AppData\Local\Google\Chrome\User Data\Guest Profile [2018-07-29]
CHR Profile: C:\Users\arlene.mandia\AppData\Local\Google\Chrome\User Data\System Profile [2018-07-29]
CHR HKLM\...\Chrome\Extension: [fheoggkfdfchfphceeifdbepaooicaho] - hxxp://clients2.google.com/service/update2/crx
CHR HKU\S-1-5-21-2204550158-3753436120-1288192212-1001\SOFTWARE\Google\Chrome\Extensions\...\Chrome\Extension: [fcfenmboojpjinhpgggodefccipikbpd] - hxxps://clients2.google.com/service/update2/crx
CHR HKU\S-1-5-21-2204550158-3753436120-1288192212-1001\SOFTWARE\Google\Chrome\Extensions\...\Chrome\Extension: [kofkpgiaknijknhajbhnghkodiccblkg] - hxxps://clients2.google.com/service/update2/crx
CHR HKLM-x32\...\Chrome\Extension: [fheoggkfdfchfphceeifdbepaooicaho] - hxxp://clients2.google.com/service/update2/crx
CHR HKLM-x32\...\Chrome\Extension: [lifbcibllhkdhoafpjfnlhfpfgnpldfl] - hxxps://clients2.google.com/service/update2/crx
CHR HKLM-x32\...\Chrome\Extension: [mkndcbhcgphcfkkddanakjiepeknbgle] - C:\Program Files (x86)\PremierOpinion\pmcm.crx [2015-10-24]
 
==================== Services (Whitelisted) ====================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
R2 ApHidMonitorService; C:\Program Files\Apoint2K\HidMonitorSvc.exe [90440 2015-08-30] (Alps Electric Co., Ltd.)
R2 AVControlCenter; C:\Program Files\Lenovo\Communications Utility\AVControlCenter32.exe [560584 2015-03-23] (Lenovo Corporation)
R2 CCSDK; C:\Program Files (x86)\Lenovo\CCSDK\CCSDK.exe [644080 2014-10-23] ()
R2 ClickToRunSvc; C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exe [8765104 2018-07-13] (Microsoft Corporation)
S3 ClientAnalyticsService; C:\Program Files\Common Files\McAfee\ClientAnalytics\Legacy\McClientAnalytics.exe [1508656 2018-05-03] (McAfee, Inc.)
R2 FastbootService; C:\Program Files\Lenovo\OneKey Optimizer\bin\FbService.exe [191512 2014-11-21] (Lenovo) [File not signed]
R2 GfExperienceService; C:\Program Files\NVIDIA Corporation\GeForce Experience Service\GfExperienceService.exe [1148744 2014-12-13] (NVIDIA Corporation)
R2 HPSupportSolutionsFrameworkService; C:\Program Files (x86)\Hewlett-Packard\HP Support Solutions\HPSupportSolutionsFrameworkService.exe [332656 2018-05-02] (HP Inc.)
R2 IAStorDataMgrSvc; C:\Program Files\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe [18584 2014-10-10] (Intel Corporation)
R2 ibtsiva; C:\WINDOWS\system32\ibtsiva.exe [184064 2017-01-13] (Intel Corporation)
R2 igfxCUIService2.0.0.0; C:\WINDOWS\system32\igfxCUIService.exe [373736 2017-05-02] (Intel Corporation)
R2 ImControllerService; C:\Program Files\Lenovo\ImController\Service\Lenovo.Modern.ImController.exe [71408 2018-05-16] (Lenovo Group Limited)
S3 Intel® Capability Licensing Service TCP IP Interface; C:\Program Files\Intel\iCLS Client\SocketHeciServer.exe [887256 2014-05-14] (Intel® Corporation)
R2 Intel® ME Service; C:\Program Files (x86)\Intel\Intel® Management Engine Components\FWService\IntelMeFWService.exe [132896 2014-10-11] (Intel Corporation)
S3 iumsvc; C:\Program Files (x86)\Intel\Intel® Update Manager\bin\iumsvc.exe [177376 2016-08-12] (Intel Corporation)
R2 jhi_service; C:\Program Files (x86)\Intel\Intel® Management Engine Components\DAL\jhi_service.exe [158496 2014-10-11] (Intel Corporation)
S3 Lenovo EasyPlus Hotspot; C:\Program Files (x86)\Common Files\lenovo\easyplussdk\bin\EPHotspot64.exe [561408 2014-09-23] (Lenovo)
R2 Lenovo OKO Service; C:\Program Files\Lenovo\OneKey Optimizer\bin\OKOUpdataService.exe [2544408 2014-11-19] (Lenovo(beijing) Limited)
R2 Lenovo Settings Service; C:\Program Files\Lenovo\SettingsDependency\SettingsService.exe [2016040 2015-04-10] (Lenovo Group Limited)
S3 LENOVO.TVTVCAM; C:\Program Files\Lenovo\Communications Utility\vcamsvc.exe [625608 2015-03-23] (Lenovo Corporation)
R2 LenovoPAWDService; C:\Program Files\Lenovo PhoneCompanion\LPAWDService.exe [133440 2015-06-19] ()
R2 LenovoSetSvr; C:\Program Files (x86)\Lenovo\Lenovo Settings\x86\LenovoSetSvr.exe [258544 2014-06-19] (Lenovo(beijing) Limited)
R2 LenovoWiFiHotspotSvr; C:\Windows\System32\LenovoWiFiHotspotSvr.exe [218952 2014-08-26] (Lenovo(beijing) Limited)
R2 McAfee SiteAdvisor Service; C:\Program Files (x86)\McAfee\SiteAdvisor\McSACore.exe [604824 2018-07-17] (McAfee, Inc.)
R2 McAPExe; C:\Program Files\Common Files\McAfee\VSCore_15_8\McApExe.exe [728808 2018-05-16] (McAfee, Inc.)
S3 McComponentHostService; C:\Program Files\McAfee Security Scan\3.11.717\McCHSvc.exe [405392 2018-03-27] (McAfee, Inc.)
R2 mccspsvc; C:\Program Files\Common Files\McAfee\CSP\2.9.175.0\\McCSPServiceHost.exe [2141912 2018-04-06] (McAfee, Inc.)
S3 mfefire; C:\Program Files\Common Files\McAfee\SystemCore\mfefire.exe [359888 2018-02-23] (McAfee, LLC)
R2 mfemms; C:\Program Files\Common Files\McAfee\SystemCore\mfemms.exe [512976 2018-02-23] (McAfee, LLC)
R3 mfevtp; C:\WINDOWS\system32\mfevtps.exe [473040 2018-02-23] (McAfee, LLC)
R2 ModuleCoreService; C:\Program Files\Common Files\McAfee\ModuleCore\ModuleCoreService.exe [1676024 2018-05-01] (McAfee, Inc.)
R2 Net Driver HPZ12; C:\Windows\System32\HPZinw12.dll [71680 2010-08-06] (Hewlett-Packard) [File not signed]
R2 NvNetworkService; C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe [1701704 2014-12-13] (NVIDIA Corporation)
R2 NvStreamSvc; C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe [19823432 2014-12-13] (NVIDIA Corporation)
R2 OKOControlSvc; C:\Program Files\Lenovo\OneKey Optimizer\bin\OKOControlSvc.exe [113944 2014-11-18] (Lenovo(beijing) Limited)
R2 PEFService; C:\Program Files\Common Files\McAfee\PEF\CORE\PEFService.exe [1047448 2018-05-07] (McAfee, Inc.)
R2 PGService; C:\Program Files (x86)\Lenovo\Motion Control\PGService.exe [167176 2014-05-29] (PointGrab LTD)
R2 PG_Service_Launcher; C:\Program Files (x86)\Lenovo\Motion Control\PG_Service_Launcher.exe [524552 2014-05-29] (PointGrab LTD)
R2 PhoneCompanionPusher; C:\Program Files\Lenovo PhoneCompanion\PhoneCompanionPusher.exe [321520 2015-06-19] (Lenovo)
S3 PhoneCompanionVap; C:\Program Files\Lenovo PhoneCompanion\PhoneCompanionVap.exe [338416 2015-06-19] (Lenovo)
S2 Pml Driver HPZ12; C:\Windows\System32\HPZipm12.dll [89600 2010-08-06] (Hewlett-Packard) [File not signed]
R2 RichVideo64; C:\Program Files\CyberLink\Shared files\RichVideo64.exe [390632 2012-04-24] ()
S4 ssh-agent; C:\WINDOWS\System32\OpenSSH\ssh-agent.exe [495616 2018-03-11] ()
R2 TrueKey; C:\Program Files\TrueKey\McAfee.TrueKey.Service.exe [1000824 2018-05-14] (McAfee, LLC.)
R2 TrueKeyScheduler; C:\Program Files\TrueKey\McTkSchedulerService.exe [16928 2018-05-14] (McAfee, LLC.)
S3 TrueKeyServiceHelper; C:\Program Files\TrueKey\McAfee.TrueKey.ServiceHelper.exe [87760 2018-05-14] (McAfee, Inc.)
S3 WdNisSvc; C:\Program Files\Windows Defender\NisSrv.exe [4451616 2018-04-12] (Microsoft Corporation)
R2 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [105344 2018-04-12] (Microsoft Corporation)
S3 wpscloudsvr; C:\Program Files (x86)\Kingsoft\Kingsoft Office\wpscloudsvr.exe [221864 2018-07-10] (Zhuhai Kingsoft Office Software Co.,Ltd)
R2 ymc; C:\ProgramData\LenovoTransition\Server\x64\ymc.exe [30464 2015-01-16] (Lenovo)
R2 NVDisplay.ContainerLocalSystem; "C:\Program Files\NVIDIA Corporation\Display.NvContainer\NVDisplay.Container.exe" -s NVDisplay.ContainerLocalSystem -f "C:\ProgramData\NVIDIA\NVDisplay.ContainerLocalSystem.log" -l 3 -d "C:\Program Files\NVIDIA Corporation\Display.NvContainer\plugins\LocalSystem"
 
===================== Drivers (Whitelisted) ======================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
R3 cfwids; C:\WINDOWS\System32\drivers\cfwids.sys [77216 2018-02-28] (McAfee, LLC)
S3 dg_ssudbus; C:\WINDOWS\system32\DRIVERS\ssudbus.sys [130688 2016-07-22] (Samsung Electronics Co., Ltd.)
R0 Fastboot; C:\WINDOWS\System32\DRIVERS\Fastboot.sys [70168 2014-11-21] (Windows ® Win 7 DDK provider) [File not signed]
R3 HipShieldK; C:\WINDOWS\System32\drivers\HipShieldK.sys [226984 2018-05-02] (McAfee, Inc.)
R3 ibtusb; C:\WINDOWS\system32\DRIVERS\ibtusb.sys [231168 2017-01-13] (Intel Corporation)
R3 KMDFVirtualKbd; C:\WINDOWS\System32\drivers\KMDFVirtualKbd.sys [22264 2014-08-05] ()
R3 KMDFVirtualMouse; C:\WINDOWS\System32\drivers\KMDFVirtualMouse.sys [21240 2014-08-05] ()
R3 MEIx64; C:\WINDOWS\system32\DRIVERS\TeeDriverx64.sys [129312 2014-10-11] (Intel Corporation)
R3 mfeaack; C:\WINDOWS\System32\drivers\mfeaack.sys [497568 2018-02-28] (McAfee, LLC)
R3 mfeavfk; C:\WINDOWS\System32\drivers\mfeavfk.sys [360352 2018-02-28] (McAfee, LLC)
U3 mfeavfk01; no ImagePath
S0 mfeelamk; C:\WINDOWS\System32\drivers\mfeelamk.sys [83952 2018-02-28] (McAfee, LLC)
R3 mfefirek; C:\WINDOWS\System32\drivers\mfefirek.sys [529312 2018-02-28] (McAfee, LLC)
R0 mfehidk; C:\WINDOWS\System32\drivers\mfehidk.sys [953248 2018-02-28] (McAfee, LLC)
R3 mfencbdc; C:\WINDOWS\System32\DRIVERS\mfencbdc.sys [543624 2018-04-30] (McAfee LLC.)
S3 mfencrk; C:\WINDOWS\System32\DRIVERS\mfencrk.sys [108432 2018-04-30] (McAfee LLC.)
R3 mfeplk; C:\WINDOWS\System32\drivers\mfeplk.sys [115616 2018-02-28] (McAfee, LLC)
R3 mfesapsn; C:\Program Files (x86)\McAfee\SiteAdvisor\x64\mfesapsn.sys [111608 2017-02-14] (McAfee, Inc.)
R0 mfewfpk; C:\WINDOWS\System32\drivers\mfewfpk.sys [252832 2018-02-28] (McAfee, LLC)
S3 MFE_RR; C:\Users\ARLENE~1.MAN\AppData\Local\Temp\mfe_rr.sys [24120 2018-07-29] (McAfee, Inc.) <==== ATTENTION
S3 Microsoft_Bluetooth_AvrcpTransport; C:\WINDOWS\system32\DRIVERS\Microsoft.Bluetooth.AvrcpTransport.sys [46592 2018-04-12] (Microsoft Corporation)
R3 NETwNb64; C:\WINDOWS\System32\drivers\Netwbw02.sys [3485696 2018-04-12] (Intel Corporation)
R3 nvlddmkm; C:\WINDOWS\System32\DriverStore\FileRepository\nvltwu.inf_amd64_dc8ffafad3ea7ddd\nvlddmkm.sys [14190520 2017-01-17] (NVIDIA Corporation)
R3 NvStreamKms; C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamKms.sys [19784 2014-12-13] (NVIDIA Corporation)
R3 nvvad_WaveExtensible; C:\WINDOWS\system32\drivers\nvvad64v.sys [38032 2014-11-22] (NVIDIA Corporation)
R3 rt640x64; C:\WINDOWS\System32\drivers\rt640x64.sys [886528 2015-07-22] (Realtek )
R3 rtsuvc; C:\WINDOWS\system32\DRIVERS\rtsuvc.sys [3057920 2015-06-02] (Realtek Semiconductor Corp.)
S3 ssudmdm; C:\WINDOWS\system32\DRIVERS\ssudmdm.sys [164992 2016-07-22] (Samsung Electronics Co., Ltd.)
S0 WdBoot; C:\WINDOWS\System32\drivers\WdBoot.sys [44616 2018-04-12] (Microsoft Corporation)
R0 WdFilter; C:\WINDOWS\System32\drivers\WdFilter.sys [331680 2018-04-12] (Microsoft Corporation)
S3 WdNisDrv; C:\WINDOWS\System32\Drivers\WdNisDrv.sys [44032 2018-04-12] (Microsoft Corporation)
S3 wsvd; C:\WINDOWS\system32\DRIVERS\wsvd.sys [102376 2012-06-13] ("CyberLink)
 
==================== NetSvcs (Whitelisted) ===================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
 
==================== Three Months Created files and folders ========
 
(If an entry is included in the fixlist, the file/folder will be moved.)
 
2018-08-01 10:30 - 2018-08-01 10:32 - 000068167 _____ C:\Users\arlene.mandia\Downloads\Addition.txt
2018-08-01 10:28 - 2018-08-01 10:33 - 000038500 _____ C:\Users\arlene.mandia\Downloads\FRST.txt
2018-08-01 10:27 - 2018-08-01 10:32 - 000000000 ____D C:\FRST
2018-08-01 10:26 - 2018-08-01 10:26 - 002412544 _____ (Farbar) C:\Users\arlene.mandia\Downloads\FRST64.exe
2018-08-01 09:28 - 2018-08-01 09:30 - 060074328 _____ (Discord Inc.) C:\Users\arlene.mandia\Downloads\DiscordSetup.exe
2018-08-01 08:57 - 2018-08-01 08:58 - 000001624 _____ C:\Users\arlene.mandia\Desktop\Rkill.txt
2018-08-01 08:57 - 2018-08-01 08:57 - 000988112 _____ (Bleeping Computer, LLC) C:\Users\arlene.mandia\Downloads\iExplore64.exe
2018-08-01 08:56 - 2018-08-01 08:57 - 001802704 _____ (Bleeping Computer, LLC) C:\Users\arlene.mandia\Downloads\iExplore.exe
2018-08-01 08:53 - 2018-08-01 08:53 - 001802704 _____ (Bleeping Computer, LLC) C:\Users\arlene.mandia\Downloads\rkill.exe
2018-07-29 12:54 - 2018-07-29 12:54 - 003093216 _____ (Mcafee) C:\Users\arlene.mandia\Downloads\setup_mfedecrypt_x64.exe
2018-07-29 11:57 - 2018-07-29 11:57 - 001556322 _____ C:\Users\arlene.mandia\Downloads\gsusp_E5D569BF6E0F_072918_115739.zip
2018-07-29 11:55 - 2018-07-29 11:57 - 000001092 _____ C:\Users\arlene.mandia\Downloads\GetSusp.xml
2018-07-29 11:53 - 2018-07-29 12:39 - 000000084 ___RH C:\Users\arlene.mandia\Downloads\GetSusp.opt
2018-07-29 11:52 - 2018-07-29 11:52 - 002847640 _____ (McAfee LLC.) C:\Users\arlene.mandia\Downloads\getsusp64 (1).exe
2018-07-29 11:20 - 2018-07-29 11:20 - 000784152 _____ (McAfee, Inc.) C:\Users\arlene.mandia\Downloads\rootkitremover.exe
2018-07-29 10:55 - 2018-07-29 10:55 - 003036095 _____ C:\Users\arlene.mandia\Downloads\gsusp_3387F26D88F4_072918_105551.zip
2018-07-29 10:51 - 2018-07-29 10:51 - 002847640 _____ (McAfee LLC.) C:\Users\arlene.mandia\Downloads\getsusp64.exe
2018-07-29 10:42 - 2018-07-29 10:42 - 000000130 ___RH C:\Users\arlene.mandia\Downloads\Stinger.opt
2018-07-29 10:37 - 2018-07-29 10:42 - 000000812 _____ C:\Users\arlene.mandia\Downloads\Stinger_29072018_103706.html
2018-07-29 10:36 - 2018-07-29 10:42 - 000000000 ____D C:\Program Files\stinger
2018-07-29 10:36 - 2018-07-29 10:36 - 016769432 _____ (McAfee LLC) C:\Users\arlene.mandia\Downloads\stinger64 (1).exe
2018-07-29 10:35 - 2018-07-29 10:35 - 016769432 _____ (McAfee LLC) C:\Users\arlene.mandia\Downloads\stinger64.exe
2018-07-28 21:32 - 2018-07-28 21:32 - 000000000 ___HD C:\Users\arlene.mandia\MicrosoftEdgeBackups
2018-07-26 21:24 - 2018-07-26 21:24 - 000000000 ____D C:\Users\Public\Documents\Display
2018-07-26 20:29 - 2018-07-26 20:29 - 000000000 ____H C:\WINDOWS\system32\Drivers\Msft_Kernel_ldiagio_01009.Wdf
2018-07-22 00:01 - 2018-07-22 00:01 - 000002446 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\OneNote 2016.lnk
2018-07-22 00:01 - 2018-07-22 00:01 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Office Tools
2018-07-21 23:59 - 2018-07-22 00:03 - 091418880 _____ (Viber Media Inc.) C:\Users\arlene.mandia\Downloads\ViberSetup (7).exe
2018-07-21 23:56 - 2018-07-22 01:50 - 000000000 ____D C:\Users\arlene.mandia\AppData\Roaming\ViberPC
2018-07-21 23:56 - 2018-07-22 01:46 - 000000000 ____D C:\Users\arlene.mandia\AppData\Local\Viber
2018-07-21 23:56 - 2018-07-21 23:56 - 000001096 _____ C:\Users\arlene.mandia\AppData\Roaming\Microsoft\Windows\Start Menu\Viber.lnk
2018-07-21 23:56 - 2018-07-21 23:56 - 000001094 _____ C:\Users\arlene.mandia\Desktop\Viber.lnk
2018-07-21 23:56 - 2018-07-21 23:56 - 000000000 ____D C:\Users\arlene.mandia\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Viber
2018-07-21 23:55 - 2018-07-21 23:55 - 000000000 ____D C:\Users\arlene.mandia\AppData\Local\Package Cache
2018-07-21 23:54 - 2018-07-21 23:54 - 000027843 _____ C:\Users\arlene.mandia\Downloads\ViberSetup (6).exe
2018-07-21 23:51 - 2018-07-21 23:55 - 091418880 _____ (Viber Media Inc.) C:\Users\arlene.mandia\Downloads\ViberSetup (4).exe
2018-07-21 23:31 - 2018-07-21 23:31 - 000000000 ____D C:\Users\arlene.mandia\AppData\LocalLow\Lenovo
2018-07-21 12:41 - 2018-07-21 12:41 - 000000639 _____ C:\Users\arlene.mandia\Downloads\pnwe_vs_white_entwine_2018-07-21.pgn
2018-07-12 13:37 - 2018-07-12 13:38 - 000699567 _____ C:\Users\arlene.mandia\Downloads\Nala's pic.pptx
2018-07-11 15:21 - 2018-07-11 15:21 - 000002306 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Earth Pro.lnk
2018-07-11 15:21 - 2018-07-11 15:21 - 000002294 _____ C:\Users\Public\Desktop\Google Earth Pro.lnk
2018-07-10 02:41 - 2018-07-10 02:41 - 000003798 _____ C:\WINDOWS\System32\Tasks\WpsUpdateTask_arlene.mandia
2018-07-10 00:06 - 2018-07-10 00:06 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\WPS Office
2018-07-09 20:56 - 2018-06-09 03:02 - 004527680 _____ (Microsoft Corporation) C:\WINDOWS\system32\sppsvc.exe
2018-07-09 20:56 - 2018-06-08 17:29 - 007520000 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Media.Protection.PlayReady.dll
2018-07-09 20:56 - 2018-06-08 17:13 - 025846784 _____ (Microsoft Corporation) C:\WINDOWS\system32\edgehtml.dll
2018-07-09 20:56 - 2018-06-08 17:09 - 006569960 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Media.Protection.PlayReady.dll
2018-07-09 20:56 - 2018-06-08 17:02 - 022713856 _____ (Microsoft Corporation) C:\WINDOWS\system32\mshtml.dll
2018-07-09 20:56 - 2018-05-21 00:59 - 023862784 _____ (Microsoft Corporation) C:\WINDOWS\system32\Hydrogen.dll
2018-07-09 20:56 - 2018-05-20 19:34 - 016592384 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.UI.Xaml.dll
2018-07-09 20:55 - 2018-06-09 03:07 - 000506184 _____ (Microsoft Corporation) C:\WINDOWS\system32\systemreset.exe
2018-07-09 20:55 - 2018-06-09 03:02 - 001634808 _____ (Microsoft Corporation) C:\WINDOWS\system32\gdi32full.dll
2018-07-09 20:55 - 2018-06-09 03:01 - 002395056 _____ (Microsoft Corporation) C:\WINDOWS\system32\WMVCORE.DLL
2018-07-09 20:55 - 2018-06-09 03:01 - 001046944 _____ (Microsoft Corporation) C:\WINDOWS\system32\ReAgent.dll
2018-07-09 20:55 - 2018-06-09 02:45 - 012712448 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieframe.dll
2018-07-09 20:55 - 2018-06-09 02:45 - 004392448 _____ (Microsoft Corporation) C:\WINDOWS\system32\SettingsHandlers_nt.dll
2018-07-09 20:55 - 2018-06-09 02:44 - 001121792 _____ (Microsoft Corporation) C:\WINDOWS\system32\TSWorkspace.dll
2018-07-09 20:55 - 2018-06-09 02:44 - 000340992 _____ (Microsoft Corporation) C:\WINDOWS\system32\AcGenral.dll
2018-07-09 20:55 - 2018-06-09 02:43 - 002922496 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.UI.Logon.dll
2018-07-09 20:55 - 2018-06-09 02:43 - 001719808 _____ (Microsoft Corporation) C:\WINDOWS\system32\dui70.dll
2018-07-09 20:55 - 2018-06-09 02:43 - 001659904 _____ (Microsoft Corporation) C:\WINDOWS\system32\XpsPrint.dll
2018-07-09 20:55 - 2018-06-09 02:43 - 001543680 _____ (Microsoft Corporation) C:\WINDOWS\system32\msdtctm.dll
2018-07-09 20:55 - 2018-06-09 02:43 - 001364992 _____ (Microsoft Corporation) C:\WINDOWS\system32\bcastdvruserservice.dll
2018-07-09 20:55 - 2018-06-09 02:42 - 003999232 _____ (Microsoft Corporation) C:\WINDOWS\system32\UIRibbon.dll
2018-07-09 20:55 - 2018-06-09 02:42 - 003653120 _____ (Microsoft Corporation) C:\WINDOWS\system32\win32kfull.sys
2018-07-09 20:55 - 2018-06-09 02:41 - 000878080 _____ (Microsoft Corporation) C:\WINDOWS\system32\CPFilters.dll
2018-07-09 20:55 - 2018-06-09 02:41 - 000577024 _____ (Microsoft Corporation) C:\WINDOWS\system32\SppExtComObj.Exe
2018-07-09 20:55 - 2018-06-09 01:04 - 001454024 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\gdi32full.dll
2018-07-09 20:55 - 2018-06-09 00:58 - 002206544 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\WMVCORE.DLL
2018-07-09 20:55 - 2018-06-09 00:58 - 000917408 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ReAgent.dll
2018-07-09 20:55 - 2018-06-09 00:51 - 011903488 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ieframe.dll
2018-07-09 20:55 - 2018-06-09 00:47 - 003492864 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\UIRibbon.dll
2018-07-09 20:55 - 2018-06-09 00:47 - 002895872 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\win32kfull.sys
2018-07-09 20:55 - 2018-06-09 00:47 - 001462784 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dui70.dll
2018-07-09 20:55 - 2018-06-09 00:47 - 000703488 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\CPFilters.dll
2018-07-09 20:55 - 2018-06-09 00:45 - 002401280 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\AcGenral.dll
2018-07-09 20:55 - 2018-06-09 00:06 - 000976384 _____ (Microsoft Corporation) C:\WINDOWS\system32\Spectrum.exe
2018-07-09 20:55 - 2018-06-09 00:05 - 000944640 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Mirage.Internal.dll
2018-07-09 20:55 - 2018-06-08 18:38 - 005821544 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\d3d10warp.dll
2018-07-09 20:55 - 2018-06-08 18:37 - 002417840 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\d3d11.dll
2018-07-09 20:55 - 2018-06-08 18:35 - 001613200 _____ (Microsoft Corporation) C:\WINDOWS\system32\D3D12.dll
2018-07-09 20:55 - 2018-06-08 18:35 - 000613144 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dxgi.dll
2018-07-09 20:55 - 2018-06-08 18:34 - 001299056 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\D3D12.dll
2018-07-09 20:55 - 2018-06-08 18:34 - 000748512 _____ (Microsoft Corporation) C:\WINDOWS\system32\dxgi.dll
2018-07-09 20:55 - 2018-06-08 18:31 - 007900984 _____ (Microsoft Corporation) C:\WINDOWS\system32\d3d10warp.dll
2018-07-09 20:55 - 2018-06-08 18:31 - 003180176 _____ (Microsoft Corporation) C:\WINDOWS\system32\d3d11.dll
2018-07-09 20:55 - 2018-06-08 17:34 - 001140576 _____ (Microsoft Corporation) C:\WINDOWS\system32\winresume.efi
2018-07-09 20:55 - 2018-06-08 17:34 - 000983016 _____ (Microsoft Corporation) C:\WINDOWS\system32\winresume.exe
2018-07-09 20:55 - 2018-06-08 17:33 - 001034632 _____ (Microsoft Corporation) C:\WINDOWS\system32\ApplyTrustOffline.exe
2018-07-09 20:55 - 2018-06-08 17:31 - 001174432 _____ (Microsoft Corporation) C:\WINDOWS\system32\hvix64.exe
2018-07-09 20:55 - 2018-06-08 17:31 - 001012640 _____ (Microsoft Corporation) C:\WINDOWS\system32\hvax64.exe
2018-07-09 20:55 - 2018-06-08 17:30 - 009148320 _____ (Microsoft Corporation) C:\WINDOWS\system32\ntoskrnl.exe
2018-07-09 20:55 - 2018-06-08 17:30 - 003296896 _____ (Microsoft Corporation) C:\WINDOWS\system32\combase.dll
2018-07-09 20:55 - 2018-06-08 17:30 - 001798552 _____ (Microsoft Corporation) C:\WINDOWS\system32\twinapi.appcore.dll
2018-07-09 20:55 - 2018-06-08 17:30 - 001363632 _____ (Microsoft Corporation) C:\WINDOWS\system32\WinTypes.dll
2018-07-09 20:55 - 2018-06-08 17:30 - 001017080 _____ (Microsoft Corporation) C:\WINDOWS\system32\msmpeg2adec.dll
2018-07-09 20:55 - 2018-06-08 17:30 - 000722808 _____ (Microsoft Corporation) C:\WINDOWS\system32\ci.dll
2018-07-09 20:55 - 2018-06-08 17:30 - 000567184 _____ (Microsoft Corporation) C:\WINDOWS\system32\tcblaunch.exe
2018-07-09 20:55 - 2018-06-08 17:30 - 000491328 _____ (Microsoft Corporation) C:\WINDOWS\system32\mf.dll
2018-07-09 20:55 - 2018-06-08 17:29 - 006817384 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Media.dll
2018-07-09 20:55 - 2018-06-08 17:29 - 004970360 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.StateRepository.dll
2018-07-09 20:55 - 2018-06-08 17:29 - 004403280 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfcore.dll
2018-07-09 20:55 - 2018-06-08 17:29 - 003283408 _____ (Microsoft Corporation) C:\WINDOWS\system32\CoreUIComponents.dll
2018-07-09 20:55 - 2018-06-08 17:29 - 002836384 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\dxgkrnl.sys
2018-07-09 20:55 - 2018-06-08 17:29 - 002753048 _____ (Microsoft Corporation) C:\WINDOWS\system32\iertutil.dll
2018-07-09 20:55 - 2018-06-08 17:29 - 002570712 _____ (Microsoft Corporation) C:\WINDOWS\system32\KernelBase.dll
2018-07-09 20:55 - 2018-06-08 17:29 - 002564984 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfmp4srcsnk.dll
2018-07-09 20:55 - 2018-06-08 17:29 - 002546592 _____ (Microsoft Corporation) C:\WINDOWS\system32\UpdateAgent.dll
2018-07-09 20:55 - 2018-06-08 17:29 - 002462272 _____ (Microsoft Corporation) C:\WINDOWS\system32\msxml6.dll
2018-07-09 20:55 - 2018-06-08 17:29 - 002422688 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\ntfs.sys
2018-07-09 20:55 - 2018-06-08 17:29 - 002371392 _____ (Microsoft Corporation) C:\WINDOWS\system32\msmpeg2vdec.dll
2018-07-09 20:55 - 2018-06-08 17:29 - 001946328 _____ (Microsoft Corporation) C:\WINDOWS\system32\ntdll.dll
2018-07-09 20:55 - 2018-06-08 17:29 - 001934400 _____ (Microsoft Corporation) C:\WINDOWS\system32\AudioEng.dll
2018-07-09 20:55 - 2018-06-08 17:29 - 001792808 _____ (Microsoft Corporation) C:\WINDOWS\system32\propsys.dll
2018-07-09 20:55 - 2018-06-08 17:29 - 001784584 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfasfsrcsnk.dll
2018-07-09 20:55 - 2018-06-08 17:29 - 001611592 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfnetsrc.dll
2018-07-09 20:55 - 2018-06-08 17:29 - 001457136 _____ (Microsoft Corporation) C:\WINDOWS\system32\winload.efi
2018-07-09 20:55 - 2018-06-08 17:29 - 001364184 _____ (Microsoft Corporation) C:\WINDOWS\system32\webservices.dll
2018-07-09 20:55 - 2018-06-08 17:29 - 001288816 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfmpeg2srcsnk.dll
2018-07-09 20:55 - 2018-06-08 17:29 - 001258288 _____ (Microsoft Corporation) C:\WINDOWS\system32\winload.exe
2018-07-09 20:55 - 2018-06-08 17:29 - 001209800 _____ (Microsoft Corporation) C:\WINDOWS\system32\AudioSes.dll
2018-07-09 20:55 - 2018-06-08 17:29 - 001190152 _____ (Microsoft Corporation) C:\WINDOWS\system32\rpcrt4.dll
2018-07-09 20:55 - 2018-06-08 17:29 - 001150416 _____ (Microsoft Corporation) C:\WINDOWS\system32\MSVP9DEC.dll
2018-07-09 20:55 - 2018-06-08 17:29 - 001148808 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfsvr.dll
2018-07-09 20:55 - 2018-06-08 17:29 - 001112608 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfds.dll
2018-07-09 20:55 - 2018-06-08 17:29 - 001097648 _____ (Microsoft Corporation) C:\WINDOWS\system32\msvproc.dll
2018-07-09 20:55 - 2018-06-08 17:29 - 000678840 _____ (Microsoft Corporation) C:\WINDOWS\system32\SHCore.dll
2018-07-09 20:55 - 2018-06-08 17:29 - 000594128 _____ (Microsoft Corporation) C:\WINDOWS\system32\audiodg.exe
2018-07-09 20:55 - 2018-06-08 17:29 - 000416144 _____ (Microsoft Corporation) C:\WINDOWS\system32\MSAudDecMFT.dll
2018-07-09 20:55 - 2018-06-08 17:29 - 000266656 _____ (Microsoft Corporation) C:\WINDOWS\system32\browserbroker.dll
2018-07-09 20:55 - 2018-06-08 17:29 - 000084288 _____ (Microsoft Corporation) C:\WINDOWS\system32\LanguageOverlayUtil.dll
2018-07-09 20:55 - 2018-06-08 17:12 - 000861616 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msmpeg2adec.dll
2018-07-09 20:55 - 2018-06-08 17:12 - 000786176 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\rpcrt4.dll
2018-07-09 20:55 - 2018-06-08 17:11 - 001461744 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\twinapi.appcore.dll
2018-07-09 20:55 - 2018-06-08 17:11 - 000550616 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mf.dll
2018-07-09 20:55 - 2018-06-08 17:10 - 002479272 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\combase.dll
2018-07-09 20:55 - 2018-06-08 17:10 - 002331584 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msmpeg2vdec.dll
2018-07-09 20:55 - 2018-06-08 17:10 - 002307336 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\WMVDECOD.DLL
2018-07-09 20:55 - 2018-06-08 17:10 - 001988072 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msxml6.dll
2018-07-09 20:55 - 2018-06-08 17:10 - 001011992 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\AudioSes.dll
2018-07-09 20:55 - 2018-06-08 17:10 - 000880152 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\WinTypes.dll
2018-07-09 20:55 - 2018-06-08 17:10 - 000457152 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MSAudDecMFT.dll
2018-07-09 20:55 - 2018-06-08 17:09 - 006527064 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Media.dll
2018-07-09 20:55 - 2018-06-08 17:09 - 004788512 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mfcore.dll
2018-07-09 20:55 - 2018-06-08 17:09 - 004469832 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.StateRepository.dll
2018-07-09 20:55 - 2018-06-08 17:09 - 002535552 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mfmp4srcsnk.dll
2018-07-09 20:55 - 2018-06-08 17:09 - 002486992 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\CoreUIComponents.dll
2018-07-09 20:55 - 2018-06-08 17:09 - 002242216 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\iertutil.dll
2018-07-09 20:55 - 2018-06-08 17:09 - 001980872 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\KernelBase.dll
2018-07-09 20:55 - 2018-06-08 17:09 - 001805776 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\AudioEng.dll
2018-07-09 20:55 - 2018-06-08 17:09 - 001709720 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mfnetsrc.dll
2018-07-09 20:55 - 2018-06-08 17:09 - 001620880 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ntdll.dll
2018-07-09 20:55 - 2018-06-08 17:09 - 001584128 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\propsys.dll
2018-07-09 20:55 - 2018-06-08 17:09 - 001380200 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mfasfsrcsnk.dll
2018-07-09 20:55 - 2018-06-08 17:09 - 001077504 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\webservices.dll
2018-07-09 20:55 - 2018-06-08 17:09 - 001020168 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mfmpeg2srcsnk.dll
2018-07-09 20:55 - 2018-06-08 17:09 - 000988136 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mfsvr.dll
2018-07-09 20:55 - 2018-06-08 17:09 - 000770160 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mfds.dll
2018-07-09 20:55 - 2018-06-08 17:09 - 000553248 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\SHCore.dll
2018-07-09 20:55 - 2018-06-08 17:04 - 004706816 _____ (Microsoft Corporation) C:\WINDOWS\system32\cdp.dll
2018-07-09 20:55 - 2018-06-08 17:03 - 022005760 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\edgehtml.dll
2018-07-09 20:55 - 2018-06-08 17:01 - 004563456 _____ (Microsoft Corporation) C:\WINDOWS\system32\MFMediaEngine.dll
2018-07-09 20:55 - 2018-06-08 17:01 - 002961408 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\cdp.dll
2018-07-09 20:55 - 2018-06-08 17:00 - 019404288 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mshtml.dll
2018-07-09 20:55 - 2018-06-08 17:00 - 004372992 _____ (Microsoft Corporation) C:\WINDOWS\system32\EdgeContent.dll
2018-07-09 20:55 - 2018-06-08 17:00 - 003320320 _____ (Microsoft Corporation) C:\WINDOWS\system32\dwmcore.dll
2018-07-09 20:55 - 2018-06-08 17:00 - 001285120 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.UI.Xaml.Maps.dll
2018-07-09 20:55 - 2018-06-08 17:00 - 000329216 _____ (Microsoft Corporation) C:\WINDOWS\system32\credprovs.dll
2018-07-09 20:55 - 2018-06-08 16:59 - 006032384 _____ (Microsoft Corporation) C:\WINDOWS\system32\d2d1.dll
2018-07-09 20:55 - 2018-06-08 16:59 - 004867072 _____ (Microsoft Corporation) C:\WINDOWS\system32\jscript9.dll
2018-07-09 20:55 - 2018-06-08 16:59 - 003392512 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppXDeploymentServer.dll
2018-07-09 20:55 - 2018-06-08 16:59 - 001767936 _____ (Microsoft Corporation) C:\WINDOWS\system32\audiosrv.dll
2018-07-09 20:55 - 2018-06-08 16:59 - 001318400 _____ (Microsoft Corporation) C:\WINDOWS\system32\ISM.dll
2018-07-09 20:55 - 2018-06-08 16:59 - 000564736 _____ (Microsoft Corporation) C:\WINDOWS\system32\daxexec.dll
2018-07-09 20:55 - 2018-06-08 16:58 - 007581696 _____ (Microsoft Corporation) C:\WINDOWS\system32\Chakra.dll
2018-07-09 20:55 - 2018-06-08 16:58 - 003712512 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\jscript9.dll
2018-07-09 20:55 - 2018-06-08 16:58 - 001676800 _____ (Microsoft Corporation) C:\WINDOWS\system32\CoreShell.dll
2018-07-09 20:55 - 2018-06-08 16:58 - 000898560 _____ (Microsoft Corporation) C:\WINDOWS\system32\WpcWebFilter.dll
2018-07-09 20:55 - 2018-06-08 16:58 - 000894464 _____ (Microsoft Corporation) C:\WINDOWS\system32\webplatstorageserver.dll
2018-07-09 20:55 - 2018-06-08 16:58 - 000813568 _____ (Microsoft Corporation) C:\WINDOWS\system32\EdgeManager.dll
2018-07-09 20:55 - 2018-06-08 16:57 - 003348992 _____ (Microsoft Corporation) C:\WINDOWS\system32\msftedit.dll
2018-07-09 20:55 - 2018-06-08 16:57 - 002172416 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppXDeploymentExtensions.onecore.dll
2018-07-09 20:55 - 2018-06-08 16:57 - 001485312 _____ (Microsoft Corporation) C:\WINDOWS\system32\InstallService.dll
2018-07-09 20:55 - 2018-06-08 16:57 - 000483328 _____ (Microsoft Corporation) C:\WINDOWS\system32\RTMediaFrame.dll
2018-07-09 20:55 - 2018-06-08 16:56 - 005780992 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Chakra.dll
2018-07-09 20:55 - 2018-06-08 16:56 - 005307392 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\d2d1.dll
2018-07-09 20:55 - 2018-06-08 16:56 - 004336128 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MFMediaEngine.dll
2018-07-09 20:55 - 2018-06-08 16:56 - 003293696 _____ (Microsoft Corporation) C:\WINDOWS\system32\esent.dll
2018-07-09 20:55 - 2018-06-08 16:56 - 002902016 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuaueng.dll
2018-07-09 20:55 - 2018-06-08 16:56 - 002900480 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dwmcore.dll
2018-07-09 20:55 - 2018-06-08 16:56 - 002364928 _____ (Microsoft Corporation) C:\WINDOWS\system32\OpcServices.dll
2018-07-09 20:55 - 2018-06-08 16:56 - 001804288 _____ (Microsoft Corporation) C:\WINDOWS\system32\urlmon.dll
2018-07-09 20:55 - 2018-06-08 16:56 - 001550848 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppXDeploymentExtensions.desktop.dll
2018-07-09 20:55 - 2018-06-08 16:56 - 001395200 _____ (Microsoft Corporation) C:\WINDOWS\system32\TokenBroker.dll
2018-07-09 20:55 - 2018-06-08 16:56 - 000916480 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Security.Authentication.Web.Core.dll
2018-07-09 20:55 - 2018-06-08 16:56 - 000908800 _____ (Microsoft Corporation) C:\WINDOWS\system32\MSMPEG2ENC.DLL
2018-07-09 20:55 - 2018-06-08 16:56 - 000858112 _____ (Microsoft Corporation) C:\WINDOWS\system32\FlightSettings.dll
2018-07-09 20:55 - 2018-06-08 16:56 - 000684544 _____ (Microsoft Corporation) C:\WINDOWS\system32\AudioEndpointBuilder.dll
2018-07-09 20:55 - 2018-06-08 16:56 - 000389632 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\daxexec.dll
2018-07-09 20:55 - 2018-06-08 16:55 - 003441152 _____ (Microsoft Corporation) C:\WINDOWS\system32\wininet.dll
2018-07-09 20:55 - 2018-06-08 16:55 - 002248192 _____ (Microsoft Corporation) C:\WINDOWS\system32\wlidsvc.dll
2018-07-09 20:55 - 2018-06-08 16:55 - 002236928 _____ (Microsoft Corporation) C:\WINDOWS\system32\win32kbase.sys
2018-07-09 20:55 - 2018-06-08 16:55 - 002061824 _____ (Microsoft Corporation) C:\WINDOWS\system32\UIAutomationCore.dll
2018-07-09 20:55 - 2018-06-08 16:55 - 001854976 _____ (Microsoft Corporation) C:\WINDOWS\system32\wevtsvc.dll
2018-07-09 20:55 - 2018-06-08 16:55 - 001371648 _____ (Microsoft Corporation) C:\WINDOWS\system32\usocore.dll
2018-07-09 20:55 - 2018-06-08 16:55 - 001192448 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.UI.Xaml.Maps.dll
2018-07-09 20:55 - 2018-06-08 16:55 - 001171968 _____ (Microsoft Corporation) C:\WINDOWS\system32\SettingSyncCore.dll
2018-07-09 20:55 - 2018-06-08 16:55 - 001160192 _____ (Microsoft Corporation) C:\WINDOWS\system32\rpcss.dll
2018-07-09 20:55 - 2018-06-08 16:55 - 001070080 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Media.Streaming.dll
2018-07-09 20:55 - 2018-06-08 16:55 - 001033728 _____ (Microsoft Corporation) C:\WINDOWS\system32\modernexecserver.dll
2018-07-09 20:55 - 2018-06-08 16:55 - 000776192 _____ (Microsoft Corporation) C:\WINDOWS\system32\jscript.dll
2018-07-09 20:55 - 2018-06-08 16:55 - 000667648 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppReadiness.dll
2018-07-09 20:55 - 2018-06-08 16:55 - 000652800 _____ (Microsoft Corporation) C:\WINDOWS\system32\ActivationManager.dll
2018-07-09 20:55 - 2018-06-08 16:54 - 003016192 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wininet.dll
2018-07-09 20:55 - 2018-06-08 16:54 - 002789376 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msftedit.dll
2018-07-09 20:55 - 2018-06-08 16:54 - 001627136 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\urlmon.dll
2018-07-09 20:55 - 2018-06-08 16:54 - 001586176 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieapfltr.dll
2018-07-09 20:55 - 2018-06-08 16:54 - 001128448 _____ (Microsoft Corporation) C:\WINDOWS\system32\MbaeApiPublic.dll
2018-07-09 20:55 - 2018-06-08 16:54 - 000999936 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\TokenBroker.dll
2018-07-09 20:55 - 2018-06-08 16:54 - 000950272 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\SettingSyncCore.dll
2018-07-09 20:55 - 2018-06-08 16:54 - 000505344 _____ (Microsoft Corporation) C:\WINDOWS\system32\edgeIso.dll
2018-07-09 20:55 - 2018-06-08 16:53 - 001675264 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\UIAutomationCore.dll
2018-07-09 20:55 - 2018-06-08 16:53 - 001108992 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\InstallService.dll
2018-07-09 20:55 - 2018-06-08 16:53 - 000669696 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\jscript.dll
2018-07-09 20:55 - 2018-06-07 02:57 - 003733320 _____ C:\WINDOWS\system32\Windows.Mirage.dll
2018-07-09 20:55 - 2018-06-06 12:20 - 002841312 _____ C:\WINDOWS\SysWOW64\Windows.Mirage.dll
2018-07-09 20:55 - 2018-05-21 03:45 - 000308408 _____ (Microsoft Corporation) C:\WINDOWS\system32\acmigration.dll
2018-07-09 20:55 - 2018-05-21 03:43 - 021389360 _____ (Microsoft Corporation) C:\WINDOWS\system32\shell32.dll
2018-07-09 20:55 - 2018-05-21 03:42 - 001649760 _____ (Microsoft Corporation) C:\WINDOWS\system32\d3d9.dll
2018-07-09 20:55 - 2018-05-21 03:42 - 000759192 _____ (Microsoft Corporation) C:\WINDOWS\system32\LicensingWinRT.dll
2018-07-09 20:55 - 2018-05-21 03:23 - 000947712 _____ (Microsoft Corporation) C:\WINDOWS\system32\mmsys.cpl
2018-07-09 20:55 - 2018-05-21 03:23 - 000899072 _____ (Microsoft Corporation) C:\WINDOWS\system32\uDWM.dll
2018-07-09 20:55 - 2018-05-21 03:22 - 001665024 _____ (Microsoft Corporation) C:\WINDOWS\system32\comsvcs.dll
2018-07-09 20:55 - 2018-05-21 03:22 - 000804352 _____ (Microsoft Corporation) C:\WINDOWS\system32\SndVolSSO.dll
2018-07-09 20:55 - 2018-05-21 02:14 - 020383712 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\shell32.dll
2018-07-09 20:55 - 2018-05-21 02:14 - 001490144 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\d3d9.dll
2018-07-09 20:55 - 2018-05-21 02:00 - 000864768 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mmsys.cpl
2018-07-09 20:55 - 2018-05-21 01:59 - 000747520 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\SndVolSSO.dll
2018-07-09 20:55 - 2018-05-21 00:45 - 001271296 _____ (Microsoft Corporation) C:\WINDOWS\system32\HoloSI.PCShell.dll
2018-07-09 20:55 - 2018-05-21 00:35 - 000677376 _____ (Microsoft Corporation) C:\WINDOWS\system32\HeadTrackerStorage.dll
2018-07-09 20:55 - 2018-05-20 19:53 - 002178136 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.ApplicationModel.Store.dll
2018-07-09 20:55 - 2018-05-20 19:53 - 001017088 _____ (Microsoft Corporation) C:\WINDOWS\system32\DolbyDecMFT.dll
2018-07-09 20:55 - 2018-05-20 19:53 - 001012408 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfreadwrite.dll
2018-07-09 20:55 - 2018-05-20 19:53 - 000088472 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\crashdmp.sys
2018-07-09 20:55 - 2018-05-20 19:52 - 007436632 _____ (Microsoft Corporation) C:\WINDOWS\system32\windows.storage.dll
2018-07-09 20:55 - 2018-05-20 19:52 - 000735560 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppXDeploymentClient.dll
2018-07-09 20:55 - 2018-05-20 19:52 - 000347704 _____ (Microsoft Corporation) C:\WINDOWS\system32\wintrust.dll
2018-07-09 20:55 - 2018-05-20 19:34 - 000861096 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\DolbyDecMFT.dll
2018-07-09 20:55 - 2018-05-20 19:33 - 001665920 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.ApplicationModel.Store.dll
2018-07-09 20:55 - 2018-05-20 19:32 - 006044104 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\windows.storage.dll
2018-07-09 20:55 - 2018-05-20 19:32 - 001034096 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mfreadwrite.dll
2018-07-09 20:55 - 2018-05-20 19:32 - 000560488 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\AppXDeploymentClient.dll
2018-07-09 20:55 - 2018-05-20 19:32 - 000286200 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wintrust.dll
2018-07-09 20:55 - 2018-05-20 19:31 - 001456640 _____ (Microsoft Corporation) C:\WINDOWS\system32\WpcDesktopMonSvc.dll
2018-07-09 20:55 - 2018-05-20 19:30 - 008188928 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Data.Pdf.dll
2018-07-09 20:55 - 2018-05-20 19:28 - 000111616 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppHostRegistrationVerifier.exe
2018-07-09 20:55 - 2018-05-20 19:26 - 003392512 _____ (Microsoft Corporation) C:\WINDOWS\system32\tquery.dll
2018-07-09 20:55 - 2018-05-20 19:26 - 001307648 _____ (Microsoft Corporation) C:\WINDOWS\system32\MSVPXENC.dll
2018-07-09 20:55 - 2018-05-20 19:26 - 000356352 _____ (Microsoft Corporation) C:\WINDOWS\system32\dafWfdProvider.dll
2018-07-09 20:55 - 2018-05-20 19:26 - 000266752 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\srvnet.sys
2018-07-09 20:55 - 2018-05-20 19:26 - 000236032 _____ (Microsoft Corporation) C:\WINDOWS\system32\wevtutil.exe
2018-07-09 20:55 - 2018-05-20 19:26 - 000098816 _____ (Microsoft Corporation) C:\WINDOWS\system32\TelephonyInteractiveUser.dll
2018-07-09 20:55 - 2018-05-20 19:24 - 000625152 _____ (Microsoft Corporation) C:\WINDOWS\system32\PsmServiceExtHost.dll
2018-07-09 20:55 - 2018-05-20 19:24 - 000234496 _____ (Microsoft Corporation) C:\WINDOWS\system32\DolbyMATEnc.dll
2018-07-09 20:55 - 2018-05-20 19:23 - 013873152 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.UI.Xaml.dll
2018-07-09 20:55 - 2018-05-20 19:23 - 002366976 _____ (Microsoft Corporation) C:\WINDOWS\system32\WebRuntimeManager.dll
2018-07-09 20:55 - 2018-05-20 19:23 - 000933376 _____ (Microsoft Corporation) C:\WINDOWS\system32\rasapi32.dll
2018-07-09 20:55 - 2018-05-20 19:23 - 000847360 _____ (Microsoft Corporation) C:\WINDOWS\system32\bisrv.dll
2018-07-09 20:55 - 2018-05-20 19:21 - 001303040 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Networking.Vpn.dll
2018-07-09 20:55 - 2018-05-20 19:21 - 001210880 _____ (Microsoft Corporation) C:\WINDOWS\system32\wpnapps.dll
2018-07-09 20:55 - 2018-05-20 19:21 - 000960512 _____ (Microsoft Corporation) C:\WINDOWS\system32\StorSvc.dll
2018-07-09 20:55 - 2018-05-20 19:21 - 000783360 _____ (Microsoft Corporation) C:\WINDOWS\system32\DolbyHrtfEnc.dll
2018-07-09 20:55 - 2018-05-20 19:17 - 002699776 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\tquery.dll
2018-07-09 20:55 - 2018-05-20 19:16 - 006661120 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Data.Pdf.dll
2018-07-09 20:55 - 2018-05-20 19:14 - 001295360 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MSVPXENC.dll
2018-07-09 20:55 - 2018-05-20 19:11 - 001005568 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wpnapps.dll
2018-07-09 20:54 - 2018-06-09 03:05 - 000094112 _____ (Microsoft Corporation) C:\WINDOWS\system32\rdpudd.dll
2018-07-09 20:54 - 2018-06-09 03:02 - 000661160 _____ (Microsoft Corporation) C:\WINDOWS\system32\GenValObj.exe
2018-07-09 20:54 - 2018-06-09 02:48 - 000064000 _____ (Microsoft Corporation) C:\WINDOWS\system32\iemigplugin.dll
2018-07-09 20:54 - 2018-06-09 02:47 - 000144384 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\mrxdav.sys
2018-07-09 20:54 - 2018-06-09 02:46 - 000584192 _____ (Microsoft Corporation) C:\WINDOWS\system32\UIRibbonRes.dll
2018-07-09 20:54 - 2018-06-09 02:45 - 001560576 _____ (Microsoft Corporation) C:\WINDOWS\system32\msdt.exe
2018-07-09 20:54 - 2018-06-09 02:45 - 000808960 _____ C:\WINDOWS\system32\MBR2GPT.EXE
2018-07-09 20:54 - 2018-06-09 02:44 - 000625152 _____ (Microsoft Corporation) C:\WINDOWS\system32\BootMenuUX.dll
2018-07-09 20:54 - 2018-06-09 02:44 - 000285184 _____ (Microsoft Corporation) C:\WINDOWS\system32\wlidcredprov.dll
2018-07-09 20:54 - 2018-06-09 02:43 - 003640832 _____ (Microsoft Corporation) C:\WINDOWS\system32\mstsc.exe
2018-07-09 20:54 - 2018-06-09 02:43 - 000392192 _____ (Microsoft Corporation) C:\WINDOWS\system32\iedkcs32.dll
2018-07-09 20:54 - 2018-06-09 02:42 - 002084864 _____ (Microsoft Corporation) C:\WINDOWS\system32\inetcpl.cpl
2018-07-09 20:54 - 2018-06-09 02:42 - 001605632 _____ (Microsoft Corporation) C:\WINDOWS\system32\rdpcorets.dll
2018-07-09 20:54 - 2018-06-09 02:42 - 000503296 _____ (Microsoft Corporation) C:\WINDOWS\system32\sppcext.dll
2018-07-09 20:54 - 2018-06-09 02:41 - 002019840 _____ (Microsoft Corporation) C:\WINDOWS\system32\ResetEngine.dll
2018-07-09 20:54 - 2018-06-09 02:41 - 001180672 _____ (Microsoft Corporation) C:\WINDOWS\system32\reseteng.dll
2018-07-09 20:54 - 2018-06-09 02:41 - 000758272 _____ (Microsoft Corporation) C:\WINDOWS\system32\msfeeds.dll
2018-07-09 20:54 - 2018-06-09 02:41 - 000182272 _____ (Microsoft Corporation) C:\WINDOWS\system32\easwrt.dll
2018-07-09 20:54 - 2018-06-09 02:40 - 000465920 _____ (Microsoft Corporation) C:\WINDOWS\system32\DXP.dll
2018-07-09 20:54 - 2018-06-09 00:50 - 001508352 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msdt.exe
2018-07-09 20:54 - 2018-06-09 00:48 - 000668672 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msfeeds.dll
2018-07-09 20:54 - 2018-06-09 00:48 - 000344064 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\iedkcs32.dll
2018-07-09 20:54 - 2018-06-09 00:47 - 001032704 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\XpsPrint.dll
2018-07-09 20:54 - 2018-06-09 00:47 - 000231936 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wlidcredprov.dll
2018-07-09 20:54 - 2018-06-09 00:46 - 003444224 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mstsc.exe
2018-07-09 20:54 - 2018-06-09 00:46 - 002016256 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\inetcpl.cpl
2018-07-09 20:54 - 2018-06-09 00:46 - 000908288 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\TSWorkspace.dll
2018-07-09 20:54 - 2018-06-09 00:05 - 001008640 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Media.MixedRealityCapture.dll
2018-07-09 20:54 - 2018-06-08 22:00 - 000868864 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Media.MixedRealityCapture.dll
2018-07-09 20:54 - 2018-06-08 22:00 - 000658432 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Mirage.Internal.dll
2018-07-09 20:54 - 2018-06-08 18:31 - 000029600 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\uefi.sys
2018-07-09 20:54 - 2018-06-08 18:30 - 000705440 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\vhdmp.sys
2018-07-09 20:54 - 2018-06-08 17:33 - 001213368 _____ (Microsoft Corporation) C:\WINDOWS\system32\ClipUp.exe
2018-07-09 20:54 - 2018-06-08 17:33 - 000272296 _____ (Microsoft Corporation) C:\WINDOWS\system32\SgrmEnclave.dll
2018-07-09 20:54 - 2018-06-08 17:33 - 000269224 _____ (Microsoft Corporation) C:\WINDOWS\system32\SgrmEnclave_secure.dll
2018-07-09 20:54 - 2018-06-08 17:31 - 000226720 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\Ucx01000.sys
2018-07-09 20:54 - 2018-06-08 17:30 - 001063328 _____ (Microsoft Corporation) C:\WINDOWS\system32\SecConfig.efi
2018-07-09 20:54 - 2018-06-08 17:30 - 000723360 _____ (Microsoft Corporation) C:\WINDOWS\system32\wimgapi.dll
2018-07-09 20:54 - 2018-06-08 17:30 - 000709824 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\cng.sys
2018-07-09 20:54 - 2018-06-08 17:30 - 000565152 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\USBHUB3.SYS
2018-07-09 20:54 - 2018-06-08 17:30 - 000527264 _____ (Microsoft Corporation) C:\WINDOWS\system32\wimserv.exe
2018-07-09 20:54 - 2018-06-08 17:30 - 000194456 _____ (Microsoft Corporation) C:\WINDOWS\system32\skci.dll
2018-07-09 20:54 - 2018-06-08 17:30 - 000170912 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\ksecpkg.sys
2018-07-09 20:54 - 2018-06-08 17:30 - 000137568 _____ (Microsoft Corporation) C:\WINDOWS\system32\bcrypt.dll
2018-07-09 20:54 - 2018-06-08 17:30 - 000134584 _____ (Microsoft Corporation) C:\WINDOWS\system32\hvloader.dll
2018-07-09 20:54 - 2018-06-08 17:29 - 002590400 _____ (Microsoft Corporation) C:\WINDOWS\system32\WMVDECOD.DLL
2018-07-09 20:54 - 2018-06-08 17:29 - 001921952 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\refs.sys
2018-07-09 20:54 - 2018-06-08 17:29 - 001026976 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\http.sys
2018-07-09 20:54 - 2018-06-08 17:29 - 000945568 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\refsv1.sys
2018-07-09 20:54 - 2018-06-08 17:29 - 000885880 _____ (Microsoft Corporation) C:\WINDOWS\system32\CoreMessaging.dll
2018-07-09 20:54 - 2018-06-08 17:29 - 000792992 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\dxgmms2.sys
2018-07-09 20:54 - 2018-06-08 17:29 - 000659096 _____ (Microsoft Corporation) C:\WINDOWS\system32\StateRepository.Core.dll
2018-07-09 20:54 - 2018-06-08 17:29 - 000413824 _____ (Microsoft Corporation) C:\WINDOWS\system32\AUDIOKSE.dll
2018-07-09 20:54 - 2018-06-08 17:29 - 000413088 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\dxgmms1.sys
2018-07-09 20:54 - 2018-06-08 17:29 - 000375712 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\msrpc.sys
2018-07-09 20:54 - 2018-06-08 17:29 - 000313592 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfsensorgroup.dll
2018-07-09 20:54 - 2018-06-08 17:29 - 000260896 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfps.dll
2018-07-09 20:54 - 2018-06-08 17:29 - 000164768 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\wfplwfs.sys
2018-07-09 20:54 - 2018-06-08 17:29 - 000158720 _____ (Microsoft Corporation) C:\WINDOWS\system32\vertdll.dll
2018-07-09 20:54 - 2018-06-08 17:29 - 000057960 _____ (Microsoft Corporation) C:\WINDOWS\system32\kernel.appcore.dll
2018-07-09 20:54 - 2018-06-08 17:10 - 001397200 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MSVP9DEC.dll
2018-07-09 20:54 - 2018-06-08 17:10 - 000097176 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\bcrypt.dll
2018-07-09 20:54 - 2018-06-08 17:09 - 001129648 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msvproc.dll
2018-07-09 20:54 - 2018-06-08 17:09 - 000607648 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wimgapi.dll
2018-07-09 20:54 - 2018-06-08 17:09 - 000568720 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.StateRepositoryPS.dll
2018-07-09 20:54 - 2018-06-08 17:09 - 000567144 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\CoreMessaging.dll
2018-07-09 20:54 - 2018-06-08 17:09 - 000356960 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\bcryptprimitives.dll
2018-07-09 20:54 - 2018-06-08 17:09 - 000064648 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\LanguageOverlayUtil.dll
2018-07-09 20:54 - 2018-06-08 17:09 - 000050208 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\kernel.appcore.dll
2018-07-09 20:54 - 2018-06-08 17:03 - 000906752 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Globalization.PhoneNumberFormatting.dll
2018-07-09 20:54 - 2018-06-08 17:03 - 000185344 _____ (Microsoft Corporation) C:\WINDOWS\system32\InstallServiceTasks.dll
2018-07-09 20:54 - 2018-06-08 17:03 - 000038400 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.StateRepositoryCore.dll
2018-07-09 20:54 - 2018-06-08 17:03 - 000032256 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\mskssrv.sys
2018-07-09 20:54 - 2018-06-08 17:02 - 000096768 _____ (Microsoft Corporation) C:\WINDOWS\system32\usoapi.dll
2018-07-09 20:54 - 2018-06-08 17:02 - 000059904 _____ (Microsoft Corporation) C:\WINDOWS\system32\edpnotify.exe
2018-07-09 20:54 - 2018-06-08 17:02 - 000035840 _____ (Microsoft Corporation) C:\WINDOWS\system32\TokenBrokerCookies.exe
2018-07-09 20:54 - 2018-06-08 17:01 - 000342528 _____ (Microsoft Corporation) C:\WINDOWS\system32\browserexport.exe
2018-07-09 20:54 - 2018-06-08 17:01 - 000295424 _____ (Microsoft Corporation) C:\WINDOWS\system32\FSClient.dll
2018-07-09 20:54 - 2018-06-08 17:01 - 000294912 _____ (Microsoft Corporation) C:\WINDOWS\system32\TDLMigration.dll
2018-07-09 20:54 - 2018-06-08 17:01 - 000209408 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppXApplicabilityBlob.dll
2018-07-09 20:54 - 2018-06-08 17:01 - 000182272 _____ (Microsoft Corporation) C:\WINDOWS\system32\BitLockerCsp.dll
2018-07-09 20:54 - 2018-06-08 17:01 - 000046080 _____ (Microsoft Corporation) C:\WINDOWS\system32\tbauth.dll
2018-07-09 20:54 - 2018-06-08 17:01 - 000046080 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\hidparse.sys
2018-07-09 20:54 - 2018-06-08 17:00 - 000275456 _____ (Microsoft Corporation) C:\WINDOWS\system32\SIHClient.exe
2018-07-09 20:54 - 2018-06-08 17:00 - 000149504 _____ (Microsoft Corporation) C:\WINDOWS\system32\dssvc.dll
2018-07-09 20:54 - 2018-06-08 17:00 - 000100864 _____ (Microsoft Corporation) C:\WINDOWS\system32\CapabilityAccessManagerClient.dll
2018-07-09 20:54 - 2018-06-08 17:00 - 000075776 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\mpsdrv.sys
2018-07-09 20:54 - 2018-06-08 16:59 - 000983040 _____ (Microsoft Corporation) C:\WINDOWS\system32\wbiosrvc.dll
2018-07-09 20:54 - 2018-06-08 16:59 - 000673792 _____ (Microsoft Corporation) C:\WINDOWS\system32\FrameServer.dll
2018-07-09 20:54 - 2018-06-08 16:59 - 000456704 _____ (Microsoft Corporation) C:\WINDOWS\system32\MDEServer.exe
2018-07-09 20:54 - 2018-06-08 16:59 - 000177152 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.StateRepositoryUpgrade.dll
2018-07-09 20:54 - 2018-06-08 16:59 - 000174080 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuuhosdeployment.dll
2018-07-09 20:54 - 2018-06-08 16:58 - 000781824 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\WdiWiFi.sys
2018-07-09 20:54 - 2018-06-08 16:58 - 000266752 _____ (Microsoft Corporation) C:\WINDOWS\system32\CapabilityAccessManager.dll
2018-07-09 20:54 - 2018-06-08 16:58 - 000239104 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\FSClient.dll
2018-07-09 20:54 - 2018-06-08 16:58 - 000029184 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\TokenBrokerCookies.exe
2018-07-09 20:54 - 2018-06-08 16:57 - 001708544 _____ (Microsoft Corporation) C:\WINDOWS\system32\MSPhotography.dll
2018-07-09 20:54 - 2018-06-08 16:57 - 000401920 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\ks.sys
2018-07-09 20:54 - 2018-06-08 16:57 - 000310272 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wincorlib.dll
2018-07-09 20:54 - 2018-06-08 16:57 - 000150016 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.StateRepositoryUpgrade.dll
2018-07-09 20:54 - 2018-06-08 16:57 - 000038400 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\tbauth.dll
2018-07-09 20:54 - 2018-06-08 16:56 - 001361408 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MSPhotography.dll
2018-07-09 20:54 - 2018-06-08 16:56 - 000871424 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Media.BackgroundMediaPlayback.dll
2018-07-09 20:54 - 2018-06-08 16:56 - 000869376 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Media.Playback.BackgroundMediaPlayer.dll
2018-07-09 20:54 - 2018-06-08 16:56 - 000715776 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Web.dll
2018-07-09 20:54 - 2018-06-08 16:56 - 000615424 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\EdgeManager.dll
2018-07-09 20:54 - 2018-06-08 16:56 - 000466432 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuuhext.dll
2018-07-09 20:54 - 2018-06-08 16:56 - 000331264 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\edgeIso.dll
2018-07-09 20:54 - 2018-06-08 16:56 - 000264704 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\credprovs.dll
2018-07-09 20:54 - 2018-06-08 16:55 - 001242112 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfmkvsrcsnk.dll
2018-07-09 20:54 - 2018-06-08 16:55 - 000932352 _____ (Microsoft Corporation) C:\WINDOWS\system32\rasmans.dll
2018-07-09 20:54 - 2018-06-08 16:55 - 000849408 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Media.Playback.MediaPlayer.dll
2018-07-09 20:54 - 2018-06-08 16:55 - 000778752 _____ (Microsoft Corporation) C:\WINDOWS\system32\BFE.DLL
2018-07-09 20:54 - 2018-06-08 16:55 - 000630784 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Media.Playback.MediaPlayer.dll
2018-07-09 20:54 - 2018-06-08 16:55 - 000578560 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\webplatstorageserver.dll
2018-07-09 20:54 - 2018-06-08 16:55 - 000401920 _____ (Microsoft Corporation) C:\WINDOWS\system32\rascustom.dll
2018-07-09 20:54 - 2018-06-08 16:54 - 001348096 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\OpcServices.dll
2018-07-09 20:54 - 2018-06-08 16:54 - 000857088 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MSMPEG2ENC.DLL
2018-07-09 20:54 - 2018-06-08 16:54 - 000842240 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mfmkvsrcsnk.dll
2018-07-09 20:54 - 2018-06-08 16:54 - 000729088 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\FlightSettings.dll
2018-07-09 20:54 - 2018-06-08 16:54 - 000646656 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Media.Playback.BackgroundMediaPlayer.dll
2018-07-09 20:54 - 2018-06-08 16:54 - 000619520 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\WpcWebFilter.dll
2018-07-09 20:54 - 2018-06-08 16:54 - 000593408 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Web.dll
2018-07-09 20:54 - 2018-06-08 16:54 - 000375808 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\RTMediaFrame.dll
2018-07-09 20:54 - 2018-06-08 16:54 - 000251904 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msIso.dll
2018-07-09 20:54 - 2018-06-08 16:54 - 000208384 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MSAC3ENC.DLL
2018-07-09 20:54 - 2018-06-08 16:53 - 001466368 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ieapfltr.dll
2018-07-09 20:54 - 2018-06-08 16:53 - 000873472 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Media.Streaming.dll
2018-07-09 20:54 - 2018-06-08 16:53 - 000677888 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Security.Authentication.Web.Core.dll
2018-07-09 20:54 - 2018-06-08 16:53 - 000648192 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Media.BackgroundMediaPlayback.dll
2018-07-09 20:54 - 2018-06-08 16:53 - 000528384 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ActivationManager.dll
2018-07-09 20:54 - 2018-06-08 15:41 - 000001310 _____ C:\WINDOWS\system32\tcbres.wim
2018-07-09 20:54 - 2018-06-02 07:24 - 000713376 _____ (Microsoft Corporation) C:\WINDOWS\system32\MSVideoDSP.dll
2018-07-09 20:54 - 2018-06-02 06:54 - 001825792 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.CloudStore.dll
2018-07-09 20:54 - 2018-05-25 11:24 - 000340480 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msexcl40.dll
2018-07-09 20:54 - 2018-05-21 03:26 - 000486912 _____ (Microsoft Corporation) C:\WINDOWS\system32\rasplap.dll
2018-07-09 20:54 - 2018-05-21 03:23 - 004070400 _____ (Microsoft Corporation) C:\WINDOWS\system32\msi.dll
2018-07-09 20:54 - 2018-05-21 03:22 - 001292288 _____ (Microsoft Corporation) C:\WINDOWS\system32\GamePanel.exe
2018-07-09 20:54 - 2018-05-21 03:22 - 000941056 _____ (Microsoft Corporation) C:\WINDOWS\system32\rasdlg.dll
2018-07-09 20:54 - 2018-05-21 02:15 - 000653208 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\LicensingWinRT.dll
2018-07-09 20:54 - 2018-05-21 02:02 - 000461312 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\rasplap.dll
2018-07-09 20:54 - 2018-05-21 01:59 - 000863232 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\rasdlg.dll
2018-07-09 20:54 - 2018-05-21 00:39 - 000788480 _____ (Microsoft Corporation) C:\WINDOWS\system32\DHolographicDisplay.dll
2018-07-09 20:54 - 2018-05-21 00:34 - 000238592 _____ (Microsoft Corporation) C:\WINDOWS\system32\HoloShellRuntime.dll
2018-07-09 20:54 - 2018-05-20 22:54 - 000184320 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\HoloShellRuntime.dll
2018-07-09 20:54 - 2018-05-20 20:33 - 000105368 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\stornvme.sys
2018-07-09 20:54 - 2018-05-20 19:53 - 001947808 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfplat.dll
2018-07-09 20:54 - 2018-05-20 19:53 - 000131232 _____ (Microsoft Corporation) C:\WINDOWS\system32\rmclient.dll
2018-07-09 20:54 - 2018-05-20 19:52 - 000130456 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\hvsocket.sys
2018-07-09 20:54 - 2018-05-20 19:52 - 000089984 _____ (Microsoft Corporation) C:\WINDOWS\system32\CompPkgSup.dll
2018-07-09 20:54 - 2018-05-20 19:33 - 000101288 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\rmclient.dll
2018-07-09 20:54 - 2018-05-20 19:32 - 001559368 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mfplat.dll
2018-07-09 20:54 - 2018-05-20 19:32 - 000077040 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\CompPkgSup.dll
2018-07-09 20:54 - 2018-05-20 19:28 - 000119296 _____ (Microsoft Corporation) C:\WINDOWS\system32\UserDataTimeUtil.dll
2018-07-09 20:54 - 2018-05-20 19:28 - 000002560 _____ (Microsoft Corporation) C:\WINDOWS\system32\tzres.dll
2018-07-09 20:54 - 2018-05-20 19:27 - 000344576 _____ (Microsoft Corporation) C:\WINDOWS\system32\RasMediaManager.dll
2018-07-09 20:54 - 2018-05-20 19:27 - 000109568 _____ (Microsoft Corporation) C:\WINDOWS\system32\ApiSetHost.AppExecutionAlias.dll
2018-07-09 20:54 - 2018-05-20 19:26 - 000154112 _____ (Microsoft Corporation) C:\WINDOWS\system32\Chakradiag.dll
2018-07-09 20:54 - 2018-05-20 19:26 - 000033792 _____ (Microsoft Corporation) C:\WINDOWS\system32\MSHEIF.dll
2018-07-09 20:54 - 2018-05-20 19:25 - 000835584 _____ (Microsoft Corporation) C:\WINDOWS\system32\PhoneService.dll
2018-07-09 20:54 - 2018-05-20 19:25 - 000384000 _____ (Microsoft Corporation) C:\WINDOWS\system32\Phoneutil.dll
2018-07-09 20:54 - 2018-05-20 19:24 - 000726528 _____ (Microsoft Corporation) C:\WINDOWS\system32\jscript9diag.dll
2018-07-09 20:54 - 2018-05-20 19:23 - 005951488 _____ (Microsoft Corporation) C:\WINDOWS\system32\dbgeng.dll
2018-07-09 20:54 - 2018-05-20 19:21 - 001371136 _____ (Microsoft Corporation) C:\WINDOWS\system32\aadtb.dll
2018-07-09 20:54 - 2018-05-20 19:16 - 000094720 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\UserDataTimeUtil.dll
2018-07-09 20:54 - 2018-05-20 19:16 - 000081920 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ApiSetHost.AppExecutionAlias.dll
2018-07-09 20:54 - 2018-05-20 19:16 - 000002560 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\tzres.dll
2018-07-09 20:54 - 2018-05-20 19:15 - 000142848 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\InstallServiceTasks.dll
2018-07-09 20:54 - 2018-05-20 19:15 - 000026112 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MSHEIF.dll
2018-07-09 20:54 - 2018-05-20 19:14 - 000167936 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wevtutil.exe
2018-07-09 20:54 - 2018-05-20 19:13 - 004929024 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dbgeng.dll
2018-07-09 20:54 - 2018-05-20 19:13 - 000317440 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Phoneutil.dll
2018-07-09 20:54 - 2018-05-20 19:12 - 000992768 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Networking.Vpn.dll
2018-07-09 20:54 - 2018-05-20 19:12 - 000860160 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\rasapi32.dll
2018-07-09 20:54 - 2018-05-20 19:11 - 001036288 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\aadtb.dll
2018-07-09 20:54 - 2018-05-20 16:26 - 000018716 _____ C:\WINDOWS\system32\srms-apr.dat
2018-07-09 20:54 - 2018-05-19 01:08 - 000018716 _____ C:\WINDOWS\SysWOW64\srms-apr.dat
2018-07-06 09:21 - 2018-07-29 08:39 - 000000000 ____D C:\Users\arlene.mandia\Desktop\ScreenSavers
2018-06-24 22:54 - 2018-06-24 22:54 - 000044511 _____ C:\Users\arlene.mandia\Downloads\Candidate Details Form_Editable_version (1).pdf
2018-06-24 18:55 - 2018-06-24 18:55 - 000044511 _____ C:\Users\arlene.mandia\Downloads\Candidate Details Form_Editable_version.pdf
2018-06-21 08:59 - 2018-06-21 08:59 - 000284174 _____ C:\Users\arlene.mandia\Downloads\MCM Resume_ (3).pdf
2018-06-13 14:00 - 2018-06-13 14:00 - 000170530 _____ C:\Users\arlene.mandia\Downloads\JD for Instruments Controls & Automation Engineer (1).pdf
2018-06-12 17:38 - 2018-06-12 17:38 - 000170530 _____ C:\Users\arlene.mandia\Downloads\JD for Instruments Controls & Automation Engineer.pdf
2018-06-11 21:27 - 2018-06-11 21:27 - 000227308 _____ C:\Users\arlene.mandia\Downloads\download.html
2018-06-11 21:27 - 2018-06-11 21:27 - 000000000 _____ C:\Users\arlene.mandia\Downloads\x6li1p2.txt
2018-06-11 16:51 - 2018-06-11 16:52 - 002259872 _____ C:\Users\arlene.mandia\Downloads\Filled_Out Employement Application Form.pdf
2018-06-11 00:49 - 2018-06-11 00:49 - 002712646 _____ C:\Users\arlene.mandia\Downloads\buildingservices-160522062313.pdf
2018-06-08 20:54 - 2018-06-08 20:54 - 000010965 _____ C:\Users\arlene.mandia\Downloads\payslip_201708 (1).pdf
2018-06-08 16:30 - 2018-06-08 16:30 - 000010965 _____ C:\Users\arlene.mandia\Downloads\payslip_201708.pdf
2018-05-26 01:11 - 2018-05-26 01:11 - 000226136 _____ (McAfee LLC) C:\Users\arlene.mandia\Downloads\mvt (4).exe
2018-05-25 17:00 - 2018-07-28 04:00 - 000000000 ____D C:\Users\arlene.mandia\AppData\Local\D3DSCache
2018-05-25 07:07 - 2018-05-25 07:13 - 000000000 ____D C:\WINDOWS\system32\config\bbimigrate
2018-05-25 07:05 - 2018-05-25 07:07 - 000000000 ____D C:\WINDOWS\ServiceProfiles
2018-05-25 07:05 - 2018-05-25 07:05 - 000008192 _____ C:\WINDOWS\system32\config\userdiff
2018-05-25 07:02 - 2018-05-25 07:02 - 013570560 _____ (Microsoft Corporation) C:\WINDOWS\system32\wmp.dll
2018-05-25 07:02 - 2018-05-25 07:02 - 012500992 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wmp.dll
2018-05-25 07:01 - 2018-05-25 07:01 - 019525120 _____ (Microsoft Corporation) C:\WINDOWS\system32\HologramCompositor.dll
2018-05-25 07:01 - 2018-05-25 07:01 - 008623104 _____ (Microsoft Corporation) C:\WINDOWS\system32\mstscax.dll
2018-05-25 07:01 - 2018-05-25 07:01 - 007987712 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mstscax.dll
2018-05-25 07:01 - 2018-05-25 07:01 - 003086336 _____ (Microsoft Corporation) C:\WINDOWS\system32\diagtrack.dll
2018-05-25 07:01 - 2018-05-25 07:01 - 001953280 _____ C:\WINDOWS\system32\rdpnano.dll
2018-05-25 07:01 - 2018-05-25 07:01 - 001855488 _____ (Microsoft Corporation) C:\WINDOWS\system32\msxml3.dll
2018-05-25 07:01 - 2018-05-25 07:01 - 001585664 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msxml3.dll
2018-05-25 07:01 - 2018-05-25 07:01 - 001565592 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppxPackaging.dll
2018-05-25 07:01 - 2018-05-25 07:01 - 001534976 _____ (Microsoft Corporation) C:\WINDOWS\system32\lsasrv.dll
2018-05-25 07:01 - 2018-05-25 07:01 - 001426328 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\AppxPackaging.dll
2018-05-25 07:01 - 2018-05-25 07:01 - 001421312 _____ (Microsoft Corporation) C:\WINDOWS\system32\rdpbase.dll
2018-05-25 07:01 - 2018-05-25 07:01 - 001380864 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\comsvcs.dll
2018-05-25 07:01 - 2018-05-25 07:01 - 001235968 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\rdpbase.dll
2018-05-25 07:01 - 2018-05-25 07:01 - 000917504 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuapi.dll
2018-05-25 07:01 - 2018-05-25 07:01 - 000836608 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wuapi.dll
2018-05-25 07:01 - 2018-05-25 07:01 - 000788216 _____ (Microsoft Corporation) C:\WINDOWS\system32\oleaut32.dll
2018-05-25 07:01 - 2018-05-25 07:01 - 000776880 _____ (Microsoft Corporation) C:\WINDOWS\system32\wer.dll
2018-05-25 07:01 - 2018-05-25 07:01 - 000695296 _____ (Microsoft Corporation) C:\WINDOWS\system32\hhctrl.ocx
2018-05-25 07:01 - 2018-05-25 07:01 - 000665320 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wer.dll
2018-05-25 07:01 - 2018-05-25 07:01 - 000613376 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.UI.Xaml.Resources.rs4.dll
2018-05-25 07:01 - 2018-05-25 07:01 - 000606448 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\oleaut32.dll
2018-05-25 07:01 - 2018-05-25 07:01 - 000604568 _____ (Microsoft Corporation) C:\WINDOWS\system32\securekernel.exe
2018-05-25 07:01 - 2018-05-25 07:01 - 000596480 _____ (Microsoft Corporation) C:\WINDOWS\system32\updatehandlers.dll
2018-05-25 07:01 - 2018-05-25 07:01 - 000585728 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.UI.Xaml.Resources.rs3.dll
2018-05-25 07:01 - 2018-05-25 07:01 - 000581120 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\hhctrl.ocx
2018-05-25 07:01 - 2018-05-25 07:01 - 000561664 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\jscript9diag.dll
2018-05-25 07:01 - 2018-05-25 07:01 - 000553984 _____ (Microsoft Corporation) C:\WINDOWS\system32\PerceptionSimulationExtensions.dll
2018-05-25 07:01 - 2018-05-25 07:01 - 000543744 _____ (Microsoft Corporation) C:\WINDOWS\system32\vbscript.dll
2018-05-25 07:01 - 2018-05-25 07:01 - 000524800 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\vbscript.dll
2018-05-25 07:01 - 2018-05-25 07:01 - 000494488 _____ (Microsoft Corporation) C:\WINDOWS\system32\WerFault.exe
2018-05-25 07:01 - 2018-05-25 07:01 - 000474624 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.UI.Xaml.Resources.rs2.dll
2018-05-25 07:01 - 2018-05-25 07:01 - 000473496 _____ (Microsoft Corporation) C:\WINDOWS\system32\dcntel.dll
2018-05-25 07:01 - 2018-05-25 07:01 - 000444416 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.UI.Xaml.Resources.rs1.dll
2018-05-25 07:01 - 2018-05-25 07:01 - 000434584 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\WerFault.exe
2018-05-25 07:01 - 2018-05-25 07:01 - 000382872 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\clfs.sys
2018-05-25 07:01 - 2018-05-25 07:01 - 000288256 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.UI.Xaml.Resources.th.dll
2018-05-25 07:01 - 2018-05-25 07:01 - 000256000 _____ (Microsoft Corporation) C:\WINDOWS\system32\MixedReality.Broker.dll
2018-05-25 07:01 - 2018-05-25 07:01 - 000241664 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.UI.Xaml.Resources.win81.dll
2018-05-25 07:01 - 2018-05-25 07:01 - 000171520 _____ (Microsoft Corporation) C:\WINDOWS\system32\itss.dll
2018-05-25 07:01 - 2018-05-25 07:01 - 000159744 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Cortana.Analog.dll
2018-05-25 07:01 - 2018-05-25 07:01 - 000150528 _____ (Microsoft Corporation) C:\WINDOWS\system32\SharedPCCSP.dll
2018-05-25 07:01 - 2018-05-25 07:01 - 000150016 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\itss.dll
2018-05-25 07:01 - 2018-05-25 07:01 - 000144384 _____ (Microsoft Corporation) C:\WINDOWS\system32\mssprxy.dll
2018-05-25 07:01 - 2018-05-25 07:01 - 000143360 _____ (Microsoft Corporation) C:\WINDOWS\system32\TSpkg.dll
2018-05-25 07:01 - 2018-05-25 07:01 - 000142336 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.UI.Xaml.Resources.win8rtm.dll
2018-05-25 07:01 - 2018-05-25 07:01 - 000117760 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\TSpkg.dll
2018-05-25 07:01 - 2018-05-25 07:01 - 000046592 _____ (Microsoft Corporation) C:\WINDOWS\system32\wcimage.dll
2018-05-25 07:01 - 2018-05-25 07:01 - 000023552 _____ (Microsoft Corporation) C:\WINDOWS\system32\credssp.dll
2018-05-25 07:01 - 2018-05-25 07:01 - 000019968 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\credssp.dll
2018-05-25 06:57 - 2018-05-25 06:57 - 001166520 _____ (Microsoft Corporation) C:\WINDOWS\system32\PresentationNative_v0300.dll
2018-05-25 06:57 - 2018-05-25 06:57 - 000778936 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\PresentationNative_v0300.dll
2018-05-25 06:57 - 2018-05-25 06:57 - 000124624 _____ (Microsoft Corporation) C:\WINDOWS\system32\PresentationCFFRasterizerNative_v0300.dll
2018-05-25 06:57 - 2018-05-25 06:57 - 000103120 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\PresentationCFFRasterizerNative_v0300.dll
2018-05-25 06:57 - 2018-05-25 06:57 - 000035456 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\TsWpfWrp.exe
2018-05-25 06:57 - 2018-05-25 06:57 - 000035456 _____ (Microsoft Corporation) C:\WINDOWS\system32\TsWpfWrp.exe
2018-05-25 06:57 - 2018-05-25 06:57 - 000000000 ____D C:\Program Files\Reference Assemblies
2018-05-25 06:57 - 2018-05-25 06:57 - 000000000 ____D C:\Program Files\MSBuild
2018-05-25 06:57 - 2018-05-25 06:57 - 000000000 ____D C:\Program Files (x86)\Reference Assemblies
2018-05-25 06:57 - 2018-05-25 06:57 - 000000000 ____D C:\Program Files (x86)\MSBuild
2018-05-25 06:55 - 2018-05-25 06:55 - 004492288 _____ (Microsoft Corporation) C:\WINDOWS\system32\xpsrchvw.exe
2018-05-25 06:55 - 2018-05-25 06:55 - 003398144 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\xpsrchvw.exe
2018-05-25 06:55 - 2018-05-25 06:55 - 000925696 _____ (Microsoft Corporation) C:\WINDOWS\system32\XpsFilt.dll
2018-05-25 06:55 - 2018-05-25 06:55 - 000575488 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\XpsFilt.dll
2018-05-25 06:55 - 2018-05-25 06:55 - 000100352 _____ (Microsoft Corporation) C:\WINDOWS\system32\XPSSHHDR.dll
2018-05-25 06:55 - 2018-05-25 06:55 - 000082432 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\XPSSHHDR.dll
2018-05-25 06:55 - 2018-05-25 06:55 - 000076060 _____ C:\WINDOWS\SysWOW64\xpsrchvw.xml
2018-05-25 06:55 - 2018-05-25 06:55 - 000076060 _____ C:\WINDOWS\system32\xpsrchvw.xml
2018-05-24 16:10 - 2018-05-28 14:33 - 000000000 ____D C:\Users\arlene.mandia\AppData\Local\PlaceholderTileLogoFolder
2018-05-24 16:08 - 2018-05-24 16:08 - 000000000 ____D C:\ProgramData\Microsoft OneDrive
2018-05-24 16:07 - 2018-05-24 16:07 - 000001417 _____ C:\Users\arlene.mandia\Desktop\Microsoft Edge.lnk
2018-05-24 16:04 - 2018-07-10 15:10 - 000000000 ___RD C:\Users\arlene.mandia\3D Objects
2018-05-24 16:03 - 2018-05-24 16:03 - 000000020 ___SH C:\Users\arlene.mandia\ntuser.ini
2018-05-24 16:02 - 2018-07-31 20:40 - 000000006 ____H C:\WINDOWS\Tasks\SA.DAT
2018-05-24 16:02 - 2018-07-31 20:31 - 000004258 _____ C:\WINDOWS\System32\Tasks\Opera scheduled Autoupdate 1445663242
2018-05-24 16:02 - 2018-07-29 16:35 - 000004180 _____ C:\WINDOWS\System32\Tasks\User_Feed_Synchronization-{449DB7F5-69DF-421A-9805-8AB15644803C}
2018-05-24 16:02 - 2018-07-19 09:46 - 000003390 _____ C:\WINDOWS\System32\Tasks\OneDrive Standalone Update Task-S-1-5-21-2204550158-3753436120-1288192212-1001
2018-05-24 16:02 - 2018-07-11 15:13 - 000004564 _____ C:\WINDOWS\System32\Tasks\Adobe Flash Player PPAPI Notifier
2018-05-24 16:02 - 2018-07-11 15:09 - 000004600 _____ C:\WINDOWS\System32\Tasks\Adobe Flash Player NPAPI Notifier
2018-05-24 16:02 - 2018-07-09 15:33 - 000000000 ____D C:\WINDOWS\System32\Tasks\McAfee
2018-05-24 16:02 - 2018-06-29 00:23 - 000003142 _____ C:\WINDOWS\System32\Tasks\McAfeeLogon
2018-05-24 16:02 - 2018-06-08 01:59 - 000004386 _____ C:\WINDOWS\System32\Tasks\Adobe Flash Player Updater
2018-05-24 16:02 - 2018-06-06 21:35 - 000003446 _____ C:\WINDOWS\System32\Tasks\McAfee Remediation (Prepare)
2018-05-24 16:02 - 2018-05-24 16:02 - 000003346 _____ C:\WINDOWS\System32\Tasks\GoogleUpdateTaskMachineUA
2018-05-24 16:02 - 2018-05-24 16:02 - 000003122 _____ C:\WINDOWS\System32\Tasks\GoogleUpdateTaskMachineCore
2018-05-24 16:02 - 2018-05-24 16:02 - 000003042 _____ C:\WINDOWS\System32\Tasks\IUM-F1E24CA0-B63E-4F13-A9E3-4ADE3BFF3473
2018-05-24 16:02 - 2018-05-24 16:02 - 000002984 _____ C:\WINDOWS\System32\Tasks\WpsExternal_arlene.mandia_20180326134931
2018-05-24 16:02 - 2018-05-24 16:02 - 000002752 _____ C:\WINDOWS\System32\Tasks\Optimize Start Menu Cache Files-S-1-5-21-2204550158-3753436120-1288192212-1001
2018-05-24 16:02 - 2018-05-24 16:02 - 000002680 _____ C:\WINDOWS\System32\Tasks\IUM-F1E24CA0-B63E-4F13-A9E3-4ADE3BFF3473-Logon
2018-05-24 16:02 - 2018-05-24 16:02 - 000002438 _____ C:\WINDOWS\System32\Tasks\Lenovo App Services
2018-05-24 16:02 - 2018-05-24 16:02 - 000002320 _____ C:\WINDOWS\System32\Tasks\Optimize Start Menu Cache Files-S-1-5-21-2204550158-3753436120-1288192212-500
2018-05-24 16:02 - 2018-05-24 16:02 - 000002192 _____ C:\WINDOWS\System32\Tasks\UMonitor Task
2018-05-24 16:02 - 2018-05-24 16:02 - 000000000 ____D C:\WINDOWS\System32\Tasks\WPD
2018-05-24 16:02 - 2018-05-24 16:02 - 000000000 ____D C:\WINDOWS\System32\Tasks\S-1-5-21-2204550158-3753436120-1288192212-1001
2018-05-24 16:02 - 2018-05-24 16:02 - 000000000 ____D C:\WINDOWS\System32\Tasks\Lenovo
2018-05-24 16:02 - 2018-05-24 16:02 - 000000000 ____D C:\WINDOWS\System32\Tasks\Hewlett-Packard
2018-05-24 16:02 - 2018-05-24 16:02 - 000000000 ____D C:\WINDOWS\System32\Tasks\CyberLink
2018-05-24 16:02 - 2018-05-24 16:02 - 000000000 ____D C:\WINDOWS\System32\Tasks\Apple
2018-05-24 16:02 - 2018-05-24 16:02 - 000000000 ____D C:\WINDOWS\system32\Drivers\wd
2018-05-24 16:02 - 2014-12-10 10:09 - 000003594 _____ C:\WINDOWS\System32\Tasks\Optimize Start Menu Cache Files-S-1-5-21-2943985629-2717472603-367765836-500
2018-05-24 16:00 - 2018-05-24 16:02 - 000007623 _____ C:\WINDOWS\diagwrn.xml
2018-05-24 16:00 - 2018-05-24 16:02 - 000007623 _____ C:\WINDOWS\diagerr.xml
2018-05-24 15:42 - 2018-07-22 02:25 - 000840376 _____ C:\WINDOWS\system32\PerfStringBackup.INI
2018-05-24 15:30 - 2018-05-24 15:30 - 000001576 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows Media Player.lnk
2018-05-24 15:26 - 2018-07-28 21:32 - 000000000 ____D C:\Users\arlene.mandia
2018-05-24 15:26 - 2018-07-19 09:46 - 000002446 _____ C:\Users\arlene.mandia\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\OneDrive.lnk
2018-05-24 15:24 - 2018-05-24 15:24 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Dolby
2018-05-24 15:24 - 2018-05-24 15:24 - 000000000 ____D C:\Program Files\Dolby
2018-05-24 15:23 - 2018-05-24 15:23 - 000000000 ____D C:\Program Files (x86)\VulkanRT
2018-05-24 15:23 - 2016-12-29 20:28 - 000133056 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\nvStreaming.exe
2018-05-24 15:23 - 2016-09-10 02:25 - 000269600 _____ C:\WINDOWS\SysWOW64\vulkan-1.dll
2018-05-24 15:23 - 2016-09-10 02:25 - 000261920 _____ C:\WINDOWS\system32\vulkan-1.dll
2018-05-24 15:23 - 2016-09-10 02:25 - 000110880 _____ C:\WINDOWS\SysWOW64\vulkaninfo.exe
2018-05-24 15:23 - 2016-09-10 02:24 - 000125216 _____ C:\WINDOWS\system32\vulkaninfo.exe
2018-05-24 15:20 - 2018-05-24 15:20 - 000000000 ____D C:\ProgramData\USOShared
2018-05-24 15:20 - 2017-05-02 05:04 - 000103944 _____ (Khronos Group) C:\WINDOWS\SysWOW64\OpenCL.DLL
2018-05-24 15:20 - 2017-05-02 05:04 - 000099840 _____ (Khronos Group) C:\WINDOWS\system32\OpenCL.DLL
2018-05-24 15:19 - 2018-04-12 07:33 - 002752000 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\PrintConfig.dll
2018-05-24 15:14 - 2018-07-30 13:56 - 000000000 ____D C:\WINDOWS\system32\SleepStudy
2018-05-24 15:14 - 2018-07-10 15:05 - 000416952 _____ C:\WINDOWS\system32\FNTCACHE.DAT
2018-05-22 22:46 - 2018-05-22 22:46 - 000000000 ____D C:\Program Files (x86)\Microsoft ASP.NET
2018-05-22 17:34 - 2018-05-24 16:04 - 000000000 ___DC C:\WINDOWS\Panther
2018-05-20 10:08 - 2018-05-16 04:30 - 000103664 _____ (Lenovo Group Limited.) C:\WINDOWS\system32\WudfUpdate_02000.dll
2018-05-20 10:08 - 2018-05-16 04:30 - 000053488 _____ (Lenovo Group Limited) C:\WINDOWS\system32\ImController.InfInstaller.exe
2018-05-20 10:08 - 2018-05-16 04:29 - 000425200 _____ (Lenovo Group Limited) C:\WINDOWS\system32\iMDriverHelper.dll
2018-05-20 09:08 - 2018-05-20 09:08 - 000000000 ____D C:\WINDOWS\UpdateAssistant
2018-05-11 20:10 - 2018-05-11 20:10 - 000000510 _____ C:\Users\arlene.mandia\Downloads\white_entwine_vs_xakean_2018-05-11.pgn
2018-05-04 22:58 - 2018-05-04 22:58 - 003478313 _____ C:\Users\arlene.mandia\Downloads\Symphony by Nala1038469617.m4a
2018-05-04 21:24 - 2018-05-04 21:24 - 000084211 _____ C:\Users\arlene.mandia\Downloads\PLUS  SAVINGS A C-1001-Apr-18.pdf
 
==================== Three Months Modified files and folders ========
 
(If an entry is included in the fixlist, the file/folder will be moved.)
 
2018-08-01 10:18 - 2017-02-18 00:13 - 000000000 ____D C:\Users\arlene.mandia\AppData\Local\CrashDumps
2018-08-01 09:12 - 2017-08-01 23:07 - 000563832 ____N (Microsoft Corporation) C:\WINDOWS\system32\MpSigStub.exe
2018-08-01 09:06 - 2018-04-12 05:04 - 000008192 _____ C:\WINDOWS\system32\config\ELAM
2018-08-01 08:58 - 2018-04-12 07:38 - 000000000 ____D C:\ProgramData\regid.1991-06.com.microsoft
2018-08-01 08:42 - 2015-06-19 02:08 - 000000000 ____D C:\ProgramData\Lenovo App Services
2018-08-01 08:37 - 2017-10-18 13:20 - 000000000 ____D C:\Users\arlene.mandia\Desktop\For KeepS
2018-08-01 08:26 - 2017-07-14 22:41 - 000000180 _____ C:\WINDOWS\system32\{A6D608F0-0BDE-491A-97AE-5C4B05D86E01}.bat
2018-08-01 08:26 - 2015-10-11 18:51 - 000000000 __SHD C:\Users\arlene.mandia\IntelGraphicsProfiles
2018-07-31 20:40 - 2016-08-25 05:52 - 000000000 ____D C:\ProgramData\NVIDIA
2018-07-31 20:39 - 2018-04-12 05:04 - 000786432 _____ C:\WINDOWS\system32\config\BBI
2018-07-31 20:31 - 2017-06-30 19:06 - 000001511 _____ C:\Users\arlene.mandia\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Opera Browser.lnk
2018-07-29 12:30 - 2015-10-24 12:55 - 000000000 ____D C:\Users\arlene.mandia\AppData\Local\Chromium
2018-07-29 10:36 - 2017-08-02 00:15 - 000000000 ____D C:\Program Files\McAfee
2018-07-28 21:25 - 2018-04-12 07:38 - 000000000 ___HD C:\Program Files\WindowsApps
2018-07-28 21:25 - 2018-04-12 07:38 - 000000000 ____D C:\WINDOWS\AppReadiness
2018-07-28 21:25 - 2015-10-11 18:51 - 000000000 ____D C:\Users\arlene.mandia\AppData\Local\Packages
2018-07-28 12:45 - 2015-11-14 16:52 - 000000000 ____D C:\Program Files (x86)\McAfee
2018-07-28 11:38 - 2018-04-12 07:38 - 000000000 ____D C:\WINDOWS\system32\NDF
2018-07-28 11:20 - 2017-12-23 14:14 - 000000000 ____D C:\Program Files (x86)\VideoLAN
2018-07-23 08:11 - 2018-04-12 07:38 - 000000000 ____D C:\WINDOWS\LiveKernelReports
2018-07-22 02:36 - 2018-04-12 07:36 - 000000000 ____D C:\WINDOWS\INF
2018-07-22 01:48 - 2018-04-25 08:19 - 000000000 ____D C:\Users\arlene.mandia\AppData\Roaming\Zoom
2018-07-22 00:01 - 2015-10-11 21:33 - 000002504 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Word.lnk
2018-07-22 00:01 - 2015-10-11 21:33 - 000002503 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\PowerPoint.lnk
2018-07-22 00:01 - 2015-10-11 21:33 - 000002467 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Access.lnk
2018-07-22 00:01 - 2015-10-11 21:33 - 000002466 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Excel.lnk
2018-07-22 00:01 - 2015-10-11 21:33 - 000002460 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Outlook.lnk
2018-07-22 00:01 - 2015-10-11 21:33 - 000002454 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Publisher.lnk
2018-07-22 00:01 - 2015-06-19 02:11 - 000000000 ____D C:\Program Files (x86)\Microsoft Office
2018-07-21 23:50 - 2017-03-26 23:40 - 000000000 ____D C:\Users\arlene.mandia\Documents\ViberDownloads
2018-07-19 09:46 - 2015-10-11 23:41 - 000000000 ___RD C:\Users\arlene.mandia\OneDrive
2018-07-18 23:37 - 2018-04-12 07:30 - 000000000 ____D C:\WINDOWS\CbsTemp
2018-07-14 18:12 - 2015-10-11 20:48 - 000000000 ____D C:\WINDOWS\system32\MRT
2018-07-14 17:40 - 2015-10-11 20:48 - 134675576 ____C (Microsoft Corporation) C:\WINDOWS\system32\MRT.exe
2018-07-14 17:38 - 2017-03-25 09:46 - 000369003 _____ C:\WINDOWS\system32\InstallUtil.InstallLog
2018-07-11 15:21 - 2015-11-06 20:57 - 000000000 ____D C:\Program Files (x86)\Google
2018-07-11 15:12 - 2018-04-12 07:38 - 000000000 ____D C:\WINDOWS\SysWOW64\Macromed
2018-07-11 15:12 - 2018-04-12 07:38 - 000000000 ____D C:\WINDOWS\system32\Macromed
2018-07-10 15:10 - 2015-10-12 09:38 - 000000000 __RHD C:\Users\Public\AccountPictures
2018-07-10 02:57 - 2018-04-12 17:19 - 000000000 ____D C:\WINDOWS\SysWOW64\zu-ZA
2018-07-10 02:57 - 2018-04-12 17:19 - 000000000 ____D C:\WINDOWS\SysWOW64\yo-NG
2018-07-10 02:57 - 2018-04-12 17:19 - 000000000 ____D C:\WINDOWS\SysWOW64\xh-ZA
2018-07-10 02:57 - 2018-04-12 17:19 - 000000000 ____D C:\WINDOWS\SysWOW64\wo-SN
2018-07-10 02:57 - 2018-04-12 17:19 - 000000000 ____D C:\WINDOWS\SysWOW64\uz-Latn-UZ
2018-07-10 02:57 - 2018-04-12 17:19 - 000000000 ____D C:\WINDOWS\SysWOW64\tn-ZA
2018-07-10 02:57 - 2018-04-12 17:19 - 000000000 ____D C:\WINDOWS\SysWOW64\ti-ET
2018-07-10 02:57 - 2018-04-12 17:19 - 000000000 ____D C:\WINDOWS\SysWOW64\tg-Cyrl-TJ
2018-07-10 02:57 - 2018-04-12 17:19 - 000000000 ____D C:\WINDOWS\SysWOW64\sr-Cyrl-RS
2018-07-10 02:57 - 2018-04-12 17:19 - 000000000 ____D C:\WINDOWS\SysWOW64\sr-Cyrl-BA
2018-07-10 02:57 - 2018-04-12 17:19 - 000000000 ____D C:\WINDOWS\SysWOW64\sd-Arab-PK
2018-07-10 02:57 - 2018-04-12 17:19 - 000000000 ____D C:\WINDOWS\SysWOW64\rw-RW
2018-07-10 02:57 - 2018-04-12 17:19 - 000000000 ____D C:\WINDOWS\SysWOW64\quc-Latn-GT
2018-07-10 02:57 - 2018-04-12 17:19 - 000000000 ____D C:\WINDOWS\SysWOW64\pa-Arab-PK
2018-07-10 02:57 - 2018-04-12 17:19 - 000000000 ____D C:\WINDOWS\SysWOW64\nso-ZA
2018-07-10 02:57 - 2018-04-12 17:19 - 000000000 ____D C:\WINDOWS\SysWOW64\ku-Arab-IQ
2018-07-10 02:57 - 2018-04-12 17:19 - 000000000 ____D C:\WINDOWS\SysWOW64\ig-NG
2018-07-10 02:57 - 2018-04-12 17:19 - 000000000 ____D C:\WINDOWS\SysWOW64\ha-Latn-NG
2018-07-10 02:57 - 2018-04-12 17:19 - 000000000 ____D C:\WINDOWS\SysWOW64\chr-CHER-US
2018-07-10 02:57 - 2018-04-12 17:19 - 000000000 ____D C:\WINDOWS\SysWOW64\ca-ES-valencia
2018-07-10 02:57 - 2018-04-12 17:19 - 000000000 ____D C:\WINDOWS\SysWOW64\bs-Latn-BA
2018-07-10 02:57 - 2018-04-12 17:19 - 000000000 ____D C:\WINDOWS\SysWOW64\az-Latn-AZ
2018-07-10 02:57 - 2018-04-12 17:19 - 000000000 ____D C:\WINDOWS\system32\zu-ZA
2018-07-10 02:57 - 2018-04-12 17:19 - 000000000 ____D C:\WINDOWS\system32\yo-NG
2018-07-10 02:57 - 2018-04-12 17:19 - 000000000 ____D C:\WINDOWS\system32\xh-ZA
2018-07-10 02:57 - 2018-04-12 17:19 - 000000000 ____D C:\WINDOWS\system32\wo-SN
2018-07-10 02:57 - 2018-04-12 17:19 - 000000000 ____D C:\WINDOWS\system32\uz-Latn-UZ
2018-07-10 02:57 - 2018-04-12 17:19 - 000000000 ____D C:\WINDOWS\system32\tn-ZA
2018-07-10 02:57 - 2018-04-12 17:19 - 000000000 ____D C:\WINDOWS\system32\ti-ET
2018-07-10 02:57 - 2018-04-12 17:19 - 000000000 ____D C:\WINDOWS\system32\tg-Cyrl-TJ
2018-07-10 02:57 - 2018-04-12 17:19 - 000000000 ____D C:\WINDOWS\system32\sr-Cyrl-RS
2018-07-10 02:57 - 2018-04-12 17:19 - 000000000 ____D C:\WINDOWS\system32\sr-Cyrl-BA
2018-07-10 02:57 - 2018-04-12 17:19 - 000000000 ____D C:\WINDOWS\system32\sd-Arab-PK
2018-07-10 02:57 - 2018-04-12 17:19 - 000000000 ____D C:\WINDOWS\system32\rw-RW
2018-07-10 02:57 - 2018-04-12 17:19 - 000000000 ____D C:\WINDOWS\system32\quc-Latn-GT
2018-07-10 02:57 - 2018-04-12 17:19 - 000000000 ____D C:\WINDOWS\system32\pa-Arab-PK
2018-07-10 02:57 - 2018-04-12 17:19 - 000000000 ____D C:\WINDOWS\system32\nso-ZA
2018-07-10 02:57 - 2018-04-12 17:19 - 000000000 ____D C:\WINDOWS\system32\ku-Arab-IQ
2018-07-10 02:57 - 2018-04-12 17:19 - 000000000 ____D C:\WINDOWS\system32\ig-NG
2018-07-10 02:57 - 2018-04-12 17:19 - 000000000 ____D C:\WINDOWS\system32\ha-Latn-NG
2018-07-10 02:57 - 2018-04-12 17:19 - 000000000 ____D C:\WINDOWS\system32\chr-CHER-US
2018-07-10 02:57 - 2018-04-12 17:19 - 000000000 ____D C:\WINDOWS\system32\ca-ES-valencia
2018-07-10 02:57 - 2018-04-12 17:19 - 000000000 ____D C:\WINDOWS\system32\bs-Latn-BA
2018-07-10 02:57 - 2018-04-12 17:19 - 000000000 ____D C:\WINDOWS\system32\az-Latn-AZ
2018-07-10 02:57 - 2018-04-12 07:38 - 000000000 ___RD C:\WINDOWS\ImmersiveControlPanel
2018-07-10 02:57 - 2018-04-12 07:38 - 000000000 ____D C:\WINDOWS\TextInput
2018-07-10 02:57 - 2018-04-12 07:38 - 000000000 ____D C:\WINDOWS\SysWOW64\setup
2018-07-10 02:57 - 2018-04-12 07:38 - 000000000 ____D C:\WINDOWS\SysWOW64\oobe
2018-07-10 02:57 - 2018-04-12 07:38 - 000000000 ____D C:\WINDOWS\SysWOW64\Dism
2018-07-10 02:57 - 2018-04-12 07:38 - 000000000 ____D C:\WINDOWS\system32\WinBioPlugIns
2018-07-10 02:57 - 2018-04-12 07:38 - 000000000 ____D C:\WINDOWS\system32\SystemResetPlatform
2018-07-10 02:57 - 2018-04-12 07:38 - 000000000 ____D C:\WINDOWS\system32\setup
2018-07-10 02:57 - 2018-04-12 07:38 - 000000000 ____D C:\WINDOWS\system32\oobe
2018-07-10 02:57 - 2018-04-12 07:38 - 000000000 ____D C:\WINDOWS\system32\appraiser
2018-07-10 02:57 - 2018-04-12 07:38 - 000000000 ____D C:\WINDOWS\ShellExperiences
2018-07-10 02:57 - 2018-04-12 07:38 - 000000000 ____D C:\WINDOWS\bcastdvr
2018-07-10 02:57 - 2018-04-12 07:38 - 000000000 ____D C:\Program Files\Windows Photo Viewer
2018-07-10 02:57 - 2018-04-12 07:38 - 000000000 ____D C:\Program Files (x86)\Windows Photo Viewer
2018-07-10 02:57 - 2018-04-12 05:04 - 000000000 ____D C:\WINDOWS\system32\Dism
 
==================== Files in the root of some directories =======
 
2016-06-08 18:42 - 2016-06-08 18:42 - 002049556 _____ () C:\Users\arlene.mandia\AppData\Roaming\sb859.dat
2015-10-24 13:41 - 2016-06-25 12:41 - 000000240 _____ () C:\Users\arlene.mandia\AppData\Roaming\WB.CFG
 
==================== Bamital & volsnap ======================
 
(There is no automatic fix for files that do not pass verification.)
 
C:\WINDOWS\system32\winlogon.exe => File is digitally signed
C:\WINDOWS\system32\wininit.exe => File is digitally signed
C:\WINDOWS\explorer.exe => File is digitally signed
C:\WINDOWS\SysWOW64\explorer.exe => File is digitally signed
C:\WINDOWS\system32\svchost.exe => File is digitally signed
C:\WINDOWS\SysWOW64\svchost.exe => File is digitally signed
C:\WINDOWS\system32\services.exe => File is digitally signed
C:\WINDOWS\system32\User32.dll => File is digitally signed
C:\WINDOWS\SysWOW64\User32.dll => File is digitally signed
C:\WINDOWS\system32\userinit.exe => File is digitally signed
C:\WINDOWS\SysWOW64\userinit.exe => File is digitally signed
C:\WINDOWS\system32\rpcss.dll => File is digitally signed
C:\WINDOWS\system32\dnsapi.dll => File is digitally signed
C:\WINDOWS\SysWOW64\dnsapi.dll => File is digitally signed
C:\WINDOWS\system32\Drivers\volsnap.sys => File is digitally signed
 
LastRegBack: 2018-05-24 15:14
 
==================== End of FRST.txt ============================


#5 binder

binder
  • Topic Starter

  • Members
  • 10 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Philippines
  • Local time:03:17 AM

Posted 31 July 2018 - 10:21 PM

hi gunto,

got your message. do i need to re-scan FRST?



#6 Gunto

Gunto

    Bleepin' Reject Phoenix


  • Malware Response Team
  • 1,291 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:North Las Vegas, Nevada, USA
  • Local time:12:17 PM

Posted 31 July 2018 - 10:31 PM

Hi,

 

You do not need to rescan with FRST at the moment, although I would like to see the Addition.txt the program created the first time. Simply copy and paste it into your response like you did with the last log. It's in the same folder as FRST.txt.

 

Gunto


Beautiful avatar by Plumbeck!

 

Bury me in honor; when I'm dead and hit the ground, a love back home, it unfolds...


#7 binder

binder
  • Topic Starter

  • Members
  • 10 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Philippines
  • Local time:03:17 AM

Posted 31 July 2018 - 10:50 PM

Additional scan result of Farbar Recovery Scan Tool (x64) Version: 21.07.2018
Ran by arlene.mandia (01-08-2018 10:33:35)
Running from C:\Users\arlene.mandia\Downloads
Windows 10 Home Version 1803 17134.112 (X64) (2018-05-24 08:03:19)
Boot Mode: Normal
==========================================================
 
 
==================== Accounts: =============================
 
Administrator (S-1-5-21-2204550158-3753436120-1288192212-500 - Administrator - Disabled)
arlene.mandia (S-1-5-21-2204550158-3753436120-1288192212-1001 - Administrator - Enabled) => C:\Users\arlene.mandia
DefaultAccount (S-1-5-21-2204550158-3753436120-1288192212-503 - Limited - Disabled)
Guest (S-1-5-21-2204550158-3753436120-1288192212-501 - Limited - Disabled)
HomeGroupUser$ (S-1-5-21-2204550158-3753436120-1288192212-1003 - Limited - Enabled)
WDAGUtilityAccount (S-1-5-21-2204550158-3753436120-1288192212-504 - Limited - Disabled)
 
==================== Security Center ========================
 
(If an entry is included in the fixlist, it will be removed.)
 
AV: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AV: McAfee VirusScan (Enabled - Up to date) {8BCDACFA-D264-3528-5EF8-E94FD0BC1FBC}
AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: McAfee VirusScan (Enabled - Up to date) {30AC4D1E-F45E-3AA6-6448-D23DAB3B5501}
FW: McAfee Firewall (Enabled) {B3F62DDF-980B-3470-75A7-407A2E6F58C7}
 
==================== Installed Programs ======================
 
(Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)
 
64 Bit HP CIO Components Installer (HKLM\...\{FF21C3E6-97FD-474F-9518-8DCBE94C2854}) (Version: 7.2.8 - Hewlett-Packard) Hidden
Adobe Flash Player 30 NPAPI (HKLM-x32\...\Adobe Flash Player NPAPI) (Version: 30.0.0.134 - Adobe Systems Incorporated)
Adobe Flash Player 30 PPAPI (HKLM-x32\...\Adobe Flash Player PPAPI) (Version: 30.0.0.134 - Adobe Systems Incorporated)
ALPS Touch Pad Driver (HKLM\...\{9F72EF8B-AEC9-4CA5-B483-143980AFD6FD}) (Version: 8.201.1611.252 - Alps Electric)
Apple Application Support (HKLM-x32\...\{46F044A5-CE8B-4196-984E-5BD6525E361D}) (Version: 2.3.6 - Apple Inc.)
Apple Mobile Device Support (HKLM\...\{439760BC-7737-4386-9B1D-A90A3E8A22EA}) (Version: 3.4.1.2 - Apple Inc.)
Apple Software Update (HKLM-x32\...\{FFD1F7F1-1AC9-4BC4-A908-0686D635ABAF}) (Version: 2.1.4.131 - Apple Inc.)
Bing Bar (HKLM-x32\...\{3611CA6C-5FCA-4900-A329-6A118123CCFC}) (Version: 7.1.355.0 - Microsoft Corporation)
Bonjour (HKLM\...\{0E543634-7E25-4B8F-8D5B-97880E5E5088}) (Version: 2.0.5.0 - Apple Inc.)
BufferChm (HKLM-x32\...\{FA0FF682-CC70-4C57-93CD-E276F3E7537E}) (Version: 140.0.298.000 - Hewlett-Packard) Hidden
CCSDK (HKLM-x32\...\{AE75190B-11B4-4F90-8254-DAB275CF2557}_is1) (Version: 1.1.0.7 - Lenovo)
Copy (HKLM-x32\...\{9BE466FF-70B7-4DA8-807C-DB4C3610FDAA}) (Version: 140.0.298.000 - Hewlett-Packard) Hidden
CyberLink PowerDirector 10 (HKLM\...\{B0B4F6D2-F2AE-451A-9496-6F2F6A897B32}) (Version: 10.0.0.2810 - CyberLink Corp.) Hidden
CyberLink PowerDirector 10 (HKLM-x32\...\InstallShield_{B0B4F6D2-F2AE-451A-9496-6F2F6A897B32}) (Version: 10.0.0.2810 - CyberLink Corp.)
D3DX10 (HKLM-x32\...\{E09C4DB7-630C-4F06-A631-8EA7239923AF}) (Version: 15.4.2368.0902 - Microsoft) Hidden
Dependency Package Update (HKLM-x32\...\{3117B53D-A409-4D99-A0DE-11A1A40696FA}) (Version: 1.6.32.00 - Lenovo Group Limited) Hidden
Dependency Package Update (HKLM-x32\...\{4430150F-61B3-4142-BE04-EAC68C8DDA18}) (Version: 1.6.32.00 - Lenovo Group Limited) Hidden
Dependency Package Update (HKLM-x32\...\{4AF6C9BC-D8DB-4286-94D9-474CE54ADAA2}) (Version: 1.6.38.00 - Lenovo Group Limited) Hidden
Dependency Package Update (HKLM-x32\...\{503B47A9-E34A-4841-ADD7-417191D5DB5E}) (Version: 1.6.32.00 - Lenovo Group Limited) Hidden
Dependency Package Update (HKLM-x32\...\{546FF45D-2467-4950-AAFB-0A06ACBB6B2C}) (Version: 1.6.32.00 - Lenovo Group Limited) Hidden
Dependency Package Update (HKLM-x32\...\{5B2190E9-199D-450A-94B3-4D6826C770C2}) (Version: 1.6.32.00 - Lenovo Group Limited) Hidden
Dependency Package Update (HKLM-x32\...\{5BEFE1E1-F597-4B79-913B-15FFDB25B744}) (Version: 1.6.32.00 - Lenovo Group Limited) Hidden
Dependency Package Update (HKLM-x32\...\{63DE35C9-B080-4D03-B110-99E14FD35BCE}) (Version: 1.6.32.00 - Lenovo Group Limited) Hidden
Dependency Package Update (HKLM-x32\...\{65316098-0220-4D5C-B37A-6136083A0897}) (Version: 1.6.32.00 - Lenovo Group Limited) Hidden
Dependency Package Update (HKLM-x32\...\{E966DBE4-5075-465E-BA81-BC9A3A3204B3}) (Version: 1.6.32.00 - Lenovo Group Limited) Hidden
Destinations (HKLM-x32\...\{BD7204BA-DD64-499E-9B55-6A282CDF4FA4}) (Version: 140.0.253.000 - Hewlett-Packard) Hidden
DeviceDiscovery (HKLM-x32\...\{1458BB78-1DC5-4BC0-B9A3-2B644F5A8105}) (Version: 140.0.298.000 - Hewlett-Packard) Hidden
DJ_AIO_03_F2200_Software_Min (HKLM-x32\...\{2711B584-259B-4723-A6F2-F3CFA291AFA2}) (Version: 140.0.425.000 - Hewlett-Packard) Hidden
DocProc (HKLM-x32\...\{9B362566-EC1B-4700-BB9C-EC661BDE2175}) (Version: 140.0.185.000 - Hewlett-Packard) Hidden
Dolby Digital Plus (HKLM\...\{D2CD7DCF-D129-4A54-8543-38BECC6CFDAE}) (Version: 7.6.7.1 - Dolby Laboratories Inc)
F2200 (HKLM-x32\...\{C81DA04A-1D44-4D4A-8108-5129331BBA00}) (Version: 140.0.425.000 - Hewlett-Packard) Hidden
Facebook Games Arcade 0.10.0.3 (HKLM-x32\...\{C3B7C124-136A-4E19-B21C-BDA26F8BA5A7}) (Version: 0.10.0.3 - Facebook)
Garena - League of Legends (HKLM-x32\...\LoLPH) (Version:  - Garena Online Pte Ltd.)
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 67.0.3396.99 - Google Inc.)
Google Earth Pro (HKLM-x32\...\{026258D5-B4DA-4BAA-AE33-D7F6E110AF45}) (Version: 7.3.2.5487 - Google)
Google Update Helper (HKLM-x32\...\{60EC980A-BDA2-4CB6-A427-B07A5498B4CA}) (Version: 1.3.33.17 - Google Inc.) Hidden
GPBaseService2 (HKLM-x32\...\{BB3447F6-9553-4AA9-960E-0DB5310C5779}) (Version: 140.0.297.000 - Hewlett-Packard) Hidden
HP Customer Participation Program 14.0 (HKLM\...\HPExtendedCapabilities) (Version: 14.0 - HP)
HP Deskjet F2200 All-In-One Driver Software 14.0 Rel. 6 (HKLM\...\{60D6AAC5-FDC1-49BA-867B-3135F4726156}) (Version: 14.0 - HP)
HP Imaging Device Functions 14.0 (HKLM\...\HP Imaging Device Functions) (Version: 14.0 - HP)
HP Photo Creations (HKLM-x32\...\HP Photo Creations) (Version: 1.0.0.2024 - HP Photo Creations Powered by RocketLife)
HP Solution Center 14.0 (HKLM\...\HP Solution Center & Imaging Support Tools) (Version: 14.0 - HP)
HP Support Solutions Framework (HKLM-x32\...\{F6A11738-3EE4-4573-AEA5-6CD5D491C167}) (Version: 12.9.18.3 - Hewlett-Packard Company)
HP Update (HKLM-x32\...\{912D30CF-F39E-4B31-AD9A-123C6B794EE2}) (Version: 5.005.002.002 - Hewlett-Packard)
HPPhotoGadget (HKLM-x32\...\{CAE4213F-F797-439D-BD9E-79B71D115BE3}) (Version: 140.0.524.000 - Hewlett-Packard) Hidden
HPProductAssistant (HKLM-x32\...\{150B6201-E9E6-4DFB-960E-CCBD53FBDDED}) (Version: 140.0.298.000 - Hewlett-Packard) Hidden
HPSSupply (HKLM-x32\...\{AC35A885-0F8F-4857-B7DA-6E8DFB43E6B3}) (Version: 140.0.297.000 - Hewlett-Packard) Hidden
Intel Security True Key (HKLM\...\TrueKey) (Version: 5.0.150.1 - McAfee)
Intel® Chipset Device Software (HKLM-x32\...\{f5d71765-7cd1-4e68-998f-5b379e725da3}) (Version: 10.0.22 - Intel® Corporation) Hidden
Intel® Control Center (HKLM-x32\...\{F8A9085D-4C7A-41a9-8A77-C8998A96C421}) (Version: 1.2.1.1008 - Intel Corporation)
Intel® Management Engine Components (HKLM\...\{1CEAC85D-2590-4760-800F-8DE5E91F3700}) (Version: 10.0.30.1072 - Intel Corporation)
Intel® Processor Graphics (HKLM-x32\...\{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}) (Version: 20.19.15.4624 - Intel Corporation)
Intel® Rapid Storage Technology (HKLM\...\{409CB30E-E457-4008-9B1A-ED1B9EA21140}) (Version: 13.5.0.1056 - Intel Corporation)
Intel® Serial IO (HKLM\...\{9FD91C5C-44AE-4D9D-85BE-AE52816B0294}) (Version: 1.1.226.0 - Intel Corporation)
Intel® Update Manager (HKLM-x32\...\{7224B7CE-196C-4E2A-A1AE-1D7BF259FD36}) (Version: 3.4.1942 - Intel Corporation)
Intel® Wireless Bluetooth®(patch version 17.1.1449.356) (HKLM\...\{302600C1-6BDF-4FD1-1411-148929CC1385}) (Version: 17.1.1411.0506 - Intel Corporation)
Intel® PROSet/Wireless Software (HKLM-x32\...\{9bffdf20-c3a3-4e93-9cbf-61712c6a38be}) (Version: 17.13.2 - Intel Corporation)
iTunes (HKLM\...\{BCF07271-A853-4D3A-B668-4B752174CAA8}) (Version: 10.3.1.55 - Apple Inc.)
Kingsoft PDF to Word SDK (2.0.1) (HKLM\...\{F0915BBA-A86F-4672-807D-30F38DFC2B44}) (Version: 2.0.1 - Zhuhai Kingsoft Office Software Co.,Ltd)
LeapFrog Connect (HKLM-x32\...\{97CD1D2B-20BD-40E8-825E-B4BDA5071B73}) (Version: 7.0.7.20035 - LeapFrog) Hidden
LeapFrog Connect (HKLM-x32\...\UPCShell) (Version: 7.0.7.20035 - LeapFrog)
LeapFrog LeapReader Plugin (HKLM-x32\...\{53136BA4-AEC5-4695-9A51-7C63B7F32E7C}) (Version: 7.0.6.19846 - LeapFrog) Hidden
Lenovo App Services (HKLM\...\Lenovo App Services) (Version: 0.200.8.268 - Lenovo)
Lenovo EasyCamera (HKLM-x32\...\{E399A5B3-ED53-4DEA-AF04-8011E1EB1EAC}) (Version: 6.3.9600.11103 - Realtek Semiconductor Corp.)
Lenovo FusionEngine  (HKLM-x32\...\Lenovo FusionEngine) (Version: 1.0.13.0 - Lenovo, Inc.)
Lenovo Mobile Phone Wireless Import (HKLM-x32\...\{DFB2E0D6-8DDE-49A4-B8F7-03C14DACCBA6}) (Version: 1.1.1.9 - Lenovo) Hidden
Lenovo Mobile Phone Wireless Import (HKLM-x32\...\InstallShield_{DFB2E0D6-8DDE-49A4-B8F7-03C14DACCBA6}) (Version: 1.1.1.9 - Lenovo)
Lenovo Motion Control (HKLM-x32\...\{D3F38500-4C99-4E4F-9786-B907224E13A1}) (Version: 2.6.0.0528 - PointGrab) Hidden
Lenovo Motion Control (HKLM-x32\...\InstallShield_{D3F38500-4C99-4E4F-9786-B907224E13A1}) (Version: 2.6.0.0528 - PointGrab)
Lenovo OneKey Recovery (HKLM\...\{46F4D124-20E5-4D12-BE52-EC177A7A4B42}) (Version: 8.1.0.4706 - CyberLink Corp.) Hidden
Lenovo OneKey Recovery (HKLM-x32\...\InstallShield_{46F4D124-20E5-4D12-BE52-EC177A7A4B42}) (Version: 8.1.0.4706 - CyberLink Corp.)
Lenovo Patch Utility (HKLM-x32\...\{E8F27ADF-B1ED-41AF-A7EF-D5E71778480C}) (Version: 1.3.2.6 - Lenovo Group Limited) Hidden
Lenovo Patch Utility 64 bit (HKLM\...\{49A09C2C-FFF4-478E-B397-5E0979F67F5D}) (Version: 1.3.2.6 - Lenovo Group Limited) Hidden
Lenovo PhoneCompanion (HKLM-x32\...\{0F82EA83-B0C5-4AB9-9695-DFE92C5FD57B}) (Version: 2.0.0.19 - Lenovo) Hidden
Lenovo PhoneCompanion (HKLM-x32\...\InstallShield_{0F82EA83-B0C5-4AB9-9695-DFE92C5FD57B}) (Version: 2.0.0.19 - Lenovo)
Lenovo Photo Master (HKLM-x32\...\{BC94C56A-3649-420C-8756-2ADEBE399D33}) (Version: 2.5.5720.01 - CyberLink Corp.)
Lenovo Settings - Camera Audio (HKLM\...\{88C6A6D9-324C-46E8-BA87-563D14021442}_is1) (Version: 4.3.24.256 - Lenovo Corporation)
Lenovo Settings (HKLM\...\{D14CCBF5-1A3A-4C08-955B-BE6D519835C4}_is1) (Version: 2.0.0.5 - Lenovo)
Lenovo Settings Dependency Package (HKLM\...\{3694BA2E-BE31-4B7E-886B-A0B559E69D4D}_is1) (Version: 2.3.3.33 - Lenovo Group Limited)
Lenovo Settings Service (HKLM\...\{8C6F1EBA-17F1-4481-B688-9777E63E985F}_is1) (Version: 2.3.0.21 - Lenovo Group Limited)
Lenovo Settings UMDF driver (HKLM\...\{2BDC7413-65EA-4B99-8C4B-02F11075BE6D}_is1) (Version: 1.2.0.7 - Lenovo Group Limited)
Lenovo Settings WiFi (HKLM\...\{86045A6C-C156-4349-A3E2-47A88A42F5C2}_is1) (Version: 2.0.0.4 - Lenovo)
MarketResearch (HKLM-x32\...\{D360FA88-17C8-4F14-B67F-13AAF9607B12}) (Version: 140.0.212.000 - Hewlett-Packard) Hidden
McAfee Internet Security (HKLM-x32\...\MSC) (Version: 16.0 R12 - McAfee, Inc.)
McAfee Security Scan Plus (HKLM\...\McAfee Security Scan) (Version: 3.11.717.1 - McAfee, Inc.)
McAfee Virtual Technician (HKLM-x32\...\McAfee Virtual Technician) (Version: 8.2.0.335 - McAfee, Inc.)
McAfee WebAdvisor (HKLM-x32\...\{35ED3F83-4BDC-4c44-8EC6-6A8301C7413A}) (Version: 4.0.7.208 - McAfee, Inc.)
Metric Collection SDK 35 (HKLM-x32\...\{C2B5B5B0-2545-4E94-B4BA-548D4BF0B196}) (Version: 1.2.0006.00 - Lenovo Group Limited) Hidden
Microsoft ASP.NET MVC 2 (HKLM-x32\...\{DD8FF2F3-0D97-4CF3-AF78-FA0E1B242244}) (Version: 2.0.60926.0 - Microsoft Corporation)
Microsoft Office 365 - en-us (HKLM\...\O365HomePremRetail - en-us) (Version: 16.0.10228.20134 - Microsoft Corporation)
Microsoft OneDrive (HKU\S-1-5-21-2204550158-3753436120-1288192212-1001\...\OneDriveSetup.exe) (Version: 18.111.0603.0006 - Microsoft Corporation)
Microsoft SQL Server 2005 Compact Edition [ENU] (HKLM-x32\...\{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}) (Version: 3.1.0000 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.61030 (HKLM-x32\...\{33d1fd90-4274-48a1-9bc1-97e33d9c2d6f}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x64) - 12.0.30501 (HKLM-x32\...\{050d4fc8-5d48-4b8f-8972-47c82c46020f}) (Version: 12.0.30501.0 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.30501 (HKLM-x32\...\{f65db027-aff3-4070-886a-0d87064aabb1}) (Version: 12.0.30501.0 - Microsoft Corporation)
Movie Maker (HKLM-x32\...\{38F03569-A636-4CF3-BDDE-032C8C251304}) (Version: 16.4.3528.0331 - Microsoft Corporation) Hidden
Movie Maker (HKLM-x32\...\{DD67BE4B-7E62-4215-AFA3-F123A800A389}) (Version: 16.4.3528.0331 - Microsoft Corporation) Hidden
NVIDIA 3D Vision Driver 376.54 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.3DVision) (Version: 376.54 - NVIDIA Corporation)
NVIDIA GeForce Experience 2.1.5 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.GFExperience) (Version: 2.1.5 - NVIDIA Corporation)
NVIDIA Graphics Driver 376.54 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver) (Version: 376.54 - NVIDIA Corporation)
NVIDIA PhysX System Software 9.14.0702 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.PhysX) (Version: 9.14.0702 - NVIDIA Corporation)
OCR Software by I.R.I.S. 14.0 (HKLM\...\HPOCR) (Version: 14.0 - HP)
Office 16 Click-to-Run Extensibility Component (HKLM-x32\...\{90160000-008C-0000-0000-0000000FF1CE}) (Version: 16.0.10228.20134 - Microsoft Corporation) Hidden
Office 16 Click-to-Run Extensibility Component 64-bit Registration (HKLM\...\{90160000-00DD-0000-1000-0000000FF1CE}) (Version: 16.0.10228.20134 - Microsoft Corporation) Hidden
Office 16 Click-to-Run Licensing Component (HKLM\...\{90160000-008F-0000-1000-0000000FF1CE}) (Version: 16.0.10228.20134 - Microsoft Corporation) Hidden
Office 16 Click-to-Run Localization Component (HKLM-x32\...\{90160000-008C-0409-0000-0000000FF1CE}) (Version: 16.0.10228.20134 - Microsoft Corporation) Hidden
OldSchool RuneScape Launcher 1.2.7 (HKLM-x32\...\{FEDDCE73-34B8-4980-90B8-8619A78C902C}) (Version: 1.2.7 - Jagex Ltd)
OneKey Optimizer (HKLM-x32\...\{D5D573DC-D989-4769-9B56-D6A7EA503D7F}) (Version: 1.1.20.16 - Lenovo) Hidden
OneKey Optimizer (HKLM-x32\...\InstallShield_{D5D573DC-D989-4769-9B56-D6A7EA503D7F}) (Version: 1.1.20.16 - Lenovo)
Opera Stable 54.0.2952.64 (HKU\S-1-5-21-2204550158-3753436120-1288192212-1001\...\Opera 54.0.2952.64) (Version: 54.0.2952.64 - Opera Software)
osrss (HKLM-x32\...\{1BA1133B-1C7A-41A0-8CBF-9B993E63D296}) (Version: 1.0.0 - Microsoft Corporation) Hidden
PremierOpinion (HKLM-x32\...\{eeb86aef-4a5d-4b75-9d74-f16d438fc286}) (Version: 1.3.337.388 - VoiceFive, Inc.) <==== ATTENTION
QuickTime 7 (HKLM-x32\...\{FF59BD75-466A-4D5A-AD23-AAD87C5FD44C}) (Version: 7.79.80.95 - Apple Inc.)
Realtek Ethernet Controller Driver (HKLM-x32\...\{8833FFB6-5B0C-4764-81AA-06DFEED9A476}) (Version: 8.33.529.2014 - Realtek)
Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.7606 - Realtek Semiconductor Corp.)
Scan (HKLM-x32\...\{06A1D88C-E102-4527-AF70-29FFD7AF215A}) (Version: 140.0.253.000 - Hewlett-Packard) Hidden
SHAREit (HKLM-x32\...\SHAREit_is1) (Version: 2.1.8.0 - Lenovo Group Limited)
SHIELD Streaming (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_GFExperience.NvStreamSrv) (Version: 3.1.3000 - NVIDIA Corporation) Hidden
SHIELD Wireless Controller Driver (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_ShieldWirelessController) (Version: 16.18.10 - NVIDIA Corporation) Hidden
Shop for HP Supplies (HKLM\...\Shop for HP Supplies) (Version: 14.0 - HP)
Skype Click to Call (HKLM-x32\...\{873F8E7C-10E6-449F-BD7E-5FBA7C8E1C9B}) (Version: 8.5.0.9167 - Microsoft Corporation)
SolutionCenter (HKLM-x32\...\{BC5DD87B-0143-4D14-AAE6-97109614DC6B}) (Version: 140.0.299.000 - Hewlett-Packard) Hidden
Status (HKLM-x32\...\{5B025634-7D5B-4B8D-BE2A-7943C1CF2D5D}) (Version: 140.0.342.000 - Hewlett-Packard) Hidden
Toolbox (HKLM-x32\...\{292F0F52-B62D-4E71-921B-89A682402201}) (Version: 140.0.596.000 - Hewlett-Packard) Hidden
TrayApp (HKLM-x32\...\{CD31E63D-47FD-491C-8117-CF201D0AFAB5}) (Version: 140.0.297.000 - Hewlett-Packard) Hidden
UESDK (HKLM-x32\...\{EB3F6640-58AE-4886-B8BA-466B6939A933}_is1) (Version: 1.0.3.6 - Lenovo)
Update for Windows 10 for x64-based Systems (KB4023057) (HKLM\...\{DA171DF3-18B3-446E-BCA6-C08069850FD2}) (Version: 2.36.0.0 - Microsoft Corporation)
UpdateAssistant (HKLM\...\{57D07AAD-97E2-4E16-89C4-1A3C51BC9C98}) (Version: 1.16.0.0 - Microsoft Corporation) Hidden
Use the entry named LeapFrog Connect to uninstall (LeapFrog LeapReader Plugin) (HKLM-x32\...\LeapReaderPlugin) (Version:  - LeapFrog)
User Manuals (HKLM-x32\...\{F07C2CF8-4C53-4EC3-8162-A6221E36EB88}) (Version: 3.0.0.3 - Lenovo) Hidden
User Manuals (HKLM-x32\...\InstallShield_{F07C2CF8-4C53-4EC3-8162-A6221E36EB88}) (Version: 3.0.0.3 - Lenovo)
Viber (HKLM-x32\...\{EB5ED85E-A993-4615-9027-A00679FD8790}) (Version: 9.3.0.4 - Viber Media Inc.) Hidden
Viber (HKU\S-1-5-21-2204550158-3753436120-1288192212-1001\...\{2f7404d1-d03c-4354-8aa6-a5b5d4a41205}) (Version: 9.3.0.4 - Viber Media Inc.)
Vulkan Run Time Libraries 1.0.26.0 (HKLM\...\VulkanRT1.0.26.0) (Version: 1.0.26.0 - LunarG, Inc.)
WebReg (HKLM-x32\...\{8EE94FD8-5F52-4463-A340-185D16328158}) (Version: 140.0.297.017 - Hewlett-Packard) Hidden
Windows 10 Update Assistant (HKLM-x32\...\{D5C69738-B486-402E-85AC-2456D98A64E4}) (Version: 1.4.9200.22402 - Microsoft Corporation)
Windows Driver Package - Leapfrog (Leapfrog-USBLAN) Net  (09/10/2009 02.03.05.012) (HKLM\...\8F14F2ECEDE68D26EA515B48DC25B39103C4FE8D) (Version: 09/10/2009 02.03.05.012 - Leapfrog)
Windows Driver Package - Lenovo (ACPIVPC) System  (09/24/2013 19.29.2.34) (HKLM\...\EE9B1F2037C580F36D92FA431CC02BFF04C31F15) (Version: 09/24/2013 19.29.2.34 - Lenovo)
Windows Driver Package - Lenovo (WUDFRd) LenovoVhid  (07/25/2013 10.30.0.288) (HKLM\...\6BCA401E9CBEED970D75F55FA5320F60D11984E9) (Version: 07/25/2013 10.30.0.288 - Lenovo)
Windows Live Essentials (HKLM-x32\...\WinLiveSuite) (Version: 16.4.3528.0331 - Microsoft Corporation)
Windows Movie Maker 2017 (HKLM-x32\...\{3CC29C1A-B5FE-123B-4321-32A2557A92C7}}_is1) (Version:  - WindowsMovieMaker)
Windows Setup Remediations (x64) (KB4023057) (HKLM\...\{5534e02f-0f5d-40dd-ba92-bea38d22384d}.sdb) (Version:  - )
WPS Office (10.2.0.7439) (HKLM-x32\...\Kingsoft Office) (Version: 10.2.0.7439 - Kingsoft Corp.)
 
==================== Custom CLSID (Whitelisted): ==========================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
CustomCLSID: HKU\S-1-5-21-2204550158-3753436120-1288192212-1001_Classes\CLSID\{70239788-4DAE-49B8-9270-5D8614384B49}\InprocServer32 -> C:\Program Files (x86)\Kingsoft\Kingsoft Office\10.2.0.7439\office6\addons\kpdf2wordshellext\kpdf2wordshellext64.dll (Zhuhai Kingsoft Office Software Co.,Ltd)
CustomCLSID: HKU\S-1-5-21-2204550158-3753436120-1288192212-1001_Classes\CLSID\{cece6816-6107-4dc7-bdbc-20cd5ae1ffed}\localserver32 -> C:\ProgramData\Lenovo\ImController\Plugins\LenovoAppPromotionPlugin\x64\DesktopToastsHelper.exe => No File
ContextMenuHandlers1: [McCtxMenuFrmWrk] -> {CCA9EFD3-29ED-430A-BA6D-E6BBFF0A60C2} => c:\Program Files\McAfee\MSC\McCtxMenuFrmWrk.dll [2018-06-15] (McAfee, Inc.)
ContextMenuHandlers1: [SHAREit.FileContextMenuExt] -> {430BD134-576D-4E75-87CD-0F5C6221A82B} => C:\Program Files (x86)\Lenovo\SHAREit\ShellEx\ShellExt64.dll [2014-08-13] (Lenovo)
ContextMenuHandlers4: [SHAREit.FileContextMenuExt] -> {430BD134-576D-4E75-87CD-0F5C6221A82B} => C:\Program Files (x86)\Lenovo\SHAREit\ShellEx\ShellExt64.dll [2014-08-13] (Lenovo)
ContextMenuHandlers5: [igfxcui] -> {3AB1675A-CCFF-11D2-8B20-00A0C93CB1F4} =>  -> No File
ContextMenuHandlers5: [igfxDTCM] -> {9B5F5829-A529-4B12-814A-E81BCB8D93FC} => C:\WINDOWS\system32\igfxDTCM.dll [2017-05-02] (Intel Corporation)
ContextMenuHandlers5: [NvCplDesktopContext] -> {3D1975AF-48C6-4f8e-A182-BE0E08FA86A9} => C:\WINDOWS\system32\nvshext.dll [2016-12-29] (NVIDIA Corporation)
ContextMenuHandlers6: [McCtxMenuFrmWrk] -> {CCA9EFD3-29ED-430A-BA6D-E6BBFF0A60C2} => c:\Program Files\McAfee\MSC\McCtxMenuFrmWrk.dll [2018-06-15] (McAfee, Inc.)
ContextMenuHandlers1_S-1-5-21-2204550158-3753436120-1288192212-1001: [kpdf2wordshellext] -> {70239788-4DAE-49B8-9270-5D8614384B49} => C:\Program Files (x86)\Kingsoft\Kingsoft Office\10.2.0.7439\office6\addons\kpdf2wordshellext\kpdf2wordshellext64.dll [2018-07-10] (Zhuhai Kingsoft Office Software Co.,Ltd)
 
==================== Scheduled Tasks (Whitelisted) =============
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
Task: {01601E69-3B4A-4DF0-ABE6-0EAB5A3CBF7A} - System32\Tasks\Adobe Flash Player Updater => C:\WINDOWS\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2018-07-11] (Adobe Systems Incorporated)
Task: {0280D9C2-3C86-4623-8743-1C45F32DD021} - System32\Tasks\Apple\AppleSoftwareUpdate => C:\Program Files (x86)\Apple Software Update\SoftwareUpdate.exe [2015-08-27] (Apple Inc.)
Task: {1572B069-8045-4170-BE8E-7869B9D111CF} - \Microsoft\Windows\Setup\GWXTriggers\OutOfSleep-5d -> No File <==== ATTENTION
Task: {1895ED86-4D73-434A-9B3E-4E2EC831BDE4} - System32\Tasks\Hewlett-Packard\HP Support Assistant\HP Support Solutions Framework Updater => C:\Program Files (x86)\Hewlett-Packard\HP Support Solutions\Modules\HPSSFUpdater.exe [2017-09-20] (HP Inc.)
Task: {1D8F94DA-2FE6-45F4-8685-1FB83B92E659} - System32\Tasks\Lenovo App Services => C:\ProgramData\Lenovo App Services\Engine\LenovoAppServices.exe [2016-10-07] (Lenovo)
Task: {26CDD59B-5F82-40D8-A406-75FF15919B3C} - \Microsoft\Windows\Setup\gwx\refreshgwxcontent -> No File <==== ATTENTION
Task: {27D4A679-EB06-4C3A-A1BD-39BB7B6D86CF} - System32\Tasks\Lenovo\ImController\Lenovo iM Controller Monitor => C:\WINDOWS\system32\ImController.InfInstaller.exe [2018-05-16] (Lenovo Group Limited)
Task: {2983AE7D-E079-47AC-86DC-03B2F357A695} - System32\Tasks\WpsUpdateTask_arlene.mandia => C:\Program Files (x86)\Kingsoft\Kingsoft Office\10.2.0.7439\wtoolex\wpsupdate.exe [2018-07-10] (Zhuhai Kingsoft Office Software Co.,Ltd)
Task: {352E6CA0-7314-4DF4-89C4-682368D80D57} - System32\Tasks\Microsoft\Windows\Workplace Join\Automatic-Workplace-Join => C:\WINDOWS\System32\AutoWorkplace.exe
Task: {379D766B-95E8-4BCD-A0B4-AB19403CB52F} - System32\Tasks\Lenovo\ImController\Lenovo iM Controller Scheduled Maintenance => %windir%\system32\sc.exe START ImControllerService
Task: {3E48959B-31B9-4C9B-9C37-FE4F23CC94A8} - \Microsoft\Windows\Setup\GWXTriggers\refreshgwxconfig-B -> No File <==== ATTENTION
Task: {3F660C2D-DEED-4D1D-B68E-F49C13D345E5} - \Microsoft\Windows\Setup\GWXTriggers\Time-5d -> No File <==== ATTENTION
Task: {4761EC9C-5AEE-4026-BC78-260E7F599323} - \WPD\SqmUpload_S-1-5-21-2204550158-3753436120-1288192212-1001 -> No File <==== ATTENTION
Task: {4B8417A9-0E21-44B3-9C68-7B3ABC3F6AE8} - \Microsoft\Windows\Setup\GWXTriggers\Telemetry-4xd -> No File <==== ATTENTION
Task: {4F777623-70B0-4E7D-9D1B-4372C08E8E7D} - System32\Tasks\UMonitor Task => C:\windows\SysWOW64\UMonit64.exe
Task: {511FC881-6E16-4A7A-BF6D-92E2C7F88CCC} - System32\Tasks\McAfee Remediation (Prepare) => C:\Program Files\Common Files\AV\McAfee VirusScan\upgrade.exe [2018-05-04] (McAfee, Inc.)
Task: {51A1ACDA-B0BF-4F09-826E-599110816B95} - System32\Tasks\Hewlett-Packard\HP Support Assistant\HP Support Solutions Framework Updater – Install HPSA => C:\Program Files (x86)\Hewlett-Packard\HP Support Solutions\Modules\HPSSFUpdater.exe [2017-09-20] (HP Inc.)
Task: {549B4B85-7F17-4F8A-9CE6-D7A523C6F4F0} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2016-06-23] (Google Inc.)
Task: {57ABD194-AA47-4A91-B690-DB6613E6B262} - System32\Tasks\CyberLink\Photo Master Gadget startup => C:\Program Files (x86)\Lenovo\Lenovo Photo Master\PhotoMasterWorker.exe [2016-09-22] (CyberLink Corp.)
Task: {58A4A1D5-FC34-4067-968A-3A1422CB7448} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2016-06-23] (Google Inc.)
Task: {5C1B6D14-C418-49A6-B21B-E2520599A1D9} - System32\Tasks\Opera scheduled Autoupdate 1445663242 => C:\Users\arlene.mandia\AppData\Local\Programs\Opera\launcher.exe [2018-07-25] (Opera Software)
Task: {5C2B51B4-1187-4B90-8AC9-1C19180EBD7D} - \Microsoft\Windows\Setup\gwx\refreshgwxconfigandcontent -> No File <==== ATTENTION
Task: {5C73CF0B-CA88-44DF-8377-435B1034AD26} - System32\Tasks\McAfeeLogon => C:\Program Files\Common Files\McAfee\Platform\McUICnt.exe [2018-02-28] (McAfee, Inc.)
Task: {5F784BB8-2283-47A5-8607-F22AC49A6906} - System32\Tasks\Microsoft\Office\OfficeBackgroundTaskHandlerRegistration => C:\Program Files (x86)\Microsoft Office\root\Office16\officebackgroundtaskhandler.exe [2018-07-21] (Microsoft Corporation)
Task: {60C1D271-4568-4337-BD42-9A6069E9C01A} - \Microsoft\Windows\Setup\gwx\refreshgwxconfig -> No File <==== ATTENTION
Task: {65B85F6F-35B3-4459-A179-28255D5B7B25} - System32\Tasks\Microsoft\Windows\HelloFace\FODCleanupTask => C:\WINDOWS\System32\WinBioPlugIns\FaceFodUninstaller.exe [2018-04-12] ()
Task: {6ABF7964-4C60-4134-8083-9866465DA326} - System32\Tasks\Microsoft\Office\OfficeBackgroundTaskHandlerLogon => C:\Program Files (x86)\Microsoft Office\root\Office16\officebackgroundtaskhandler.exe [2018-07-21] (Microsoft Corporation)
Task: {6DCAE760-DEE1-4CBA-A037-C85487403D49} - \Microsoft\Windows\Setup\GWXTriggers\Logon-5d -> No File <==== ATTENTION
Task: {6F3310E7-634D-4457-94CA-5076CC02C32B} - System32\Tasks\McAfee\McAfee Auto Maintenance Task Agent
Task: {72118BFD-8AFB-42B1-8B4E-43E0A7DBDDE4} - System32\Tasks\Microsoft\Office\OfficeOsfInstaller => C:\Program Files (x86)\Microsoft Office\root\VFS\ProgramFilesCommonX86\Microsoft Shared\Office16\osfinstaller.exe [2018-07-21] (Microsoft Corporation)
Task: {7A96598E-E6AA-4D2E-8DDE-632371797E4B} - System32\Tasks\Lenovo\Lenovo Customer Feedback Program 64 35 => C:\Program Files (x86)\Lenovo\Customer Feedback Program 35\Lenovo.TVT.CustomerFeedback.Agent35.exe [2014-09-11] (Lenovo)
Task: {7D0AB91E-093F-4380-B1FC-E2DC4D5C546E} - \Microsoft\Windows\UNP\RunCampaignManager -> No File <==== ATTENTION
Task: {80378BF5-37E8-4E47-A00B-207FE315E4B4} - System32\Tasks\Lenovo\ImController\TimeBasedEvents\638cb056-9857-494c-80b4-8d4f1a1c265b => C:\Program Files\Lenovo\ImController\Service\Lenovo.Modern.ImController.exe [2018-05-16] (Lenovo Group Limited)
Task: {806C323D-4BC2-4247-92A1-F04E60E15827} - System32\Tasks\IUM-F1E24CA0-B63E-4F13-A9E3-4ADE3BFF3473 => C:\Program Files (x86)\Intel\Intel® Update Manager\bin\iumsvc.exe [2016-08-12] (Intel Corporation)
Task: {80DFEAD3-E402-462E-80C1-F9325578EB7D} - \Microsoft\Windows\Setup\gwx\launchtrayprocess -> No File <==== ATTENTION
Task: {83060855-5A9A-4FF9-923C-0A18240FB1D5} - System32\Tasks\Adobe Flash Player PPAPI Notifier => C:\WINDOWS\SysWOW64\Macromed\Flash\FlashUtil32_30_0_0_134_pepper.exe [2018-07-11] (Adobe Systems Incorporated)
Task: {8CC47B4A-FA9E-4810-B845-6C7A2E6D9871} - System32\Tasks\McAfee\DAD.Execute.Updates => C:\Program Files\Common Files\McAfee\DynamicAppDownloader\1.1.178\DADUpdater.exe [2018-07-09] (McAfee, Inc.)
Task: {953DACE3-74CD-4BD8-871C-F3F2454D41E0} - System32\Tasks\Hewlett-Packard\HP Support Assistant\HP Support Solutions Framework Report => C:\Program Files (x86)\Hewlett-Packard\HP Support Solutions\Modules\HPSFReport.exe [2017-06-22] (HP Inc.)
Task: {9A6402BD-B715-41D6-B5A6-0205B3CF85BC} - \Microsoft\Windows\Setup\GWXTriggers\MachineUnlock-5d -> No File <==== ATTENTION
Task: {9D4EF72B-51E7-474C-B7C3-7EB139ABA5C3} - System32\Tasks\Microsoft\Office\Office Subscription Maintenance => C:\Program Files (x86)\Microsoft Office\root\vfs\ProgramFilesCommonx86\Microsoft Shared\Office16\OLicenseHeartbeat.exe [2018-07-21] (Microsoft Corporation)
Task: {AC578249-5364-401A-A0FA-0F6100DD134F} - System32\Tasks\Adobe Flash Player NPAPI Notifier => C:\WINDOWS\SysWOW64\Macromed\Flash\FlashUtil32_30_0_0_134_Plugin.exe [2018-07-11] (Adobe Systems Incorporated)
Task: {B2586150-2515-4329-9792-10D383C9977E} - \Microsoft\Windows\Setup\GWXTriggers\OutOfIdle-5d -> No File <==== ATTENTION
Task: {B540AF8D-2C37-4338-8A8C-E3BAE9BD3176} - System32\Tasks\Microsoft\Windows\Setup\Notifier => C:\WINDOWS\system32\Notifier.exe
Task: {BAD7ECA5-A5C7-40CF-813E-9E9CDE1E2EE6} - System32\Tasks\Lenovo\Lenovo Customer Feedback Program 64 => C:\Program Files (x86)\Lenovo\Customer Feedback Program\Lenovo.TVT.CustomerFeedback.Agent.exe [2014-09-03] (Lenovo)
Task: {C16FDFEB-4C18-4F65-B68B-B43C6B144E20} - System32\Tasks\Microsoft\Office\Office ClickToRun Service Monitor => C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeC2RClient.exe [2018-07-13] (Microsoft Corporation)
Task: {C5FA88BB-F247-4D29-B5E2-F90636360AE3} - System32\Tasks\S-1-5-21-2204550158-3753436120-1288192212-1001\DataSenseLiveTileTask => C:\WINDOWS\System32\DataUsageLiveTileTask.exe [2018-04-12] (Microsoft Corporation)
Task: {D08C2CBF-E2F3-4D90-AE9B-FA47F1D08363} - System32\Tasks\WpsExternal_arlene.mandia_20180326134931 => C:\Program Files (x86)\Kingsoft\Kingsoft Office\ksolaunch.exe [2018-07-10] (Zhuhai Kingsoft Office Software Co.,Ltd)
Task: {E1DB6E8B-1B69-4530-A7AC-6CF6E4111130} - System32\Tasks\IUM-F1E24CA0-B63E-4F13-A9E3-4ADE3BFF3473-Logon => C:\Program Files (x86)\Intel\Intel® Update Manager\bin\iumsvc.exe [2016-08-12] (Intel Corporation)
Task: {E503E6DA-33E1-409F-970B-297C294046F6} - System32\Tasks\Lenovo\ImController\TimeBasedEvents\722e14e1-d727-4ede-852c-4f03b3c097ef => C:\Program Files\Lenovo\ImController\Service\Lenovo.Modern.ImController.exe [2018-05-16] (Lenovo Group Limited)
Task: {E5749758-75FA-4216-9A76-1616AAD2314C} - System32\Tasks\Microsoft\Office\Office Automatic Updates 2.0 => C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeC2RClient.exe [2018-07-13] (Microsoft Corporation)
Task: {EBC87786-E733-480E-B313-E6CE76C69DEB} - \McAfee\McAfee Idle Detection Task -> No File <==== ATTENTION
Task: {EFF1992E-7563-4A25-8960-FFD80522E2A3} - System32\Tasks\Lenovo\ImController\TimeBasedEvents\9d7930bc-649f-477c-aae8-9ecd6d654e07 => C:\Program Files\Lenovo\ImController\Service\Lenovo.Modern.ImController.exe [2018-05-16] (Lenovo Group Limited)
Task: {F0D35D1B-D025-41CA-BCC9-869767763FEF} - System32\Tasks\Lenovo\ImController\Plugins\LenovoSystemUpdatePlugin_WeeklyTask => %windir%\System32\reg.exe add hklm\SOFTWARE\Lenovo\SystemUpdatePlugin\scheduler  /v start /t reg_dword /d 1 /f /reg:32
Task: {FB640A9D-BE48-442E-949E-0598F9562EF1} - System32\Tasks\Lenovo\ImController\TimeBasedEvents\fb38c343-3524-419e-9a38-2c72c243d96b => C:\Program Files\Lenovo\ImController\Service\Lenovo.Modern.ImController.exe [2018-05-16] (Lenovo Group Limited)
 
(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)
 
 
==================== Shortcuts & WMI ========================
 
(The entries could be listed to be restored or removed.)
 
 
==================== Loaded Modules (Whitelisted) ==============
 
2018-04-12 07:34 - 2018-04-12 07:34 - 000491744 _____ () C:\Windows\System32\InputHost.dll
2015-06-19 02:20 - 2014-11-21 01:43 - 000016920 _____ () C:\Program Files\Lenovo\OneKey Optimizer\bin\FbServicePS.dll
2015-06-19 02:17 - 2015-06-19 02:16 - 000133440 _____ () C:\Program Files\Lenovo PhoneCompanion\LPAWDService.exe
2015-06-19 02:16 - 2012-04-24 18:43 - 000390632 ____N () C:\Program Files\CyberLink\Shared files\RichVideo64.exe
2015-06-19 02:14 - 2015-01-16 01:06 - 000058624 _____ () C:\ProgramData\LenovoTransition\Server\x64\dptf.dll
2017-07-14 22:42 - 2016-12-29 21:16 - 000134712 _____ () C:\Program Files\NVIDIA Corporation\Display\NvSmartMax64.dll
2018-04-06 19:05 - 2018-04-06 19:05 - 000896136 _____ () C:\Program Files\Common Files\McAfee\CSP\2.9.175.0\McCSPMsgBusDLL.dll
2015-06-19 02:11 - 2014-10-23 01:15 - 000644080 _____ () C:\Program Files (x86)\Lenovo\CCSDK\CCSDK.exe
2015-06-19 02:19 - 2014-11-18 06:35 - 000036632 _____ () C:\Program Files\Lenovo\OneKey Optimizer\bin\Metric.dll
2015-06-19 02:19 - 2014-11-18 06:35 - 000166680 _____ () C:\Program Files\Lenovo\OneKey Optimizer\bin\Lenovo.MetricCollectionMFCx64.dll
2018-04-12 07:34 - 2018-04-12 07:34 - 000472064 _____ () C:\Windows\ShellExperiences\TileControl.dll
2018-04-12 07:34 - 2018-04-12 07:34 - 002759168 _____ () C:\Windows\ShellComponents\TaskFlowUI.dll
2015-06-19 02:11 - 2014-10-23 01:15 - 000410096 _____ () C:\Program Files (x86)\Lenovo\CCSDK\WinGather.exe
2017-05-02 05:03 - 2017-05-02 05:03 - 000401904 _____ () C:\WINDOWS\system32\igfxTray.exe
2018-07-09 20:55 - 2018-06-08 16:56 - 002185216 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\Cortana.Core.dll
2018-05-18 14:50 - 2018-05-18 14:53 - 001922232 _____ () C:\Program Files\WindowsApps\Microsoft.MicrosoftOfficeHub_17.9328.1700.0_x64__8wekyb3d8bbwe\Microsoft.Applications.Telemetry.Windows.dll
2015-06-19 02:19 - 2014-11-18 06:35 - 000040216 _____ () C:\Program Files\Lenovo\OneKey Optimizer\bin\EnglishRes.dll
2018-06-27 10:54 - 2018-06-23 03:15 - 004608856 _____ () C:\Program Files (x86)\Google\Chrome\Application\67.0.3396.99\libglesv2.dll
2018-06-27 10:54 - 2018-06-23 03:15 - 000099672 _____ () C:\Program Files (x86)\Google\Chrome\Application\67.0.3396.99\libegl.dll
2015-06-19 02:20 - 2014-11-21 01:43 - 000159256 _____ () C:\Program Files\Lenovo\OneKey Optimizer\bin\FbApi.dll
2015-06-19 02:19 - 2014-11-18 06:35 - 000036120 _____ () C:\Program Files\Lenovo\OneKey Optimizer\bin\zd.dll
2015-06-19 02:17 - 2015-06-19 02:16 - 000815104 _____ () C:\Program Files\Lenovo PhoneCompanion\adb.exe
2018-07-10 00:21 - 2018-07-10 00:25 - 000024576 _____ () C:\Program Files\WindowsApps\E046963F.LenovoCompanion_4.12.13.0_x86__k1h2ywk1493x8\Lenovo.Discovery.exe
2018-07-10 00:20 - 2018-07-10 00:30 - 000478720 _____ () C:\Program Files\WindowsApps\Microsoft.Windows.Photos_2018.18041.15530.0_x64__8wekyb3d8bbwe\Microsoft.Photos.exe
2018-07-10 00:20 - 2018-07-10 00:30 - 067232256 _____ () C:\Program Files\WindowsApps\Microsoft.Windows.Photos_2018.18041.15530.0_x64__8wekyb3d8bbwe\Microsoft.Photos.dll
2017-10-04 19:05 - 2017-10-04 19:11 - 002523136 _____ () C:\Program Files\WindowsApps\Microsoft.Windows.Photos_2018.18041.15530.0_x64__8wekyb3d8bbwe\UnityEngineDelegates.dll
2018-07-10 00:20 - 2018-07-10 00:32 - 000010752 _____ () C:\Program Files\WindowsApps\Microsoft.Windows.Photos_2018.18041.15530.0_x64__8wekyb3d8bbwe\RenderingPlugin.dll
2018-05-21 20:05 - 2018-05-21 20:06 - 000009216 _____ () C:\Program Files\WindowsApps\Microsoft.Windows.Photos_2018.18041.15530.0_x64__8wekyb3d8bbwe\ImagePipelineNative.dll
2018-07-10 00:20 - 2018-07-10 00:26 - 004214784 _____ () C:\Program Files\WindowsApps\Microsoft.Windows.Photos_2018.18041.15530.0_x64__8wekyb3d8bbwe\MediaEngineCSWrapper.dll
2018-07-10 00:20 - 2018-07-10 00:32 - 000035840 _____ () C:\Program Files\WindowsApps\Microsoft.Windows.Photos_2018.18041.15530.0_x64__8wekyb3d8bbwe\WinMLWrapper.UWP.dll
2018-05-21 20:05 - 2018-05-21 20:06 - 002283008 _____ () C:\Program Files\WindowsApps\Microsoft.Windows.Photos_2018.18041.15530.0_x64__8wekyb3d8bbwe\TrackingDLLUWP.dll
2018-07-10 00:20 - 2018-07-10 00:32 - 014851072 _____ () C:\Program Files\WindowsApps\Microsoft.Windows.Photos_2018.18041.15530.0_x64__8wekyb3d8bbwe\PhotosApp.Windows.dll
2018-07-10 00:20 - 2018-07-10 00:26 - 004058624 _____ () C:\Program Files\WindowsApps\Microsoft.Windows.Photos_2018.18041.15530.0_x64__8wekyb3d8bbwe\MediaEngine.dll
2018-07-10 00:20 - 2018-07-10 00:21 - 003266048 _____ () C:\Program Files\WindowsApps\Microsoft.Windows.Photos_2018.18041.15530.0_x64__8wekyb3d8bbwe\AppCore.Windows.dll
2018-07-10 00:20 - 2018-07-10 00:30 - 001393664 _____ () C:\Program Files\WindowsApps\Microsoft.Windows.Photos_2018.18041.15530.0_x64__8wekyb3d8bbwe\Microsoft.RichMedia.Ink.Controls.dll
2018-07-10 00:20 - 2018-07-10 00:31 - 004218080 _____ () C:\Program Files\WindowsApps\Microsoft.Windows.Photos_2018.18041.15530.0_x64__8wekyb3d8bbwe\Microsoft.UI.Xaml.dll
2018-07-10 00:20 - 2018-07-10 00:23 - 000103424 _____ () C:\Program Files\WindowsApps\Microsoft.Windows.Photos_2018.18041.15530.0_x64__8wekyb3d8bbwe\BendRealityNode.dll
2018-07-10 00:20 - 2018-07-10 00:32 - 000872448 _____ () C:\Program Files\WindowsApps\Microsoft.Windows.Photos_2018.18041.15530.0_x64__8wekyb3d8bbwe\RuntimeConfiguration.dll
2018-05-21 20:05 - 2018-05-21 20:06 - 000043008 _____ () C:\Program Files\WindowsApps\Microsoft.Windows.Photos_2018.18041.15530.0_x64__8wekyb3d8bbwe\Microsoft.Photos.Edit.Services.dll
2018-07-10 00:20 - 2018-07-10 00:32 - 000165376 _____ () C:\Program Files\WindowsApps\Microsoft.Windows.Photos_2018.18041.15530.0_x64__8wekyb3d8bbwe\SKU.dll
2018-07-10 00:23 - 2018-07-10 00:26 - 000093696 _____ () C:\Program Files\WindowsApps\Microsoft.WindowsStore_11805.1001.42.0_x64__8wekyb3d8bbwe\WinStore.Preview.dll
2018-07-10 00:23 - 2018-07-10 00:23 - 002447072 _____ () C:\Program Files\WindowsApps\Microsoft.WindowsStore_11805.1001.42.0_x64__8wekyb3d8bbwe\Microsoft.UI.Xaml.dll
2018-07-10 00:23 - 2018-07-10 00:26 - 007813632 _____ () C:\Program Files\WindowsApps\Microsoft.WindowsStore_11805.1001.42.0_x64__8wekyb3d8bbwe\WinStore.Entertainment.Mobile.dll
2014-05-29 04:16 - 2014-05-29 04:16 - 000013576 _____ () C:\Program Files (x86)\Lenovo\Motion Control\PointGrabDeviceAPI.dll
2017-03-27 18:53 - 2016-09-22 14:24 - 000884504 _____ () C:\Program Files (x86)\Lenovo\Lenovo Photo Master\subsys\Kernel\Boomerang\UNO.dll
2017-03-27 18:52 - 2016-09-22 14:11 - 000081920 _____ () C:\Program Files (x86)\Lenovo\Lenovo Photo Master\koan\_ctypes.pyd
2014-10-11 00:37 - 2014-10-11 00:37 - 001243936 _____ () C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\ACE.dll
2018-07-10 00:21 - 2018-07-10 00:25 - 041523712 _____ () C:\Program Files\WindowsApps\E046963F.LenovoCompanion_4.12.13.0_x86__k1h2ywk1493x8\Lenovo.Discovery.dll
2018-07-10 00:06 - 2018-07-10 00:06 - 000068264 _____ () C:\Program Files (x86)\Kingsoft\Kingsoft Office\10.2.0.7439\office6\krpt.dll
2018-07-10 00:06 - 2018-07-10 00:06 - 009277608 _____ () C:\Program Files (x86)\Kingsoft\Kingsoft Office\10.2.0.7439\office6\QtCore4.dll
2018-07-10 00:06 - 2018-07-10 00:06 - 000200360 _____ () C:\Program Files (x86)\Kingsoft\Kingsoft Office\10.2.0.7439\office6\wpscloudsvrimp.dll
2018-07-10 00:06 - 2018-07-10 00:06 - 000894632 _____ () C:\Program Files (x86)\Kingsoft\Kingsoft Office\10.2.0.7439\office6\QtNetwork4.dll
2018-07-10 00:05 - 2018-07-10 00:05 - 000276136 _____ () C:\Program Files (x86)\Kingsoft\Kingsoft Office\10.2.0.7439\office6\curls.dll
2018-07-10 00:06 - 2018-07-10 00:06 - 011410088 _____ () C:\Program Files (x86)\Kingsoft\Kingsoft Office\10.2.0.7439\office6\QtWebKit4.DLL
2018-07-10 00:06 - 2018-07-10 00:06 - 000247976 _____ () C:\Program Files (x86)\Kingsoft\Kingsoft Office\10.2.0.7439\office6\phonon4.dll
2018-07-10 00:06 - 2018-07-10 00:06 - 000189096 _____ () C:\Program Files (x86)\Kingsoft\Kingsoft Office\10.2.0.7439\office6\addons\kpluginrunner\kpluginrunner.dll
2018-07-10 00:06 - 2018-07-10 00:06 - 000054440 _____ () C:\Program Files (x86)\Kingsoft\Kingsoft Office\10.2.0.7439\office6\rubyenv.dll
2018-07-10 01:57 - 2018-07-10 01:57 - 002253992 _____ () C:\Users\arlene.mandia\AppData\Roaming\Kingsoft\wps\addons\pool\win-i386\ruby_1.0.201806.1\ruby.dll
2018-07-10 01:57 - 2018-07-10 01:57 - 000251560 _____ () C:\Users\arlene.mandia\AppData\Roaming\Kingsoft\wps\addons\pool\win-i386\ruby_1.0.201806.1\qtruby4.dll
2018-07-10 00:06 - 2018-07-10 00:06 - 000031912 _____ () C:\Program Files (x86)\Kingsoft\Kingsoft Office\10.2.0.7439\office6\smokebase.dll
2018-07-10 01:57 - 2018-07-10 01:57 - 001017512 _____ () C:\Users\arlene.mandia\AppData\Roaming\Kingsoft\wps\addons\pool\win-i386\ruby_1.0.201806.1\smokekso.dll
2018-07-10 01:57 - 2018-07-10 01:57 - 003616424 _____ () C:\Users\arlene.mandia\AppData\Roaming\Kingsoft\wps\addons\pool\win-i386\ruby_1.0.201806.1\smokeqtcore.dll
2018-07-10 01:57 - 2018-07-10 01:57 - 000046760 _____ () C:\Users\arlene.mandia\AppData\Roaming\Kingsoft\wps\addons\pool\win-i386\ruby_1.0.201806.1\win32api.dll
2018-07-10 01:57 - 2018-07-10 01:57 - 000082088 _____ () C:\Users\arlene.mandia\AppData\Roaming\Kingsoft\wps\addons\pool\win-i386\ruby_1.0.201806.1\win32ole.dll
2018-07-10 01:57 - 2018-07-10 01:57 - 000028840 _____ () C:\Users\arlene.mandia\AppData\Roaming\Kingsoft\wps\addons\pool\win-i386\ruby_1.0.201806.1\qtwebkitruby.dll
2018-07-10 01:57 - 2018-07-10 01:57 - 000277160 _____ () C:\Users\arlene.mandia\AppData\Roaming\Kingsoft\wps\addons\pool\win-i386\ruby_1.0.201806.1\smokeqtwebkit.dll
2018-07-10 01:57 - 2018-07-10 01:57 - 001048744 _____ () C:\Users\arlene.mandia\AppData\Roaming\Kingsoft\wps\addons\pool\win-i386\ruby_1.0.201806.1\QtScript4.dll
2018-07-10 01:57 - 2018-07-10 01:57 - 000030376 _____ () C:\Users\arlene.mandia\AppData\Roaming\Kingsoft\wps\addons\pool\win-i386\ruby_1.0.201806.1\strscan.dll
2018-07-10 00:06 - 2018-07-10 00:06 - 000037544 _____ () C:\Program Files (x86)\Kingsoft\Kingsoft Office\10.2.0.7439\office6\qt\plugins\imageformats\qgif4.dll
2018-07-10 00:06 - 2018-07-10 00:06 - 000039080 _____ () C:\Program Files (x86)\Kingsoft\Kingsoft Office\10.2.0.7439\office6\qt\plugins\imageformats\qico4.dll
2018-07-10 00:06 - 2018-07-10 00:06 - 000174760 _____ () C:\Program Files (x86)\Kingsoft\Kingsoft Office\10.2.0.7439\office6\qt\plugins\imageformats\qjpeg4.dll
2018-07-10 00:06 - 2018-07-10 00:06 - 000288936 _____ () C:\Program Files (x86)\Kingsoft\Kingsoft Office\10.2.0.7439\office6\qt\plugins\imageformats\qtiff4.dll
2018-07-10 00:06 - 2018-07-10 00:06 - 000135848 _____ () C:\Program Files (x86)\Kingsoft\Kingsoft Office\10.2.0.7439\office6\qt\plugins\imageformats\qwdp4.dll
 
==================== Alternate Data Streams (Whitelisted) =========
 
(If an entry is included in the fixlist, only the ADS will be removed.)
 
 
==================== Safe Mode (Whitelisted) ===================
 
(If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)
 
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\mcpltsvc => ""=""
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\ModuleCoreService => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mcapexe => ""=""
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\McMPFSvc => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\MCODS => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mcpltsvc => ""=""
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfeaack => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfeaack.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfeavfk => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfeavfk.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfefire => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfefirek => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfefirek.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfehidk => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfehidk.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfemms => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfeplk => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfeplk.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfetdi2k => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfetdi2k.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfevtp => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\ModuleCoreService => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\Wdf01000.sys => ""="Driver"
 
==================== Association (Whitelisted) ===============
 
(If an entry is included in the fixlist, the registry item will be restored to default or removed.)
 
 
==================== Internet Explorer trusted/restricted ===============
 
(If an entry is included in the fixlist, it will be removed from the registry.)
 
 
==================== Hosts content: ===============================
 
(If needed Hosts: directive could be included in the fixlist to reset Hosts.)
 
2013-08-22 21:25 - 2018-04-11 00:46 - 000000883 _____ C:\WINDOWS\system32\Drivers\etc\hosts
 
0.0.0.1 mssplus.mcafee.com
 
==================== Other Areas ============================
 
(Currently there is no automatic fix for this section.)
 
HKU\S-1-5-21-2204550158-3753436120-1288192212-1001\Control Panel\Desktop\\Wallpaper -> C:\Users\arlene.mandia\Desktop\ScreenSavers\f38eeee4-0556-4c32-8376-ad693c38712e-original.jpeg
DNS Servers: 192.168.1.1
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1)
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer => (SmartScreenEnabled: RequireAdmin)
Windows Firewall is enabled.
 
==================== MSCONFIG/TASK MANAGER disabled items ==
 
HKLM\...\StartupApproved\Run: => "RtHDVBg_LENOVO_MICPKEY"
HKLM\...\StartupApproved\Run: => "RtHDVBg_LENOVO_DOLBYDRAGON"
HKLM\...\StartupApproved\Run32: => "iTunesHelper"
HKLM\...\StartupApproved\Run32: => "Monitor"
HKU\S-1-5-21-2204550158-3753436120-1288192212-1001\...\StartupApproved\StartupFolder: => "FacebookGamesNotifier.exe.lnk"
HKU\S-1-5-21-2204550158-3753436120-1288192212-1001\...\StartupApproved\Run: => "GoogleChromeAutoLaunch_9DABAC5BEB29F7A89F3C2463DE3BB452"
 
==================== FirewallRules (Whitelisted) ===============
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
FirewallRules: [{26F36904-11BC-428B-B704-953B17DCA76C}] => (Allow) C:\Program Files (x86)\Microsoft Office\root\Office16\outlook.exe
FirewallRules: [{AB8D30F3-B448-48EF-A13D-A35203DB0D88}] => (Allow) LPort=1900
FirewallRules: [{A7CA8AC3-0B30-4F25-A2FE-7E78EC2B945B}] => (Allow) LPort=2869
FirewallRules: [{00F73D8C-ED14-4AC3-B539-5D282FA2DBBC}] => (Allow) C:\Program Files (x86)\Windows Live\Contacts\wlcomm.exe
FirewallRules: [{E3902AD5-9B3F-47EC-A4FE-B216D00587EE}] => (Allow) C:\Program Files (x86)\Kingsoft\Kingsoft Office\10.2.0.7439\office6\wpscloudsvr.exe
FirewallRules: [{752EED9D-F8B9-4F99-A6B0-3F0E899C6031}] => (Allow) C:\Program Files\Common Files\McAfee\MMSSHost\MMSSHost.exe
FirewallRules: [{4AEE40DA-777B-4FBE-9B5C-B8F10A7C159A}] => (Allow) C:\Program Files (x86)\Common Files\Mcafee\MMSSHost\MMSSHost.exe
FirewallRules: [{4D36266A-9225-495F-8972-EAA9F69F2ED5}] => (Allow) C:\Program Files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe
FirewallRules: [{D3EEBE93-BD59-4C04-89FD-8FEA33D8A2CD}] => (Allow) C:\Users\arlene.mandia\Downloads\LoLInstaller.exe
FirewallRules: [{BC5FA4D0-0A22-498E-BAC7-08F7650DEB55}] => (Allow) C:\Users\arlene.mandia\Downloads\LoLInstaller.exe
FirewallRules: [{278B1DA0-CEC7-4216-9B10-7709388F8117}] => (Allow) C:\Users\arlene.mandia\AppData\Roaming\uTorrent\uTorrent.exe
FirewallRules: [{CDAE2898-3EAD-4263-84B3-E9B03A7C1F00}] => (Allow) C:\Users\arlene.mandia\AppData\Roaming\uTorrent\uTorrent.exe
FirewallRules: [{E86030DA-67C8-446F-9BB4-6019332AEE28}] => (Allow) C:\Users\arlene.mandia\Downloads\LoLInstaller (1).exe
FirewallRules: [{F467667F-B139-4AFB-B772-B49A0F491823}] => (Allow) C:\Users\arlene.mandia\Downloads\LoLInstaller (1).exe
FirewallRules: [{35F188D6-460F-4C43-B9C0-2097E062DD0F}] => (Allow) F:\LoLInstaller.exe
FirewallRules: [{BF5CE937-3D45-419A-BB03-FD0F33D50F72}] => (Allow) F:\LoLInstaller.exe
FirewallRules: [{D9102915-C926-459C-83EE-72B6282C252B}] => (Allow) C:\Program Files (x86)\GarenaLoL\GameData\Apps\LoL\Game\League of Legends.exe
FirewallRules: [{56FB8D36-35D5-416A-A723-CB8CDB8D512D}] => (Allow) C:\Program Files (x86)\GarenaLoL\GameData\Apps\LoL\Game\League of Legends.exe
FirewallRules: [{52DEB290-BC4D-40FA-A086-884E9892919A}] => (Allow) C:\Program Files (x86)\GarenaLoL\GameData\Apps\LoL\Air\LolClient.exe
FirewallRules: [{4A60312E-7C0F-41CF-B699-E79712DD9627}] => (Allow) C:\Program Files (x86)\GarenaLoL\GameData\Apps\LoL\Air\LolClient.exe
FirewallRules: [{E401E7A1-FC22-4CF3-AD64-66DE0229E2E2}] => (Allow) LPort=8370
FirewallRules: [{41B3B633-49FC-4E72-8B60-EE04357ED79D}] => (Allow) LPort=8370
FirewallRules: [{1E95BA01-F131-413D-A3E8-05E6DD03537D}] => (Allow) LPort=6934
FirewallRules: [{53670B36-1FD9-461E-9027-014FBF8B7AD6}] => (Allow) LPort=6934
FirewallRules: [{CF7F7D6A-0ABE-45D9-813A-A51A6B7A90D6}] => (Allow) C:\Program Files (x86)\GarenaLoL\GameData\Apps\LoL\Game\League of Legends.exe
FirewallRules: [{56461869-5A31-4165-8322-C31245023D52}] => (Allow) C:\Program Files (x86)\GarenaLoL\GameData\Apps\LoL\Game\League of Legends.exe
FirewallRules: [{F0404C6B-510C-4980-990D-5BC9F4EF2EE7}] => (Allow) C:\Program Files (x86)\GarenaLoL\GameData\Apps\LoL\Air\LolClient.exe
FirewallRules: [{F9090F1A-D6BA-4918-ADF6-FDC955E30D18}] => (Allow) C:\Program Files (x86)\GarenaLoL\GameData\Apps\LoL\Air\LolClient.exe
FirewallRules: [{C0D0FE1F-9397-4AC0-B2D9-1D762326F1D5}] => (Allow) C:\GarenaDownload\Games\lol\LoLInstaller.exe
FirewallRules: [{A289EDE8-2AD1-4B37-BCD8-0AAFC76E4E6B}] => (Allow) C:\GarenaDownload\Games\lol\LoLInstaller.exe
FirewallRules: [{186FA927-AAB8-475D-8C81-0563558212C0}] => (Allow) C:\Program Files (x86)\GarenaLoLPH\GameData\Apps\LoLPH\Game\League of Legends.exe
FirewallRules: [{F45F788F-DC01-4274-ACA3-0C0225DAD6B0}] => (Allow) C:\Program Files (x86)\GarenaLoLPH\GameData\Apps\LoLPH\Game\League of Legends.exe
FirewallRules: [{5B317843-861B-4757-A21E-51E52406DE84}] => (Allow) C:\Program Files (x86)\GarenaLoLPH\GameData\Apps\LoLPH\Air\LolClient.exe
FirewallRules: [{33B386A8-9A61-4329-B5E4-6EA6F5F4929F}] => (Allow) C:\Program Files (x86)\GarenaLoLPH\GameData\Apps\LoLPH\Air\LolClient.exe
FirewallRules: [{08167195-BA6B-435B-ADA9-2D08EF357776}] => (Allow) LPort=8370
FirewallRules: [{F9B9DDD1-7DB9-4D10-ADB8-DA3B3EDBFCB2}] => (Allow) LPort=8370
FirewallRules: [{24A5EBEA-40DC-48A5-A23F-D964607DF7AA}] => (Allow) C:\GarenaDownload\Games\lolph\LoLInstaller.exe
FirewallRules: [{665F168D-A772-48B3-AAD1-FCADB7DB4132}] => (Allow) C:\GarenaDownload\Games\lolph\LoLInstaller.exe
FirewallRules: [{734CC9F3-DE62-4D1C-9D78-598528368748}] => (Allow) C:\Program Files (x86)\LeapFrog\LeapFrog Connect\LeapfrogConnect.exe
FirewallRules: [{C382CF5B-9C79-4FBD-9D3E-984E52D8BB92}] => (Allow) C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe
FirewallRules: [{772618AC-A848-4807-87D3-C7F33C2A7949}] => (Allow) C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe
FirewallRules: [{D543C009-39A1-4CC6-A65B-51591141AE3F}] => (Allow) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe
FirewallRules: [{5905AD57-F021-4A53-B0E7-BBBF6344BDE1}] => (Allow) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe
FirewallRules: [{2C94DD5D-F33F-429E-A53D-65B79E2B758A}] => (Allow) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamer.exe
FirewallRules: [{11339778-0D05-4583-81F3-EFCC5730EFEC}] => (Allow) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamer.exe
FirewallRules: [{CA1FB34A-4FC8-4FC0-A3D9-B816FE90DA65}] => (Allow) C:\Program Files\Intel\WiFi\bin\PanDhcpDns.exe
FirewallRules: [{CDEB3A65-3357-4784-9A16-9AEB0A94AD7E}] => (Allow) C:\Program Files (x86)\Lenovo\SHAREit\SHAREit.exe
FirewallRules: [{4B938FDE-86DF-49A5-A645-18E48F7413EC}] => (Allow) C:\Program Files (x86)\Lenovo\SHAREit\SHAREit.exe
FirewallRules: [{AE0F02B9-6F72-48E8-AA00-9F8DD4CB9E44}] => (Allow) C:\Program Files\CyberLink\PowerDirector10\PDR10.EXE
FirewallRules: [{ABD49B34-AF41-4ACE-82EB-1D115DFAA620}] => (Allow) C:\Program Files\Lenovo PhoneCompanion\LPAWDService.exe
FirewallRules: [{CB7C17DF-0F0D-4CAD-B573-BE1CC38C1DDE}] => (Allow) C:\Program Files\Lenovo PhoneCompanion\LPAWDService.exe
FirewallRules: [{76D38CE1-C4A0-4966-86F3-6BEC51A48511}] => (Allow) LPort=55100
FirewallRules: [{7666BBBD-4B33-4C2F-847D-E50FFCFD2008}] => (Allow) C:\Program Files\Lenovo PhotoMasterImport\PhotoMasterImport.exe
FirewallRules: [{89FF0FEA-0C9C-43DD-AF9B-FBBC005B2AC5}] => (Allow) C:\Users\arlene.mandia\AppData\Local\Microsoft\OneDrive\OneDrive.exe
FirewallRules: [{A949334F-E738-459D-8031-1D08745CDB39}] => (Allow) C:\Program Files (x86)\Garena Plus\ggdllhost.exe
FirewallRules: [{7BE689EF-329B-4EE4-9DD7-38266B597DC6}] => (Allow) C:\GarenaDownload\Games\lol\LoLInstaller.exe
FirewallRules: [{E87B33BA-B6BD-4582-90AA-20D388196A6E}] => (Allow) C:\GarenaDownload\Games\lol\LoLInstaller.exe
FirewallRules: [{0160D6C4-0EF6-405F-A760-019742E61122}] => (Allow) C:\Program Files (x86)\Bonjour\mDNSResponder.exe
FirewallRules: [{619384D2-BF22-4328-969F-14CEFBFB3191}] => (Allow) C:\Program Files (x86)\Bonjour\mDNSResponder.exe
FirewallRules: [{08644F0C-7BC9-4BEB-BD91-227560F97D96}] => (Allow) C:\Program Files (x86)\iTunes\iTunes.exe
FirewallRules: [{8DB42F9E-2703-4C73-9552-AD3291E4EFE2}] => (Allow) C:\Program Files (x86)\HP\Digital Imaging\bin\hpqtra08.exe
FirewallRules: [{0C81C611-CA98-4DE9-8BDF-8ACEA5067C92}] => (Allow) C:\Program Files (x86)\HP\Digital Imaging\bin\hpqste08.exe
FirewallRules: [{6722F059-6886-46E0-AA2B-C9A9BF22B925}] => (Allow) C:\Program Files (x86)\HP\Digital Imaging\bin\hposid01.exe
FirewallRules: [{5E87AB68-A8FC-47D1-BA4A-CCD238B2BBFA}] => (Allow) C:\Program Files (x86)\HP\Digital Imaging\bin\hpqkygrp.exe
FirewallRules: [{570DFB58-6635-42BF-90A6-E3AA1E21C9E6}] => (Allow) C:\Program Files (x86)\HP\Digital Imaging\bin\hpqcopy2.exe
FirewallRules: [{5B775661-CB19-4F64-A4DD-BD45122930CD}] => (Allow) C:\Program Files (x86)\HP\Digital Imaging\bin\hpfccopy.exe
FirewallRules: [{8DB82D2A-71ED-45B6-A21A-111BC0703B67}] => (Allow) C:\Program Files (x86)\HP\Digital Imaging\bin\hpiscnapp.exe
FirewallRules: [{D30BFD33-30D0-4BBB-989B-39D490F15AE4}] => (Allow) C:\Program Files (x86)\HP\Digital Imaging\bin\hpqgplgtupl.exe
FirewallRules: [{87D54169-79FA-4319-8427-5234BB65F7E9}] => (Allow) C:\Program Files (x86)\HP\Digital Imaging\bin\hpqgpc01.exe
FirewallRules: [{7D76ECD2-C97D-4100-BD48-3B0AAD59EA3D}] => (Allow) C:\Program Files (x86)\HP\Digital Imaging\bin\hpqusgm.exe
FirewallRules: [{5F062C18-9920-47DF-BAA6-0C9D33500A69}] => (Allow) C:\Program Files (x86)\HP\Digital Imaging\bin\hpqusgh.exe
FirewallRules: [{1A16128B-0042-4116-B99B-BB9AE19639F8}] => (Allow) C:\Program Files (x86)\HP\hp software update\hpwucli.exe
FirewallRules: [{CD7417B6-F39B-4E1B-848B-105C76CAB37E}] => (Allow) C:\Program Files (x86)\Common Files\Apple\Apple Application Support\WebKit2WebProcess.exe
FirewallRules: [{6C990190-744F-49B6-8C36-ED9E81EFFE70}] => (Allow) C:\Program Files (x86)\McAfee\Supportability\MVT\MvtApp.exe
FirewallRules: [{8CD304D2-DAD4-4559-8F7B-50550C585B24}] => (Allow) C:\Program Files (x86)\McAfee\Supportability\MVT\MvtApp.exe
FirewallRules: [{A02C0DD2-C44D-4ED1-97EB-82B2E42281D5}] => (Allow) C:\Program Files (x86)\PremierOpinion\pmropn.exe
FirewallRules: [{840D2FDF-AA36-44A5-BDEF-CD7DEC057712}] => (Allow) C:\Program Files (x86)\PremierOpinion\pmropn.exe
FirewallRules: [{BFEB2FD0-7446-41D8-8330-130DC9B3086B}] => (Allow) C:\Program Files (x86)\GarenaLoL\GameData\Apps\LoL\lol.exe
FirewallRules: [{1D5A0AB5-30B2-44BC-BB01-5C00E016EE8A}] => (Allow) C:\Program Files (x86)\GarenaLoL\GameData\Apps\LoL\lol.exe
FirewallRules: [{6C3AFD23-5EE0-4A9D-9912-AB95D61B264C}] => (Allow) LPort=8393
FirewallRules: [{84E03400-D05F-4347-B2B1-FAB37206E2D5}] => (Allow) LPort=8393
FirewallRules: [{F3DEA3F4-E345-4890-86FE-45A82FB57ABD}] => (Allow) LPort=8390
FirewallRules: [{C0115CB9-60A0-41AE-9669-DFA6B013B889}] => (Allow) LPort=8390
FirewallRules: [{F511DC65-3824-4C3F-AA97-95F3F44E2692}] => (Allow) LPort=6954
FirewallRules: [{8BB0EF64-16C2-412B-9A54-B24042F3DF0D}] => (Allow) LPort=6954
FirewallRules: [{F3AEA381-B6FC-40D6-B711-A5DAD2942CCE}] => (Allow) LPort=6945
FirewallRules: [{EB56BE3F-9F3B-4309-937A-A618CD3689A9}] => (Allow) LPort=6945
FirewallRules: [{1EB371FB-FBD0-4080-B0A2-21E577D30936}] => (Allow) C:\Users\arlene.mandia\jagexcache\jagexlauncher\bin\JagexLauncher.exe
FirewallRules: [{26B2CA58-166C-413E-9B91-283F8518410F}] => (Allow) C:\Users\arlene.mandia\jagexcache\jagexlauncher\bin\JagexLauncher.exe
FirewallRules: [{DB9EB912-77F9-4F9E-A019-6521B37AED2F}] => (Allow) C:\Users\arlene.mandia\jagexcache\jagexlauncher\bin\JagexLauncher.exe
FirewallRules: [{C7CE6348-EE95-41DE-91D0-2FC8B9D88C93}] => (Allow) C:\Users\arlene.mandia\jagexcache\jagexlauncher\bin\JagexLauncher.exe
FirewallRules: [{A6F8542E-C32B-4928-80AA-4793A56C6B22}] => (Allow) LPort=6901
FirewallRules: [{1D4BF249-452D-421E-999D-DAB367408063}] => (Allow) LPort=6901
FirewallRules: [{47A3D44B-E46B-475D-88B0-3DF2FFE23C08}] => (Allow) C:\Program Files (x86)\PremierOpinion\pmropn.exe
FirewallRules: [{086449D5-4FAA-4E76-9EED-1F6DE0E8AD0B}] => (Allow) C:\Program Files (x86)\PremierOpinion\pmropn.exe
FirewallRules: [{B9CF1508-D1AB-48DE-8E17-88BD4467EAAE}] => (Allow) C:\Program Files (x86)\McAfee\Supportability\MVT\MvtApp.exe
FirewallRules: [{B4CEECF7-C388-431B-930B-8A29BC344DB4}] => (Allow) C:\Program Files (x86)\McAfee\Supportability\MVT\MvtApp.exe
FirewallRules: [{34A7B414-78E4-48FB-A3D5-5F3A10CD94A3}] => (Allow) C:\Users\arlene.mandia\AppData\Roaming\uTorrent\uTorrent.exe
FirewallRules: [{5775BCE4-66B3-4C2C-A361-94595CC4AEB7}] => (Allow) C:\Users\arlene.mandia\AppData\Roaming\uTorrent\uTorrent.exe
FirewallRules: [{164D301B-D816-474E-8930-0D6297BA694E}] => (Allow) C:\Users\arlene.mandia\Downloads\ProductDetection.exe
FirewallRules: [{EB82EDFD-D7BE-437C-9CE5-57E7866DA776}] => (Allow) C:\Users\arlene.mandia\Downloads\ProductDetection.exe
FirewallRules: [{22BB12AD-3D98-4AC5-842D-D489471A2FA9}] => (Allow) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
 
==================== Restore Points =========================
 
09-07-2018 20:54:02 Windows Update
14-07-2018 17:36:58 Windows Update
18-07-2018 23:35:21 Windows Update
26-07-2018 20:47:46 Scheduled Checkpoint
29-07-2018 12:56:37 Installed McAfee Ransomware Decryption Tool.
 
==================== Faulty Device Manager Devices =============
 
Name: DDP UMDF Driver
Description: DDP UMDF Driver
Class Guid: {4d36e97d-e325-11ce-bfc1-08002be10318}
Manufacturer: Dolby Laboratories, Inc.
Service: WUDFRd
Problem: : This device is not working properly because Windows cannot load the drivers required for this device. (Code 31)
Resolution: Update the driver
 
 
==================== Event log errors: =========================
 
Application errors:
==================
Error: (08/01/2018 10:31:28 AM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: GetLargeResourceRecord: opt 65002 optlen 8 wrong
 
Error: (08/01/2018 10:26:46 AM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: GetLargeResourceRecord: opt 65002 optlen 8 wrong
 
Error: (08/01/2018 10:21:57 AM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: GetLargeResourceRecord: opt 65002 optlen 8 wrong
 
Error: (08/01/2018 10:17:47 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: DllHost.exe, version: 10.0.17134.1, time stamp: 0x2d8914fb
Faulting module name: unknown, version: 0.0.0.0, time stamp: 0x00000000
Exception code: 0xc0000005
Fault offset: 0x000001e58d5202f8
Faulting process id: 0xbf4
Faulting application start time: 0x01d4293dd6f2c5b1
Faulting application path: C:\WINDOWS\system32\DllHost.exe
Faulting module path: unknown
Report Id: b49eab36-92d8-4400-b659-5d1d3cdbc16c
Faulting package full name: 
Faulting package-relative application ID:
 
Error: (08/01/2018 10:17:23 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: DllHost.exe, version: 10.0.17134.1, time stamp: 0x2d8914fb
Faulting module name: unknown, version: 0.0.0.0, time stamp: 0x00000000
Exception code: 0xc0000005
Fault offset: 0x000002cc743702f8
Faulting process id: 0x40c0
Faulting application start time: 0x01d4293dc8c19039
Faulting application path: C:\WINDOWS\system32\DllHost.exe
Faulting module path: unknown
Report Id: 57381449-7250-4a1f-bcd1-b0ac344f17ef
Faulting package full name: 
Faulting package-relative application ID:
 
Error: (08/01/2018 10:17:18 AM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: GetLargeResourceRecord: opt 65002 optlen 8 wrong
 
Error: (08/01/2018 10:12:39 AM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: GetLargeResourceRecord: opt 65002 optlen 8 wrong
 
Error: (08/01/2018 10:07:57 AM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: GetLargeResourceRecord: opt 65002 optlen 8 wrong
 
 
System errors:
=============
Error: (08/01/2018 10:18:10 AM) (Source: DCOM) (EventID: 10010) (User: Lenovo-PC-AAM)
Description: The server {7966B4D8-4FDC-4126-A10B-39A3209AD251} did not register with DCOM within the required timeout.
 
Error: (08/01/2018 10:17:47 AM) (Source: DCOM) (EventID: 10010) (User: Lenovo-PC-AAM)
Description: The server {7966B4D8-4FDC-4126-A10B-39A3209AD251} did not register with DCOM within the required timeout.
 
Error: (08/01/2018 10:01:14 AM) (Source: DCOM) (EventID: 10010) (User: Lenovo-PC-AAM)
Description: The server {7966B4D8-4FDC-4126-A10B-39A3209AD251} did not register with DCOM within the required timeout.
 
Error: (08/01/2018 09:48:43 AM) (Source: bowser) (EventID: 8003) (User: )
Description: The master browser has received a server announcement from the computer ASUS
that believes that it is the master browser for the domain on transport NetBT_Tcpip_{5B537722-7664-48EF-9B03-97569FE0C6F7}.
The master browser is stopping or an election is being forced.
 
Error: (08/01/2018 08:58:54 AM) (Source: DCOM) (EventID: 10010) (User: Lenovo-PC-AAM)
Description: The server {7966B4D8-4FDC-4126-A10B-39A3209AD251} did not register with DCOM within the required timeout.
 
Error: (08/01/2018 08:52:23 AM) (Source: DCOM) (EventID: 10010) (User: Lenovo-PC-AAM)
Description: The server {7966B4D8-4FDC-4126-A10B-39A3209AD251} did not register with DCOM within the required timeout.
 
Error: (08/01/2018 08:39:54 AM) (Source: DCOM) (EventID: 10010) (User: Lenovo-PC-AAM)
Description: The server {7966B4D8-4FDC-4126-A10B-39A3209AD251} did not register with DCOM within the required timeout.
 
Error: (08/01/2018 08:38:28 AM) (Source: DCOM) (EventID: 10010) (User: Lenovo-PC-AAM)
Description: The server {7966B4D8-4FDC-4126-A10B-39A3209AD251} did not register with DCOM within the required timeout.
 
 
CodeIntegrity:
===================================
 
Date: 2018-08-01 10:17:47.680
Description: 
Code Integrity determined that a process (\Device\HarddiskVolume5\Windows\System32\dllhost.exe) attempted to load \Device\HarddiskVolume5\Program Files\McAfee\Gkp\HcApi.dll that did not meet the Microsoft signing level requirements.
 
Date: 2018-08-01 10:17:23.865
Description: 
Code Integrity determined that a process (\Device\HarddiskVolume5\Windows\System32\dllhost.exe) attempted to load \Device\HarddiskVolume5\Program Files\McAfee\Gkp\HcApi.dll that did not meet the Microsoft signing level requirements.
 
Date: 2018-08-01 10:00:51.137
Description: 
Code Integrity determined that a process (\Device\HarddiskVolume5\Windows\System32\dllhost.exe) attempted to load \Device\HarddiskVolume5\Program Files\McAfee\Gkp\HcApi.dll that did not meet the Microsoft signing level requirements.
 
Date: 2018-08-01 08:58:31.256
Description: 
Code Integrity determined that a process (\Device\HarddiskVolume5\Windows\System32\dllhost.exe) attempted to load \Device\HarddiskVolume5\Program Files\McAfee\Gkp\HcApi.dll that did not meet the Microsoft signing level requirements.
 
Date: 2018-08-01 08:51:59.357
Description: 
Code Integrity determined that a process (\Device\HarddiskVolume5\Windows\System32\dllhost.exe) attempted to load \Device\HarddiskVolume5\Program Files\McAfee\Gkp\HcApi.dll that did not meet the Microsoft signing level requirements.
 
Date: 2018-08-01 08:39:31.140
Description: 
Code Integrity determined that a process (\Device\HarddiskVolume5\Windows\System32\dllhost.exe) attempted to load \Device\HarddiskVolume5\Program Files\McAfee\Gkp\HcApi.dll that did not meet the Microsoft signing level requirements.
 
Date: 2018-08-01 08:38:05.180
Description: 
Code Integrity determined that a process (\Device\HarddiskVolume5\Windows\System32\dllhost.exe) attempted to load \Device\HarddiskVolume5\Program Files\McAfee\Gkp\HcApi.dll that did not meet the Microsoft signing level requirements.
 
Date: 2018-08-01 08:37:20.229
Description: 
Code Integrity determined that a process (\Device\HarddiskVolume5\Windows\System32\dllhost.exe) attempted to load \Device\HarddiskVolume5\Program Files\McAfee\Gkp\HcApi.dll that did not meet the Microsoft signing level requirements.
 
==================== Memory info =========================== 
 
Processor: Intel® Core™ i7-5500U CPU @ 2.40GHz
Percentage of memory in use: 52%
Total physical RAM: 8097.92 MB
Available physical RAM: 3832.39 MB
Total Virtual: 9441.92 MB
Available Virtual: 3979.63 MB
 
==================== Drives ================================
 
Drive c: (Windows8_OS) (Fixed) (Total:890.89 GB) (Free:570.25 GB) NTFS ==>[system with boot components (obtained from drive)]
Drive d: (LENOVO) (Fixed) (Total:25 GB) (Free:22.55 GB) NTFS
 
\\?\Volume{be80b57a-8526-4a2a-90ff-48bd6b7193b5}\ (WINRE_DRV) (Fixed) (Total:0.98 GB) (Free:0.6 GB) NTFS
\\?\Volume{fde86380-bf30-42af-89fb-101c9cbc140b}\ (PBR_DRV) (Fixed) (Total:13.29 GB) (Free:2.99 GB) NTFS
\\?\Volume{7af39e11-03b3-42fd-ae0c-4e45408a6620}\ (SYSTEM_DRV) (Fixed) (Total:0.25 GB) (Free:0.22 GB) FAT32
 
==================== MBR & Partition Table ==================
 
========================================================
Disk: 0 (Size: 931.5 GB) (Disk ID: 9C6D97E1)
 
Partition: GPT.
 
==================== End of Addition.txt ============================


#8 Gunto

Gunto

    Bleepin' Reject Phoenix


  • Malware Response Team
  • 1,291 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:North Las Vegas, Nevada, USA
  • Local time:12:17 PM

Posted 01 August 2018 - 02:02 AM

Hi,
 
Alright, thanks! Let's get cracking!
 
Farbar Recovery Scan Tool
 
First, I need you to run a fix with FRST. Most of this consists of leftovers from old programs and other unnecessary stuff, with a few entries that are questionable at best.
  • Open up Notepad, and copy and paste the text in the following box into the Notepad text field:
HKLM-x32\...\Run: [iTunesHelper] => C:\Program Files (x86)\iTunes\iTunesHelper.exe [421160 2011-06-07] (Apple Inc.)
HKLM\...\Policies\Explorer: [Max Cached Icons] 2000
HKU\S-1-5-19\...\RunOnce: [WAB Migrate] => C:\Program Files\Windows Mail\wab.exe [518144 2018-04-12] (Microsoft Corporation)
HKU\S-1-5-20\...\RunOnce: [WAB Migrate] => C:\Program Files\Windows Mail\wab.exe [518144 2018-04-12] (Microsoft Corporation)
HKU\S-1-5-21-2204550158-3753436120-1288192212-1001\...\Run: [BingSvc] => C:\Users\arlene.mandia\AppData\Local\Microsoft\BingSvc\BingSvc.exe [144008 2015-11-05] (© 2015 Microsoft Corporation)
HKLM-x32\...\Run: [Monitor] => C:\Program Files (x86)\LeapFrog\LeapFrog Connect\Monitor.exe [124544 2016-02-11] (LeapFrog Enterprises, Inc.)
HKLM\...\Run: [RtHDVBg_Dolby] => C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe [1415928 2015-11-18] (Realtek Semiconductor)
HKLM\...\Run: [RtHDVBg_LENOVO_DOLBYDRAGON] => C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe [1415928 2015-11-18] (Realtek Semiconductor)
HKLM\...\Run: [RtHDVBg_LENOVO_MICPKEY] => C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe [1415928 2015-11-18] (Realtek Semiconductor)
HKU\S-1-5-21-2204550158-3753436120-1288192212-1001\...\Policies\Explorer: [NoLowDiskSpaceChecks] 1
GroupPolicy: Restriction - Chrome <==== ATTENTION
CHR HKLM\SOFTWARE\Policies\Google: Restriction <==== ATTENTION
HKU\S-1-5-21-2204550158-3753436120-1288192212-1001\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://lenovo13.msn.com/?pc=LCJB
HKU\S-1-5-21-2204550158-3753436120-1288192212-1001\Software\Microsoft\Internet Explorer\Main,Secondary Start Pages = hxxp://mystart.lenovo.com
SearchScopes: HKLM -> DefaultScope {91F51ED2-4C4F-4B0D-9709-9A94D2B70947} URL = hxxp://searchinterneat-a.akamaihd.net/s?eq=U0EeE1xZE1oZB1ZEfV8MVV1JEwdCbQsMAw9cFQ1CeBRaWAgVDAZHJQoMVlpGRVcQcB9aFQQTSEcFME0FCFwEURNNfXRZD0AjREZWLE1LKUwT&q={searchTerms}
SearchScopes: HKLM -> {91F51ED2-4C4F-4B0D-9709-9A94D2B70947} URL = hxxp://searchinterneat-a.akamaihd.net/s?eq=U0EeE1xZE1oZB1ZEfV8MVV1JEwdCbQsMAw9cFQ1CeBRaWAgVDAZHJQoMVlpGRVcQcB9aFQQTSEcFME0FCFwEURNNfXRZD0AjREZWLE1LKUwT&q={searchTerms}
SearchScopes: HKU\S-1-5-21-2204550158-3753436120-1288192212-1001 -> DefaultScope {91F51ED2-4C4F-4B0D-9709-9A94D2B70947} URL = hxxp://searchinterneat-a.akamaihd.net/s?eq=U0EeE1xZE1oZB1ZEfV8MVV1JEwdCbQsMAw9cFQ1CeBRaWAgVDAZHJQoMVlpGRVcQcB9aFQQTSEcFME0FCFwEURNNfXRZD0AjREZWLE1LKUwT&q={searchTerms}
SearchScopes: HKU\S-1-5-21-2204550158-3753436120-1288192212-1001 -> OldSearch URL = SearchScopes: HKU\S-1-5-21-2204550158-3753436120-1288192212-1001 -> {91F51ED2-4C4F-4B0D-9709-9A94D2B70947} URL = hxxp://searchinterneat-a.akamaihd.net/s?eq=U0EeE1xZE1oZB1ZEfV8MVV1JEwdCbQsMAw9cFQ1CeBRaWAgVDAZHJQoMVlpGRVcQcB9aFQQTSEcFME0FCFwEURNNfXRZD0AjREZWLE1LKUwT&q={searchTerms}
SearchScopes: HKU\S-1-5-21-2204550158-3753436120-1288192212-1001 -> {a62abdee-78a2-4ddb-9355-1c334abd6e43} URL = hxxps://sg.search.yahoo.com/yhs/search?hspart=arh&hsimp=yhs-001&type=xy_5e6f625a&param1=ArFaIWJoNqArQGMVHFFoNqAqBbFaISMmQGR7xTVoN9IAy7IsQGR7B7JoN9JbDSk8vFE9GqQANFdcFCk8NVE4JaYTvmk3vGYWwVI9JaYUNVVdIqYTwVM4JqYWwVI9GqYVNUI3wGYGwVM4J6IYvFM9GqUNNos3wCIYwVA9JmIVwVA9ISITwVI9GqUNNFM3wGQENEVcGCIXwVQ9ImIWwVA9ISILNFdcIaUXNEBcGqQANFdcFCk8NoM4IGYUvmo9JaYYvmo4ISIYwVw9JGYYNVRdISISvFM9ISIVvmo9I6IWNVM4ICoUwVw9J6IXwVU4ICoVNVM4IWYXvFNdISIVvFNbFCILNF9cIqUXNolcEqULNopcGWUIvmFbFaYXNVM4ICIWvFQ4ISoUvFE9I6k4NVJdIqYYwVw4IGYVvmo3vmISNVRdJGYUNVM9I6oUvmpdImoUvFE9J6oXwVRdJmIYNVM9JqQIwV5dJGYNvmE4IHFbMnMbQGMVNGt6MqJaLGt7MrFbMnVoN9I4ATsux81cMo1bME0exnwfyXFbMn0aC6AoxrFaIWVdOqZoNqAexbFaIUwkynIew6NoNpRcNXFbJpseyDF%3D&param2=NGV9MWxaLWtcNd%3D%3D&p={searchTerms}
BHO-x32: Many Results Hub -> {be1a5d83-523d-4a57-bc56-65afe77fd42a} -> C:\Program Files (x86)\Many Results Hub\Extensions\be1a5d83-523d-4a57-bc56-65afe77fd42a.dll => No File
FF Extension: (PremierOpinion) - C:\Program Files (x86)\PremierOpinion\firefox [2015-10-24] [Legacy] [not signed]
FF Plugin-x32: @t.garena.com/garenatalk -> C:\Program Files (x86)\Garena Plus\bbtalk\plugins\npPlugin\npGarenaTalkPlugin.dll [No File]
HKU\S-1-5-21-2204550158-3753436120-1288192212-1001\...\Run: [GoogleChromeAutoLaunch_9DABAC5BEB29F7A89F3C2463DE3BB452] => "C:\Users\arlene.mandia\AppData\Local\Chromium\Application\chrome.exe" --auto-launch-at-startup --profile-directory="Default" --restore-last-sessionCHR RestoreOnStartup: Default -> "hxxp://searchinterneat-a.akamaihd.net/hm?eq=U0EeCFZVBB8SRghFdA1cWQtDQBgRdFsOTA1JQA0OIgAJBRRCRVAQdA5bVl0TEgUFIk0FA1oDB0VXfV5bFElXTwhuIVdBM1wCVFlXM3FNAw=="
CHR Extension: (Directions.cm) - C:\Users\arlene.mandia\AppData\Local\Google\Chrome\User Data\Default\Extensions\bkcjncmijlkmlignahmdgbjldkmfiikg [2018-06-11]
CHR Extension: (Many Results Hub) - C:\Users\arlene.mandia\AppData\Local\Google\Chrome\User Data\Default\Extensions\gfeloffoaccpdkflcgmmgeeaklgdhjng [2016-07-03] [UpdateUrl: hxxp://cdn.manyresultshub.com/update] <==== ATTENTION
CHR Extension: (EasyPDFCombine) - C:\Users\arlene.mandia\AppData\Local\Google\Chrome\User Data\Default\Extensions\kpocjpoifmommoiiiamepombpeoaehfh [2018-04-29]
CHR Extension: (PremierOpinion) - C:\Users\arlene.mandia\AppData\Local\Google\Chrome\User Data\Default\Extensions\mkndcbhcgphcfkkddanakjiepeknbgle [2016-06-29]
CHR Extension: (Chrome Media Router) - C:\Users\arlene.mandia\AppData\Local\Google\Chrome\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm [2018-06-17]
CHR HKLM-x32\...\Chrome\Extension: [mkndcbhcgphcfkkddanakjiepeknbgle] - C:\Program Files (x86)\PremierOpinion\pmcm.crx [2015-10-24]
U3 mfeavfk01; no ImagePath
S3 MFE_RR; C:\Users\ARLENE~1.MAN\AppData\Local\Temp\mfe_rr.sys [24120 2018-07-29] (McAfee, Inc.) <==== ATTENTION
C:\Users\ARLENE~1.MAN\AppData\Local\Temp\mfe_rr.sys
C:\Users\arlene.mandia\Downloads\ViberSetup (6).exe
C:\Users\arlene.mandia\Downloads\ViberSetup (4).exe
C:\Users\arlene.mandia\AppData\Roaming\sb859.dat
C:\Users\arlene.mandia\AppData\Roaming\WB.CFG
64 Bit HP CIO Components Installer (HKLM\...\{FF21C3E6-97FD-474F-9518-8DCBE94C2854}) (Version: 7.2.8 - Hewlett-Packard) Hidden
BufferChm (HKLM-x32\...\{FA0FF682-CC70-4C57-93CD-E276F3E7537E}) (Version: 140.0.298.000 - Hewlett-Packard) Hidden
Copy (HKLM-x32\...\{9BE466FF-70B7-4DA8-807C-DB4C3610FDAA}) (Version: 140.0.298.000 - Hewlett-Packard) Hidden
CyberLink PowerDirector 10 (HKLM\...\{B0B4F6D2-F2AE-451A-9496-6F2F6A897B32}) (Version: 10.0.0.2810 - CyberLink Corp.) Hidden
D3DX10 (HKLM-x32\...\{E09C4DB7-630C-4F06-A631-8EA7239923AF}) (Version: 15.4.2368.0902 - Microsoft) Hidden
Dependency Package Update (HKLM-x32\...\{3117B53D-A409-4D99-A0DE-11A1A40696FA}) (Version: 1.6.32.00 - Lenovo Group Limited) Hidden
Dependency Package Update (HKLM-x32\...\{4430150F-61B3-4142-BE04-EAC68C8DDA18}) (Version: 1.6.32.00 - Lenovo Group Limited) Hidden
Dependency Package Update (HKLM-x32\...\{4AF6C9BC-D8DB-4286-94D9-474CE54ADAA2}) (Version: 1.6.38.00 - Lenovo Group Limited) Hidden
Dependency Package Update (HKLM-x32\...\{503B47A9-E34A-4841-ADD7-417191D5DB5E}) (Version: 1.6.32.00 - Lenovo Group Limited) Hidden
Dependency Package Update (HKLM-x32\...\{546FF45D-2467-4950-AAFB-0A06ACBB6B2C}) (Version: 1.6.32.00 - Lenovo Group Limited) Hidden
Dependency Package Update (HKLM-x32\...\{5B2190E9-199D-450A-94B3-4D6826C770C2}) (Version: 1.6.32.00 - Lenovo Group Limited) Hidden
Dependency Package Update (HKLM-x32\...\{5BEFE1E1-F597-4B79-913B-15FFDB25B744}) (Version: 1.6.32.00 - Lenovo Group Limited) Hidden
Dependency Package Update (HKLM-x32\...\{63DE35C9-B080-4D03-B110-99E14FD35BCE}) (Version: 1.6.32.00 - Lenovo Group Limited) Hidden
Dependency Package Update (HKLM-x32\...\{65316098-0220-4D5C-B37A-6136083A0897}) (Version: 1.6.32.00 - Lenovo Group Limited) Hidden
Dependency Package Update (HKLM-x32\...\{E966DBE4-5075-465E-BA81-BC9A3A3204B3}) (Version: 1.6.32.00 - Lenovo Group Limited) Hidden
Destinations (HKLM-x32\...\{BD7204BA-DD64-499E-9B55-6A282CDF4FA4}) (Version: 140.0.253.000 - Hewlett-Packard) Hidden
DeviceDiscovery (HKLM-x32\...\{1458BB78-1DC5-4BC0-B9A3-2B644F5A8105}) (Version: 140.0.298.000 - Hewlett-Packard) Hidden
DJ_AIO_03_F2200_Software_Min (HKLM-x32\...\{2711B584-259B-4723-A6F2-F3CFA291AFA2}) (Version: 140.0.425.000 - Hewlett-Packard) Hidden
DocProc (HKLM-x32\...\{9B362566-EC1B-4700-BB9C-EC661BDE2175}) (Version: 140.0.185.000 - Hewlett-Packard) Hidden
F2200 (HKLM-x32\...\{C81DA04A-1D44-4D4A-8108-5129331BBA00}) (Version: 140.0.425.000 - Hewlett-Packard) Hidden
Google Update Helper (HKLM-x32\...\{60EC980A-BDA2-4CB6-A427-B07A5498B4CA}) (Version: 1.3.33.17 - Google Inc.) Hidden
GPBaseService2 (HKLM-x32\...\{BB3447F6-9553-4AA9-960E-0DB5310C5779}) (Version: 140.0.297.000 - Hewlett-Packard) Hidden
HPPhotoGadget (HKLM-x32\...\{CAE4213F-F797-439D-BD9E-79B71D115BE3}) (Version: 140.0.524.000 - Hewlett-Packard) Hidden
HPProductAssistant (HKLM-x32\...\{150B6201-E9E6-4DFB-960E-CCBD53FBDDED}) (Version: 140.0.298.000 - Hewlett-Packard) Hidden
HPSSupply (HKLM-x32\...\{AC35A885-0F8F-4857-B7DA-6E8DFB43E6B3}) (Version: 140.0.297.000 - Hewlett-Packard) Hidden
Intel® Chipset Device Software (HKLM-x32\...\{f5d71765-7cd1-4e68-998f-5b379e725da3}) (Version: 10.0.22 - Intel® Corporation) Hidden
LeapFrog Connect (HKLM-x32\...\{97CD1D2B-20BD-40E8-825E-B4BDA5071B73}) (Version: 7.0.7.20035 - LeapFrog) Hidden
LeapFrog LeapReader Plugin (HKLM-x32\...\{53136BA4-AEC5-4695-9A51-7C63B7F32E7C}) (Version: 7.0.6.19846 - LeapFrog) Hidden
Lenovo Mobile Phone Wireless Import (HKLM-x32\...\{DFB2E0D6-8DDE-49A4-B8F7-03C14DACCBA6}) (Version: 1.1.1.9 - Lenovo) Hidden
Lenovo Motion Control (HKLM-x32\...\{D3F38500-4C99-4E4F-9786-B907224E13A1}) (Version: 2.6.0.0528 - PointGrab) Hidden
Lenovo OneKey Recovery (HKLM\...\{46F4D124-20E5-4D12-BE52-EC177A7A4B42}) (Version: 8.1.0.4706 - CyberLink Corp.) Hidden
Lenovo Patch Utility (HKLM-x32\...\{E8F27ADF-B1ED-41AF-A7EF-D5E71778480C}) (Version: 1.3.2.6 - Lenovo Group Limited) Hidden
Lenovo Patch Utility 64 bit (HKLM\...\{49A09C2C-FFF4-478E-B397-5E0979F67F5D}) (Version: 1.3.2.6 - Lenovo Group Limited) Hidden
Lenovo PhoneCompanion (HKLM-x32\...\{0F82EA83-B0C5-4AB9-9695-DFE92C5FD57B}) (Version: 2.0.0.19 - Lenovo) Hidden
MarketResearch (HKLM-x32\...\{D360FA88-17C8-4F14-B67F-13AAF9607B12}) (Version: 140.0.212.000 - Hewlett-Packard) Hidden
Metric Collection SDK 35 (HKLM-x32\...\{C2B5B5B0-2545-4E94-B4BA-548D4BF0B196}) (Version: 1.2.0006.00 - Lenovo Group Limited) Hidden
Movie Maker (HKLM-x32\...\{38F03569-A636-4CF3-BDDE-032C8C251304}) (Version: 16.4.3528.0331 - Microsoft Corporation) Hidden
Movie Maker (HKLM-x32\...\{DD67BE4B-7E62-4215-AFA3-F123A800A389}) (Version: 16.4.3528.0331 - Microsoft Corporation) Hidden
Office 16 Click-to-Run Extensibility Component (HKLM-x32\...\{90160000-008C-0000-0000-0000000FF1CE}) (Version: 16.0.10228.20134 - Microsoft Corporation) Hidden
Office 16 Click-to-Run Extensibility Component 64-bit Registration (HKLM\...\{90160000-00DD-0000-1000-0000000FF1CE}) (Version: 16.0.10228.20134 - Microsoft Corporation) Hidden
Office 16 Click-to-Run Licensing Component (HKLM\...\{90160000-008F-0000-1000-0000000FF1CE}) (Version: 16.0.10228.20134 - Microsoft Corporation) Hidden
Office 16 Click-to-Run Localization Component (HKLM-x32\...\{90160000-008C-0409-0000-0000000FF1CE}) (Version: 16.0.10228.20134 - Microsoft Corporation) Hidden
OneKey Optimizer (HKLM-x32\...\{D5D573DC-D989-4769-9B56-D6A7EA503D7F}) (Version: 1.1.20.16 - Lenovo) Hidden
osrss (HKLM-x32\...\{1BA1133B-1C7A-41A0-8CBF-9B993E63D296}) (Version: 1.0.0 - Microsoft Corporation) Hidden
Scan (HKLM-x32\...\{06A1D88C-E102-4527-AF70-29FFD7AF215A}) (Version: 140.0.253.000 - Hewlett-Packard) Hidden
SHIELD Streaming (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_GFExperience.NvStreamSrv) (Version: 3.1.3000 - NVIDIA Corporation) Hidden
SHIELD Wireless Controller Driver (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_ShieldWirelessController) (Version: 16.18.10 - NVIDIA Corporation) Hidden
SolutionCenter (HKLM-x32\...\{BC5DD87B-0143-4D14-AAE6-97109614DC6B}) (Version: 140.0.299.000 - Hewlett-Packard) Hidden
Status (HKLM-x32\...\{5B025634-7D5B-4B8D-BE2A-7943C1CF2D5D}) (Version: 140.0.342.000 - Hewlett-Packard) Hidden
Toolbox (HKLM-x32\...\{292F0F52-B62D-4E71-921B-89A682402201}) (Version: 140.0.596.000 - Hewlett-Packard) Hidden
TrayApp (HKLM-x32\...\{CD31E63D-47FD-491C-8117-CF201D0AFAB5}) (Version: 140.0.297.000 - Hewlett-Packard) Hidden
UpdateAssistant (HKLM\...\{57D07AAD-97E2-4E16-89C4-1A3C51BC9C98}) (Version: 1.16.0.0 - Microsoft Corporation) Hidden
User Manuals (HKLM-x32\...\{F07C2CF8-4C53-4EC3-8162-A6221E36EB88}) (Version: 3.0.0.3 - Lenovo) Hidden
Viber (HKLM-x32\...\{EB5ED85E-A993-4615-9027-A00679FD8790}) (Version: 9.3.0.4 - Viber Media Inc.) Hidden
WebReg (HKLM-x32\...\{8EE94FD8-5F52-4463-A340-185D16328158}) (Version: 140.0.297.017 - Hewlett-Packard) Hidden
CustomCLSID: HKU\S-1-5-21-2204550158-3753436120-1288192212-1001_Classes\CLSID\{cece6816-6107-4dc7-bdbc-20cd5ae1ffed}\localserver32 -> C:\ProgramData\Lenovo\ImController\Plugins\LenovoAppPromotionPlugin\x64\DesktopToastsHelper.exe => No File
ContextMenuHandlers5: [igfxcui] -> {3AB1675A-CCFF-11D2-8B20-00A0C93CB1F4} =>  -> No File
Task: {1572B069-8045-4170-BE8E-7869B9D111CF} - \Microsoft\Windows\Setup\GWXTriggers\OutOfSleep-5d -> No File <==== ATTENTION
Task: {26CDD59B-5F82-40D8-A406-75FF15919B3C} - \Microsoft\Windows\Setup\gwx\refreshgwxcontent -> No File <==== ATTENTION
Task: {3E48959B-31B9-4C9B-9C37-FE4F23CC94A8} - \Microsoft\Windows\Setup\GWXTriggers\refreshgwxconfig-B -> No File <==== ATTENTION
Task: {3F660C2D-DEED-4D1D-B68E-F49C13D345E5} - \Microsoft\Windows\Setup\GWXTriggers\Time-5d -> No File <==== ATTENTION
Task: {4761EC9C-5AEE-4026-BC78-260E7F599323} - \WPD\SqmUpload_S-1-5-21-2204550158-3753436120-1288192212-1001 -> No File <==== ATTENTION
Task: {4B8417A9-0E21-44B3-9C68-7B3ABC3F6AE8} - \Microsoft\Windows\Setup\GWXTriggers\Telemetry-4xd -> No File <==== ATTENTION
Task: {5C2B51B4-1187-4B90-8AC9-1C19180EBD7D} - \Microsoft\Windows\Setup\gwx\refreshgwxconfigandcontent -> No File <==== ATTENTION
Task: {60C1D271-4568-4337-BD42-9A6069E9C01A} - \Microsoft\Windows\Setup\gwx\refreshgwxconfig -> No File <==== ATTENTION
Task: {6DCAE760-DEE1-4CBA-A037-C85487403D49} - \Microsoft\Windows\Setup\GWXTriggers\Logon-5d -> No File <==== ATTENTION
Task: {7D0AB91E-093F-4380-B1FC-E2DC4D5C546E} - \Microsoft\Windows\UNP\RunCampaignManager -> No File <==== ATTENTION
Task: {80DFEAD3-E402-462E-80C1-F9325578EB7D} - \Microsoft\Windows\Setup\gwx\launchtrayprocess -> No File <==== ATTENTION
Task: {9A6402BD-B715-41D6-B5A6-0205B3CF85BC} - \Microsoft\Windows\Setup\GWXTriggers\MachineUnlock-5d -> No File <==== ATTENTION
Task: {B2586150-2515-4329-9792-10D383C9977E} - \Microsoft\Windows\Setup\GWXTriggers\OutOfIdle-5d -> No File <==== ATTENTION
Task: {B540AF8D-2C37-4338-8A8C-E3BAE9BD3176} - System32\Tasks\Microsoft\Windows\Setup\Notifier => C:\WINDOWS\system32\Notifier.exe
Task: {EBC87786-E733-480E-B313-E6CE76C69DEB} - \McAfee\McAfee Idle Detection Task -> No File <==== ATTENTION
Hosts:
FirewallRules: [{278B1DA0-CEC7-4216-9B10-7709388F8117}] => (Allow) C:\Users\arlene.mandia\AppData\Roaming\uTorrent\uTorrent.exe
FirewallRules: [{CDAE2898-3EAD-4263-84B3-E9B03A7C1F00}] => (Allow) C:\Users\arlene.mandia\AppData\Roaming\uTorrent\uTorrent.exe
FirewallRules: [{35F188D6-460F-4C43-B9C0-2097E062DD0F}] => (Allow) F:\LoLInstaller.exe
FirewallRules: [{BF5CE937-3D45-419A-BB03-FD0F33D50F72}] => (Allow) F:\LoLInstaller.exe
FirewallRules: [{47A3D44B-E46B-475D-88B0-3DF2FFE23C08}] => (Allow) C:\Program Files (x86)\PremierOpinion\pmropn.exe
FirewallRules: [{086449D5-4FAA-4E76-9EED-1F6DE0E8AD0B}] => (Allow) C:\Program Files (x86)\PremierOpinion\pmropn.exe
FirewallRules: [{34A7B414-78E4-48FB-A3D5-5F3A10CD94A3}] => (Allow) C:\Users\arlene.mandia\AppData\Roaming\uTorrent\uTorrent.exe
FirewallRules: [{5775BCE4-66B3-4C2C-A361-94595CC4AEB7}] => (Allow) C:\Users\arlene.mandia\AppData\Roaming\uTorrent\uTorrent.exe
FirewallRules: [{164D301B-D816-474E-8930-0D6297BA694E}] => (Allow) C:\Users\arlene.mandia\Downloads\ProductDetection.exe
FirewallRules: [{EB82EDFD-D7BE-437C-9CE5-57E7866DA776}] => (Allow) C:\Users\arlene.mandia\Downloads\ProductDetection.exe
Save it to the same location as FRST as fixlist.txt.
  • Open up FRST, and click the Fix button. If it asks you to reboot in order to complete the fix, please do so.
  • Once it's done fixing things, it will create Fixlog.txt in the same folder. Please copy and paste it into your reply.
Uninstall a Program
 
Now, I'd like to ask you to uninstall something using either Apps and Features or Revo Uninstaller. PremierOpinion appears to be a notorious specimen of adware, and is generally installed as bundled software with something else. While it isn't particularly dangerous, it should still be removed.
 
If you want to use Apps and Features:
  • Go to Start > Settings > Apps. Once it loads all the programs, uninstall PremierOpinion, if present, by clicking Uninstall, and following the prompts in the uninstaller.
If you have any problems uninstalling a program using Apps and Features, proceed to the below method.
 
If you want to use Revo Uninstaller (which does a better job at cleaning up):
  • Download Revo from here, and save it to your desktop.
  • Double click the installer on your desktop, and let the program install.
  • Once it's done, double click the Revo Uninstaller shortcut on your desktop to run it. Once it loads all the programs, uninstall PremierOpinion, if present.
  • Double click the program, and follow the prompts in the built-in uninstaller (except prompts to reboot; only do so when you are finished using Revo, if needed). Once the built-in uninstaller is finished, ensure the Moderate option is selected in Revo, and click Scan.
  • If any registry remnants are found, check only the bold items. If there is a closed folder visible, click the + to expand it until you find the bold item. Then Delete the remnants.
  • Proceed again, and if any files/folders were found, delete those, too.
VirusTotal
 
I need you to scan a couple of suspicious files with VirusTotal.
  • Visit VirusTotal, and click Choose File. Navigate to the following files and choose them, one at a time:
C:\WINDOWS\System32\DRIVERS\Fastboot.sys
C:\WINDOWS\system32\Notifier.exe
  • Click Scan it! after choosing your file. If you receive a message telling you the file has already been scanned, please scan it again anyway.
  • Once VirusTotal is done scanning the file, copy and paste each of the URLs of the scan results into your reply.
Your Camera
 
I am not necessarily sure your camera issue is due to malware; nothing I've come across should tamper with it at all. I'll do what I can to help you fix it, although I may end up redirecting you to a different part of the forum where others have more expertise with issues such as these. :)
 
For starters, try reinstalling your camera. To do this:
  • Hold down the Windows key, hit R, type devmgmt.msc into the run box that appears, and hit enter.
  • Once the list of devices loads, find the section for Cameras. Click the arrow next to it to expand it, and find your camera in the list. Double-click it.
  • Once the properties window opens, click the Driver tab and click Uninstall Device. Confirm this action, and once it's done, reboot your computer; this will automatically reinstall your camera.
Any better after doing that?

 

Final Notes

 

The picture your wallpaper changed to is located in this folder: C:\Users\arlene.mandia\Desktop\ScreenSavers

Do you recognize it or anything in it? If not, you may wish to delete it.

 

Gunto


Beautiful avatar by Plumbeck!

 

Bury me in honor; when I'm dead and hit the ground, a love back home, it unfolds...


#9 binder

binder
  • Topic Starter

  • Members
  • 10 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Philippines
  • Local time:03:17 AM

Posted 01 August 2018 - 03:34 AM

Fix result of Farbar Recovery Scan Tool (x64) Version: 21.07.2018
Ran by arlene.mandia (01-08-2018 16:14:13) Run:1
Running from C:\Users\arlene.mandia\Downloads
Loaded Profiles: arlene.mandia (Available Profiles: arlene.mandia)
Boot Mode: Normal
==============================================
 
fixlist content:
*****************
HKLM-x32\...\Run: [iTunesHelper] => C:\Program Files (x86)\iTunes\iTunesHelper.exe [421160 2011-06-07] (Apple Inc.)
HKLM\...\Policies\Explorer: [Max Cached Icons] 2000
HKU\S-1-5-19\...\RunOnce: [WAB Migrate] => C:\Program Files\Windows Mail\wab.exe [518144 2018-04-12] (Microsoft Corporation)
HKU\S-1-5-20\...\RunOnce: [WAB Migrate] => C:\Program Files\Windows Mail\wab.exe [518144 2018-04-12] (Microsoft Corporation)
HKU\S-1-5-21-2204550158-3753436120-1288192212-1001\...\Run: [BingSvc] => C:\Users\arlene.mandia\AppData\Local\Microsoft\BingSvc\BingSvc.exe [144008 2015-11-05] (� 2015 Microsoft Corporation)
HKLM-x32\...\Run: [Monitor] => C:\Program Files (x86)\LeapFrog\LeapFrog Connect\Monitor.exe [124544 2016-02-11] (LeapFrog Enterprises, Inc.)
HKLM\...\Run: [RtHDVBg_Dolby] => C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe [1415928 2015-11-18] (Realtek Semiconductor)
HKLM\...\Run: [RtHDVBg_LENOVO_DOLBYDRAGON] => C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe [1415928 2015-11-18] (Realtek Semiconductor)
HKLM\...\Run: [RtHDVBg_LENOVO_MICPKEY] => C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe [1415928 2015-11-18] (Realtek Semiconductor)
HKU\S-1-5-21-2204550158-3753436120-1288192212-1001\...\Policies\Explorer: [NoLowDiskSpaceChecks] 1
GroupPolicy: Restriction - Chrome <==== ATTENTION
CHR HKLM\SOFTWARE\Policies\Google: Restriction <==== ATTENTION
HKU\S-1-5-21-2204550158-3753436120-1288192212-1001\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://lenovo13.msn.com/?pc=LCJB
HKU\S-1-5-21-2204550158-3753436120-1288192212-1001\Software\Microsoft\Internet Explorer\Main,Secondary Start Pages = hxxp://mystart.lenovo.com
SearchScopes: HKLM -> DefaultScope {91F51ED2-4C4F-4B0D-9709-9A94D2B70947} URL = hxxp://searchinterneat-a.akamaihd.net/s?eq=U0EeE1xZE1oZB1ZEfV8MVV1JEwdCbQsMAw9cFQ1CeBRaWAgVDAZHJQoMVlpGRVcQcB9aFQQTSEcFME0FCFwEURNNfXRZD0AjREZWLE1LKUwT&q={searchTerms}
SearchScopes: HKLM -> {91F51ED2-4C4F-4B0D-9709-9A94D2B70947} URL = hxxp://searchinterneat-a.akamaihd.net/s?eq=U0EeE1xZE1oZB1ZEfV8MVV1JEwdCbQsMAw9cFQ1CeBRaWAgVDAZHJQoMVlpGRVcQcB9aFQQTSEcFME0FCFwEURNNfXRZD0AjREZWLE1LKUwT&q={searchTerms}
SearchScopes: HKU\S-1-5-21-2204550158-3753436120-1288192212-1001 -> DefaultScope {91F51ED2-4C4F-4B0D-9709-9A94D2B70947} URL = hxxp://searchinterneat-a.akamaihd.net/s?eq=U0EeE1xZE1oZB1ZEfV8MVV1JEwdCbQsMAw9cFQ1CeBRaWAgVDAZHJQoMVlpGRVcQcB9aFQQTSEcFME0FCFwEURNNfXRZD0AjREZWLE1LKUwT&q={searchTerms}
SearchScopes: HKU\S-1-5-21-2204550158-3753436120-1288192212-1001 -> OldSearch URL = SearchScopes: HKU\S-1-5-21-2204550158-3753436120-1288192212-1001 -> {91F51ED2-4C4F-4B0D-9709-9A94D2B70947} URL = hxxp://searchinterneat-a.akamaihd.net/s?eq=U0EeE1xZE1oZB1ZEfV8MVV1JEwdCbQsMAw9cFQ1CeBRaWAgVDAZHJQoMVlpGRVcQcB9aFQQTSEcFME0FCFwEURNNfXRZD0AjREZWLE1LKUwT&q={searchTerms}
SearchScopes: HKU\S-1-5-21-2204550158-3753436120-1288192212-1001 -> {a62abdee-78a2-4ddb-9355-1c334abd6e43} URL = hxxps://sg.search.yahoo.com/yhs/search?hspart=arh&hsimp=yhs-001&type=xy_5e6f625a&param1=ArFaIWJoNqArQGMVHFFoNqAqBbFaISMmQGR7xTVoN9IAy7IsQGR7B7JoN9JbDSk8vFE9GqQANFdcFCk8NVE4JaYTvmk3vGYWwVI9JaYUNVVdIqYTwVM4JqYWwVI9GqYVNUI3wGYGwVM4J6IYvFM9GqUNNos3wCIYwVA9JmIVwVA9ISITwVI9GqUNNFM3wGQENEVcGCIXwVQ9ImIWwVA9ISILNFdcIaUXNEBcGqQANFdcFCk8NoM4IGYUvmo9JaYYvmo4ISIYwVw9JGYYNVRdISISvFM9ISIVvmo9I6IWNVM4ICoUwVw9J6IXwVU4ICoVNVM4IWYXvFNdISIVvFNbFCILNF9cIqUXNolcEqULNopcGWUIvmFbFaYXNVM4ICIWvFQ4ISoUvFE9I6k4NVJdIqYYwVw4IGYVvmo3vmISNVRdJGYUNVM9I6oUvmpdImoUvFE9J6oXwVRdJmIYNVM9JqQIwV5dJGYNvmE4IHFbMnMbQGMVNGt6MqJaLGt7MrFbMnVoN9I4ATsux81cMo1bME0exnwfyXFbMn0aC6AoxrFaIWVdOqZoNqAexbFaIUwkynIew6NoNpRcNXFbJpseyDF%3D&param2=NGV9MWxaLWtcNd%3D%3D&p={searchTerms}
BHO-x32: Many Results Hub -> {be1a5d83-523d-4a57-bc56-65afe77fd42a} -> C:\Program Files (x86)\Many Results Hub\Extensions\be1a5d83-523d-4a57-bc56-65afe77fd42a.dll => No File
FF Extension: (PremierOpinion) - C:\Program Files (x86)\PremierOpinion\firefox [2015-10-24] [Legacy] [not signed]
FF Plugin-x32: @t.garena.com/garenatalk -> C:\Program Files (x86)\Garena Plus\bbtalk\plugins\npPlugin\npGarenaTalkPlugin.dll [No File]
HKU\S-1-5-21-2204550158-3753436120-1288192212-1001\...\Run: [GoogleChromeAutoLaunch_9DABAC5BEB29F7A89F3C2463DE3BB452] => "C:\Users\arlene.mandia\AppData\Local\Chromium\Application\chrome.exe" --auto-launch-at-startup --profile-directory="Default" --restore-last-sessionCHR RestoreOnStartup: Default -> "hxxp://searchinterneat-a.akamaihd.net/hm?eq=U0EeCFZVBB8SRghFdA1cWQtDQBgRdFsOTA1JQA0OIgAJBRRCRVAQdA5bVl0TEgUFIk0FA1oDB0VXfV5bFElXTwhuIVdBM1wCVFlXM3FNAw=="
CHR Extension: (Directions.cm) - C:\Users\arlene.mandia\AppData\Local\Google\Chrome\User Data\Default\Extensions\bkcjncmijlkmlignahmdgbjldkmfiikg [2018-06-11]
CHR Extension: (Many Results Hub) - C:\Users\arlene.mandia\AppData\Local\Google\Chrome\User Data\Default\Extensions\gfeloffoaccpdkflcgmmgeeaklgdhjng [2016-07-03] [UpdateUrl: hxxp://cdn.manyresultshub.com/update] <==== ATTENTION
CHR Extension: (EasyPDFCombine) - C:\Users\arlene.mandia\AppData\Local\Google\Chrome\User Data\Default\Extensions\kpocjpoifmommoiiiamepombpeoaehfh [2018-04-29]
CHR Extension: (PremierOpinion) - C:\Users\arlene.mandia\AppData\Local\Google\Chrome\User Data\Default\Extensions\mkndcbhcgphcfkkddanakjiepeknbgle [2016-06-29]
CHR Extension: (Chrome Media Router) - C:\Users\arlene.mandia\AppData\Local\Google\Chrome\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm [2018-06-17]
CHR HKLM-x32\...\Chrome\Extension: [mkndcbhcgphcfkkddanakjiepeknbgle] - C:\Program Files (x86)\PremierOpinion\pmcm.crx [2015-10-24]
U3 mfeavfk01; no ImagePath
S3 MFE_RR; C:\Users\ARLENE~1.MAN\AppData\Local\Temp\mfe_rr.sys [24120 2018-07-29] (McAfee, Inc.) <==== ATTENTION
C:\Users\ARLENE~1.MAN\AppData\Local\Temp\mfe_rr.sys
C:\Users\arlene.mandia\Downloads\ViberSetup (6).exe
C:\Users\arlene.mandia\Downloads\ViberSetup (4).exe
C:\Users\arlene.mandia\AppData\Roaming\sb859.dat
C:\Users\arlene.mandia\AppData\Roaming\WB.CFG
64 Bit HP CIO Components Installer (HKLM\...\{FF21C3E6-97FD-474F-9518-8DCBE94C2854}) (Version: 7.2.8 - Hewlett-Packard) Hidden
BufferChm (HKLM-x32\...\{FA0FF682-CC70-4C57-93CD-E276F3E7537E}) (Version: 140.0.298.000 - Hewlett-Packard) Hidden
Copy (HKLM-x32\...\{9BE466FF-70B7-4DA8-807C-DB4C3610FDAA}) (Version: 140.0.298.000 - Hewlett-Packard) Hidden
CyberLink PowerDirector 10 (HKLM\...\{B0B4F6D2-F2AE-451A-9496-6F2F6A897B32}) (Version: 10.0.0.2810 - CyberLink Corp.) Hidden
D3DX10 (HKLM-x32\...\{E09C4DB7-630C-4F06-A631-8EA7239923AF}) (Version: 15.4.2368.0902 - Microsoft) Hidden
Dependency Package Update (HKLM-x32\...\{3117B53D-A409-4D99-A0DE-11A1A40696FA}) (Version: 1.6.32.00 - Lenovo Group Limited) Hidden
Dependency Package Update (HKLM-x32\...\{4430150F-61B3-4142-BE04-EAC68C8DDA18}) (Version: 1.6.32.00 - Lenovo Group Limited) Hidden
Dependency Package Update (HKLM-x32\...\{4AF6C9BC-D8DB-4286-94D9-474CE54ADAA2}) (Version: 1.6.38.00 - Lenovo Group Limited) Hidden
Dependency Package Update (HKLM-x32\...\{503B47A9-E34A-4841-ADD7-417191D5DB5E}) (Version: 1.6.32.00 - Lenovo Group Limited) Hidden
Dependency Package Update (HKLM-x32\...\{546FF45D-2467-4950-AAFB-0A06ACBB6B2C}) (Version: 1.6.32.00 - Lenovo Group Limited) Hidden
Dependency Package Update (HKLM-x32\...\{5B2190E9-199D-450A-94B3-4D6826C770C2}) (Version: 1.6.32.00 - Lenovo Group Limited) Hidden
Dependency Package Update (HKLM-x32\...\{5BEFE1E1-F597-4B79-913B-15FFDB25B744}) (Version: 1.6.32.00 - Lenovo Group Limited) Hidden
Dependency Package Update (HKLM-x32\...\{63DE35C9-B080-4D03-B110-99E14FD35BCE}) (Version: 1.6.32.00 - Lenovo Group Limited) Hidden
Dependency Package Update (HKLM-x32\...\{65316098-0220-4D5C-B37A-6136083A0897}) (Version: 1.6.32.00 - Lenovo Group Limited) Hidden
Dependency Package Update (HKLM-x32\...\{E966DBE4-5075-465E-BA81-BC9A3A3204B3}) (Version: 1.6.32.00 - Lenovo Group Limited) Hidden
Destinations (HKLM-x32\...\{BD7204BA-DD64-499E-9B55-6A282CDF4FA4}) (Version: 140.0.253.000 - Hewlett-Packard) Hidden
DeviceDiscovery (HKLM-x32\...\{1458BB78-1DC5-4BC0-B9A3-2B644F5A8105}) (Version: 140.0.298.000 - Hewlett-Packard) Hidden
DJ_AIO_03_F2200_Software_Min (HKLM-x32\...\{2711B584-259B-4723-A6F2-F3CFA291AFA2}) (Version: 140.0.425.000 - Hewlett-Packard) Hidden
DocProc (HKLM-x32\...\{9B362566-EC1B-4700-BB9C-EC661BDE2175}) (Version: 140.0.185.000 - Hewlett-Packard) Hidden
F2200 (HKLM-x32\...\{C81DA04A-1D44-4D4A-8108-5129331BBA00}) (Version: 140.0.425.000 - Hewlett-Packard) Hidden
Google Update Helper (HKLM-x32\...\{60EC980A-BDA2-4CB6-A427-B07A5498B4CA}) (Version: 1.3.33.17 - Google Inc.) Hidden
GPBaseService2 (HKLM-x32\...\{BB3447F6-9553-4AA9-960E-0DB5310C5779}) (Version: 140.0.297.000 - Hewlett-Packard) Hidden
HPPhotoGadget (HKLM-x32\...\{CAE4213F-F797-439D-BD9E-79B71D115BE3}) (Version: 140.0.524.000 - Hewlett-Packard) Hidden
HPProductAssistant (HKLM-x32\...\{150B6201-E9E6-4DFB-960E-CCBD53FBDDED}) (Version: 140.0.298.000 - Hewlett-Packard) Hidden
HPSSupply (HKLM-x32\...\{AC35A885-0F8F-4857-B7DA-6E8DFB43E6B3}) (Version: 140.0.297.000 - Hewlett-Packard) Hidden
Intel� Chipset Device Software (HKLM-x32\...\{f5d71765-7cd1-4e68-998f-5b379e725da3}) (Version: 10.0.22 - Intel� Corporation) Hidden
LeapFrog Connect (HKLM-x32\...\{97CD1D2B-20BD-40E8-825E-B4BDA5071B73}) (Version: 7.0.7.20035 - LeapFrog) Hidden
LeapFrog LeapReader Plugin (HKLM-x32\...\{53136BA4-AEC5-4695-9A51-7C63B7F32E7C}) (Version: 7.0.6.19846 - LeapFrog) Hidden
Lenovo Mobile Phone Wireless Import (HKLM-x32\...\{DFB2E0D6-8DDE-49A4-B8F7-03C14DACCBA6}) (Version: 1.1.1.9 - Lenovo) Hidden
Lenovo Motion Control (HKLM-x32\...\{D3F38500-4C99-4E4F-9786-B907224E13A1}) (Version: 2.6.0.0528 - PointGrab) Hidden
Lenovo OneKey Recovery (HKLM\...\{46F4D124-20E5-4D12-BE52-EC177A7A4B42}) (Version: 8.1.0.4706 - CyberLink Corp.) Hidden
Lenovo Patch Utility (HKLM-x32\...\{E8F27ADF-B1ED-41AF-A7EF-D5E71778480C}) (Version: 1.3.2.6 - Lenovo Group Limited) Hidden
Lenovo Patch Utility 64 bit (HKLM\...\{49A09C2C-FFF4-478E-B397-5E0979F67F5D}) (Version: 1.3.2.6 - Lenovo Group Limited) Hidden
Lenovo PhoneCompanion (HKLM-x32\...\{0F82EA83-B0C5-4AB9-9695-DFE92C5FD57B}) (Version: 2.0.0.19 - Lenovo) Hidden
MarketResearch (HKLM-x32\...\{D360FA88-17C8-4F14-B67F-13AAF9607B12}) (Version: 140.0.212.000 - Hewlett-Packard) Hidden
Metric Collection SDK 35 (HKLM-x32\...\{C2B5B5B0-2545-4E94-B4BA-548D4BF0B196}) (Version: 1.2.0006.00 - Lenovo Group Limited) Hidden
Movie Maker (HKLM-x32\...\{38F03569-A636-4CF3-BDDE-032C8C251304}) (Version: 16.4.3528.0331 - Microsoft Corporation) Hidden
Movie Maker (HKLM-x32\...\{DD67BE4B-7E62-4215-AFA3-F123A800A389}) (Version: 16.4.3528.0331 - Microsoft Corporation) Hidden
Office 16 Click-to-Run Extensibility Component (HKLM-x32\...\{90160000-008C-0000-0000-0000000FF1CE}) (Version: 16.0.10228.20134 - Microsoft Corporation) Hidden
Office 16 Click-to-Run Extensibility Component 64-bit Registration (HKLM\...\{90160000-00DD-0000-1000-0000000FF1CE}) (Version: 16.0.10228.20134 - Microsoft Corporation) Hidden
Office 16 Click-to-Run Licensing Component (HKLM\...\{90160000-008F-0000-1000-0000000FF1CE}) (Version: 16.0.10228.20134 - Microsoft Corporation) Hidden
Office 16 Click-to-Run Localization Component (HKLM-x32\...\{90160000-008C-0409-0000-0000000FF1CE}) (Version: 16.0.10228.20134 - Microsoft Corporation) Hidden
OneKey Optimizer (HKLM-x32\...\{D5D573DC-D989-4769-9B56-D6A7EA503D7F}) (Version: 1.1.20.16 - Lenovo) Hidden
osrss (HKLM-x32\...\{1BA1133B-1C7A-41A0-8CBF-9B993E63D296}) (Version: 1.0.0 - Microsoft Corporation) Hidden
Scan (HKLM-x32\...\{06A1D88C-E102-4527-AF70-29FFD7AF215A}) (Version: 140.0.253.000 - Hewlett-Packard) Hidden
SHIELD Streaming (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_GFExperience.NvStreamSrv) (Version: 3.1.3000 - NVIDIA Corporation) Hidden
SHIELD Wireless Controller Driver (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_ShieldWirelessController) (Version: 16.18.10 - NVIDIA Corporation) Hidden
SolutionCenter (HKLM-x32\...\{BC5DD87B-0143-4D14-AAE6-97109614DC6B}) (Version: 140.0.299.000 - Hewlett-Packard) Hidden
Status (HKLM-x32\...\{5B025634-7D5B-4B8D-BE2A-7943C1CF2D5D}) (Version: 140.0.342.000 - Hewlett-Packard) Hidden
Toolbox (HKLM-x32\...\{292F0F52-B62D-4E71-921B-89A682402201}) (Version: 140.0.596.000 - Hewlett-Packard) Hidden
TrayApp (HKLM-x32\...\{CD31E63D-47FD-491C-8117-CF201D0AFAB5}) (Version: 140.0.297.000 - Hewlett-Packard) Hidden
UpdateAssistant (HKLM\...\{57D07AAD-97E2-4E16-89C4-1A3C51BC9C98}) (Version: 1.16.0.0 - Microsoft Corporation) Hidden
User Manuals (HKLM-x32\...\{F07C2CF8-4C53-4EC3-8162-A6221E36EB88}) (Version: 3.0.0.3 - Lenovo) Hidden
Viber (HKLM-x32\...\{EB5ED85E-A993-4615-9027-A00679FD8790}) (Version: 9.3.0.4 - Viber Media Inc.) Hidden
WebReg (HKLM-x32\...\{8EE94FD8-5F52-4463-A340-185D16328158}) (Version: 140.0.297.017 - Hewlett-Packard) Hidden
CustomCLSID: HKU\S-1-5-21-2204550158-3753436120-1288192212-1001_Classes\CLSID\{cece6816-6107-4dc7-bdbc-20cd5ae1ffed}\localserver32 -> C:\ProgramData\Lenovo\ImController\Plugins\LenovoAppPromotionPlugin\x64\DesktopToastsHelper.exe => No File
ContextMenuHandlers5: [igfxcui] -> {3AB1675A-CCFF-11D2-8B20-00A0C93CB1F4} =>  -> No File
Task: {1572B069-8045-4170-BE8E-7869B9D111CF} - \Microsoft\Windows\Setup\GWXTriggers\OutOfSleep-5d -> No File <==== ATTENTION
Task: {26CDD59B-5F82-40D8-A406-75FF15919B3C} - \Microsoft\Windows\Setup\gwx\refreshgwxcontent -> No File <==== ATTENTION
Task: {3E48959B-31B9-4C9B-9C37-FE4F23CC94A8} - \Microsoft\Windows\Setup\GWXTriggers\refreshgwxconfig-B -> No File <==== ATTENTION
Task: {3F660C2D-DEED-4D1D-B68E-F49C13D345E5} - \Microsoft\Windows\Setup\GWXTriggers\Time-5d -> No File <==== ATTENTION
Task: {4761EC9C-5AEE-4026-BC78-260E7F599323} - \WPD\SqmUpload_S-1-5-21-2204550158-3753436120-1288192212-1001 -> No File <==== ATTENTION
Task: {4B8417A9-0E21-44B3-9C68-7B3ABC3F6AE8} - \Microsoft\Windows\Setup\GWXTriggers\Telemetry-4xd -> No File <==== ATTENTION
Task: {5C2B51B4-1187-4B90-8AC9-1C19180EBD7D} - \Microsoft\Windows\Setup\gwx\refreshgwxconfigandcontent -> No File <==== ATTENTION
Task: {60C1D271-4568-4337-BD42-9A6069E9C01A} - \Microsoft\Windows\Setup\gwx\refreshgwxconfig -> No File <==== ATTENTION
Task: {6DCAE760-DEE1-4CBA-A037-C85487403D49} - \Microsoft\Windows\Setup\GWXTriggers\Logon-5d -> No File <==== ATTENTION
Task: {7D0AB91E-093F-4380-B1FC-E2DC4D5C546E} - \Microsoft\Windows\UNP\RunCampaignManager -> No File <==== ATTENTION
Task: {80DFEAD3-E402-462E-80C1-F9325578EB7D} - \Microsoft\Windows\Setup\gwx\launchtrayprocess -> No File <==== ATTENTION
Task: {9A6402BD-B715-41D6-B5A6-0205B3CF85BC} - \Microsoft\Windows\Setup\GWXTriggers\MachineUnlock-5d -> No File <==== ATTENTION
Task: {B2586150-2515-4329-9792-10D383C9977E} - \Microsoft\Windows\Setup\GWXTriggers\OutOfIdle-5d -> No File <==== ATTENTION
Task: {B540AF8D-2C37-4338-8A8C-E3BAE9BD3176} - System32\Tasks\Microsoft\Windows\Setup\Notifier => C:\WINDOWS\system32\Notifier.exe
Task: {EBC87786-E733-480E-B313-E6CE76C69DEB} - \McAfee\McAfee Idle Detection Task -> No File <==== ATTENTION
Hosts:
FirewallRules: [{278B1DA0-CEC7-4216-9B10-7709388F8117}] => (Allow) C:\Users\arlene.mandia\AppData\Roaming\uTorrent\uTorrent.exe
FirewallRules: [{CDAE2898-3EAD-4263-84B3-E9B03A7C1F00}] => (Allow) C:\Users\arlene.mandia\AppData\Roaming\uTorrent\uTorrent.exe
FirewallRules: [{35F188D6-460F-4C43-B9C0-2097E062DD0F}] => (Allow) F:\LoLInstaller.exe
FirewallRules: [{BF5CE937-3D45-419A-BB03-FD0F33D50F72}] => (Allow) F:\LoLInstaller.exe
FirewallRules: [{47A3D44B-E46B-475D-88B0-3DF2FFE23C08}] => (Allow) C:\Program Files (x86)\PremierOpinion\pmropn.exe
FirewallRules: [{086449D5-4FAA-4E76-9EED-1F6DE0E8AD0B}] => (Allow) C:\Program Files (x86)\PremierOpinion\pmropn.exe
FirewallRules: [{34A7B414-78E4-48FB-A3D5-5F3A10CD94A3}] => (Allow) C:\Users\arlene.mandia\AppData\Roaming\uTorrent\uTorrent.exe
FirewallRules: [{5775BCE4-66B3-4C2C-A361-94595CC4AEB7}] => (Allow) C:\Users\arlene.mandia\AppData\Roaming\uTorrent\uTorrent.exe
FirewallRules: [{164D301B-D816-474E-8930-0D6297BA694E}] => (Allow) C:\Users\arlene.mandia\Downloads\ProductDetection.exe
FirewallRules: [{EB82EDFD-D7BE-437C-9CE5-57E7866DA776}] => (Allow) C:\Users\arlene.mandia\Downloads\ProductDetection.exe
*****************
 
"HKLM\Software\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\\iTunesHelper" => removed successfully
"HKLM\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\\Max Cached Icons" => removed successfully
"HKU\S-1-5-19\Software\Microsoft\Windows\CurrentVersion\RunOnce\\WAB Migrate" => removed successfully
"HKU\S-1-5-20\Software\Microsoft\Windows\CurrentVersion\RunOnce\\WAB Migrate" => removed successfully
"HKU\S-1-5-21-2204550158-3753436120-1288192212-1001\Software\Microsoft\Windows\CurrentVersion\Run\\BingSvc" => removed successfully
"HKLM\Software\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\\Monitor" => removed successfully
"HKLM\Software\Microsoft\Windows\CurrentVersion\Run\\RtHDVBg_Dolby" => removed successfully
"HKLM\Software\Microsoft\Windows\CurrentVersion\Run\\RtHDVBg_LENOVO_DOLBYDRAGON" => removed successfully
"HKLM\Software\Microsoft\Windows\CurrentVersion\Run\\RtHDVBg_LENOVO_MICPKEY" => removed successfully
"HKU\S-1-5-21-2204550158-3753436120-1288192212-1001\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\\NoLowDiskSpaceChecks" => removed successfully
C:\WINDOWS\system32\GroupPolicy\Machine => moved successfully
C:\WINDOWS\system32\GroupPolicy\GPT.ini => moved successfully
"HKLM\SOFTWARE\Policies\Google" => removed successfully
HKU\S-1-5-21-2204550158-3753436120-1288192212-1001\Software\Microsoft\Internet Explorer\Main\\Default_Page_URL => value restored successfully
"HKU\S-1-5-21-2204550158-3753436120-1288192212-1001\Software\Microsoft\Internet Explorer\Main\\Secondary Start Pages" => removed successfully
HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope => value restored successfully
"HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{91F51ED2-4C4F-4B0D-9709-9A94D2B70947}" => removed successfully
HKLM\Software\Classes\CLSID\{91F51ED2-4C4F-4B0D-9709-9A94D2B70947} => not found
"HKU\S-1-5-21-2204550158-3753436120-1288192212-1001\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope" => removed successfully
"HKU\S-1-5-21-2204550158-3753436120-1288192212-1001\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\OldSearch URL = SearchScopes: HKU\S-1-5-21-2204550158-3753436120-1288192212-1001 -> {91F51ED2-4C4F-4B0D-9709-9A94D2B70947}" => not found
"HKLM\Software\Classes\CLSID\OldSearch URL = SearchScopes: HKU\S-1-5-21-2204550158-3753436120-1288192212-1001 -> {91F51ED2-4C4F-4B0D-9709-9A94D2B70947}" => not found
"HKU\S-1-5-21-2204550158-3753436120-1288192212-1001\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{a62abdee-78a2-4ddb-9355-1c334abd6e43}" => removed successfully
HKLM\Software\Classes\CLSID\{a62abdee-78a2-4ddb-9355-1c334abd6e43} => not found
"HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{be1a5d83-523d-4a57-bc56-65afe77fd42a}" => removed successfully
"HKLM\Software\Wow6432Node\Classes\CLSID\{be1a5d83-523d-4a57-bc56-65afe77fd42a}" => removed successfully
C:\Program Files (x86)\PremierOpinion\firefox => moved successfully
"HKLM\Software\Wow6432Node\MozillaPlugins\@t.garena.com/garenatalk" => removed successfully
"RestoreOnStartup" => not found
CHR Extension: (Directions.cm) - C:\Users\arlene.mandia\AppData\Local\Google\Chrome\User Data\Default\Extensions\bkcjncmijlkmlignahmdgbjldkmfiikg [2018-06-11] => Error: No automatic fix found for this entry.
CHR Extension: (Many Results Hub) - C:\Users\arlene.mandia\AppData\Local\Google\Chrome\User Data\Default\Extensions\gfeloffoaccpdkflcgmmgeeaklgdhjng [2016-07-03] [UpdateUrl: hxxp://cdn.manyresultshub.com/update] <==== ATTENTION => Error: No automatic fix found for this entry.
CHR Extension: (EasyPDFCombine) - C:\Users\arlene.mandia\AppData\Local\Google\Chrome\User Data\Default\Extensions\kpocjpoifmommoiiiamepombpeoaehfh [2018-04-29] => Error: No automatic fix found for this entry.
CHR Extension: (PremierOpinion) - C:\Users\arlene.mandia\AppData\Local\Google\Chrome\User Data\Default\Extensions\mkndcbhcgphcfkkddanakjiepeknbgle [2016-06-29] => Error: No automatic fix found for this entry.
CHR Extension: (Chrome Media Router) - C:\Users\arlene.mandia\AppData\Local\Google\Chrome\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm [2018-06-17] => Error: No automatic fix found for this entry.
"HKLM\SOFTWARE\Wow6432Node\Google\Chrome\Extensions\mkndcbhcgphcfkkddanakjiepeknbgle" => removed successfully
C:\Program Files (x86)\PremierOpinion\pmcm.crx => moved successfully
"HKLM\System\CurrentControlSet\Services\mfeavfk01" => removed successfully
mfeavfk01 => service removed successfully
"HKLM\System\CurrentControlSet\Services\MFE_RR" => removed successfully
MFE_RR => service removed successfully
C:\Users\ARLENE~1.MAN\AppData\Local\Temp\mfe_rr.sys => moved successfully
C:\Users\arlene.mandia\Downloads\ViberSetup (6).exe => moved successfully
C:\Users\arlene.mandia\Downloads\ViberSetup (4).exe => moved successfully
C:\Users\arlene.mandia\AppData\Roaming\sb859.dat => moved successfully
C:\Users\arlene.mandia\AppData\Roaming\WB.CFG => moved successfully
"HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{FF21C3E6-97FD-474F-9518-8DCBE94C2854}\\SystemComponent" => removed successfully
"HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{FA0FF682-CC70-4C57-93CD-E276F3E7537E}\\SystemComponent" => removed successfully
"HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{9BE466FF-70B7-4DA8-807C-DB4C3610FDAA}\\SystemComponent" => removed successfully
"HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{B0B4F6D2-F2AE-451A-9496-6F2F6A897B32}\\SystemComponent" => removed successfully
"HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{E09C4DB7-630C-4F06-A631-8EA7239923AF}\\SystemComponent" => removed successfully
"HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{3117B53D-A409-4D99-A0DE-11A1A40696FA}\\SystemComponent" => removed successfully
"HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{4430150F-61B3-4142-BE04-EAC68C8DDA18}\\SystemComponent" => removed successfully
"HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{4AF6C9BC-D8DB-4286-94D9-474CE54ADAA2}\\SystemComponent" => removed successfully
"HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{503B47A9-E34A-4841-ADD7-417191D5DB5E}\\SystemComponent" => removed successfully
"HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{546FF45D-2467-4950-AAFB-0A06ACBB6B2C}\\SystemComponent" => removed successfully
"HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{5B2190E9-199D-450A-94B3-4D6826C770C2}\\SystemComponent" => removed successfully
"HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{5BEFE1E1-F597-4B79-913B-15FFDB25B744}\\SystemComponent" => removed successfully
"HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{63DE35C9-B080-4D03-B110-99E14FD35BCE}\\SystemComponent" => removed successfully
"HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{65316098-0220-4D5C-B37A-6136083A0897}\\SystemComponent" => removed successfully
"HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{E966DBE4-5075-465E-BA81-BC9A3A3204B3}\\SystemComponent" => removed successfully
"HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{BD7204BA-DD64-499E-9B55-6A282CDF4FA4}\\SystemComponent" => removed successfully
"HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{1458BB78-1DC5-4BC0-B9A3-2B644F5A8105}\\SystemComponent" => removed successfully
"HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{2711B584-259B-4723-A6F2-F3CFA291AFA2}\\SystemComponent" => removed successfully
"HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{9B362566-EC1B-4700-BB9C-EC661BDE2175}\\SystemComponent" => removed successfully
"HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{C81DA04A-1D44-4D4A-8108-5129331BBA00}\\SystemComponent" => removed successfully
"HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{60EC980A-BDA2-4CB6-A427-B07A5498B4CA}\\SystemComponent" => removed successfully
"HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{BB3447F6-9553-4AA9-960E-0DB5310C5779}\\SystemComponent" => removed successfully
"HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{CAE4213F-F797-439D-BD9E-79B71D115BE3}\\SystemComponent" => removed successfully
"HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{150B6201-E9E6-4DFB-960E-CCBD53FBDDED}\\SystemComponent" => removed successfully
"HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{AC35A885-0F8F-4857-B7DA-6E8DFB43E6B3}\\SystemComponent" => removed successfully
"HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{f5d71765-7cd1-4e68-998f-5b379e725da3}\\SystemComponent" => removed successfully
"HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{97CD1D2B-20BD-40E8-825E-B4BDA5071B73}\\SystemComponent" => removed successfully
"HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{53136BA4-AEC5-4695-9A51-7C63B7F32E7C}\\SystemComponent" => removed successfully
"HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{DFB2E0D6-8DDE-49A4-B8F7-03C14DACCBA6}\\SystemComponent" => removed successfully
"HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{D3F38500-4C99-4E4F-9786-B907224E13A1}\\SystemComponent" => removed successfully
"HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{46F4D124-20E5-4D12-BE52-EC177A7A4B42}\\SystemComponent" => removed successfully
"HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{E8F27ADF-B1ED-41AF-A7EF-D5E71778480C}\\SystemComponent" => removed successfully
"HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{49A09C2C-FFF4-478E-B397-5E0979F67F5D}\\SystemComponent" => removed successfully
"HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{0F82EA83-B0C5-4AB9-9695-DFE92C5FD57B}\\SystemComponent" => removed successfully
"HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{D360FA88-17C8-4F14-B67F-13AAF9607B12}\\SystemComponent" => removed successfully
"HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{C2B5B5B0-2545-4E94-B4BA-548D4BF0B196}\\SystemComponent" => removed successfully
"HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{38F03569-A636-4CF3-BDDE-032C8C251304}\\SystemComponent" => removed successfully
"HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{DD67BE4B-7E62-4215-AFA3-F123A800A389}\\SystemComponent" => removed successfully
"HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{90160000-008C-0000-0000-0000000FF1CE}\\SystemComponent" => removed successfully
"HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{90160000-00DD-0000-1000-0000000FF1CE}\\SystemComponent" => removed successfully
"HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{90160000-008F-0000-1000-0000000FF1CE}\\SystemComponent" => removed successfully
"HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{90160000-008C-0409-0000-0000000FF1CE}\\SystemComponent" => removed successfully
"HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{D5D573DC-D989-4769-9B56-D6A7EA503D7F}\\SystemComponent" => removed successfully
"HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{1BA1133B-1C7A-41A0-8CBF-9B993E63D296}\\SystemComponent" => removed successfully
"HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{06A1D88C-E102-4527-AF70-29FFD7AF215A}\\SystemComponent" => removed successfully
"HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_GFExperience.NvStreamSrv\\SystemComponent" => removed successfully
"HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_ShieldWirelessController\\SystemComponent" => removed successfully
"HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{BC5DD87B-0143-4D14-AAE6-97109614DC6B}\\SystemComponent" => removed successfully
"HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{5B025634-7D5B-4B8D-BE2A-7943C1CF2D5D}\\SystemComponent" => removed successfully
"HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{292F0F52-B62D-4E71-921B-89A682402201}\\SystemComponent" => removed successfully
"HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{CD31E63D-47FD-491C-8117-CF201D0AFAB5}\\SystemComponent" => removed successfully
"HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{57D07AAD-97E2-4E16-89C4-1A3C51BC9C98}\\SystemComponent" => removed successfully
"HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{F07C2CF8-4C53-4EC3-8162-A6221E36EB88}\\SystemComponent" => removed successfully
"HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{EB5ED85E-A993-4615-9027-A00679FD8790}\\SystemComponent" => removed successfully
"HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{8EE94FD8-5F52-4463-A340-185D16328158}\\SystemComponent" => removed successfully
"HKU\S-1-5-21-2204550158-3753436120-1288192212-1001_Classes\CLSID\{cece6816-6107-4dc7-bdbc-20cd5ae1ffed}" => removed successfully
"HKLM\Software\Classes\Directory\Background\ShellEx\ContextMenuHandlers\igfxcui" => removed successfully
HKLM\Software\Classes\CLSID\{3AB1675A-CCFF-11D2-8B20-00A0C93CB1F4} => not found
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{1572B069-8045-4170-BE8E-7869B9D111CF}" => removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{1572B069-8045-4170-BE8E-7869B9D111CF}" => removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Setup\GWXTriggers\OutOfSleep-5d" => removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{26CDD59B-5F82-40D8-A406-75FF15919B3C}" => removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{26CDD59B-5F82-40D8-A406-75FF15919B3C}" => removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Setup\gwx\refreshgwxcontent" => removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{3E48959B-31B9-4C9B-9C37-FE4F23CC94A8}" => removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{3E48959B-31B9-4C9B-9C37-FE4F23CC94A8}" => removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Setup\GWXTriggers\refreshgwxconfig-B" => removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{3F660C2D-DEED-4D1D-B68E-F49C13D345E5}" => removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{3F660C2D-DEED-4D1D-B68E-F49C13D345E5}" => removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Setup\GWXTriggers\Time-5d" => removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{4761EC9C-5AEE-4026-BC78-260E7F599323}" => removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{4761EC9C-5AEE-4026-BC78-260E7F599323}" => removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\WPD\SqmUpload_S-1-5-21-2204550158-3753436120-1288192212-1001" => removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{4B8417A9-0E21-44B3-9C68-7B3ABC3F6AE8}" => removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{4B8417A9-0E21-44B3-9C68-7B3ABC3F6AE8}" => removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Setup\GWXTriggers\Telemetry-4xd" => removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{5C2B51B4-1187-4B90-8AC9-1C19180EBD7D}" => removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{5C2B51B4-1187-4B90-8AC9-1C19180EBD7D}" => removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Setup\gwx\refreshgwxconfigandcontent" => removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{60C1D271-4568-4337-BD42-9A6069E9C01A}" => removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{60C1D271-4568-4337-BD42-9A6069E9C01A}" => removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Setup\gwx\refreshgwxconfig" => removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{6DCAE760-DEE1-4CBA-A037-C85487403D49}" => removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{6DCAE760-DEE1-4CBA-A037-C85487403D49}" => removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Setup\GWXTriggers\Logon-5d" => removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{7D0AB91E-093F-4380-B1FC-E2DC4D5C546E}" => removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{7D0AB91E-093F-4380-B1FC-E2DC4D5C546E}" => removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\UNP\RunCampaignManager => not found
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{80DFEAD3-E402-462E-80C1-F9325578EB7D}" => removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{80DFEAD3-E402-462E-80C1-F9325578EB7D}" => removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Setup\gwx\launchtrayprocess" => removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{9A6402BD-B715-41D6-B5A6-0205B3CF85BC}" => removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{9A6402BD-B715-41D6-B5A6-0205B3CF85BC}" => removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Setup\GWXTriggers\MachineUnlock-5d" => removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{B2586150-2515-4329-9792-10D383C9977E}" => removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{B2586150-2515-4329-9792-10D383C9977E}" => removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Setup\GWXTriggers\OutOfIdle-5d" => removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{B540AF8D-2C37-4338-8A8C-E3BAE9BD3176}" => removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{B540AF8D-2C37-4338-8A8C-E3BAE9BD3176}" => removed successfully
C:\WINDOWS\System32\Tasks\Microsoft\Windows\Setup\Notifier => moved successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Setup\Notifier" => removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{EBC87786-E733-480E-B313-E6CE76C69DEB}" => removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{EBC87786-E733-480E-B313-E6CE76C69DEB}" => removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\McAfee\McAfee Idle Detection Task" => removed successfully
C:\Windows\System32\Drivers\etc\hosts => moved successfully
Hosts restored successfully.
"HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{278B1DA0-CEC7-4216-9B10-7709388F8117}" => removed successfully
"HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{CDAE2898-3EAD-4263-84B3-E9B03A7C1F00}" => removed successfully
"HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{35F188D6-460F-4C43-B9C0-2097E062DD0F}" => removed successfully
"HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{BF5CE937-3D45-419A-BB03-FD0F33D50F72}" => removed successfully
"HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{47A3D44B-E46B-475D-88B0-3DF2FFE23C08}" => removed successfully
"HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{086449D5-4FAA-4E76-9EED-1F6DE0E8AD0B}" => removed successfully
"HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{34A7B414-78E4-48FB-A3D5-5F3A10CD94A3}" => removed successfully
"HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{5775BCE4-66B3-4C2C-A361-94595CC4AEB7}" => removed successfully
"HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{164D301B-D816-474E-8930-0D6297BA694E}" => removed successfully
"HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{EB82EDFD-D7BE-437C-9CE5-57E7866DA776}" => removed successfully
 
 
The system needed a reboot.
 
==== End of Fixlog 16:14:46 ====


#10 binder

binder
  • Topic Starter

  • Members
  • 10 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Philippines
  • Local time:03:17 AM

Posted 01 August 2018 - 04:10 AM

https://www.virustotal.com/en/file/962f013599e87ce937f6b6c4a8bc075e64e5e3cf8db0be2c03ebcb24db00d70b/analysis/1533114139/

 

C:\WINDOWS\system32\Notifier.exe  

( cannot find  'Notifier.exe' in the C:\Windows\System32 when i use "choose file" button in VirusTotal URL) 


Edited by binder, 01 August 2018 - 06:58 AM.


#11 binder

binder
  • Topic Starter

  • Members
  • 10 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Philippines
  • Local time:03:17 AM

Posted 01 August 2018 - 04:53 AM

Hi,

 

Camera :

Now camera is working after unistalling and re-booting.

But still wonder what happened? Any advise? So that may be prevented in the future. 

or maybe was it been hacked?

 

 

Wallpaper :

I can't find the wallpaper that changed the one I previously installed in the given link: C:\Users\arlene.mandia\Desktop\ScreenSavers

 

Fyi:

When i reboot a while back i think its for Revo restart, the wallpaper was the one that changed and not the one I installed for my computer.

The second time i reboot - for the camera restart, the wallpaper was already the one that i installed.  

 

Just wonder if this type of changing of wallpaper, especially in re-start could be used to capture passwords?



#12 Gunto

Gunto

    Bleepin' Reject Phoenix


  • Malware Response Team
  • 1,291 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:North Las Vegas, Nevada, USA
  • Local time:12:17 PM

Posted 01 August 2018 - 05:41 PM

Hi,

 

Looking good, and it's great to hear your camera is working again!

 

As for what caused it to break in the first place, I can't say for sure. Like I said, I didn't find anything that looked like it would have harmed your camera, so my best guess is that its device driver got corrupted somehow (not necessarily because of an infection). It happens sometimes. If this ever happens again, try reinstalling it like you did previously.

 

I really do not have the foggiest idea why your wallpaper keeps changing. Some animated screensavers/wallpapers can be used to gather your personal data, because they contain other coding besides being a background. However, please be rest assured that a still image, no matter how much it's changed, cannot be used to capture passwords, and none of the malware I found on your system is generally used for that purpose.

 

I did a little Googling on the problem and found a couple relevant forum topics on other sites. One guy was using an unactivated, pirated copy of Windows 10, but if that doesn't apply to you, then that's not the issue here. You had a lot of abandoned task files that suggested you legitimately upgraded from an older version of Windows. I found another thread of someone who did the same thing, with a few fixes proposed, some of which don't really apply to you. No guarantees that it'll help, but here are the suggestions:

  • Open Start > Settings > Personalization > Background. Make sure the picture you want is currently selected (if it isn't, just browse for it), and make sure the drop-down selection bar under "Background" is set to Picture.
  • After doing this, go back to the main settings page, click Accounts, then Sync your settings, and make sure the setting for Theme is set to off.
  • For good measure, navigate to C:\Users\arlene.mandia\AppData\Roaming\Microsoft\Windows\Themes\CachedFiles and see if any instances of the wallpaper you do not want are in there. If they are, simply delete them.
  • Someone mentioned that using the power-saving mode may cause your wallpaper to spontaneously change. This may not be the cause for everyone though, and if you do use it, you might not be able to afford turning it off. If you'd still like to give this fix a shot, go back to the main settings page, the System, then Power & sleep, and click Additional power settings. Choose either the Balanced or High performance options (although in most cases, the first one will be best).

Someone also mentioned that a program you don't use kept reverting the wallpaper, so it's possible something else you have installed is doing it, but I really don't know what.

 

To be honest, while I was testing out these steps, my color scheme and wallpaper also reverted to old versions while I wasn't even looking, so I'd say it's probable that Windows is just being dumb, rather than malware/hacking. That being said, it's a bit of a mystery as to where the unauthorized picture even came from. Did you maybe download it and forget about it, or is it possible that someone else could have done it (a friend, family member, teacher, etc.)? I think you mentioned to me on Discord that it was one of those nature backgrounds that might come with a computer, but I'm a bit puzzled as to why it was in your ScreenSavers folder and why you can no longer find it.

 

Malwarebytes
 
Now then, I need you to run a scan with Malwarebytes Anti-Malware to check for any leftovers.
  • Download MBAM from here, and save it to your desktop.
  • Double click the installer to run it. During the installation, simply follow the prompts and let the program install. However, if you do not want to start a trial of the full version, please decline, and if offered any external toolbars/programs, feel free to uncheck to install them.
  • On the main interface, click Current next to Updates:, and check for updates. If a new version of MBAM is included in the update, follow the prompts and install it.
  • Once the program is done updating, click Scan at the top of the main interface. Then select the Custom Scan option, and hit the Configure Scan button. On this screen, make sure every box is checked, then start the scan. If there is an update available, allow MBAM to update.
  • Once the scan is finished, click Apply Actions to any found malware. If MBAM asks you to reboot, do so immediately.
  • When done, retrieve the log by clicking Reports on the main interface. Click the log of the scan you just ran, then View Report, then click the Export button, select Copy to Clipboard, and paste it into your reply.
Gunto

Beautiful avatar by Plumbeck!

 

Bury me in honor; when I'm dead and hit the ground, a love back home, it unfolds...


#13 binder

binder
  • Topic Starter

  • Members
  • 10 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Philippines
  • Local time:03:17 AM

Posted 02 August 2018 - 11:19 AM

hi gunto,

 

here's the result of the malwarebytes scanning.

 

Malwarebytes

www.malwarebytes.com

 

-Log Details-

Scan Date: 8/2/18

Scan Time: 9:09 PM

Log File: 497372c8-9655-11e8-a56b-54ee7550a054.json

Administrator: Yes

 

-Software Information-

Version: 3.5.1.2522

Components Version: 1.0.365

Update Package Version: 1.0.6169

License: Trial

 

-System Information-

OS: Windows 10 (Build 17134.112)

CPU: x64

File System: NTFS

User: Lenovo-PC-AAM\arlene.mandia

 

-Scan Summary-

Scan Type: Custom Scan

Scan Initiated By: Manual

Result: Completed

Objects Scanned: 467791

Threats Detected: 178

Threats Quarantined: 178

Time Elapsed: 1 hr, 49 min, 19 sec

 

-Scan Options-

Memory: Enabled

Startup: Enabled

Filesystem: Enabled

Archives: Enabled

Rootkits: Disabled

Heuristics: Enabled

PUP: Detect

PUM: Detect

 

-Scan Details-

Process: 0

(No malicious items detected)

 

Module: 0

(No malicious items detected)

 

Registry Key: 10

PUP.Optional.Yontoo, HKU\S-1-5-21-2204550158-3753436120-1288192212-1001_Classes\LOCAL SETTINGS\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\APPCONTAINER\STORAGE\MICROSOFT.MICROSOFTEDGE_8WEKYB3D8BBWE\CHILDREN\001\INTERNET EXPLORER\EDPDOMSTORAGE\manyresultshub-a.akamaihd.net, Quarantined, [35], [259225],1.0.6169

PUP.Optional.InstallCore, HKU\S-1-5-21-2204550158-3753436120-1288192212-1001\SOFTWARE\ICSW1.14, Quarantined, [399], [239562],1.0.6169

PUP.Optional.InstallCore, HKU\S-1-5-21-2204550158-3753436120-1288192212-1001\SOFTWARE\PRODUCTSETUP, Quarantined, [399], [481004],1.0.6169

PUP.Optional.Yontoo, HKU\S-1-5-21-2204550158-3753436120-1288192212-1001_Classes\LOCAL SETTINGS\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\APPCONTAINER\STORAGE\MICROSOFT.MICROSOFTEDGE_8WEKYB3D8BBWE\CHILDREN\001\INTERNET EXPLORER\DOMSTORAGE\manyresultshub-a.akamaihd.net, Quarantined, [35], [259222],1.0.6169

PUP.Optional.Yontoo, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\INTERNET EXPLORER\SEARCHSCOPES\{91F51ED2-4C4F-4B0D-9709-9A94D2B70947}, Quarantined, [35], [246105],1.0.6169

PUP.Optional.Yontoo, HKU\S-1-5-21-2204550158-3753436120-1288192212-1001\SOFTWARE\MICROSOFT\INTERNET EXPLORER\SEARCHSCOPES\{91F51ED2-4C4F-4B0D-9709-9A94D2B70947}, Quarantined, [35], [246105],1.0.6169

PUP.Optional.Yontoo, HKLM\SOFTWARE\CLASSES\WOW6432NODE\CLSID\{F83D1872-D9FF-47F8-B5A0-49CC51E24EE8}, Quarantined, [35], [160141],1.0.6169

PUP.Optional.Yontoo, HKLM\SOFTWARE\WOW6432NODE\CLASSES\CLSID\{F83D1872-D9FF-47F8-B5A0-49CC51E24EE8}, Quarantined, [35], [160141],1.0.6169

PUP.Optional.ResultsHub, HKU\S-1-5-21-2204550158-3753436120-1288192212-1001\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\EXT\STATS\{BE1A5D83-523D-4A57-BC56-65AFE77FD42A}, Quarantined, [8], [160134],1.0.6169

PUP.Optional.ResultsHub, HKU\S-1-5-21-2204550158-3753436120-1288192212-1001\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\EXT\SETTINGS\{BE1A5D83-523D-4A57-BC56-65AFE77FD42A}, Quarantined, [8], [160134],1.0.6169

 

Registry Value: 6

PUP.Optional.Yontoo, HKU\S-1-5-21-2204550158-3753436120-1288192212-1001\SOFTWARE\MICROSOFT\INTERNET EXPLORER\SEARCHSCOPES|DONOTASKAGAIN, Quarantined, [35], [246380],1.0.6169

PUP.Optional.NotChromeRun, HKU\S-1-5-21-2204550158-3753436120-1288192212-1001\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\RUN|GOOGLECHROMEAUTOLAUNCH_9DABAC5BEB29F7A89F3C2463DE3BB452, Quarantined, [6945], [241243],1.0.6169

PUP.Optional.InstallCore, HKU\S-1-5-21-2204550158-3753436120-1288192212-1001\SOFTWARE\PRODUCTSETUP|TB, Quarantined, [399], [481004],1.0.6169

PUP.Optional.OpinionSquare, HKLM\SOFTWARE\WOW6432NODE\MOZILLA\FIREFOX\EXTENSIONS|{C7AE725D-FA5C-4027-BB4C-787EF9F8248A}, Quarantined, [3168], [241422],1.0.6169

PUP.Optional.Yontoo, HKLM\SOFTWARE\MICROSOFT\INTERNET EXPLORER\SEARCHSCOPES|DONOTASKAGAIN, Quarantined, [35], [246561],1.0.6169

PUP.Optional.Yontoo, HKU\S-1-5-21-2204550158-3753436120-1288192212-1001\SOFTWARE\MICROSOFT\INTERNET EXPLORER\SEARCHSCOPES\{91F51ED2-4C4F-4B0D-9709-9A94D2B70947}|URL, Quarantined, [35], [246105],1.0.6169

 

Registry Data: 0

(No malicious items detected)

 

Data Stream: 0

(No malicious items detected)

 

Folder: 25

PUP.Optional.PremierOpinion, C:\Program Files (x86)\PremierOpinion\components, Quarantined, [2173], [178970],1.0.6169

PUP.Optional.PremierOpinion, C:\Program Files (x86)\PremierOpinion, Quarantined, [2173], [178970],1.0.6169

Adware.PremierOpinion, C:\ProgramData\Microsoft\Windows\Start Menu\Programs\PremierOpinion, Quarantined, [3525], [171825],1.0.6169

PUP.Optional.RelevantKnowledge, C:\Users\arlene.mandia\AppData\Local\Chromium\User Data\Default\Extensions\mkndcbhcgphcfkkddanakjiepeknbgle\1.3.337.4_0, Quarantined, [1245], [180833],1.0.6169

PUP.Optional.RelevantKnowledge, C:\Users\arlene.mandia\AppData\Local\Chromium\User Data\Default\Extensions\mkndcbhcgphcfkkddanakjiepeknbgle, Quarantined, [1245], [180833],1.0.6169

PUP.Optional.WinYahoo, C:\Users\arlene.mandia\AppData\Local\Google\Chrome\User Data\Default\Extensions\bkcjncmijlkmlignahmdgbjldkmfiikg\1.0.18.608_0\newtab\jquery\images, Quarantined, [249], [546418],1.0.6169

PUP.Optional.WinYahoo, C:\Users\arlene.mandia\AppData\Local\Google\Chrome\User Data\Default\Extensions\bkcjncmijlkmlignahmdgbjldkmfiikg\1.0.18.608_0\newtab\images, Quarantined, [249], [546418],1.0.6169

PUP.Optional.WinYahoo, C:\Users\arlene.mandia\AppData\Local\Google\Chrome\User Data\Default\Extensions\bkcjncmijlkmlignahmdgbjldkmfiikg\1.0.18.608_0\newtab\jquery, Quarantined, [249], [546418],1.0.6169

PUP.Optional.WinYahoo, C:\Users\arlene.mandia\AppData\Local\Google\Chrome\User Data\Default\Extensions\bkcjncmijlkmlignahmdgbjldkmfiikg\1.0.18.608_0\newtab\fonts, Quarantined, [249], [546418],1.0.6169

PUP.Optional.WinYahoo, C:\Users\arlene.mandia\AppData\Local\Google\Chrome\User Data\Default\Extensions\bkcjncmijlkmlignahmdgbjldkmfiikg\1.0.18.608_0\newtab\css, Quarantined, [249], [546418],1.0.6169

PUP.Optional.WinYahoo, C:\Users\arlene.mandia\AppData\Local\Google\Chrome\User Data\Default\Extensions\bkcjncmijlkmlignahmdgbjldkmfiikg\1.0.18.608_0\_metadata, Quarantined, [249], [546418],1.0.6169

PUP.Optional.WinYahoo, C:\Users\arlene.mandia\AppData\Local\Google\Chrome\User Data\Default\Extensions\bkcjncmijlkmlignahmdgbjldkmfiikg\1.0.18.608_0\newtab, Quarantined, [249], [546418],1.0.6169

PUP.Optional.WinYahoo, C:\Users\arlene.mandia\AppData\Local\Google\Chrome\User Data\Default\Extensions\bkcjncmijlkmlignahmdgbjldkmfiikg\1.0.18.608_0\icons, Quarantined, [249], [546418],1.0.6169

PUP.Optional.WinYahoo, C:\Users\arlene.mandia\AppData\Local\Google\Chrome\User Data\Default\Extensions\bkcjncmijlkmlignahmdgbjldkmfiikg\1.0.18.608_0, Quarantined, [249], [546418],1.0.6169

PUP.Optional.WinYahoo, C:\USERS\ARLENE.MANDIA\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\Default\Local Extension Settings\bkcjncmijlkmlignahmdgbjldkmfiikg, Quarantined, [249], [546418],1.0.6169

PUP.Optional.WinYahoo, C:\Users\arlene.mandia\AppData\Local\Google\Chrome\User Data\Default\Extensions\bkcjncmijlkmlignahmdgbjldkmfiikg, Quarantined, [249], [546418],1.0.6169

PUP.Optional.ResultsHub, C:\USERS\ARLENE.MANDIA\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\Default\Local Extension Settings\gfeloffoaccpdkflcgmmgeeaklgdhjng, Quarantined, [7], [301971],1.0.6169

PUP.Optional.ResultsHub, C:\Users\arlene.mandia\AppData\Local\Google\Chrome\User Data\Default\Extensions\gfeloffoaccpdkflcgmmgeeaklgdhjng\1.0.6002.4268_0, Quarantined, [7], [301971],1.0.6169

PUP.Optional.ResultsHub, C:\USERS\ARLENE.MANDIA\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\EXTENSIONS\GFELOFFOACCPDKFLCGMMGEEAKLGDHJNG, Quarantined, [7], [301971],1.0.6169

PUP.Optional.MindSpark.Generic, C:\USERS\ARLENE.MANDIA\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\Default\Extensions\kpocjpoifmommoiiiamepombpeoaehfh, Quarantined, [1690], [456842],1.0.6169

PUP.Optional.MindSpark.Generic, C:\Users\arlene.mandia\AppData\Local\Google\Chrome\User Data\Default\Extensions\kpocjpoifmommoiiiamepombpeoaehfh\13.651.13.9321_0\_metadata, Quarantined, [1690], [456842],1.0.6169

PUP.Optional.MindSpark.Generic, C:\Users\arlene.mandia\AppData\Local\Google\Chrome\User Data\Default\Extensions\kpocjpoifmommoiiiamepombpeoaehfh\13.651.13.9321_0\config, Quarantined, [1690], [456842],1.0.6169

PUP.Optional.MindSpark.Generic, C:\Users\arlene.mandia\AppData\Local\Google\Chrome\User Data\Default\Extensions\kpocjpoifmommoiiiamepombpeoaehfh\13.651.13.9321_0\icons, Quarantined, [1690], [456842],1.0.6169

PUP.Optional.MindSpark.Generic, C:\Users\arlene.mandia\AppData\Local\Google\Chrome\User Data\Default\Extensions\kpocjpoifmommoiiiamepombpeoaehfh\13.651.13.9321_0\js, Quarantined, [1690], [456842],1.0.6169

PUP.Optional.MindSpark.Generic, C:\USERS\ARLENE.MANDIA\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\EXTENSIONS\KPOCJPOIFMOMMOIIIAMEPOMBPEOAEHFH\13.651.13.9321_0, Quarantined, [1690], [456842],1.0.6169

 

File: 137

PUP.Optional.Yontoo, C:\DOCUMENTS AND SETTINGS\ALL USERS\NTUSER.POL, Quarantined, [35], [-1],0.0.0

PUP.Optional.Yontoo, C:\PROGRAMDATA\NTUSER.POL, Quarantined, [35], [-1],0.0.0

Adware.Graftor, C:\FRST\QUARANTINE\C\PROGRAM FILES (X86)\PREMIEROPINION\FIREFOX\PMNX.DLL, Quarantined, [9961], [299817],1.0.6169

PUP.Optional.PremierOpinion, C:\Program Files (x86)\PremierOpinion\components\pmxg.dll, Quarantined, [2173], [178970],1.0.6169

PUP.Optional.PremierOpinion, C:\Program Files (x86)\PremierOpinion\chrome.manifest, Quarantined, [2173], [178970],1.0.6169

PUP.Optional.PremierOpinion, C:\Program Files (x86)\PremierOpinion\install.rdf, Quarantined, [2173], [178970],1.0.6169

PUP.Optional.PremierOpinion, C:\Program Files (x86)\PremierOpinion\ncncf.dat, Quarantined, [2173], [178970],1.0.6169

PUP.Optional.PremierOpinion, C:\Program Files (x86)\PremierOpinion\nscf.dat, Quarantined, [2173], [178970],1.0.6169

PUP.Optional.PremierOpinion, C:\Program Files (x86)\PremierOpinion\pmcm.txt, Quarantined, [2173], [178970],1.0.6169

PUP.Optional.PremierOpinion, C:\Program Files (x86)\PremierOpinion\pmoci.bin, Quarantined, [2173], [178970],1.0.6169

PUP.Optional.PremierOpinion, C:\Program Files (x86)\PremierOpinion\pmph.dll, Quarantined, [2173], [178970],1.0.6169

PUP.Optional.PremierOpinion, C:\Program Files (x86)\PremierOpinion\pmropn32.exe, Quarantined, [2173], [178970],1.0.6169

PUP.Optional.PremierOpinion, C:\Program Files (x86)\PremierOpinion\pmxf.dll, Quarantined, [2173], [178970],1.0.6169

PUP.Optional.PremierOpinion, C:\Program Files (x86)\PremierOpinion\readme.txt, Quarantined, [2173], [178970],1.0.6169

PUP.Optional.RelevantKnowledge, C:\Users\arlene.mandia\AppData\Local\Chromium\User Data\Default\Extensions\mkndcbhcgphcfkkddanakjiepeknbgle\1.3.337.4_0\background.js, Quarantined, [1245], [180833],1.0.6169

PUP.Optional.RelevantKnowledge, C:\Users\arlene.mandia\AppData\Local\Chromium\User Data\Default\Extensions\mkndcbhcgphcfkkddanakjiepeknbgle\1.3.337.4_0\contentscript.js, Quarantined, [1245], [180833],1.0.6169

PUP.Optional.RelevantKnowledge, C:\Users\arlene.mandia\AppData\Local\Chromium\User Data\Default\Extensions\mkndcbhcgphcfkkddanakjiepeknbgle\1.3.337.4_0\icon128.png, Quarantined, [1245], [180833],1.0.6169

PUP.Optional.RelevantKnowledge, C:\Users\arlene.mandia\AppData\Local\Chromium\User Data\Default\Extensions\mkndcbhcgphcfkkddanakjiepeknbgle\1.3.337.4_0\icon48.png, Quarantined, [1245], [180833],1.0.6169

PUP.Optional.RelevantKnowledge, C:\Users\arlene.mandia\AppData\Local\Chromium\User Data\Default\Extensions\mkndcbhcgphcfkkddanakjiepeknbgle\1.3.337.4_0\manifest.json, Quarantined, [1245], [180833],1.0.6169

PUP.Optional.WinYahoo, C:\Users\arlene.mandia\AppData\Local\Google\Chrome\User Data\Default\Extensions\bkcjncmijlkmlignahmdgbjldkmfiikg\1.0.18.608_0\icons\128.png, Quarantined, [249], [546418],1.0.6169

PUP.Optional.WinYahoo, C:\Users\arlene.mandia\AppData\Local\Google\Chrome\User Data\Default\Extensions\bkcjncmijlkmlignahmdgbjldkmfiikg\1.0.18.608_0\icons\16.png, Quarantined, [249], [546418],1.0.6169

PUP.Optional.WinYahoo, C:\Users\arlene.mandia\AppData\Local\Google\Chrome\User Data\Default\Extensions\bkcjncmijlkmlignahmdgbjldkmfiikg\1.0.18.608_0\icons\32.png, Quarantined, [249], [546418],1.0.6169

PUP.Optional.WinYahoo, C:\Users\arlene.mandia\AppData\Local\Google\Chrome\User Data\Default\Extensions\bkcjncmijlkmlignahmdgbjldkmfiikg\1.0.18.608_0\icons\48.png, Quarantined, [249], [546418],1.0.6169

PUP.Optional.WinYahoo, C:\Users\arlene.mandia\AppData\Local\Google\Chrome\User Data\Default\Extensions\bkcjncmijlkmlignahmdgbjldkmfiikg\1.0.18.608_0\newtab\css\font-awesome.css, Quarantined, [249], [546418],1.0.6169

PUP.Optional.WinYahoo, C:\Users\arlene.mandia\AppData\Local\Google\Chrome\User Data\Default\Extensions\bkcjncmijlkmlignahmdgbjldkmfiikg\1.0.18.608_0\newtab\fonts\fontawesome-webfont.eot, Quarantined, [249], [546418],1.0.6169

PUP.Optional.WinYahoo, C:\Users\arlene.mandia\AppData\Local\Google\Chrome\User Data\Default\Extensions\bkcjncmijlkmlignahmdgbjldkmfiikg\1.0.18.608_0\newtab\fonts\fontawesome-webfont.svg, Quarantined, [249], [546418],1.0.6169

PUP.Optional.WinYahoo, C:\Users\arlene.mandia\AppData\Local\Google\Chrome\User Data\Default\Extensions\bkcjncmijlkmlignahmdgbjldkmfiikg\1.0.18.608_0\newtab\fonts\fontawesome-webfont.ttf, Quarantined, [249], [546418],1.0.6169

PUP.Optional.WinYahoo, C:\Users\arlene.mandia\AppData\Local\Google\Chrome\User Data\Default\Extensions\bkcjncmijlkmlignahmdgbjldkmfiikg\1.0.18.608_0\newtab\fonts\fontawesome-webfont.woff, Quarantined, [249], [546418],1.0.6169

PUP.Optional.WinYahoo, C:\Users\arlene.mandia\AppData\Local\Google\Chrome\User Data\Default\Extensions\bkcjncmijlkmlignahmdgbjldkmfiikg\1.0.18.608_0\newtab\fonts\fontawesome-webfont.woff2, Quarantined, [249], [546418],1.0.6169

PUP.Optional.WinYahoo, C:\Users\arlene.mandia\AppData\Local\Google\Chrome\User Data\Default\Extensions\bkcjncmijlkmlignahmdgbjldkmfiikg\1.0.18.608_0\newtab\images\c-arrow.png, Quarantined, [249], [546418],1.0.6169

PUP.Optional.WinYahoo, C:\Users\arlene.mandia\AppData\Local\Google\Chrome\User Data\Default\Extensions\bkcjncmijlkmlignahmdgbjldkmfiikg\1.0.18.608_0\newtab\images\dropbox.png, Quarantined, [249], [546418],1.0.6169

PUP.Optional.WinYahoo, C:\Users\arlene.mandia\AppData\Local\Google\Chrome\User Data\Default\Extensions\bkcjncmijlkmlignahmdgbjldkmfiikg\1.0.18.608_0\newtab\images\evernote.png, Quarantined, [249], [546418],1.0.6169

PUP.Optional.WinYahoo, C:\Users\arlene.mandia\AppData\Local\Google\Chrome\User Data\Default\Extensions\bkcjncmijlkmlignahmdgbjldkmfiikg\1.0.18.608_0\newtab\images\facebook.png, Quarantined, [249], [546418],1.0.6169

PUP.Optional.WinYahoo, C:\Users\arlene.mandia\AppData\Local\Google\Chrome\User Data\Default\Extensions\bkcjncmijlkmlignahmdgbjldkmfiikg\1.0.18.608_0\newtab\images\giki.png, Quarantined, [249], [546418],1.0.6169

PUP.Optional.WinYahoo, C:\Users\arlene.mandia\AppData\Local\Google\Chrome\User Data\Default\Extensions\bkcjncmijlkmlignahmdgbjldkmfiikg\1.0.18.608_0\newtab\images\google.png, Quarantined, [249], [546418],1.0.6169

PUP.Optional.WinYahoo, C:\Users\arlene.mandia\AppData\Local\Google\Chrome\User Data\Default\Extensions\bkcjncmijlkmlignahmdgbjldkmfiikg\1.0.18.608_0\newtab\images\instargram.png, Quarantined, [249], [546418],1.0.6169

PUP.Optional.WinYahoo, C:\Users\arlene.mandia\AppData\Local\Google\Chrome\User Data\Default\Extensions\bkcjncmijlkmlignahmdgbjldkmfiikg\1.0.18.608_0\newtab\images\linkin.png, Quarantined, [249], [546418],1.0.6169

PUP.Optional.WinYahoo, C:\Users\arlene.mandia\AppData\Local\Google\Chrome\User Data\Default\Extensions\bkcjncmijlkmlignahmdgbjldkmfiikg\1.0.18.608_0\newtab\images\logo.png, Quarantined, [249], [546418],1.0.6169

PUP.Optional.WinYahoo, C:\Users\arlene.mandia\AppData\Local\Google\Chrome\User Data\Default\Extensions\bkcjncmijlkmlignahmdgbjldkmfiikg\1.0.18.608_0\newtab\images\map-bg.jpg, Quarantined, [249], [546418],1.0.6169

PUP.Optional.WinYahoo, C:\Users\arlene.mandia\AppData\Local\Google\Chrome\User Data\Default\Extensions\bkcjncmijlkmlignahmdgbjldkmfiikg\1.0.18.608_0\newtab\images\mt_logo.png, Quarantined, [249], [546418],1.0.6169

PUP.Optional.WinYahoo, C:\Users\arlene.mandia\AppData\Local\Google\Chrome\User Data\Default\Extensions\bkcjncmijlkmlignahmdgbjldkmfiikg\1.0.18.608_0\newtab\images\mt_logo_gray.png, Quarantined, [249], [546418],1.0.6169

PUP.Optional.WinYahoo, C:\Users\arlene.mandia\AppData\Local\Google\Chrome\User Data\Default\Extensions\bkcjncmijlkmlignahmdgbjldkmfiikg\1.0.18.608_0\newtab\images\pb_yahoo.png, Quarantined, [249], [546418],1.0.6169

PUP.Optional.WinYahoo, C:\Users\arlene.mandia\AppData\Local\Google\Chrome\User Data\Default\Extensions\bkcjncmijlkmlignahmdgbjldkmfiikg\1.0.18.608_0\newtab\images\pinterest.png, Quarantined, [249], [546418],1.0.6169

PUP.Optional.WinYahoo, C:\Users\arlene.mandia\AppData\Local\Google\Chrome\User Data\Default\Extensions\bkcjncmijlkmlignahmdgbjldkmfiikg\1.0.18.608_0\newtab\images\tumbler.png, Quarantined, [249], [546418],1.0.6169

PUP.Optional.WinYahoo, C:\Users\arlene.mandia\AppData\Local\Google\Chrome\User Data\Default\Extensions\bkcjncmijlkmlignahmdgbjldkmfiikg\1.0.18.608_0\newtab\images\twitter.png, Quarantined, [249], [546418],1.0.6169

PUP.Optional.WinYahoo, C:\Users\arlene.mandia\AppData\Local\Google\Chrome\User Data\Default\Extensions\bkcjncmijlkmlignahmdgbjldkmfiikg\1.0.18.608_0\newtab\images\wiki.png, Quarantined, [249], [546418],1.0.6169

PUP.Optional.WinYahoo, C:\Users\arlene.mandia\AppData\Local\Google\Chrome\User Data\Default\Extensions\bkcjncmijlkmlignahmdgbjldkmfiikg\1.0.18.608_0\newtab\images\yahoo.png, Quarantined, [249], [546418],1.0.6169

PUP.Optional.WinYahoo, C:\Users\arlene.mandia\AppData\Local\Google\Chrome\User Data\Default\Extensions\bkcjncmijlkmlignahmdgbjldkmfiikg\1.0.18.608_0\newtab\images\youtube.png, Quarantined, [249], [546418],1.0.6169

PUP.Optional.WinYahoo, C:\Users\arlene.mandia\AppData\Local\Google\Chrome\User Data\Default\Extensions\bkcjncmijlkmlignahmdgbjldkmfiikg\1.0.18.608_0\newtab\jquery\images\ui-bg_flat_0_aaaaaa_40x100.png, Quarantined, [249], [546418],1.0.6169

PUP.Optional.WinYahoo, C:\Users\arlene.mandia\AppData\Local\Google\Chrome\User Data\Default\Extensions\bkcjncmijlkmlignahmdgbjldkmfiikg\1.0.18.608_0\newtab\jquery\images\ui-bg_flat_75_ffffff_40x100.png, Quarantined, [249], [546418],1.0.6169

PUP.Optional.WinYahoo, C:\Users\arlene.mandia\AppData\Local\Google\Chrome\User Data\Default\Extensions\bkcjncmijlkmlignahmdgbjldkmfiikg\1.0.18.608_0\newtab\jquery\images\ui-bg_glass_55_fbf9ee_1x400.png, Quarantined, [249], [546418],1.0.6169

PUP.Optional.WinYahoo, C:\Users\arlene.mandia\AppData\Local\Google\Chrome\User Data\Default\Extensions\bkcjncmijlkmlignahmdgbjldkmfiikg\1.0.18.608_0\newtab\jquery\images\ui-bg_glass_65_ffffff_1x400.png, Quarantined, [249], [546418],1.0.6169

PUP.Optional.WinYahoo, C:\Users\arlene.mandia\AppData\Local\Google\Chrome\User Data\Default\Extensions\bkcjncmijlkmlignahmdgbjldkmfiikg\1.0.18.608_0\newtab\jquery\images\ui-bg_glass_75_dadada_1x400.png, Quarantined, [249], [546418],1.0.6169

PUP.Optional.WinYahoo, C:\Users\arlene.mandia\AppData\Local\Google\Chrome\User Data\Default\Extensions\bkcjncmijlkmlignahmdgbjldkmfiikg\1.0.18.608_0\newtab\jquery\images\ui-bg_glass_75_e6e6e6_1x400.png, Quarantined, [249], [546418],1.0.6169

PUP.Optional.WinYahoo, C:\Users\arlene.mandia\AppData\Local\Google\Chrome\User Data\Default\Extensions\bkcjncmijlkmlignahmdgbjldkmfiikg\1.0.18.608_0\newtab\jquery\images\ui-bg_glass_95_fef1ec_1x400.png, Quarantined, [249], [546418],1.0.6169

PUP.Optional.WinYahoo, C:\Users\arlene.mandia\AppData\Local\Google\Chrome\User Data\Default\Extensions\bkcjncmijlkmlignahmdgbjldkmfiikg\1.0.18.608_0\newtab\jquery\images\ui-bg_highlight-soft_75_cccccc_1x100.png, Quarantined, [249], [546418],1.0.6169

PUP.Optional.WinYahoo, C:\Users\arlene.mandia\AppData\Local\Google\Chrome\User Data\Default\Extensions\bkcjncmijlkmlignahmdgbjldkmfiikg\1.0.18.608_0\newtab\jquery\images\ui-icons_222222_256x240.png, Quarantined, [249], [546418],1.0.6169

PUP.Optional.WinYahoo, C:\Users\arlene.mandia\AppData\Local\Google\Chrome\User Data\Default\Extensions\bkcjncmijlkmlignahmdgbjldkmfiikg\1.0.18.608_0\newtab\jquery\images\ui-icons_2e83ff_256x240.png, Quarantined, [249], [546418],1.0.6169

PUP.Optional.WinYahoo, C:\Users\arlene.mandia\AppData\Local\Google\Chrome\User Data\Default\Extensions\bkcjncmijlkmlignahmdgbjldkmfiikg\1.0.18.608_0\newtab\jquery\images\ui-icons_454545_256x240.png, Quarantined, [249], [546418],1.0.6169

PUP.Optional.WinYahoo, C:\Users\arlene.mandia\AppData\Local\Google\Chrome\User Data\Default\Extensions\bkcjncmijlkmlignahmdgbjldkmfiikg\1.0.18.608_0\newtab\jquery\images\ui-icons_888888_256x240.png, Quarantined, [249], [546418],1.0.6169

PUP.Optional.WinYahoo, C:\Users\arlene.mandia\AppData\Local\Google\Chrome\User Data\Default\Extensions\bkcjncmijlkmlignahmdgbjldkmfiikg\1.0.18.608_0\newtab\jquery\images\ui-icons_cd0a0a_256x240.png, Quarantined, [249], [546418],1.0.6169

PUP.Optional.WinYahoo, C:\Users\arlene.mandia\AppData\Local\Google\Chrome\User Data\Default\Extensions\bkcjncmijlkmlignahmdgbjldkmfiikg\1.0.18.608_0\newtab\jquery\jquery-3.2.1.min.js, Quarantined, [249], [546418],1.0.6169

PUP.Optional.WinYahoo, C:\Users\arlene.mandia\AppData\Local\Google\Chrome\User Data\Default\Extensions\bkcjncmijlkmlignahmdgbjldkmfiikg\1.0.18.608_0\newtab\jquery\jquery-ui.css, Quarantined, [249], [546418],1.0.6169

PUP.Optional.WinYahoo, C:\Users\arlene.mandia\AppData\Local\Google\Chrome\User Data\Default\Extensions\bkcjncmijlkmlignahmdgbjldkmfiikg\1.0.18.608_0\newtab\jquery\jquery-ui.js, Quarantined, [249], [546418],1.0.6169

PUP.Optional.WinYahoo, C:\Users\arlene.mandia\AppData\Local\Google\Chrome\User Data\Default\Extensions\bkcjncmijlkmlignahmdgbjldkmfiikg\1.0.18.608_0\newtab\analytics.js, Quarantined, [249], [546418],1.0.6169

PUP.Optional.WinYahoo, C:\Users\arlene.mandia\AppData\Local\Google\Chrome\User Data\Default\Extensions\bkcjncmijlkmlignahmdgbjldkmfiikg\1.0.18.608_0\newtab\autocomplete.js, Quarantined, [249], [546418],1.0.6169

PUP.Optional.WinYahoo, C:\Users\arlene.mandia\AppData\Local\Google\Chrome\User Data\Default\Extensions\bkcjncmijlkmlignahmdgbjldkmfiikg\1.0.18.608_0\newtab\blank.css, Quarantined, [249], [546418],1.0.6169

PUP.Optional.WinYahoo, C:\Users\arlene.mandia\AppData\Local\Google\Chrome\User Data\Default\Extensions\bkcjncmijlkmlignahmdgbjldkmfiikg\1.0.18.608_0\newtab\blank.html, Quarantined, [249], [546418],1.0.6169

PUP.Optional.WinYahoo, C:\Users\arlene.mandia\AppData\Local\Google\Chrome\User Data\Default\Extensions\bkcjncmijlkmlignahmdgbjldkmfiikg\1.0.18.608_0\newtab\blank.js, Quarantined, [249], [546418],1.0.6169

PUP.Optional.WinYahoo, C:\Users\arlene.mandia\AppData\Local\Google\Chrome\User Data\Default\Extensions\bkcjncmijlkmlignahmdgbjldkmfiikg\1.0.18.608_0\_metadata\computed_hashes.json, Quarantined, [249], [546418],1.0.6169

PUP.Optional.WinYahoo, C:\Users\arlene.mandia\AppData\Local\Google\Chrome\User Data\Default\Extensions\bkcjncmijlkmlignahmdgbjldkmfiikg\1.0.18.608_0\_metadata\verified_contents.json, Quarantined, [249], [546418],1.0.6169

PUP.Optional.WinYahoo, C:\Users\arlene.mandia\AppData\Local\Google\Chrome\User Data\Default\Extensions\bkcjncmijlkmlignahmdgbjldkmfiikg\1.0.18.608_0\background.js, Quarantined, [249], [546418],1.0.6169

PUP.Optional.WinYahoo, C:\Users\arlene.mandia\AppData\Local\Google\Chrome\User Data\Default\Extensions\bkcjncmijlkmlignahmdgbjldkmfiikg\1.0.18.608_0\content.js, Quarantined, [249], [546418],1.0.6169

PUP.Optional.WinYahoo, C:\Users\arlene.mandia\AppData\Local\Google\Chrome\User Data\Default\Extensions\bkcjncmijlkmlignahmdgbjldkmfiikg\1.0.18.608_0\manifest.json, Quarantined, [249], [546418],1.0.6169

PUP.Optional.WinYahoo, C:\Users\arlene.mandia\AppData\Local\Google\Chrome\User Data\Default\Extensions\bkcjncmijlkmlignahmdgbjldkmfiikg\1.0.18.608_0\tyContent.js, Quarantined, [249], [546418],1.0.6169

PUP.Optional.WinYahoo, C:\Users\arlene.mandia\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\bkcjncmijlkmlignahmdgbjldkmfiikg\000003.log, Quarantined, [249], [546418],1.0.6169

PUP.Optional.WinYahoo, C:\Users\arlene.mandia\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\bkcjncmijlkmlignahmdgbjldkmfiikg\CURRENT, Quarantined, [249], [546418],1.0.6169

PUP.Optional.WinYahoo, C:\Users\arlene.mandia\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\bkcjncmijlkmlignahmdgbjldkmfiikg\LOCK, Quarantined, [249], [546418],1.0.6169

PUP.Optional.WinYahoo, C:\Users\arlene.mandia\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\bkcjncmijlkmlignahmdgbjldkmfiikg\LOG, Quarantined, [249], [546418],1.0.6169

PUP.Optional.WinYahoo, C:\Users\arlene.mandia\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\bkcjncmijlkmlignahmdgbjldkmfiikg\LOG.old, Quarantined, [249], [546418],1.0.6169

PUP.Optional.WinYahoo, C:\Users\arlene.mandia\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\bkcjncmijlkmlignahmdgbjldkmfiikg\MANIFEST-000001, Quarantined, [249], [546418],1.0.6169

PUP.Optional.WinYahoo, C:\USERS\ARLENE.MANDIA\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\Default\Secure Preferences, Replaced, [249], [546418],1.0.6169

PUP.Optional.WinYahoo, C:\USERS\ARLENE.MANDIA\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\Default\Preferences, Replaced, [249], [546418],1.0.6169

PUP.Optional.Yontoo, C:\USERS\ARLENE.MANDIA\APPDATA\LOCAL\CHROMIUM\USER DATA\DEFAULT\LOCAL STORAGE\HTTPS_MANYRESULTSHUB-A.AKAMAIHD.NET_0.LOCALSTORAGE, Quarantined, [35], [248776],1.0.6169

PUP.Optional.Yontoo, C:\USERS\ARLENE.MANDIA\APPDATA\LOCAL\CHROMIUM\USER DATA\DEFAULT\LOCAL STORAGE\HTTPS_MANYRESULTSHUB-A.AKAMAIHD.NET_0.LOCALSTORAGE-JOURNAL, Quarantined, [35], [248776],1.0.6169

PUP.Optional.ResultsHub, C:\Users\arlene.mandia\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\gfeloffoaccpdkflcgmmgeeaklgdhjng\001095.log, Quarantined, [7], [301971],1.0.6169

PUP.Optional.ResultsHub, C:\Users\arlene.mandia\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\gfeloffoaccpdkflcgmmgeeaklgdhjng\001097.ldb, Quarantined, [7], [301971],1.0.6169

PUP.Optional.ResultsHub, C:\Users\arlene.mandia\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\gfeloffoaccpdkflcgmmgeeaklgdhjng\CURRENT, Quarantined, [7], [301971],1.0.6169

PUP.Optional.ResultsHub, C:\Users\arlene.mandia\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\gfeloffoaccpdkflcgmmgeeaklgdhjng\LOCK, Quarantined, [7], [301971],1.0.6169

PUP.Optional.ResultsHub, C:\Users\arlene.mandia\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\gfeloffoaccpdkflcgmmgeeaklgdhjng\LOG, Quarantined, [7], [301971],1.0.6169

PUP.Optional.ResultsHub, C:\Users\arlene.mandia\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\gfeloffoaccpdkflcgmmgeeaklgdhjng\LOG.old, Quarantined, [7], [301971],1.0.6169

PUP.Optional.ResultsHub, C:\Users\arlene.mandia\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\gfeloffoaccpdkflcgmmgeeaklgdhjng\MANIFEST-000001, Quarantined, [7], [301971],1.0.6169

PUP.Optional.ResultsHub, C:\USERS\ARLENE.MANDIA\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\Default\Secure Preferences, Replaced, [7], [301971],1.0.6169

PUP.Optional.ResultsHub, C:\USERS\ARLENE.MANDIA\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\Default\Preferences, Replaced, [7], [301971],1.0.6169

PUP.Optional.ResultsHub, C:\USERS\ARLENE.MANDIA\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\EXTENSIONS\GFELOFFOACCPDKFLCGMMGEEAKLGDHJNG\1.0.6002.4268_0\MANIFEST.JSON, Quarantined, [7], [301971],1.0.6169

PUP.Optional.ResultsHub, C:\Users\arlene.mandia\AppData\Local\Google\Chrome\User Data\Default\Extensions\gfeloffoaccpdkflcgmmgeeaklgdhjng\1.0.6002.4268_0\background.js, Quarantined, [7], [301971],1.0.6169

PUP.Optional.ResultsHub, C:\Users\arlene.mandia\AppData\Local\Google\Chrome\User Data\Default\Extensions\gfeloffoaccpdkflcgmmgeeaklgdhjng\1.0.6002.4268_0\content.js, Quarantined, [7], [301971],1.0.6169

PUP.Optional.ResultsHub, C:\Users\arlene.mandia\AppData\Local\Google\Chrome\User Data\Default\Extensions\gfeloffoaccpdkflcgmmgeeaklgdhjng\1.0.6002.4268_0\icon.png, Quarantined, [7], [301971],1.0.6169

PUP.Optional.MindSpark.Generic, C:\USERS\ARLENE.MANDIA\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\Default\Secure Preferences, Replaced, [1690], [456842],1.0.6169

PUP.Optional.MindSpark.Generic, C:\USERS\ARLENE.MANDIA\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\Default\Preferences, Replaced, [1690], [456842],1.0.6169

PUP.Optional.MindSpark.Generic, C:\USERS\ARLENE.MANDIA\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\EXTENSIONS\KPOCJPOIFMOMMOIIIAMEPOMBPEOAEHFH\13.651.13.9321_0\CONFIG\CONFIG.JSON, Quarantined, [1690], [456842],1.0.6169

PUP.Optional.MindSpark.Generic, C:\Users\arlene.mandia\AppData\Local\Google\Chrome\User Data\Default\Extensions\kpocjpoifmommoiiiamepombpeoaehfh\13.651.13.9321_0\icons\icon128.png, Quarantined, [1690], [456842],1.0.6169

PUP.Optional.MindSpark.Generic, C:\Users\arlene.mandia\AppData\Local\Google\Chrome\User Data\Default\Extensions\kpocjpoifmommoiiiamepombpeoaehfh\13.651.13.9321_0\icons\icon16.png, Quarantined, [1690], [456842],1.0.6169

PUP.Optional.MindSpark.Generic, C:\Users\arlene.mandia\AppData\Local\Google\Chrome\User Data\Default\Extensions\kpocjpoifmommoiiiamepombpeoaehfh\13.651.13.9321_0\icons\icon19disabled.png, Quarantined, [1690], [456842],1.0.6169

PUP.Optional.MindSpark.Generic, C:\Users\arlene.mandia\AppData\Local\Google\Chrome\User Data\Default\Extensions\kpocjpoifmommoiiiamepombpeoaehfh\13.651.13.9321_0\icons\icon19on.png, Quarantined, [1690], [456842],1.0.6169

PUP.Optional.MindSpark.Generic, C:\Users\arlene.mandia\AppData\Local\Google\Chrome\User Data\Default\Extensions\kpocjpoifmommoiiiamepombpeoaehfh\13.651.13.9321_0\icons\icon48.png, Quarantined, [1690], [456842],1.0.6169

PUP.Optional.MindSpark.Generic, C:\Users\arlene.mandia\AppData\Local\Google\Chrome\User Data\Default\Extensions\kpocjpoifmommoiiiamepombpeoaehfh\13.651.13.9321_0\js\ajax.js, Quarantined, [1690], [456842],1.0.6169

PUP.Optional.MindSpark.Generic, C:\Users\arlene.mandia\AppData\Local\Google\Chrome\User Data\Default\Extensions\kpocjpoifmommoiiiamepombpeoaehfh\13.651.13.9321_0\js\background.js, Quarantined, [1690], [456842],1.0.6169

PUP.Optional.MindSpark.Generic, C:\Users\arlene.mandia\AppData\Local\Google\Chrome\User Data\Default\Extensions\kpocjpoifmommoiiiamepombpeoaehfh\13.651.13.9321_0\js\chrome.js, Quarantined, [1690], [456842],1.0.6169

PUP.Optional.MindSpark.Generic, C:\Users\arlene.mandia\AppData\Local\Google\Chrome\User Data\Default\Extensions\kpocjpoifmommoiiiamepombpeoaehfh\13.651.13.9321_0\js\content_script.js, Quarantined, [1690], [456842],1.0.6169

PUP.Optional.MindSpark.Generic, C:\Users\arlene.mandia\AppData\Local\Google\Chrome\User Data\Default\Extensions\kpocjpoifmommoiiiamepombpeoaehfh\13.651.13.9321_0\js\dlp.js, Quarantined, [1690], [456842],1.0.6169

PUP.Optional.MindSpark.Generic, C:\Users\arlene.mandia\AppData\Local\Google\Chrome\User Data\Default\Extensions\kpocjpoifmommoiiiamepombpeoaehfh\13.651.13.9321_0\js\dlpHelper.js, Quarantined, [1690], [456842],1.0.6169

PUP.Optional.MindSpark.Generic, C:\Users\arlene.mandia\AppData\Local\Google\Chrome\User Data\Default\Extensions\kpocjpoifmommoiiiamepombpeoaehfh\13.651.13.9321_0\js\extension_detect.js, Quarantined, [1690], [456842],1.0.6169

PUP.Optional.MindSpark.Generic, C:\Users\arlene.mandia\AppData\Local\Google\Chrome\User Data\Default\Extensions\kpocjpoifmommoiiiamepombpeoaehfh\13.651.13.9321_0\js\genericLoadRemoteSettings.js, Quarantined, [1690], [456842],1.0.6169

PUP.Optional.MindSpark.Generic, C:\Users\arlene.mandia\AppData\Local\Google\Chrome\User Data\Default\Extensions\kpocjpoifmommoiiiamepombpeoaehfh\13.651.13.9321_0\js\index.js, Quarantined, [1690], [456842],1.0.6169

PUP.Optional.MindSpark.Generic, C:\Users\arlene.mandia\AppData\Local\Google\Chrome\User Data\Default\Extensions\kpocjpoifmommoiiiamepombpeoaehfh\13.651.13.9321_0\js\initOfferCEF.js, Quarantined, [1690], [456842],1.0.6169

PUP.Optional.MindSpark.Generic, C:\Users\arlene.mandia\AppData\Local\Google\Chrome\User Data\Default\Extensions\kpocjpoifmommoiiiamepombpeoaehfh\13.651.13.9321_0\js\logger.js, Quarantined, [1690], [456842],1.0.6169

PUP.Optional.MindSpark.Generic, C:\Users\arlene.mandia\AppData\Local\Google\Chrome\User Data\Default\Extensions\kpocjpoifmommoiiiamepombpeoaehfh\13.651.13.9321_0\js\offerService.js, Quarantined, [1690], [456842],1.0.6169

PUP.Optional.MindSpark.Generic, C:\Users\arlene.mandia\AppData\Local\Google\Chrome\User Data\Default\Extensions\kpocjpoifmommoiiiamepombpeoaehfh\13.651.13.9321_0\js\pageUtils.js, Quarantined, [1690], [456842],1.0.6169

PUP.Optional.MindSpark.Generic, C:\Users\arlene.mandia\AppData\Local\Google\Chrome\User Data\Default\Extensions\kpocjpoifmommoiiiamepombpeoaehfh\13.651.13.9321_0\js\PartnerId.js, Quarantined, [1690], [456842],1.0.6169

PUP.Optional.MindSpark.Generic, C:\Users\arlene.mandia\AppData\Local\Google\Chrome\User Data\Default\Extensions\kpocjpoifmommoiiiamepombpeoaehfh\13.651.13.9321_0\js\product.js, Quarantined, [1690], [456842],1.0.6169

PUP.Optional.MindSpark.Generic, C:\Users\arlene.mandia\AppData\Local\Google\Chrome\User Data\Default\Extensions\kpocjpoifmommoiiiamepombpeoaehfh\13.651.13.9321_0\js\storage.js, Quarantined, [1690], [456842],1.0.6169

PUP.Optional.MindSpark.Generic, C:\Users\arlene.mandia\AppData\Local\Google\Chrome\User Data\Default\Extensions\kpocjpoifmommoiiiamepombpeoaehfh\13.651.13.9321_0\js\TabManager.js, Quarantined, [1690], [456842],1.0.6169

PUP.Optional.MindSpark.Generic, C:\Users\arlene.mandia\AppData\Local\Google\Chrome\User Data\Default\Extensions\kpocjpoifmommoiiiamepombpeoaehfh\13.651.13.9321_0\js\TemplateParser.js, Quarantined, [1690], [456842],1.0.6169

PUP.Optional.MindSpark.Generic, C:\Users\arlene.mandia\AppData\Local\Google\Chrome\User Data\Default\Extensions\kpocjpoifmommoiiiamepombpeoaehfh\13.651.13.9321_0\js\ul.js, Quarantined, [1690], [456842],1.0.6169

PUP.Optional.MindSpark.Generic, C:\Users\arlene.mandia\AppData\Local\Google\Chrome\User Data\Default\Extensions\kpocjpoifmommoiiiamepombpeoaehfh\13.651.13.9321_0\js\urlFragmentActions.js, Quarantined, [1690], [456842],1.0.6169

PUP.Optional.MindSpark.Generic, C:\Users\arlene.mandia\AppData\Local\Google\Chrome\User Data\Default\Extensions\kpocjpoifmommoiiiamepombpeoaehfh\13.651.13.9321_0\js\urlUtils.js, Quarantined, [1690], [456842],1.0.6169

PUP.Optional.MindSpark.Generic, C:\Users\arlene.mandia\AppData\Local\Google\Chrome\User Data\Default\Extensions\kpocjpoifmommoiiiamepombpeoaehfh\13.651.13.9321_0\js\util.js, Quarantined, [1690], [456842],1.0.6169

PUP.Optional.MindSpark.Generic, C:\Users\arlene.mandia\AppData\Local\Google\Chrome\User Data\Default\Extensions\kpocjpoifmommoiiiamepombpeoaehfh\13.651.13.9321_0\js\webtooltabAPI.js, Quarantined, [1690], [456842],1.0.6169

PUP.Optional.MindSpark.Generic, C:\Users\arlene.mandia\AppData\Local\Google\Chrome\User Data\Default\Extensions\kpocjpoifmommoiiiamepombpeoaehfh\13.651.13.9321_0\_metadata\verified_contents.json, Quarantined, [1690], [456842],1.0.6169

PUP.Optional.MindSpark.Generic, C:\Users\arlene.mandia\AppData\Local\Google\Chrome\User Data\Default\Extensions\kpocjpoifmommoiiiamepombpeoaehfh\13.651.13.9321_0\manifest.json, Quarantined, [1690], [456842],1.0.6169

PUP.Optional.MindSpark.Generic, C:\Users\arlene.mandia\AppData\Local\Google\Chrome\User Data\Default\Extensions\kpocjpoifmommoiiiamepombpeoaehfh\13.651.13.9321_0\newtabproduct.html, Quarantined, [1690], [456842],1.0.6169

PUP.Optional.MindSpark.Generic, C:\Users\arlene.mandia\AppData\Local\Google\Chrome\User Data\Default\Extensions\kpocjpoifmommoiiiamepombpeoaehfh\13.651.13.9321_0\stubby.html, Quarantined, [1690], [456842],1.0.6169

PUP.Optional.MindSpark, C:\USERS\ARLENE.MANDIA\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\LOCAL STORAGE\CHROME-EXTENSION_KPOCJPOIFMOMMOIIIAMEPOMBPEOAEHFH_0.LOCALSTORAGE-JOURNAL, Quarantined, [541], [368614],1.0.6169

PUP.Optional.MindSpark, C:\USERS\ARLENE.MANDIA\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\LOCAL STORAGE\CHROME-EXTENSION_KPOCJPOIFMOMMOIIIAMEPOMBPEOAEHFH_0.LOCALSTORAGE, Quarantined, [541], [368614],1.0.6169

PUP.Optional.SpyHunter, C:\USERS\ARLENE.MANDIA\DOWNLOADS\SPYHUNTER-INSTALLER.EXE, Quarantined, [5233], [433139],1.0.6169

PUP.Optional.SpyHunter, C:\USERS\ARLENE.MANDIA\DOWNLOADS\SPYHUNTER-INSTALLER (1).EXE, Quarantined, [5233], [433139],1.0.6169

 

Physical Sector: 0

(No malicious items detected)

 

WMI: 0

(No malicious items detected)

 

 

(end)



#14 Gunto

Gunto

    Bleepin' Reject Phoenix


  • Malware Response Team
  • 1,291 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:North Las Vegas, Nevada, USA
  • Local time:12:17 PM

Posted 02 August 2018 - 12:38 PM

Hi,

 

Looks good!

 

Assuming you have no further issues or questions... congrats! Your computer looks free of malware! :woot:

 
However, we'll need to clean up some of the tools we used to make it that way.
  • Download DelFix from here, and save it to your desktop.
  • Double click the file to run it. On the main screen, make sure the following options are checked:
Remove disinfection tools
Purge system restore
Click the Run button after ensuring the above options are selected.
  • Once the program is done running, a log will pop up. Please copy and paste it into your final reply.
Here are some steps to help you from getting infected again.
 
Keep all of your software updated. This is especially true for your antivirus. Keeping your software up-to-date is one of the most important steps to keeping malware out of your system. Old versions of many different programs have security vulnerabilities that malware targets to infect your system, whereas many of these would be fixed in updates. In addition to that, outdated definitions for your antivirus (and other security programs) may fail to detect newer malware that has since been added to the database. For new software version updates, I recommend FileHippo App Manager. However, FH doesn't find all updates, so be sure to manually check for updates as well.
 
Browse safely. Much of the time, malware gets in because the user isn't cautious. Examples of safe browsing include:
  • Don't open emails from people you don't know, especially if it has an attachment. Files (especially those with a .bat, .com, .exe or .scr extension) should never be trusted unless you know for a fact that you can trust the source. You should also be careful with these files even from friends, since their emails might actually be from bots using their addresses.
  • Don't install things that you don't trust. For example, some websites will ask you to install programs in order to use a certain functionality, especially supposed updates to programs such as Flash and Java. If your software is up-to-date, it's probably a fake.
  • In addition to the above, be careful even when installing programs that you recognize. Sometimes, programs will install other software when a user doesn't pay attention, so always make sure to decline offers for programs you don't want or recognize. A good way to do this is to select the "custom installation" option if it is offered.
  • Avoid pirated software, as well as programs used for this purpose, like keygens and torrenting software. Pirated programs are a major way that malware can get into your system, posing as a free version of a legitimate paid program. Even if they work as they are supposed to, infections may be silently running in the background, which may in turn be downloading more malware. Torrenting software and similar programs, even when not being used for illegal purposes, can also be exploited to infect you.
Happy browsing! :)
 
Gunto

Beautiful avatar by Plumbeck!

 

Bury me in honor; when I'm dead and hit the ground, a love back home, it unfolds...


#15 binder

binder
  • Topic Starter

  • Members
  • 10 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Philippines
  • Local time:03:17 AM

Posted 03 August 2018 - 01:12 AM

Hi Gunto,
 
Below is the result of running Delfix. 
 
And I would like to thank you very much for your big help.
I wish that you would always be in good health so that you could help more people who would need your help and expertise. 
 
Also, thanks a lot for your advise will surely follow.
 
Though I have few more questions i need to clear-out.
 
How would i know if the update is legit and not malicious link maybe?
That is one of the reasons why for the very longest time i didn't hit the software update buttons.
 
I would also like to share with you what i found on the camera device event. I just wonder what are these, especially the bold italicized events.
 
Timestamp                      Description                                  Information
 
24/5/2018 3:13:55 PM    Device installed requested          Device USB\VID_04F2&PID_B50F&MI_00\6&bbc4ae1&0&0000 requires further installation.
 
24/5/2018 3:14:13 PM    Device installed requested          Device USB\VID_04F2&PID_B50F&MI_00\6&bbc4ae1&0&0000 requires further installation.
 
24/5/2018 3:19:54 PM    Device migrated                          Device USB\VID_04F2&PID_B50F&MI_00\6&bbc4ae1&0&0000 was migrated. Last Device                                                                                                Instance Id: USB\VID_04F2&PID_B50F&MI_00\6&bbc4ae1&0&0000
 
24/5/2018 3:19:56 PM    Device service added (rtsuvc)     Driver Management has concluded the process to add Service rtsuvc for Device                                                                                                             Instance ID USB\VID_04F2&PID_B50F&MI_00\6&BBC4AE1&0&0000 with the following                                                                                                   status: 0.
 
24/5/2018 3:19:57 PM    Device installed( rtlesha.inf_amd64_5831f686d1c67a9d )    Driver Management concluded the process to install driver                                                                                                                                                  rtlesha.inf_amd64_5831f686d1c67a9d for Device Instance ID                                                                                                                                              USB\VID_04F2&PID_B50F&MI_00\6&BBC4AE1&0&0000 with                                                                                                                                              the following status: 0x0.
 
1/8/2018 5:25:40 PM     Device deleted                                Device USB\VID_04F2&PID_B50F&MI_00\6&BBC4AE1&0&0000 was deleted. Class Guid:                                                                                                    {6BDD1FC6-810F-11D0-BEC7-08002BE2092F}
 
1/8/2018 5:26:27 PM     Device install requested                  Device USB\VID_04F2&PID_B50F&MI_00\6&bbc4ae1&0&0000 requires further installation.
 
1/8/2018 5:27:32 PM     Device install requested                  Device USB\VID_04F2&PID_B50F&MI_00\6&bbc4ae1&0&0000 requires further installation.
 
1/8/2018 5:27:35 PM     Device configured (usbvideo.inf)     Device USB\VID_04F2&PID_B50F&MI_00\6&bbc4ae1&0&0000 requires further installation.
 
1/8/2018 5:27:58 PM     Device started (usbvideo)                Device USB\VID_04F2&PID_B50F&MI_00\6&bbc4ae1&0&0000 was started.
 
                                                                                               Driver Name: usbvideo.inf
                                                                                               Class Guid: {CA3E7AB9-B4C3-4AE6-8251-579EF933890F}
                                                                                               Service: usbvideo
                                                                                               Lower Filters: WdmCompanionFilter
                                                                                               Upper Filters: 
 
1/8/2018 5:27:58 PM     Device installed ( usbvideo.inf_amd64_4bab48f1b169c4b9 )     Driver Management concluded the process to install driver                                                                                                                                                          usbvideo.inf_amd64_4bab48f1b169c4b9 for Device Instance ID                                                                                                                                                USB\VID_04F2&PID_B50F&MI_00\6&BBC4AE1&0&0000 with                                                                                                                                                  the following status: 0x0.
 
 
 
 
 
 
 
 Delfix Run Result.                
 
 
# DelFix v1.013 - Logfile created 03/08/2018 at 13:22:10
# Updated 17/04/2016 by Xplode
# Username : arlene.mandia - LENOVO-PC-AAM
# Operating System : Windows 10 Home  (64 bits)
 
~ Removing disinfection tools ...
 
Deleted : C:\FRST
Deleted : C:\Users\arlene.mandia\Desktop\Rkill.txt
Deleted : C:\Users\arlene.mandia\Downloads\Addition.txt
Deleted : C:\Users\arlene.mandia\Downloads\Fixlog.txt
Deleted : C:\Users\arlene.mandia\Downloads\FRST.txt
Deleted : C:\Users\arlene.mandia\Downloads\FRST64.exe
Deleted : C:\Users\arlene.mandia\Downloads\rkill.exe
 
~ Cleaning system restore ...
 
Deleted : RP #11 [Scheduled Checkpoint | 07/26/2018 12:47:46]
Deleted : RP #12 [Installed McAfee Ransomware Decryption Tool. | 07/29/2018 04:56:37]
Deleted : RP #15 [Windows Modules Installer | 08/02/2018 12:29:35]
Deleted : RP #16 [Removed Dolby Digital Plus | 08/02/2018 17:51:29]
 
New restore point created !
 
########## - EOF - ##########
 
 
Thank you and will wait for your advice on the camera events above and the software update legitimacy pointers.
 
Best regards,





0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users