I am always very cautious when surfing the net and avoid suspicious downloads. I use Norton 360 security (with firewall) and all downloads are automatically scanned. However there is some evidence my OS is playing up, as well as other evidence I am being followed by cyberstalkers.
Here are the results of the FRST scan, two files:
Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 15-09-2021
Ran by User (administrator) on USER-PC (LENOVO 2537VNK) (15-09-2021 14:49:08)
Running from C:\Users\User\Downloads
Loaded Profiles: User
Platform: Windows 10 Pro Version 20H2 19042.1165 (X64) Language: English (United Kingdom)
Default browser: Brave
Boot Mode: Normal
==================== Processes (Whitelisted) =================
(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
(Adobe Inc. -> Adobe Inc.) C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
(Apple Inc.) C:\Program Files\WindowsApps\AppleInc.iTunes_12114.15.53119.0_x64__nzyj5cx40ttqa\AMDS64\AppleMobileDeviceProcess.exe
(Brave Software, Inc. -> Brave Software, Inc.) C:\Program Files\BraveSoftware\Brave-Browser\Application\brave.exe <11>
(Glarysoft LTD -> Glarysoft Ltd) C:\Program Files (x86)\Glary Utilities 5\GUBootService.exe
(Glarysoft LTD -> Glarysoft Ltd) C:\Program Files (x86)\Glary Utilities 5\Integrator.exe
(Intel Corporation - pGFX -> Intel Corporation) C:\Windows\System32\igfxext.exe
(LENOVO -> Lenovo Corporation) C:\Program Files\Lenovo\Communications Utility\AVControlCenter32.exe
(LENOVO -> Lenovo Corporation) C:\Program Files\Lenovo\Communications Utility\avfaudiosw.exe
(LENOVO -> Lenovo Corporation) C:\Program Files\Lenovo\Communications Utility\cammute.exe
(LENOVO -> Lenovo Corporation) C:\Program Files\Lenovo\Communications Utility\tpknrres.exe
(LENOVO -> Lenovo Corporation) C:\Program Files\Lenovo\Communications Utility\vcamsvc.exe
(LENOVO -> Lenovo Corporation) C:\Program Files\Lenovo\Communications Utility\vcamsvchlpr.exe
(LENOVO -> Lenovo Group Limited) C:\Program Files\Lenovo\Communications Utility\tpknrsvc.exe
(LENOVO -> Lenovo Group Limited) C:\Program Files\Lenovo\HOTKEY\tphkload.exe
(LENOVO -> Lenovo Group Limited) C:\Program Files\Lenovo\SettingsDependency\SettingsService.exe
(LENOVO -> Lenovo) C:\Program Files (x86)\ThinkPad\Utilities\PWMDBSVC.exe
(LENOVO -> Lenovo) C:\Program Files\Lenovo\Lenovo Mobile Hotspot\MobileHotspotclient.exe
(Lenovo -> Lenovo.) C:\Windows\System32\ibmpmsvc.exe
(Lenovo(Japan)Ltd. -> Lenovo Group Limited) C:\Program Files\Lenovo\HOTKEY\extapsup.exe
(Lenovo(Japan)Ltd. -> Lenovo Group Limited) C:\Program Files\Lenovo\HOTKEY\shtctky.exe
(Microsoft Corporation -> Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v3.0\WPF\PresentationFontCache.exe
(Microsoft Corporation) C:\Program Files\WindowsApps\Microsoft.549981C3F5F10_3.2108.25001.0_x64__8wekyb3d8bbwe\Cortana.exe
(Microsoft Windows -> Microsoft Corporation) C:\Windows\ImmersiveControlPanel\SystemSettings.exe
(Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\oobe\UserOOBEBroker.exe
(Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\rundll32.exe
(Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\smartscreen.exe
(NortonLifeLock Inc. -> NortonLifeLock Inc.) C:\Program Files\Norton Security\Engine\22.21.6.53\nsWscSvc.exe
(NortonLifeLock Inc. -> Symantec Corporation) C:\Program Files\Norton Security\Engine\22.21.6.53\NortonSecurity.exe <2>
(NortonLifeLock Inc. -> Symantec Corporation) C:\Program Files\Norton Utilities\x64\LBGovernor.exe
(NVIDIA Corporation -> NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
(NVIDIA Corporation -> NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe <2>
(Piriform Software Ltd -> Piriform Software Ltd) C:\Program Files\CCleaner\CCleaner64.exe
(SUPERAntiSpyware.com -> SUPERAntiSpyware.com) C:\Program Files\SUPERAntiSpyware\SASCore64.exe
(Support.com Inc -> SUPERAntiSpyware) C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
(Synaptics Incorporated -> Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
(Synaptics Incorporated -> Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnhService.exe
(Synaptics Incorporated -> Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
(Synaptics Incorporated -> Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
(Synaptics Incorporated -> Synaptics) C:\Program Files\Synaptics\SynTP\SynLenovoHelper.exe
(TeamViewer Germany GmbH -> TeamViewer Germany GmbH) C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe
==================== Registry (Whitelisted) ===================
(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
HKLM\...\Run: [LenovoOptMouseUpdate] => C:\Program Files\Lenovo\HOTKEY\extapsup.exe [250976 2013-05-22] (Lenovo(Japan)Ltd. -> Lenovo Group Limited)
HKLM\...\Run: [LnvMobHotspotClient] => C:\Program Files\Lenovo\Lenovo Mobile Hotspot\MobileHotspotclient.exe [939976 2015-02-20] (LENOVO -> Lenovo)
HKLM\...\Run: [LMCSSTART1] => C:\Program Files\Lenovo\Communications Utility\lmcsctrl.exe [35856 2016-04-12] (LENOVO -> Lenovo Corporation)
HKLM\...\Run: [LMCSSTART2] => C:\Program Files\Lenovo\Communications Utility\lmcsctrl.exe [35856 2016-04-12] (LENOVO -> Lenovo Corporation)
HKLM\...\Run: [LMCSSTART3] => C:\Program Files\Lenovo\Communications Utility\lmcsctrl.exe [35856 2016-04-12] (LENOVO -> Lenovo Corporation)
HKU\S-1-5-21-725688832-2798266748-3951577904-1002\...\Run: [GUDelayStartup] => C:\Program Files (x86)\Glary Utilities 5\StartupManager.exe [44416 2021-09-06] (Glarysoft LTD -> Glarysoft Ltd)
HKU\S-1-5-21-725688832-2798266748-3951577904-1002\...\Run: [CCleaner Smart Cleaning] => C:\Program Files\CCleaner\CCleaner64.exe [35093120 2021-09-10] (Piriform Software Ltd -> Piriform Software Ltd)
HKU\S-1-5-21-725688832-2798266748-3951577904-1002\...\Run: [SUPERAntiSpyware] => C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe [11224432 2021-08-19] (Support.com Inc -> SUPERAntiSpyware)
HKU\S-1-5-21-725688832-2798266748-3951577904-1002\Control Panel\Desktop\\SCRNSAVE.EXE ->
HKLM\...\Windows x64\Print Processors\Canon MG3600 series Print Processor: C:\Windows\System32\spool\prtprocs\x64\CNMPDCT.DLL [30208 2015-03-12] (Microsoft Windows Hardware Compatibility Publisher -> CANON INC.)
HKLM\...\Windows x64\Print Processors\Epson Inkjet: C:\Windows\System32\spool\prtprocs\x64\EP0NPP01.DLL [38912 2011-08-30] (Microsoft Windows Hardware Compatibility Publisher -> SEIKO EPSON CORPORATION)
HKLM\...\Print\Monitors\Canon BJ Language Monitor MG3600 series: C:\Windows\system32\CNMLMCT.DLL [406528 2015-03-12] (Microsoft Windows Hardware Compatibility Publisher -> CANON INC.)
HKLM\...\Print\Monitors\Epson Inbox Language Monitor01: C:\Windows\system32\EP0SLM01.DLL [77824 2011-08-30] (Microsoft Windows Hardware Compatibility Publisher -> SEIKO EPSON CORPORATION)
HKLM\Software\Microsoft\Active Setup\Installed Components: [{AFE6A462-C574-4B8A-AF43-4CC60DF4563B}] -> C:\Program Files\BraveSoftware\Brave-Browser\Application\93.1.29.81\Installer\chrmstp.exe [2021-09-15] (Brave Software, Inc. -> Brave Software, Inc.)
BootExecute: autocheck autochk *
GroupPolicy: Restriction - Edge <==== ATTENTION
Policies: C:\ProgramData\NTUSER.pol: Restriction <==== ATTENTION
HKLM\SOFTWARE\Policies\Microsoft\Edge: Restriction <==== ATTENTION
==================== Scheduled Tasks (Whitelisted) ============
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
Task: {02185DAB-EC7D-4771-93CA-7A13C373EB21} - System32\Tasks\CCleanerSkipUAC => C:\Program Files\CCleaner\CCleaner.exe [29155968 2021-09-10] (Piriform Software Ltd -> Piriform Software Ltd)
Task: {0716C9EF-E171-4474-B53C-D6D348C32DC9} - System32\Tasks\BraveSoftwareUpdateTaskMachineCore => C:\Program Files (x86)\BraveSoftware\Update\BraveUpdate.exe [162384 2021-02-14] (Brave Software, Inc. -> BraveSoftware Inc.)
Task: {0CD05A3D-FEB9-4778-A869-65C65B05EE05} - System32\Tasks\CCleanerSkipUAC - User => C:\Program Files\CCleaner\CCleaner.exe [29155968 2021-09-10] (Piriform Software Ltd -> Piriform Software Ltd)
Task: {16F4058F-4395-4B04-AE73-3229C9242DC2} - System32\Tasks\TVT\TVSUUpdateTask_UserLogOn => C:\Program Files (x86)\Lenovo\System Update\tvsuShim.exe [1758792 2021-07-13] (Lenovo -> )
Task: {1C9F1EBF-9EA4-4232-B4DD-1DCF28C651FE} - \OneDrive Standalone Update Task-S-1-5-21-725688832-2798266748-3951577904-1001 -> No File <==== ATTENTION
Task: {2370EFF6-2FBE-4919-80AC-75645A8C5967} - System32\Tasks\Norton Utility\ActiveSync-NortonUtility => C:\Program Files\Norton Utilities\ActiveBridge.exe
Task: {27E04B9F-5503-4DB1-9C81-32D86E5A4092} - System32\Tasks\Norton Utility\AutomaticCare => C:\Program Files\Norton Utilities\NUP.exe [3629552 2021-09-08] (NortonLifeLock Inc. -> NortonLifeLock Inc)
Task: {2D052895-64CF-487E-BD27-C3DDC8B69F12} - System32\Tasks\Norton WSC Integration => C:\Program Files\Norton Security\Engine\22.21.6.53\WSCStub.exe [646520 2021-07-29] (NortonLifeLock Inc. -> NortonLifeLock Inc.)
Task: {41515A28-02F0-47B1-9BEC-B94BAFBDDB8C} - System32\Tasks\Adobe Acrobat Update Task => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [1562376 2021-08-16] (Adobe Inc. -> Adobe Inc.)
Task: {4D3CF423-6225-42EE-B386-25068F9110B1} - System32\Tasks\BraveSoftwareUpdateTaskMachineUA => C:\Program Files (x86)\BraveSoftware\Update\BraveUpdate.exe [162384 2021-02-14] (Brave Software, Inc. -> BraveSoftware Inc.)
Task: {520C7AD1-0C18-4446-A67A-5E75A3179DF5} - System32\Tasks\Norton Utility\Live Boost Process Governor => C:\Program Files\Norton Utilities\x64\LBGovernor.exe [1050096 2021-09-08] (NortonLifeLock Inc. -> Symantec Corporation)
Task: {65AF6671-5786-4851-8D2D-E86F69324D14} - System32\Tasks\CCleaner Update => C:\Program Files\CCleaner\CCUpdate.exe [684976 2021-09-10] (Piriform Software Ltd -> Piriform)
Task: {7B4DEE0E-1C69-4A51-8B1A-1948EBB721BC} - System32\Tasks\Norton 360\Norton 360 Error Processor => C:\Program Files\Norton Security\Engine\22.21.6.53\SymErr.exe [108752 2021-07-29] (NortonLifeLock Inc. -> NortonLifeLock Inc)
Task: {7D6EE954-BED8-4BEB-B629-8AFB44C8F55F} - System32\Tasks\Norton 360\Norton 360 Autofix => C:\Program Files\Norton Security\Engine\22.21.6.53\SymErr.exe [108752 2021-07-29] (NortonLifeLock Inc. -> NortonLifeLock Inc)
Task: {82A3918F-FA6F-49BF-B353-4F6098330641} - System32\Tasks\TotalAV_OEM_Welcome => C:\Program Files (x86)\TotalAV Welcome OEM\ss-oem.exe [251648 2020-06-16] (Protected Antivirus Limited -> Protected.net Group Limited)
Task: {844F8734-D10D-40EB-A4F7-620E97458A53} - System32\Tasks\Norton 360\Norton 360 Error Analyzer => C:\Program Files\Norton Security\Engine\22.21.6.53\SymErr.exe [108752 2021-07-29] (NortonLifeLock Inc. -> NortonLifeLock Inc)
Task: {8CA415D4-47C5-45D2-A1B4-4D6B6C5FA39C} - System32\Tasks\Lenovo\Lenovo Customer Feedback Program 64 => C:\Program Files (x86)\Lenovo\Customer Feedback Program\Lenovo.TVT.CustomerFeedback.Agent.exe [17184 2014-09-02] (LENOVO -> Lenovo)
Task: {91734FF1-01CE-4B36-B8F7-90142A4470AB} - System32\Tasks\GU5SkipUAC => C:\Program Files (x86)\Glary Utilities 5\Integrator.exe [919936 2021-09-06] (Glarysoft LTD -> Glarysoft Ltd)
Task: {AB7E6D04-585A-4A9B-9AC2-B75006906469} - System32\Tasks\Lenovo\Lenovo Service Bridge\S-1-5-21-725688832-2798266748-3951577904-1002 => C:\Users\User\AppData\Local\Programs\Lenovo\Lenovo Service Bridge\LSBUpdater.exe [87896 2021-08-18] (Lenovo (Beijing) Limited -> Lenovo Group Limited)
Task: {ADEF22C0-AAD9-473E-8345-EEB75344B7BB} - System32\Tasks\Remediation\AntimalwareMigrationTask => C:\Program Files\Common Files\AV\Norton 360\Upgrade.exe [2352488 2021-07-29] (NortonLifeLock Inc. -> NortonLifeLock Inc.)
Task: {AFC1317F-7DAE-4DE5-82E9-161721C12EA6} - System32\Tasks\GlaryInitialize 5 => C:\Program Files (x86)\Glary Utilities 5\Initialize.exe [137088 2021-09-06] (Glarysoft LTD -> Glarysoft Ltd)
Task: {C603A8D8-B575-4689-B3D5-890F8968A78C} - System32\Tasks\Mozilla\Firefox Default Browser Agent 308046B0AF4A39CB => C:\Program Files\Mozilla Firefox\default-browser-agent.exe [673720 2021-08-29] (Mozilla Corporation -> Mozilla Foundation)
Task: {DF943F08-4352-4847-BF8C-E654756E88A2} - System32\Tasks\OneDrive Standalone Update Task-S-1-5-21-725688832-2798266748-3951577904-500 => C:\Users\User\AppData\Local\Microsoft\OneDrive\OneDriveStandaloneUpdater.exe
Task: {E18BF8D0-BC92-4CF1-8DBF-3CB86F636B6E} - System32\Tasks\TUDsDownloader => C:\Program Files\Norton Utilities Premium\activesync.exe
Task: {EA4DC5AF-3B6F-4D7F-AAB3-6ED32FA8F5AA} - System32\Tasks\Lenovo\Lenovo Settings Power => "C:\Windows\system32\rundll32.exe" "C:\Program Files (x86)\ThinkPad\Utilities\PWMTR64V.dll",PwrMgrBkGndMonitor
Task: {F87D4065-E2DB-4BA1-88F4-A8B91044AC78} - System32\Tasks\TVT\TVSUUpdateTask => C:\Program Files (x86)\Lenovo\System Update\tvsuShim.exe [1758792 2021-07-13] (Lenovo -> )
(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)
==================== Internet (Whitelisted) ====================
(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
Tcpip\Parameters: [DhcpNameServer] 192.168.1.1 192.168.1.1
Tcpip\..\Interfaces\{1a19eb76-236b-4315-85f4-21db9557d96d}: [DhcpNameServer] 192.168.1.1 192.168.1.1
Tcpip\..\Interfaces\{25e9cf19-0abd-4796-b9e7-6b3f92aedb82}: [DhcpNameServer] 192.168.1.1 192.168.1.1
Edge:
=======
Edge Extension: (No Name) -> AutoFormFill_5ED10D46BD7E47DEB1F3685D2C0FCE08 => C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\Assets\HostExtensions\AutoFormFill [not found]
Edge Extension: (No Name) -> BookReader_B171F20233094AC88D05A8EF7B9763E8 => C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\Assets\BookViewer [not found]
Edge Extension: (No Name) -> LearningTools_7706F933-971C-41D1-9899-8A026EB5D824 => C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\Assets\HostExtensions\LearningTools [not found]
Edge Extension: (No Name) -> PinJSAPI_EC01B57063BE468FAB6DB7EBFC3BF368 => C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\Assets\HostExtensions\PinJSAPI [not found]
Edge DefaultProfile: Profile 1
Edge Profile: C:\Users\User\AppData\Local\Microsoft\Edge\User Data\Profile 1 [2021-09-15]
FireFox:
========
FF DefaultProfile: nyjea0pv.default
FF ProfilePath: C:\Users\User\AppData\Roaming\Mozilla\Firefox\Profiles\nyjea0pv.default [2021-06-17]
FF ProfilePath: C:\Users\User\AppData\Roaming\Mozilla\Firefox\Profiles\nxwrwyjm.default-release [2021-09-15]
FF Extension: (Disconnect) - C:\Users\User\AppData\Roaming\Mozilla\Firefox\Profiles\nxwrwyjm.default-release\Extensions\2.0@disconnect.me.xpi [2021-02-11]
FF Extension: (Hoxx VPN Proxy) - C:\Users\User\AppData\Roaming\Mozilla\Firefox\Profiles\nxwrwyjm.default-release\Extensions\@hoxx-vpn.xpi [2021-08-29]
FF Extension: (HTTPS Everywhere) - C:\Users\User\AppData\Roaming\Mozilla\Firefox\Profiles\nxwrwyjm.default-release\Extensions\https-everywhere@eff.org.xpi [2021-08-29]
FF Extension: (Privacy Badger) - C:\Users\User\AppData\Roaming\Mozilla\Firefox\Profiles\nxwrwyjm.default-release\Extensions\jid1-MnnxcxisBPnSXQ@jetpack.xpi [2021-08-29]
FF Extension: (NoScript) - C:\Users\User\AppData\Roaming\Mozilla\Firefox\Profiles\nxwrwyjm.default-release\Extensions\{73a6fe31-595d-460b-a920-fcc0f8843232}.xpi [2021-08-29]
FF Extension: (Adblock Plus - free ad blocker) - C:\Users\User\AppData\Roaming\Mozilla\Firefox\Profiles\nxwrwyjm.default-release\Extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi [2021-08-29]
FF Plugin: @videolan.org/vlc,version=3.0.11 -> C:\Program Files\VideoLAN\VLC\npvlc.dll [2021-06-08] (VideoLAN -> VideoLAN)
FF Plugin: @videolan.org/vlc,version=3.0.12 -> C:\Program Files\VideoLAN\VLC\npvlc.dll [2021-06-08] (VideoLAN -> VideoLAN)
FF Plugin: @videolan.org/vlc,version=3.0.14 -> C:\Program Files\VideoLAN\VLC\npvlc.dll [2021-06-08] (VideoLAN -> VideoLAN)
FF Plugin: @videolan.org/vlc,version=3.0.15 -> C:\Program Files\VideoLAN\VLC\npvlc.dll [2021-06-08] (VideoLAN -> VideoLAN)
FF Plugin: Adobe Acrobat -> C:\Program Files\Adobe\Acrobat DC\Acrobat\Air\nppdf32.dll [2021-09-09] (Adobe Inc. -> Adobe Systems Inc.)
Chrome:
=======
CHR Profile: C:\Users\User\AppData\Local\Google\Chrome\User Data\Default [2021-06-06]
CHR Extension: (Slides) - C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2021-02-10]
CHR Extension: (Docs) - C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2021-02-10]
CHR Extension: (Google Drive) - C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2021-02-10]
CHR Extension: (YouTube) - C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2021-02-10]
CHR Extension: (Sheets) - C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2021-02-10]
CHR Extension: (Google Docs Offline) - C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2021-02-10]
CHR Extension: (Chrome Web Store Payments) - C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2021-02-10]
CHR Extension: (Gmail) - C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2021-02-10]
CHR Extension: (Chrome Media Router) - C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm [2021-02-10]
Brave:
=======
BRA Profile: C:\Users\User\AppData\Local\BraveSoftware\Brave-Browser\User Data\Default [2021-09-15]
BRA Notifications: Default -> hxxps://www.rt.com
BRA DefaultSearchURL: Default -> hxxps://duckduckgo.com/?q={searchTerms}&t=brave
BRA DefaultSearchKeyword: Default -> :d
BRA DefaultSuggestURL: Default -> hxxps://ac.duckduckgo.com/ac/?q={searchTerms}&type=list
BRA Extension: (Brave Local Data Files Updater) - C:\Users\User\AppData\Local\BraveSoftware\Brave-Browser\User Data\afalakplffnnnlkncjhbmahjfjhmlkal [2021-08-11]
BRA Extension: (Brave Ad Block Updater (Default)) - C:\Users\User\AppData\Local\BraveSoftware\Brave-Browser\User Data\cffkpbalmllkdoenhmdmpbkajipdjfam [2021-09-15]
BRA Extension: (Brave SpeedReader Updater) - C:\Users\User\AppData\Local\BraveSoftware\Brave-Browser\User Data\jicbkmdloagakknpihibphagfckhjdih [2021-09-14]
BRA Extension: (Brave NTP sponsored images) - C:\Users\User\AppData\Local\BraveSoftware\Brave-Browser\User Data\mjpbonbjgpinifgnneajcbigekbpfige [2021-09-15]
BRA Extension: (Brave HTTPS Everywhere Updater) - C:\Users\User\AppData\Local\BraveSoftware\Brave-Browser\User Data\oofiananboodjbbmdelgdommihjbkfag [2021-09-15]
==================== Services (Whitelisted) ===================
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
R2 !SASCORE; C:\Program Files\SUPERAntiSpyware\SASCORE64.EXE [173472 2021-01-09] (SUPERAntiSpyware.com -> SUPERAntiSpyware.com)
R2 AdobeARMservice; C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe [169728 2021-08-16] (Adobe Inc. -> Adobe Inc.)
R2 AVControlCenter; C:\Program Files\Lenovo\Communications Utility\AVControlCenter32.exe [566288 2016-04-12] (LENOVO -> Lenovo Corporation)
S2 brave; C:\Program Files (x86)\BraveSoftware\Update\BraveUpdate.exe [162384 2021-02-14] (Brave Software, Inc. -> BraveSoftware Inc.)
S3 bravem; C:\Program Files (x86)\BraveSoftware\Update\BraveUpdate.exe [162384 2021-02-14] (Brave Software, Inc. -> BraveSoftware Inc.)
R2 GUBootService; C:\Program Files (x86)\Glary Utilities 5\GUBootService.exe [867712 2021-09-06] (Glarysoft LTD -> Glarysoft Ltd)
R2 Lenovo Settings Service; C:\Program Files\Lenovo\SettingsDependency\SettingsService.exe [2023592 2015-09-25] (LENOVO -> Lenovo Group Limited)
R3 LENOVO.TVTVCAM; C:\Program Files\Lenovo\Communications Utility\vcamsvc.exe [631312 2016-04-12] (LENOVO -> Lenovo Corporation)
S3 LnvHotSpotSvc; C:\Program Files\Lenovo\Lenovo Mobile Hotspot\LnvHotSpotSvc.exe [480712 2015-03-23] (LENOVO -> Lenovo)
S2 LocationTaskManager; C:\Program Files (x86)\Lenovo\LocationAware\loctaskmgr.exe [469720 2015-05-12] (LENOVO -> )
S2 LPlatSvc; C:\Windows\System32\LPlatSvc.exe [892288 2019-12-11] (Lenovo -> Lenovo.)
R2 NortonSecurity; C:\Program Files\Norton Security\Engine\22.21.6.53\NortonSecurity.exe [343336 2021-07-29] (NortonLifeLock Inc. -> Symantec Corporation)
R2 nsWscSvc; C:\Program Files\Norton Security\Engine\22.21.6.53\nsWscSvc.exe [1058664 2021-07-29] (NortonLifeLock Inc. -> NortonLifeLock Inc.)
S3 Sense; C:\Program Files\Windows Defender Advanced Threat Protection\MsSense.exe [5394872 2021-08-11] (Microsoft Windows Publisher -> Microsoft Corporation)
R2 TeamViewer; C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe [13271336 2021-08-12] (TeamViewer Germany GmbH -> TeamViewer Germany GmbH)
S3 WdNisSvc; C:\ProgramData\Microsoft\Windows Defender\platform\4.18.2011.6-0\NisSrv.exe [2491880 2021-02-08] (Microsoft Windows Publisher -> Microsoft Corporation)
S3 WinDefend; C:\ProgramData\Microsoft\Windows Defender\platform\4.18.2011.6-0\MsMpEng.exe [128376 2021-02-08] (Microsoft Windows Publisher -> Microsoft Corporation)
===================== Drivers (Whitelisted) ===================
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
R1 BHDrvx64; C:\Program Files\Norton Security\NortonData\22.20.5.39\Definitions\BASHDefs\20210913.004\BHDrvx64.sys [2018776 2021-09-13] (Microsoft Windows Hardware Compatibility Publisher -> Broadcom)
S3 BthA2dp; C:\Windows\System32\drivers\BthA2dp.sys [279040 2019-12-07] (Microsoft Corporation) [File not signed]
R1 ccSet_NGC; C:\Windows\System32\drivers\NGCx64\1615060.035\ccSetx64.sys [192248 2021-07-29] (Symantec Corporation -> Symantec Corporation)
R1 eeCtrl; C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\eeCtrl64.sys [516168 2021-02-10] (Symantec Corporation -> Broadcom)
R3 EraserUtilRebootDrv; C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [153672 2021-02-10] (Symantec Corporation -> Broadcom)
R1 GUBootStartup; C:\Windows\System32\drivers\GUBootStartup.sys [30720 2021-02-10] (Microsoft Windows Hardware Compatibility Publisher -> Glarysoft Ltd)
R1 IDSVia64; C:\Program Files\Norton Security\NortonData\22.20.5.39\Definitions\IPSDefs\20210914.061\IDSvia64.sys [1480128 2021-08-23] (Microsoft Windows Hardware Compatibility Publisher -> Broadcom)
R3 LnvHIDHW; C:\Windows\System32\drivers\LnvHIDHW.sys [29496 2014-04-07] (Lenovo(Japan)Ltd. -> Lenovo)
R2 npf; C:\Windows\System32\drivers\npf.sys [36600 2014-04-18] (Riverbed Technology, Inc. -> Riverbed Technology, Inc.)
S3 nsvst_NGC; C:\Windows\System32\drivers\NGCx64\1615060.035\nsvst.sys [56080 2021-07-29] (NortonLifeLock Inc. -> NortonLifeLock Inc.)
R0 PMDRVS; C:\Windows\System32\drivers\pmdrvs.sys [38160 2019-12-11] (Lenovo -> Lenovo.)
R3 qcusbserlno2k; C:\Windows\system32\DRIVERS\qcusbserlno2k.sys [231040 2011-05-23] (Microsoft Windows Hardware Compatibility Publisher -> QUALCOMM Incorporated)
R2 rimspci; C:\Windows\system32\DRIVERS\rimspe64.sys [61952 2009-10-26] (Microsoft Windows Hardware Compatibility Publisher -> REDC)
R1 SASDIFSV; C:\Program Files\SUPERAntiSpyware\SASDIFSV64.SYS [14928 2021-01-09] (Support.com, Inc. -> SUPERAdBlocker.com and SUPERAntiSpyware.com)
R1 SASKUTIL; C:\Program Files\SUPERAntiSpyware\SASKUTIL64.SYS [12368 2021-01-09] (Support.com, Inc. -> SUPERAdBlocker.com and SUPERAntiSpyware.com)
R3 SRTSP; C:\Windows\System32\drivers\NGCx64\1615060.035\SRTSP64.SYS [885192 2021-07-29] (Microsoft Windows Hardware Compatibility Publisher -> Broadcom)
R1 SRTSPX; C:\Windows\System32\drivers\NGCx64\1615060.035\SRTSPX64.SYS [41928 2021-07-29] (Microsoft Windows Hardware Compatibility Publisher -> Broadcom)
R3 SrvHsfHDA; C:\Windows\system32\DRIVERS\VSTAZL6.SYS [292864 2019-12-07] (Microsoft Windows -> Conexant Systems, Inc.)
R3 SrvHsfV92; C:\Windows\system32\DRIVERS\VSTDPV6.SYS [1485312 2019-12-07] (Microsoft Windows -> Conexant Systems, Inc.)
R3 SrvHsfWinac; C:\Windows\system32\DRIVERS\VSTCNXT6.SYS [740864 2019-12-07] (Microsoft Windows -> Conexant Systems, Inc.)
R0 SymEFASI; C:\Windows\System32\drivers\NGCx64\1615060.035\SYMEFASI64.SYS [2062424 2021-07-29] (Symantec Corporation -> Broadcom)
S0 SymELAM; C:\Windows\System32\drivers\NGCx64\1615060.035\SymELAM.sys [25080 2021-07-29] (Microsoft Windows Early Launch Anti-malware Publisher -> Broadcom Corporation)
R3 SymEvent; C:\Windows\system32\Drivers\SYMEVENT64x86.SYS [93152 2021-08-10] (Microsoft Windows Hardware Compatibility Publisher -> Broadcom)
R3 SymEvnt; C:\Program Files\Norton Security\NortonData\22.20.5.39\SymPlatform\SymEvnt.sys [712432 2021-07-13] (Symantec Corporation -> Symantec Corporation)
R1 SymIRON; C:\Windows\System32\drivers\NGCx64\1615060.035\Ironx64.SYS [317296 2021-07-29] (Symantec Corporation -> Broadcom)
R1 SymNetS; C:\Windows\System32\drivers\NGCx64\1615060.035\symnets.sys [575328 2021-07-29] (Symantec Corporation -> Symantec Corporation)
S3 WdBoot; C:\Windows\system32\drivers\wd\WdBoot.sys [48536 2021-02-08] (Microsoft Windows Early Launch Anti-malware Publisher -> Microsoft Corporation)
S3 WdFilter; C:\Windows\system32\drivers\wd\WdFilter.sys [429296 2021-02-08] (Microsoft Windows -> Microsoft Corporation)
S3 WdNisDrv; C:\Windows\System32\drivers\wd\WdNisDrv.sys [70896 2021-02-08] (Microsoft Windows -> Microsoft Corporation)
R1 wpCtrlDrv_NGC; C:\Windows\System32\drivers\NGCx64\1615060.035\wpCtrlDrv.sys [1015760 2021-07-29] (NortonLifeLock Inc. -> NortonLifeLock Inc.)
==================== NetSvcs (Whitelisted) ===================
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
==================== One month (created) (Whitelisted) =========
(If an entry is included in the fixlist, the file/folder will be moved.)
2021-09-15 14:49 - 2021-09-15 14:52 - 000026118 _____ C:\Users\User\Downloads\FRST.txt
2021-09-15 14:46 - 2021-09-15 14:50 - 000000000 ____D C:\FRST
2021-09-15 14:36 - 2021-09-15 14:36 - 002304000 _____ (Farbar) C:\Users\User\Downloads\FRST64.exe
2021-09-15 11:37 - 2021-09-15 11:37 - 000000000 ____D C:\Windows\system32\Tasks\Remediation
2021-09-10 10:22 - 2021-09-10 10:22 - 000255928 _____ (Malwarebytes) C:\Windows\system32\Drivers\4156B204.sys
2021-09-10 10:22 - 2021-09-10 10:22 - 000000000 ____D C:\ProgramData\Malwarebytes
2021-09-10 10:21 - 2021-09-10 11:56 - 000192952 _____ (Malwarebytes) C:\Windows\system32\Drivers\mbamchameleon.sys
2021-09-10 10:21 - 2021-09-10 10:56 - 000000000 ____D C:\Users\User\Documents\mbar
2021-09-10 10:21 - 2021-09-10 10:56 - 000000000 ____D C:\ProgramData\Malwarebytes' Anti-Malware (portable)
2021-09-10 10:20 - 2021-09-10 10:20 - 014178840 _____ (Malwarebytes Corp.) C:\Users\User\Downloads\mbar-1.10.3.1001.exe
2021-09-09 21:04 - 2021-09-15 14:17 - 000007310 _____ C:\Windows\ntbtlog.txt
2021-09-09 16:23 - 2021-09-09 16:23 - 000000000 ____D C:\Users\User\AppData\Local\NPE
2021-09-09 16:17 - 2021-09-09 16:18 - 000004484 _____ C:\TDSSKiller.3.1.0.28_09.09.2021_16.17.01_log.txt
2021-09-09 12:07 - 2021-09-09 12:08 - 000004484 _____ C:\TDSSKiller.3.1.0.28_09.09.2021_12.07.54_log.txt
2021-09-09 11:59 - 2021-09-09 12:02 - 000319296 _____ C:\TDSSKiller.3.1.0.28_09.09.2021_11.59.36_log.txt
2021-09-09 11:59 - 2021-09-09 11:59 - 005054744 _____ (AO Kaspersky Lab) C:\Users\User\Downloads\tdsskiller.exe
2021-09-08 17:25 - 2021-09-08 17:25 - 019829840 _____ (Glarysoft Ltd) C:\Users\User\Downloads\Glary_Utilities_v5.173.0.201.exe
2021-09-08 17:22 - 2021-09-08 17:23 - 031850712 _____ (Bandicam Company) C:\Users\User\Downloads\Bandicam_v5.3.0.1879.exe
2021-09-08 16:41 - 2021-09-08 16:41 - 000001921 _____ C:\Users\User\Desktop\Norton Utilities.lnk
2021-09-08 16:41 - 2021-09-08 16:41 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Norton
2021-09-05 19:46 - 2021-09-05 19:46 - 000000000 ____D C:\Users\User\Downloads\QA - Technical Department - Yetminster DT9 - Indeed.com_files
2021-09-05 19:45 - 2021-09-05 19:46 - 000322107 _____ C:\Users\User\Downloads\QA - Technical Department - Yetminster DT9 - Indeed.com.html
2021-09-03 14:48 - 2021-09-03 14:48 - 000000000 ____D C:\Users\User\AppData\Local\Tvsukernel
2021-09-03 14:15 - 2021-09-03 14:15 - 000000000 ____D C:\Windows\LastGood.Tmp
2021-09-03 14:14 - 2021-09-03 14:14 - 000040888 _____ (NVIDIA Corporation) C:\Windows\system32\nvhdap64.dll
2021-09-03 14:10 - 2021-09-03 14:10 - 000000000 ____D C:\Users\User\AppData\Roaming\iTop Screenshot
2021-09-03 14:10 - 2021-09-03 14:10 - 000000000 ____D C:\Users\User\AppData\LocalLow\iTop Screen Recorder
2021-09-03 14:09 - 2021-09-03 14:10 - 000000000 ____D C:\Users\User\AppData\Roaming\iTop Screen Recorder
2021-09-03 14:09 - 2021-09-03 14:10 - 000000000 ____D C:\ProgramData\iTop
2021-09-03 14:09 - 2021-09-03 14:09 - 000000000 ____D C:\ProgramData\iTop VPN
2021-09-03 14:09 - 2021-09-03 14:09 - 000000000 ____D C:\ProgramData\{150F4013-6884-4350-8DDC-6BFCB4C5DC15}
2021-09-03 14:08 - 2021-09-03 15:05 - 000000000 ____D C:\ProgramData\ProductData
2021-09-03 14:08 - 2021-09-03 14:16 - 000000000 ____D C:\Users\User\AppData\Roaming\instinfo
2021-09-03 14:08 - 2021-09-03 14:08 - 000000000 ____D C:\Users\User\AppData\LocalLow\IObit
2021-09-03 14:07 - 2021-09-03 14:07 - 000000000 ____D C:\ProgramData\{E0224FF9-7AE3-4F9E-991A-2F004F7E3952}
2021-09-03 14:06 - 2021-09-03 14:30 - 000000000 ____D C:\ProgramData\IObit
2021-09-03 14:06 - 2021-09-03 14:08 - 000000000 ____D C:\Users\User\AppData\Roaming\IObit
2021-09-03 10:33 - 2021-09-03 10:33 - 000002359 _____ C:\Users\User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Microsoft Teams.lnk
2021-09-03 10:32 - 2021-09-03 10:32 - 000000000 ____D C:\Users\User\AppData\Roaming\Teams
2021-09-03 10:25 - 2021-09-03 10:34 - 000000000 ____D C:\Users\User\AppData\Local\SquirrelTemp
2021-08-31 14:50 - 2021-08-31 14:50 - 000000000 ___HD C:\ProgramData\CanonBJ
2021-08-31 14:50 - 2015-03-12 05:00 - 000406528 _____ (CANON INC.) C:\Windows\system32\CNMLMCT.DLL
2021-08-29 17:21 - 2021-08-29 17:21 - 000000000 ____D C:\Windows\system32\Tasks\Mozilla
2021-08-29 17:03 - 2021-09-03 10:56 - 000000000 ____D C:\Program Files\Mozilla Firefox
2021-08-26 13:17 - 2021-08-26 13:17 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\lenovo
2021-08-26 13:15 - 2021-08-26 13:15 - 008307216 _____ (Lenovo ) C:\Users\User\Downloads\system_update_5.07.0127.exe
2021-08-26 13:09 - 2021-08-26 13:09 - 003221952 _____ (Lenovo ) C:\Users\User\Downloads\LSBSetup (2).exe
2021-08-26 12:14 - 2021-08-26 12:14 - 000001849 _____ C:\Users\Public\Desktop\SUPERAntiSpyware Free Edition.lnk
2021-08-26 12:14 - 2021-08-26 12:14 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\SUPERAntiSpyware
2021-08-18 16:16 - 2021-08-18 16:16 - 000002884 _____ C:\Windows\system32\Tasks\CCleanerSkipUAC - User
==================== One month (modified) ==================
(If an entry is included in the fixlist, the file/folder will be moved.)
2021-09-15 14:32 - 2019-12-07 10:14 - 000000000 ____D C:\ProgramData\regid.1991-06.com.microsoft
2021-09-15 14:17 - 2020-07-09 21:24 - 000000000 ____D C:\Windows\system32\SleepStudy
2021-09-15 12:00 - 2020-07-09 21:40 - 000004562 _____ C:\Windows\system32\Tasks\Adobe Acrobat Update Task
2021-09-15 11:59 - 2021-07-31 14:45 - 000002061 _____ C:\Users\Public\Desktop\Adobe Acrobat DC.lnk
2021-09-15 11:59 - 2021-06-09 13:12 - 000002073 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Acrobat DC.lnk
2021-09-15 11:32 - 2021-02-10 16:47 - 000000000 ____D C:\Program Files\CCleaner
2021-09-15 11:31 - 2021-02-14 18:03 - 000002364 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Brave.lnk
2021-09-15 11:31 - 2021-02-14 18:03 - 000002323 _____ C:\Users\Public\Desktop\Brave.lnk
2021-09-15 11:13 - 2021-02-10 16:47 - 000003936 _____ C:\Windows\system32\Tasks\CCleaner Update
2021-09-15 08:25 - 2021-08-10 18:43 - 000000000 ____D C:\Windows\system32\Tasks\Norton 360
2021-09-14 22:06 - 2021-02-11 14:36 - 000000000 ____D C:\Users\User\AppData\Roaming\Stellarium
2021-09-14 22:06 - 2021-02-10 16:02 - 000000000 ____D C:\Users\User\AppData\Roaming\vlc
2021-09-14 15:37 - 2020-07-09 21:44 - 133215968 ____C (Microsoft Corporation) C:\Windows\system32\MRT.exe
2021-09-14 11:32 - 2019-12-07 10:14 - 000000000 ___HD C:\Program Files\WindowsApps
2021-09-14 11:32 - 2019-12-07 10:14 - 000000000 ____D C:\Windows\AppReadiness
2021-09-13 12:17 - 2021-02-10 22:21 - 000002438 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Edge.lnk
2021-09-13 09:33 - 2021-02-10 16:19 - 000000000 ____D C:\Program Files (x86)\Glary Utilities 5
2021-09-11 17:17 - 2021-02-10 18:46 - 000000000 ____D C:\Program Files\Microsoft Update Health Tools
2021-09-09 17:38 - 2020-07-09 21:38 - 000000000 ____D C:\Program Files (x86)\TeamViewer
2021-09-09 17:37 - 2020-07-09 21:24 - 000000006 ____H C:\Windows\Tasks\SA.DAT
2021-09-09 17:37 - 2020-07-09 21:23 - 000008192 ___SH C:\DumpStack.log.tmp
2021-09-09 17:36 - 2019-12-07 10:03 - 000786432 _____ C:\Windows\system32\config\BBI
2021-09-09 17:18 - 2021-02-11 12:31 - 000000000 ____D C:\Users\User\AppData\Local\CrashDumps
2021-09-09 16:23 - 2021-02-10 13:55 - 000000000 ____D C:\ProgramData\Norton
2021-09-08 17:26 - 2021-02-10 16:19 - 000003288 _____ C:\Windows\system32\Tasks\GlaryInitialize 5
2021-09-08 17:26 - 2021-02-10 16:19 - 000003024 _____ C:\Windows\system32\Tasks\GU5SkipUAC
2021-09-08 17:26 - 2021-02-10 16:19 - 000001161 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Glary Utilities 5.lnk
2021-09-08 17:26 - 2021-02-10 16:19 - 000001149 _____ C:\Users\Public\Desktop\Glary Utilities 5.lnk
2021-09-08 17:24 - 2021-02-27 22:11 - 000001057 _____ C:\Users\Public\Desktop\Bandicam.lnk
2021-09-08 17:24 - 2021-02-27 22:10 - 000000000 ____D C:\Program Files (x86)\BandiMPEG1
2021-09-08 17:24 - 2021-02-27 22:10 - 000000000 ____D C:\Program Files (x86)\Bandicam
2021-09-08 16:41 - 2021-07-08 14:15 - 000000000 ____D C:\Program Files\Norton Utilities
2021-09-06 13:02 - 2021-06-16 12:11 - 000000000 ____D C:\Program Files\SUPERAntiSpyware
2021-09-06 09:59 - 2021-02-11 21:52 - 000000000 ____D C:\Users\User\AppData\LocalLow\Mozilla
2021-09-04 08:34 - 2021-03-19 11:51 - 000000000 ____D C:\Users\User\AppData\LocalLow\Norton
2021-09-03 14:59 - 2021-04-30 14:43 - 000000000 ____D C:\Windows\TempInst
2021-09-03 14:59 - 2019-12-07 10:13 - 000000000 ____D C:\Windows\INF
2021-09-03 14:14 - 2021-02-08 16:05 - 001524664 _____ (NVIDIA Corporation) C:\Windows\system32\nvhdagenco6420103.dll
2021-09-03 14:14 - 2021-02-08 16:05 - 000206776 _____ (NVIDIA Corporation) C:\Windows\system32\Drivers\nvhda64v.sys
2021-09-03 11:01 - 2019-12-07 10:03 - 000032768 _____ C:\Windows\system32\config\ELAM
2021-09-03 10:56 - 2021-02-28 15:19 - 000000000 ____D C:\Program Files (x86)\Mozilla Maintenance Service
2021-08-29 22:59 - 2021-02-11 18:53 - 000000000 ____D C:\Users\User\Documents\VSO Downloader
2021-08-29 17:21 - 2021-02-28 15:19 - 000001005 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Firefox.lnk
2021-08-27 21:15 - 2020-07-09 21:30 - 000840838 _____ C:\Windows\system32\PerfStringBackup.INI
2021-08-26 13:17 - 2021-04-30 14:44 - 000000000 ____D C:\Windows\system32\Tasks\TVT
2021-08-26 13:16 - 2021-06-02 16:58 - 000000831 _____ C:\Windows\SysWOW64\InstallUtil.InstallLog
2021-08-26 13:16 - 2020-08-28 09:18 - 000000000 ____D C:\Program Files (x86)\Lenovo
2021-08-26 13:10 - 2021-04-30 15:19 - 000000000 ____D C:\Users\User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Lenovo
2021-08-26 13:10 - 2021-04-30 11:58 - 000000000 ____D C:\Windows\system32\Tasks\Lenovo
2021-08-26 12:08 - 2021-02-10 16:19 - 000000000 ____D C:\Users\User\AppData\Roaming\GlarySoft
2021-08-19 12:42 - 2021-06-17 12:07 - 000000000 ____D C:\ProgramData\TEMP
2021-08-19 12:41 - 2021-06-17 20:55 - 000000000 ____D C:\Program Files (x86)\SpywareBlaster
2021-08-18 08:12 - 2021-02-10 22:20 - 000003480 _____ C:\Windows\system32\Tasks\MicrosoftEdgeUpdateTaskMachineUA
2021-08-18 08:12 - 2021-02-10 22:20 - 000003356 _____ C:\Windows\system32\Tasks\MicrosoftEdgeUpdateTaskMachineCore
2021-08-17 01:22 - 2021-02-10 18:46 - 000740168 _____ (Microsoft Corporation) C:\Windows\system32\sedplugins.dll
2021-08-17 01:22 - 2021-02-10 18:46 - 000486728 _____ (Microsoft Corporation) C:\Windows\system32\QualityUpdateAssistant.dll
==================== SigCheck ============================
(There is no automatic fix for files that do not pass verification.)
==================== End of FRST.txt ========================
Additional scan result of Farbar Recovery Scan Tool (x64) Version: 15-09-2021
Ran by User (15-09-2021 14:53:42)
Running from C:\Users\User\Downloads
Windows 10 Pro Version 20H2 19042.1165 (X64) (2020-08-27 16:13:03)
Boot Mode: Normal
==========================================================
==================== Accounts: =============================
(If an entry is included in the fixlist, it will be removed.)
Administrator (S-1-5-21-725688832-2798266748-3951577904-500 - Administrator - Disabled)
DefaultAccount (S-1-5-21-725688832-2798266748-3951577904-503 - Limited - Disabled)
Guest (S-1-5-21-725688832-2798266748-3951577904-501 - Limited - Disabled)
User (S-1-5-21-725688832-2798266748-3951577904-1002 - Administrator - Enabled) => C:\Users\User
WDAGUtilityAccount (S-1-5-21-725688832-2798266748-3951577904-504 - Limited - Disabled)
==================== Security Center ========================
(If an entry is included in the fixlist, it will be removed.)
AV: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AV: Norton 360 (Enabled - Up to date) {AECE2126-F4E7-6909-11F2-1B69D1FBCBD0}
AV: Norton 360 (Enabled - Up to date) {9E3FD331-C4C2-7AC4-0537-131EEF1B1F8A}
FW: Norton 360 (Enabled) {A6045214-8EAD-7B9C-2E68-BA2B11C858F1}
FW: Norton 360 (Enabled) {96F5A003-BE88-6851-3AAD-B25C2F288CAB}
==================== Installed Programs ======================
(Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)
Adobe Acrobat DC (64-bit) (HKLM\...\{AC76BA86-1033-1033-7760-BC15014EA700}) (Version: 21.007.20091 - Adobe)
Bandicam (HKLM-x32\...\Bandicam) (Version: 5.3.0.1879 - Bandicam.com)
Bandicam MPEG-1 Decoder (HKLM-x32\...\BandiMPEG1) (Version: - Bandicam.com)
Brave (HKLM-x32\...\BraveSoftware Brave-Browser) (Version: 93.1.29.81 - Brave Software Inc)
CCleaner (HKLM\...\CCleaner) (Version: 5.85 - Piriform)
Conexant 20585 SmartAudio HD (HKLM\...\CNXT_AUDIO_HDA) (Version: 4.95.49.53 - Conexant)
Core Temp 1.17.1 (HKLM\...\{086D343F-8E78-4AFC-81AC-D6D414AFD8AC}_is1) (Version: 1.17.1 - ALCPU)
Epson Software Updater (HKLM-x32\...\{D2D9559D-359A-4C61-B93A-FE01AE2BFB75}) (Version: 4.5.4 - Seiko Epson Corporation)
Glary Utilities 5.173 (HKLM-x32\...\Glary Utilities 5) (Version: 5.173.0.201 - Glarysoft Ltd)
Google Update Helper (HKLM-x32\...\{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}) (Version: 1.3.101.0 - Google LLC) Hidden
Intel(R) Turbo Boost Technology Driver (HKLM-x32\...\{D6C630BF-8DBB-4042-8562-DC9A52CB6E7E}) (Version: 01.02.00.1002 - Intel Corporation)
Lenovo Patch Utility (HKLM-x32\...\{E8F27ADF-B1ED-41AF-A7EF-D5E71778480C}) (Version: 1.3.2.6 - Lenovo Group Limited) Hidden
Lenovo Patch Utility 64 bit (HKLM\...\{49A09C2C-FFF4-478E-B397-5E0979F67F5D}) (Version: 1.3.2.6 - Lenovo Group Limited) Hidden
Lenovo Service Bridge (HKU\S-1-5-21-725688832-2798266748-3951577904-1002\...\{2C74547D-EF88-47F4-85F5-BE46A31E26B7}_is1) (Version: 5.0.2.5 - Lenovo)
Lenovo Settings Dependency Package (HKLM\...\{3694BA2E-BE31-4B7E-886B-A0B559E69D4D}_is1) (Version: 2.4.0.21 - Lenovo Group Limited)
Lenovo System Update (HKLM-x32\...\TVSU_is1) (Version: 5.07.0127 - Lenovo)
Metric Collection SDK (HKLM-x32\...\{DDAA788F-52E6-44EA-ADB8-92837B11BF26}) (Version: 1.1.0008.00 - Lenovo Group Limited) Hidden
Microsoft Edge (HKLM-x32\...\Microsoft Edge) (Version: 93.0.961.47 - Microsoft Corporation)
Microsoft Office 2007 Service Pack 3 (SP3) (HKLM-x32\...\{91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{6E107EB7-8B55-48BF-ACCB-199F86A2CD93}) (Version: - Microsoft)
Microsoft Office File Validation Add-In (HKLM-x32\...\{90140000-2005-0000-0000-0000000FF1CE}) (Version: 14.0.5130.5003 - Microsoft Corporation)
Microsoft Office Home and Student 2007 (HKLM-x32\...\HOMESTUDENTR) (Version: 12.0.6612.1000 - Microsoft Corporation)
Microsoft Teams (HKU\S-1-5-21-725688832-2798266748-3951577904-1002\...\Teams) (Version: 1.4.00.22472 - Microsoft Corporation)
Microsoft Update Health Tools (HKLM\...\{7B981965-2FBC-433C-B4B3-E183EE97CD29}) (Version: 2.83.0.0 - Microsoft Corporation)
Microsoft Visual C++ 2015-2019 Redistributable (x64) - 14.25.28508 (HKLM-x32\...\{6913e92a-b64e-41c9-a5e6-cef39207fe89}) (Version: 14.25.28508.3 - Microsoft Corporation)
Microsoft Visual C++ 2015-2019 Redistributable (x86) - 14.23.27820 (HKLM-x32\...\{45231ab4-69fd-486a-859d-7a59fcd11013}) (Version: 14.23.27820.0 - Microsoft Corporation)
Mozilla Firefox (x64 en-US) (HKLM\...\Mozilla Firefox 91.0.2 (x64 en-US)) (Version: 91.0.2 - Mozilla)
Mozilla Maintenance Service (HKLM\...\MozillaMaintenanceService) (Version: 90.0 - Mozilla)
Norton 360 (HKLM-x32\...\NGC) (Version: 22.21.6.53 - NortonLifeLock Inc)
Norton Utilities (HKLM\...\{36896A40-D958-486B-8A43-31A41E129FE2}) (Version: 21.4.3.281 - NortonLifeLock Inc)
NVIDIA Graphics Driver 341.74 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver) (Version: 341.74 - NVIDIA Corporation)
On Screen Display (HKLM\...\OnScreenDisplay) (Version: 6.73.01 - )
SharpKeys (HKLM\...\{DCBF8C2F-0053-4BC7-B7A4-ABEE0D4389FC}) (Version: 3.9.0000 - RandyRants.com)
SpywareBlaster 6.0 (HKLM-x32\...\SpywareBlaster_is1) (Version: 6.0.0 - BrightFort LLC)
Stellarium 0.21.1 (HKLM-x32\...\Stellarium_is1) (Version: 0.21.1 - Stellarium team)
SUPERAntiSpyware (HKLM\...\{CDDCBBF1-2703-46BC-938B-BCC81A1EEAAA}) (Version: 10.0.1238 - SUPERAntiSpyware.com)
Synaptics Pointing Device Driver (HKLM\...\SynTPDeinstKey) (Version: 19.0.17.115 - Synaptics Incorporated)
TeamViewer (HKLM-x32\...\TeamViewer) (Version: 15.21.4 - TeamViewer)
TotalAV Welcome OEM (HKLM-x32\...\TotalAV Welcome OEM) (Version: 1.0.0 - TotalAV Welcome OEM) <==== ATTENTION
Update for 2007 Microsoft Office System (KB967642) (HKLM-x32\...\{91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{C444285D-5E4F-48A4-91DD-47AAAA68E92D}) (Version: - Microsoft)
Virtual Moon Atlas V7.0 (HKLM-x32\...\{3EB7A19B-690F-49BA-B494-CADA547D0DB9}_is1) (Version: - )
VLC media player (HKLM\...\VLC media player) (Version: 3.0.15 - VideoLAN)
VSO Downloader 5.1.1.70 (HKLM-x32\...\{3C5CD638-CAD0-4F6C-81FD-B37D47B411F7}_is1) (Version: 5.1.1.70 - VSO Software)
WinPcap 4.1.3 (HKLM-x32\...\WinPcapInst) (Version: 4.1.0.2980 - CACE Technologies)
Zoom (HKU\S-1-5-21-725688832-2798266748-3951577904-1002\...\ZoomUMX) (Version: 5.6.4 (799) - Zoom Video Communications, Inc.)
Packages:
=========
iTunes -> C:\Program Files\WindowsApps\AppleInc.iTunes_12114.15.53119.0_x64__nzyj5cx40ttqa [2021-08-11] (Apple Inc.) [Startup Task]
Microsoft Advertising SDK for XAML -> C:\Program Files\WindowsApps\Microsoft.Advertising.Xaml_10.1811.1.0_x64__8wekyb3d8bbwe [2021-02-12] (Microsoft Corporation) [MS Ad]
Microsoft Advertising SDK for XAML -> C:\Program Files\WindowsApps\Microsoft.Advertising.Xaml_10.1811.1.0_x86__8wekyb3d8bbwe [2021-02-12] (Microsoft Corporation) [MS Ad]
Photo Frame -> C:\Program Files\WindowsApps\38731basquang.vn.PhotoFrame_1.1.3.0_x64__pyvvk3yw15sng [2021-04-04] (basquang) [MS Ad]
Photos Add-on -> C:\Program Files\WindowsApps\Microsoft.Windows.Photos.DLC.Main_2021.39122.10110.0_x64__8wekyb3d8bbwe [2021-03-23] (Microsoft Corporation)
Photos Media Engine Add-on -> C:\Program Files\WindowsApps\Microsoft.Photos.MediaEngineDLC_1.0.0.0_x64__8wekyb3d8bbwe [2021-02-13] (Microsoft Corporation)
Simple Solitaire -> C:\Program Files\WindowsApps\26720RandomSaladGamesLLC.SimpleSolitaire_7.3.1.0_x64__kx24dqmazqk8j [2021-09-11] (Random Salad Games LLC)
Spotify Music -> C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.167.586.0_x86__zpdnekdrzrea0 [2021-09-03] (Spotify AB) [Startup Task]
The Backgammon -> C:\Program Files\WindowsApps\6918E89D.TheBackgammon_1.2.10.0_x64__66n08swfvvka0 [2021-05-18] (UNBALANCE corp.) [MS Ad]
The Chess Lv.100 -> C:\Program Files\WindowsApps\6918E89D.THECHESSLV.100_1.3.8.0_x64__66n08swfvvka0 [2021-08-13] (UNBALANCE corp.) [MS Ad]
==================== Custom CLSID (Whitelisted): ==============
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
CustomCLSID: HKU\S-1-5-21-725688832-2798266748-3951577904-1002_Classes\CLSID\{19A6E644-14E6-4A60-B8D7-DD20610A871D}\InprocServer32 -> C:\Users\User\AppData\Local\Microsoft\TeamsMeetingAddin\1.0.21140.5\x64\Microsoft.Teams.AddinLoader.dll (Microsoft Corporation -> Microsoft Corporation)
ShellIconOverlayIdentifiers: [ OverlayExcluded] -> {4433A54A-1AC8-432F-90FC-85F045CF383C} => C:\Program Files\Norton Security\Engine\22.21.6.53\buShell.dll [2021-07-29] (NortonLifeLock Inc. -> NortonLifeLock Inc.)
ShellIconOverlayIdentifiers: [ OverlayPending] -> {F17C0B1E-EF8E-4AD4-8E1B-7D7E8CB23225} => C:\Program Files\Norton Security\Engine\22.21.6.53\buShell.dll [2021-07-29] (NortonLifeLock Inc. -> NortonLifeLock Inc.)
ShellIconOverlayIdentifiers: [ OverlayProtected] -> {476D0EA3-80F9-48B5-B70B-05E677C9C148} => C:\Program Files\Norton Security\Engine\22.21.6.53\buShell.dll [2021-07-29] (NortonLifeLock Inc. -> NortonLifeLock Inc.)
ShellIconOverlayIdentifiers: [ OneDrive1] -> {BBACC218-34EA-4666-9D7A-C78F2274A524} => -> No File
ShellIconOverlayIdentifiers: [ OneDrive2] -> {5AB7172C-9C11-405C-8DD5-AF20F3606282} => -> No File
ShellIconOverlayIdentifiers: [ OneDrive3] -> {A78ED123-AB77-406B-9962-2A5D9D2F7F30} => -> No File
ShellIconOverlayIdentifiers: [ OneDrive4] -> {F241C880-6982-4CE5-8CF7-7085BA96DA5A} => -> No File
ShellIconOverlayIdentifiers: [ OneDrive5] -> {A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E} => -> No File
ShellIconOverlayIdentifiers: [ OneDrive6] -> {9AA2F32D-362A-42D9-9328-24A483E2CCC3} => -> No File
ShellIconOverlayIdentifiers: [ OneDrive7] -> {C5FF006E-2AE9-408C-B85B-2DFDD5449D9C} => -> No File
ShellIconOverlayIdentifiers-x32: [ OverlayExcluded] -> {4433A54A-1AC8-432F-90FC-85F045CF383C} => C:\Program Files\Norton Security\Engine\22.21.6.53\buShell.dll [2021-07-29] (NortonLifeLock Inc. -> NortonLifeLock Inc.)
ShellIconOverlayIdentifiers-x32: [ OverlayPending] -> {F17C0B1E-EF8E-4AD4-8E1B-7D7E8CB23225} => C:\Program Files\Norton Security\Engine\22.21.6.53\buShell.dll [2021-07-29] (NortonLifeLock Inc. -> NortonLifeLock Inc.)
ShellIconOverlayIdentifiers-x32: [ OverlayProtected] -> {476D0EA3-80F9-48B5-B70B-05E677C9C148} => C:\Program Files\Norton Security\Engine\22.21.6.53\buShell.dll [2021-07-29] (NortonLifeLock Inc. -> NortonLifeLock Inc.)
ShellIconOverlayIdentifiers-x32: [ OneDrive1] -> {BBACC218-34EA-4666-9D7A-C78F2274A524} => -> No File
ShellIconOverlayIdentifiers-x32: [ OneDrive2] -> {5AB7172C-9C11-405C-8DD5-AF20F3606282} => -> No File
ShellIconOverlayIdentifiers-x32: [ OneDrive3] -> {A78ED123-AB77-406B-9962-2A5D9D2F7F30} => -> No File
ShellIconOverlayIdentifiers-x32: [ OneDrive4] -> {F241C880-6982-4CE5-8CF7-7085BA96DA5A} => -> No File
ShellIconOverlayIdentifiers-x32: [ OneDrive5] -> {A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E} => -> No File
ShellIconOverlayIdentifiers-x32: [ OneDrive6] -> {9AA2F32D-362A-42D9-9328-24A483E2CCC3} => -> No File
ShellIconOverlayIdentifiers-x32: [ OneDrive7] -> {C5FF006E-2AE9-408C-B85B-2DFDD5449D9C} => -> No File
ContextMenuHandlers1: [BUContextMenu] -> {F7CAA2A1-67A2-44BB-B20F-202FD8EB1DAB} => C:\Program Files\Norton Security\Engine\22.21.6.53\buShell.dll [2021-07-29] (NortonLifeLock Inc. -> NortonLifeLock Inc.)
ContextMenuHandlers1: [Glary Utilities] -> {B3C418F8-922B-4faf-915E-59BC14448CF7} => C:\Program Files (x86)\Glary Utilities 5\x64\ContextHandler.dll [2020-10-12] (Glarysoft LTD -> Glarysoft Ltd)
ContextMenuHandlers1: [NortonLifeLock.Norton.Antivirus.IEContextMenu] -> {FAD61B3D-699D-49B2-BE16-7F82CB4C59CA} => C:\Program Files\Norton Security\Engine\22.21.6.53\NavShExt.dll [2021-07-29] (NortonLifeLock Inc. -> NortonLifeLock Inc.)
ContextMenuHandlers2: [Glary Utilities] -> {B3C418F8-922B-4faf-915E-59BC14448CF7} => C:\Program Files (x86)\Glary Utilities 5\x64\ContextHandler.dll [2020-10-12] (Glarysoft LTD -> Glarysoft Ltd)
ContextMenuHandlers2: [NortonLifeLock.Norton.Antivirus.IEContextMenu] -> {FAD61B3D-699D-49B2-BE16-7F82CB4C59CA} => C:\Program Files\Norton Security\Engine\22.21.6.53\NavShExt.dll [2021-07-29] (NortonLifeLock Inc. -> NortonLifeLock Inc.)
ContextMenuHandlers5: [igfxcui] -> {3AB1675A-CCFF-11D2-8B20-00A0C93CB1F4} => C:\Windows\system32\igfxpph.dll [2012-11-26] (Microsoft Windows Hardware Compatibility Publisher -> Intel Corporation)
ContextMenuHandlers5: [NvCplDesktopContext] -> {3D1975AF-48C6-4f8e-A182-BE0E08FA86A9} => C:\Windows\system32\nvshext.dll [2015-06-29] (NVIDIA Corporation -> NVIDIA Corporation)
ContextMenuHandlers6: [BUContextMenu] -> {F7CAA2A1-67A2-44BB-B20F-202FD8EB1DAB} => C:\Program Files\Norton Security\Engine\22.21.6.53\buShell.dll [2021-07-29] (NortonLifeLock Inc. -> NortonLifeLock Inc.)
ContextMenuHandlers6: [Glary Utilities] -> {B3C418F8-922B-4faf-915E-59BC14448CF7} => C:\Program Files (x86)\Glary Utilities 5\x64\ContextHandler.dll [2020-10-12] (Glarysoft LTD -> Glarysoft Ltd)
ContextMenuHandlers6: [NortonLifeLock.Norton.Antivirus.IEContextMenu] -> {FAD61B3D-699D-49B2-BE16-7F82CB4C59CA} => C:\Program Files\Norton Security\Engine\22.21.6.53\NavShExt.dll [2021-07-29] (NortonLifeLock Inc. -> NortonLifeLock Inc.)
==================== Codecs (Whitelisted) ====================
(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
HKLM\...\Drivers32: [vidc.mjpg] => C:\Windows\system32\bdmjpeg64.dll [75248 2017-01-26] (Bandicam Company -> )
HKLM\...\Drivers32: [vidc.mpeg] => C:\Windows\system32\bdmpegv64.dll [75272 2017-01-26] (Bandicam Company -> )
HKLM\...\Drivers32: [msacm.bdmpeg] => C:\Windows\system32\bdmpega64.acm [75784 2017-01-26] (Bandicam Company -> )
HKLM\...\Drivers32: [vidc.mjpg] => C:\Windows\SysWOW64\bdmjpeg.dll [71152 2017-01-26] (Bandicam Company -> )
HKLM\...\Drivers32: [vidc.mpeg] => C:\Windows\SysWOW64\bdmpegv.dll [71176 2017-01-26] (Bandicam Company -> )
HKLM\...\Drivers32: [msacm.bdmpeg] => C:\Windows\SysWOW64\bdmpega.acm [71176 2017-01-26] (Bandicam Company -> )
==================== Shortcuts & WMI ========================
(The entries could be listed to be restored or removed.)
ShortcutWithArgument: C:\Users\User\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\ImplicitAppShortcuts\188f5ec9d11ded56\Microsoft Edge.lnk -> C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe (Microsoft Corporation) -> --profile-directory="Profile 1"
==================== Loaded Modules (Whitelisted) =============
2021-04-30 12:00 - 2016-04-14 07:50 - 000107008 ____N () [File not signed] C:\Program Files (x86)\ThinkPad\Utilities\US\PWMRT64V.dll
2021-04-30 12:03 - 2016-04-05 09:37 - 002085888 _____ () [File not signed] C:\Program Files\Lenovo\Communications Utility\cv210.dll
2021-04-30 12:03 - 2016-04-05 09:37 - 002201088 _____ () [File not signed] C:\Program Files\Lenovo\Communications Utility\cxcore210.dll
2021-04-30 12:01 - 2014-10-23 10:20 - 000276480 _____ (Lenovo) [File not signed] C:\Program Files\Lenovo\Lenovo Mobile Hotspot\MHHelperDLL.dll
==================== Alternate Data Streams (Whitelisted) ========
(If an entry is included in the fixlist, only the ADS will be removed.)
AlternateDataStreams: C:\ProgramData\TEMP:5C321E34 [136]
==================== Safe Mode (Whitelisted) ==================
==================== Association (Whitelisted) =================
==================== Internet Explorer (Whitelisted) ==========
BHO: Norton Password Manager -> {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} -> C:\Program Files\Norton Security\Engine\22.21.6.53\coIEPlg.dll [2021-07-29] (NortonLifeLock Inc. -> NortonLifeLock Inc.)
BHO-x32: Norton Password Manager -> {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} -> C:\Program Files\Norton Security\Engine32\22.21.6.53\coIEPlg.dll [2021-07-29] (NortonLifeLock Inc. -> NortonLifeLock Inc.)
Toolbar: HKLM - Norton Toolbar - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files\Norton Security\Engine\22.21.6.53\coIEPlg.dll [2021-07-29] (NortonLifeLock Inc. -> NortonLifeLock Inc.)
Toolbar: HKLM-x32 - Norton Toolbar - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files\Norton Security\Engine32\22.21.6.53\coIEPlg.dll [2021-07-29] (NortonLifeLock Inc. -> NortonLifeLock Inc.)
(If an entry is included in the fixlist, it will be removed from the registry.)
IE restricted site: HKU\S-1-5-21-725688832-2798266748-3951577904-1002\...\008i.com -> 008i.com
IE restricted site: HKU\S-1-5-21-725688832-2798266748-3951577904-1002\...\008k.com -> 008k.com
IE restricted site: HKU\S-1-5-21-725688832-2798266748-3951577904-1002\...\00hq.com -> 00hq.com
IE restricted site: HKU\S-1-5-21-725688832-2798266748-3951577904-1002\...\0190-dialers.com -> 0190-dialers.com
IE restricted site: HKU\S-1-5-21-725688832-2798266748-3951577904-1002\...\01i.info -> 01i.info
IE restricted site: HKU\S-1-5-21-725688832-2798266748-3951577904-1002\...\02pmnzy5eo29bfk4.com -> 02pmnzy5eo29bfk4.com
IE restricted site: HKU\S-1-5-21-725688832-2798266748-3951577904-1002\...\0411dd.com -> 0411dd.com
IE restricted site: HKU\S-1-5-21-725688832-2798266748-3951577904-1002\...\0511zfhl.com -> 0511zfhl.com
IE restricted site: HKU\S-1-5-21-725688832-2798266748-3951577904-1002\...\05p.com -> 05p.com
IE restricted site: HKU\S-1-5-21-725688832-2798266748-3951577904-1002\...\0632qyw.com -> 0632qyw.com
IE restricted site: HKU\S-1-5-21-725688832-2798266748-3951577904-1002\...\07ic5do2myz3vzpk.com -> 07ic5do2myz3vzpk.com
IE restricted site: HKU\S-1-5-21-725688832-2798266748-3951577904-1002\...\08nigbmwk43i01y6.com -> 08nigbmwk43i01y6.com
IE restricted site: HKU\S-1-5-21-725688832-2798266748-3951577904-1002\...\093qpeuqpmz6ebfa.com -> 093qpeuqpmz6ebfa.com
IE restricted site: HKU\S-1-5-21-725688832-2798266748-3951577904-1002\...\0calories.net -> 0calories.net
IE restricted site: HKU\S-1-5-21-725688832-2798266748-3951577904-1002\...\0cj.net -> 0cj.net
IE restricted site: HKU\S-1-5-21-725688832-2798266748-3951577904-1002\...\0scan.com -> 0scan.com
IE restricted site: HKU\S-1-5-21-725688832-2798266748-3951577904-1002\...\1-britney-spears-nude.com -> 1-britney-spears-nude.com
IE restricted site: HKU\S-1-5-21-725688832-2798266748-3951577904-1002\...\1-domains-registrations.com -> 1-domains-registrations.com
IE restricted site: HKU\S-1-5-21-725688832-2798266748-3951577904-1002\...\1-se.com -> 1-se.com
IE restricted site: HKU\S-1-5-21-725688832-2798266748-3951577904-1002\...\1001movie.com -> 1001movie.com
There are 6091 more sites.
==================== Hosts content: =========================
(If needed Hosts: directive could be included in the fixlist to reset Hosts.)
2019-12-07 10:14 - 2019-12-07 10:12 - 000000824 ____N C:\Windows\system32\drivers\etc\hosts
2021-02-21 17:19 - 2021-02-21 17:24 - 000000436 _____ C:\Windows\system32\drivers\etc\hosts.ics
==================== Other Areas ===========================
(Currently there is no automatic fix for this section.)
HKU\S-1-5-21-725688832-2798266748-3951577904-1002\Control Panel\Desktop\\Wallpaper -> C:\Users\User\Desktop\G Alexander\Pictures\Wallpapers\grand-canyon-wallpaper.jpeg
DNS Servers: 192.168.1.1
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1)
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer => (SmartScreenEnabled: )
Windows Firewall is enabled.
==================== MSCONFIG/TASK MANAGER disabled items ==
(If an entry is included in the fixlist, it will be removed.)
MSCONFIG\Services: TeamViewer => 2
==================== FirewallRules (Whitelisted) ================
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
FirewallRules: [TCP Query User{40AAD3D7-52EA-4530-9003-E66B1236D6DA}C:\users\public\desktop\sdio_update\sdio_x64_r715.exe] => (Block) C:\users\public\desktop\sdio_update\sdio_x64_r715.exe => No File
FirewallRules: [UDP Query User{583779DC-EC42-45CC-957B-C960DC6DBFB9}C:\users\public\desktop\sdio_update\sdio_x64_r715.exe] => (Block) C:\users\public\desktop\sdio_update\sdio_x64_r715.exe => No File
FirewallRules: [{480AF5AA-9E64-4970-B285-0EBFE740668C}] => (Allow) C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation -> Mozilla Corporation)
FirewallRules: [{9E94DBE2-F11B-4B8A-A1C6-208A909E5441}] => (Allow) C:\Users\User\AppData\Roaming\Zoom\bin\Zoom.exe (Zoom Video Communications, Inc. -> Zoom Video Communications, Inc.)
FirewallRules: [{B2D7A747-9439-4460-BAA1-D025312332EE}] => (Allow) C:\Users\User\AppData\Roaming\Zoom\bin\airhost.exe => No File
FirewallRules: [{BF6E3546-FE15-4763-8C49-7FC7ACD815D2}] => (Allow) C:\Users\User\AppData\Roaming\Zoom\bin\airhost.exe => No File
FirewallRules: [{C9D8D439-F519-4BA3-A16F-20E2FB723A75}] => (Allow) C:\Program Files\WindowsApps\AppleInc.iTunes_12114.15.53119.0_x64__nzyj5cx40ttqa\iTunes.exe (Apple Inc. -> Apple Inc.)
FirewallRules: [{A1A30333-9C22-4936-A773-6C608DCB7B08}] => (Allow) C:\Program Files\WindowsApps\AppleInc.iTunes_12114.15.53119.0_x64__nzyj5cx40ttqa\iTunes.exe (Apple Inc. -> Apple Inc.)
FirewallRules: [{26679C38-AF2E-4E8D-825F-682D52DFCCFA}] => (Allow) C:\Program Files\WindowsApps\AppleInc.iTunes_12114.15.53119.0_x64__nzyj5cx40ttqa\iTunes.exe (Apple Inc. -> Apple Inc.)
FirewallRules: [{1A4F990E-B925-44BA-A75A-62DE0656B88B}] => (Allow) C:\Program Files\WindowsApps\AppleInc.iTunes_12114.15.53119.0_x64__nzyj5cx40ttqa\iTunes.exe (Apple Inc. -> Apple Inc.)
FirewallRules: [{71915E36-DA13-4E3F-9145-F82A675C5514}] => (Allow) C:\Program Files\WindowsApps\AppleInc.iTunes_12114.15.53119.0_x64__nzyj5cx40ttqa\AMDS64\AppleMobileDeviceProcess.exe (Apple Inc. -> Apple Inc.)
FirewallRules: [{59EEE163-C714-4484-920F-E3EE988DC269}] => (Allow) C:\Program Files\WindowsApps\AppleInc.iTunes_12114.15.53119.0_x64__nzyj5cx40ttqa\AMDS64\AppleMobileDeviceProcess.exe (Apple Inc. -> Apple Inc.)
FirewallRules: [{8DF63D8A-CCB0-4A69-8F24-CD05729623B4}] => (Allow) C:\Program Files\WindowsApps\AppleInc.iTunes_12114.15.53119.0_x64__nzyj5cx40ttqa\AMDS64\AppleMobileDeviceProcess.exe (Apple Inc. -> Apple Inc.)
FirewallRules: [{142802EE-21F3-4592-BD00-A5CEC25DC25B}] => (Allow) C:\Program Files\WindowsApps\AppleInc.iTunes_12114.15.53119.0_x64__nzyj5cx40ttqa\AMDS64\AppleMobileDeviceProcess.exe (Apple Inc. -> Apple Inc.)
FirewallRules: [{9C6B7C5D-2C8A-438F-8FD8-1C9716EAAE10}] => (Allow) C:\Program Files\WindowsApps\Microsoft.SkypeApp_15.75.140.0_x86__kzf8qxf38zg5c\Skype\Skype.exe (Skype Software Sarl -> Skype Technologies S.A.)
FirewallRules: [{DEBC74A2-8698-425E-A0DE-EC9F603BEEB0}] => (Allow) C:\Program Files\WindowsApps\Microsoft.SkypeApp_15.75.140.0_x86__kzf8qxf38zg5c\Skype\Skype.exe (Skype Software Sarl -> Skype Technologies S.A.)
FirewallRules: [{CFAB2553-974C-499E-A356-2E776D88098A}] => (Allow) C:\Program Files\WindowsApps\Microsoft.SkypeApp_15.75.140.0_x86__kzf8qxf38zg5c\Skype\Skype.exe (Skype Software Sarl -> Skype Technologies S.A.)
FirewallRules: [{C06B28FF-BA50-4035-92AC-9833A06254A6}] => (Allow) C:\Program Files\WindowsApps\Microsoft.SkypeApp_15.75.140.0_x86__kzf8qxf38zg5c\Skype\Skype.exe (Skype Software Sarl -> Skype Technologies S.A.)
FirewallRules: [{128FED1C-6334-4DB8-B81A-59F3429414BA}] => (Allow) C:\Program Files (x86)\TeamViewer\TeamViewer.exe (TeamViewer Germany GmbH -> TeamViewer Germany GmbH)
FirewallRules: [{4164B645-495C-41BD-8241-88CFFE900BCA}] => (Allow) C:\Program Files (x86)\TeamViewer\TeamViewer.exe (TeamViewer Germany GmbH -> TeamViewer Germany GmbH)
FirewallRules: [{E5CCF454-6AB3-432A-9C61-DC29F0D7CC81}] => (Allow) C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe (TeamViewer Germany GmbH -> TeamViewer Germany GmbH)
FirewallRules: [{08F396D9-438E-447A-8597-8A7BC7613261}] => (Allow) C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe (TeamViewer Germany GmbH -> TeamViewer Germany GmbH)
FirewallRules: [{E04B7202-E1E9-4E31-BC6C-7297DADAAF14}] => (Allow) C:\Program Files (x86)\Lenovo\System Update\uncserver.exe (Lenovo -> )
FirewallRules: [{DF6D5B10-9BB1-4B35-BF59-03DD58FC1502}] => (Allow) C:\Program Files (x86)\Lenovo\System Update\uncserver.exe (Lenovo -> )
FirewallRules: [{76A894DE-E8AD-4275-A326-D458551EA3F4}] => (Allow) C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.167.586.0_x86__zpdnekdrzrea0\Spotify.exe (Spotify AB -> Spotify Ltd)
FirewallRules: [{FDEEC526-60A7-4FBE-B7CF-5C507DB8A385}] => (Allow) C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.167.586.0_x86__zpdnekdrzrea0\Spotify.exe (Spotify AB -> Spotify Ltd)
FirewallRules: [{F4D6C89E-9B84-4FF0-B11D-C8603CD6E086}] => (Allow) C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.167.586.0_x86__zpdnekdrzrea0\Spotify.exe (Spotify AB -> Spotify Ltd)
FirewallRules: [{458D0AD2-F42A-4E03-BC6B-2C4274DEDF97}] => (Allow) C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.167.586.0_x86__zpdnekdrzrea0\Spotify.exe (Spotify AB -> Spotify Ltd)
FirewallRules: [{687FFFEC-6E61-4A3C-93F3-FE0BD9A8749C}] => (Allow) C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.167.586.0_x86__zpdnekdrzrea0\Spotify.exe (Spotify AB -> Spotify Ltd)
FirewallRules: [{C2513710-DC58-442F-858F-E83F60278E41}] => (Allow) C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.167.586.0_x86__zpdnekdrzrea0\Spotify.exe (Spotify AB -> Spotify Ltd)
FirewallRules: [{D2CB5E95-32A2-4443-9AE7-DD092C79664E}] => (Allow) C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.167.586.0_x86__zpdnekdrzrea0\Spotify.exe (Spotify AB -> Spotify Ltd)
FirewallRules: [{EA25635A-F2B8-48E4-9957-EEE2FE54F90F}] => (Allow) C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.167.586.0_x86__zpdnekdrzrea0\Spotify.exe (Spotify AB -> Spotify Ltd)
FirewallRules: [{212C1D7A-7C48-4CDC-BBE3-CAF586CC4F2D}] => (Allow) C:\Program Files\BraveSoftware\Brave-Browser\Application\brave.exe (Brave Software, Inc. -> Brave Software, Inc.)
==================== Restore Points =========================
29-08-2021 18:23:41 Scheduled Checkpoint
03-09-2021 14:12:54 Driver Booster : NVIDIA High Definition Audio
13-09-2021 12:25:57 Scheduled Checkpoint
==================== Faulty Device Manager Devices ============
==================== Event log errors: ========================
Application errors:
==================
Error: (09/11/2021 09:10:37 PM) (Source: Firefox Default Browser Agent) (EventID: 12007) (User: )
Description: Event-ID 12007
Error: (09/11/2021 09:10:37 PM) (Source: Firefox Default Browser Agent) (EventID: 0) (User: )
Description: Event-ID 0
Error: (09/11/2021 08:19:55 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: svchost.exe_BITS, version: 10.0.19041.546, time stamp: 0x058e175a
Faulting module name: qmgr.dll, version: 7.8.19041.746, time stamp: 0x73a7ab6f
Exception code: 0xc0000005
Fault offset: 0x00000000000add14
Faulting process ID: 0x2d74
Faulting application start time: 0x01d7a7281291b86a
Faulting application path: C:\Windows\System32\svchost.exe
Faulting module path: c:\windows\system32\qmgr.dll
Report ID: e40a3478-4408-4c99-b861-30fb935e243c
Faulting package full name:
Faulting package-relative application ID:
Error: (09/09/2021 04:05:37 PM) (Source: ESENT) (EventID: 455) (User: )
Description: taskhostw (12872,R,98) WebCacheLocal: Error -1032 (0xfffffbf8) occurred while opening logfile C:\Users\User\AppData\Local\Microsoft\Windows\WebCache\V01.log.
Error: (09/09/2021 04:05:36 PM) (Source: ESENT) (EventID: 490) (User: )
Description: taskhostw (12872,R,98) WebCacheLocal: An attempt to open the file "C:\Users\User\AppData\Local\Microsoft\Windows\WebCache\V01.log" for read / write access failed with system error 32 (0x00000020): "The process cannot access the file because it is being used by another process. ". The open file operation will fail with error -1032 (0xfffffbf8).
Error: (09/08/2021 03:57:54 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: CCleaner64.exe, version: 5.84.0.9143, time stamp: 0x6128cf9a
Faulting module name: CCleaner64.exe, version: 5.84.0.9143, time stamp: 0x6128cf9a
Exception code: 0xc0000409
Fault offset: 0x0000000000c4bd55
Faulting process ID: 0x50c
Faulting application start time: 0x01d7a4c1e3aa03ac
Faulting application path: C:\Program Files\CCleaner\CCleaner64.exe
Faulting module path: C:\Program Files\CCleaner\CCleaner64.exe
Report ID: 7755712e-bffb-4536-88eb-a23a4930e50c
Faulting package full name:
Faulting package-relative application ID:
Error: (09/08/2021 03:55:51 PM) (Source: ESENT) (EventID: 455) (User: )
Description: taskhostw (13308,R,98) WebCacheLocal: Error -1032 (0xfffffbf8) occurred while opening logfile C:\Users\User\AppData\Local\Microsoft\Windows\WebCache\V01.log.
Error: (09/08/2021 03:55:51 PM) (Source: ESENT) (EventID: 490) (User: )
Description: taskhostw (13308,R,98) WebCacheLocal: An attempt to open the file "C:\Users\User\AppData\Local\Microsoft\Windows\WebCache\V01.log" for read / write access failed with system error 32 (0x00000020): "The process cannot access the file because it is being used by another process. ". The open file operation will fail with error -1032 (0xfffffbf8).
System errors:
=============
Error: (09/15/2021 12:30:02 PM) (Source: Microsoft-Windows-Kernel-Power) (EventID: 137) (User: )
Description: 4
Error: (09/15/2021 08:30:28 AM) (Source: Microsoft-Windows-Kernel-Power) (EventID: 137) (User: )
Description: 4
Error: (09/14/2021 05:27:32 PM) (Source: Microsoft-Windows-Kernel-Power) (EventID: 137) (User: )
Description: 4
Error: (09/14/2021 04:12:10 PM) (Source: Microsoft-Windows-Kernel-Power) (EventID: 137) (User: )
Description: 4
Error: (09/14/2021 02:50:18 PM) (Source: Microsoft-Windows-Kernel-Power) (EventID: 137) (User: )
Description: 4
Error: (09/14/2021 02:37:18 PM) (Source: DCOM) (EventID: 10010) (User: USER-PC)
Description: The server microsoft.windowscommunicationsapps_16005.14326.20206.0_x64__8wekyb3d8bbwe!microsoft.windowslive.calendar.AppXwkn9j84yh1kvnt49k5r8h6y1ecsv09hs.mca did not register with DCOM within the required timeout.
Error: (09/14/2021 12:13:08 PM) (Source: Microsoft-Windows-Kernel-Power) (EventID: 137) (User: )
Description: 4
Error: (09/14/2021 08:55:08 AM) (Source: Microsoft-Windows-Kernel-Power) (EventID: 137) (User: )
Description: 4
Windows Defender:
================
Date: 2021-02-10 12:44:32
Description:
Microsoft Defender Antivirus scan has been stopped before completion.
Scan Type: Antimalware
Scan Parameters: Quick Scan
Date: 2021-02-08 15:04:36
Description:
Microsoft Defender Antivirus scan has been stopped before completion.
Scan Type: Antimalware
Scan Parameters: Quick Scan
Date: 2021-02-08 15:28:49
Description:
Microsoft Defender Antivirus scan has been stopped before completion.
Scan Type: Antimalware
Scan Parameters: Quick Scan
Date: 2020-07-11 16:45:16
Description:
Microsoft Defender Antivirus scan has been stopped before completion.
Scan Type: Antimalware
Scan Parameters: Quick Scan
Date: 2021-02-10 12:25:35
Description:
Microsoft Defender Antivirus has encountered an error trying to update security intelligence.
New security intelligence Version:
Previous security intelligence Version: 1.331.504.0
Update Source: Microsoft Malware Protection Center
Security intelligence Type: AntiVirus
Update Type: Full
Current Engine Version:
Previous Engine Version: 1.1.17800.5
Error code: 0x80072ee7
Error description: The server name or address could not be resolved
Date: 2021-02-10 12:25:35
Description:
Microsoft Defender Antivirus has encountered an error trying to update security intelligence.
New security intelligence Version:
Previous security intelligence Version: 1.331.504.0
Update Source: Microsoft Malware Protection Center
Security intelligence Type: AntiSpyware
Update Type: Full
Current Engine Version:
Previous Engine Version: 1.1.17800.5
Error code: 0x80072ee7
Error description: The server name or address could not be resolved
Date: 2021-02-10 12:25:35
Description:
Microsoft Defender Antivirus has encountered an error trying to update security intelligence.
New security intelligence Version:
Previous security intelligence Version: 1.331.504.0
Update Source: Microsoft Malware Protection Center
Security intelligence Type: AntiVirus
Update Type: Full
Current Engine Version:
Previous Engine Version: 1.1.17800.5
Error code: 0x80072ee7
Error description: The server name or address could not be resolved
Date: 2021-02-10 12:25:35
Description:
Microsoft Defender Antivirus has encountered an error trying to update security intelligence.
New security intelligence Version:
Previous security intelligence Version: 1.331.504.0
Update Source: Microsoft Malware Protection Center
Security intelligence Type: AntiVirus
Update Type: Full
Current Engine Version:
Previous Engine Version: 1.1.17800.5
Error code: 0x80072ee7
Error description: The server name or address could not be resolved
Date: 2021-02-10 12:25:35
Description:
Microsoft Defender Antivirus has encountered an error trying to update security intelligence.
New security intelligence Version:
Previous security intelligence Version: 1.331.504.0
Update Source: Microsoft Malware Protection Center
Security intelligence Type: AntiSpyware
Update Type: Full
Current Engine Version:
Previous Engine Version: 1.1.17800.5
Error code: 0x80072ee7
Error description: The server name or address could not be resolved
CodeIntegrity:
===============
Date: 2021-09-15 08:18:26
Description:
Code Integrity determined that a process (\Device\HarddiskVolume2\Windows\System32\SIHClient.exe) attempted to load \Device\HarddiskVolume2\Program Files\Norton Security\Engine\22.21.6.53\symamsi.dll that did not meet the Windows signing level requirements.
Date: 2021-09-14 11:30:10
Description:
Code Integrity determined that a process (\Device\HarddiskVolume2\Windows\System32\svchost.exe) attempted to load \Device\HarddiskVolume2\Program Files\Norton Security\Engine\22.21.6.53\symamsi.dll that did not meet the Windows signing level requirements.
==================== Memory info ===========================
BIOS: LENOVO 6IET68WW (1.28 ) 07/12/2010
Motherboard: LENOVO 2537VNK
Processor: Intel(R) Core(TM) i5 CPU M 540 @ 2.53GHz
Percentage of memory in use: 74%
Total physical RAM: 3955.67 MB
Available physical RAM: 1004.36 MB
Total Virtual: 5939.67 MB
Available Virtual: 1854.13 MB
==================== Drives ================================
Drive c: () (Fixed) (Total:297.54 GB) (Free:212.63 GB) NTFS
\\?\Volume{de77ec38-0000-0000-0000-100000000000}\ (System Reserved) (Fixed) (Total:0.05 GB) (Free:0.02 GB) NTFS
\\?\Volume{de77ec38-0000-0000-0016-a3654a000000}\ () (Fixed) (Total:0.5 GB) (Free:0.08 GB) NTFS
==================== MBR & Partition Table ====================
==========================================================
Disk: 0 (MBR Code: Windows 7/8/10) (Size: 298.1 GB) (Disk ID: DE77EC38)
Partition 1: (Active) - (Size=50 MB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=297.5 GB) - (Type=07 NTFS)
Partition 3: (Not Active) - (Size=515 MB) - (Type=27)
==================== End of Addition.txt =======================
Here are the results of the FRST scan, two files:
Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 15-09-2021
Ran by User (administrator) on USER-PC (LENOVO 2537VNK) (15-09-2021 14:49:08)
Running from C:\Users\User\Downloads
Loaded Profiles: User
Platform: Windows 10 Pro Version 20H2 19042.1165 (X64) Language: English (United Kingdom)
Default browser: Brave
Boot Mode: Normal
==================== Processes (Whitelisted) =================
(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
(Adobe Inc. -> Adobe Inc.) C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
(Apple Inc.) C:\Program Files\WindowsApps\AppleInc.iTunes_12114.15.53119.0_x64__nzyj5cx40ttqa\AMDS64\AppleMobileDeviceProcess.exe
(Brave Software, Inc. -> Brave Software, Inc.) C:\Program Files\BraveSoftware\Brave-Browser\Application\brave.exe <11>
(Glarysoft LTD -> Glarysoft Ltd) C:\Program Files (x86)\Glary Utilities 5\GUBootService.exe
(Glarysoft LTD -> Glarysoft Ltd) C:\Program Files (x86)\Glary Utilities 5\Integrator.exe
(Intel Corporation - pGFX -> Intel Corporation) C:\Windows\System32\igfxext.exe
(LENOVO -> Lenovo Corporation) C:\Program Files\Lenovo\Communications Utility\AVControlCenter32.exe
(LENOVO -> Lenovo Corporation) C:\Program Files\Lenovo\Communications Utility\avfaudiosw.exe
(LENOVO -> Lenovo Corporation) C:\Program Files\Lenovo\Communications Utility\cammute.exe
(LENOVO -> Lenovo Corporation) C:\Program Files\Lenovo\Communications Utility\tpknrres.exe
(LENOVO -> Lenovo Corporation) C:\Program Files\Lenovo\Communications Utility\vcamsvc.exe
(LENOVO -> Lenovo Corporation) C:\Program Files\Lenovo\Communications Utility\vcamsvchlpr.exe
(LENOVO -> Lenovo Group Limited) C:\Program Files\Lenovo\Communications Utility\tpknrsvc.exe
(LENOVO -> Lenovo Group Limited) C:\Program Files\Lenovo\HOTKEY\tphkload.exe
(LENOVO -> Lenovo Group Limited) C:\Program Files\Lenovo\SettingsDependency\SettingsService.exe
(LENOVO -> Lenovo) C:\Program Files (x86)\ThinkPad\Utilities\PWMDBSVC.exe
(LENOVO -> Lenovo) C:\Program Files\Lenovo\Lenovo Mobile Hotspot\MobileHotspotclient.exe
(Lenovo -> Lenovo.) C:\Windows\System32\ibmpmsvc.exe
(Lenovo(Japan)Ltd. -> Lenovo Group Limited) C:\Program Files\Lenovo\HOTKEY\extapsup.exe
(Lenovo(Japan)Ltd. -> Lenovo Group Limited) C:\Program Files\Lenovo\HOTKEY\shtctky.exe
(Microsoft Corporation -> Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v3.0\WPF\PresentationFontCache.exe
(Microsoft Corporation) C:\Program Files\WindowsApps\Microsoft.549981C3F5F10_3.2108.25001.0_x64__8wekyb3d8bbwe\Cortana.exe
(Microsoft Windows -> Microsoft Corporation) C:\Windows\ImmersiveControlPanel\SystemSettings.exe
(Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\oobe\UserOOBEBroker.exe
(Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\rundll32.exe
(Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\smartscreen.exe
(NortonLifeLock Inc. -> NortonLifeLock Inc.) C:\Program Files\Norton Security\Engine\22.21.6.53\nsWscSvc.exe
(NortonLifeLock Inc. -> Symantec Corporation) C:\Program Files\Norton Security\Engine\22.21.6.53\NortonSecurity.exe <2>
(NortonLifeLock Inc. -> Symantec Corporation) C:\Program Files\Norton Utilities\x64\LBGovernor.exe
(NVIDIA Corporation -> NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
(NVIDIA Corporation -> NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe <2>
(Piriform Software Ltd -> Piriform Software Ltd) C:\Program Files\CCleaner\CCleaner64.exe
(SUPERAntiSpyware.com -> SUPERAntiSpyware.com) C:\Program Files\SUPERAntiSpyware\SASCore64.exe
(Support.com Inc -> SUPERAntiSpyware) C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
(Synaptics Incorporated -> Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
(Synaptics Incorporated -> Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnhService.exe
(Synaptics Incorporated -> Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
(Synaptics Incorporated -> Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
(Synaptics Incorporated -> Synaptics) C:\Program Files\Synaptics\SynTP\SynLenovoHelper.exe
(TeamViewer Germany GmbH -> TeamViewer Germany GmbH) C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe
==================== Registry (Whitelisted) ===================
(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
HKLM\...\Run: [LenovoOptMouseUpdate] => C:\Program Files\Lenovo\HOTKEY\extapsup.exe [250976 2013-05-22] (Lenovo(Japan)Ltd. -> Lenovo Group Limited)
HKLM\...\Run: [LnvMobHotspotClient] => C:\Program Files\Lenovo\Lenovo Mobile Hotspot\MobileHotspotclient.exe [939976 2015-02-20] (LENOVO -> Lenovo)
HKLM\...\Run: [LMCSSTART1] => C:\Program Files\Lenovo\Communications Utility\lmcsctrl.exe [35856 2016-04-12] (LENOVO -> Lenovo Corporation)
HKLM\...\Run: [LMCSSTART2] => C:\Program Files\Lenovo\Communications Utility\lmcsctrl.exe [35856 2016-04-12] (LENOVO -> Lenovo Corporation)
HKLM\...\Run: [LMCSSTART3] => C:\Program Files\Lenovo\Communications Utility\lmcsctrl.exe [35856 2016-04-12] (LENOVO -> Lenovo Corporation)
HKU\S-1-5-21-725688832-2798266748-3951577904-1002\...\Run: [GUDelayStartup] => C:\Program Files (x86)\Glary Utilities 5\StartupManager.exe [44416 2021-09-06] (Glarysoft LTD -> Glarysoft Ltd)
HKU\S-1-5-21-725688832-2798266748-3951577904-1002\...\Run: [CCleaner Smart Cleaning] => C:\Program Files\CCleaner\CCleaner64.exe [35093120 2021-09-10] (Piriform Software Ltd -> Piriform Software Ltd)
HKU\S-1-5-21-725688832-2798266748-3951577904-1002\...\Run: [SUPERAntiSpyware] => C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe [11224432 2021-08-19] (Support.com Inc -> SUPERAntiSpyware)
HKU\S-1-5-21-725688832-2798266748-3951577904-1002\Control Panel\Desktop\\SCRNSAVE.EXE ->
HKLM\...\Windows x64\Print Processors\Canon MG3600 series Print Processor: C:\Windows\System32\spool\prtprocs\x64\CNMPDCT.DLL [30208 2015-03-12] (Microsoft Windows Hardware Compatibility Publisher -> CANON INC.)
HKLM\...\Windows x64\Print Processors\Epson Inkjet: C:\Windows\System32\spool\prtprocs\x64\EP0NPP01.DLL [38912 2011-08-30] (Microsoft Windows Hardware Compatibility Publisher -> SEIKO EPSON CORPORATION)
HKLM\...\Print\Monitors\Canon BJ Language Monitor MG3600 series: C:\Windows\system32\CNMLMCT.DLL [406528 2015-03-12] (Microsoft Windows Hardware Compatibility Publisher -> CANON INC.)
HKLM\...\Print\Monitors\Epson Inbox Language Monitor01: C:\Windows\system32\EP0SLM01.DLL [77824 2011-08-30] (Microsoft Windows Hardware Compatibility Publisher -> SEIKO EPSON CORPORATION)
HKLM\Software\Microsoft\Active Setup\Installed Components: [{AFE6A462-C574-4B8A-AF43-4CC60DF4563B}] -> C:\Program Files\BraveSoftware\Brave-Browser\Application\93.1.29.81\Installer\chrmstp.exe [2021-09-15] (Brave Software, Inc. -> Brave Software, Inc.)
BootExecute: autocheck autochk *
GroupPolicy: Restriction - Edge <==== ATTENTION
Policies: C:\ProgramData\NTUSER.pol: Restriction <==== ATTENTION
HKLM\SOFTWARE\Policies\Microsoft\Edge: Restriction <==== ATTENTION
==================== Scheduled Tasks (Whitelisted) ============
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
Task: {02185DAB-EC7D-4771-93CA-7A13C373EB21} - System32\Tasks\CCleanerSkipUAC => C:\Program Files\CCleaner\CCleaner.exe [29155968 2021-09-10] (Piriform Software Ltd -> Piriform Software Ltd)
Task: {0716C9EF-E171-4474-B53C-D6D348C32DC9} - System32\Tasks\BraveSoftwareUpdateTaskMachineCore => C:\Program Files (x86)\BraveSoftware\Update\BraveUpdate.exe [162384 2021-02-14] (Brave Software, Inc. -> BraveSoftware Inc.)
Task: {0CD05A3D-FEB9-4778-A869-65C65B05EE05} - System32\Tasks\CCleanerSkipUAC - User => C:\Program Files\CCleaner\CCleaner.exe [29155968 2021-09-10] (Piriform Software Ltd -> Piriform Software Ltd)
Task: {16F4058F-4395-4B04-AE73-3229C9242DC2} - System32\Tasks\TVT\TVSUUpdateTask_UserLogOn => C:\Program Files (x86)\Lenovo\System Update\tvsuShim.exe [1758792 2021-07-13] (Lenovo -> )
Task: {1C9F1EBF-9EA4-4232-B4DD-1DCF28C651FE} - \OneDrive Standalone Update Task-S-1-5-21-725688832-2798266748-3951577904-1001 -> No File <==== ATTENTION
Task: {2370EFF6-2FBE-4919-80AC-75645A8C5967} - System32\Tasks\Norton Utility\ActiveSync-NortonUtility => C:\Program Files\Norton Utilities\ActiveBridge.exe
Task: {27E04B9F-5503-4DB1-9C81-32D86E5A4092} - System32\Tasks\Norton Utility\AutomaticCare => C:\Program Files\Norton Utilities\NUP.exe [3629552 2021-09-08] (NortonLifeLock Inc. -> NortonLifeLock Inc)
Task: {2D052895-64CF-487E-BD27-C3DDC8B69F12} - System32\Tasks\Norton WSC Integration => C:\Program Files\Norton Security\Engine\22.21.6.53\WSCStub.exe [646520 2021-07-29] (NortonLifeLock Inc. -> NortonLifeLock Inc.)
Task: {41515A28-02F0-47B1-9BEC-B94BAFBDDB8C} - System32\Tasks\Adobe Acrobat Update Task => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [1562376 2021-08-16] (Adobe Inc. -> Adobe Inc.)
Task: {4D3CF423-6225-42EE-B386-25068F9110B1} - System32\Tasks\BraveSoftwareUpdateTaskMachineUA => C:\Program Files (x86)\BraveSoftware\Update\BraveUpdate.exe [162384 2021-02-14] (Brave Software, Inc. -> BraveSoftware Inc.)
Task: {520C7AD1-0C18-4446-A67A-5E75A3179DF5} - System32\Tasks\Norton Utility\Live Boost Process Governor => C:\Program Files\Norton Utilities\x64\LBGovernor.exe [1050096 2021-09-08] (NortonLifeLock Inc. -> Symantec Corporation)
Task: {65AF6671-5786-4851-8D2D-E86F69324D14} - System32\Tasks\CCleaner Update => C:\Program Files\CCleaner\CCUpdate.exe [684976 2021-09-10] (Piriform Software Ltd -> Piriform)
Task: {7B4DEE0E-1C69-4A51-8B1A-1948EBB721BC} - System32\Tasks\Norton 360\Norton 360 Error Processor => C:\Program Files\Norton Security\Engine\22.21.6.53\SymErr.exe [108752 2021-07-29] (NortonLifeLock Inc. -> NortonLifeLock Inc)
Task: {7D6EE954-BED8-4BEB-B629-8AFB44C8F55F} - System32\Tasks\Norton 360\Norton 360 Autofix => C:\Program Files\Norton Security\Engine\22.21.6.53\SymErr.exe [108752 2021-07-29] (NortonLifeLock Inc. -> NortonLifeLock Inc)
Task: {82A3918F-FA6F-49BF-B353-4F6098330641} - System32\Tasks\TotalAV_OEM_Welcome => C:\Program Files (x86)\TotalAV Welcome OEM\ss-oem.exe [251648 2020-06-16] (Protected Antivirus Limited -> Protected.net Group Limited)
Task: {844F8734-D10D-40EB-A4F7-620E97458A53} - System32\Tasks\Norton 360\Norton 360 Error Analyzer => C:\Program Files\Norton Security\Engine\22.21.6.53\SymErr.exe [108752 2021-07-29] (NortonLifeLock Inc. -> NortonLifeLock Inc)
Task: {8CA415D4-47C5-45D2-A1B4-4D6B6C5FA39C} - System32\Tasks\Lenovo\Lenovo Customer Feedback Program 64 => C:\Program Files (x86)\Lenovo\Customer Feedback Program\Lenovo.TVT.CustomerFeedback.Agent.exe [17184 2014-09-02] (LENOVO -> Lenovo)
Task: {91734FF1-01CE-4B36-B8F7-90142A4470AB} - System32\Tasks\GU5SkipUAC => C:\Program Files (x86)\Glary Utilities 5\Integrator.exe [919936 2021-09-06] (Glarysoft LTD -> Glarysoft Ltd)
Task: {AB7E6D04-585A-4A9B-9AC2-B75006906469} - System32\Tasks\Lenovo\Lenovo Service Bridge\S-1-5-21-725688832-2798266748-3951577904-1002 => C:\Users\User\AppData\Local\Programs\Lenovo\Lenovo Service Bridge\LSBUpdater.exe [87896 2021-08-18] (Lenovo (Beijing) Limited -> Lenovo Group Limited)
Task: {ADEF22C0-AAD9-473E-8345-EEB75344B7BB} - System32\Tasks\Remediation\AntimalwareMigrationTask => C:\Program Files\Common Files\AV\Norton 360\Upgrade.exe [2352488 2021-07-29] (NortonLifeLock Inc. -> NortonLifeLock Inc.)
Task: {AFC1317F-7DAE-4DE5-82E9-161721C12EA6} - System32\Tasks\GlaryInitialize 5 => C:\Program Files (x86)\Glary Utilities 5\Initialize.exe [137088 2021-09-06] (Glarysoft LTD -> Glarysoft Ltd)
Task: {C603A8D8-B575-4689-B3D5-890F8968A78C} - System32\Tasks\Mozilla\Firefox Default Browser Agent 308046B0AF4A39CB => C:\Program Files\Mozilla Firefox\default-browser-agent.exe [673720 2021-08-29] (Mozilla Corporation -> Mozilla Foundation)
Task: {DF943F08-4352-4847-BF8C-E654756E88A2} - System32\Tasks\OneDrive Standalone Update Task-S-1-5-21-725688832-2798266748-3951577904-500 => C:\Users\User\AppData\Local\Microsoft\OneDrive\OneDriveStandaloneUpdater.exe
Task: {E18BF8D0-BC92-4CF1-8DBF-3CB86F636B6E} - System32\Tasks\TUDsDownloader => C:\Program Files\Norton Utilities Premium\activesync.exe
Task: {EA4DC5AF-3B6F-4D7F-AAB3-6ED32FA8F5AA} - System32\Tasks\Lenovo\Lenovo Settings Power => "C:\Windows\system32\rundll32.exe" "C:\Program Files (x86)\ThinkPad\Utilities\PWMTR64V.dll",PwrMgrBkGndMonitor
Task: {F87D4065-E2DB-4BA1-88F4-A8B91044AC78} - System32\Tasks\TVT\TVSUUpdateTask => C:\Program Files (x86)\Lenovo\System Update\tvsuShim.exe [1758792 2021-07-13] (Lenovo -> )
(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)
==================== Internet (Whitelisted) ====================
(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
Tcpip\Parameters: [DhcpNameServer] 192.168.1.1 192.168.1.1
Tcpip\..\Interfaces\{1a19eb76-236b-4315-85f4-21db9557d96d}: [DhcpNameServer] 192.168.1.1 192.168.1.1
Tcpip\..\Interfaces\{25e9cf19-0abd-4796-b9e7-6b3f92aedb82}: [DhcpNameServer] 192.168.1.1 192.168.1.1
Edge:
=======
Edge Extension: (No Name) -> AutoFormFill_5ED10D46BD7E47DEB1F3685D2C0FCE08 => C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\Assets\HostExtensions\AutoFormFill [not found]
Edge Extension: (No Name) -> BookReader_B171F20233094AC88D05A8EF7B9763E8 => C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\Assets\BookViewer [not found]
Edge Extension: (No Name) -> LearningTools_7706F933-971C-41D1-9899-8A026EB5D824 => C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\Assets\HostExtensions\LearningTools [not found]
Edge Extension: (No Name) -> PinJSAPI_EC01B57063BE468FAB6DB7EBFC3BF368 => C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\Assets\HostExtensions\PinJSAPI [not found]
Edge DefaultProfile: Profile 1
Edge Profile: C:\Users\User\AppData\Local\Microsoft\Edge\User Data\Profile 1 [2021-09-15]
FireFox:
========
FF DefaultProfile: nyjea0pv.default
FF ProfilePath: C:\Users\User\AppData\Roaming\Mozilla\Firefox\Profiles\nyjea0pv.default [2021-06-17]
FF ProfilePath: C:\Users\User\AppData\Roaming\Mozilla\Firefox\Profiles\nxwrwyjm.default-release [2021-09-15]
FF Extension: (Disconnect) - C:\Users\User\AppData\Roaming\Mozilla\Firefox\Profiles\nxwrwyjm.default-release\Extensions\2.0@disconnect.me.xpi [2021-02-11]
FF Extension: (Hoxx VPN Proxy) - C:\Users\User\AppData\Roaming\Mozilla\Firefox\Profiles\nxwrwyjm.default-release\Extensions\@hoxx-vpn.xpi [2021-08-29]
FF Extension: (HTTPS Everywhere) - C:\Users\User\AppData\Roaming\Mozilla\Firefox\Profiles\nxwrwyjm.default-release\Extensions\https-everywhere@eff.org.xpi [2021-08-29]
FF Extension: (Privacy Badger) - C:\Users\User\AppData\Roaming\Mozilla\Firefox\Profiles\nxwrwyjm.default-release\Extensions\jid1-MnnxcxisBPnSXQ@jetpack.xpi [2021-08-29]
FF Extension: (NoScript) - C:\Users\User\AppData\Roaming\Mozilla\Firefox\Profiles\nxwrwyjm.default-release\Extensions\{73a6fe31-595d-460b-a920-fcc0f8843232}.xpi [2021-08-29]
FF Extension: (Adblock Plus - free ad blocker) - C:\Users\User\AppData\Roaming\Mozilla\Firefox\Profiles\nxwrwyjm.default-release\Extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi [2021-08-29]
FF Plugin: @videolan.org/vlc,version=3.0.11 -> C:\Program Files\VideoLAN\VLC\npvlc.dll [2021-06-08] (VideoLAN -> VideoLAN)
FF Plugin: @videolan.org/vlc,version=3.0.12 -> C:\Program Files\VideoLAN\VLC\npvlc.dll [2021-06-08] (VideoLAN -> VideoLAN)
FF Plugin: @videolan.org/vlc,version=3.0.14 -> C:\Program Files\VideoLAN\VLC\npvlc.dll [2021-06-08] (VideoLAN -> VideoLAN)
FF Plugin: @videolan.org/vlc,version=3.0.15 -> C:\Program Files\VideoLAN\VLC\npvlc.dll [2021-06-08] (VideoLAN -> VideoLAN)
FF Plugin: Adobe Acrobat -> C:\Program Files\Adobe\Acrobat DC\Acrobat\Air\nppdf32.dll [2021-09-09] (Adobe Inc. -> Adobe Systems Inc.)
Chrome:
=======
CHR Profile: C:\Users\User\AppData\Local\Google\Chrome\User Data\Default [2021-06-06]
CHR Extension: (Slides) - C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2021-02-10]
CHR Extension: (Docs) - C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2021-02-10]
CHR Extension: (Google Drive) - C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2021-02-10]
CHR Extension: (YouTube) - C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2021-02-10]
CHR Extension: (Sheets) - C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2021-02-10]
CHR Extension: (Google Docs Offline) - C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2021-02-10]
CHR Extension: (Chrome Web Store Payments) - C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2021-02-10]
CHR Extension: (Gmail) - C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2021-02-10]
CHR Extension: (Chrome Media Router) - C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm [2021-02-10]
Brave:
=======
BRA Profile: C:\Users\User\AppData\Local\BraveSoftware\Brave-Browser\User Data\Default [2021-09-15]
BRA Notifications: Default -> hxxps://www.rt.com
BRA DefaultSearchURL: Default -> hxxps://duckduckgo.com/?q={searchTerms}&t=brave
BRA DefaultSearchKeyword: Default -> :d
BRA DefaultSuggestURL: Default -> hxxps://ac.duckduckgo.com/ac/?q={searchTerms}&type=list
BRA Extension: (Brave Local Data Files Updater) - C:\Users\User\AppData\Local\BraveSoftware\Brave-Browser\User Data\afalakplffnnnlkncjhbmahjfjhmlkal [2021-08-11]
BRA Extension: (Brave Ad Block Updater (Default)) - C:\Users\User\AppData\Local\BraveSoftware\Brave-Browser\User Data\cffkpbalmllkdoenhmdmpbkajipdjfam [2021-09-15]
BRA Extension: (Brave SpeedReader Updater) - C:\Users\User\AppData\Local\BraveSoftware\Brave-Browser\User Data\jicbkmdloagakknpihibphagfckhjdih [2021-09-14]
BRA Extension: (Brave NTP sponsored images) - C:\Users\User\AppData\Local\BraveSoftware\Brave-Browser\User Data\mjpbonbjgpinifgnneajcbigekbpfige [2021-09-15]
BRA Extension: (Brave HTTPS Everywhere Updater) - C:\Users\User\AppData\Local\BraveSoftware\Brave-Browser\User Data\oofiananboodjbbmdelgdommihjbkfag [2021-09-15]
==================== Services (Whitelisted) ===================
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
R2 !SASCORE; C:\Program Files\SUPERAntiSpyware\SASCORE64.EXE [173472 2021-01-09] (SUPERAntiSpyware.com -> SUPERAntiSpyware.com)
R2 AdobeARMservice; C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe [169728 2021-08-16] (Adobe Inc. -> Adobe Inc.)
R2 AVControlCenter; C:\Program Files\Lenovo\Communications Utility\AVControlCenter32.exe [566288 2016-04-12] (LENOVO -> Lenovo Corporation)
S2 brave; C:\Program Files (x86)\BraveSoftware\Update\BraveUpdate.exe [162384 2021-02-14] (Brave Software, Inc. -> BraveSoftware Inc.)
S3 bravem; C:\Program Files (x86)\BraveSoftware\Update\BraveUpdate.exe [162384 2021-02-14] (Brave Software, Inc. -> BraveSoftware Inc.)
R2 GUBootService; C:\Program Files (x86)\Glary Utilities 5\GUBootService.exe [867712 2021-09-06] (Glarysoft LTD -> Glarysoft Ltd)
R2 Lenovo Settings Service; C:\Program Files\Lenovo\SettingsDependency\SettingsService.exe [2023592 2015-09-25] (LENOVO -> Lenovo Group Limited)
R3 LENOVO.TVTVCAM; C:\Program Files\Lenovo\Communications Utility\vcamsvc.exe [631312 2016-04-12] (LENOVO -> Lenovo Corporation)
S3 LnvHotSpotSvc; C:\Program Files\Lenovo\Lenovo Mobile Hotspot\LnvHotSpotSvc.exe [480712 2015-03-23] (LENOVO -> Lenovo)
S2 LocationTaskManager; C:\Program Files (x86)\Lenovo\LocationAware\loctaskmgr.exe [469720 2015-05-12] (LENOVO -> )
S2 LPlatSvc; C:\Windows\System32\LPlatSvc.exe [892288 2019-12-11] (Lenovo -> Lenovo.)
R2 NortonSecurity; C:\Program Files\Norton Security\Engine\22.21.6.53\NortonSecurity.exe [343336 2021-07-29] (NortonLifeLock Inc. -> Symantec Corporation)
R2 nsWscSvc; C:\Program Files\Norton Security\Engine\22.21.6.53\nsWscSvc.exe [1058664 2021-07-29] (NortonLifeLock Inc. -> NortonLifeLock Inc.)
S3 Sense; C:\Program Files\Windows Defender Advanced Threat Protection\MsSense.exe [5394872 2021-08-11] (Microsoft Windows Publisher -> Microsoft Corporation)
R2 TeamViewer; C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe [13271336 2021-08-12] (TeamViewer Germany GmbH -> TeamViewer Germany GmbH)
S3 WdNisSvc; C:\ProgramData\Microsoft\Windows Defender\platform\4.18.2011.6-0\NisSrv.exe [2491880 2021-02-08] (Microsoft Windows Publisher -> Microsoft Corporation)
S3 WinDefend; C:\ProgramData\Microsoft\Windows Defender\platform\4.18.2011.6-0\MsMpEng.exe [128376 2021-02-08] (Microsoft Windows Publisher -> Microsoft Corporation)
===================== Drivers (Whitelisted) ===================
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
R1 BHDrvx64; C:\Program Files\Norton Security\NortonData\22.20.5.39\Definitions\BASHDefs\20210913.004\BHDrvx64.sys [2018776 2021-09-13] (Microsoft Windows Hardware Compatibility Publisher -> Broadcom)
S3 BthA2dp; C:\Windows\System32\drivers\BthA2dp.sys [279040 2019-12-07] (Microsoft Corporation) [File not signed]
R1 ccSet_NGC; C:\Windows\System32\drivers\NGCx64\1615060.035\ccSetx64.sys [192248 2021-07-29] (Symantec Corporation -> Symantec Corporation)
R1 eeCtrl; C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\eeCtrl64.sys [516168 2021-02-10] (Symantec Corporation -> Broadcom)
R3 EraserUtilRebootDrv; C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [153672 2021-02-10] (Symantec Corporation -> Broadcom)
R1 GUBootStartup; C:\Windows\System32\drivers\GUBootStartup.sys [30720 2021-02-10] (Microsoft Windows Hardware Compatibility Publisher -> Glarysoft Ltd)
R1 IDSVia64; C:\Program Files\Norton Security\NortonData\22.20.5.39\Definitions\IPSDefs\20210914.061\IDSvia64.sys [1480128 2021-08-23] (Microsoft Windows Hardware Compatibility Publisher -> Broadcom)
R3 LnvHIDHW; C:\Windows\System32\drivers\LnvHIDHW.sys [29496 2014-04-07] (Lenovo(Japan)Ltd. -> Lenovo)
R2 npf; C:\Windows\System32\drivers\npf.sys [36600 2014-04-18] (Riverbed Technology, Inc. -> Riverbed Technology, Inc.)
S3 nsvst_NGC; C:\Windows\System32\drivers\NGCx64\1615060.035\nsvst.sys [56080 2021-07-29] (NortonLifeLock Inc. -> NortonLifeLock Inc.)
R0 PMDRVS; C:\Windows\System32\drivers\pmdrvs.sys [38160 2019-12-11] (Lenovo -> Lenovo.)
R3 qcusbserlno2k; C:\Windows\system32\DRIVERS\qcusbserlno2k.sys [231040 2011-05-23] (Microsoft Windows Hardware Compatibility Publisher -> QUALCOMM Incorporated)
R2 rimspci; C:\Windows\system32\DRIVERS\rimspe64.sys [61952 2009-10-26] (Microsoft Windows Hardware Compatibility Publisher -> REDC)
R1 SASDIFSV; C:\Program Files\SUPERAntiSpyware\SASDIFSV64.SYS [14928 2021-01-09] (Support.com, Inc. -> SUPERAdBlocker.com and SUPERAntiSpyware.com)
R1 SASKUTIL; C:\Program Files\SUPERAntiSpyware\SASKUTIL64.SYS [12368 2021-01-09] (Support.com, Inc. -> SUPERAdBlocker.com and SUPERAntiSpyware.com)
R3 SRTSP; C:\Windows\System32\drivers\NGCx64\1615060.035\SRTSP64.SYS [885192 2021-07-29] (Microsoft Windows Hardware Compatibility Publisher -> Broadcom)
R1 SRTSPX; C:\Windows\System32\drivers\NGCx64\1615060.035\SRTSPX64.SYS [41928 2021-07-29] (Microsoft Windows Hardware Compatibility Publisher -> Broadcom)
R3 SrvHsfHDA; C:\Windows\system32\DRIVERS\VSTAZL6.SYS [292864 2019-12-07] (Microsoft Windows -> Conexant Systems, Inc.)
R3 SrvHsfV92; C:\Windows\system32\DRIVERS\VSTDPV6.SYS [1485312 2019-12-07] (Microsoft Windows -> Conexant Systems, Inc.)
R3 SrvHsfWinac; C:\Windows\system32\DRIVERS\VSTCNXT6.SYS [740864 2019-12-07] (Microsoft Windows -> Conexant Systems, Inc.)
R0 SymEFASI; C:\Windows\System32\drivers\NGCx64\1615060.035\SYMEFASI64.SYS [2062424 2021-07-29] (Symantec Corporation -> Broadcom)
S0 SymELAM; C:\Windows\System32\drivers\NGCx64\1615060.035\SymELAM.sys [25080 2021-07-29] (Microsoft Windows Early Launch Anti-malware Publisher -> Broadcom Corporation)
R3 SymEvent; C:\Windows\system32\Drivers\SYMEVENT64x86.SYS [93152 2021-08-10] (Microsoft Windows Hardware Compatibility Publisher -> Broadcom)
R3 SymEvnt; C:\Program Files\Norton Security\NortonData\22.20.5.39\SymPlatform\SymEvnt.sys [712432 2021-07-13] (Symantec Corporation -> Symantec Corporation)
R1 SymIRON; C:\Windows\System32\drivers\NGCx64\1615060.035\Ironx64.SYS [317296 2021-07-29] (Symantec Corporation -> Broadcom)
R1 SymNetS; C:\Windows\System32\drivers\NGCx64\1615060.035\symnets.sys [575328 2021-07-29] (Symantec Corporation -> Symantec Corporation)
S3 WdBoot; C:\Windows\system32\drivers\wd\WdBoot.sys [48536 2021-02-08] (Microsoft Windows Early Launch Anti-malware Publisher -> Microsoft Corporation)
S3 WdFilter; C:\Windows\system32\drivers\wd\WdFilter.sys [429296 2021-02-08] (Microsoft Windows -> Microsoft Corporation)
S3 WdNisDrv; C:\Windows\System32\drivers\wd\WdNisDrv.sys [70896 2021-02-08] (Microsoft Windows -> Microsoft Corporation)
R1 wpCtrlDrv_NGC; C:\Windows\System32\drivers\NGCx64\1615060.035\wpCtrlDrv.sys [1015760 2021-07-29] (NortonLifeLock Inc. -> NortonLifeLock Inc.)
==================== NetSvcs (Whitelisted) ===================
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
==================== One month (created) (Whitelisted) =========
(If an entry is included in the fixlist, the file/folder will be moved.)
2021-09-15 14:49 - 2021-09-15 14:52 - 000026118 _____ C:\Users\User\Downloads\FRST.txt
2021-09-15 14:46 - 2021-09-15 14:50 - 000000000 ____D C:\FRST
2021-09-15 14:36 - 2021-09-15 14:36 - 002304000 _____ (Farbar) C:\Users\User\Downloads\FRST64.exe
2021-09-15 11:37 - 2021-09-15 11:37 - 000000000 ____D C:\Windows\system32\Tasks\Remediation
2021-09-10 10:22 - 2021-09-10 10:22 - 000255928 _____ (Malwarebytes) C:\Windows\system32\Drivers\4156B204.sys
2021-09-10 10:22 - 2021-09-10 10:22 - 000000000 ____D C:\ProgramData\Malwarebytes
2021-09-10 10:21 - 2021-09-10 11:56 - 000192952 _____ (Malwarebytes) C:\Windows\system32\Drivers\mbamchameleon.sys
2021-09-10 10:21 - 2021-09-10 10:56 - 000000000 ____D C:\Users\User\Documents\mbar
2021-09-10 10:21 - 2021-09-10 10:56 - 000000000 ____D C:\ProgramData\Malwarebytes' Anti-Malware (portable)
2021-09-10 10:20 - 2021-09-10 10:20 - 014178840 _____ (Malwarebytes Corp.) C:\Users\User\Downloads\mbar-1.10.3.1001.exe
2021-09-09 21:04 - 2021-09-15 14:17 - 000007310 _____ C:\Windows\ntbtlog.txt
2021-09-09 16:23 - 2021-09-09 16:23 - 000000000 ____D C:\Users\User\AppData\Local\NPE
2021-09-09 16:17 - 2021-09-09 16:18 - 000004484 _____ C:\TDSSKiller.3.1.0.28_09.09.2021_16.17.01_log.txt
2021-09-09 12:07 - 2021-09-09 12:08 - 000004484 _____ C:\TDSSKiller.3.1.0.28_09.09.2021_12.07.54_log.txt
2021-09-09 11:59 - 2021-09-09 12:02 - 000319296 _____ C:\TDSSKiller.3.1.0.28_09.09.2021_11.59.36_log.txt
2021-09-09 11:59 - 2021-09-09 11:59 - 005054744 _____ (AO Kaspersky Lab) C:\Users\User\Downloads\tdsskiller.exe
2021-09-08 17:25 - 2021-09-08 17:25 - 019829840 _____ (Glarysoft Ltd) C:\Users\User\Downloads\Glary_Utilities_v5.173.0.201.exe
2021-09-08 17:22 - 2021-09-08 17:23 - 031850712 _____ (Bandicam Company) C:\Users\User\Downloads\Bandicam_v5.3.0.1879.exe
2021-09-08 16:41 - 2021-09-08 16:41 - 000001921 _____ C:\Users\User\Desktop\Norton Utilities.lnk
2021-09-08 16:41 - 2021-09-08 16:41 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Norton
2021-09-05 19:46 - 2021-09-05 19:46 - 000000000 ____D C:\Users\User\Downloads\QA - Technical Department - Yetminster DT9 - Indeed.com_files
2021-09-05 19:45 - 2021-09-05 19:46 - 000322107 _____ C:\Users\User\Downloads\QA - Technical Department - Yetminster DT9 - Indeed.com.html
2021-09-03 14:48 - 2021-09-03 14:48 - 000000000 ____D C:\Users\User\AppData\Local\Tvsukernel
2021-09-03 14:15 - 2021-09-03 14:15 - 000000000 ____D C:\Windows\LastGood.Tmp
2021-09-03 14:14 - 2021-09-03 14:14 - 000040888 _____ (NVIDIA Corporation) C:\Windows\system32\nvhdap64.dll
2021-09-03 14:10 - 2021-09-03 14:10 - 000000000 ____D C:\Users\User\AppData\Roaming\iTop Screenshot
2021-09-03 14:10 - 2021-09-03 14:10 - 000000000 ____D C:\Users\User\AppData\LocalLow\iTop Screen Recorder
2021-09-03 14:09 - 2021-09-03 14:10 - 000000000 ____D C:\Users\User\AppData\Roaming\iTop Screen Recorder
2021-09-03 14:09 - 2021-09-03 14:10 - 000000000 ____D C:\ProgramData\iTop
2021-09-03 14:09 - 2021-09-03 14:09 - 000000000 ____D C:\ProgramData\iTop VPN
2021-09-03 14:09 - 2021-09-03 14:09 - 000000000 ____D C:\ProgramData\{150F4013-6884-4350-8DDC-6BFCB4C5DC15}
2021-09-03 14:08 - 2021-09-03 15:05 - 000000000 ____D C:\ProgramData\ProductData
2021-09-03 14:08 - 2021-09-03 14:16 - 000000000 ____D C:\Users\User\AppData\Roaming\instinfo
2021-09-03 14:08 - 2021-09-03 14:08 - 000000000 ____D C:\Users\User\AppData\LocalLow\IObit
2021-09-03 14:07 - 2021-09-03 14:07 - 000000000 ____D C:\ProgramData\{E0224FF9-7AE3-4F9E-991A-2F004F7E3952}
2021-09-03 14:06 - 2021-09-03 14:30 - 000000000 ____D C:\ProgramData\IObit
2021-09-03 14:06 - 2021-09-03 14:08 - 000000000 ____D C:\Users\User\AppData\Roaming\IObit
2021-09-03 10:33 - 2021-09-03 10:33 - 000002359 _____ C:\Users\User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Microsoft Teams.lnk
2021-09-03 10:32 - 2021-09-03 10:32 - 000000000 ____D C:\Users\User\AppData\Roaming\Teams
2021-09-03 10:25 - 2021-09-03 10:34 - 000000000 ____D C:\Users\User\AppData\Local\SquirrelTemp
2021-08-31 14:50 - 2021-08-31 14:50 - 000000000 ___HD C:\ProgramData\CanonBJ
2021-08-31 14:50 - 2015-03-12 05:00 - 000406528 _____ (CANON INC.) C:\Windows\system32\CNMLMCT.DLL
2021-08-29 17:21 - 2021-08-29 17:21 - 000000000 ____D C:\Windows\system32\Tasks\Mozilla
2021-08-29 17:03 - 2021-09-03 10:56 - 000000000 ____D C:\Program Files\Mozilla Firefox
2021-08-26 13:17 - 2021-08-26 13:17 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\lenovo
2021-08-26 13:15 - 2021-08-26 13:15 - 008307216 _____ (Lenovo ) C:\Users\User\Downloads\system_update_5.07.0127.exe
2021-08-26 13:09 - 2021-08-26 13:09 - 003221952 _____ (Lenovo ) C:\Users\User\Downloads\LSBSetup (2).exe
2021-08-26 12:14 - 2021-08-26 12:14 - 000001849 _____ C:\Users\Public\Desktop\SUPERAntiSpyware Free Edition.lnk
2021-08-26 12:14 - 2021-08-26 12:14 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\SUPERAntiSpyware
2021-08-18 16:16 - 2021-08-18 16:16 - 000002884 _____ C:\Windows\system32\Tasks\CCleanerSkipUAC - User
==================== One month (modified) ==================
(If an entry is included in the fixlist, the file/folder will be moved.)
2021-09-15 14:32 - 2019-12-07 10:14 - 000000000 ____D C:\ProgramData\regid.1991-06.com.microsoft
2021-09-15 14:17 - 2020-07-09 21:24 - 000000000 ____D C:\Windows\system32\SleepStudy
2021-09-15 12:00 - 2020-07-09 21:40 - 000004562 _____ C:\Windows\system32\Tasks\Adobe Acrobat Update Task
2021-09-15 11:59 - 2021-07-31 14:45 - 000002061 _____ C:\Users\Public\Desktop\Adobe Acrobat DC.lnk
2021-09-15 11:59 - 2021-06-09 13:12 - 000002073 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Acrobat DC.lnk
2021-09-15 11:32 - 2021-02-10 16:47 - 000000000 ____D C:\Program Files\CCleaner
2021-09-15 11:31 - 2021-02-14 18:03 - 000002364 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Brave.lnk
2021-09-15 11:31 - 2021-02-14 18:03 - 000002323 _____ C:\Users\Public\Desktop\Brave.lnk
2021-09-15 11:13 - 2021-02-10 16:47 - 000003936 _____ C:\Windows\system32\Tasks\CCleaner Update
2021-09-15 08:25 - 2021-08-10 18:43 - 000000000 ____D C:\Windows\system32\Tasks\Norton 360
2021-09-14 22:06 - 2021-02-11 14:36 - 000000000 ____D C:\Users\User\AppData\Roaming\Stellarium
2021-09-14 22:06 - 2021-02-10 16:02 - 000000000 ____D C:\Users\User\AppData\Roaming\vlc
2021-09-14 15:37 - 2020-07-09 21:44 - 133215968 ____C (Microsoft Corporation) C:\Windows\system32\MRT.exe
2021-09-14 11:32 - 2019-12-07 10:14 - 000000000 ___HD C:\Program Files\WindowsApps
2021-09-14 11:32 - 2019-12-07 10:14 - 000000000 ____D C:\Windows\AppReadiness
2021-09-13 12:17 - 2021-02-10 22:21 - 000002438 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Edge.lnk
2021-09-13 09:33 - 2021-02-10 16:19 - 000000000 ____D C:\Program Files (x86)\Glary Utilities 5
2021-09-11 17:17 - 2021-02-10 18:46 - 000000000 ____D C:\Program Files\Microsoft Update Health Tools
2021-09-09 17:38 - 2020-07-09 21:38 - 000000000 ____D C:\Program Files (x86)\TeamViewer
2021-09-09 17:37 - 2020-07-09 21:24 - 000000006 ____H C:\Windows\Tasks\SA.DAT
2021-09-09 17:37 - 2020-07-09 21:23 - 000008192 ___SH C:\DumpStack.log.tmp
2021-09-09 17:36 - 2019-12-07 10:03 - 000786432 _____ C:\Windows\system32\config\BBI
2021-09-09 17:18 - 2021-02-11 12:31 - 000000000 ____D C:\Users\User\AppData\Local\CrashDumps
2021-09-09 16:23 - 2021-02-10 13:55 - 000000000 ____D C:\ProgramData\Norton
2021-09-08 17:26 - 2021-02-10 16:19 - 000003288 _____ C:\Windows\system32\Tasks\GlaryInitialize 5
2021-09-08 17:26 - 2021-02-10 16:19 - 000003024 _____ C:\Windows\system32\Tasks\GU5SkipUAC
2021-09-08 17:26 - 2021-02-10 16:19 - 000001161 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Glary Utilities 5.lnk
2021-09-08 17:26 - 2021-02-10 16:19 - 000001149 _____ C:\Users\Public\Desktop\Glary Utilities 5.lnk
2021-09-08 17:24 - 2021-02-27 22:11 - 000001057 _____ C:\Users\Public\Desktop\Bandicam.lnk
2021-09-08 17:24 - 2021-02-27 22:10 - 000000000 ____D C:\Program Files (x86)\BandiMPEG1
2021-09-08 17:24 - 2021-02-27 22:10 - 000000000 ____D C:\Program Files (x86)\Bandicam
2021-09-08 16:41 - 2021-07-08 14:15 - 000000000 ____D C:\Program Files\Norton Utilities
2021-09-06 13:02 - 2021-06-16 12:11 - 000000000 ____D C:\Program Files\SUPERAntiSpyware
2021-09-06 09:59 - 2021-02-11 21:52 - 000000000 ____D C:\Users\User\AppData\LocalLow\Mozilla
2021-09-04 08:34 - 2021-03-19 11:51 - 000000000 ____D C:\Users\User\AppData\LocalLow\Norton
2021-09-03 14:59 - 2021-04-30 14:43 - 000000000 ____D C:\Windows\TempInst
2021-09-03 14:59 - 2019-12-07 10:13 - 000000000 ____D C:\Windows\INF
2021-09-03 14:14 - 2021-02-08 16:05 - 001524664 _____ (NVIDIA Corporation) C:\Windows\system32\nvhdagenco6420103.dll
2021-09-03 14:14 - 2021-02-08 16:05 - 000206776 _____ (NVIDIA Corporation) C:\Windows\system32\Drivers\nvhda64v.sys
2021-09-03 11:01 - 2019-12-07 10:03 - 000032768 _____ C:\Windows\system32\config\ELAM
2021-09-03 10:56 - 2021-02-28 15:19 - 000000000 ____D C:\Program Files (x86)\Mozilla Maintenance Service
2021-08-29 22:59 - 2021-02-11 18:53 - 000000000 ____D C:\Users\User\Documents\VSO Downloader
2021-08-29 17:21 - 2021-02-28 15:19 - 000001005 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Firefox.lnk
2021-08-27 21:15 - 2020-07-09 21:30 - 000840838 _____ C:\Windows\system32\PerfStringBackup.INI
2021-08-26 13:17 - 2021-04-30 14:44 - 000000000 ____D C:\Windows\system32\Tasks\TVT
2021-08-26 13:16 - 2021-06-02 16:58 - 000000831 _____ C:\Windows\SysWOW64\InstallUtil.InstallLog
2021-08-26 13:16 - 2020-08-28 09:18 - 000000000 ____D C:\Program Files (x86)\Lenovo
2021-08-26 13:10 - 2021-04-30 15:19 - 000000000 ____D C:\Users\User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Lenovo
2021-08-26 13:10 - 2021-04-30 11:58 - 000000000 ____D C:\Windows\system32\Tasks\Lenovo
2021-08-26 12:08 - 2021-02-10 16:19 - 000000000 ____D C:\Users\User\AppData\Roaming\GlarySoft
2021-08-19 12:42 - 2021-06-17 12:07 - 000000000 ____D C:\ProgramData\TEMP
2021-08-19 12:41 - 2021-06-17 20:55 - 000000000 ____D C:\Program Files (x86)\SpywareBlaster
2021-08-18 08:12 - 2021-02-10 22:20 - 000003480 _____ C:\Windows\system32\Tasks\MicrosoftEdgeUpdateTaskMachineUA
2021-08-18 08:12 - 2021-02-10 22:20 - 000003356 _____ C:\Windows\system32\Tasks\MicrosoftEdgeUpdateTaskMachineCore
2021-08-17 01:22 - 2021-02-10 18:46 - 000740168 _____ (Microsoft Corporation) C:\Windows\system32\sedplugins.dll
2021-08-17 01:22 - 2021-02-10 18:46 - 000486728 _____ (Microsoft Corporation) C:\Windows\system32\QualityUpdateAssistant.dll
==================== SigCheck ============================
(There is no automatic fix for files that do not pass verification.)
==================== End of FRST.txt ========================
Additional scan result of Farbar Recovery Scan Tool (x64) Version: 15-09-2021
Ran by User (15-09-2021 14:53:42)
Running from C:\Users\User\Downloads
Windows 10 Pro Version 20H2 19042.1165 (X64) (2020-08-27 16:13:03)
Boot Mode: Normal
==========================================================
==================== Accounts: =============================
(If an entry is included in the fixlist, it will be removed.)
Administrator (S-1-5-21-725688832-2798266748-3951577904-500 - Administrator - Disabled)
DefaultAccount (S-1-5-21-725688832-2798266748-3951577904-503 - Limited - Disabled)
Guest (S-1-5-21-725688832-2798266748-3951577904-501 - Limited - Disabled)
User (S-1-5-21-725688832-2798266748-3951577904-1002 - Administrator - Enabled) => C:\Users\User
WDAGUtilityAccount (S-1-5-21-725688832-2798266748-3951577904-504 - Limited - Disabled)
==================== Security Center ========================
(If an entry is included in the fixlist, it will be removed.)
AV: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AV: Norton 360 (Enabled - Up to date) {AECE2126-F4E7-6909-11F2-1B69D1FBCBD0}
AV: Norton 360 (Enabled - Up to date) {9E3FD331-C4C2-7AC4-0537-131EEF1B1F8A}
FW: Norton 360 (Enabled) {A6045214-8EAD-7B9C-2E68-BA2B11C858F1}
FW: Norton 360 (Enabled) {96F5A003-BE88-6851-3AAD-B25C2F288CAB}
==================== Installed Programs ======================
(Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)
Adobe Acrobat DC (64-bit) (HKLM\...\{AC76BA86-1033-1033-7760-BC15014EA700}) (Version: 21.007.20091 - Adobe)
Bandicam (HKLM-x32\...\Bandicam) (Version: 5.3.0.1879 - Bandicam.com)
Bandicam MPEG-1 Decoder (HKLM-x32\...\BandiMPEG1) (Version: - Bandicam.com)
Brave (HKLM-x32\...\BraveSoftware Brave-Browser) (Version: 93.1.29.81 - Brave Software Inc)
CCleaner (HKLM\...\CCleaner) (Version: 5.85 - Piriform)
Conexant 20585 SmartAudio HD (HKLM\...\CNXT_AUDIO_HDA) (Version: 4.95.49.53 - Conexant)
Core Temp 1.17.1 (HKLM\...\{086D343F-8E78-4AFC-81AC-D6D414AFD8AC}_is1) (Version: 1.17.1 - ALCPU)
Epson Software Updater (HKLM-x32\...\{D2D9559D-359A-4C61-B93A-FE01AE2BFB75}) (Version: 4.5.4 - Seiko Epson Corporation)
Glary Utilities 5.173 (HKLM-x32\...\Glary Utilities 5) (Version: 5.173.0.201 - Glarysoft Ltd)
Google Update Helper (HKLM-x32\...\{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}) (Version: 1.3.101.0 - Google LLC) Hidden
Intel(R) Turbo Boost Technology Driver (HKLM-x32\...\{D6C630BF-8DBB-4042-8562-DC9A52CB6E7E}) (Version: 01.02.00.1002 - Intel Corporation)
Lenovo Patch Utility (HKLM-x32\...\{E8F27ADF-B1ED-41AF-A7EF-D5E71778480C}) (Version: 1.3.2.6 - Lenovo Group Limited) Hidden
Lenovo Patch Utility 64 bit (HKLM\...\{49A09C2C-FFF4-478E-B397-5E0979F67F5D}) (Version: 1.3.2.6 - Lenovo Group Limited) Hidden
Lenovo Service Bridge (HKU\S-1-5-21-725688832-2798266748-3951577904-1002\...\{2C74547D-EF88-47F4-85F5-BE46A31E26B7}_is1) (Version: 5.0.2.5 - Lenovo)
Lenovo Settings Dependency Package (HKLM\...\{3694BA2E-BE31-4B7E-886B-A0B559E69D4D}_is1) (Version: 2.4.0.21 - Lenovo Group Limited)
Lenovo System Update (HKLM-x32\...\TVSU_is1) (Version: 5.07.0127 - Lenovo)
Metric Collection SDK (HKLM-x32\...\{DDAA788F-52E6-44EA-ADB8-92837B11BF26}) (Version: 1.1.0008.00 - Lenovo Group Limited) Hidden
Microsoft Edge (HKLM-x32\...\Microsoft Edge) (Version: 93.0.961.47 - Microsoft Corporation)
Microsoft Office 2007 Service Pack 3 (SP3) (HKLM-x32\...\{91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{6E107EB7-8B55-48BF-ACCB-199F86A2CD93}) (Version: - Microsoft)
Microsoft Office File Validation Add-In (HKLM-x32\...\{90140000-2005-0000-0000-0000000FF1CE}) (Version: 14.0.5130.5003 - Microsoft Corporation)
Microsoft Office Home and Student 2007 (HKLM-x32\...\HOMESTUDENTR) (Version: 12.0.6612.1000 - Microsoft Corporation)
Microsoft Teams (HKU\S-1-5-21-725688832-2798266748-3951577904-1002\...\Teams) (Version: 1.4.00.22472 - Microsoft Corporation)
Microsoft Update Health Tools (HKLM\...\{7B981965-2FBC-433C-B4B3-E183EE97CD29}) (Version: 2.83.0.0 - Microsoft Corporation)
Microsoft Visual C++ 2015-2019 Redistributable (x64) - 14.25.28508 (HKLM-x32\...\{6913e92a-b64e-41c9-a5e6-cef39207fe89}) (Version: 14.25.28508.3 - Microsoft Corporation)
Microsoft Visual C++ 2015-2019 Redistributable (x86) - 14.23.27820 (HKLM-x32\...\{45231ab4-69fd-486a-859d-7a59fcd11013}) (Version: 14.23.27820.0 - Microsoft Corporation)
Mozilla Firefox (x64 en-US) (HKLM\...\Mozilla Firefox 91.0.2 (x64 en-US)) (Version: 91.0.2 - Mozilla)
Mozilla Maintenance Service (HKLM\...\MozillaMaintenanceService) (Version: 90.0 - Mozilla)
Norton 360 (HKLM-x32\...\NGC) (Version: 22.21.6.53 - NortonLifeLock Inc)
Norton Utilities (HKLM\...\{36896A40-D958-486B-8A43-31A41E129FE2}) (Version: 21.4.3.281 - NortonLifeLock Inc)
NVIDIA Graphics Driver 341.74 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver) (Version: 341.74 - NVIDIA Corporation)
On Screen Display (HKLM\...\OnScreenDisplay) (Version: 6.73.01 - )
SharpKeys (HKLM\...\{DCBF8C2F-0053-4BC7-B7A4-ABEE0D4389FC}) (Version: 3.9.0000 - RandyRants.com)
SpywareBlaster 6.0 (HKLM-x32\...\SpywareBlaster_is1) (Version: 6.0.0 - BrightFort LLC)
Stellarium 0.21.1 (HKLM-x32\...\Stellarium_is1) (Version: 0.21.1 - Stellarium team)
SUPERAntiSpyware (HKLM\...\{CDDCBBF1-2703-46BC-938B-BCC81A1EEAAA}) (Version: 10.0.1238 - SUPERAntiSpyware.com)
Synaptics Pointing Device Driver (HKLM\...\SynTPDeinstKey) (Version: 19.0.17.115 - Synaptics Incorporated)
TeamViewer (HKLM-x32\...\TeamViewer) (Version: 15.21.4 - TeamViewer)
TotalAV Welcome OEM (HKLM-x32\...\TotalAV Welcome OEM) (Version: 1.0.0 - TotalAV Welcome OEM) <==== ATTENTION
Update for 2007 Microsoft Office System (KB967642) (HKLM-x32\...\{91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{C444285D-5E4F-48A4-91DD-47AAAA68E92D}) (Version: - Microsoft)
Virtual Moon Atlas V7.0 (HKLM-x32\...\{3EB7A19B-690F-49BA-B494-CADA547D0DB9}_is1) (Version: - )
VLC media player (HKLM\...\VLC media player) (Version: 3.0.15 - VideoLAN)
VSO Downloader 5.1.1.70 (HKLM-x32\...\{3C5CD638-CAD0-4F6C-81FD-B37D47B411F7}_is1) (Version: 5.1.1.70 - VSO Software)
WinPcap 4.1.3 (HKLM-x32\...\WinPcapInst) (Version: 4.1.0.2980 - CACE Technologies)
Zoom (HKU\S-1-5-21-725688832-2798266748-3951577904-1002\...\ZoomUMX) (Version: 5.6.4 (799) - Zoom Video Communications, Inc.)
Packages:
=========
iTunes -> C:\Program Files\WindowsApps\AppleInc.iTunes_12114.15.53119.0_x64__nzyj5cx40ttqa [2021-08-11] (Apple Inc.) [Startup Task]
Microsoft Advertising SDK for XAML -> C:\Program Files\WindowsApps\Microsoft.Advertising.Xaml_10.1811.1.0_x64__8wekyb3d8bbwe [2021-02-12] (Microsoft Corporation) [MS Ad]
Microsoft Advertising SDK for XAML -> C:\Program Files\WindowsApps\Microsoft.Advertising.Xaml_10.1811.1.0_x86__8wekyb3d8bbwe [2021-02-12] (Microsoft Corporation) [MS Ad]
Photo Frame -> C:\Program Files\WindowsApps\38731basquang.vn.PhotoFrame_1.1.3.0_x64__pyvvk3yw15sng [2021-04-04] (basquang) [MS Ad]
Photos Add-on -> C:\Program Files\WindowsApps\Microsoft.Windows.Photos.DLC.Main_2021.39122.10110.0_x64__8wekyb3d8bbwe [2021-03-23] (Microsoft Corporation)
Photos Media Engine Add-on -> C:\Program Files\WindowsApps\Microsoft.Photos.MediaEngineDLC_1.0.0.0_x64__8wekyb3d8bbwe [2021-02-13] (Microsoft Corporation)
Simple Solitaire -> C:\Program Files\WindowsApps\26720RandomSaladGamesLLC.SimpleSolitaire_7.3.1.0_x64__kx24dqmazqk8j [2021-09-11] (Random Salad Games LLC)
Spotify Music -> C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.167.586.0_x86__zpdnekdrzrea0 [2021-09-03] (Spotify AB) [Startup Task]
The Backgammon -> C:\Program Files\WindowsApps\6918E89D.TheBackgammon_1.2.10.0_x64__66n08swfvvka0 [2021-05-18] (UNBALANCE corp.) [MS Ad]
The Chess Lv.100 -> C:\Program Files\WindowsApps\6918E89D.THECHESSLV.100_1.3.8.0_x64__66n08swfvvka0 [2021-08-13] (UNBALANCE corp.) [MS Ad]
==================== Custom CLSID (Whitelisted): ==============
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
CustomCLSID: HKU\S-1-5-21-725688832-2798266748-3951577904-1002_Classes\CLSID\{19A6E644-14E6-4A60-B8D7-DD20610A871D}\InprocServer32 -> C:\Users\User\AppData\Local\Microsoft\TeamsMeetingAddin\1.0.21140.5\x64\Microsoft.Teams.AddinLoader.dll (Microsoft Corporation -> Microsoft Corporation)
ShellIconOverlayIdentifiers: [ OverlayExcluded] -> {4433A54A-1AC8-432F-90FC-85F045CF383C} => C:\Program Files\Norton Security\Engine\22.21.6.53\buShell.dll [2021-07-29] (NortonLifeLock Inc. -> NortonLifeLock Inc.)
ShellIconOverlayIdentifiers: [ OverlayPending] -> {F17C0B1E-EF8E-4AD4-8E1B-7D7E8CB23225} => C:\Program Files\Norton Security\Engine\22.21.6.53\buShell.dll [2021-07-29] (NortonLifeLock Inc. -> NortonLifeLock Inc.)
ShellIconOverlayIdentifiers: [ OverlayProtected] -> {476D0EA3-80F9-48B5-B70B-05E677C9C148} => C:\Program Files\Norton Security\Engine\22.21.6.53\buShell.dll [2021-07-29] (NortonLifeLock Inc. -> NortonLifeLock Inc.)
ShellIconOverlayIdentifiers: [ OneDrive1] -> {BBACC218-34EA-4666-9D7A-C78F2274A524} => -> No File
ShellIconOverlayIdentifiers: [ OneDrive2] -> {5AB7172C-9C11-405C-8DD5-AF20F3606282} => -> No File
ShellIconOverlayIdentifiers: [ OneDrive3] -> {A78ED123-AB77-406B-9962-2A5D9D2F7F30} => -> No File
ShellIconOverlayIdentifiers: [ OneDrive4] -> {F241C880-6982-4CE5-8CF7-7085BA96DA5A} => -> No File
ShellIconOverlayIdentifiers: [ OneDrive5] -> {A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E} => -> No File
ShellIconOverlayIdentifiers: [ OneDrive6] -> {9AA2F32D-362A-42D9-9328-24A483E2CCC3} => -> No File
ShellIconOverlayIdentifiers: [ OneDrive7] -> {C5FF006E-2AE9-408C-B85B-2DFDD5449D9C} => -> No File
ShellIconOverlayIdentifiers-x32: [ OverlayExcluded] -> {4433A54A-1AC8-432F-90FC-85F045CF383C} => C:\Program Files\Norton Security\Engine\22.21.6.53\buShell.dll [2021-07-29] (NortonLifeLock Inc. -> NortonLifeLock Inc.)
ShellIconOverlayIdentifiers-x32: [ OverlayPending] -> {F17C0B1E-EF8E-4AD4-8E1B-7D7E8CB23225} => C:\Program Files\Norton Security\Engine\22.21.6.53\buShell.dll [2021-07-29] (NortonLifeLock Inc. -> NortonLifeLock Inc.)
ShellIconOverlayIdentifiers-x32: [ OverlayProtected] -> {476D0EA3-80F9-48B5-B70B-05E677C9C148} => C:\Program Files\Norton Security\Engine\22.21.6.53\buShell.dll [2021-07-29] (NortonLifeLock Inc. -> NortonLifeLock Inc.)
ShellIconOverlayIdentifiers-x32: [ OneDrive1] -> {BBACC218-34EA-4666-9D7A-C78F2274A524} => -> No File
ShellIconOverlayIdentifiers-x32: [ OneDrive2] -> {5AB7172C-9C11-405C-8DD5-AF20F3606282} => -> No File
ShellIconOverlayIdentifiers-x32: [ OneDrive3] -> {A78ED123-AB77-406B-9962-2A5D9D2F7F30} => -> No File
ShellIconOverlayIdentifiers-x32: [ OneDrive4] -> {F241C880-6982-4CE5-8CF7-7085BA96DA5A} => -> No File
ShellIconOverlayIdentifiers-x32: [ OneDrive5] -> {A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E} => -> No File
ShellIconOverlayIdentifiers-x32: [ OneDrive6] -> {9AA2F32D-362A-42D9-9328-24A483E2CCC3} => -> No File
ShellIconOverlayIdentifiers-x32: [ OneDrive7] -> {C5FF006E-2AE9-408C-B85B-2DFDD5449D9C} => -> No File
ContextMenuHandlers1: [BUContextMenu] -> {F7CAA2A1-67A2-44BB-B20F-202FD8EB1DAB} => C:\Program Files\Norton Security\Engine\22.21.6.53\buShell.dll [2021-07-29] (NortonLifeLock Inc. -> NortonLifeLock Inc.)
ContextMenuHandlers1: [Glary Utilities] -> {B3C418F8-922B-4faf-915E-59BC14448CF7} => C:\Program Files (x86)\Glary Utilities 5\x64\ContextHandler.dll [2020-10-12] (Glarysoft LTD -> Glarysoft Ltd)
ContextMenuHandlers1: [NortonLifeLock.Norton.Antivirus.IEContextMenu] -> {FAD61B3D-699D-49B2-BE16-7F82CB4C59CA} => C:\Program Files\Norton Security\Engine\22.21.6.53\NavShExt.dll [2021-07-29] (NortonLifeLock Inc. -> NortonLifeLock Inc.)
ContextMenuHandlers2: [Glary Utilities] -> {B3C418F8-922B-4faf-915E-59BC14448CF7} => C:\Program Files (x86)\Glary Utilities 5\x64\ContextHandler.dll [2020-10-12] (Glarysoft LTD -> Glarysoft Ltd)
ContextMenuHandlers2: [NortonLifeLock.Norton.Antivirus.IEContextMenu] -> {FAD61B3D-699D-49B2-BE16-7F82CB4C59CA} => C:\Program Files\Norton Security\Engine\22.21.6.53\NavShExt.dll [2021-07-29] (NortonLifeLock Inc. -> NortonLifeLock Inc.)
ContextMenuHandlers5: [igfxcui] -> {3AB1675A-CCFF-11D2-8B20-00A0C93CB1F4} => C:\Windows\system32\igfxpph.dll [2012-11-26] (Microsoft Windows Hardware Compatibility Publisher -> Intel Corporation)
ContextMenuHandlers5: [NvCplDesktopContext] -> {3D1975AF-48C6-4f8e-A182-BE0E08FA86A9} => C:\Windows\system32\nvshext.dll [2015-06-29] (NVIDIA Corporation -> NVIDIA Corporation)
ContextMenuHandlers6: [BUContextMenu] -> {F7CAA2A1-67A2-44BB-B20F-202FD8EB1DAB} => C:\Program Files\Norton Security\Engine\22.21.6.53\buShell.dll [2021-07-29] (NortonLifeLock Inc. -> NortonLifeLock Inc.)
ContextMenuHandlers6: [Glary Utilities] -> {B3C418F8-922B-4faf-915E-59BC14448CF7} => C:\Program Files (x86)\Glary Utilities 5\x64\ContextHandler.dll [2020-10-12] (Glarysoft LTD -> Glarysoft Ltd)
ContextMenuHandlers6: [NortonLifeLock.Norton.Antivirus.IEContextMenu] -> {FAD61B3D-699D-49B2-BE16-7F82CB4C59CA} => C:\Program Files\Norton Security\Engine\22.21.6.53\NavShExt.dll [2021-07-29] (NortonLifeLock Inc. -> NortonLifeLock Inc.)
==================== Codecs (Whitelisted) ====================
(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
HKLM\...\Drivers32: [vidc.mjpg] => C:\Windows\system32\bdmjpeg64.dll [75248 2017-01-26] (Bandicam Company -> )
HKLM\...\Drivers32: [vidc.mpeg] => C:\Windows\system32\bdmpegv64.dll [75272 2017-01-26] (Bandicam Company -> )
HKLM\...\Drivers32: [msacm.bdmpeg] => C:\Windows\system32\bdmpega64.acm [75784 2017-01-26] (Bandicam Company -> )
HKLM\...\Drivers32: [vidc.mjpg] => C:\Windows\SysWOW64\bdmjpeg.dll [71152 2017-01-26] (Bandicam Company -> )
HKLM\...\Drivers32: [vidc.mpeg] => C:\Windows\SysWOW64\bdmpegv.dll [71176 2017-01-26] (Bandicam Company -> )
HKLM\...\Drivers32: [msacm.bdmpeg] => C:\Windows\SysWOW64\bdmpega.acm [71176 2017-01-26] (Bandicam Company -> )
==================== Shortcuts & WMI ========================
(The entries could be listed to be restored or removed.)
ShortcutWithArgument: C:\Users\User\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\ImplicitAppShortcuts\188f5ec9d11ded56\Microsoft Edge.lnk -> C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe (Microsoft Corporation) -> --profile-directory="Profile 1"
==================== Loaded Modules (Whitelisted) =============
2021-04-30 12:00 - 2016-04-14 07:50 - 000107008 ____N () [File not signed] C:\Program Files (x86)\ThinkPad\Utilities\US\PWMRT64V.dll
2021-04-30 12:03 - 2016-04-05 09:37 - 002085888 _____ () [File not signed] C:\Program Files\Lenovo\Communications Utility\cv210.dll
2021-04-30 12:03 - 2016-04-05 09:37 - 002201088 _____ () [File not signed] C:\Program Files\Lenovo\Communications Utility\cxcore210.dll
2021-04-30 12:01 - 2014-10-23 10:20 - 000276480 _____ (Lenovo) [File not signed] C:\Program Files\Lenovo\Lenovo Mobile Hotspot\MHHelperDLL.dll
==================== Alternate Data Streams (Whitelisted) ========
(If an entry is included in the fixlist, only the ADS will be removed.)
AlternateDataStreams: C:\ProgramData\TEMP:5C321E34 [136]
==================== Safe Mode (Whitelisted) ==================
==================== Association (Whitelisted) =================
==================== Internet Explorer (Whitelisted) ==========
BHO: Norton Password Manager -> {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} -> C:\Program Files\Norton Security\Engine\22.21.6.53\coIEPlg.dll [2021-07-29] (NortonLifeLock Inc. -> NortonLifeLock Inc.)
BHO-x32: Norton Password Manager -> {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} -> C:\Program Files\Norton Security\Engine32\22.21.6.53\coIEPlg.dll [2021-07-29] (NortonLifeLock Inc. -> NortonLifeLock Inc.)
Toolbar: HKLM - Norton Toolbar - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files\Norton Security\Engine\22.21.6.53\coIEPlg.dll [2021-07-29] (NortonLifeLock Inc. -> NortonLifeLock Inc.)
Toolbar: HKLM-x32 - Norton Toolbar - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files\Norton Security\Engine32\22.21.6.53\coIEPlg.dll [2021-07-29] (NortonLifeLock Inc. -> NortonLifeLock Inc.)
(If an entry is included in the fixlist, it will be removed from the registry.)
IE restricted site: HKU\S-1-5-21-725688832-2798266748-3951577904-1002\...\008i.com -> 008i.com
IE restricted site: HKU\S-1-5-21-725688832-2798266748-3951577904-1002\...\008k.com -> 008k.com
IE restricted site: HKU\S-1-5-21-725688832-2798266748-3951577904-1002\...\00hq.com -> 00hq.com
IE restricted site: HKU\S-1-5-21-725688832-2798266748-3951577904-1002\...\0190-dialers.com -> 0190-dialers.com
IE restricted site: HKU\S-1-5-21-725688832-2798266748-3951577904-1002\...\01i.info -> 01i.info
IE restricted site: HKU\S-1-5-21-725688832-2798266748-3951577904-1002\...\02pmnzy5eo29bfk4.com -> 02pmnzy5eo29bfk4.com
IE restricted site: HKU\S-1-5-21-725688832-2798266748-3951577904-1002\...\0411dd.com -> 0411dd.com
IE restricted site: HKU\S-1-5-21-725688832-2798266748-3951577904-1002\...\0511zfhl.com -> 0511zfhl.com
IE restricted site: HKU\S-1-5-21-725688832-2798266748-3951577904-1002\...\05p.com -> 05p.com
IE restricted site: HKU\S-1-5-21-725688832-2798266748-3951577904-1002\...\0632qyw.com -> 0632qyw.com
IE restricted site: HKU\S-1-5-21-725688832-2798266748-3951577904-1002\...\07ic5do2myz3vzpk.com -> 07ic5do2myz3vzpk.com
IE restricted site: HKU\S-1-5-21-725688832-2798266748-3951577904-1002\...\08nigbmwk43i01y6.com -> 08nigbmwk43i01y6.com
IE restricted site: HKU\S-1-5-21-725688832-2798266748-3951577904-1002\...\093qpeuqpmz6ebfa.com -> 093qpeuqpmz6ebfa.com
IE restricted site: HKU\S-1-5-21-725688832-2798266748-3951577904-1002\...\0calories.net -> 0calories.net
IE restricted site: HKU\S-1-5-21-725688832-2798266748-3951577904-1002\...\0cj.net -> 0cj.net
IE restricted site: HKU\S-1-5-21-725688832-2798266748-3951577904-1002\...\0scan.com -> 0scan.com
IE restricted site: HKU\S-1-5-21-725688832-2798266748-3951577904-1002\...\1-britney-spears-nude.com -> 1-britney-spears-nude.com
IE restricted site: HKU\S-1-5-21-725688832-2798266748-3951577904-1002\...\1-domains-registrations.com -> 1-domains-registrations.com
IE restricted site: HKU\S-1-5-21-725688832-2798266748-3951577904-1002\...\1-se.com -> 1-se.com
IE restricted site: HKU\S-1-5-21-725688832-2798266748-3951577904-1002\...\1001movie.com -> 1001movie.com
There are 6091 more sites.
==================== Hosts content: =========================
(If needed Hosts: directive could be included in the fixlist to reset Hosts.)
2019-12-07 10:14 - 2019-12-07 10:12 - 000000824 ____N C:\Windows\system32\drivers\etc\hosts
2021-02-21 17:19 - 2021-02-21 17:24 - 000000436 _____ C:\Windows\system32\drivers\etc\hosts.ics
==================== Other Areas ===========================
(Currently there is no automatic fix for this section.)
HKU\S-1-5-21-725688832-2798266748-3951577904-1002\Control Panel\Desktop\\Wallpaper -> C:\Users\User\Desktop\G Alexander\Pictures\Wallpapers\grand-canyon-wallpaper.jpeg
DNS Servers: 192.168.1.1
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1)
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer => (SmartScreenEnabled: )
Windows Firewall is enabled.
==================== MSCONFIG/TASK MANAGER disabled items ==
(If an entry is included in the fixlist, it will be removed.)
MSCONFIG\Services: TeamViewer => 2
==================== FirewallRules (Whitelisted) ================
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
FirewallRules: [TCP Query User{40AAD3D7-52EA-4530-9003-E66B1236D6DA}C:\users\public\desktop\sdio_update\sdio_x64_r715.exe] => (Block) C:\users\public\desktop\sdio_update\sdio_x64_r715.exe => No File
FirewallRules: [UDP Query User{583779DC-EC42-45CC-957B-C960DC6DBFB9}C:\users\public\desktop\sdio_update\sdio_x64_r715.exe] => (Block) C:\users\public\desktop\sdio_update\sdio_x64_r715.exe => No File
FirewallRules: [{480AF5AA-9E64-4970-B285-0EBFE740668C}] => (Allow) C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation -> Mozilla Corporation)
FirewallRules: [{9E94DBE2-F11B-4B8A-A1C6-208A909E5441}] => (Allow) C:\Users\User\AppData\Roaming\Zoom\bin\Zoom.exe (Zoom Video Communications, Inc. -> Zoom Video Communications, Inc.)
FirewallRules: [{B2D7A747-9439-4460-BAA1-D025312332EE}] => (Allow) C:\Users\User\AppData\Roaming\Zoom\bin\airhost.exe => No File
FirewallRules: [{BF6E3546-FE15-4763-8C49-7FC7ACD815D2}] => (Allow) C:\Users\User\AppData\Roaming\Zoom\bin\airhost.exe => No File
FirewallRules: [{C9D8D439-F519-4BA3-A16F-20E2FB723A75}] => (Allow) C:\Program Files\WindowsApps\AppleInc.iTunes_12114.15.53119.0_x64__nzyj5cx40ttqa\iTunes.exe (Apple Inc. -> Apple Inc.)
FirewallRules: [{A1A30333-9C22-4936-A773-6C608DCB7B08}] => (Allow) C:\Program Files\WindowsApps\AppleInc.iTunes_12114.15.53119.0_x64__nzyj5cx40ttqa\iTunes.exe (Apple Inc. -> Apple Inc.)
FirewallRules: [{26679C38-AF2E-4E8D-825F-682D52DFCCFA}] => (Allow) C:\Program Files\WindowsApps\AppleInc.iTunes_12114.15.53119.0_x64__nzyj5cx40ttqa\iTunes.exe (Apple Inc. -> Apple Inc.)
FirewallRules: [{1A4F990E-B925-44BA-A75A-62DE0656B88B}] => (Allow) C:\Program Files\WindowsApps\AppleInc.iTunes_12114.15.53119.0_x64__nzyj5cx40ttqa\iTunes.exe (Apple Inc. -> Apple Inc.)
FirewallRules: [{71915E36-DA13-4E3F-9145-F82A675C5514}] => (Allow) C:\Program Files\WindowsApps\AppleInc.iTunes_12114.15.53119.0_x64__nzyj5cx40ttqa\AMDS64\AppleMobileDeviceProcess.exe (Apple Inc. -> Apple Inc.)
FirewallRules: [{59EEE163-C714-4484-920F-E3EE988DC269}] => (Allow) C:\Program Files\WindowsApps\AppleInc.iTunes_12114.15.53119.0_x64__nzyj5cx40ttqa\AMDS64\AppleMobileDeviceProcess.exe (Apple Inc. -> Apple Inc.)
FirewallRules: [{8DF63D8A-CCB0-4A69-8F24-CD05729623B4}] => (Allow) C:\Program Files\WindowsApps\AppleInc.iTunes_12114.15.53119.0_x64__nzyj5cx40ttqa\AMDS64\AppleMobileDeviceProcess.exe (Apple Inc. -> Apple Inc.)
FirewallRules: [{142802EE-21F3-4592-BD00-A5CEC25DC25B}] => (Allow) C:\Program Files\WindowsApps\AppleInc.iTunes_12114.15.53119.0_x64__nzyj5cx40ttqa\AMDS64\AppleMobileDeviceProcess.exe (Apple Inc. -> Apple Inc.)
FirewallRules: [{9C6B7C5D-2C8A-438F-8FD8-1C9716EAAE10}] => (Allow) C:\Program Files\WindowsApps\Microsoft.SkypeApp_15.75.140.0_x86__kzf8qxf38zg5c\Skype\Skype.exe (Skype Software Sarl -> Skype Technologies S.A.)
FirewallRules: [{DEBC74A2-8698-425E-A0DE-EC9F603BEEB0}] => (Allow) C:\Program Files\WindowsApps\Microsoft.SkypeApp_15.75.140.0_x86__kzf8qxf38zg5c\Skype\Skype.exe (Skype Software Sarl -> Skype Technologies S.A.)
FirewallRules: [{CFAB2553-974C-499E-A356-2E776D88098A}] => (Allow) C:\Program Files\WindowsApps\Microsoft.SkypeApp_15.75.140.0_x86__kzf8qxf38zg5c\Skype\Skype.exe (Skype Software Sarl -> Skype Technologies S.A.)
FirewallRules: [{C06B28FF-BA50-4035-92AC-9833A06254A6}] => (Allow) C:\Program Files\WindowsApps\Microsoft.SkypeApp_15.75.140.0_x86__kzf8qxf38zg5c\Skype\Skype.exe (Skype Software Sarl -> Skype Technologies S.A.)
FirewallRules: [{128FED1C-6334-4DB8-B81A-59F3429414BA}] => (Allow) C:\Program Files (x86)\TeamViewer\TeamViewer.exe (TeamViewer Germany GmbH -> TeamViewer Germany GmbH)
FirewallRules: [{4164B645-495C-41BD-8241-88CFFE900BCA}] => (Allow) C:\Program Files (x86)\TeamViewer\TeamViewer.exe (TeamViewer Germany GmbH -> TeamViewer Germany GmbH)
FirewallRules: [{E5CCF454-6AB3-432A-9C61-DC29F0D7CC81}] => (Allow) C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe (TeamViewer Germany GmbH -> TeamViewer Germany GmbH)
FirewallRules: [{08F396D9-438E-447A-8597-8A7BC7613261}] => (Allow) C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe (TeamViewer Germany GmbH -> TeamViewer Germany GmbH)
FirewallRules: [{E04B7202-E1E9-4E31-BC6C-7297DADAAF14}] => (Allow) C:\Program Files (x86)\Lenovo\System Update\uncserver.exe (Lenovo -> )
FirewallRules: [{DF6D5B10-9BB1-4B35-BF59-03DD58FC1502}] => (Allow) C:\Program Files (x86)\Lenovo\System Update\uncserver.exe (Lenovo -> )
FirewallRules: [{76A894DE-E8AD-4275-A326-D458551EA3F4}] => (Allow) C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.167.586.0_x86__zpdnekdrzrea0\Spotify.exe (Spotify AB -> Spotify Ltd)
FirewallRules: [{FDEEC526-60A7-4FBE-B7CF-5C507DB8A385}] => (Allow) C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.167.586.0_x86__zpdnekdrzrea0\Spotify.exe (Spotify AB -> Spotify Ltd)
FirewallRules: [{F4D6C89E-9B84-4FF0-B11D-C8603CD6E086}] => (Allow) C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.167.586.0_x86__zpdnekdrzrea0\Spotify.exe (Spotify AB -> Spotify Ltd)
FirewallRules: [{458D0AD2-F42A-4E03-BC6B-2C4274DEDF97}] => (Allow) C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.167.586.0_x86__zpdnekdrzrea0\Spotify.exe (Spotify AB -> Spotify Ltd)
FirewallRules: [{687FFFEC-6E61-4A3C-93F3-FE0BD9A8749C}] => (Allow) C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.167.586.0_x86__zpdnekdrzrea0\Spotify.exe (Spotify AB -> Spotify Ltd)
FirewallRules: [{C2513710-DC58-442F-858F-E83F60278E41}] => (Allow) C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.167.586.0_x86__zpdnekdrzrea0\Spotify.exe (Spotify AB -> Spotify Ltd)
FirewallRules: [{D2CB5E95-32A2-4443-9AE7-DD092C79664E}] => (Allow) C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.167.586.0_x86__zpdnekdrzrea0\Spotify.exe (Spotify AB -> Spotify Ltd)
FirewallRules: [{EA25635A-F2B8-48E4-9957-EEE2FE54F90F}] => (Allow) C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.167.586.0_x86__zpdnekdrzrea0\Spotify.exe (Spotify AB -> Spotify Ltd)
FirewallRules: [{212C1D7A-7C48-4CDC-BBE3-CAF586CC4F2D}] => (Allow) C:\Program Files\BraveSoftware\Brave-Browser\Application\brave.exe (Brave Software, Inc. -> Brave Software, Inc.)
==================== Restore Points =========================
29-08-2021 18:23:41 Scheduled Checkpoint
03-09-2021 14:12:54 Driver Booster : NVIDIA High Definition Audio
13-09-2021 12:25:57 Scheduled Checkpoint
==================== Faulty Device Manager Devices ============
==================== Event log errors: ========================
Application errors:
==================
Error: (09/11/2021 09:10:37 PM) (Source: Firefox Default Browser Agent) (EventID: 12007) (User: )
Description: Event-ID 12007
Error: (09/11/2021 09:10:37 PM) (Source: Firefox Default Browser Agent) (EventID: 0) (User: )
Description: Event-ID 0
Error: (09/11/2021 08:19:55 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: svchost.exe_BITS, version: 10.0.19041.546, time stamp: 0x058e175a
Faulting module name: qmgr.dll, version: 7.8.19041.746, time stamp: 0x73a7ab6f
Exception code: 0xc0000005
Fault offset: 0x00000000000add14
Faulting process ID: 0x2d74
Faulting application start time: 0x01d7a7281291b86a
Faulting application path: C:\Windows\System32\svchost.exe
Faulting module path: c:\windows\system32\qmgr.dll
Report ID: e40a3478-4408-4c99-b861-30fb935e243c
Faulting package full name:
Faulting package-relative application ID:
Error: (09/09/2021 04:05:37 PM) (Source: ESENT) (EventID: 455) (User: )
Description: taskhostw (12872,R,98) WebCacheLocal: Error -1032 (0xfffffbf8) occurred while opening logfile C:\Users\User\AppData\Local\Microsoft\Windows\WebCache\V01.log.
Error: (09/09/2021 04:05:36 PM) (Source: ESENT) (EventID: 490) (User: )
Description: taskhostw (12872,R,98) WebCacheLocal: An attempt to open the file "C:\Users\User\AppData\Local\Microsoft\Windows\WebCache\V01.log" for read / write access failed with system error 32 (0x00000020): "The process cannot access the file because it is being used by another process. ". The open file operation will fail with error -1032 (0xfffffbf8).
Error: (09/08/2021 03:57:54 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: CCleaner64.exe, version: 5.84.0.9143, time stamp: 0x6128cf9a
Faulting module name: CCleaner64.exe, version: 5.84.0.9143, time stamp: 0x6128cf9a
Exception code: 0xc0000409
Fault offset: 0x0000000000c4bd55
Faulting process ID: 0x50c
Faulting application start time: 0x01d7a4c1e3aa03ac
Faulting application path: C:\Program Files\CCleaner\CCleaner64.exe
Faulting module path: C:\Program Files\CCleaner\CCleaner64.exe
Report ID: 7755712e-bffb-4536-88eb-a23a4930e50c
Faulting package full name:
Faulting package-relative application ID:
Error: (09/08/2021 03:55:51 PM) (Source: ESENT) (EventID: 455) (User: )
Description: taskhostw (13308,R,98) WebCacheLocal: Error -1032 (0xfffffbf8) occurred while opening logfile C:\Users\User\AppData\Local\Microsoft\Windows\WebCache\V01.log.
Error: (09/08/2021 03:55:51 PM) (Source: ESENT) (EventID: 490) (User: )
Description: taskhostw (13308,R,98) WebCacheLocal: An attempt to open the file "C:\Users\User\AppData\Local\Microsoft\Windows\WebCache\V01.log" for read / write access failed with system error 32 (0x00000020): "The process cannot access the file because it is being used by another process. ". The open file operation will fail with error -1032 (0xfffffbf8).
System errors:
=============
Error: (09/15/2021 12:30:02 PM) (Source: Microsoft-Windows-Kernel-Power) (EventID: 137) (User: )
Description: 4
Error: (09/15/2021 08:30:28 AM) (Source: Microsoft-Windows-Kernel-Power) (EventID: 137) (User: )
Description: 4
Error: (09/14/2021 05:27:32 PM) (Source: Microsoft-Windows-Kernel-Power) (EventID: 137) (User: )
Description: 4
Error: (09/14/2021 04:12:10 PM) (Source: Microsoft-Windows-Kernel-Power) (EventID: 137) (User: )
Description: 4
Error: (09/14/2021 02:50:18 PM) (Source: Microsoft-Windows-Kernel-Power) (EventID: 137) (User: )
Description: 4
Error: (09/14/2021 02:37:18 PM) (Source: DCOM) (EventID: 10010) (User: USER-PC)
Description: The server microsoft.windowscommunicationsapps_16005.14326.20206.0_x64__8wekyb3d8bbwe!microsoft.windowslive.calendar.AppXwkn9j84yh1kvnt49k5r8h6y1ecsv09hs.mca did not register with DCOM within the required timeout.
Error: (09/14/2021 12:13:08 PM) (Source: Microsoft-Windows-Kernel-Power) (EventID: 137) (User: )
Description: 4
Error: (09/14/2021 08:55:08 AM) (Source: Microsoft-Windows-Kernel-Power) (EventID: 137) (User: )
Description: 4
Windows Defender:
================
Date: 2021-02-10 12:44:32
Description:
Microsoft Defender Antivirus scan has been stopped before completion.
Scan Type: Antimalware
Scan Parameters: Quick Scan
Date: 2021-02-08 15:04:36
Description:
Microsoft Defender Antivirus scan has been stopped before completion.
Scan Type: Antimalware
Scan Parameters: Quick Scan
Date: 2021-02-08 15:28:49
Description:
Microsoft Defender Antivirus scan has been stopped before completion.
Scan Type: Antimalware
Scan Parameters: Quick Scan
Date: 2020-07-11 16:45:16
Description:
Microsoft Defender Antivirus scan has been stopped before completion.
Scan Type: Antimalware
Scan Parameters: Quick Scan
Date: 2021-02-10 12:25:35
Description:
Microsoft Defender Antivirus has encountered an error trying to update security intelligence.
New security intelligence Version:
Previous security intelligence Version: 1.331.504.0
Update Source: Microsoft Malware Protection Center
Security intelligence Type: AntiVirus
Update Type: Full
Current Engine Version:
Previous Engine Version: 1.1.17800.5
Error code: 0x80072ee7
Error description: The server name or address could not be resolved
Date: 2021-02-10 12:25:35
Description:
Microsoft Defender Antivirus has encountered an error trying to update security intelligence.
New security intelligence Version:
Previous security intelligence Version: 1.331.504.0
Update Source: Microsoft Malware Protection Center
Security intelligence Type: AntiSpyware
Update Type: Full
Current Engine Version:
Previous Engine Version: 1.1.17800.5
Error code: 0x80072ee7
Error description: The server name or address could not be resolved
Date: 2021-02-10 12:25:35
Description:
Microsoft Defender Antivirus has encountered an error trying to update security intelligence.
New security intelligence Version:
Previous security intelligence Version: 1.331.504.0
Update Source: Microsoft Malware Protection Center
Security intelligence Type: AntiVirus
Update Type: Full
Current Engine Version:
Previous Engine Version: 1.1.17800.5
Error code: 0x80072ee7
Error description: The server name or address could not be resolved
Date: 2021-02-10 12:25:35
Description:
Microsoft Defender Antivirus has encountered an error trying to update security intelligence.
New security intelligence Version:
Previous security intelligence Version: 1.331.504.0
Update Source: Microsoft Malware Protection Center
Security intelligence Type: AntiVirus
Update Type: Full
Current Engine Version:
Previous Engine Version: 1.1.17800.5
Error code: 0x80072ee7
Error description: The server name or address could not be resolved
Date: 2021-02-10 12:25:35
Description:
Microsoft Defender Antivirus has encountered an error trying to update security intelligence.
New security intelligence Version:
Previous security intelligence Version: 1.331.504.0
Update Source: Microsoft Malware Protection Center
Security intelligence Type: AntiSpyware
Update Type: Full
Current Engine Version:
Previous Engine Version: 1.1.17800.5
Error code: 0x80072ee7
Error description: The server name or address could not be resolved
CodeIntegrity:
===============
Date: 2021-09-15 08:18:26
Description:
Code Integrity determined that a process (\Device\HarddiskVolume2\Windows\System32\SIHClient.exe) attempted to load \Device\HarddiskVolume2\Program Files\Norton Security\Engine\22.21.6.53\symamsi.dll that did not meet the Windows signing level requirements.
Date: 2021-09-14 11:30:10
Description:
Code Integrity determined that a process (\Device\HarddiskVolume2\Windows\System32\svchost.exe) attempted to load \Device\HarddiskVolume2\Program Files\Norton Security\Engine\22.21.6.53\symamsi.dll that did not meet the Windows signing level requirements.
==================== Memory info ===========================
BIOS: LENOVO 6IET68WW (1.28 ) 07/12/2010
Motherboard: LENOVO 2537VNK
Processor: Intel(R) Core(TM) i5 CPU M 540 @ 2.53GHz
Percentage of memory in use: 74%
Total physical RAM: 3955.67 MB
Available physical RAM: 1004.36 MB
Total Virtual: 5939.67 MB
Available Virtual: 1854.13 MB
==================== Drives ================================
Drive c: () (Fixed) (Total:297.54 GB) (Free:212.63 GB) NTFS
\\?\Volume{de77ec38-0000-0000-0000-100000000000}\ (System Reserved) (Fixed) (Total:0.05 GB) (Free:0.02 GB) NTFS
\\?\Volume{de77ec38-0000-0000-0016-a3654a000000}\ () (Fixed) (Total:0.5 GB) (Free:0.08 GB) NTFS
==================== MBR & Partition Table ====================
==========================================================
Disk: 0 (MBR Code: Windows 7/8/10) (Size: 298.1 GB) (Disk ID: DE77EC38)
Partition 1: (Active) - (Size=50 MB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=297.5 GB) - (Type=07 NTFS)
Partition 3: (Not Active) - (Size=515 MB) - (Type=27)
==================== End of Addition.txt =======================