Go Back   Tech Support Forum > Security Center > Virus/Trojan/Spyware Help > Inactive Malware Help Topics

User Tag List

virus exe, slows computer, makes internet problems.

This is a discussion on virus exe, slows computer, makes internet problems. within the Inactive Malware Help Topics forums, part of the Tech Support Forum category. Hi, There is a virus in my computer. I realized that there are 3 pop ups when opening my computer.


 
 
Thread Tools Search this Thread
Old 07-27-2019, 10:03 PM   #1
Registered Member
 
Join Date: May 2019
Posts: 25
OS:



Hi,

There is a virus in my computer. I realized that there are 3 pop ups when opening my computer. I saw 2 programs that I think are part of this virus. 1.lenovo Solution Center 2. lenovo utilities. the program finishes in exe. and when I wanted to unistall it, it wanted to install in my computer. Let me know if there is any more info I can provide.

Thanks






Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 15-07-2019 01
Ran by Rifka (administrator) on LAPTOP-KLLUT3VL (LENOVO 80E5) (22-07-2019 21:10:06)
Running from C:\Users\Rifka\Downloads
Loaded Profiles: Rifka (Available Profiles: Rifka)
Platform: Windows 10 Home Version 1803 17134.829 (X64) Language: English (United States)
Default browser: Edge
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: FRST Tutorial - How to use Farbar Recovery Scan Tool - Malware Removal Guides and Tutorials

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

() [File not signed] C:\Program Files\WindowsApps\Microsoft.SkypeApp_14.48.51.0_x64__kzf8qxf38zg5c\SkypeBackgroundHost.exe
() [File not signed] C:\Program Files\WindowsApps\Microsoft.Windows.Photos_2019.19051.16210.0_x64__8wekyb3d8bbwe\Microsoft.Photos.exe
() [File not signed] C:\Program Files\WindowsApps\Microsoft.WindowsCalculator_10.1905.28.0_x64__8wekyb3d8bbwe\Calculator.exe
() [File not signed] C:\Program Files\WindowsApps\Microsoft.ZuneMusic_10.19031.11411.0_x64__8wekyb3d8bbwe\Music.UI.exe
() [File not signed] C:\Program Files\WindowsApps\Microsoft.ZuneVideo_10.19031.11411.0_x64__8wekyb3d8bbwe\Video.UI.exe
(AVAST Software s.r.o. -> AVAST Software) C:\Program Files (x86)\AVAST Software\Browser\Update\1.4.154.333\AvastBrowserCrashHandler.exe
(AVAST Software s.r.o. -> AVAST Software) C:\Program Files (x86)\AVAST Software\Browser\Update\1.4.154.333\AvastBrowserCrashHandler64.exe
(AVAST Software s.r.o. -> AVAST Software) C:\Program Files\AVAST Software\Avast\afwServ.exe
(AVAST Software s.r.o. -> AVAST Software) C:\Program Files\AVAST Software\Avast\aswidsagent.exe
(AVAST Software s.r.o. -> AVAST Software) C:\Program Files\AVAST Software\Avast\AvastSvc.exe
(AVAST Software s.r.o. -> AVAST Software) C:\Program Files\AVAST Software\Avast\AvastUI.exe
(Conexant Systems, Inc. -> Conexant Systems Inc.) C:\Windows\System32\CxAudMsg64.exe
(Conexant Systems, Inc. -> Conexant Systems, Inc.) C:\Program Files\CONEXANT\cAudioFilterAgent\CAudioFilterAgent64.exe
(Conexant Systems, Inc. -> Conexant Systems, Inc.) C:\Windows\SysWOW64\SASrv.exe
(CyberLink Corp. -> CyberLink) C:\Program Files (x86)\Lenovo\Power2Go\CLMLSvc_P2G8.exe
(ELAN Microelectronics Corporation -> ELAN Microelectronics Corp.) C:\Program Files\Elantech\ETDCtrl.exe
(ELAN Microelectronics Corporation -> ELAN Microelectronics Corp.) C:\Program Files\Elantech\ETDCtrlHelper.exe
(ELAN Microelectronics Corporation -> ELAN Microelectronics Corp.) C:\Program Files\Elantech\ETDIntelligent.exe
(ELAN Microelectronics Corporation -> ELAN Microelectronics Corp.) C:\Program Files\Elantech\ETDService.exe
(Fortemedia Inc -> ) C:\Program Files\CONEXANT\ForteConfig\fmapp.exe
(Google Inc -> Google LLC) C:\Program Files (x86)\Google\Update\1.3.34.11\GoogleCrashHandler.exe
(Google Inc -> Google LLC) C:\Program Files (x86)\Google\Update\1.3.34.11\GoogleCrashHandler64.exe
(Google LLC -> Google LLC) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google LLC -> Google LLC) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google LLC -> Google LLC) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google LLC -> Google LLC) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google LLC -> Google LLC) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google LLC -> Google LLC) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google LLC -> Google LLC) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google LLC -> Google LLC) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google LLC -> Google LLC) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google LLC -> Google LLC) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google LLC -> Google LLC) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google LLC -> Google LLC) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google LLC -> Google LLC) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google LLC -> Google LLC) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google LLC -> Google LLC) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google LLC -> Google LLC) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google LLC -> Google LLC) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google LLC -> Google LLC) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google LLC -> Google LLC) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google LLC -> Google LLC) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google LLC -> Google LLC) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Intel Corporation - Rapid Storage Technology -> Intel Corporation) C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe
(Intel Corporation - Rapid Storage Technology -> Intel Corporation) C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe
(Intel Corporation-Wireless Connectivity Solutions -> Intel(R) Corporation) C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe
(Intel Corporation-Wireless Connectivity Solutions -> Intel(R) Corporation) C:\Program Files\Intel\WiFi\bin\EvtEng.exe
(Intel Corporation-Wireless Connectivity Solutions -> Intel® Corporation) C:\Program Files\Intel\WiFi\bin\ZeroConfigService.exe
(Intel(R) pGFX -> ) C:\Windows\System32\igfxTray.exe
(Intel(R) pGFX -> Intel Corporation) C:\Windows\System32\igfxCUIService.exe
(Intel(R) pGFX -> Intel Corporation) C:\Windows\System32\igfxEM.exe
(Intel(R) pGFX -> Intel Corporation) C:\Windows\System32\igfxHK.exe
(LENOVO -> ) C:\Program Files\update\UpdateAgent.exe
(LENOVO -> Lenovo) C:\Program Files (x86)\Lenovo\CCSDK\CCSDK.exe
(LENOVO -> Lenovo) C:\Program Files (x86)\Lenovo\CCSDK\WinGather.exe
(Lenovo) [File not signed] C:\Program Files (x86)\Lenovo\LenovoPortal\FastBoot\FbService.exe
(Malwarebytes Corporation -> Malwarebytes) C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe
(Malwarebytes Corporation -> Malwarebytes) C:\Program Files\Malwarebytes\Anti-Malware\mbamtray.exe
(Microsoft Corporation -> Microsoft Corporation) C:\Users\Rifka\AppData\Local\Microsoft\OneDrive\OneDrive.exe
(Microsoft Corporation -> Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v3.0\WPF\PresentationFontCache.exe
(Microsoft Corporation -> Microsoft Corporation) C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe
(Microsoft Corporation -> Microsoft Corporation) C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe
(Microsoft Corporation -> Microsoft Corporation) C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe
(Microsoft Corporation) [File not signed] C:\Program Files\WindowsApps\Microsoft.SkypeApp_14.48.51.0_x64__kzf8qxf38zg5c\SkypeApp.exe
(Microsoft Windows -> Microsoft Corporation) C:\Program Files\Windows Defender\MSASCuiL.exe
(Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\browser_broker.exe
(Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\rundll32.exe
(Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\wlanext.exe
(Microsoft Windows -> Microsoft Corporation) C:\Windows\SysWOW64\wbem\WmiPrvSE.exe
(Microsoft Windows Publisher -> Microsoft Corporation) C:\Windows\SysWOW64\svchost.exe
(TeamViewer GmbH -> TeamViewer GmbH) C:\Program Files (x86)\TeamViewer\TeamViewer.exe
(TeamViewer GmbH -> TeamViewer GmbH) C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe
(TeamViewer GmbH -> TeamViewer GmbH) C:\Program Files (x86)\TeamViewer\tv_w32.exe
(TeamViewer GmbH -> TeamViewer GmbH) C:\Program Files (x86)\TeamViewer\tv_x64.exe

==================== Registry (Whitelisted) ===========================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [SecurityHealth] => C:\Program Files\Windows Defender\MSASCuiL.exe [638872 2018-04-11] (Microsoft Windows -> Microsoft Corporation)
HKLM\...\Run: [LenovoUtility] => C:\Program Files\Lenovo\LenovoUtility\utility.exe [791848 2015-10-10] (LENOVO -> )
HKLM\...\Run: [IAStorIcon] => C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe [322472 2015-07-22] (Intel Corporation - Rapid Storage Technology -> Intel Corporation)
HKLM\...\Run: [ForteConfig] => C:\Program Files\Conexant\ForteConfig\fmapp.exe [49056 2010-10-26] (Fortemedia Inc -> )
HKLM\...\Run: [cAudioFilterAgent] => C:\Program Files\Conexant\cAudioFilterAgent\cAudioFilterAgent64.exe [919768 2014-11-20] (Conexant Systems, Inc. -> Conexant Systems, Inc.)
HKLM\...\Run: [SmartAudio] => C:\Program Files\CONEXANT\SAII\SACpl.exe [1830616 2014-04-10] (Conexant Systems, Inc. -> Conexant Systems, Inc.)
HKLM\...\Run: [ETDCtrl] => C:\Program Files\Elantech\ETDCtrl.exe [3814624 2018-02-07] (ELAN Microelectronics Corporation -> ELAN Microelectronics Corp.)
HKLM\...\Run: [AvastUI.exe] => C:\Program Files\AVAST Software\Avast\AvLaunch.exe [262024 2019-05-28] (AVAST Software s.r.o. -> AVAST Software)
HKLM-x32\...\Run: [CLMLServer_For_P2G8] => C:\Program Files (x86)\Lenovo\Power2Go\CLMLSvc_P2G8.exe [110344 2014-09-09] (CyberLink Corp. -> CyberLink)
HKLM-x32\...\Run: [CLVirtualDrive] => C:\Program Files (x86)\Lenovo\Power2Go\VirtualDrive.exe [492808 2014-09-09] (CyberLink Corp. -> CyberLink Corp.)
HKU\S-1-5-21-1936064907-1069411923-2261509573-1001\...\RunOnce: [Delete Cached Update Binary] => C:\WINDOWS\system32\cmd.exe /q /c del /q "C:\Users\Rifka\AppData\Local\Microsoft\OneDrive\Update\OneDriveSetup.exe"
HKU\S-1-5-21-1936064907-1069411923-2261509573-1001\...\RunOnce: [Delete Cached Standalone Update Binary] => C:\WINDOWS\system32\cmd.exe /q /c del /q "C:\Users\Rifka\AppData\Local\Microsoft\OneDrive\StandaloneUpdater\OneDriveSetup.exe"
HKU\S-1-5-21-1936064907-1069411923-2261509573-1001\...\RunOnce: [Uninstall 19.086.0502.0006\amd64] => C:\WINDOWS\system32\cmd.exe /q /c rmdir /s /q "C:\Users\Rifka\AppData\Local\Microsoft\OneDrive\19.086.0502.0006\amd64"
HKU\S-1-5-21-1936064907-1069411923-2261509573-1001\...\RunOnce: [Uninstall 19.086.0502.0006] => C:\WINDOWS\system32\cmd.exe /q /c rmdir /s /q "C:\Users\Rifka\AppData\Local\Microsoft\OneDrive\19.086.0502.0006"
HKLM\...\Drivers32-x32: [vidc.mjpg] => pvmjpg30.dll
HKLM\...\Drivers32-x32: [vidc.pDAD] => prodad-codec.dll
HKLM\Software\Microsoft\Active Setup\Installed Components: [{8A69D345-D564-463c-AFF1-A69D9E530F96}] -> C:\Program Files (x86)\Google\Chrome\Application\75.0.3770.142\Installer\chrmstp.exe [2019-07-17] (Google LLC -> Google LLC)
HKLM\Software\Wow6432Node\Microsoft\Active Setup\Installed Components: [{A8504530-742B-42BC-895D-2BAD6406F698}] -> C:\Program Files (x86)\AVAST Software\Browser\Application\75.0.1447.81\Installer\chrmstp.exe [2019-07-02] (AVAST Software s.r.o. -> AVAST Software)
GroupPolicy: Restriction - Chrome <==== ATTENTION
GroupPolicy\User: Restriction ? <==== ATTENTION
FF HKLM\SOFTWARE\Policies\Mozilla\Firefox: Restriction <==== ATTENTION

==================== Scheduled Tasks (Whitelisted) =============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

Task: {026EC50A-F2D6-4228-AAE2-87D94F0736CA} - System32\Tasks\Microsoft\Office\OfficeTelemetryAgentFallBack => C:\Program Files\Microsoft Office\Office15\msoia.exe [376496 2014-01-22] (Microsoft Corporation -> Microsoft Corporation)
Task: {20414A01-6033-4FF8-BCE3-265A58B3AE6F} - System32\Tasks\Lenovo\Lenovo Solution Center Launcher => C:\Program Files\lenovo\lenovo solution center\App\LSCService.exe [270272 2015-08-07] (LENOVO -> Lenovo)
Task: {2FDDC4DF-0FA5-499E-BA85-32D3ACBD64A2} - System32\Tasks\Lenovo\ImController\Lenovo iM Controller Scheduled Maintenance => %windir%\system32\sc.exe START ImControllerService
Task: {3BA2DBE8-07C1-476E-AEE0-9F5C0D2411C6} - System32\Tasks\Lenovo\REACHit Agent Update => C:\Program Files (x86)\Lenovo\REACHit\REACHitAgent.exe [674760 2016-02-22] (LENOVO -> Lenovo)
Task: {4312E1B3-370E-4B9E-8A53-870122A5DDCA} - System32\Tasks\Avast Secure Browser Heartbeat Task (Logon) => C:\Program Files (x86)\AVAST Software\Browser\Application\AvastBrowser.exe [1808504 2019-06-11] (AVAST Software s.r.o. -> AVAST Software)
Task: {49BB1901-394D-43FB-BADC-E58089F19840} - System32\Tasks\LivigentICUpgradeTask => C:\WINDOWS\Lvgic10u.exe [570216 2019-04-15] (Rnd Software Group Inc. -> )
Task: {4E015032-99F1-40D9-A9C2-C60117DA6D64} - System32\Tasks\AvastUpdateTaskMachineUA => C:\Program Files (x86)\AVAST Software\Browser\Update\AvastBrowserUpdate.exe [164984 2019-05-28] (AVAST Software s.r.o. -> AVAST Software)
Task: {55B8C7F4-3FCE-45E8-99F0-8E0863EC1D8D} - System32\Tasks\Lenovo\Lenovo Customer Feedback Program 64 => C:\Program Files (x86)\Lenovo\Customer Feedback Program\Lenovo.TVT.CustomerFeedback.Agent.exe [16832 2015-07-08] (LENOVO -> Lenovo)
Task: {60C4C661-3629-401E-BF93-E0321D8CE590} - System32\Tasks\Lenovo\REACHit Agent Startup => C:\Program Files (x86)\Lenovo\REACHit\REACHitAgent.exe [674760 2016-02-22] (LENOVO -> Lenovo)
Task: {647B581C-8CA5-4999-8CFE-02EABE7DBE53} - System32\Tasks\Lenovo\ImController\Plugins\LenovoSystemUpdatePlugin_TVSUUpdateTask => reg.exe add hklm\SOFTWARE\Lenovo\SystemUpdatePlugin\scheduler /v start /t reg_dword /d 1 /f /reg:32
Task: {664B1697-D559-4723-9D04-1967A1E10F35} - System32\Tasks\Lenovo\SHUpdate => C:\Program Files (x86)\Lenovo\SHAREit\ShareitUpdater.exe [808352 2015-07-12] (LENOVO -> )
Task: {6F0E7FFE-E30F-4907-ABC2-610CD61F2158} - System32\Tasks\Microsoft\Windows\RemovalTools\MRT_ERROR_HB => C:\WINDOWS\system32\MRT.exe [136618864 2019-07-17] (Microsoft Corporation -> Microsoft Corporation)
Task: {71C0AC35-4970-46FB-8C6D-CB89C24B78DC} - System32\Tasks\Lenovo\SHPrompt => C:\Program Files (x86)\Lenovo\SHAREit\ShareitPrompt.exe [829344 2015-07-12] (LENOVO -> )
Task: {7E5777E0-F0D5-49FB-AAC0-58FE2DA9FC6D} - System32\Tasks\Avast Emergency Update => C:\Program Files\AVAST Software\Avast\AvEmUpdate.exe [2934152 2019-05-28] (AVAST Software s.r.o. -> AVAST Software)
Task: {87169BD9-2A8C-40A2-AA18-2EBF4E97DB61} - \Microsoft\Windows\SMB\UninstallSMB1ClientTask -> No File <==== ATTENTION
Task: {8A1C898E-78A7-4A0D-97D8-DD54AEB3ED7D} - \Microsoft\Windows\SMB\UninstallSMB1ServerTask -> No File <==== ATTENTION
Task: {8BEAF689-FA90-4A62-AEFE-484EE0BE985F} - System32\Tasks\Microsoft\Windows\PLA\LSC Memory => C:\Windows\system32\rundll32.exe C:\Windows\system32\pla.dll,PlaHost "LSC Memory" "$(Arg0)"
Task: {8C69E7A3-945C-4BD9-9EAB-D59CE70A4C44} - System32\Tasks\Avast Software\Overseer => C:\Program Files\Common Files\AVAST Software\Overseer\overseer.exe [2281944 2019-06-04] (AVAST Software s.r.o. -> AVAST Software)
Task: {92EE847B-C711-4C89-9BF1-E6D4C3A39FBA} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [153752 2016-11-30] (Google Inc -> Google Inc.)
Task: {960DACF7-D03A-452C-BB44-FA9E5DE41506} - System32\Tasks\Lenovo\Experience Improvement => C:\Program Files\Lenovo\ExperienceImprovement\LenovoExperienceImprovement.exe [287688 2015-12-09] (LENOVO -> Lenovo)
Task: {96CC4AC4-B01B-4F2C-82D2-8656DFCD4C81} - System32\Tasks\Microsoft\Windows\Setup\EOSNotify => C:\WINDOWS\system32\EOSNotify.exe
Task: {97F9E520-EFCF-43F2-A091-89A6476F53F5} - System32\Tasks\Avast Secure Browser Heartbeat Task (Hourly) => C:\Program Files (x86)\AVAST Software\Browser\Application\AvastBrowser.exe [1808504 2019-06-11] (AVAST Software s.r.o. -> AVAST Software)
Task: {9B50C0AE-67A6-45AD-9605-9C74D32C5E52} - System32\Tasks\Microsoft\Office\OfficeTelemetryAgentLogOn => C:\Program Files\Microsoft Office\Office15\msoia.exe [376496 2014-01-22] (Microsoft Corporation -> Microsoft Corporation)
Task: {A4D4CDC5-5EC9-4B8C-BAFE-BC52DE0673AD} - System32\Tasks\PDVDServ12 Task => C:\Program Files (x86)\Lenovo\PowerDVD12\PDVD12Serv.exe [85432 2015-05-28] (CyberLink Corp. -> CyberLink Corp.)
Task: {A6C95E1A-028F-40E5-AE93-5E25F54CA147} - System32\Tasks\Lenovo\LSC\LSCHardwareScanPostpone => C:\Program Files\Lenovo\Lenovo Solution Center\LSC.exe [9476544 2015-08-07] (LENOVO -> )
Task: {A91B3760-F77E-4C31-A041-507F0D925F4A} - System32\Tasks\Lenovo\LSC\Lenovo Solution Center Notifications => C:\Program Files\Lenovo\Lenovo Solution Center\LSCNotify.exe [1320384 2015-08-07] (LENOVO -> Lenovo)
Task: {AFF0EFDA-9B0F-4CDB-AA11-98078E6E7651} - System32\Tasks\Microsoft\Office\Office 15 Subscription Heartbeat => C:\Program Files\Common Files\Microsoft Shared\Office15\OLicenseHeartbeat.exe
Task: {B88A5CD1-5AE5-4175-A369-FE0BF5C97EE8} - System32\Tasks\Lenovo\LSC\LSCHardwareScan => C:\Program Files\Lenovo\Lenovo Solution Center\LSC.exe [9476544 2015-08-07] (LENOVO -> )
Task: {C8556EA1-FF3B-4709-AF65-BB3CD0303413} - System32\Tasks\Lenovo\QuickOptimizer => C:\Program Files\lenovo\QuickOptimizer\QuickOptimizerIcon.exe [1149344 2015-07-10] (LENOVO -> Lenovo)
Task: {C8ADD3D0-3082-458F-9DF4-F7EA1A61EE01} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [153752 2016-11-30] (Google Inc -> Google Inc.)
Task: {F8A7A70E-3592-42EE-8913-7B3C4FF6ACD2} - System32\Tasks\AvastUpdateTaskMachineCore => C:\Program Files (x86)\AVAST Software\Browser\Update\AvastBrowserUpdate.exe [164984 2019-05-28] (AVAST Software s.r.o. -> AVAST Software)

(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)


==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

Tcpip\Parameters: [DhcpNameServer] 209.18.47.61 209.18.47.62
Tcpip\..\Interfaces\{c1348638-2fbd-4861-9436-169088fb0f1e}: [DhcpNameServer] 150.208.1.3
Tcpip\..\Interfaces\{eb25a60a-35cb-4a6d-a41d-0de9d46e32bf}: [DhcpNameServer] 209.18.47.61 209.18.47.62

Internet Explorer:
==================
HKU\S-1-5-21-1936064907-1069411923-2261509573-1001\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://lenovo15.msn.com/?pc=LCTE
HKU\S-1-5-21-1936064907-1069411923-2261509573-1001\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://lenovo15.msn.com/?pc=LCTE
HKU\S-1-5-21-1936064907-1069411923-2261509573-1001\Software\Microsoft\Internet Explorer\Main,Secondary Start Pages = hxxp://mystart.lenovo.com
SearchScopes: HKU\S-1-5-21-1936064907-1069411923-2261509573-1001 -> DefaultScope {325FD0EC-F0D4-436F-B73A-D45053D825AF} URL =
SearchScopes: HKU\S-1-5-21-1936064907-1069411923-2261509573-1001 -> {325FD0EC-F0D4-436F-B73A-D45053D825AF} URL =
BHO: Skype for Business Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files\Microsoft Office\Office15\OCHelper.dll [2019-06-25] (Microsoft Corporation -> Microsoft Corporation)
BHO: Microsoft SkyDrive Pro Browser Helper -> {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} -> C:\Program Files\Microsoft Office\Office15\GROOVEEX.DLL [2018-05-15] (Microsoft Corporation -> Microsoft Corporation)
BHO-x32: Skype for Business Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files (x86)\Microsoft Office\Office15\OCHelper.dll [2019-06-25] (Microsoft Corporation -> Microsoft Corporation)
BHO-x32: Microsoft SkyDrive Pro Browser Helper -> {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} -> C:\Program Files (x86)\Microsoft Office\Office15\GROOVEEX.DLL [2018-05-15] (Microsoft Corporation -> Microsoft Corporation)

FireFox:
========
FF DefaultProfile: 0enx8hcf.default
FF ProfilePath: C:\Users\Rifka\AppData\Roaming\Mozilla\Firefox\Profiles\0enx8hcf.default [2019-07-22]
FF Plugin: @microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.50918.0\npctrl.dll [2018-10-23] (Microsoft Corporation -> Microsoft Corporation)
FF Plugin-x32: @microsoft.com/Lync,version=15.0 -> C:\Program Files (x86)\Mozilla Firefox\plugins\npmeetingjoinpluginoc.dll [2017-09-12] (Microsoft Corporation -> Microsoft Corporation)
FF Plugin-x32: @microsoft.com/NpCtrl,version=1.0 -> c:\Program Files (x86)\Microsoft Silverlight\5.1.50918.0\npctrl.dll [2018-10-23] (Microsoft Corporation -> Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~2\MICROS~1\Office15\NPSPWRAP.DLL [2014-01-23] (Microsoft Corporation -> Microsoft Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.34.11\npGoogleUpdate3.dll [2019-05-15] (Google Inc -> Google LLC)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.34.11\npGoogleUpdate3.dll [2019-05-15] (Google Inc -> Google LLC)

Chrome:
=======
CHR Profile: C:\Users\Rifka\AppData\Local\Google\Chrome\User Data\Default [2019-07-22]
CHR Extension: (Slides) - C:\Users\Rifka\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2017-12-24]
CHR Extension: (Docs) - C:\Users\Rifka\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2017-12-24]
CHR Extension: (Google Drive) - C:\Users\Rifka\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2018-10-18]
CHR Extension: (YouTube) - C:\Users\Rifka\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2016-11-30]
CHR Extension: (Avast SafePrice | Comparison, deals, coupons) - C:\Users\Rifka\AppData\Local\Google\Chrome\User Data\Default\Extensions\eofcbnmajmjmplflapaojjnihcjkigck [2019-07-17]
CHR Extension: (Sheets) - C:\Users\Rifka\AppData\Local\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2017-12-24]
CHR Extension: (Google Docs Offline) - C:\Users\Rifka\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2018-08-29]
CHR Extension: (Avast Online Security) - C:\Users\Rifka\AppData\Local\Google\Chrome\User Data\Default\Extensions\gomekmidlodglbbmalcneegieacbdmki [2019-07-17]
CHR Extension: (DS Amazon Quick View) - C:\Users\Rifka\AppData\Local\Google\Chrome\User Data\Default\Extensions\jkompbllimaoekaogchhkmkdogpkhojg [2019-07-17]
CHR Extension: (Grammarly for Chrome) - C:\Users\Rifka\AppData\Local\Google\Chrome\User Data\Default\Extensions\kbfnbcaeplbcioakkpcpgfkobkghlhen [2019-07-17]
CHR Extension: (Keepa - Amazon Price Tracker) - C:\Users\Rifka\AppData\Local\Google\Chrome\User Data\Default\Extensions\neebplgakaahbhdphmkckjjcegoiijjo [2019-03-04]
CHR Extension: (Chrome Web Store Payments) - C:\Users\Rifka\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2018-04-17]
CHR Extension: (Gmail) - C:\Users\Rifka\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2019-04-29]
CHR Extension: (Chrome Media Router) - C:\Users\Rifka\AppData\Local\Google\Chrome\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm [2019-06-16]
CHR Profile: C:\Users\Rifka\AppData\Local\Google\Chrome\User Data\System Profile [2018-12-06]
CHR HKLM-x32\...\Chrome\Extension: [bfegkegffcbgpfmemahhkgnbkocmbain] - <no Path/update_url>
CHR HKLM-x32\...\Chrome\Extension: [eofcbnmajmjmplflapaojjnihcjkigck] - hxxps://clients2.google.com/service/update2/crx
CHR HKLM-x32\...\Chrome\Extension: [gomekmidlodglbbmalcneegieacbdmki] - hxxps://clients2.google.com/service/update2/crx

==================== Services (Whitelisted) ====================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R3 aswbIDSAgent; C:\Program Files\AVAST Software\Avast\aswidsagent.exe [6844776 2019-05-28] (AVAST Software s.r.o. -> AVAST Software)
S2 avast; C:\Program Files (x86)\AVAST Software\Browser\Update\AvastBrowserUpdate.exe [164984 2019-05-28] (AVAST Software s.r.o. -> AVAST Software)
R2 avast! Antivirus; C:\Program Files\AVAST Software\Avast\AvastSvc.exe [409224 2019-05-28] (AVAST Software s.r.o. -> AVAST Software)
R2 avast! Firewall; C:\Program Files\AVAST Software\Avast\afwServ.exe [416512 2019-05-28] (AVAST Software s.r.o. -> AVAST Software)
S3 avastm; C:\Program Files (x86)\AVAST Software\Browser\Update\AvastBrowserUpdate.exe [164984 2019-05-28] (AVAST Software s.r.o. -> AVAST Software)
S3 AvastSecureBrowserElevationService; C:\Program Files (x86)\AVAST Software\Browser\Application\75.0.1447.81\elevation_service.exe [978720 2019-06-11] (AVAST Software s.r.o. -> AVAST Software)
S3 AvastWscReporter; C:\Program Files\AVAST Software\Avast\wsc_proxy.exe [57504 2019-05-28] (AVAST Software s.r.o. -> AVAST Software)
R2 CCSDK; C:\Program Files (x86)\Lenovo\CCSDK\CCSDK.exe [650680 2015-07-29] (LENOVO -> Lenovo)
U2 DispatcherIC; C:\WINDOWS\LvgIC555\Dispatcher\DispatcherIC.dll [3284328 2019-04-15] (Rnd Software Group Inc. -> )
R2 ETDService; C:\Program Files\Elantech\ETDService.exe [143584 2018-02-07] (ELAN Microelectronics Corporation -> ELAN Microelectronics Corp.)
R2 FastbootService; C:\Program Files (x86)\Lenovo\LenovoPortal\FastBoot\FbService.exe [288768 2015-10-10] (Lenovo) [File not signed]
S2 GDCAgent; C:\Program Files (x86)\Lenovo\GDCAgentSetupRed\GDCAgent.exe [1155512 2015-07-29] (LENOVO -> Lenovo)
S2 ibtsiva; C:\WINDOWS\system32\ibtsiva.exe [190208 2018-10-08] (Intel Corporation-Wireless Connectivity Solutions -> Intel Corporation)
R2 igfxCUIService2.0.0.0; C:\WINDOWS\system32\igfxCUIService.exe [373680 2018-02-07] (Intel(R) pGFX -> Intel Corporation)
S2 ImControllerService; c:\Program Files\Lenovo\ImController\Service\Lenovo.Modern.ImController.exe [62792 2016-11-16] () [File not signed]
S2 LenovoPortalService; C:\Program Files (x86)\Lenovo\LenovoPortal\LenovoPortalService.exe [24312 2015-10-10] (LENOVO -> )
S3 LSCWinService; C:\Program Files\Lenovo\Lenovo Solution Center\App\LSCWinService.exe [271296 2015-08-07] (LENOVO -> Lenovo)
U2 MainIC; C:\WINDOWS\LvgIC555\IC.dll [12319080 2019-04-15] (Rnd Software Group Inc. -> )
R2 MBAMService; C:\Program Files\Malwarebytes\Anti-Malware\mbamservice.exe [6562472 2019-02-01] (Malwarebytes Corporation -> Malwarebytes)
S3 MyWiFiDHCPDNS; C:\Program Files\Intel\WiFi\bin\PanDhcpDns.exe [268704 2016-10-06] (Intel Corporation-Wireless Connectivity Solutions -> )
R2 TeamViewer; C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe [11969880 2019-07-03] (TeamViewer GmbH -> TeamViewer GmbH)
R2 UpdateAgentService; C:\Program Files\update\UpdateAgent.exe [226216 2015-10-10] (LENOVO -> )
U2 WatchdogIC; C:\WINDOWS\LvgIC555\ICWatchdog.dll [5047144 2019-04-15] (Rnd Software Group Inc. -> )
S3 WdNisSvc; C:\ProgramData\Microsoft\Windows Defender\platform\4.18.1904.1-0\NisSrv.exe [3851264 2019-04-28] (Microsoft Corporation -> Microsoft Corporation)
S3 WinDefend; C:\ProgramData\Microsoft\Windows Defender\platform\4.18.1904.1-0\MsMpEng.exe [118144 2019-04-28] (Microsoft Corporation -> Microsoft Corporation)
R2 ZeroConfigService; C:\Program Files\Intel\WiFi\bin\ZeroConfigService.exe [3732896 2016-10-06] (Intel Corporation-Wireless Connectivity Solutions -> Intel® Corporation)

===================== Drivers (Whitelisted) ======================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R1 aswArPot; C:\WINDOWS\System32\drivers\aswArPot.sys [207448 2019-05-28] (AVAST Software s.r.o. -> AVAST Software)
R1 aswbidsdriver; C:\WINDOWS\System32\drivers\aswbidsdriver.sys [262496 2019-05-28] (AVAST Software s.r.o. -> AVAST Software)
R0 aswbidsh; C:\WINDOWS\System32\drivers\aswbidsh.sys [205848 2019-05-28] (AVAST Software s.r.o. -> AVAST Software)
R0 aswbuniv; C:\WINDOWS\System32\drivers\aswbuniv.sys [61472 2019-05-28] (AVAST Software s.r.o. -> AVAST Software)
R0 aswElam; C:\WINDOWS\System32\drivers\aswElam.sys [15488 2019-05-28] (Microsoft Windows Early Launch Anti-malware Publisher -> AVAST Software)
R1 aswKbd; C:\WINDOWS\System32\drivers\aswKbd.sys [42288 2019-05-28] (AVAST Software s.r.o. -> AVAST Software)
R2 aswMonFlt; C:\WINDOWS\System32\drivers\aswMonFlt.sys [168104 2019-06-20] (AVAST Software s.r.o. -> AVAST Software)
R1 aswNetSec; C:\WINDOWS\System32\drivers\aswNetSec.sys [549200 2019-05-28] (AVAST Software s.r.o. -> AVAST Software)
R1 aswRdr; C:\WINDOWS\System32\drivers\aswRdr2.sys [112312 2019-05-28] (AVAST Software s.r.o. -> AVAST Software)
R0 aswRvrt; C:\WINDOWS\System32\drivers\aswRvrt.sys [87944 2019-05-28] (AVAST Software s.r.o. -> AVAST Software)
R1 aswSnx; C:\WINDOWS\System32\drivers\aswSnx.sys [1030784 2019-05-28] (AVAST Software s.r.o. -> AVAST Software)
R1 aswSP; C:\WINDOWS\System32\drivers\aswSP.sys [477584 2019-05-28] (AVAST Software s.r.o. -> AVAST Software)
R2 aswStm; C:\WINDOWS\System32\drivers\aswStm.sys [225600 2019-06-17] (AVAST Software s.r.o. -> AVAST Software)
R0 aswVmm; C:\WINDOWS\System32\drivers\aswVmm.sys [385880 2019-05-30] (AVAST Software s.r.o. -> AVAST Software)
S3 dg_ssudbus; C:\WINDOWS\system32\DRIVERS\ssudbus.sys [131712 2018-02-25] (Samsung Electronics CO., LTD. -> Samsung Electronics Co., Ltd.)
R3 ETDSMBus; C:\WINDOWS\system32\DRIVERS\ETDSMBus.sys [41040 2018-02-07] (ELAN MICROELECTRONICS CORPORATION -> ELAN Microelectronic Corp.)
R0 Fastboot; C:\WINDOWS\System32\DRIVERS\Fastboot.sys [67608 2015-10-10] (New Horizon DataSys Inc. -> Windows (R) Win 7 DDK provider) [File not signed]
R0 FBFsmon; C:\WINDOWS\System32\DRIVERS\FBFsmon.sys [39448 2015-10-10] (New Horizon DataSys Inc. -> Windows (R) Win 7 DDK provider) [File not signed]
R3 ibtusb; C:\WINDOWS\system32\DRIVERS\ibtusb.sys [230144 2018-10-08] (Intel Corporation-Wireless Connectivity Solutions -> Intel Corporation)
R2 ICHFilter; C:\WINDOWS\LvgIC555\ICHFilter.sys [43000 2019-04-15] (Rnd Software Group Inc. -> )
S3 ldiagio_uefi; C:\Program Files\Lenovo\Lenovo Solution Center\App\ldiag\x64\ldiagio_uefi.sys [24808 2015-04-02] (Lenovo Information Products (Shenzhen) Co.,Ltd -> Lenovo Group Limited (R))
S0 MbamElam; C:\WINDOWS\System32\DRIVERS\MbamElam.sys [20936 2019-02-01] (Microsoft Windows Early Launch Anti-malware Publisher -> Malwarebytes)
R3 MBAMSwissArmy; C:\WINDOWS\System32\Drivers\mbamswissarmy.sys [275232 2019-07-10] (Malwarebytes Corporation -> Malwarebytes)
R3 NETwNb64; C:\WINDOWS\system32\DRIVERS\Netwbw02.sys [3525896 2018-10-08] (Intel Corporation-Wireless Connectivity Solutions -> Intel Corporation)
R3 rt640x64; C:\WINDOWS\System32\drivers\rt640x64.sys [886528 2015-05-28] (Realtek Semiconductor Corp -> Realtek )
R3 RTSUER; C:\WINDOWS\system32\Drivers\RtsUer.sys [410880 2015-11-04] (Realtek Semiconductor Corp -> Realsil Semiconductor Corporation)
R3 rtsuvc; C:\WINDOWS\system32\DRIVERS\rtsuvc.sys [3059416 2015-06-11] (Realtek Semiconductor Corp -> Realtek Semiconductor Corp.)
S3 ssudmdm; C:\WINDOWS\system32\DRIVERS\ssudmdm.sys [165504 2018-02-25] (Samsung Electronics CO., LTD. -> Samsung Electronics Co., Ltd.)
S3 WdBoot; C:\WINDOWS\system32\drivers\wd\WdBoot.sys [46472 2019-04-28] (Microsoft Windows Early Launch Anti-malware Publisher -> Microsoft Corporation)
S3 WdFilter; C:\WINDOWS\system32\drivers\wd\WdFilter.sys [344544 2019-04-28] (Microsoft Windows -> Microsoft Corporation)
S3 WdNisDrv; C:\WINDOWS\System32\drivers\wd\WdNisDrv.sys [60896 2019-04-28] (Microsoft Windows -> Microsoft Corporation)
R1 wfpliv; C:\WINDOWS\LvgIC555\wfpliv.sys [96840 2019-04-15] (Rnd Software Group Inc. -> Windows (R) Win 7 DDK provider)
S3 wsvd; C:\WINDOWS\system32\DRIVERS\wsvd.sys [102376 2012-06-13] (CyberLink -> "CyberLink)

==================== NetSvcs (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)


==================== One month (created) ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2019-07-22 21:11 - 2019-07-22 21:11 - 022648171 _____ C:\WINDOWS\lc45fvm58jd
2019-07-22 21:10 - 2019-07-22 21:11 - 000032211 _____ C:\Users\Rifka\Downloads\FRST.txt
2019-07-22 21:09 - 2019-07-22 21:10 - 000000000 ____D C:\FRST
2019-07-22 21:09 - 2019-07-22 21:09 - 002095104 _____ (Farbar) C:\Users\Rifka\Downloads\FRST64.exe
2019-07-22 21:08 - 2019-07-22 21:08 - 001446912 _____ (Farbar) C:\Users\Rifka\Downloads\FRST.exe

==================== One month (modified) ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2019-07-22 21:11 - 2018-10-12 09:39 - 000015080 _____ C:\WINDOWS\System32\Tasks\LivigentICUpgradeTask
2019-07-22 21:10 - 2018-04-11 19:38 - 000000000 ____D C:\ProgramData\regid.1991-06.com.microsoft
2019-07-22 20:34 - 2018-10-12 09:13 - 000000000 ____D C:\WINDOWS\system32\SleepStudy
2019-07-20 23:27 - 2018-04-11 19:38 - 000000000 ___HD C:\Program Files\WindowsApps
2019-07-20 23:27 - 2018-04-11 19:38 - 000000000 ____D C:\WINDOWS\AppReadiness
2019-07-20 23:20 - 2016-06-29 11:37 - 000000000 ____D C:\Program Files (x86)\TeamViewer
2019-07-19 00:38 - 2019-03-01 13:00 - 000001047 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\TeamViewer 14.lnk
2019-07-19 00:38 - 2019-03-01 13:00 - 000001035 _____ C:\Users\Public\Desktop\TeamViewer 14.lnk
2019-07-19 00:30 - 2018-04-11 19:30 - 000000000 ____D C:\WINDOWS\CbsTemp
2019-07-19 00:16 - 2019-05-28 17:13 - 000004264 _____ C:\WINDOWS\System32\Tasks\Avast Emergency Update
2019-07-17 05:10 - 2015-11-22 13:55 - 000000000 ____D C:\WINDOWS\system32\MRT
2019-07-17 04:53 - 2016-05-03 20:40 - 000000000 ___RD C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Office 2013
2019-07-17 04:53 - 2015-12-07 12:40 - 136618864 ____C (Microsoft Corporation) C:\WINDOWS\system32\MRT.exe
2019-07-17 04:52 - 2015-07-10 07:04 - 000000167 _____ C:\WINDOWS\win.ini
2019-07-17 04:51 - 2016-11-30 15:20 - 000002308 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk
2019-07-17 04:51 - 2016-11-30 15:20 - 000002267 _____ C:\Users\Public\Desktop\Google Chrome.lnk
2019-07-15 15:17 - 2018-10-12 09:39 - 000003380 _____ C:\WINDOWS\System32\Tasks\OneDrive Standalone Update Task-S-1-5-21-1936064907-1069411923-2261509573-1001
2019-07-15 15:17 - 2018-10-12 09:26 - 000002374 _____ C:\Users\Rifka\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\OneDrive.lnk
2019-07-15 15:17 - 2015-11-05 07:34 - 000000000 ___RD C:\Users\Rifka\OneDrive
2019-07-15 15:14 - 2015-11-05 07:31 - 000000000 __SHD C:\Users\Rifka\IntelGraphicsProfiles
2019-07-15 15:14 - 2015-11-05 07:15 - 000000180 _____ C:\WINDOWS\system32\{A6D608F0-0BDE-491A-97AE-5C4B05D86E01}.bat
2019-07-15 15:13 - 2018-11-28 23:55 - 000001751 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\LivigentIC.lnk
2019-07-14 15:30 - 2018-10-12 09:26 - 000000000 ____D C:\Users\Rifka
2019-07-10 12:46 - 2019-06-20 22:03 - 000275232 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\mbamswissarmy.sys
2019-07-10 12:44 - 2018-10-12 09:39 - 000000006 ____H C:\WINDOWS\Tasks\SA.DAT
2019-07-02 00:19 - 2019-05-28 17:23 - 000003856 _____ C:\WINDOWS\System32\Tasks\Avast Secure Browser Heartbeat Task (Hourly)
2019-07-02 00:19 - 2019-05-28 17:23 - 000003272 _____ C:\WINDOWS\System32\Tasks\Avast Secure Browser Heartbeat Task (Logon)
2019-07-02 00:19 - 2019-05-28 17:23 - 000002505 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Avast Secure Browser.lnk
2019-07-02 00:19 - 2019-05-28 17:23 - 000002470 _____ C:\Users\Public\Desktop\Avast Secure Browser.lnk
2019-06-26 03:12 - 2016-06-29 11:37 - 000000000 ____D C:\Users\Rifka\AppData\Roaming\TeamViewer
2019-06-25 10:17 - 2019-05-28 17:13 - 000000000 ____D C:\WINDOWS\System32\Tasks\Avast Software
2019-06-25 10:17 - 2018-10-12 09:39 - 000003346 _____ C:\WINDOWS\System32\Tasks\GoogleUpdateTaskMachineUA
2019-06-25 10:17 - 2018-10-12 09:39 - 000003310 _____ C:\WINDOWS\System32\Tasks\User_Feed_Synchronization-{C8796CCF-A5E6-4530-800C-B76C2D3644AE}
2019-06-25 10:17 - 2018-10-12 09:39 - 000003122 _____ C:\WINDOWS\System32\Tasks\GoogleUpdateTaskMachineCore
2019-06-25 10:17 - 2018-10-12 09:39 - 000002212 _____ C:\WINDOWS\System32\Tasks\PDVDServ12 Task
2019-06-25 09:57 - 2019-06-13 18:04 - 000000000 ____D C:\Users\Rifka\AppData\Local\CrashDumps
2019-06-23 04:33 - 2018-02-07 22:34 - 000000000 ____D C:\Program Files\rempl

==================== Files in the root of some directories ================

2018-01-30 23:17 - 2018-01-31 01:07 - 000000381 _____ () C:\Users\Rifka\AppData\Roaming\LAPTOP-KLLUT3VL.MTBF.txt
2018-01-30 23:17 - 2018-01-31 01:17 - 000001612 _____ () C:\Users\Rifka\AppData\Roaming\__AvidCloudManager.log
2018-01-30 23:17 - 2018-01-30 23:17 - 000001610 _____ () C:\Users\Rifka\AppData\Roaming\__AvidCloudManagerPrevious.log
2018-01-31 01:09 - 2018-01-31 01:09 - 000003584 _____ () C:\Users\Rifka\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
2019-04-01 10:53 - 2019-04-01 10:53 - 000000000 _____ () C:\Users\Rifka\AppData\Local\{8BE4CA16-7CD1-4252-8715-13F7CB39C32A}

==================== FLock ================

2018-10-15 14:12 C:\OSRSS

==================== SigCheck ===============================

(There is no automatic fix for files that do not pass verification.)


BCD (recoveryenabled=No -> recoveryenabled=Yes) <==== restored successfully
==================== End of FRST.txt ============================
Attached Files
File Type: txt Addition.txt (43.5 KB, 7 views)
BraunR is offline  
Sponsored Links
Advertisement
 
Old 07-28-2019, 12:14 AM   #2
Security Team
Moderator
 
Join Date: Jan 2011
Location: Bulgaria
Posts: 152
OS: win 10 Pro 1903



Hi, Welcome to the TSF Malware Removal forum...!


Please go to Virustotal

Navigate to the below file:


Quote:
C:\WINDOWS\lc45fvm58jd
Press Submit - this will submit the file for testing.
Please wait for all the scanners to finish then copy and paste the permalink (web address) in your next response.


====================================================



Run CKScanner
  1. Please download CKScanner from here
  2. Important: - Save it to your Desktop.
  3. Double-click CKScanner.exe and click Search For Files.
  4. After a very short time, when the cursor hourglass disappears, click Save List To File.
  5. A message box will verify the file saved.
  6. Double-click the CKFiles.txt icon on your Desktop and copy/paste the contents in your next reply.


======================================================


Scanning with SecurityCheck by glax24

  • Download SecurityCheck by glax24 from here and remember the tool on the desktop.
  • Run the program right-click the administrator name
  • Wait for the scan to finish. It will open in a text file named SecurityType.txt. Copy the contents of this file to your next post
  • You can find this file in the root of the system disk in a folder called SecurityCheck, C: \\ SecurityCheck \\ SecurityCheck.txt
icotonev is offline  
Old 07-28-2019, 06:31 PM   #3
Registered Member
 
Join Date: May 2019
Posts: 25
OS:



Hi,

Many thanks for your quick reply!!!

Following find my scans..

1.
htps://www.virustotal.com/gui/home/upload

I omitted one t https in case it has any virus.

2.
CKScanner 2.5 - Additional Security Risks - These are not necessarily bad
c:\program files\kmspico\devcomponents.dotnetbar2.dll
c:\program files\kmspico\unins000.dat
c:\program files\kmspico\unins000.exe
c:\program files\kmspico\uninshs.exe
c:\program files\kmspico\windivert.dll
c:\program files\kmspico\windivert.sys
c:\program files\kmspico\cert\installall.cmd
c:\program files\kmspico\cert\kmscert2010\access\accessvlreg32.reg
c:\program files\kmspico\cert\kmscert2010\access\accessvlreg64.reg
c:\program files\kmspico\cert\kmscert2010\access\accessvlregwow.reg
c:\program files\kmspico\cert\kmscert2010\access\access_kms_client.oob.xrm-ms
c:\program files\kmspico\cert\kmscert2010\access\access_kms_client.pl.xrm-ms
c:\program files\kmspico\cert\kmscert2010\access\access_kms_client.ppdlic.xrm-ms
c:\program files\kmspico\cert\kmscert2010\access\access_kms_client.rac_priv.xrm-ms
c:\program files\kmspico\cert\kmscert2010\access\access_kms_client.rac_pub.xrm-ms
c:\program files\kmspico\cert\kmscert2010\access\access_mak.oob.xrm-ms
c:\program files\kmspico\cert\kmscert2010\access\access_mak.phn.xrm-ms
c:\program files\kmspico\cert\kmscert2010\access\access_mak.pl.xrm-ms
c:\program files\kmspico\cert\kmscert2010\access\access_mak.ppdlic.xrm-ms
c:\program files\kmspico\cert\kmscert2010\excel\excelvlreg32.reg
c:\program files\kmspico\cert\kmscert2010\excel\excelvlreg64.reg
c:\program files\kmspico\cert\kmscert2010\excel\excelvlregwow.reg
c:\program files\kmspico\cert\kmscert2010\excel\excel_kms_client.oob.xrm-ms
c:\program files\kmspico\cert\kmscert2010\excel\excel_kms_client.pl.xrm-ms
c:\program files\kmspico\cert\kmscert2010\excel\excel_kms_client.ppdlic.xrm-ms
c:\program files\kmspico\cert\kmscert2010\excel\excel_kms_client.rac_priv.xrm-ms
c:\program files\kmspico\cert\kmscert2010\excel\excel_kms_client.rac_pub.xrm-ms
c:\program files\kmspico\cert\kmscert2010\excel\excel_mak.oob.xrm-ms
c:\program files\kmspico\cert\kmscert2010\excel\excel_mak.phn.xrm-ms
c:\program files\kmspico\cert\kmscert2010\excel\excel_mak.pl.xrm-ms
c:\program files\kmspico\cert\kmscert2010\excel\excel_mak.ppdlic.xrm-ms
c:\program files\kmspico\cert\kmscert2010\groove\groovevlreg32.reg
c:\program files\kmspico\cert\kmscert2010\groove\groovevlreg64.reg
c:\program files\kmspico\cert\kmscert2010\groove\groovevlregwow.reg
c:\program files\kmspico\cert\kmscert2010\groove\groove_kms_client.oob.xrm-ms
c:\program files\kmspico\cert\kmscert2010\groove\groove_kms_client.pl.xrm-ms
c:\program files\kmspico\cert\kmscert2010\groove\groove_kms_client.ppdlic.xrm-ms
c:\program files\kmspico\cert\kmscert2010\groove\groove_kms_client.rac_priv.xrm-ms
c:\program files\kmspico\cert\kmscert2010\groove\groove_kms_client.rac_pub.xrm-ms
c:\program files\kmspico\cert\kmscert2010\groove\groove_mak.oob.xrm-ms
c:\program files\kmspico\cert\kmscert2010\groove\groove_mak.phn.xrm-ms
c:\program files\kmspico\cert\kmscert2010\groove\groove_mak.pl.xrm-ms
c:\program files\kmspico\cert\kmscert2010\groove\groove_mak.ppdlic.xrm-ms
c:\program files\kmspico\cert\kmscert2010\infopath\infopathvlreg32.reg
c:\program files\kmspico\cert\kmscert2010\infopath\infopathvlreg64.reg
c:\program files\kmspico\cert\kmscert2010\infopath\infopathvlregwow.reg
c:\program files\kmspico\cert\kmscert2010\infopath\infopath_kms_client.oob.xrm-ms
c:\program files\kmspico\cert\kmscert2010\infopath\infopath_kms_client.pl.xrm-ms
c:\program files\kmspico\cert\kmscert2010\infopath\infopath_kms_client.ppdlic.xrm-ms
c:\program files\kmspico\cert\kmscert2010\infopath\infopath_kms_client.rac_priv.xrm-ms
c:\program files\kmspico\cert\kmscert2010\infopath\infopath_kms_client.rac_pub.xrm-ms
c:\program files\kmspico\cert\kmscert2010\infopath\infopath_mak.oob.xrm-ms
c:\program files\kmspico\cert\kmscert2010\infopath\infopath_mak.phn.xrm-ms
c:\program files\kmspico\cert\kmscert2010\infopath\infopath_mak.pl.xrm-ms
c:\program files\kmspico\cert\kmscert2010\infopath\infopath_mak.ppdlic.xrm-ms
c:\program files\kmspico\cert\kmscert2010\onenote\onenotevlreg32.reg
c:\program files\kmspico\cert\kmscert2010\onenote\onenotevlreg64.reg
c:\program files\kmspico\cert\kmscert2010\onenote\onenotevlregwow.reg
c:\program files\kmspico\cert\kmscert2010\onenote\onenote_kms_client.oob.xrm-ms
c:\program files\kmspico\cert\kmscert2010\onenote\onenote_kms_client.pl.xrm-ms
c:\program files\kmspico\cert\kmscert2010\onenote\onenote_kms_client.ppdlic.xrm-ms
c:\program files\kmspico\cert\kmscert2010\onenote\onenote_kms_client.rac_priv.xrm-ms
c:\program files\kmspico\cert\kmscert2010\onenote\onenote_kms_client.rac_pub.xrm-ms
c:\program files\kmspico\cert\kmscert2010\onenote\onenote_mak.oob.xrm-ms
c:\program files\kmspico\cert\kmscert2010\onenote\onenote_mak.phn.xrm-ms
c:\program files\kmspico\cert\kmscert2010\onenote\onenote_mak.pl.xrm-ms
c:\program files\kmspico\cert\kmscert2010\onenote\onenote_mak.ppdlic.xrm-ms
c:\program files\kmspico\cert\kmscert2010\outlook\outlookvlreg32.reg
c:\program files\kmspico\cert\kmscert2010\outlook\outlookvlreg64.reg
c:\program files\kmspico\cert\kmscert2010\outlook\outlookvlregwow.reg
c:\program files\kmspico\cert\kmscert2010\outlook\outlook_kms_client.oob.xrm-ms
c:\program files\kmspico\cert\kmscert2010\outlook\outlook_kms_client.pl.xrm-ms
c:\program files\kmspico\cert\kmscert2010\outlook\outlook_kms_client.ppdlic.xrm-ms
c:\program files\kmspico\cert\kmscert2010\outlook\outlook_kms_client.rac_priv.xrm-ms
c:\program files\kmspico\cert\kmscert2010\outlook\outlook_kms_client.rac_pub.xrm-ms
c:\program files\kmspico\cert\kmscert2010\outlook\outlook_mak.oob.xrm-ms
c:\program files\kmspico\cert\kmscert2010\outlook\outlook_mak.phn.xrm-ms
c:\program files\kmspico\cert\kmscert2010\outlook\outlook_mak.pl.xrm-ms
c:\program files\kmspico\cert\kmscert2010\outlook\outlook_mak.ppdlic.xrm-ms
c:\program files\kmspico\cert\kmscert2010\powerpoint\powerpointvlreg32.reg
c:\program files\kmspico\cert\kmscert2010\powerpoint\powerpointvlreg64.reg
c:\program files\kmspico\cert\kmscert2010\powerpoint\powerpointvlregwow.reg
c:\program files\kmspico\cert\kmscert2010\powerpoint\powerpoint_kms_client.oob.xrm-ms
c:\program files\kmspico\cert\kmscert2010\powerpoint\powerpoint_kms_client.pl.xrm-ms
c:\program files\kmspico\cert\kmscert2010\powerpoint\powerpoint_kms_client.ppdlic.xrm-ms
c:\program files\kmspico\cert\kmscert2010\powerpoint\powerpoint_kms_client.rac_priv.xrm-ms
c:\program files\kmspico\cert\kmscert2010\powerpoint\powerpoint_kms_client.rac_pub.xrm-ms
c:\program files\kmspico\cert\kmscert2010\powerpoint\powerpoint_mak.oob.xrm-ms
c:\program files\kmspico\cert\kmscert2010\powerpoint\powerpoint_mak.phn.xrm-ms
c:\program files\kmspico\cert\kmscert2010\powerpoint\powerpoint_mak.pl.xrm-ms
c:\program files\kmspico\cert\kmscert2010\powerpoint\powerpoint_mak.ppdlic.xrm-ms
c:\program files\kmspico\cert\kmscert2010\projectpro\projectprovlreg32.reg
c:\program files\kmspico\cert\kmscert2010\projectpro\projectprovlreg64.reg
c:\program files\kmspico\cert\kmscert2010\projectpro\projectprovlregwow.reg
c:\program files\kmspico\cert\kmscert2010\projectpro\projectpro_kms_client.oob.xrm-ms
c:\program files\kmspico\cert\kmscert2010\projectpro\projectpro_kms_client.pl.xrm-ms
c:\program files\kmspico\cert\kmscert2010\projectpro\projectpro_kms_client.ppdlic.xrm-ms
c:\program files\kmspico\cert\kmscert2010\projectpro\projectpro_kms_client.rac_priv.xrm-ms
c:\program files\kmspico\cert\kmscert2010\projectpro\projectpro_kms_client.rac_pub.xrm-ms
c:\program files\kmspico\cert\kmscert2010\projectpro\projectpro_mak.oob.xrm-ms
c:\program files\kmspico\cert\kmscert2010\projectpro\projectpro_mak.phn.xrm-ms
c:\program files\kmspico\cert\kmscert2010\projectpro\projectpro_mak.pl.xrm-ms
c:\program files\kmspico\cert\kmscert2010\projectpro\projectpro_mak.ppdlic.xrm-ms
c:\program files\kmspico\cert\kmscert2010\projectstd\projectstdvlreg32.reg
c:\program files\kmspico\cert\kmscert2010\projectstd\projectstdvlreg64.reg
c:\program files\kmspico\cert\kmscert2010\projectstd\projectstdvlregwow.reg
c:\program files\kmspico\cert\kmscert2010\projectstd\projectstd_kms_client.oob.xrm-ms
c:\program files\kmspico\cert\kmscert2010\projectstd\projectstd_kms_client.pl.xrm-ms
c:\program files\kmspico\cert\kmscert2010\projectstd\projectstd_kms_client.ppdlic.xrm-ms
c:\program files\kmspico\cert\kmscert2010\projectstd\projectstd_kms_client.rac_priv.xrm-ms
c:\program files\kmspico\cert\kmscert2010\projectstd\projectstd_kms_client.rac_pub.xrm-ms
c:\program files\kmspico\cert\kmscert2010\projectstd\projectstd_mak.oob.xrm-ms
c:\program files\kmspico\cert\kmscert2010\projectstd\projectstd_mak.phn.xrm-ms
c:\program files\kmspico\cert\kmscert2010\projectstd\projectstd_mak.pl.xrm-ms
c:\program files\kmspico\cert\kmscert2010\projectstd\projectstd_mak.ppdlic.xrm-ms
c:\program files\kmspico\cert\kmscert2010\projectstd\projectstd_mak2.oob.xrm-ms
c:\program files\kmspico\cert\kmscert2010\projectstd\projectstd_mak2.phn.xrm-ms
c:\program files\kmspico\cert\kmscert2010\projectstd\projectstd_mak2.pl.xrm-ms
c:\program files\kmspico\cert\kmscert2010\projectstd\projectstd_mak2.ppdlic.xrm-ms
c:\program files\kmspico\cert\kmscert2010\proplus\proplusacad_mak.oob.xrm-ms
c:\program files\kmspico\cert\kmscert2010\proplus\proplusacad_mak.phn.xrm-ms
c:\program files\kmspico\cert\kmscert2010\proplus\proplusacad_mak.pl.xrm-ms
c:\program files\kmspico\cert\kmscert2010\proplus\proplusacad_mak.ppdlic.xrm-ms
c:\program files\kmspico\cert\kmscert2010\proplus\proplusvlreg32.reg
c:\program files\kmspico\cert\kmscert2010\proplus\proplusvlreg64.reg
c:\program files\kmspico\cert\kmscert2010\proplus\proplusvlregwow.reg
c:\program files\kmspico\cert\kmscert2010\proplus\proplus_kms_client.oob.xrm-ms
c:\program files\kmspico\cert\kmscert2010\proplus\proplus_kms_client.pl.xrm-ms
c:\program files\kmspico\cert\kmscert2010\proplus\proplus_kms_client.ppdlic.xrm-ms
c:\program files\kmspico\cert\kmscert2010\proplus\proplus_kms_client.rac_priv.xrm-ms
c:\program files\kmspico\cert\kmscert2010\proplus\proplus_kms_client.rac_pub.xrm-ms
c:\program files\kmspico\cert\kmscert2010\proplus\proplus_mak.oob.xrm-ms
c:\program files\kmspico\cert\kmscert2010\proplus\proplus_mak.phn.xrm-ms
c:\program files\kmspico\cert\kmscert2010\proplus\proplus_mak.pl.xrm-ms
c:\program files\kmspico\cert\kmscert2010\proplus\proplus_mak.ppdlic.xrm-ms
c:\program files\kmspico\cert\kmscert2010\publisher\publishervlreg32.reg
c:\program files\kmspico\cert\kmscert2010\publisher\publishervlreg64.reg
c:\program files\kmspico\cert\kmscert2010\publisher\publishervlregwow.reg
c:\program files\kmspico\cert\kmscert2010\publisher\publisher_kms_client.oob.xrm-ms
c:\program files\kmspico\cert\kmscert2010\publisher\publisher_kms_client.pl.xrm-ms
c:\program files\kmspico\cert\kmscert2010\publisher\publisher_kms_client.ppdlic.xrm-ms
c:\program files\kmspico\cert\kmscert2010\publisher\publisher_kms_client.rac_priv.xrm-ms
c:\program files\kmspico\cert\kmscert2010\publisher\publisher_kms_client.rac_pub.xrm-ms
c:\program files\kmspico\cert\kmscert2010\publisher\publisher_mak.oob.xrm-ms
c:\program files\kmspico\cert\kmscert2010\publisher\publisher_mak.phn.xrm-ms
c:\program files\kmspico\cert\kmscert2010\publisher\publisher_mak.pl.xrm-ms
c:\program files\kmspico\cert\kmscert2010\publisher\publisher_mak.ppdlic.xrm-ms
c:\program files\kmspico\cert\kmscert2010\smallbusbasics\smallbusbasicsvlreg32.reg
c:\program files\kmspico\cert\kmscert2010\smallbusbasics\smallbusbasicsvlreg64.reg
c:\program files\kmspico\cert\kmscert2010\smallbusbasics\smallbusbasicsvlregwow.reg
c:\program files\kmspico\cert\kmscert2010\smallbusbasics\smallbusbasics_kms_client.oob.xrm-ms
c:\program files\kmspico\cert\kmscert2010\smallbusbasics\smallbusbasics_kms_client.pl.xrm-ms
c:\program files\kmspico\cert\kmscert2010\smallbusbasics\smallbusbasics_kms_client.ppdlic.xrm-ms
c:\program files\kmspico\cert\kmscert2010\smallbusbasics\smallbusbasics_kms_client.rac_priv.xrm-ms
c:\program files\kmspico\cert\kmscert2010\smallbusbasics\smallbusbasics_kms_client.rac_pub.xrm-ms
c:\program files\kmspico\cert\kmscert2010\smallbusbasics\smallbusbasics_mak.oob.xrm-ms
c:\program files\kmspico\cert\kmscert2010\smallbusbasics\smallbusbasics_mak.phn.xrm-ms
c:\program files\kmspico\cert\kmscert2010\smallbusbasics\smallbusbasics_mak.pl.xrm-ms
c:\program files\kmspico\cert\kmscert2010\smallbusbasics\smallbusbasics_mak.ppdlic.xrm-ms
c:\program files\kmspico\cert\kmscert2010\standard\standardacad_mak.oob.xrm-ms
c:\program files\kmspico\cert\kmscert2010\standard\standardacad_mak.phn.xrm-ms
c:\program files\kmspico\cert\kmscert2010\standard\standardacad_mak.pl.xrm-ms
c:\program files\kmspico\cert\kmscert2010\standard\standardacad_mak.ppdlic.xrm-ms
c:\program files\kmspico\cert\kmscert2010\standard\standardvlreg32.reg
c:\program files\kmspico\cert\kmscert2010\standard\standardvlreg64.reg
c:\program files\kmspico\cert\kmscert2010\standard\standardvlregwow.reg
c:\program files\kmspico\cert\kmscert2010\standard\standard_kms_client.oob.xrm-ms
c:\program files\kmspico\cert\kmscert2010\standard\standard_kms_client.pl.xrm-ms
c:\program files\kmspico\cert\kmscert2010\standard\standard_kms_client.ppdlic.xrm-ms
c:\program files\kmspico\cert\kmscert2010\standard\standard_kms_client.rac_priv.xrm-ms
c:\program files\kmspico\cert\kmscert2010\standard\standard_kms_client.rac_pub.xrm-ms
c:\program files\kmspico\cert\kmscert2010\standard\standard_mak.oob.xrm-ms
c:\program files\kmspico\cert\kmscert2010\standard\standard_mak.phn.xrm-ms
c:\program files\kmspico\cert\kmscert2010\standard\standard_mak.pl.xrm-ms
c:\program files\kmspico\cert\kmscert2010\standard\standard_mak.ppdlic.xrm-ms
c:\program files\kmspico\cert\kmscert2010\visio\visioprem_kms_client.oob.xrm-ms
c:\program files\kmspico\cert\kmscert2010\visio\visioprem_kms_client.pl.xrm-ms
c:\program files\kmspico\cert\kmscert2010\visio\visioprem_kms_client.ppdlic.xrm-ms
c:\program files\kmspico\cert\kmscert2010\visio\visioprem_kms_client.rac_priv.xrm-ms
c:\program files\kmspico\cert\kmscert2010\visio\visioprem_kms_client.rac_pub.xrm-ms
c:\program files\kmspico\cert\kmscert2010\visio\visioprem_mak.oob.xrm-ms
c:\program files\kmspico\cert\kmscert2010\visio\visioprem_mak.phn.xrm-ms
c:\program files\kmspico\cert\kmscert2010\visio\visioprem_mak.pl.xrm-ms
c:\program files\kmspico\cert\kmscert2010\visio\visioprem_mak.ppdlic.xrm-ms
c:\program files\kmspico\cert\kmscert2010\visio\visiopro_kms_client.oob.xrm-ms
c:\program files\kmspico\cert\kmscert2010\visio\visiopro_kms_client.pl.xrm-ms
c:\program files\kmspico\cert\kmscert2010\visio\visiopro_kms_client.ppdlic.xrm-ms
c:\program files\kmspico\cert\kmscert2010\visio\visiopro_kms_client.rac_priv.xrm-ms
c:\program files\kmspico\cert\kmscert2010\visio\visiopro_kms_client.rac_pub.xrm-ms
c:\program files\kmspico\cert\kmscert2010\visio\visiopro_mak.oob.xrm-ms
c:\program files\kmspico\cert\kmscert2010\visio\visiopro_mak.phn.xrm-ms
c:\program files\kmspico\cert\kmscert2010\visio\visiopro_mak.pl.xrm-ms
c:\program files\kmspico\cert\kmscert2010\visio\visiopro_mak.ppdlic.xrm-ms
c:\program files\kmspico\cert\kmscert2010\visio\visiostd_kms_client.oob.xrm-ms
c:\program files\kmspico\cert\kmscert2010\visio\visiostd_kms_client.pl.xrm-ms
c:\program files\kmspico\cert\kmscert2010\visio\visiostd_kms_client.ppdlic.xrm-ms
c:\program files\kmspico\cert\kmscert2010\visio\visiostd_kms_client.rac_priv.xrm-ms
c:\program files\kmspico\cert\kmscert2010\visio\visiostd_kms_client.rac_pub.xrm-ms
c:\program files\kmspico\cert\kmscert2010\visio\visiostd_mak.oob.xrm-ms
c:\program files\kmspico\cert\kmscert2010\visio\visiostd_mak.phn.xrm-ms
c:\program files\kmspico\cert\kmscert2010\visio\visiostd_mak.pl.xrm-ms
c:\program files\kmspico\cert\kmscert2010\visio\visiostd_mak.ppdlic.xrm-ms
c:\program files\kmspico\cert\kmscert2010\visio\visiovlreg32.reg
c:\program files\kmspico\cert\kmscert2010\visio\visiovlreg64.reg
c:\program files\kmspico\cert\kmscert2010\visio\visiovlregwow.reg
c:\program files\kmspico\cert\kmscert2010\word\wordvlreg32.reg
c:\program files\kmspico\cert\kmscert2010\word\wordvlreg64.reg
c:\program files\kmspico\cert\kmscert2010\word\wordvlregwow.reg
c:\program files\kmspico\cert\kmscert2010\word\word_kms_client.oob.xrm-ms
c:\program files\kmspico\cert\kmscert2010\word\word_kms_client.pl.xrm-ms
c:\program files\kmspico\cert\kmscert2010\word\word_kms_client.ppdlic.xrm-ms
c:\program files\kmspico\cert\kmscert2010\word\word_kms_client.rac_priv.xrm-ms
c:\program files\kmspico\cert\kmscert2010\word\word_kms_client.rac_pub.xrm-ms
c:\program files\kmspico\cert\kmscert2010\word\word_mak.oob.xrm-ms
c:\program files\kmspico\cert\kmscert2010\word\word_mak.phn.xrm-ms
c:\program files\kmspico\cert\kmscert2010\word\word_mak.pl.xrm-ms
c:\program files\kmspico\cert\kmscert2010\word\word_mak.ppdlic.xrm-ms
c:\program files\kmspico\cert\kmscert2013\access\licenses.sl.issuance.client_bridge_office.xrm-ms
c:\program files\kmspico\cert\kmscert2013\access\licenses.sl.issuance.client_root.xrm-ms
c:\program files\kmspico\cert\kmscert2013\access\licenses.sl.issuance.client_root_bridge_test.xrm-ms
c:\program files\kmspico\cert\kmscert2013\access\licenses.sl.issuance.client_stil.xrm-ms
c:\program files\kmspico\cert\kmscert2013\access\licenses.sl.issuance.client_ul.xrm-ms
c:\program files\kmspico\cert\kmscert2013\access\licenses.sl.issuance.client_ul_oob.xrm-ms
c:\program files\kmspico\cert\kmscert2013\access\licenses.sl.pkeyconfig.signed.xrm-ms
c:\program files\kmspico\cert\kmscert2013\access\licensesetdata._4374022d_56b8_48c1_9bb7_d8f2fc726343.oob.xrm-ms
c:\program files\kmspico\cert\kmscert2013\access\licensesetdata._4374022d_56b8_48c1_9bb7_d8f2fc726343.phn.xrm-ms
c:\program files\kmspico\cert\kmscert2013\access\licensesetdata._4374022d_56b8_48c1_9bb7_d8f2fc726343.pl.xrm-ms
c:\program files\kmspico\cert\kmscert2013\access\licensesetdata._4374022d_56b8_48c1_9bb7_d8f2fc726343.ppdlic.xrm-ms
c:\program files\kmspico\cert\kmscert2013\access\licensesetdata._6ee7622c_18d8_4005_9fb7_92db644a279b.oob.xrm-ms
c:\program files\kmspico\cert\kmscert2013\access\licensesetdata._6ee7622c_18d8_4005_9fb7_92db644a279b.pl.xrm-ms
c:\program files\kmspico\cert\kmscert2013\access\licensesetdata._6ee7622c_18d8_4005_9fb7_92db644a279b.ppdlic.xrm-ms
c:\program files\kmspico\cert\kmscert2013\excel\licenses.sl.issuance.client_bridge_office.xrm-ms
c:\program files\kmspico\cert\kmscert2013\excel\licenses.sl.issuance.client_root.xrm-ms
c:\program files\kmspico\cert\kmscert2013\excel\licenses.sl.issuance.client_root_bridge_test.xrm-ms
c:\program files\kmspico\cert\kmscert2013\excel\licenses.sl.issuance.client_stil.xrm-ms
c:\program files\kmspico\cert\kmscert2013\excel\licenses.sl.issuance.client_ul.xrm-ms
c:\program files\kmspico\cert\kmscert2013\excel\licenses.sl.issuance.client_ul_oob.xrm-ms
c:\program files\kmspico\cert\kmscert2013\excel\licenses.sl.pkeyconfig.signed.xrm-ms
c:\program files\kmspico\cert\kmscert2013\excel\licensesetdata._ac1ae7fd_b949_4e04_a330_849bc40638cf.oob.xrm-ms
c:\program files\kmspico\cert\kmscert2013\excel\licensesetdata._ac1ae7fd_b949_4e04_a330_849bc40638cf.phn.xrm-ms
c:\program files\kmspico\cert\kmscert2013\excel\licensesetdata._ac1ae7fd_b949_4e04_a330_849bc40638cf.pl.xrm-ms
c:\program files\kmspico\cert\kmscert2013\excel\licensesetdata._ac1ae7fd_b949_4e04_a330_849bc40638cf.ppdlic.xrm-ms
c:\program files\kmspico\cert\kmscert2013\excel\licensesetdata._f7461d52_7c2b_43b2_8744_ea958e0bd09a.oob.xrm-ms
c:\program files\kmspico\cert\kmscert2013\excel\licensesetdata._f7461d52_7c2b_43b2_8744_ea958e0bd09a.pl.xrm-ms
c:\program files\kmspico\cert\kmscert2013\excel\licensesetdata._f7461d52_7c2b_43b2_8744_ea958e0bd09a.ppdlic.xrm-ms
c:\program files\kmspico\cert\kmscert2013\infopath\licenses.sl.issuance.client_bridge_office.xrm-ms
c:\program files\kmspico\cert\kmscert2013\infopath\licenses.sl.issuance.client_root.xrm-ms
c:\program files\kmspico\cert\kmscert2013\infopath\licenses.sl.issuance.client_root_bridge_test.xrm-ms
c:\program files\kmspico\cert\kmscert2013\infopath\licenses.sl.issuance.client_stil.xrm-ms
c:\program files\kmspico\cert\kmscert2013\infopath\licenses.sl.issuance.client_ul.xrm-ms
c:\program files\kmspico\cert\kmscert2013\infopath\licenses.sl.issuance.client_ul_oob.xrm-ms
c:\program files\kmspico\cert\kmscert2013\infopath\licenses.sl.pkeyconfig.signed.xrm-ms
c:\program files\kmspico\cert\kmscert2013\infopath\licensesetdata._9e016989_4007_42a6_8051_64eb97110cf2.oob.xrm-ms
c:\program files\kmspico\cert\kmscert2013\infopath\licensesetdata._9e016989_4007_42a6_8051_64eb97110cf2.phn.xrm-ms
c:\program files\kmspico\cert\kmscert2013\infopath\licensesetdata._9e016989_4007_42a6_8051_64eb97110cf2.pl.xrm-ms
c:\program files\kmspico\cert\kmscert2013\infopath\licensesetdata._9e016989_4007_42a6_8051_64eb97110cf2.ppdlic.xrm-ms
c:\program files\kmspico\cert\kmscert2013\infopath\licensesetdata._a30b8040_d68a_423f_b0b5_9ce292ea5a8f.oob.xrm-ms
c:\program files\kmspico\cert\kmscert2013\infopath\licensesetdata._a30b8040_d68a_423f_b0b5_9ce292ea5a8f.pl.xrm-ms
c:\program files\kmspico\cert\kmscert2013\infopath\licensesetdata._a30b8040_d68a_423f_b0b5_9ce292ea5a8f.ppdlic.xrm-ms
c:\program files\kmspico\cert\kmscert2013\lync\licenses.sl.issuance.client_bridge_office.xrm-ms
c:\program files\kmspico\cert\kmscert2013\lync\licenses.sl.issuance.client_root.xrm-ms
c:\program files\kmspico\cert\kmscert2013\lync\licenses.sl.issuance.client_root_bridge_test.xrm-ms
c:\program files\kmspico\cert\kmscert2013\lync\licenses.sl.issuance.client_stil.xrm-ms
c:\program files\kmspico\cert\kmscert2013\lync\licenses.sl.issuance.client_ul.xrm-ms
c:\program files\kmspico\cert\kmscert2013\lync\licenses.sl.issuance.client_ul_oob.xrm-ms
c:\program files\kmspico\cert\kmscert2013\lync\licenses.sl.pkeyconfig.signed.xrm-ms
c:\program files\kmspico\cert\kmscert2013\lync\licensesetdata._1b9f11e3_c85c_4e1b_bb29_879ad2c909e3.oob.xrm-ms
c:\program files\kmspico\cert\kmscert2013\lync\licensesetdata._1b9f11e3_c85c_4e1b_bb29_879ad2c909e3.pl.xrm-ms
c:\program files\kmspico\cert\kmscert2013\lync\licensesetdata._1b9f11e3_c85c_4e1b_bb29_879ad2c909e3.ppdlic.xrm-ms
c:\program files\kmspico\cert\kmscert2013\lync\licensesetdata._e1264e10_afaf_4439_a98b_256df8bb156f.oob.xrm-ms
c:\program files\kmspico\cert\kmscert2013\lync\licensesetdata._e1264e10_afaf_4439_a98b_256df8bb156f.phn.xrm-ms
c:\program files\kmspico\cert\kmscert2013\lync\licensesetdata._e1264e10_afaf_4439_a98b_256df8bb156f.pl.xrm-ms
c:\program files\kmspico\cert\kmscert2013\lync\licensesetdata._e1264e10_afaf_4439_a98b_256df8bb156f.ppdlic.xrm-ms
c:\program files\kmspico\cert\kmscert2013\onenote\licenses.sl.issuance.client_bridge_office.xrm-ms
c:\program files\kmspico\cert\kmscert2013\onenote\licenses.sl.issuance.client_root.xrm-ms
c:\program files\kmspico\cert\kmscert2013\onenote\licenses.sl.issuance.client_root_bridge_test.xrm-ms
c:\program files\kmspico\cert\kmscert2013\onenote\licenses.sl.issuance.client_stil.xrm-ms
c:\program files\kmspico\cert\kmscert2013\onenote\licenses.sl.issuance.client_ul.xrm-ms
c:\program files\kmspico\cert\kmscert2013\onenote\licenses.sl.issuance.client_ul_oob.xrm-ms
c:\program files\kmspico\cert\kmscert2013\onenote\licenses.sl.pkeyconfig.signed.xrm-ms
c:\program files\kmspico\cert\kmscert2013\onenote\licensesetdata._b067e965_7521_455b_b9f7_c740204578a2.oob.xrm-ms
c:\program files\kmspico\cert\kmscert2013\onenote\licensesetdata._b067e965_7521_455b_b9f7_c740204578a2.phn.xrm-ms
c:\program files\kmspico\cert\kmscert2013\onenote\licensesetdata._b067e965_7521_455b_b9f7_c740204578a2.pl.xrm-ms
c:\program files\kmspico\cert\kmscert2013\onenote\licensesetdata._b067e965_7521_455b_b9f7_c740204578a2.ppdlic.xrm-ms
c:\program files\kmspico\cert\kmscert2013\onenote\licensesetdata._efe1f3e6_aea2_4144_a208_32aa872b6545.oob.xrm-ms
c:\program files\kmspico\cert\kmscert2013\onenote\licensesetdata._efe1f3e6_aea2_4144_a208_32aa872b6545.pl.xrm-ms
c:\program files\kmspico\cert\kmscert2013\onenote\licensesetdata._efe1f3e6_aea2_4144_a208_32aa872b6545.ppdlic.xrm-ms
c:\program files\kmspico\cert\kmscert2013\outlook\licenses.sl.issuance.client_bridge_office.xrm-ms
c:\program files\kmspico\cert\kmscert2013\outlook\licenses.sl.issuance.client_root.xrm-ms
c:\program files\kmspico\cert\kmscert2013\outlook\licenses.sl.issuance.client_root_bridge_test.xrm-ms
c:\program files\kmspico\cert\kmscert2013\outlook\licenses.sl.issuance.client_stil.xrm-ms
c:\program files\kmspico\cert\kmscert2013\outlook\licenses.sl.issuance.client_ul.xrm-ms
c:\program files\kmspico\cert\kmscert2013\outlook\licenses.sl.issuance.client_ul_oob.xrm-ms
c:\program files\kmspico\cert\kmscert2013\outlook\licenses.sl.pkeyconfig.signed.xrm-ms
c:\program files\kmspico\cert\kmscert2013\outlook\licensesetdata._771c3afa_50c5_443f_b151_ff2546d863a0.oob.xrm-ms
c:\program files\kmspico\cert\kmscert2013\outlook\licensesetdata._771c3afa_50c5_443f_b151_ff2546d863a0.pl.xrm-ms
c:\program files\kmspico\cert\kmscert2013\outlook\licensesetdata._771c3afa_50c5_443f_b151_ff2546d863a0.ppdlic.xrm-ms
c:\program files\kmspico\cert\kmscert2013\outlook\licensesetdata._8d577c50_ae5e_47fd_a240_24986f73d503.oob.xrm-ms
c:\program files\kmspico\cert\kmscert2013\outlook\licensesetdata._8d577c50_ae5e_47fd_a240_24986f73d503.phn.xrm-ms
c:\program files\kmspico\cert\kmscert2013\outlook\licensesetdata._8d577c50_ae5e_47fd_a240_24986f73d503.pl.xrm-ms
c:\program files\kmspico\cert\kmscert2013\outlook\licensesetdata._8d577c50_ae5e_47fd_a240_24986f73d503.ppdlic.xrm-ms
c:\program files\kmspico\cert\kmscert2013\powerpoint\licenses.sl.issuance.client_bridge_office.xrm-ms
c:\program files\kmspico\cert\kmscert2013\powerpoint\licenses.sl.issuance.client_root.xrm-ms
c:\program files\kmspico\cert\kmscert2013\powerpoint\licenses.sl.issuance.client_root_bridge_test.xrm-ms
c:\program files\kmspico\cert\kmscert2013\powerpoint\licenses.sl.issuance.client_stil.xrm-ms
c:\program files\kmspico\cert\kmscert2013\powerpoint\licenses.sl.issuance.client_ul.xrm-ms
c:\program files\kmspico\cert\kmscert2013\powerpoint\licenses.sl.issuance.client_ul_oob.xrm-ms
c:\program files\kmspico\cert\kmscert2013\powerpoint\licenses.sl.pkeyconfig.signed.xrm-ms
c:\program files\kmspico\cert\kmscert2013\powerpoint\licensesetdata._8c762649_97d1_4953_ad27_b7e2c25b972e.oob.xrm-ms
c:\program files\kmspico\cert\kmscert2013\powerpoint\licensesetdata._8c762649_97d1_4953_ad27_b7e2c25b972e.pl.xrm-ms
c:\program files\kmspico\cert\kmscert2013\powerpoint\licensesetdata._8c762649_97d1_4953_ad27_b7e2c25b972e.ppdlic.xrm-ms
c:\program files\kmspico\cert\kmscert2013\powerpoint\licensesetdata._e40dcb44_1d5c_4085_8e8f_943f33c4f004.oob.xrm-ms
c:\program files\kmspico\cert\kmscert2013\powerpoint\licensesetdata._e40dcb44_1d5c_4085_8e8f_943f33c4f004.phn.xrm-ms
c:\program files\kmspico\cert\kmscert2013\powerpoint\licensesetdata._e40dcb44_1d5c_4085_8e8f_943f33c4f004.pl.xrm-ms
c:\program files\kmspico\cert\kmscert2013\powerpoint\licensesetdata._e40dcb44_1d5c_4085_8e8f_943f33c4f004.ppdlic.xrm-ms
c:\program files\kmspico\cert\kmscert2013\projectpro\licenses.sl.issuance.client_bridge_office.xrm-ms
c:\program files\kmspico\cert\kmscert2013\projectpro\licenses.sl.issuance.client_root.xrm-ms
c:\program files\kmspico\cert\kmscert2013\projectpro\licenses.sl.issuance.client_root_bridge_test.xrm-ms
c:\program files\kmspico\cert\kmscert2013\projectpro\licenses.sl.issuance.client_stil.xrm-ms
c:\program files\kmspico\cert\kmscert2013\projectpro\licenses.sl.issuance.client_ul.xrm-ms
c:\program files\kmspico\cert\kmscert2013\projectpro\licenses.sl.issuance.client_ul_oob.xrm-ms
c:\program files\kmspico\cert\kmscert2013\projectpro\licenses.sl.pkeyconfig.signed.xrm-ms
c:\program files\kmspico\cert\kmscert2013\projectpro\licensesetdata._4a5d124a_e620_44ba_b6ff_658961b33b9a.oob.xrm-ms
c:\program files\kmspico\cert\kmscert2013\projectpro\licensesetdata._4a5d124a_e620_44ba_b6ff_658961b33b9a.pl.xrm-ms
c:\program files\kmspico\cert\kmscert2013\projectpro\licensesetdata._4a5d124a_e620_44ba_b6ff_658961b33b9a.ppdlic.xrm-ms
c:\program files\kmspico\cert\kmscert2013\projectpro\licensesetdata._ed34dc89_1c27_4ecd_8b2f_63d0f4cedc32.oob.xrm-ms
c:\program files\kmspico\cert\kmscert2013\projectpro\licensesetdata._ed34dc89_1c27_4ecd_8b2f_63d0f4cedc32.phn.xrm-ms
c:\program files\kmspico\cert\kmscert2013\projectpro\licensesetdata._ed34dc89_1c27_4ecd_8b2f_63d0f4cedc32.pl.xrm-ms
c:\program files\kmspico\cert\kmscert2013\projectpro\licensesetdata._ed34dc89_1c27_4ecd_8b2f_63d0f4cedc32.ppdlic.xrm-ms
c:\program files\kmspico\cert\kmscert2013\projectstd\licenses.sl.issuance.client_bridge_office.xrm-ms
c:\program files\kmspico\cert\kmscert2013\projectstd\licenses.sl.issuance.client_root.xrm-ms
c:\program files\kmspico\cert\kmscert2013\projectstd\licenses.sl.issuance.client_root_bridge_test.xrm-ms
c:\program files\kmspico\cert\kmscert2013\projectstd\licenses.sl.issuance.client_stil.xrm-ms
c:\program files\kmspico\cert\kmscert2013\projectstd\licenses.sl.issuance.client_ul.xrm-ms
c:\program files\kmspico\cert\kmscert2013\projectstd\licenses.sl.issuance.client_ul_oob.xrm-ms
c:\program files\kmspico\cert\kmscert2013\projectstd\licenses.sl.pkeyconfig.signed.xrm-ms
c:\program files\kmspico\cert\kmscert2013\projectstd\licensesetdata._2b9e4a37_6230_4b42_bee2_e25ce86c8c7a.oob.xrm-ms
c:\program files\kmspico\cert\kmscert2013\projectstd\licensesetdata._2b9e4a37_6230_4b42_bee2_e25ce86c8c7a.phn.xrm-ms
c:\program files\kmspico\cert\kmscert2013\projectstd\licensesetdata._2b9e4a37_6230_4b42_bee2_e25ce86c8c7a.pl.xrm-ms
c:\program files\kmspico\cert\kmscert2013\projectstd\licensesetdata._2b9e4a37_6230_4b42_bee2_e25ce86c8c7a.ppdlic.xrm-ms
c:\program files\kmspico\cert\kmscert2013\projectstd\licensesetdata._427a28d1_d17c_4abf_b717_32c780ba6f07.oob.xrm-ms
c:\program files\kmspico\cert\kmscert2013\projectstd\licensesetdata._427a28d1_d17c_4abf_b717_32c780ba6f07.pl.xrm-ms
c:\program files\kmspico\cert\kmscert2013\projectstd\licensesetdata._427a28d1_d17c_4abf_b717_32c780ba6f07.ppdlic.xrm-ms
c:\program files\kmspico\cert\kmscert2013\proplus\licenses.sl.issuance.client_bridge_office.xrm-ms
c:\program files\kmspico\cert\kmscert2013\proplus\licenses.sl.issuance.client_root.xrm-ms
c:\program files\kmspico\cert\kmscert2013\proplus\licenses.sl.issuance.client_root_bridge_test.xrm-ms
c:\program files\kmspico\cert\kmscert2013\proplus\licenses.sl.issuance.client_stil.xrm-ms
c:\program files\kmspico\cert\kmscert2013\proplus\licenses.sl.issuance.client_ul.xrm-ms
c:\program files\kmspico\cert\kmscert2013\proplus\licenses.sl.issuance.client_ul_oob.xrm-ms
c:\program files\kmspico\cert\kmscert2013\proplus\licenses.sl.pkeyconfig.signed.xrm-ms
c:\program files\kmspico\cert\kmscert2013\proplus\licensesetdata._2b88c4f2_ea8f_43cd_805e_4d41346e18a7.oob.xrm-ms
c:\program files\kmspico\cert\kmscert2013\proplus\licensesetdata._2b88c4f2_ea8f_43cd_805e_4d41346e18a7.phn.xrm-ms
c:\program files\kmspico\cert\kmscert2013\proplus\licensesetdata._2b88c4f2_ea8f_43cd_805e_4d41346e18a7.pl.xrm-ms
c:\program files\kmspico\cert\kmscert2013\proplus\licensesetdata._2b88c4f2_ea8f_43cd_805e_4d41346e18a7.ppdlic.xrm-ms
c:\program files\kmspico\cert\kmscert2013\proplus\licensesetdata._b322da9c_a2e2_4058_9e4e_f59a6970bd69.oob.xrm-ms
c:\program files\kmspico\cert\kmscert2013\proplus\licensesetdata._b322da9c_a2e2_4058_9e4e_f59a6970bd69.pl.xrm-ms
c:\program files\kmspico\cert\kmscert2013\proplus\licensesetdata._b322da9c_a2e2_4058_9e4e_f59a6970bd69.ppdlic.xrm-ms
c:\program files\kmspico\cert\kmscert2013\proplus\proplus.reg
c:\program files\kmspico\cert\kmscert2013\publisher\licenses.sl.issuance.client_bridge_office.xrm-ms
c:\program files\kmspico\cert\kmscert2013\publisher\licenses.sl.issuance.client_root.xrm-ms
c:\program files\kmspico\cert\kmscert2013\publisher\licenses.sl.issuance.client_root_bridge_test.xrm-ms
c:\program files\kmspico\cert\kmscert2013\publisher\licenses.sl.issuance.client_stil.xrm-ms
c:\program files\kmspico\cert\kmscert2013\publisher\licenses.sl.issuance.client_ul.xrm-ms
c:\program files\kmspico\cert\kmscert2013\publisher\licenses.sl.issuance.client_ul_oob.xrm-ms
c:\program files\kmspico\cert\kmscert2013\publisher\licenses.sl.pkeyconfig.signed.xrm-ms
c:\program files\kmspico\cert\kmscert2013\publisher\licensesetdata._00c79ff1_6850_443d_bf61_71cde0de305f.oob.xrm-ms
c:\program files\kmspico\cert\kmscert2013\publisher\licensesetdata._00c79ff1_6850_443d_bf61_71cde0de305f.pl.xrm-ms
c:\program files\kmspico\cert\kmscert2013\publisher\licensesetdata._00c79ff1_6850_443d_bf61_71cde0de305f.ppdlic.xrm-ms
c:\program files\kmspico\cert\kmscert2013\publisher\licensesetdata._38ea49f6_ad1d_43f1_9888_99a35d7c9409.oob.xrm-ms
c:\program files\kmspico\cert\kmscert2013\publisher\licensesetdata._38ea49f6_ad1d_43f1_9888_99a35d7c9409.phn.xrm-ms
c:\program files\kmspico\cert\kmscert2013\publisher\licensesetdata._38ea49f6_ad1d_43f1_9888_99a35d7c9409.pl.xrm-ms
c:\program files\kmspico\cert\kmscert2013\publisher\licensesetdata._38ea49f6_ad1d_43f1_9888_99a35d7c9409.ppdlic.xrm-ms
c:\program files\kmspico\cert\kmscert2013\standard\licenses.sl.issuance.client_bridge_office.xrm-ms
c:\program files\kmspico\cert\kmscert2013\standard\licenses.sl.issuance.client_root.xrm-ms
c:\program files\kmspico\cert\kmscert2013\standard\licenses.sl.issuance.client_root_bridge_test.xrm-ms
c:\program files\kmspico\cert\kmscert2013\standard\licenses.sl.issuance.client_stil.xrm-ms
c:\program files\kmspico\cert\kmscert2013\standard\licenses.sl.issuance.client_ul.xrm-ms
c:\program files\kmspico\cert\kmscert2013\standard\licenses.sl.issuance.client_ul_oob.xrm-ms
c:\program files\kmspico\cert\kmscert2013\standard\licenses.sl.pkeyconfig.signed.xrm-ms
c:\program files\kmspico\cert\kmscert2013\standard\licensesetdata._a24cca51_3d54_4c41_8a76_4031f5338cb2.oob.xrm-ms
c:\program files\kmspico\cert\kmscert2013\standard\licensesetdata._a24cca51_3d54_4c41_8a76_4031f5338cb2.phn.xrm-ms
c:\program files\kmspico\cert\kmscert2013\standard\licensesetdata._a24cca51_3d54_4c41_8a76_4031f5338cb2.pl.xrm-ms
c:\program files\kmspico\cert\kmscert2013\standard\licensesetdata._a24cca51_3d54_4c41_8a76_4031f5338cb2.ppdlic.xrm-ms
c:\program files\kmspico\cert\kmscert2013\standard\licensesetdata._b13afb38_cd79_4ae5_9f7f_eed058d750ca.oob.xrm-ms
c:\program files\kmspico\cert\kmscert2013\standard\licensesetdata._b13afb38_cd79_4ae5_9f7f_eed058d750ca.pl.xrm-ms
c:\program files\kmspico\cert\kmscert2013\standard\licensesetdata._b13afb38_cd79_4ae5_9f7f_eed058d750ca.ppdlic.xrm-ms
c:\program files\kmspico\cert\kmscert2013\visiopro\licenses.sl.issuance.client_bridge_office.xrm-ms
c:\program files\kmspico\cert\kmscert2013\visiopro\licenses.sl.issuance.client_root.xrm-ms
c:\program files\kmspico\cert\kmscert2013\visiopro\licenses.sl.issuance.client_root_bridge_test.xrm-ms
c:\program files\kmspico\cert\kmscert2013\visiopro\licenses.sl.issuance.client_stil.xrm-ms
c:\program files\kmspico\cert\kmscert2013\visiopro\licenses.sl.issuance.client_ul.xrm-ms
c:\program files\kmspico\cert\kmscert2013\visiopro\licenses.sl.issuance.client_ul_oob.xrm-ms
c:\program files\kmspico\cert\kmscert2013\visiopro\licenses.sl.pkeyconfig.signed.xrm-ms
c:\program files\kmspico\cert\kmscert2013\visiopro\licensesetdata._3e4294dd_a765_49bc_8dbd_cf8b62a4bd3d.oob.xrm-ms
c:\program files\kmspico\cert\kmscert2013\visiopro\licensesetdata._3e4294dd_a765_49bc_8dbd_cf8b62a4bd3d.phn.xrm-ms
c:\program files\kmspico\cert\kmscert2013\visiopro\licensesetdata._3e4294dd_a765_49bc_8dbd_cf8b62a4bd3d.pl.xrm-ms
c:\program files\kmspico\cert\kmscert2013\visiopro\licensesetdata._3e4294dd_a765_49bc_8dbd_cf8b62a4bd3d.ppdlic.xrm-ms
c:\program files\kmspico\cert\kmscert2013\visiopro\licensesetdata._e13ac10e_75d0_4aff_a0cd_764982cf541c.oob.xrm-ms
c:\program files\kmspico\cert\kmscert2013\visiopro\licensesetdata._e13ac10e_75d0_4aff_a0cd_764982cf541c.pl.xrm-ms
c:\program files\kmspico\cert\kmscert2013\visiopro\licensesetdata._e13ac10e_75d0_4aff_a0cd_764982cf541c.ppdlic.xrm-ms
c:\program files\kmspico\cert\kmscert2013\visiopro\visio.reg
c:\program files\kmspico\cert\kmscert2013\visiostd\licenses.sl.issuance.client_bridge_office.xrm-ms
c:\program files\kmspico\cert\kmscert2013\visiostd\licenses.sl.issuance.client_root.xrm-ms
c:\program files\kmspico\cert\kmscert2013\visiostd\licenses.sl.issuance.client_root_bridge_test.xrm-ms
c:\program files\kmspico\cert\kmscert2013\visiostd\licenses.sl.issuance.client_stil.xrm-ms
c:\program files\kmspico\cert\kmscert2013\visiostd\licenses.sl.issuance.client_ul.xrm-ms
c:\program files\kmspico\cert\kmscert2013\visiostd\licenses.sl.issuance.client_ul_oob.xrm-ms
c:\program files\kmspico\cert\kmscert2013\visiostd\licenses.sl.pkeyconfig.signed.xrm-ms
c:\program files\kmspico\cert\kmscert2013\visiostd\licensesetdata._44a1f6ff_0876_4edb_9169_dbb43101ee89.oob.xrm-ms
c:\program files\kmspico\cert\kmscert2013\visiostd\licensesetdata._44a1f6ff_0876_4edb_9169_dbb43101ee89.phn.xrm-ms
c:\program files\kmspico\cert\kmscert2013\visiostd\licensesetdata._44a1f6ff_0876_4edb_9169_dbb43101ee89.pl.xrm-ms
c:\program files\kmspico\cert\kmscert2013\visiostd\licensesetdata._44a1f6ff_0876_4edb_9169_dbb43101ee89.ppdlic.xrm-ms
c:\program files\kmspico\cert\kmscert2013\visiostd\licensesetdata._ac4efaf0_f81f_4f61_bdf7_ea32b02ab117.oob.xrm-ms
c:\program files\kmspico\cert\kmscert2013\visiostd\licensesetdata._ac4efaf0_f81f_4f61_bdf7_ea32b02ab117.pl.xrm-ms
c:\program files\kmspico\cert\kmscert2013\visiostd\licensesetdata._ac4efaf0_f81f_4f61_bdf7_ea32b02ab117.ppdlic.xrm-ms
c:\program files\kmspico\cert\kmscert2013\word\licenses.sl.issuance.client_bridge_office.xrm-ms
c:\program files\kmspico\cert\kmscert2013\word\licenses.sl.issuance.client_root.xrm-ms
c:\program files\kmspico\cert\kmscert2013\word\licenses.sl.issuance.client_root_bridge_test.xrm-ms
c:\program files\kmspico\cert\kmscert2013\word\licenses.sl.issuance.client_stil.xrm-ms
c:\program files\kmspico\cert\kmscert2013\word\licenses.sl.issuance.client_ul.xrm-ms
c:\program files\kmspico\cert\kmscert2013\word\licenses.sl.issuance.client_ul_oob.xrm-ms
c:\program files\kmspico\cert\kmscert2013\word\licenses.sl.pkeyconfig.signed.xrm-ms
c:\program files\kmspico\cert\kmscert2013\word\licensesetdata._9cedef15_be37_4ff0_a08a_13a045540641.oob.xrm-ms
c:\program files\kmspico\cert\kmscert2013\word\licensesetdata._9cedef15_be37_4ff0_a08a_13a045540641.phn.xrm-ms
c:\program files\kmspico\cert\kmscert2013\word\licensesetdata._9cedef15_be37_4ff0_a08a_13a045540641.pl.xrm-ms
c:\program files\kmspico\cert\kmscert2013\word\licensesetdata._9cedef15_be37_4ff0_a08a_13a045540641.ppdlic.xrm-ms
c:\program files\kmspico\cert\kmscert2013\word\licensesetdata._d9f5b1c6_5386_495a_88f9_9ad6b41ac9b3.oob.xrm-ms
c:\program files\kmspico\cert\kmscert2013\word\licensesetdata._d9f5b1c6_5386_495a_88f9_9ad6b41ac9b3.pl.xrm-ms
c:\program files\kmspico\cert\kmscert2013\word\licensesetdata._d9f5b1c6_5386_495a_88f9_9ad6b41ac9b3.ppdlic.xrm-ms
c:\program files\kmspico\driver\openvpn.cer
c:\program files\kmspico\driver\tap-windows-9.9.2_3.exe
c:\program files\kmspico\driver\uninstalldriver.cmd
c:\program files\kmspico\icons\error.png
c:\program files\kmspico\icons\information.png
c:\program files\kmspico\icons\question.png
c:\program files\kmspico\icons\warning.png
c:\program files\kmspico\logs\autopico.log
c:\program files\kmspico\logs\kmseldi.log
c:\program files\kmspico\logs\service_kms.log
c:\program files\kmspico\scripts\enablesmartscreen.cmd
c:\program files\kmspico\scripts\enablesmartscreen.reg
c:\program files\kmspico\scripts\install_service.cmd
c:\program files\kmspico\scripts\install_task.cmd
c:\program files\kmspico\scripts\log.cmd
c:\program files\kmspico\scripts\silent.cmd
c:\program files\kmspico\scripts\uninstall_service.cmd
c:\program files\kmspico\sounds\affirmative.mp3
c:\program files\kmspico\sounds\begin.mp3
c:\program files\kmspico\sounds\complete.mp3
c:\program files\kmspico\sounds\diagnostic.mp3
c:\program files\kmspico\sounds\enterauthorizationcode.mp3
c:\program files\kmspico\sounds\incomingtransmission.mp3
c:\program files\kmspico\sounds\inputfailed.mp3
c:\program files\kmspico\sounds\inputok.mp3
c:\program files\kmspico\sounds\processing.mp3
c:\program files\kmspico\sounds\transfer.mp3
c:\program files\kmspico\sounds\verified.mp3
c:\program files\kmspico\sounds\warning.mp3
c:\program files (x86)\pinnacle\studio 17\plugins\rtfx\hfxxml\crackers.xml
c:\program files (x86)\pinnacle\studio 17\plugins\rtfx\hfxxml\firecracker.xml
c:\program files (x86)\pinnacle\studio 17\plugins\rtfxv2\base\rtfxfilters\crackedslab3d.fxt
c:\users\public\documents\pinnacle\content\hollywoodfx\effects\65 - patriotic\firecracker.hfx
c:\users\public\documents\pinnacle\content\hollywoodfx\effects\70 - foods\crackers.hfx
c:\users\public\documents\pinnacle\content\hollywoodfx\objects\food\cracker.hfo
c:\users\public\documents\pinnacle\content\hollywoodfx\objects\patriotic\firecracker bam.hfo
c:\users\public\documents\pinnacle\content\hollywoodfx\objects\patriotic\firecracker bottom.hfo
c:\users\public\documents\pinnacle\content\hollywoodfx\objects\patriotic\firecracker top.hfo
c:\windows\winsxs\amd64_openssh-common-components-onecore_31bf3856ad364e35_10.0.17134.1_none_a227092418e9be66\ssh-keygen.exe
c:\windows\winsxs\amd64_openssh-common-components-onecore_31bf3856ad364e35_10.0.17134.81_none_b683e3bc89a9896c\ssh-keygen.exe
scanner sequence 3.ZZ.11.XRLBP0
----- EOF -----
_________________________________________________
3.

SecurityCheck by glax24 & Severnyj v.1.4.0.53 [27.10.17]
WebSite: www.safezone.cc
DateLog: 28.07.2019 21:22:24
Path starting: C:\Users\Rifka\AppData\Local\Temp\SecurityCheck\SecurityCheck.exe
Log directory: C:\SecurityCheck\
IsAdmin: True
User: Rifka
VersionXML: 6.66is-28.07.2019
___________________________________________________________________________

Windows 10(6.3.17134) (x64) Core Release: 1803 Lang: English(0409)
Installation date OS: 12.10.2018 13:41:49
LicenseStatus: Windows(R), Core edition The machine is permanently activated.
LicenseStatus: Office 15, OfficeProPlusVL_KMS_Client edition Windows is in Notification mode
Boot Mode: Normal
Default Browser: Microsoft Edge (C:\WINDOWS\system32\LaunchWinApp.exe)
SystemDrive: C: FS: [NTFS] Capacity: [885.1 Gb] Used: [77.9 Gb] Free: [807.2 Gb]
------------------------------- [ Windows ] -------------------------------
Internet Explorer 11.885.17134.0
User Account Control enabled (Level 3)
Security Center (wscsvc) - The service is running
Remote Registry (RemoteRegistry) - The service has stopped
SSDP Discovery (SSDPSRV) - The service is running
Remote Desktop Services (TermService) - The service has stopped
Windows Remote Management (WS-Management) (WinRM) - The service has stopped
------------------------------ [ MS Office ] ------------------------------
Microsoft Office 2013 x86 v.15.0.4569.1506
---------------------------- [ Antivirus_WMI ] ----------------------------
Avast Antivirus (disabled and up to date)
Windows Defender (disabled and up to date)
---------------------------- [ Firewall_WMI ] -----------------------------
Avast Antivirus (disabled)
--------------------------- [ AntiSpyware_WMI ] ---------------------------
Windows Defender (disabled and up to date)
Avast Antivirus (disabled and up to date)
---------------------- [ AntiVirusFirewallInstall ] -----------------------
Malwarebytes version 3.7.1.2839 v.3.7.1.2839 Warning! Download Update
Avast Internet Security v.19.5.2378 Warning! Download Update
Avast Update Helper v.1.4.154.333
--------------------------- [ OtherUtilities ] ----------------------------
Microsoft Silverlight v.5.1.50918.0
TeamViewer 14 v.14.4.2669
OpenOffice 4.1.2 v.4.12.9782 Warning! Download Update
TeamViewer 14 (TeamViewer) - The service is running
------------------------------- [ Browser ] -------------------------------
Avast Secure Browser v.75.1.1528.101
Google Chrome v.75.0.3770.142
Mozilla Firefox 43.0.1 (x86 en-US) v.43.0.1 Warning! Download Update
------------------ [ AntivirusFirewallProcessServices ] -------------------
aswbIDSAgent (aswbIDSAgent) - The service is running
C:\Program Files\AVAST Software\Avast\aswidsagent.exe v.19.5.4.2336
C:\Program Files\AVAST Software\Avast\AvastUI.exe v.19.5.4444.0
C:\Program Files\AVAST Software\Avast\afwServ.exe v.19.5.4444.0
AvastWscReporter (AvastWscReporter) - The service has stopped
aswbIDSAgent (aswbIDSAgent) - The service is running
Avast Firewall Service (avast! Firewall) - The service is running
Avast Antivirus (avast! Antivirus) - The service is running
C:\Program Files\AVAST Software\Avast\AvastSvc.exe v.19.5.4444.0
Malwarebytes Service (MBAMService) - The service is running
C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe v.3.2.0.765
C:\Program Files\Windows Defender\MSASCuiL.exe v.4.13.17134.1
Windows Defender Antivirus Service (WinDefend) - The service has stopped
Windows Defender Antivirus Network Inspection Service (WdNisSvc) - The service has stopped
----------------------------- [ End of Log ] ------------------------------
BraunR is offline  
Sponsored Links
Advertisement
 
Old 07-30-2019, 08:20 AM   #4
Security Team
Moderator
 
Join Date: Jan 2011
Location: Bulgaria
Posts: 152
OS: win 10 Pro 1903



Hello again, BraunR...!



Farbar Recovery Scan Tool - Fix

  • Open Notepad (Start > All Programs > Accessories > Notepad).
  • Please copy all the text in the codebox below. (To do this highlight the contents of the box, right-click on it and select Copy. Right-click in the open Notepad and select Paste).
  • Save it as fixlist.txt next to FRST/FRST64.exe

    NOTE: Both FRST/FRST64.exe and the fixlist.txt must be in the same location or the fix will not work.
Code:
Start::
CreateRestorePoint:
EmptyTemp:
CloseProcesses:
GroupPolicy: Restriction - Chrome <==== ATTENTION
GroupPolicy\User: Restriction ? <==== ATTENTION
FF HKLM\SOFTWARE\Policies\Mozilla\Firefox: Restriction <==== ATTENTION
Task: {87169BD9-2A8C-40A2-AA18-2EBF4E97DB61} - \Microsoft\Windows\SMB\UninstallSMB1ClientTask -> No File <==== ATTENTION
Task: {8A1C898E-78A7-4A0D-97D8-DD54AEB3ED7D} - \Microsoft\Windows\SMB\UninstallSMB1ServerTask -> No File <==== ATTENTION
SearchScopes: HKU\S-1-5-21-1936064907-1069411923-2261509573-1001 -> DefaultScope {325FD0EC-F0D4-436F-B73A-D45053D825AF} URL =
SearchScopes: HKU\S-1-5-21-1936064907-1069411923-2261509573-1001 -> {325FD0EC-F0D4-436F-B73A-D45053D825AF} URL = 
CHR HKLM-x32\...\Chrome\Extension: [bfegkegffcbgpfmemahhkgnbkocmbain] - <no Path/update_url>
CHR HKLM-x32\...\Chrome\Extension: [eofcbnmajmjmplflapaojjnihcjkigck] - hxxps://clients2.google.com/service/update2/crx
CHR HKLM-x32\...\Chrome\Extension: [gomekmidlodglbbmalcneegieacbdmki] - hxxps://clients2.google.com/service/update2/crx
ContextMenuHandlers5: [igfxcui] -> {3AB1675A-CCFF-11D2-8B20-00A0C93CB1F4} =>  -> No File
FirewallRules: [{5F756335-AFAA-4FBE-801F-F11A663AEC53}] => (Allow) C:\Program Files\KMSpico\Service_KMS.exe No File
FirewallRules: [{8663194D-7DF8-4EF8-AF9B-0DE9E9CBDD37}] => (Allow) C:\Program Files\KMSpico\Service_KMS.exe No File
FirewallRules: [{743DF353-2796-4322-A084-72B5B581B5A1}] => (Allow) C:\Program Files\KMSpico\AutoPico.exe No File
FirewallRules: [{1016DC12-5263-4595-9A49-734E72E29CDD}] => (Allow) C:\Program Files\KMSpico\AutoPico.exe No File
FirewallRules: [{A740EC0E-30C2-4DE4-8622-EFD149084230}] => (Allow) C:\Program Files\KMSpico\KMSELDI.exe No File
FirewallRules: [{292201E2-90E3-4C8B-87E5-8CE14F3DB3D2}] => (Allow) C:\Program Files\KMSpico\KMSELDI.exe No File
VirusTotal: C:\WINDOWS\lc45fvm58jd
Reboot:
End::
  • Double-click FRST/FRST64 to run the tool. If the tool warns you the version is outdated, please download and run the updated version.
  • Click the Fix button just once, and wait.
  • If you receive a message that a reboot is required, please make sure you allow it to restart normally.
  • The tool will complete its run after the restart.
  • When finished, the tool will make a log (Fixlog.txt) in the same location from where it was run. Please post the Fixlog.txt log in your reply.
NOTE: This script was written specifically for this user, for use on that particular machine. Running this on another machine may cause damage to your operating system
icotonev is offline  
Old 08-01-2019, 07:11 PM   #5
Registered Member
 
Join Date: May 2019
Posts: 25
OS:



Thanks for your reply. Below is my fixlong txt:

Fix result of Farbar Recovery Scan Tool (x64) Version: 31-07-2019
Ran by Rifka (01-08-2019 21:48:46) Run:1
Running from C:\Users\Rifka\Desktop
Loaded Profiles: Rifka (Available Profiles: Rifka)
Boot Mode: Normal
==============================================

fixlist content:
*****************
CreateRestorePoint:
EmptyTemp:
CloseProcesses:
GroupPolicy: Restriction - Chrome <==== ATTENTION
GroupPolicy\User: Restriction ? <==== ATTENTION
FF HKLM\SOFTWARE\Policies\Mozilla\Firefox: Restriction <==== ATTENTION
Task: {87169BD9-2A8C-40A2-AA18-2EBF4E97DB61} - \Microsoft\Windows\SMB\UninstallSMB1ClientTask -> No File <==== ATTENTION
Task: {8A1C898E-78A7-4A0D-97D8-DD54AEB3ED7D} - \Microsoft\Windows\SMB\UninstallSMB1ServerTask -> No File <==== ATTENTION
SearchScopes: HKU\S-1-5-21-1936064907-1069411923-2261509573-1001 -> DefaultScope {325FD0EC-F0D4-436F-B73A-D45053D825AF} URL =
SearchScopes: HKU\S-1-5-21-1936064907-1069411923-2261509573-1001 -> {325FD0EC-F0D4-436F-B73A-D45053D825AF} URL =
CHR HKLM-x32\...\Chrome\Extension: [bfegkegffcbgpfmemahhkgnbkocmbain] - <no Path/update_url>
CHR HKLM-x32\...\Chrome\Extension: [eofcbnmajmjmplflapaojjnihcjkigck] - hxxps://clients2.google.com/service/update2/crx
CHR HKLM-x32\...\Chrome\Extension: [gomekmidlodglbbmalcneegieacbdmki] - hxxps://clients2.google.com/service/update2/crx
ContextMenuHandlers5: [igfxcui] -> {3AB1675A-CCFF-11D2-8B20-00A0C93CB1F4} => -> No File
FirewallRules: [{5F756335-AFAA-4FBE-801F-F11A663AEC53}] => (Allow) C:\Program Files\KMSpico\Service_KMS.exe No File
FirewallRules: [{8663194D-7DF8-4EF8-AF9B-0DE9E9CBDD37}] => (Allow) C:\Program Files\KMSpico\Service_KMS.exe No File
FirewallRules: [{743DF353-2796-4322-A084-72B5B581B5A1}] => (Allow) C:\Program Files\KMSpico\AutoPico.exe No File
FirewallRules: [{1016DC12-5263-4595-9A49-734E72E29CDD}] => (Allow) C:\Program Files\KMSpico\AutoPico.exe No File
FirewallRules: [{A740EC0E-30C2-4DE4-8622-EFD149084230}] => (Allow) C:\Program Files\KMSpico\KMSELDI.exe No File
FirewallRules: [{292201E2-90E3-4C8B-87E5-8CE14F3DB3D2}] => (Allow) C:\Program Files\KMSpico\KMSELDI.exe No File
VirusTotal: C:\WINDOWS\lc45fvm58jd
Reboot:

*****************

Restore point was successfully created.
Processes closed successfully.
C:\WINDOWS\system32\GroupPolicy\Machine => moved successfully
C:\WINDOWS\system32\GroupPolicy\GPT.ini => moved successfully
C:\WINDOWS\SysWOW64\GroupPolicy\GPT.ini => moved successfully
C:\WINDOWS\system32\GroupPolicy\User => moved successfully
HKLM\SOFTWARE\Policies\Mozilla => removed successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{87169BD9-2A8C-40A2-AA18-2EBF4E97DB61}" => removed successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{87169BD9-2A8C-40A2-AA18-2EBF4E97DB61}" => removed successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\SMB\UninstallSMB1ClientTask" => removed successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{8A1C898E-78A7-4A0D-97D8-DD54AEB3ED7D}" => removed successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{8A1C898E-78A7-4A0D-97D8-DD54AEB3ED7D}" => removed successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\SMB\UninstallSMB1ServerTask" => removed successfully
"HKU\S-1-5-21-1936064907-1069411923-2261509573-1001\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope" => removed successfully
HKU\S-1-5-21-1936064907-1069411923-2261509573-1001\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{325FD0EC-F0D4-436F-B73A-D45053D825AF} => removed successfully
HKLM\Software\Classes\CLSID\{325FD0EC-F0D4-436F-B73A-D45053D825AF} => not found
HKLM\SOFTWARE\Wow6432Node\Google\Chrome\Extensions\bfegkegffcbgpfmemahhkgnbkocmbain => removed successfully
HKLM\SOFTWARE\Wow6432Node\Google\Chrome\Extensions\eofcbnmajmjmplflapaojjnihcjkigck => removed successfully
HKLM\SOFTWARE\Wow6432Node\Google\Chrome\Extensions\gomekmidlodglbbmalcneegieacbdmki => removed successfully
HKLM\Software\Classes\Directory\Background\ShellEx\ContextMenuHandlers\igfxcui => removed successfully
HKLM\Software\Classes\CLSID\{3AB1675A-CCFF-11D2-8B20-00A0C93CB1F4} => not found
"HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{5F756335-AFAA-4FBE-801F-F11A663AEC53}" => removed successfully
"HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{8663194D-7DF8-4EF8-AF9B-0DE9E9CBDD37}" => removed successfully
"HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{743DF353-2796-4322-A084-72B5B581B5A1}" => removed successfully
"HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{1016DC12-5263-4595-9A49-734E72E29CDD}" => removed successfully
"HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{A740EC0E-30C2-4DE4-8622-EFD149084230}" => removed successfully
"HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{292201E2-90E3-4C8B-87E5-8CE14F3DB3D2}" => removed successfully
"VirusTotal: C:\WINDOWS\lc45fvm58jd" => not found

=========== EmptyTemp: ==========

BITS transfer queue => 11870023 B
DOMStore, IE Recovery, AppCache, Feeds Cache, Thumbcache, IconCache => 57210399 B
Java, Flash, Steam htmlcache => 1789 B
Windows/system/drivers => 81874333 B
Edge => 14991632 B
Chrome => 373871668 B
Firefox => 23221164 B
Opera => 0 B

Temp, IE cache, history, cookies, recent:
Default => 6656 B
Users => 0 B
ProgramData => 0 B
Public => 0 B
systemprofile => 0 B
systemprofile32 => 0 B
LocalService => 17490 B
LocalService => 0 B
NetworkService => 298824 B
NetworkService => 0 B
Rifka => 66803453 B

RecycleBin => 184599855 B
EmptyTemp: => 777 MB temporary data Removed.

================================


The system needed a reboot.

==== End of Fixlog 21:52:57 ====
BraunR is offline  
Old 08-03-2019, 11:08 PM   #6
Security Team
Moderator
 
Join Date: Jan 2011
Location: Bulgaria
Posts: 152
OS: win 10 Pro 1903



Hello , BraunR...! How is the machine behaving?


Malwarebytes Anti-Malware

Download Malwarebytes Anti-Malware and save it to your desktop.
  • Right-click the Malwarebytes icon and select Run as Administrator. Follow the on-screen prompts to install Malwarebytes Anti-Malware.
  • Once the installation has finished, launch Malwarebytes.
  • When the tool opens, click Settings, then the Protection tab.
  • Under Scan options, ensure Scan for rootkits and Scan within archives are On.
  • Click the Scan button on the left.
  • Select Scan Now and wait for the scan to complete.
  • Malwarebytes will update its databases, then start scanning.
  • If no threats are found, close the Malwarebytes window. If threats are detected, make sure they are all selected and click Quarantine selected.
  • Click on Reports in the left pane, and check the box next to the latest report (at the top). Click on View Report.
  • Select Export in the bottom left corner, and click Text File. Save the file to your desktop.
  • Open the Malwarebytes log on your desktop and copy/paste its contents into your next reply.


AdwCleaner

Download AdwCleaner and save it to your desktop.
  • Double click AdwCleaner.exe to run it.
  • Click Scan Now ...
    • When the scan has finished a Scan Results window will open.
    • Click Cancel (at this point do not attempt to Quarantine anything that is found)
  • Now click the Log Files tab ...
    • Double click on the latest scan log (Scan logs have a [S0*] suffix, where * is replaced by a number, the latest scan will have the largest number)
    • A Notepad file will open containing the results of the scan.
icotonev is offline  
Old 08-04-2019, 06:18 PM   #7
Registered Member
 
Join Date: May 2019
Posts: 25
OS:



Hi,

My machine is behaving alot better:) Thanks

The first link for Malwarebytes Anti-Malware gets me to a blank page. Can you send me another link to that download?

Thanks
BraunR is offline  
Old 08-05-2019, 02:08 AM   #8
Security Team
Moderator
 
Join Date: Jan 2011
Location: Bulgaria
Posts: 152
OS: win 10 Pro 1903



Quote:
Originally Posted by BraunR View Post
Hi,

My machine is behaving alot better:) Thanks

Wonderfully...!


https://www.malwarebytes.com/products/


It is recommended to upgrade the following software:


Code:
Malwarebytes version 3.7.1.2839 v.3.7.1.2839 Warning!     Download Update
Avast Internet Security v.19.5.2378 Warning!     Download Update
OpenOffice 4.1.2 v.4.12.9782 Warning!     Download Update
Mozilla Firefox 43.0.1 (x86 en-US) v.43.0.1 Warning!     Download Update
icotonev is offline  
Old 08-05-2019, 09:09 AM   #9
Registered Member
 
Join Date: May 2019
Posts: 25
OS:



Following is my scans.

Malwarebytes
www.malwarebytes.com

-Log Details-
Scan Date: 8/5/19
Scan Time: 11:43 AM
Log File: b4bf147e-b797-11e9-a67c-507b9d3b4872.json

-Software Information-
Version: 3.8.3.2965
Components Version: 1.0.613
Update Package Version: 1.0.11870
License: Free

-System Information-
OS: Windows 10 (Build 17134.885)
CPU: x64
File System: NTFS
User: LAPTOP-KLLUT3VL\Rifka

-Scan Summary-
Scan Type: Threat Scan
Scan Initiated By: Manual
Result: Completed
Objects Scanned: 308405
Threats Detected: 0
Threats Quarantined: 0
Time Elapsed: 5 min, 43 sec

-Scan Options-
Memory: Enabled
Startup: Enabled
Filesystem: Enabled
Archives: Enabled
Rootkits: Disabled
Heuristics: Enabled
PUP: Detect
PUM: Detect

-Scan Details-
Process: 0
(No malicious items detected)

Module: 0
(No malicious items detected)

Registry Key: 0
(No malicious items detected)

Registry Value: 0
(No malicious items detected)

Registry Data: 0
(No malicious items detected)

Data Stream: 0
(No malicious items detected)

Folder: 0
(No malicious items detected)

File: 0
(No malicious items detected)

Physical Sector: 0
(No malicious items detected)

WMI: 0
(No malicious items detected)


(end)
_________________________________________


# -------------------------------
# Malwarebytes AdwCleaner 7.4.0.0
# -------------------------------
# Build: 07-23-2019
# Database: 2019-08-02.1 (Cloud)
# Support: https://www.malwarebytes.com/support
#
# -------------------------------
# Mode: Scan
# -------------------------------
# Start: 08-05-2019
# Duration: 00:00:20
# OS: Windows 10 Home
# Scanned: 35815
# Detected: 50


***** [ Services ] *****

No malicious services found.

***** [ Folders ] *****

No malicious folders found.

***** [ Files ] *****

No malicious files found.

***** [ DLL ] *****

No malicious DLLs found.

***** [ WMI ] *****

No malicious WMI found.

***** [ Shortcuts ] *****

No malicious shortcuts found.

***** [ Tasks ] *****

No malicious tasks found.

***** [ Registry ] *****

PUP.Optional.TheBrightTag HKCU\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Internet Explorer\DOMStorage\s.thebrighttag.com
PUP.Optional.TheBrightTag HKCU\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Internet Explorer\DOMStorage\thebrighttag.com
PUP.Optional.TheBrightTag HKCU\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Internet Explorer\EdpDomStorage\s.thebrighttag.com
PUP.Optional.TheBrightTag HKCU\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Internet Explorer\EdpDomStorage\thebrighttag.com

***** [ Chromium (and derivatives) ] *****

No malicious Chromium entries found.

***** [ Chromium URLs ] *****

No malicious Chromium URLs found.

***** [ Firefox (and derivatives) ] *****

No malicious Firefox entries found.

***** [ Firefox URLs ] *****

No malicious Firefox URLs found.

***** [ Preinstalled Software ] *****

Preinstalled.ASUSSupport
Preinstalled.CyberLinkShellExtension
Preinstalled.LenovoAcceleratorApplication
Preinstalled.LenovoCCSDK
Preinstalled.LenovoExperienceImprovement
Preinstalled.LenovoIMController
Preinstalled.LenovoPhotoMaster
Preinstalled.LenovoPower2Go
Preinstalled.LenovoPowerDVD
Preinstalled.LenovoQuickOptimizer
Preinstalled.LenovoREACHit
Preinstalled.LenovoSHAREit
Preinstalled.LenovoSolutionCenter
Preinstalled.LenovoUtility



########## EOF - C:\AdwCleaner\Logs\AdwCleaner[S00].txt ##########


Thanks
BraunR is offline  
Old 08-05-2019, 10:04 AM   #10
Security Team
Moderator
 
Join Date: Jan 2011
Location: Bulgaria
Posts: 152
OS: win 10 Pro 1903



Hello , BraunR...! Congratulations.... Well done..! Your system is clean..!

If all is well...The following will remove the tools we used as well as reset system restore points:


KpRm

Download KpRm by kernel-panik and save it to your desktop.
  • Right-click kprm_(version).exe and select Run as Administrator.
  • When the tool opens, ensure all boxes are checked, and select Run.
  • Once complete, click OK.
  • A log will open in Notepad titled kprm-(date).txt.
  • Please copy and paste its contents in your next reply.
icotonev is offline  
Old 08-05-2019, 02:55 PM   #11
Registered Member
 
Join Date: May 2019
Posts: 25
OS:



Awesome!

I still see lenovo solution center as one of the icons near the time at the bottom of my screen. Also in the background processes there are still the programs lenovo solution center, lenovo utility. Is this still part of the virus?

Otherwise the computer is working very well.



# Run at 8/5/2019 5:46:32 PM
# KpRm (Kernel-panik) version 1.7.3
# Website https://kernel-panik.me/tool/kprm/
# Run by Rifka from C:\Users\Rifka\Downloads
# Computer Name: LAPTOP-KLLUT3VL
# OS: Windows 10 X64 (17134)

- Create Registry Backup -

[OK] Registry Backup: C:\KPRM\backup\2019-08-05-17-46

- Search Tools -


## AdwCleaner
[OK] Process AdwCleaner.exe killed (1)
[OK] C:\Users\Rifka\Desktop\AdwCleaner.exe deleted (1)
[OK] C:\AdwCleaner deleted (1)

## CKScanner
[OK] C:\Users\Rifka\Desktop\ckfiles.txt deleted (1)
[OK] C:\Users\Rifka\Desktop\CKScanner (1).exe deleted (1)
[OK] C:\Users\Rifka\Downloads\CKScanner.exe deleted (1)

## FRST
[OK] C:\Users\Rifka\Desktop\Addition.txt deleted (1)
[OK] C:\Users\Rifka\Desktop\Fixlog.txt deleted (1)
[OK] C:\Users\Rifka\Desktop\FRST-OlderVersion deleted (1)
[OK] C:\Users\Rifka\Desktop\FRST.txt deleted (1)
[OK] C:\Users\Rifka\Desktop\FRST64.exe deleted (1)
[OK] C:\Users\Rifka\Downloads\Addition.txt deleted (1)
[OK] C:\Users\Rifka\Downloads\FRST.exe deleted (1)
[OK] C:\Users\Rifka\Downloads\FRST.txt deleted (1)
[OK] C:\FRST deleted (1)

## SecurityCheck
[OK] C:\Users\Rifka\Downloads\SecurityCheck.exe deleted (1)

- Restore Default System Settings -

[OK] Flush DNS
[OK] Reset WinSock
[OK] Hide Hidden file.
[OK] Show Extensions for known file types
[OK] Hide protected operating system files

- Restore UAC Default Value -

[OK] Set ConsentPromptBehaviorAdmin with default (5) value
[OK] Set ConsentPromptBehaviorUser with default (3) value
[OK] Set EnableInstallerDetection with default (0) value
[OK] Set EnableLUA with default (1) value
[OK] Set EnableSecureUIAPaths with default (1) value
[OK] Set EnableUIADesktopToggle with default (0) value
[OK] Set EnableVirtualization with default (1) value
[OK] Set FilterAdministratorToken with default (0) value
[OK] Set PromptOnSecureDesktop with default (1) value
[OK] Set ValidateAdminCodeSignatures with default (0) value

- Clear All System Restore Points -

~ [OK] RP named Windows Update created at 07/17/2019 08:42:51 deleted
~ [OK] RP named Windows Update created at 08/02/2019 01:42:18 deleted

[OK] All system restore points have been successfully deleted

- Create New System Restore Point -

[OK] Enable System Restore
[OK] System Restore Point created

- Display All System Restore Point -

~ [I] RP named KpRm created at 08/05/2019 21:49:04 found
BraunR is offline  
Old 08-06-2019, 01:58 AM   #12
Security Team
Moderator
 
Join Date: Jan 2011
Location: Bulgaria
Posts: 152
OS: win 10 Pro 1903



Quote:
Originally Posted by BraunR View Post

I still see lenovo solution center as one of the icons near the time at the bottom of my screen. Also in the background processes there are still the programs lenovo solution center, lenovo utility. Is this still part of the virus?

Not .... It is not a virus..!


Quote:
The Lenovo Solution Center is a new software application created by Lenovo for Think products that helps users get the most out of their PC experience. The new software allows users to quickly identify the status for system health, network connections and overall system security.
https://support.lenovo.com/gb/en/downloads/ds104501
https://www.shouldiremoveit.com/Leno...7-program.aspx
icotonev is offline  
Old 08-06-2019, 11:15 AM   #13
Registered Member
 
Join Date: May 2019
Posts: 25
OS:



ok.

Is my computer clean now?
BraunR is offline  
Old 08-06-2019, 11:18 AM   #14
Registered Member
 
Join Date: May 2019
Posts: 25
OS:



Hi,

It seems like I have run into trouble today:(

I downloaded adobe free trial. Since then I have windows Explorer folder open every few minutes I use my computer. Could a trusted site like adobe make this issue?

Please advise.
BraunR is offline  
Old 08-07-2019, 03:04 AM   #15
Security Team
Moderator
 
Join Date: Jan 2011
Location: Bulgaria
Posts: 152
OS: win 10 Pro 1903



I'm sorry, but I don't understand your question ..? Can you in detail ..! Thanks..!
icotonev is offline  
Old 08-07-2019, 06:58 AM   #16
Registered Member
 
Join Date: May 2019
Posts: 25
OS:



Sorry. I'll clarify.

It seems to me that I just got another virus on my computer:( every few minutes it opens my folder file explorer by its own. I used my computer for 20 minutes and I have now 14 times open this folder.

I have downloaded adobe trial. I am thinking if it can have anything to do with it. I now also unistalled it as I fear it sould not make more trouble for my machine.

I have my computer for a few years and did not have any virus...

Please advise
BraunR is offline  
Old 08-07-2019, 07:09 AM   #17
Security Team
Moderator
 
Join Date: Jan 2011
Location: Bulgaria
Posts: 152
OS: win 10 Pro 1903



I understand ..! Can you see what happens ..! For this purpose:


Download FRST and save it to your desktop from here

Note: You need to run the version compatible with your system.
If you are not sure which version applies to your system download both of them and try to run them.
Only one of them will run on your system; that will be the right version.


Double-click FRST then click the 'Scan' button to run the tool.
When done, FRST will save 2 logs to your desktop.
  1. FRST.txt
  2. Addition.txt
icotonev is offline  
Old 08-08-2019, 08:40 AM   #18
Registered Member
 
Join Date: May 2019
Posts: 25
OS:



ye

following is the scans

Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 07-08-2019 02
Ran by Rifka (administrator) on LAPTOP-KLLUT3VL (LENOVO 80E5) (08-08-2019 11:26:34)
Running from C:\Users\Rifka\Desktop
Loaded Profiles: Rifka (Available Profiles: Rifka)
Platform: Windows 10 Home Version 1803 17134.885 (X64) Language: English (United States)
Default browser: Edge
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: FRST Tutorial - How to use Farbar Recovery Scan Tool - Malware Removal Guides and Tutorials

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(Adobe Inc. -> Adobe Systems, Incorporated) C:\Program Files (x86)\Common Files\Adobe\AdobeGCClient\AGMService.exe
(Adobe Inc. -> Adobe Systems, Incorporated) C:\Program Files (x86)\Common Files\Adobe\AdobeGCClient\AGSService.exe
(AVAST Software s.r.o. -> AVAST Software) C:\Program Files (x86)\AVAST Software\Browser\Application\AvastBrowser.exe
(AVAST Software s.r.o. -> AVAST Software) C:\Program Files (x86)\AVAST Software\Browser\Application\AvastBrowser.exe
(AVAST Software s.r.o. -> AVAST Software) C:\Program Files (x86)\AVAST Software\Browser\Application\AvastBrowser.exe
(AVAST Software s.r.o. -> AVAST Software) C:\Program Files (x86)\AVAST Software\Browser\Update\1.4.154.333\AvastBrowserCrashHandler.exe
(AVAST Software s.r.o. -> AVAST Software) C:\Program Files (x86)\AVAST Software\Browser\Update\1.4.154.333\AvastBrowserCrashHandler64.exe
(AVAST Software s.r.o. -> AVAST Software) C:\Program Files\AVAST Software\Avast\aswidsagent.exe
(AVAST Software s.r.o. -> AVAST Software) C:\Program Files\AVAST Software\Avast\AvastSvc.exe
(AVAST Software s.r.o. -> AVAST Software) C:\Program Files\AVAST Software\Avast\AvastUI.exe
(AVAST Software s.r.o. -> AVAST Software) C:\Program Files\AVAST Software\Avast\AvEmUpdate.exe
(Conexant Systems, Inc. -> Conexant Systems Inc.) C:\Windows\System32\CxAudMsg64.exe
(Conexant Systems, Inc. -> Conexant Systems, Inc.) C:\Program Files\CONEXANT\cAudioFilterAgent\CAudioFilterAgent64.exe
(Conexant Systems, Inc. -> Conexant Systems, Inc.) C:\Windows\SysWOW64\SASrv.exe
(CyberLink Corp. -> CyberLink) C:\Program Files (x86)\Lenovo\Power2Go\CLMLSvc_P2G8.exe
(ELAN Microelectronics Corporation -> ELAN Microelectronics Corp.) C:\Program Files\Elantech\ETDCtrl.exe
(ELAN Microelectronics Corporation -> ELAN Microelectronics Corp.) C:\Program Files\Elantech\ETDCtrlHelper.exe
(ELAN Microelectronics Corporation -> ELAN Microelectronics Corp.) C:\Program Files\Elantech\ETDIntelligent.exe
(ELAN Microelectronics Corporation -> ELAN Microelectronics Corp.) C:\Program Files\Elantech\ETDService.exe
(Fortemedia Inc -> ) C:\Program Files\CONEXANT\ForteConfig\fmapp.exe
(Google Inc -> Google Inc.) C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
(Google Inc -> Google LLC) C:\Program Files (x86)\Google\Update\1.3.34.11\GoogleCrashHandler.exe
(Google Inc -> Google LLC) C:\Program Files (x86)\Google\Update\1.3.34.11\GoogleCrashHandler64.exe
(Google LLC -> Google LLC) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google LLC -> Google LLC) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google LLC -> Google LLC) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google LLC -> Google LLC) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google LLC -> Google LLC) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google LLC -> Google LLC) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google LLC -> Google LLC) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google LLC -> Google LLC) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google LLC -> Google LLC) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google LLC -> Google LLC) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google LLC -> Google LLC) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google LLC -> Google LLC) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google LLC -> Google LLC) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google LLC -> Google LLC) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google LLC -> Google LLC) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google LLC -> Google LLC) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google LLC -> Google LLC) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google LLC -> Google LLC) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google LLC -> Google LLC) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google LLC -> Google LLC) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google LLC -> Google LLC) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google LLC -> Google LLC) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google LLC -> Google LLC) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google LLC -> Google LLC) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google LLC -> Google LLC) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google LLC -> Google LLC) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google LLC -> Google LLC) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google LLC -> Google LLC) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google LLC -> Google LLC) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google LLC -> Google LLC) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google LLC -> Google LLC) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google LLC -> Google LLC) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google LLC -> Google LLC) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Intel Corporation - Rapid Storage Technology -> Intel Corporation) C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe
(Intel Corporation - Rapid Storage Technology -> Intel Corporation) C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe
(Intel Corporation-Wireless Connectivity Solutions -> Intel(R) Corporation) C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe
(Intel Corporation-Wireless Connectivity Solutions -> Intel(R) Corporation) C:\Program Files\Intel\WiFi\bin\EvtEng.exe
(Intel Corporation-Wireless Connectivity Solutions -> Intel® Corporation) C:\Program Files\Intel\WiFi\bin\ZeroConfigService.exe
(Intel(R) pGFX -> ) C:\Windows\System32\igfxTray.exe
(Intel(R) pGFX -> Intel Corporation) C:\Windows\System32\igfxCUIService.exe
(Intel(R) pGFX -> Intel Corporation) C:\Windows\System32\igfxEM.exe
(Intel(R) pGFX -> Intel Corporation) C:\Windows\System32\igfxHK.exe
(LENOVO -> ) C:\Program Files\Lenovo\LenovoUtility\utility.exe
(LENOVO -> ) C:\Program Files\update\UpdateAgent.exe
(LENOVO -> Lenovo) C:\Program Files (x86)\Lenovo\CCSDK\CCSDK.exe
(LENOVO -> Lenovo) C:\Program Files (x86)\Lenovo\CCSDK\WinGather.exe
(LENOVO -> Lenovo) C:\Program Files (x86)\Lenovo\GDCAgentSetupRed\GDCAgent.exe
(LENOVO -> Lenovo) C:\Program Files (x86)\Lenovo\REACHit\REACHitAgent.exe
(LENOVO -> Lenovo) C:\Program Files\Lenovo\Lenovo Solution Center\LSCNotify.exe
(Lenovo) [File not signed] C:\Program Files (x86)\Lenovo\LenovoPortal\FastBoot\FbService.exe
(Malwarebytes Corporation -> Malwarebytes) C:\Program Files\Malwarebytes\Anti-Malware\mbam.exe
(Malwarebytes Corporation -> Malwarebytes) C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe
(Malwarebytes Corporation -> Malwarebytes) C:\Program Files\Malwarebytes\Anti-Malware\mbamtray.exe
(Microsoft Corporation -> Microsoft Corporation) C:\Program Files (x86)\Microsoft Office\Office15\WINWORD.EXE
(Microsoft Corporation -> Microsoft Corporation) C:\Users\Rifka\AppData\Local\Microsoft\OneDrive\OneDrive.exe
(Microsoft Corporation -> Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v3.0\WPF\PresentationFontCache.exe
(Microsoft Corporation -> Microsoft Corporation) C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe
(Microsoft Corporation -> Microsoft Corporation) C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe
(Microsoft Corporation -> Microsoft Corporation) C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe
(Microsoft Corporation -> Microsoft Corporation) C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe
(Microsoft Corporation -> Microsoft Corporation) C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe
(Microsoft Corporation -> Microsoft Corporation) C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe
(Microsoft Corporation) C:\Program Files\WindowsApps\Microsoft.Windows.Photos_2019.19051.16210.0_x64__8wekyb3d8bbwe\Microsoft.Photos.exe
(Microsoft Corporation) C:\Program Files\WindowsApps\Microsoft.WindowsCalculator_10.1906.53.0_x64__8wekyb3d8bbwe\Calculator.exe
(Microsoft Corporation) C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_16005.11901.20184.0_x64__8wekyb3d8bbwe\HxTsr.exe
(Microsoft Corporation) C:\Program Files\WindowsApps\Microsoft.ZuneMusic_10.19031.11411.0_x64__8wekyb3d8bbwe\Music.UI.exe
(Microsoft Corporation) C:\Program Files\WindowsApps\Microsoft.ZuneVideo_10.19031.11411.0_x64__8wekyb3d8bbwe\Video.UI.exe
(Microsoft Windows -> Microsoft Corporation) C:\$WINDOWS.~BT\Sources\setuphost.exe
(Microsoft Windows -> Microsoft Corporation) C:\Windows\SoftwareDistribution\Download\e5ee8087f8752925c676b1d4b3aac1c8\WindowsUpdateBox.exe
(Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\browser_broker.exe
(Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\DeviceCensus.exe
(Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\rundll32.exe
(Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\smartscreen.exe
(Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\SppExtComObj.Exe
(Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\WerFault.exe
(Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\wlanext.exe
(Microsoft Windows -> Microsoft Corporation) C:\Windows\SysWOW64\notepad.exe
(Microsoft Windows Publisher -> Microsoft Corporation) C:\Windows\SysWOW64\svchost.exe
(Skype) C:\Program Files\WindowsApps\Microsoft.SkypeApp_14.50.38.0_x64__kzf8qxf38zg5c\SkypeApp.exe
(Skype) C:\Program Files\WindowsApps\Microsoft.SkypeApp_14.50.38.0_x64__kzf8qxf38zg5c\SkypeBackgroundHost.exe
(TeamViewer GmbH -> TeamViewer GmbH) C:\Program Files (x86)\TeamViewer\TeamViewer.exe
(TeamViewer GmbH -> TeamViewer GmbH) C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe
(TeamViewer GmbH -> TeamViewer GmbH) C:\Program Files (x86)\TeamViewer\tv_w32.exe
(TeamViewer GmbH -> TeamViewer GmbH) C:\Program Files (x86)\TeamViewer\tv_x64.exe
Failed to access process -> SearchUI.exe

==================== Registry (Whitelisted) ===========================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [SecurityHealth] => C:\Program Files\Windows Defender\MSASCuiL.exe [638872 2018-04-11] (Microsoft Windows -> Microsoft Corporation)
HKLM\...\Run: [LenovoUtility] => C:\Program Files\Lenovo\LenovoUtility\utility.exe [791848 2015-10-10] (LENOVO -> )
HKLM\...\Run: [IAStorIcon] => C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe [322472 2015-07-22] (Intel Corporation - Rapid Storage Technology -> Intel Corporation)
HKLM\...\Run: [ForteConfig] => C:\Program Files\Conexant\ForteConfig\fmapp.exe [49056 2010-10-26] (Fortemedia Inc -> )
HKLM\...\Run: [cAudioFilterAgent] => C:\Program Files\Conexant\cAudioFilterAgent\cAudioFilterAgent64.exe [919768 2014-11-20] (Conexant Systems, Inc. -> Conexant Systems, Inc.)
HKLM\...\Run: [SmartAudio] => C:\Program Files\CONEXANT\SAII\SACpl.exe [1830616 2014-04-10] (Conexant Systems, Inc. -> Conexant Systems, Inc.)
HKLM\...\Run: [ETDCtrl] => C:\Program Files\Elantech\ETDCtrl.exe [3814624 2018-02-07] (ELAN Microelectronics Corporation -> ELAN Microelectronics Corp.)
HKLM\...\Run: [AvastUI.exe] => C:\Program Files\AVAST Software\Avast\AvLaunch.exe [269192 2019-08-01] (AVAST Software s.r.o. -> AVAST Software)
HKLM\...\Run: [AdobeGCInvoker-1.0] => C:\Program Files (x86)\Common Files\Adobe\AdobeGCClient\AGCInvokerUtility.exe [2849872 2019-07-04] (Adobe Inc. -> Adobe Systems, Incorporated)
HKLM-x32\...\Run: [CLMLServer_For_P2G8] => C:\Program Files (x86)\Lenovo\Power2Go\CLMLSvc_P2G8.exe [110344 2014-09-09] (CyberLink Corp. -> CyberLink)
HKLM-x32\...\Run: [CLVirtualDrive] => C:\Program Files (x86)\Lenovo\Power2Go\VirtualDrive.exe [492808 2014-09-09] (CyberLink Corp. -> CyberLink Corp.)
HKU\S-1-5-21-1936064907-1069411923-2261509573-1001\...\RunOnce: [Delete Cached Update Binary] => C:\WINDOWS\system32\cmd.exe /q /c del /q "C:\Users\Rifka\AppData\Local\Microsoft\OneDrive\Update\OneDriveSetup.exe"
HKU\S-1-5-21-1936064907-1069411923-2261509573-1001\...\RunOnce: [Delete Cached Standalone Update Binary] => C:\WINDOWS\system32\cmd.exe /q /c del /q "C:\Users\Rifka\AppData\Local\Microsoft\OneDrive\StandaloneUpdater\OneDriveSetup.exe"
HKU\S-1-5-21-1936064907-1069411923-2261509573-1001\...\RunOnce: [Uninstall 19.103.0527.0003\amd64] => C:\WINDOWS\system32\cmd.exe /q /c rmdir /s /q "C:\Users\Rifka\AppData\Local\Microsoft\OneDrive\19.103.0527.0003\amd64"
HKU\S-1-5-21-1936064907-1069411923-2261509573-1001\...\RunOnce: [Uninstall 19.103.0527.0003] => C:\WINDOWS\system32\cmd.exe /q /c rmdir /s /q "C:\Users\Rifka\AppData\Local\Microsoft\OneDrive\19.103.0527.0003"
HKLM\...\Drivers32-x32: [vidc.mjpg] => pvmjpg30.dll
HKLM\...\Drivers32: [vidc.pDAD] => C:\Windows\SysWOW64\prodad-codec.dll [506312 2013-10-23] (proDAD GmbH -> proDAD GmbH)
HKLM\Software\Microsoft\Active Setup\Installed Components: [{8A69D345-D564-463c-AFF1-A69D9E530F96}] -> C:\Program Files (x86)\Google\Chrome\Application\75.0.3770.142\Installer\chrmstp.exe [2019-07-17] (Google LLC -> Google LLC)
HKLM\Software\Wow6432Node\Microsoft\Active Setup\Installed Components: [{A8504530-742B-42BC-895D-2BAD6406F698}] -> C:\Program Files (x86)\AVAST Software\Browser\Application\75.1.1528.101\Installer\chrmstp.exe [2019-07-25] (AVAST Software s.r.o. -> AVAST Software)
FF HKLM\SOFTWARE\Policies\Mozilla\Firefox: Restriction <==== ATTENTION

==================== Scheduled Tasks (Whitelisted) =============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

Task: {026EC50A-F2D6-4228-AAE2-87D94F0736CA} - System32\Tasks\Microsoft\Office\OfficeTelemetryAgentFallBack => C:\Program Files\Microsoft Office\Office15\msoia.exe [376496 2014-01-22] (Microsoft Corporation -> Microsoft Corporation)
Task: {17864CB3-4747-4A41-8D09-4A2A664F6676} - System32\Tasks\Microsoft\Windows\RemovalTools\MRT_ERROR_HB => C:\WINDOWS\system32\MRT.exe [136618864 2019-07-17] (Microsoft Corporation -> Microsoft Corporation)
Task: {20414A01-6033-4FF8-BCE3-265A58B3AE6F} - System32\Tasks\Lenovo\Lenovo Solution Center Launcher => C:\Program Files\lenovo\lenovo solution center\App\LSCService.exe [270272 2015-08-07] (LENOVO -> Lenovo)
Task: {283D3439-39D2-478B-A1A7-3FF5F2CC0653} - System32\Tasks\Avast Secure Browser Heartbeat Task (Logon) => C:\Program Files (x86)\AVAST Software\Browser\Application\AvastBrowser.exe [1808504 2019-07-18] (AVAST Software s.r.o. -> AVAST Software)
Task: {2FDDC4DF-0FA5-499E-BA85-32D3ACBD64A2} - System32\Tasks\Lenovo\ImController\Lenovo iM Controller Scheduled Maintenance => %windir%\system32\sc.exe START ImControllerService
Task: {3BA2DBE8-07C1-476E-AEE0-9F5C0D2411C6} - System32\Tasks\Lenovo\REACHit Agent Update => C:\Program Files (x86)\Lenovo\REACHit\REACHitAgent.exe [674760 2016-02-22] (LENOVO -> Lenovo)
Task: {4E015032-99F1-40D9-A9C2-C60117DA6D64} - System32\Tasks\AvastUpdateTaskMachineUA => C:\Program Files (x86)\AVAST Software\Browser\Update\AvastBrowserUpdate.exe [164984 2019-05-28] (AVAST Software s.r.o. -> AVAST Software)
Task: {55B8C7F4-3FCE-45E8-99F0-8E0863EC1D8D} - System32\Tasks\Lenovo\Lenovo Customer Feedback Program 64 => C:\Program Files (x86)\Lenovo\Customer Feedback Program\Lenovo.TVT.CustomerFeedback.Agent.exe [16832 2015-07-08] (LENOVO -> Lenovo)
Task: {600F2E55-C876-4733-808E-90F5C841EE6A} - System32\Tasks\CreateExplorerShellUnelevatedTask => C:\WINDOWS\Explorer.exe /NOUACCHECK
Task: {60C4C661-3629-401E-BF93-E0321D8CE590} - System32\Tasks\Lenovo\REACHit Agent Startup => C:\Program Files (x86)\Lenovo\REACHit\REACHitAgent.exe [674760 2016-02-22] (LENOVO -> Lenovo)
Task: {647B581C-8CA5-4999-8CFE-02EABE7DBE53} - System32\Tasks\Lenovo\ImController\Plugins\LenovoSystemUpdatePlugin_TVSUUpdateTask => reg.exe add hklm\SOFTWARE\Lenovo\SystemUpdatePlugin\scheduler /v start /t reg_dword /d 1 /f /reg:32
Task: {664B1697-D559-4723-9D04-1967A1E10F35} - System32\Tasks\Lenovo\SHUpdate => C:\Program Files (x86)\Lenovo\SHAREit\ShareitUpdater.exe [808352 2015-07-12] (LENOVO -> )
Task: {71C0AC35-4970-46FB-8C6D-CB89C24B78DC} - System32\Tasks\Lenovo\SHPrompt => C:\Program Files (x86)\Lenovo\SHAREit\ShareitPrompt.exe [829344 2015-07-12] (LENOVO -> )
Task: {86235870-CCED-4E48-B7D2-D70C32685E0A} - System32\Tasks\AdobeGCInvoker-1.0-LAPTOP-KLLUT3VL-Rifka => C:\Program Files (x86)\Common Files\Adobe\AdobeGCClient\AGCInvokerUtility.exe [2849872 2019-07-04] (Adobe Inc. -> Adobe Systems, Incorporated)
Task: {8BEAF689-FA90-4A62-AEFE-484EE0BE985F} - System32\Tasks\Microsoft\Windows\PLA\LSC Memory => C:\Windows\system32\rundll32.exe C:\Windows\system32\pla.dll,PlaHost "LSC Memory" "$(Arg0)"
Task: {8C69E7A3-945C-4BD9-9EAB-D59CE70A4C44} - System32\Tasks\Avast Software\Overseer => C:\Program Files\Common Files\AVAST Software\Overseer\overseer.exe [2047368 2019-07-31] (AVAST Software s.r.o. -> AVAST Software)
Task: {92EE847B-C711-4C89-9BF1-E6D4C3A39FBA} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [153752 2016-11-30] (Google Inc -> Google Inc.)
Task: {94839AFA-F86C-47B3-A100-18F9F2640DCE} - System32\Tasks\Avast Emergency Update => C:\Program Files\AVAST Software\Avast\AvEmUpdate.exe [3940232 2019-08-01] (AVAST Software s.r.o. -> AVAST Software)
Task: {960DACF7-D03A-452C-BB44-FA9E5DE41506} - System32\Tasks\Lenovo\Experience Improvement => C:\Program Files\Lenovo\ExperienceImprovement\LenovoExperienceImprovement.exe [287688 2015-12-09] (LENOVO -> Lenovo)
Task: {96CC4AC4-B01B-4F2C-82D2-8656DFCD4C81} - System32\Tasks\Microsoft\Windows\Setup\EOSNotify => C:\WINDOWS\system32\EOSNotify.exe
Task: {9B50C0AE-67A6-45AD-9605-9C74D32C5E52} - System32\Tasks\Microsoft\Office\OfficeTelemetryAgentLogOn => C:\Program Files\Microsoft Office\Office15\msoia.exe [376496 2014-01-22] (Microsoft Corporation -> Microsoft Corporation)
Task: {A4D4CDC5-5EC9-4B8C-BAFE-BC52DE0673AD} - System32\Tasks\PDVDServ12 Task => C:\Program Files (x86)\Lenovo\PowerDVD12\PDVD12Serv.exe [85432 2015-05-28] (CyberLink Corp. -> CyberLink Corp.)
Task: {A6C95E1A-028F-40E5-AE93-5E25F54CA147} - System32\Tasks\Lenovo\LSC\LSCHardwareScanPostpone => C:\Program Files\Lenovo\Lenovo Solution Center\LSC.exe [9476544 2015-08-07] (LENOVO -> )
Task: {A91B3760-F77E-4C31-A041-507F0D925F4A} - System32\Tasks\Lenovo\LSC\Lenovo Solution Center Notifications => C:\Program Files\Lenovo\Lenovo Solution Center\LSCNotify.exe [1320384 2015-08-07] (LENOVO -> Lenovo)
Task: {AFF0EFDA-9B0F-4CDB-AA11-98078E6E7651} - System32\Tasks\Microsoft\Office\Office 15 Subscription Heartbeat => C:\Program Files\Common Files\Microsoft Shared\Office15\OLicenseHeartbeat.exe
Task: {B88A5CD1-5AE5-4175-A369-FE0BF5C97EE8} - System32\Tasks\Lenovo\LSC\LSCHardwareScan => C:\Program Files\Lenovo\Lenovo Solution Center\LSC.exe [9476544 2015-08-07] (LENOVO -> )
Task: {C8556EA1-FF3B-4709-AF65-BB3CD0303413} - System32\Tasks\Lenovo\QuickOptimizer => C:\Program Files\lenovo\QuickOptimizer\QuickOptimizerIcon.exe [1149344 2015-07-10] (LENOVO -> Lenovo)
Task: {C8ADD3D0-3082-458F-9DF4-F7EA1A61EE01} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [153752 2016-11-30] (Google Inc -> Google Inc.)
Task: {C9A22365-D90B-4381-98CA-2C785E8C837C} - System32\Tasks\LivigentICUpgradeTask => C:\WINDOWS\Lvgic10u.exe [570216 2019-04-15] (Rnd Software Group Inc. -> )
Task: {CAD5228B-2E1F-41E6-B21F-F2DA1AD88DFD} - System32\Tasks\Avast Secure Browser Heartbeat Task (Hourly) => C:\Program Files (x86)\AVAST Software\Browser\Application\AvastBrowser.exe [1808504 2019-07-18] (AVAST Software s.r.o. -> AVAST Software)
Task: {F8A7A70E-3592-42EE-8913-7B3C4FF6ACD2} - System32\Tasks\AvastUpdateTaskMachineCore => C:\Program Files (x86)\AVAST Software\Browser\Update\AvastBrowserUpdate.exe [164984 2019-05-28] (AVAST Software s.r.o. -> AVAST Software)

(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)


==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

Tcpip\Parameters: [DhcpNameServer] 192.168.1.1
Tcpip\..\Interfaces\{c1348638-2fbd-4861-9436-169088fb0f1e}: [DhcpNameServer] 150.208.1.3
Tcpip\..\Interfaces\{eb25a60a-35cb-4a6d-a41d-0de9d46e32bf}: [DhcpNameServer] 192.168.1.1

Internet Explorer:
==================
HKU\S-1-5-21-1936064907-1069411923-2261509573-1001\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://lenovo15.msn.com/?pc=LCTE
HKU\S-1-5-21-1936064907-1069411923-2261509573-1001\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://lenovo15.msn.com/?pc=LCTE
HKU\S-1-5-21-1936064907-1069411923-2261509573-1001\Software\Microsoft\Internet Explorer\Main,Secondary Start Pages = hxxp://mystart.lenovo.com
BHO: Skype for Business Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files\Microsoft Office\Office15\OCHelper.dll [2019-06-25] (Microsoft Corporation -> Microsoft Corporation)
BHO: Microsoft SkyDrive Pro Browser Helper -> {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} -> C:\Program Files\Microsoft Office\Office15\GROOVEEX.DLL [2018-05-15] (Microsoft Corporation -> Microsoft Corporation)
BHO-x32: Skype for Business Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files (x86)\Microsoft Office\Office15\OCHelper.dll [2019-06-25] (Microsoft Corporation -> Microsoft Corporation)
BHO-x32: Microsoft SkyDrive Pro Browser Helper -> {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} -> C:\Program Files (x86)\Microsoft Office\Office15\GROOVEEX.DLL [2018-05-15] (Microsoft Corporation -> Microsoft Corporation)

FireFox:
========
FF DefaultProfile: 0enx8hcf.default
FF ProfilePath: C:\Users\Rifka\AppData\Roaming\Mozilla\Firefox\Profiles\0enx8hcf.default [2019-08-07]
FF Plugin: @microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.50918.0\npctrl.dll [2018-10-23] (Microsoft Corporation -> Microsoft Corporation)
FF Plugin-x32: @microsoft.com/Lync,version=15.0 -> C:\Program Files (x86)\Mozilla Firefox\plugins\npmeetingjoinpluginoc.dll [2017-09-12] (Microsoft Corporation -> Microsoft Corporation)
FF Plugin-x32: @microsoft.com/NpCtrl,version=1.0 -> c:\Program Files (x86)\Microsoft Silverlight\5.1.50918.0\npctrl.dll [2018-10-23] (Microsoft Corporation -> Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~2\MICROS~1\Office15\NPSPWRAP.DLL [2014-01-23] (Microsoft Corporation -> Microsoft Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.34.11\npGoogleUpdate3.dll [2019-05-15] (Google Inc -> Google LLC)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.34.11\npGoogleUpdate3.dll [2019-05-15] (Google Inc -> Google LLC)

Chrome:
=======
CHR Profile: C:\Users\Rifka\AppData\Local\Google\Chrome\User Data\Default [2019-08-08]
CHR Extension: (Slides) - C:\Users\Rifka\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2017-12-24]
CHR Extension: (Docs) - C:\Users\Rifka\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2017-12-24]
CHR Extension: (Google Drive) - C:\Users\Rifka\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2018-10-18]
CHR Extension: (YouTube) - C:\Users\Rifka\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2016-11-30]
CHR Extension: (Sheets) - C:\Users\Rifka\AppData\Local\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2017-12-24]
CHR Extension: (Google Docs Offline) - C:\Users\Rifka\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2018-08-29]
CHR Extension: (Avast Online Security) - C:\Users\Rifka\AppData\Local\Google\Chrome\User Data\Default\Extensions\gomekmidlodglbbmalcneegieacbdmki [2019-08-04]
CHR Extension: (DS Amazon Quick View) - C:\Users\Rifka\AppData\Local\Google\Chrome\User Data\Default\Extensions\jkompbllimaoekaogchhkmkdogpkhojg [2019-07-25]
CHR Extension: (Grammarly for Chrome) - C:\Users\Rifka\AppData\Local\Google\Chrome\User Data\Default\Extensions\kbfnbcaeplbcioakkpcpgfkobkghlhen [2019-08-01]
CHR Extension: (Keepa - Amazon Price Tracker) - C:\Users\Rifka\AppData\Local\Google\Chrome\User Data\Default\Extensions\neebplgakaahbhdphmkckjjcegoiijjo [2019-03-04]
CHR Extension: (Chrome Web Store Payments) - C:\Users\Rifka\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2018-04-17]
CHR Extension: (Gmail) - C:\Users\Rifka\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2019-04-29]
CHR Extension: (Chrome Media Router) - C:\Users\Rifka\AppData\Local\Google\Chrome\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm [2019-08-05]
CHR Profile: C:\Users\Rifka\AppData\Local\Google\Chrome\User Data\System Profile [2019-08-01]
CHR HKLM-x32\...\Chrome\Extension: [gomekmidlodglbbmalcneegieacbdmki] - hxxps://clients2.google.com/service/update2/crx

==================== Services (Whitelisted) ====================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R2 AGMService; C:\Program Files (x86)\Common Files\Adobe\AdobeGCClient\AGMService.exe [3117648 2019-07-04] (Adobe Inc. -> Adobe Systems, Incorporated)
R2 AGSService; C:\Program Files (x86)\Common Files\Adobe\AdobeGCClient\AGSService.exe [2888272 2019-07-04] (Adobe Inc. -> Adobe Systems, Incorporated)
R3 aswbIDSAgent; C:\Program Files\AVAST Software\Avast\aswidsagent.exe [6797008 2019-08-01] (AVAST Software s.r.o. -> AVAST Software)
S2 avast; C:\Program Files (x86)\AVAST Software\Browser\Update\AvastBrowserUpdate.exe [164984 2019-05-28] (AVAST Software s.r.o. -> AVAST Software)
R2 avast! Antivirus; C:\Program Files\AVAST Software\Avast\AvastSvc.exe [414976 2019-08-01] (AVAST Software s.r.o. -> AVAST Software)
S3 avastm; C:\Program Files (x86)\AVAST Software\Browser\Update\AvastBrowserUpdate.exe [164984 2019-05-28] (AVAST Software s.r.o. -> AVAST Software)
S3 AvastSecureBrowserElevationService; C:\Program Files (x86)\AVAST Software\Browser\Application\75.1.1528.101\elevation_service.exe [978720 2019-07-18] (AVAST Software s.r.o. -> AVAST Software)
S3 AvastWscReporter; C:\Program Files\AVAST Software\Avast\wsc_proxy.exe [57504 2019-08-01] (AVAST Software s.r.o. -> AVAST Software)
R2 CCSDK; C:\Program Files (x86)\Lenovo\CCSDK\CCSDK.exe [650680 2015-07-29] (LENOVO -> Lenovo)
U2 DispatcherIC; C:\WINDOWS\LvgIC555\Dispatcher\DispatcherIC.dll [3284328 2019-04-15] (Rnd Software Group Inc. -> )
R2 ETDService; C:\Program Files\Elantech\ETDService.exe [143584 2018-02-07] (ELAN Microelectronics Corporation -> ELAN Microelectronics Corp.)
R2 FastbootService; C:\Program Files (x86)\Lenovo\LenovoPortal\FastBoot\FbService.exe [288768 2015-10-10] (Lenovo) [File not signed]
R2 GDCAgent; C:\Program Files (x86)\Lenovo\GDCAgentSetupRed\GDCAgent.exe [1155512 2015-07-29] (LENOVO -> Lenovo)
S2 ibtsiva; C:\WINDOWS\system32\ibtsiva.exe [190208 2018-10-08] (Intel Corporation-Wireless Connectivity Solutions -> Intel Corporation)
R2 igfxCUIService2.0.0.0; C:\WINDOWS\system32\igfxCUIService.exe [373680 2018-02-07] (Intel(R) pGFX -> Intel Corporation)
S2 ImControllerService; c:\Program Files\Lenovo\ImController\Service\Lenovo.Modern.ImController.exe [62792 2016-11-16] () [File not signed]
S2 LenovoPortalService; C:\Program Files (x86)\Lenovo\LenovoPortal\LenovoPortalService.exe [24312 2015-10-10] (LENOVO -> )
S3 LSCWinService; C:\Program Files\Lenovo\Lenovo Solution Center\App\LSCWinService.exe [271296 2015-08-07] (LENOVO -> Lenovo)
U2 MainIC; C:\WINDOWS\LvgIC555\IC.dll [12319080 2019-04-15] (Rnd Software Group Inc. -> )
R2 MBAMService; C:\Program Files\Malwarebytes\Anti-Malware\mbamservice.exe [6744288 2019-06-26] (Malwarebytes Corporation -> Malwarebytes)
S3 MyWiFiDHCPDNS; C:\Program Files\Intel\WiFi\bin\PanDhcpDns.exe [268704 2016-10-06] (Intel Corporation-Wireless Connectivity Solutions -> )
R2 TeamViewer; C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe [11969880 2019-07-03] (TeamViewer GmbH -> TeamViewer GmbH)
R2 UpdateAgentService; C:\Program Files\update\UpdateAgent.exe [226216 2015-10-10] (LENOVO -> )
U2 WatchdogIC; C:\WINDOWS\LvgIC555\ICWatchdog.dll [5047144 2019-04-15] (Rnd Software Group Inc. -> )
S3 WdNisSvc; C:\ProgramData\Microsoft\Windows Defender\platform\4.18.1904.1-0\NisSrv.exe [3851264 2019-04-28] (Microsoft Corporation -> Microsoft Corporation)
S3 WinDefend; C:\ProgramData\Microsoft\Windows Defender\platform\4.18.1904.1-0\MsMpEng.exe [118144 2019-04-28] (Microsoft Corporation -> Microsoft Corporation)
R2 ZeroConfigService; C:\Program Files\Intel\WiFi\bin\ZeroConfigService.exe [3732896 2016-10-06] (Intel Corporation-Wireless Connectivity Solutions -> Intel® Corporation)

===================== Drivers (Whitelisted) ======================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R0 aswArDisk; C:\WINDOWS\System32\drivers\aswArDisk.sys [37320 2019-08-01] (AVAST Software s.r.o. -> AVAST Software)
R1 aswArPot; C:\WINDOWS\System32\drivers\aswArPot.sys [209256 2019-08-01] (AVAST Software s.r.o. -> AVAST Software)
R1 aswbidsdriver; C:\WINDOWS\System32\drivers\aswbidsdriver.sys [263224 2019-08-01] (AVAST Software s.r.o. -> AVAST Software)
R0 aswbidsh; C:\WINDOWS\System32\drivers\aswbidsh.sys [206056 2019-08-01] (AVAST Software s.r.o. -> AVAST Software)
R0 aswbuniv; C:\WINDOWS\System32\drivers\aswbuniv.sys [61688 2019-08-01] (AVAST Software s.r.o. -> AVAST Software)
R0 aswElam; C:\WINDOWS\System32\drivers\aswElam.sys [15488 2019-05-28] (Microsoft Windows Early Launch Anti-malware Publisher -> AVAST Software)
R1 aswHdsKe; C:\WINDOWS\System32\drivers\aswHdsKe.sys [279336 2019-08-01] (AVAST Software s.r.o. -> AVAST Software)
R1 aswKbd; C:\WINDOWS\System32\drivers\aswKbd.sys [42504 2019-08-01] (AVAST Software s.r.o. -> AVAST Software)
R2 aswMonFlt; C:\WINDOWS\System32\drivers\aswMonFlt.sys [168896 2019-08-01] (AVAST Software s.r.o. -> AVAST Software)
R1 aswRdr; C:\WINDOWS\System32\drivers\aswRdr2.sys [112520 2019-08-01] (AVAST Software s.r.o. -> AVAST Software)
R0 aswRvrt; C:\WINDOWS\System32\drivers\aswRvrt.sys [88160 2019-08-01] (AVAST Software s.r.o. -> AVAST Software)
R1 aswSnx; C:\WINDOWS\System32\drivers\aswSnx.sys [1030784 2019-08-01] (AVAST Software s.r.o. -> AVAST Software)
R1 aswSP; C:\WINDOWS\System32\drivers\aswSP.sys [477288 2019-08-01] (AVAST Software s.r.o. -> AVAST Software)
R2 aswStm; C:\WINDOWS\System32\drivers\aswStm.sys [225816 2019-08-01] (AVAST Software s.r.o. -> AVAST Software)
R0 aswVmm; C:\WINDOWS\System32\drivers\aswVmm.sys [387688 2019-08-05] (AVAST Software s.r.o. -> AVAST Software)
S3 dg_ssudbus; C:\WINDOWS\system32\DRIVERS\ssudbus.sys [131712 2018-02-25] (Samsung Electronics CO., LTD. -> Samsung Electronics Co., Ltd.)
R3 ETDSMBus; C:\WINDOWS\system32\DRIVERS\ETDSMBus.sys [41040 2018-02-07] (ELAN MICROELECTRONICS CORPORATION -> ELAN Microelectronic Corp.)
R0 Fastboot; C:\WINDOWS\System32\DRIVERS\Fastboot.sys [67608 2015-10-10] (New Horizon DataSys Inc. -> Windows (R) Win 7 DDK provider) [File not signed]
R0 FBFsmon; C:\WINDOWS\System32\DRIVERS\FBFsmon.sys [39448 2015-10-10] (New Horizon DataSys Inc. -> Windows (R) Win 7 DDK provider) [File not signed]
R3 ibtusb; C:\WINDOWS\system32\DRIVERS\ibtusb.sys [230144 2018-10-08] (Intel Corporation-Wireless Connectivity Solutions -> Intel Corporation)
R2 ICHFilter; C:\WINDOWS\LvgIC555\ICHFilter.sys [43000 2019-04-15] (Rnd Software Group Inc. -> )
S3 ldiagio_uefi; C:\Program Files\Lenovo\Lenovo Solution Center\App\ldiag\x64\ldiagio_uefi.sys [24808 2015-04-02] (Lenovo Information Products (Shenzhen) Co.,Ltd -> Lenovo Group Limited (R))
S0 MbamElam; C:\WINDOWS\System32\DRIVERS\MbamElam.sys [20936 2019-06-26] (Microsoft Windows Early Launch Anti-malware Publisher -> Malwarebytes)
R3 MBAMSwissArmy; C:\WINDOWS\System32\Drivers\mbamswissarmy.sys [275232 2019-08-05] (Malwarebytes Corporation -> Malwarebytes)
R3 NETwNb64; C:\WINDOWS\system32\DRIVERS\Netwbw02.sys [3525896 2018-10-08] (Intel Corporation-Wireless Connectivity Solutions -> Intel Corporation)
R3 rt640x64; C:\WINDOWS\System32\drivers\rt640x64.sys [886528 2015-05-28] (Realtek Semiconductor Corp -> Realtek )
R3 RTSUER; C:\WINDOWS\system32\Drivers\RtsUer.sys [410880 2015-11-04] (Realtek Semiconductor Corp -> Realsil Semiconductor Corporation)
R3 rtsuvc; C:\WINDOWS\system32\DRIVERS\rtsuvc.sys [3059416 2015-06-11] (Realtek Semiconductor Corp -> Realtek Semiconductor Corp.)
S3 ssudmdm; C:\WINDOWS\system32\DRIVERS\ssudmdm.sys [165504 2018-02-25] (Samsung Electronics CO., LTD. -> Samsung Electronics Co., Ltd.)
S3 WdBoot; C:\WINDOWS\system32\drivers\wd\WdBoot.sys [46472 2019-04-28] (Microsoft Windows Early Launch Anti-malware Publisher -> Microsoft Corporation)
S3 WdFilter; C:\WINDOWS\system32\drivers\wd\WdFilter.sys [344544 2019-04-28] (Microsoft Windows -> Microsoft Corporation)
S3 WdNisDrv; C:\WINDOWS\System32\drivers\wd\WdNisDrv.sys [60896 2019-04-28] (Microsoft Windows -> Microsoft Corporation)
R1 wfpliv; C:\WINDOWS\LvgIC555\wfpliv.sys [96840 2019-04-15] (Rnd Software Group Inc. -> Windows (R) Win 7 DDK provider)
S3 wsvd; C:\WINDOWS\system32\DRIVERS\wsvd.sys [102376 2012-06-13] (CyberLink -> "CyberLink)

==================== NetSvcs (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)


==================== One month (created) ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2019-08-08 11:26 - 2019-08-08 11:30 - 000035342 _____ C:\Users\Rifka\Desktop\FRST.txt
2019-08-08 11:26 - 2019-08-08 11:26 - 023215162 _____ C:\WINDOWS\lc45fvksda4
2019-08-08 11:24 - 2019-08-08 11:26 - 000000000 ____D C:\FRST
2019-08-08 11:24 - 2019-08-08 11:24 - 002096640 _____ (Farbar) C:\Users\Rifka\Desktop\FRST64.exe
2019-08-06 01:40 - 2019-08-06 01:41 - 000000000 ___HD C:\temp
2019-08-06 01:13 - 2019-08-06 01:13 - 000000000 ____D C:\Users\Rifka\AppData\LocalLow\Adobe
2019-08-06 00:26 - 2019-08-07 13:00 - 000002820 _____ C:\WINDOWS\System32\Tasks\AdobeGCInvoker-1.0-LAPTOP-KLLUT3VL-Rifka
2019-08-06 00:24 - 2019-08-06 00:24 - 000000000 ____D C:\Users\Rifka\Documents\Adobe
2019-08-06 00:12 - 2019-08-06 01:35 - 000000000 ___RD C:\Users\Rifka\Creative Cloud Files
2019-08-06 00:06 - 2019-08-06 01:41 - 000000000 ____D C:\ProgramData\Adobe
2019-08-06 00:05 - 2019-08-06 01:40 - 000000000 ____D C:\Program Files (x86)\Adobe
2019-08-06 00:02 - 2019-08-06 00:12 - 000000000 ____D C:\Users\Rifka\AppData\Local\Adobe
2019-08-05 17:48 - 2019-08-07 13:00 - 000002590 _____ C:\WINDOWS\System32\Tasks\CreateExplorerShellUnelevatedTask
2019-08-05 17:46 - 2019-08-05 17:50 - 000002579 _____ C:\Users\Rifka\Desktop\kprm-201908051746.txt
2019-08-05 17:46 - 2019-08-05 17:46 - 000000000 ____D C:\KPRM
2019-08-05 12:06 - 2019-08-05 12:06 - 000002690 _____ C:\Users\Rifka\Desktop\AdwCleaner[S00].txt
2019-08-05 11:49 - 2019-08-05 11:49 - 000001231 _____ C:\Users\Rifka\Desktop\malwarebytes scan.txt
2019-08-05 11:38 - 2019-08-05 11:38 - 000275232 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\mbamswissarmy.sys
2019-08-05 11:38 - 2019-08-05 11:38 - 000001919 _____ C:\Users\Public\Desktop\Malwarebytes.lnk
2019-08-05 11:38 - 2019-08-05 11:38 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes
2019-08-05 11:38 - 2019-06-26 13:00 - 000020936 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\MbamElam.sys
2019-08-05 11:38 - 2019-01-08 16:32 - 000153328 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\mbae64.sys
2019-08-05 11:22 - 2019-08-05 11:22 - 064333800 _____ (Malwarebytes ) C:\Users\Rifka\Desktop\mb3-setup-37469.37469-3.8.3.2965-1.0.613-1.0.11270.exe
2019-08-04 00:45 - 2019-08-04 00:45 - 000931284 _____ C:\Users\Rifka\Desktop\Amazon.com_ Cuisinart 100% Cotton Terry Super Absorbent Kitchen Towel, Checkered, Deep Red_ Home & Kitchen.html
2019-08-04 00:45 - 2019-08-04 00:45 - 000000000 ____D C:\Users\Rifka\Desktop\Amazon.com_ Cuisinart 100% Cotton Terry Super Absorbent Kitchen Towel, Checkered, Deep Red_ Home & Kitchen_files
2019-08-04 00:08 - 2019-08-04 00:08 - 000000000 ____D C:\Program Files\UNP
2019-08-01 22:13 - 2019-08-01 22:13 - 000002095 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Avast Free Antivirus.lnk
2019-08-01 22:13 - 2019-08-01 22:13 - 000002083 _____ C:\Users\Public\Desktop\Avast Free Antivirus.lnk
2019-08-01 22:11 - 2019-08-01 22:12 - 000168896 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswMonFlt.sys
2019-08-01 22:11 - 2019-08-01 22:10 - 000363400 _____ (AVAST Software) C:\WINDOWS\system32\aswBoot.exe
2019-08-01 22:11 - 2019-08-01 22:10 - 000279336 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswHdsKe.sys
2019-08-01 22:11 - 2019-08-01 22:10 - 000225816 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswStm.sys
2019-08-01 22:11 - 2019-08-01 22:10 - 000037320 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswArDisk.sys
2019-08-01 21:56 - 2019-08-01 21:56 - 056197403 ____H C:\WINDOWS\r1vk4tfj419
2019-07-28 21:22 - 2019-07-28 21:22 - 000000000 ____D C:\SecurityCheck
2019-07-23 20:19 - 2019-07-23 20:19 - 000000000 _____ C:\Users\Rifka\AppData\Local\{7AB63D8A-44E6-44F0-B0EA-8A04E1B7D118}
2019-07-23 20:18 - 2019-07-23 20:18 - 000000000 _____ C:\Users\Rifka\AppData\Local\{7D402813-38A9-4F20-9594-ECC8D70EF2A0}
2019-07-17 05:12 - 2019-07-04 00:56 - 007519896 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Media.Protection.PlayReady.dll
2019-07-17 05:12 - 2019-07-04 00:42 - 006570368 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Media.Protection.PlayReady.dll
2019-07-17 05:12 - 2019-07-04 00:37 - 025857536 _____ (Microsoft Corporation) C:\WINDOWS\system32\edgehtml.dll
2019-07-17 05:12 - 2019-07-04 00:29 - 022717440 _____ (Microsoft Corporation) C:\WINDOWS\system32\mshtml.dll
2019-07-17 05:11 - 2019-07-04 05:43 - 000094008 _____ (Microsoft Corporation) C:\WINDOWS\system32\rdpudd.dll
2019-07-17 05:11 - 2019-07-04 05:40 - 021390504 _____ (Microsoft Corporation) C:\WINDOWS\system32\shell32.dll
2019-07-17 05:11 - 2019-07-04 05:40 - 001631808 _____ (Microsoft Corporation) C:\WINDOWS\system32\gdi32full.dll
2019-07-17 05:11 - 2019-07-04 05:40 - 001616840 _____ (Microsoft Corporation) C:\WINDOWS\system32\sppobjs.dll
2019-07-17 05:11 - 2019-07-04 05:40 - 000790416 _____ (Microsoft Corporation) C:\WINDOWS\system32\fontdrvhost.exe
2019-07-17 05:11 - 2019-07-04 05:22 - 000131072 _____ (Microsoft Corporation) C:\WINDOWS\splwow64.exe
2019-07-17 05:11 - 2019-07-04 05:22 - 000128000 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppxSysprep.dll
2019-07-17 05:11 - 2019-07-04 05:21 - 008627200 _____ (Microsoft Corporation) C:\WINDOWS\system32\mstscax.dll
2019-07-17 05:11 - 2019-07-04 05:20 - 001609216 _____ (Microsoft Corporation) C:\WINDOWS\system32\rdpcorets.dll
2019-07-17 05:11 - 2019-07-04 05:19 - 000420864 _____ (Microsoft Corporation) C:\WINDOWS\system32\rdpclip.exe
2019-07-17 05:11 - 2019-07-04 05:18 - 003614208 _____ (Microsoft Corporation) C:\WINDOWS\system32\win32kfull.sys
2019-07-17 05:11 - 2019-07-04 05:18 - 001663488 _____ (Microsoft Corporation) C:\WINDOWS\system32\GdiPlus.dll
2019-07-17 05:11 - 2019-07-04 04:56 - 001453416 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\gdi32full.dll
2019-07-17 05:11 - 2019-07-04 04:54 - 000662352 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\fontdrvhost.exe
2019-07-17 05:11 - 2019-07-04 04:51 - 020384128 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\shell32.dll
2019-07-17 05:11 - 2019-07-04 04:41 - 007990784 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mstscax.dll
2019-07-17 05:11 - 2019-07-04 04:37 - 002882048 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\win32kfull.sys
2019-07-17 05:11 - 2019-07-04 04:36 - 001471488 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\GdiPlus.dll
2019-07-17 05:11 - 2019-07-04 01:00 - 001035040 _____ (Microsoft Corporation) C:\WINDOWS\system32\ApplyTrustOffline.exe
2019-07-17 05:11 - 2019-07-04 00:58 - 001328440 _____ (Microsoft Corporation) C:\WINDOWS\system32\wpx.dll
2019-07-17 05:11 - 2019-07-04 00:58 - 001219896 _____ (Microsoft Corporation) C:\WINDOWS\system32\hvix64.exe
2019-07-17 05:11 - 2019-07-04 00:58 - 000416312 _____ (Microsoft Corporation) C:\WINDOWS\system32\wlanapi.dll
2019-07-17 05:11 - 2019-07-04 00:58 - 000192824 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\appid.sys
2019-07-17 05:11 - 2019-07-04 00:57 - 003292152 _____ (Microsoft Corporation) C:\WINDOWS\system32\combase.dll
2019-07-17 05:11 - 2019-07-04 00:57 - 001027384 _____ (Microsoft Corporation) C:\WINDOWS\system32\hvax64.exe
2019-07-17 05:11 - 2019-07-04 00:57 - 000986128 _____ (Microsoft Corporation) C:\WINDOWS\system32\SettingSyncHost.exe
2019-07-17 05:11 - 2019-07-04 00:57 - 000776784 _____ (Microsoft Corporation) C:\WINDOWS\system32\wer.dll
2019-07-17 05:11 - 2019-07-04 00:57 - 000723728 _____ (Microsoft Corporation) C:\WINDOWS\system32\ci.dll
2019-07-17 05:11 - 2019-07-04 00:57 - 000708696 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\cng.sys
2019-07-17 05:11 - 2019-07-04 00:57 - 000568104 _____ (Microsoft Corporation) C:\WINDOWS\system32\tcblaunch.exe
2019-07-17 05:11 - 2019-07-04 00:57 - 000362264 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Storage.ApplicationData.dll
2019-07-17 05:11 - 2019-07-04 00:57 - 000209424 _____ (Microsoft Corporation) C:\WINDOWS\system32\wermgr.exe
2019-07-17 05:11 - 2019-07-04 00:57 - 000194360 _____ (Microsoft Corporation) C:\WINDOWS\system32\skci.dll
2019-07-17 05:11 - 2019-07-04 00:57 - 000137656 _____ (Microsoft Corporation) C:\WINDOWS\system32\bcrypt.dll
2019-07-17 05:11 - 2019-07-04 00:57 - 000134968 _____ (Microsoft Corporation) C:\WINDOWS\system32\hvloader.dll
2019-07-17 05:11 - 2019-07-04 00:57 - 000091776 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\dumpfve.sys
2019-07-17 05:11 - 2019-07-04 00:56 - 009084216 _____ (Microsoft Corporation) C:\WINDOWS\system32\ntoskrnl.exe
2019-07-17 05:11 - 2019-07-04 00:56 - 007436536 _____ (Microsoft Corporation) C:\WINDOWS\system32\windows.storage.dll
2019-07-17 05:11 - 2019-07-04 00:56 - 002810680 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\dxgkrnl.sys
2019-07-17 05:11 - 2019-07-04 00:56 - 002571640 _____ (Microsoft Corporation) C:\WINDOWS\system32\KernelBase.dll
2019-07-17 05:11 - 2019-07-04 00:56 - 001566520 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppxPackaging.dll
2019-07-17 05:11 - 2019-07-04 00:56 - 001459120 _____ (Microsoft Corporation) C:\WINDOWS\system32\winload.efi
2019-07-17 05:11 - 2019-07-04 00:56 - 001260776 _____ (Microsoft Corporation) C:\WINDOWS\system32\winload.exe
2019-07-17 05:11 - 2019-07-04 00:56 - 001141496 _____ (Microsoft Corporation) C:\WINDOWS\system32\winresume.efi
2019-07-17 05:11 - 2019-07-04 00:56 - 000983936 _____ (Microsoft Corporation) C:\WINDOWS\system32\winresume.exe
2019-07-17 05:11 - 2019-07-04 00:56 - 000767536 _____ (Microsoft Corporation) C:\WINDOWS\system32\dnsapi.dll
2019-07-17 05:11 - 2019-07-04 00:56 - 000734952 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppXDeploymentClient.dll
2019-07-17 05:11 - 2019-07-04 00:56 - 000713272 _____ (Microsoft Corporation) C:\WINDOWS\system32\MSVideoDSP.dll
2019-07-17 05:11 - 2019-07-04 00:56 - 000604984 _____ (Microsoft Corporation) C:\WINDOWS\system32\securekernel.exe
2019-07-17 05:11 - 2019-07-04 00:56 - 000493752 _____ (Microsoft Corporation) C:\WINDOWS\system32\bcryptprimitives.dll
2019-07-17 05:11 - 2019-07-04 00:56 - 000115512 _____ (Microsoft Corporation) C:\WINDOWS\system32\kdnet.dll
2019-07-17 05:11 - 2019-07-04 00:43 - 000832016 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\SettingSyncHost.exe
2019-07-17 05:11 - 2019-07-04 00:43 - 000665440 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wer.dll
2019-07-17 05:11 - 2019-07-04 00:43 - 000328696 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wlanapi.dll
2019-07-17 05:11 - 2019-07-04 00:43 - 000287376 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Storage.ApplicationData.dll
2019-07-17 05:11 - 2019-07-04 00:43 - 000191800 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wermgr.exe
2019-07-17 05:11 - 2019-07-04 00:42 - 006044008 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\windows.storage.dll
2019-07-17 05:11 - 2019-07-04 00:42 - 002479176 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\combase.dll
2019-07-17 05:11 - 2019-07-04 00:42 - 001980984 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\KernelBase.dll
2019-07-17 05:11 - 2019-07-04 00:42 - 001427768 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\AppxPackaging.dll
2019-07-17 05:11 - 2019-07-04 00:42 - 000573808 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dnsapi.dll
2019-07-17 05:11 - 2019-07-04 00:42 - 000356312 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\bcryptprimitives.dll
2019-07-17 05:11 - 2019-07-04 00:42 - 000097272 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\bcrypt.dll
2019-07-17 05:11 - 2019-07-04 00:41 - 000559328 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\AppXDeploymentClient.dll
2019-07-17 05:11 - 2019-07-04 00:33 - 022017536 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\edgehtml.dll
2019-07-17 05:11 - 2019-07-04 00:26 - 004385280 _____ (Microsoft Corporation) C:\WINDOWS\system32\EdgeContent.dll
2019-07-17 05:11 - 2019-07-04 00:26 - 000310272 _____ (Microsoft Corporation) C:\WINDOWS\system32\wc_storage.dll
2019-07-17 05:11 - 2019-07-04 00:26 - 000051200 _____ (Microsoft Corporation) C:\WINDOWS\system32\TpmTasks.dll
2019-07-17 05:11 - 2019-07-04 00:25 - 019372544 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mshtml.dll
2019-07-17 05:11 - 2019-07-04 00:25 - 007589888 _____ (Microsoft Corporation) C:\WINDOWS\system32\Chakra.dll
2019-07-17 05:11 - 2019-07-04 00:25 - 004861440 _____ (Microsoft Corporation) C:\WINDOWS\system32\jscript9.dll
2019-07-17 05:11 - 2019-07-04 00:25 - 003401216 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppXDeploymentServer.dll
2019-07-17 05:11 - 2019-07-04 00:25 - 000295424 _____ (Microsoft Corporation) C:\WINDOWS\system32\TDLMigration.dll
2019-07-17 05:11 - 2019-07-04 00:25 - 000079872 _____ (Microsoft Corporation) C:\WINDOWS\system32\offreg.dll
2019-07-17 05:11 - 2019-07-04 00:24 - 000567808 _____ (Microsoft Corporation) C:\WINDOWS\system32\daxexec.dll
2019-07-17 05:11 - 2019-07-04 00:24 - 000462336 _____ (Microsoft Corporation) C:\WINDOWS\system32\bcdedit.exe
2019-07-17 05:11 - 2019-07-04 00:24 - 000153600 _____ (Microsoft Corporation) C:\WINDOWS\system32\dssvc.dll
2019-07-17 05:11 - 2019-07-04 00:23 - 001765888 _____ (Microsoft Corporation) C:\WINDOWS\system32\audiosrv.dll
2019-07-17 05:11 - 2019-07-04 00:23 - 001217536 _____ (Microsoft Corporation) C:\WINDOWS\system32\rdpcore.dll
2019-07-17 05:11 - 2019-07-04 00:22 - 003707904 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\jscript9.dll
2019-07-17 05:11 - 2019-07-04 00:22 - 002587648 _____ (Microsoft Corporation) C:\WINDOWS\system32\wlansvc.dll
2019-07-17 05:11 - 2019-07-04 00:22 - 002176000 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppXDeploymentExtensions.onecore.dll
2019-07-17 05:11 - 2019-07-04 00:22 - 001561088 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppXDeploymentExtensions.desktop.dll
2019-07-17 05:11 - 2019-07-04 00:22 - 001549824 _____ (Microsoft Corporation) C:\WINDOWS\system32\lsasrv.dll
2019-07-17 05:11 - 2019-07-04 00:22 - 001175552 _____ (Microsoft Corporation) C:\WINDOWS\system32\SettingSyncCore.dll
2019-07-17 05:11 - 2019-07-04 00:22 - 000300544 _____ (Microsoft Corporation) C:\WINDOWS\system32\dnsrslvr.dll
2019-07-17 05:11 - 2019-07-04 00:22 - 000110592 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\profext.dll
2019-07-17 05:11 - 2019-07-04 00:21 - 005784064 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Chakra.dll
2019-07-17 05:11 - 2019-07-04 00:21 - 005307392 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\d2d1.dll
2019-07-17 05:11 - 2019-07-04 00:21 - 003202560 _____ (Microsoft Corporation) C:\WINDOWS\system32\DWrite.dll
2019-07-17 05:11 - 2019-07-04 00:21 - 002166784 _____ (Microsoft Corporation) C:\WINDOWS\system32\win32kbase.sys
2019-07-17 05:11 - 2019-07-04 00:21 - 001920000 _____ (Microsoft Corporation) C:\WINDOWS\system32\FntCache.dll
2019-07-17 05:11 - 2019-07-04 00:21 - 001220608 _____ (Microsoft Corporation) C:\WINDOWS\system32\Unistore.dll
2019-07-17 05:11 - 2019-07-04 00:21 - 000324096 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppxAllUserStore.dll
2019-07-17 05:11 - 2019-07-04 00:21 - 000124416 _____ (Microsoft Corporation) C:\WINDOWS\system32\profext.dll
2019-07-17 05:11 - 2019-07-04 00:21 - 000059392 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\offreg.dll
2019-07-17 05:11 - 2019-07-04 00:20 - 001156608 _____ (Microsoft Corporation) C:\WINDOWS\system32\rpcss.dll
2019-07-17 05:11 - 2019-07-04 00:20 - 000544256 _____ (Microsoft Corporation) C:\WINDOWS\system32\vbscript.dll
2019-07-17 05:11 - 2019-07-04 00:20 - 000392704 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\daxexec.dll
2019-07-17 05:11 - 2019-07-04 00:20 - 000330752 _____ (Microsoft Corporation) C:\WINDOWS\system32\ncryptprov.dll
2019-07-17 05:11 - 2019-07-04 00:19 - 000886272 _____ (Microsoft Corporation) C:\WINDOWS\system32\MPSSVC.dll
2019-07-17 05:11 - 2019-07-04 00:19 - 000230912 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\AppxAllUserStore.dll
2019-07-17 05:11 - 2019-07-04 00:18 - 002602496 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\DWrite.dll
2019-07-17 05:11 - 2019-07-04 00:18 - 001076224 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\rdpcore.dll
2019-07-17 05:11 - 2019-07-04 00:18 - 000965632 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Unistore.dll
2019-07-17 05:11 - 2019-07-04 00:18 - 000953344 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\SettingSyncCore.dll
2019-07-17 05:11 - 2019-07-04 00:18 - 000275968 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ncryptprov.dll
2019-07-17 05:11 - 2019-07-04 00:17 - 000531968 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\vbscript.dll
2019-07-17 05:11 - 2019-06-21 04:50 - 000280584 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\msiscsi.sys
2019-07-17 05:11 - 2019-06-13 08:15 - 000324408 _____ (Microsoft Corporation) C:\WINDOWS\system32\acmigration.dll
2019-07-17 05:11 - 2019-06-13 08:12 - 002871848 _____ (Microsoft Corporation) C:\WINDOWS\system32\aitstatic.exe
2019-07-17 05:11 - 2019-06-13 08:05 - 000810296 _____ (Microsoft Corporation) C:\WINDOWS\system32\generaltel.dll
2019-07-17 05:11 - 2019-06-13 08:04 - 001721144 _____ (Microsoft Corporation) C:\WINDOWS\system32\appraiser.dll
2019-07-17 05:11 - 2019-06-13 08:00 - 000464696 _____ (Microsoft Corporation) C:\WINDOWS\system32\invagent.dll
2019-07-17 05:11 - 2019-06-13 07:59 - 000740664 _____ (Microsoft Corporation) C:\WINDOWS\system32\aeinv.dll
2019-07-17 05:11 - 2019-06-13 07:58 - 000637752 _____ (Microsoft Corporation) C:\WINDOWS\system32\devinv.dll
2019-07-17 05:11 - 2019-06-13 07:58 - 000071480 _____ (Microsoft Corporation) C:\WINDOWS\system32\win32appinventorycsp.dll
2019-07-17 05:11 - 2019-06-13 07:56 - 000164152 _____ (Microsoft Corporation) C:\WINDOWS\system32\CompatTelRunner.exe
2019-07-17 05:11 - 2019-06-13 07:43 - 001048480 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Internal.Shell.Broker.dll
2019-07-17 05:11 - 2019-06-13 07:42 - 004038688 _____ (Microsoft Corporation) C:\WINDOWS\explorer.exe
2019-07-17 05:11 - 2019-06-13 07:42 - 000566536 _____ (Microsoft Corporation) C:\WINDOWS\system32\phoneactivate.exe
2019-07-17 05:11 - 2019-06-13 07:40 - 000540984 _____ (Microsoft Corporation) C:\WINDOWS\system32\pcasvc.dll
2019-07-17 05:11 - 2019-06-13 07:38 - 000766264 _____ (Microsoft Corporation) C:\WINDOWS\system32\LicensingWinRT.dll
2019-07-17 05:11 - 2019-06-13 07:37 - 000101192 _____ (Microsoft Corporation) C:\WINDOWS\system32\changepk.exe
2019-07-17 05:11 - 2019-06-13 07:36 - 000251000 _____ (Microsoft Corporation) C:\WINDOWS\system32\sppwinob.dll
2019-07-17 05:11 - 2019-06-13 07:36 - 000236520 _____ (Microsoft Corporation) C:\WINDOWS\system32\EditionUpgradeManagerObj.dll
2019-07-17 05:11 - 2019-06-13 07:35 - 001376688 _____ (Microsoft Corporation) C:\WINDOWS\system32\ole32.dll
2019-07-17 05:11 - 2019-06-13 07:34 - 000146888 _____ (Microsoft Corporation) C:\WINDOWS\system32\LicensingUI.exe
2019-07-17 05:11 - 2019-06-13 07:18 - 006586880 _____ (Microsoft Corporation) C:\WINDOWS\system32\twinui.dll
2019-07-17 05:11 - 2019-06-13 07:18 - 004847104 _____ (Microsoft Corporation) C:\WINDOWS\system32\SettingsHandlers_nt.dll
2019-07-17 05:11 - 2019-06-13 07:17 - 012756992 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieframe.dll
2019-07-17 05:11 - 2019-06-13 07:17 - 000178176 _____ (Microsoft Corporation) C:\WINDOWS\system32\dmvdsitf.dll
2019-07-17 05:11 - 2019-06-13 07:17 - 000093184 _____ (Microsoft Corporation) C:\WINDOWS\system32\WSReset.exe
2019-07-17 05:11 - 2019-06-13 07:16 - 000767488 _____ (Microsoft Corporation) C:\WINDOWS\system32\sppcommdlg.dll
2019-07-17 05:11 - 2019-06-13 07:15 - 004718080 _____ (Microsoft Corporation) C:\WINDOWS\system32\twinui.pcshell.dll
2019-07-17 05:11 - 2019-06-13 07:14 - 001127936 _____ (Microsoft Corporation) C:\WINDOWS\system32\nettrace.dll
2019-07-17 05:11 - 2019-06-13 07:14 - 000900096 _____ (Microsoft Corporation) C:\WINDOWS\system32\slui.exe
2019-07-17 05:11 - 2019-06-13 07:14 - 000346624 _____ (Microsoft Corporation) C:\WINDOWS\system32\AcGenral.dll
2019-07-17 05:11 - 2019-06-13 07:14 - 000246272 _____ (Microsoft Corporation) C:\WINDOWS\system32\DesktopSwitcherDataModel.dll
2019-07-17 05:11 - 2019-06-13 07:13 - 002920448 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.UI.Logon.dll
2019-07-17 05:11 - 2019-06-13 07:13 - 001339392 _____ (Microsoft Corporation) C:\WINDOWS\system32\TaskFlowDataEngine.dll
2019-07-17 05:11 - 2019-06-13 07:13 - 000951808 _____ (Microsoft Corporation) C:\WINDOWS\system32\sppcext.dll
2019-07-17 05:11 - 2019-06-13 07:13 - 000765440 _____ (Microsoft Corporation) C:\WINDOWS\system32\tdh.dll
2019-07-17 05:11 - 2019-06-13 07:12 - 000394240 _____ (Microsoft Corporation) C:\WINDOWS\system32\InputSwitch.dll
2019-07-17 05:11 - 2019-06-13 07:10 - 000239104 _____ (Microsoft Corporation) C:\WINDOWS\system32\vdsbas.dll
2019-07-17 05:11 - 2019-06-13 06:07 - 001027008 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ole32.dll
2019-07-17 05:11 - 2019-06-13 06:07 - 000660496 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\LicensingWinRT.dll
2019-07-17 05:11 - 2019-06-13 06:07 - 000221232 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\EditionUpgradeManagerObj.dll
2019-07-17 05:11 - 2019-06-13 06:05 - 003700160 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\explorer.exe
2019-07-17 05:11 - 2019-06-13 05:55 - 005657088 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\twinui.dll
2019-07-17 05:11 - 2019-06-13 05:54 - 011942912 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ieframe.dll
2019-07-17 05:11 - 2019-06-13 05:54 - 000151552 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dmvdsitf.dll
2019-07-17 05:11 - 2019-06-13 05:53 - 000089600 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\olepro32.dll
2019-07-17 05:11 - 2019-06-13 05:51 - 000622080 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\tdh.dll
2019-07-17 05:11 - 2019-06-13 05:50 - 000896512 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\sppcext.dll
2019-07-17 05:11 - 2019-06-13 05:49 - 002406400 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\AcGenral.dll
2019-07-17 05:11 - 2019-06-13 05:49 - 000371200 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\InputSwitch.dll
2019-07-17 05:11 - 2019-06-13 03:46 - 000713216 _____ (Microsoft Corporation) C:\WINDOWS\system32\SharedRealitySvc.dll
2019-07-17 05:11 - 2019-06-13 03:01 - 000513336 _____ (Microsoft Corporation) C:\WINDOWS\system32\aepic.dll
2019-07-17 05:11 - 2019-06-13 03:01 - 000511288 _____ (Microsoft Corporation) C:\WINDOWS\system32\dcntel.dll
2019-07-17 05:11 - 2019-06-13 03:01 - 000036152 _____ (Microsoft Corporation) C:\WINDOWS\system32\DeviceCensus.exe
2019-07-17 05:11 - 2019-06-13 02:59 - 000785264 _____ (Microsoft Corporation) C:\WINDOWS\system32\pkeyhelper.dll
2019-07-17 05:11 - 2019-06-13 02:47 - 005625160 _____ (Microsoft Corporation) C:\WINDOWS\system32\StartTileData.dll
2019-07-17 05:11 - 2019-06-13 02:47 - 001063224 _____ (Microsoft Corporation) C:\WINDOWS\system32\SecConfig.efi
2019-07-17 05:11 - 2019-06-13 02:46 - 001076536 _____ (Microsoft Corporation) C:\WINDOWS\system32\efscore.dll
2019-07-17 05:11 - 2019-06-13 02:46 - 000510296 _____ (Microsoft Corporation) C:\WINDOWS\system32\policymanager.dll
2019-07-17 05:11 - 2019-06-13 02:46 - 000093984 _____ (Microsoft Corporation) C:\WINDOWS\system32\wldp.dll
2019-07-17 05:11 - 2019-06-13 02:45 - 002421560 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\ntfs.sys
2019-07-17 05:11 - 2019-06-13 02:44 - 002769688 _____ (Microsoft Corporation) C:\WINDOWS\system32\iertutil.dll
2019-07-17 05:11 - 2019-06-13 02:44 - 002546704 _____ (Microsoft Corporation) C:\WINDOWS\system32\UpdateAgent.dll
2019-07-17 05:11 - 2019-06-13 02:44 - 001098272 _____ (Microsoft Corporation) C:\WINDOWS\system32\msvproc.dll
2019-07-17 05:11 - 2019-06-13 02:44 - 001033696 _____ (Microsoft Corporation) C:\WINDOWS\system32\ClipSVC.dll
2019-07-17 05:11 - 2019-06-13 02:44 - 000607112 _____ (Microsoft Corporation) C:\WINDOWS\system32\TextInputFramework.dll
2019-07-17 05:11 - 2019-06-13 02:44 - 000545808 _____ (Microsoft Corporation) C:\WINDOWS\system32\hal.dll
2019-07-17 05:11 - 2019-06-13 02:44 - 000130624 _____ (Microsoft Corporation) C:\WINDOWS\system32\rmclient.dll
2019-07-17 05:11 - 2019-06-13 02:17 - 000106496 _____ (Microsoft Corporation) C:\WINDOWS\system32\NotificationControllerPS.dll
2019-07-17 05:11 - 2019-06-13 02:16 - 001626112 _____ (Microsoft Corporation) C:\WINDOWS\system32\enterprisecsps.dll
2019-07-17 05:11 - 2019-06-13 02:15 - 000514560 _____ (Microsoft Corporation) C:\WINDOWS\system32\nltest.exe
2019-07-17 05:11 - 2019-06-13 02:15 - 000433152 _____ (Microsoft Corporation) C:\WINDOWS\system32\MusNotification.exe
2019-07-17 05:11 - 2019-06-13 02:15 - 000137728 _____ (Microsoft Corporation) C:\WINDOWS\system32\InputLocaleManager.dll
2019-07-17 05:11 - 2019-06-13 02:15 - 000083456 _____ (Microsoft Corporation) C:\WINDOWS\system32\KdsCli.dll
2019-07-17 05:11 - 2019-06-13 02:14 - 003318784 _____ (Microsoft Corporation) C:\WINDOWS\system32\dwmcore.dll
2019-07-17 05:11 - 2019-06-13 02:14 - 000409088 _____ (Microsoft Corporation) C:\WINDOWS\system32\wlanmsm.dll
2019-07-17 05:11 - 2019-06-13 02:14 - 000361472 _____ (Microsoft Corporation) C:\WINDOWS\system32\DeviceEnroller.exe
2019-07-17 05:11 - 2019-06-13 02:14 - 000302080 _____ (Microsoft Corporation) C:\WINDOWS\system32\CXHProvisioningServer.dll
2019-07-17 05:11 - 2019-06-13 02:13 - 004771840 _____ (Microsoft Corporation) C:\WINDOWS\system32\InputService.dll
2019-07-17 05:11 - 2019-06-13 02:13 - 002370048 _____ (Microsoft Corporation) C:\WINDOWS\system32\WebRuntimeManager.dll
2019-07-17 05:11 - 2019-06-13 02:13 - 000761344 _____ (Microsoft Corporation) C:\WINDOWS\system32\nshwfp.dll
2019-07-17 05:11 - 2019-06-13 02:13 - 000322560 _____ (Microsoft Corporation) C:\WINDOWS\system32\MusNotificationUx.exe
2019-07-17 05:11 - 2019-06-13 02:13 - 000110592 _____ (Microsoft Corporation) C:\WINDOWS\system32\ngcpopkeysrv.dll
2019-07-17 05:11 - 2019-06-13 02:12 - 000916480 _____ (Microsoft Corporation) C:\WINDOWS\system32\MusUpdateHandlers.dll
2019-07-17 05:11 - 2019-06-13 02:12 - 000894464 _____ (Microsoft Corporation) C:\WINDOWS\system32\webplatstorageserver.dll
2019-07-17 05:11 - 2019-06-13 02:12 - 000808448 _____ (Microsoft Corporation) C:\WINDOWS\system32\EdgeManager.dll
2019-07-17 05:11 - 2019-06-13 02:12 - 000624640 _____ (Microsoft Corporation) C:\WINDOWS\system32\PsmServiceExtHost.dll
2019-07-17 05:11 - 2019-06-13 02:12 - 000532992 _____ (Microsoft Corporation) C:\WINDOWS\system32\QuietHours.dll
2019-07-17 05:11 - 2019-06-13 02:12 - 000501248 _____ (Microsoft Corporation) C:\WINDOWS\system32\rastls.dll
2019-07-17 05:11 - 2019-06-13 02:11 - 000508416 _____ (Microsoft Corporation) C:\WINDOWS\system32\SettingsHandlers_Notifications.dll
2019-07-17 05:11 - 2019-06-13 02:11 - 000271872 _____ (Microsoft Corporation) C:\WINDOWS\system32\wkssvc.dll
2019-07-17 05:11 - 2019-06-13 02:11 - 000048128 _____ (Microsoft Corporation) C:\WINDOWS\system32\TokenBrokerUI.dll
2019-07-17 05:11 - 2019-06-13 02:10 - 002912256 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuaueng.dll
2019-07-17 05:11 - 2019-06-13 02:10 - 001400832 _____ (Microsoft Corporation) C:\WINDOWS\system32\TokenBroker.dll
2019-07-17 05:11 - 2019-06-13 02:10 - 001215488 _____ (Microsoft Corporation) C:\WINDOWS\system32\NotificationController.dll
2019-07-17 05:11 - 2019-06-13 02:10 - 000871424 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Media.BackgroundMediaPlayback.dll
2019-07-17 05:11 - 2019-06-13 02:10 - 000869376 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Media.Playback.BackgroundMediaPlayer.dll
2019-07-17 05:11 - 2019-06-13 02:10 - 000849408 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Media.Playback.MediaPlayer.dll
2019-07-17 05:11 - 2019-06-13 02:10 - 000523776 _____ (Microsoft Corporation) C:\WINDOWS\system32\dmenrollengine.dll
2019-07-17 05:11 - 2019-06-13 02:09 - 001854976 _____ (Microsoft Corporation) C:\WINDOWS\system32\wevtsvc.dll
2019-07-17 05:11 - 2019-06-13 02:09 - 000922112 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Security.Authentication.Web.Core.dll
2019-07-17 05:11 - 2019-06-13 02:09 - 000755712 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.UI.Core.TextInput.dll
2019-07-17 05:11 - 2019-06-13 02:08 - 000506368 _____ (Microsoft Corporation) C:\WINDOWS\system32\edgeIso.dll
2019-07-17 05:11 - 2019-06-13 01:14 - 000415544 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\aepic.dll
2019-07-17 05:11 - 2019-06-13 01:08 - 000443632 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\policymanager.dll
2019-07-17 05:11 - 2019-06-13 01:07 - 000101192 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\rmclient.dll
2019-07-17 05:11 - 2019-06-13 01:07 - 000080744 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wldp.dll
2019-07-17 05:11 - 2019-06-13 01:06 - 002256768 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\iertutil.dll
2019-07-17 05:11 - 2019-06-13 01:06 - 001130776 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msvproc.dll
2019-07-17 05:11 - 2019-06-13 01:06 - 000581600 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MSVideoDSP.dll
2019-07-17 05:11 - 2019-06-13 00:47 - 003554304 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\InputService.dll
2019-07-17 05:11 - 2019-06-13 00:47 - 002899456 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dwmcore.dll
2019-07-17 05:11 - 2019-06-13 00:47 - 000450048 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\rastls.dll
2019-07-17 05:11 - 2019-06-13 00:46 - 000608768 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\EdgeManager.dll
2019-07-17 05:11 - 2019-06-13 00:46 - 000331776 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\edgeIso.dll
2019-07-17 05:11 - 2019-06-13 00:46 - 000038400 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\TokenBrokerUI.dll
2019-07-17 05:11 - 2019-06-13 00:45 - 000602112 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\nshwfp.dll
2019-07-17 05:11 - 2019-06-13 00:45 - 000578560 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\webplatstorageserver.dll
2019-07-17 05:11 - 2019-06-13 00:44 - 001003008 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\TokenBroker.dll
2019-07-17 05:11 - 2019-06-13 00:44 - 000648192 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Media.BackgroundMediaPlayback.dll
2019-07-17 05:11 - 2019-06-13 00:44 - 000630784 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Media.Playback.MediaPlayer.dll
2019-07-17 05:11 - 2019-06-13 00:44 - 000582144 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.UI.Core.TextInput.dll
2019-07-17 05:11 - 2019-06-13 00:44 - 000251904 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msIso.dll
2019-07-17 05:11 - 2019-06-13 00:43 - 000681472 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Security.Authentication.Web.Core.dll
2019-07-17 05:11 - 2019-06-13 00:43 - 000646656 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Media.Playback.BackgroundMediaPlayer.dll
2019-07-17 05:11 - 2019-06-13 00:43 - 000445952 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dmenrollengine.dll
2019-07-17 05:10 - 2019-07-04 00:24 - 000726528 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\PEAuth.sys
2019-07-17 05:10 - 2019-07-04 00:23 - 000786432 _____ (Microsoft Corporation) C:\WINDOWS\system32\iphlpsvc.dll
2019-07-17 05:10 - 2019-07-04 00:22 - 000032768 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\werdiagcontroller.dll
2019-07-17 05:10 - 2019-07-03 23:01 - 000001312 _____ C:\WINDOWS\system32\tcbres.wim
2019-07-17 05:10 - 2019-06-13 07:17 - 000115200 _____ (Microsoft Corporation) C:\WINDOWS\system32\RjvMDMConfig.dll
2019-07-17 05:10 - 2019-06-13 07:17 - 000109056 _____ (Microsoft Corporation) C:\WINDOWS\system32\MDMAgent.exe
2019-07-17 05:10 - 2019-06-13 07:15 - 000041984 _____ (Microsoft Corporation) C:\WINDOWS\system32\UpgradeResultsUI.exe
2019-07-17 05:10 - 2019-06-13 07:13 - 000181248 _____ (Microsoft Corporation) C:\WINDOWS\system32\EditionUpgradeHelper.dll
2019-07-17 05:10 - 2019-06-13 03:48 - 000677376 _____ (Microsoft Corporation) C:\WINDOWS\system32\HeadTrackerStorage.dll
2019-07-17 05:10 - 2019-06-13 02:16 - 000140288 _____ (Microsoft Corporation) C:\WINDOWS\system32\mdmmigrator.dll
2019-07-17 05:10 - 2019-06-13 02:15 - 000204288 _____ (Microsoft Corporation) C:\WINDOWS\system32\enrollmentapi.dll
2019-07-17 05:10 - 2019-06-13 00:49 - 000172544 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\enrollmentapi.dll

==================== One month (modified) ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2019-08-08 11:24 - 2018-04-11 19:38 - 000000000 ___HD C:\Program Files\WindowsApps
2019-08-08 11:24 - 2018-04-11 19:38 - 000000000 ____D C:\WINDOWS\AppReadiness
2019-08-08 11:23 - 2018-04-11 19:38 - 000000000 ____D C:\ProgramData\regid.1991-06.com.microsoft
2019-08-08 11:22 - 2018-10-12 09:39 - 000015080 _____ C:\WINDOWS\System32\Tasks\LivigentICUpgradeTask
2019-08-08 11:20 - 2018-10-12 09:39 - 000003380 _____ C:\WINDOWS\System32\Tasks\OneDrive Standalone Update Task-S-1-5-21-1936064907-1069411923-2261509573-1001
2019-08-08 11:20 - 2018-10-12 09:26 - 000002374 _____ C:\Users\Rifka\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\OneDrive.lnk
2019-08-08 11:20 - 2015-11-05 07:34 - 000000000 ___RD C:\Users\Rifka\OneDrive
2019-08-08 11:18 - 2018-10-12 09:13 - 000000000 ____D C:\WINDOWS\system32\SleepStudy
2019-08-07 22:21 - 2019-03-19 03:02 - 000000000 ___HD C:\$WINDOWS.~BT
2019-08-07 22:14 - 2018-10-07 11:22 - 000000000 ___DC C:\WINDOWS\Panther
2019-08-07 21:54 - 2016-06-29 11:37 - 000000000 ____D C:\Program Files (x86)\TeamViewer
2019-08-07 21:16 - 2019-05-28 17:13 - 000004264 _____ C:\WINDOWS\System32\Tasks\Avast Emergency Update
2019-08-07 13:00 - 2019-05-28 17:13 - 000000000 ____D C:\WINDOWS\System32\Tasks\Avast Software
2019-08-06 14:03 - 2018-11-28 23:55 - 000001751 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\LivigentIC.lnk
2019-08-06 01:39 - 2015-11-05 07:31 - 000000000 ____D C:\Users\Rifka\AppData\Roaming\Adobe
2019-08-06 01:39 - 2015-11-05 07:31 - 000000000 ____D C:\Users\Rifka\AppData\Local\Packages
2019-08-06 00:27 - 2019-06-13 18:04 - 000000000 ____D C:\Users\Rifka\AppData\Local\CrashDumps
2019-08-06 00:12 - 2018-10-12 09:26 - 000000000 ____D C:\Users\Rifka
2019-08-06 00:10 - 2018-10-12 10:05 - 000000000 ____D C:\ProgramData\Packages
2019-08-06 00:06 - 2015-10-10 06:59 - 000000000 ____D C:\ProgramData\Package Cache
2019-08-05 11:38 - 2019-04-01 11:15 - 000000000 ____D C:\ProgramData\Malwarebytes
2019-08-05 11:38 - 2018-04-11 19:38 - 000000000 ___HD C:\WINDOWS\ELAMBKUP
2019-08-05 11:37 - 2019-05-28 17:12 - 000387688 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswVmm.sys
2019-08-05 11:30 - 2015-11-05 07:31 - 000000000 __SHD C:\Users\Rifka\IntelGraphicsProfiles
2019-08-05 11:30 - 2015-11-05 07:15 - 000000180 _____ C:\WINDOWS\system32\{A6D608F0-0BDE-491A-97AE-5C4B05D86E01}.bat
2019-08-05 11:28 - 2018-10-12 09:39 - 000000006 ____H C:\WINDOWS\Tasks\SA.DAT
2019-08-05 11:27 - 2018-04-11 17:04 - 000786432 _____ C:\WINDOWS\system32\config\BBI
2019-08-01 22:12 - 2019-05-28 17:12 - 001030784 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswSnx.sys
2019-08-01 22:10 - 2019-05-28 17:12 - 000477288 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswSP.sys
2019-08-01 22:10 - 2019-05-28 17:12 - 000263224 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswbidsdriver.sys
2019-08-01 22:10 - 2019-05-28 17:12 - 000209256 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswArPot.sys
2019-08-01 22:10 - 2019-05-28 17:12 - 000206056 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswbidsh.sys
2019-08-01 22:10 - 2019-05-28 17:12 - 000112520 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswRdr2.sys
2019-08-01 22:10 - 2019-05-28 17:12 - 000088160 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswRvrt.sys
2019-08-01 22:10 - 2019-05-28 17:12 - 000061688 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswbuniv.sys
2019-08-01 22:10 - 2019-05-28 17:12 - 000042504 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswKbd.sys
2019-08-01 22:07 - 2019-05-28 17:10 - 000000000 ____D C:\ProgramData\AVAST Software
2019-08-01 21:55 - 2017-09-28 01:37 - 000000008 __RSH C:\ProgramData\ntuser.pol
2019-08-01 21:52 - 2015-12-03 22:53 - 000000000 ____D C:\Users\Rifka\AppData\LocalLow\Temp
2019-08-01 21:49 - 2018-04-11 19:38 - 000000000 ____D C:\WINDOWS\SysWOW64\GroupPolicy
2019-08-01 21:49 - 2015-07-10 07:04 - 000000000 ___HD C:\WINDOWS\system32\GroupPolicy
2019-08-01 21:44 - 2018-02-07 22:34 - 000000000 ____D C:\Program Files\rempl
2019-07-31 16:23 - 2018-04-11 19:38 - 000000000 ____D C:\WINDOWS\system32\NDF
2019-07-28 21:12 - 2015-11-05 07:31 - 000000000 ____D C:\Users\Rifka\AppData\Local\VirtualStore
2019-07-25 10:38 - 2019-05-28 17:23 - 000003856 _____ C:\WINDOWS\System32\Tasks\Avast Secure Browser Heartbeat Task (Hourly)
2019-07-25 10:38 - 2019-05-28 17:23 - 000003272 _____ C:\WINDOWS\System32\Tasks\Avast Secure Browser Heartbeat Task (Logon)
2019-07-25 10:38 - 2019-05-28 17:23 - 000002505 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Avast Secure Browser.lnk
2019-07-25 10:38 - 2019-05-28 17:23 - 000002470 _____ C:\Users\Public\Desktop\Avast Secure Browser.lnk
2019-07-23 20:36 - 2018-04-11 19:36 - 000000000 ____D C:\WINDOWS\INF
2019-07-23 20:36 - 2015-07-16 11:54 - 000840376 _____ C:\WINDOWS\system32\PerfStringBackup.INI
2019-07-23 20:35 - 2018-10-12 09:47 - 000000000 ___RD C:\Users\Rifka\3D Objects
2019-07-23 20:35 - 2015-07-16 11:49 - 000000000 __RHD C:\Users\Public\AccountPictures
2019-07-23 20:30 - 2018-10-12 09:13 - 000525776 _____ C:\WINDOWS\system32\FNTCACHE.DAT
2019-07-23 20:26 - 2018-04-11 19:38 - 000000000 ____D C:\WINDOWS\TextInput
2019-07-23 20:26 - 2018-04-11 19:38 - 000000000 ____D C:\WINDOWS\SysWOW64\oobe
2019-07-23 20:26 - 2018-04-11 19:38 - 000000000 ____D C:\WINDOWS\SysWOW64\Dism
2019-07-23 20:26 - 2018-04-11 19:38 - 000000000 ____D C:\WINDOWS\system32\oobe
2019-07-23 20:26 - 2018-04-11 19:38 - 000000000 ____D C:\WINDOWS\system32\appraiser
2019-07-23 20:26 - 2018-04-11 17:04 - 000000000 ____D C:\WINDOWS\system32\Dism
2019-07-23 20:25 - 2018-04-11 19:38 - 000000000 ____D C:\WINDOWS\ShellComponents
2019-07-23 20:25 - 2018-04-11 19:38 - 000000000 ____D C:\WINDOWS\Provisioning
2019-07-23 20:25 - 2018-04-11 19:38 - 000000000 ____D C:\WINDOWS\bcastdvr
2019-07-23 20:23 - 2018-10-12 09:39 - 000003406 _____ C:\WINDOWS\System32\Tasks\GoogleUpdateTaskMachineUA
2019-07-23 20:23 - 2018-10-12 09:39 - 000003370 _____ C:\WINDOWS\System32\Tasks\User_Feed_Synchronization-{C8796CCF-A5E6-4530-800C-B76C2D3644AE}
2019-07-23 20:23 - 2018-10-12 09:39 - 000003182 _____ C:\WINDOWS\System32\Tasks\GoogleUpdateTaskMachineCore
2019-07-23 20:23 - 2018-10-12 09:39 - 000002272 _____ C:\WINDOWS\System32\Tasks\PDVDServ12 Task
2019-07-23 20:21 - 2019-05-28 17:18 - 000000000 _____ C:\WINDOWS\system32\last.dump
2019-07-19 00:38 - 2019-03-01 13:00 - 000001047 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\TeamViewer 14.lnk
2019-07-19 00:38 - 2019-03-01 13:00 - 000001035 _____ C:\Users\Public\Desktop\TeamViewer 14.lnk
2019-07-19 00:30 - 2018-04-11 19:30 - 000000000 ____D C:\WINDOWS\CbsTemp
2019-07-17 05:10 - 2015-11-22 13:55 - 000000000 ____D C:\WINDOWS\system32\MRT
2019-07-17 04:53 - 2016-05-03 20:40 - 000000000 ___RD C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Office 2013
2019-07-17 04:53 - 2015-12-07 12:40 - 136618864 ____C (Microsoft Corporation) C:\WINDOWS\system32\MRT.exe
2019-07-17 04:52 - 2015-07-10 07:04 - 000000167 _____ C:\WINDOWS\win.ini
2019-07-17 04:51 - 2016-11-30 15:20 - 000002308 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk
2019-07-17 04:51 - 2016-11-30 15:20 - 000002267 _____ C:\Users\Public\Desktop\Google Chrome.lnk

==================== Files in the root of some directories ================

2018-01-30 23:17 - 2018-01-31 01:07 - 000000381 _____ () C:\Users\Rifka\AppData\Roaming\LAPTOP-KLLUT3VL.MTBF.txt
2018-01-30 23:17 - 2018-01-31 01:17 - 000001612 _____ () C:\Users\Rifka\AppData\Roaming\__AvidCloudManager.log
2018-01-30 23:17 - 2018-01-30 23:17 - 000001610 _____ () C:\Users\Rifka\AppData\Roaming\__AvidCloudManagerPrevious.log
2018-01-31 01:09 - 2018-01-31 01:09 - 000003584 _____ () C:\Users\Rifka\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
2019-08-06 00:06 - 2019-08-06 00:07 - 000000410 _____ () C:\Users\Rifka\AppData\Local\oobelibMkey.log
2019-07-23 20:19 - 2019-07-23 20:19 - 000000000 _____ () C:\Users\Rifka\AppData\Local\{7AB63D8A-44E6-44F0-B0EA-8A04E1B7D118}
2019-07-23 20:18 - 2019-07-23 20:18 - 000000000 _____ () C:\Users\Rifka\AppData\Local\{7D402813-38A9-4F20-9594-ECC8D70EF2A0}
2019-04-01 10:53 - 2019-04-01 10:53 - 000000000 _____ () C:\Users\Rifka\AppData\Local\{8BE4CA16-7CD1-4252-8715-13F7CB39C32A}

==================== SigCheck ===============================

(There is no automatic fix for files that do not pass verification.)

==================== End of FRST.txt ============================

I attached the addition scan.

Thanks so much for your continued assistance.
Attached Files
File Type: txt Addition.txt (43.0 KB, 4 views)
BraunR is offline  
Old 08-09-2019, 03:21 AM   #19
Security Team
Moderator
 
Join Date: Jan 2011
Location: Bulgaria
Posts: 152
OS: win 10 Pro 1903



Hello again, BraunR...!


Farbar Recovery Scan Tool - Fix

  • Right click on the FRST icon and select Run as administrator
  • Highlight the below information then hit the Ctrl + C keys at the same time
Quote:
Start::
CreateRestorePoint:
EmptyTemp:
CloseProcesses:

(Adobe Inc. -> Adobe Systems, Incorporated) C:\Program Files (x86)\Common Files\Adobe\AdobeGCClient\AGMService.exe
(Adobe Inc. -> Adobe Systems, Incorporated) C:\Program Files (x86)\Common Files\Adobe\AdobeGCClient\AGSService.exe
HKLM\...\Run: [AdobeGCInvoker-1.0] => C:\Program Files (x86)\Common Files\Adobe\AdobeGCClient\AGCInvokerUtility.exe [2849872 2019-07-04] (Adobe Inc. -> Adobe Systems, Incorporated)
FF HKLM\SOFTWARE\Policies\Mozilla\Firefox: Restriction <==== ATTENTION
Task: {86235870-CCED-4E48-B7D2-D70C32685E0A} - System32\Tasks\AdobeGCInvoker-1.0-LAPTOP-KLLUT3VL-Rifka => C:\Program Files (x86)\Common Files\Adobe\AdobeGCClient\AGCInvokerUtility.exe [2849872 2019-07-04] (Adobe Inc. -> Adobe Systems, Incorporated)
R2 AGMService; C:\Program Files (x86)\Common Files\Adobe\AdobeGCClient\AGMService.exe [3117648 2019-07-04] (Adobe Inc. -> Adobe Systems, Incorporated)
R2 AGSService; C:\Program Files (x86)\Common Files\Adobe\AdobeGCClient\AGSService.exe [2888272 2019-07-04] (Adobe Inc. -> Adobe Systems, Incorporated)
2019-08-06 01:13 - 2019-08-06 01:13 - 000000000 ____D C:\Users\Rifka\AppData\LocalLow\Adobe
2019-08-06 00:26 - 2019-08-07 13:00 - 000002820 _____ C:\WINDOWS\System32\Tasks\AdobeGCInvoker-1.0-LAPTOP-KLLUT3VL-Rifka
2019-08-06 00:24 - 2019-08-06 00:24 - 000000000 ____D C:\Users\Rifka\Documents\Adobe
2019-08-06 00:06 - 2019-08-06 01:41 - 000000000 ____D C:\ProgramData\Adobe
2019-08-06 00:05 - 2019-08-06 01:40 - 000000000 ____D C:\Program Files (x86)\Adobe
2019-08-06 00:02 - 2019-08-06 00:12 - 000000000 ____D C:\Users\Rifka\AppData\Local\Adobe

Folder: C:\WINDOWS\lc45fvksda4
Folder: C:\WINDOWS\r1vk4tfj419
Virustotal: C:\WINDOWS\lc45fvksda4
Virustotal: C:\WINDOWS\r1vk4tfj419
End::


NOTICE: This script was written specifically for this user, for use on that particular machine. Running this on another machine may cause damage to your operating system
  • Press the Fix button just once and wait.
  • Restart the computer if prompted.
  • When the fix is complete FRST will generate a log in the same location it was run from (Fixlog.txt)
  • Please copy and paste its contents into your reply.
icotonev is offline  
Old 08-09-2019, 10:55 AM   #20
Registered Member
 
Join Date: May 2019
Posts: 25
OS:



Hi,

Do I need to paste the script somewhere before hitting fix?

Please advise
BraunR is offline  
 

Thread Tools Search this Thread
Search this Thread:

Advanced Search

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is on
Smilies are on
[IMG] code is on
HTML code is Off
Trackbacks are Off
Pingbacks are Off
Refbacks are Off


Post a Question


» Site Navigation
 > FAQ
  > 10.0.0.2
Powered by vBadvanced CMPS v3.2.3


All times are GMT -7. The time now is 04:00 PM.


Powered by vBulletin® Version 3.8.8
Copyright ©2000 - 2020, vBulletin Solutions, Inc.
vBulletin Security provided by vBSecurity v2.2.2 (Pro) - vBulletin Mods & Addons Copyright © 2020 DragonByte Technologies Ltd.
User Alert System provided by Advanced User Tagging v3.1.0 (Pro) - vBulletin Mods & Addons Copyright © 2020 DragonByte Technologies Ltd.
Copyright 2001 - 2018, Tech Support Forum

Windows 10 - Windows 7 - Windows XP - Windows Vista - Trojan Removal - Spyware Removal - Virus Removal - Networking - Security - Top Web Hosts