1. Computer problem? Tech Support Guy is completely free -- paid for by advertisers and donations. Click here to join today! If you're new to Tech Support Guy, we highly recommend that you visit our Guide for New Members.

Solved menny thanks invader

Discussion in 'Virus & Other Malware Removal' started by americamba, Sep 5, 2019.

Thread Status:
Not open for further replies.
Advertisement
  1. americamba

    americamba Thread Starter

    Joined:
    Nov 21, 2002
    Messages:
    685
    Tech Support Guy System Info Utility version 1.0.0.4
    OS Version: Microsoft Windows 10 Home, 64 bit
    Processor: Intel(R) Core(TM) i3-5020U CPU @ 2.20GHz, Intel64 Family 6 Model 61 Stepping 4
    Processor Count: 4
    RAM: 8097 Mb
    Graphics Card: Intel(R) HD Graphics 5500, 1024 Mb
    Hard Drives: C: 419 GB (215 GB Free); D: 24 GB (24 GB Free); F: 1863 GB (0 GB Free);
    Motherboard: LENOVO, Lenovo Edge 15
    Antivirus: Avast Antivirus, Enabled and Updated

    A phony browser or whatever it is (go.mennythanksDOTcom)

    messes up my search and slows me down. How to get rid of it? thanks
     
  2. iMacg3

    iMacg3 Malware Specialist

    Joined:
    Nov 3, 2018
    Messages:
    777
    Hi americamba, welcome to the Tech Support Guy malware removal forum.

    I am iMacg3 and will be helping you with your computer problems.

    Please keep the following information in mind before we begin:
    • Back up any important data before we continue.
      • Back up any important data on your computer to external media. I will not knowingly suggest any steps that will damage your computer; however, malware infections are often unpredictable and it may be necessary to reformat and reinstall your operating system depending on the infection.
    • Do not install any new software or run any fixes/tools on your system unless I request that you do so.
      • Running additional tools on your system can interfere with the clean-up process, or cause issues such as false positives.
    • Please read all instructions carefully, and complete them in the order listed.
      • Items that are especially important will be highlighted in bold or red.
    • If your computer seems to start working normally, please don't abandon the topic.
      • Even if your system is behaving normally, there may still be some malware remnants left over. Additionally, malware can re-infect the computer if some remnants are left. Therefore, please complete all requested steps to make sure any malware is successfully eradicated from your PC.
    • If you have pirated or illegal software on your computer, uninstall it now before proceeding.
      • Using pirated/cracked software is an easy way to infect your computer - almost as easy as intentionally downloading malware. Therefore, please remove any, if present, before we begin the clean-up.
    • If you have questions at any time during the cleanup, feel free to ask.

    ---------------------------------------------------
    Farbar Recovery Scan Tool (FRST)

    Download Farbar Recovery Scan Tool and save it to your desktop.

    Note: You need to run the version compatible with your system. If you are not sure which version applies to your system, download both of them and try to run them. Only one of them will run on your system, and that will be the right version.
    • Right-click FRST.exe/FRST64.exe then click "Run as administrator"
    • When the tool opens, click Yes to the disclaimer.
    • Press the Scan button.
    • When finished, it will produce logs called FRST.txt and Addition.txt in the same directory the tool was run from.
    • Please copy and paste the logs in your next reply.
    ---------------------------------------------------

    In your next reply, please include:
    • FRST.txt
    • Addition.txt
     
    americamba likes this.
  3. americamba

    americamba Thread Starter

    Joined:
    Nov 21, 2002
    Messages:
    685
    Frst64 gets flagged as dangerous. I trusted it since it is recommended on techguy. I hit the .exe file but and windows insists I stay away from it. I have deleted the download. Waddawedo? thanks, Frank
     
  4. iMacg3

    iMacg3 Malware Specialist

    Joined:
    Nov 3, 2018
    Messages:
    777
    Hi americamba,

    This is a false positive by Windows Defender - FRST is not infected/malicious. If asked to allow FRST to run, click More Info > Run Anyway.
     
    americamba likes this.
  5. americamba

    americamba Thread Starter

    Joined:
    Nov 21, 2002
    Messages:
    685
    how's this? Hope it helps. I'm fed up with that intrusive mess. thanks
     

    Attached Files:

  6. iMacg3

    iMacg3 Malware Specialist

    Joined:
    Nov 3, 2018
    Messages:
    777
    Hi americamba,

    Do you recognize this registry entry?

    ---------------------------------------------------

    The Addition.txt log is incomplete. Please delete both FRST.txt and Addition.txt from your Downloads folder, run a new scan with FRST, and post the Addition.txt log in your reply.

    ---------------------------------------------------
    Uninstall Chrome Extension(s)

    • Open Google Chrome. Type chrome://extensions in the address bar and press Enter.
    • Click the trash can icon next to the following extension(s):
    • A confirmation dialog will appear. Click Remove.

    ---------------------------------------------------
    Farbar Recovery Scan Tool - Fix

    • Highlight the contents of the below code box and press Ctrl + C on your keyboard:
      Code:
      Start::
      SystemRestore: On
      CreateRestorePoint:
      EmptyTemp:
      CloseProcesses:
      HKLM Group Policy restriction on software: %systemroot%\system32\mrt.exe <==== ATTENTION
      HKU\S-1-5-21-614755349-3072655537-2205226653-1001\...\Run: [Chromium] => c:\users\cicci\appdata\local\chromium\application\chrome.exe [1053184 2016-03-09] (The Chromium Authors) [File not signed]
      HKU\S-1-5-21-614755349-3072655537-2205226653-1001\...\Run: [AppSync] => C:\Users\cicci\AppData\Roaming\AppSync\AppSync.exe [4136912 2018-09-05] (Meme Video Ltd -> )
      HKU\S-1-5-21-614755349-3072655537-2205226653-1001\...\MountPoints2: {1a65ee34-017b-11e6-9d8e-48e244e17c66} - "F:\LaunchU3.exe" -a
      FF HKLM\SOFTWARE\Policies\Mozilla\Firefox: Restriction <==== ATTENTION
      Task: {B04EBA97-598C-4625-B665-4811420971BF} - System32\Tasks\{DC6A1702-3DDF-4D9E-8B85-FFE0877A0F9F} => C:\WINDOWS\system32\pcalua.exe -a G:\ACMSETUP.EXE -d G:\
      Task: {EE7A555A-82C4-41A7-9AC1-35E97F435DB2} - \Microsoft\Windows\UNP\RunCampaignManager -> No File <==== ATTENTION
      Tcpip\..\Interfaces\{02b7f6ab-ca0f-407b-8731-dcb7b8aa4681}: [DhcpNameServer] 82.163.143.171
      HKU\S-1-5-21-614755349-3072655537-2205226653-1001\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://go.mennythanks.com/?47A0ADEE59BE36E9E8D9B111EE28E154=H1xAXFBMX11bUFQEEUleSAoRAjMIEFJfXlBLXVBDXV1dUUNdUkBeSA4MGwhcNikrKScwKidEX15YUUQoVTk2WioyQCFRJiteX1lHWVUxKlleVjZVUzFe
      FF HKLM\...\Firefox\Extensions: [[email protected]] - C:\Program Files\AVAST Software\Avast\pam\FF => not found
      FF HKLM-x32\...\Firefox\Extensions: [[email protected]] - C:\Program Files\AVAST Software\Avast\pam\FF => not found
      CHR Profile: C:\Users\cicci\AppData\Local\Google\Chrome\User Data\System Profile [2019-08-31]
      CHR HKLM\...\Chrome\Extension: [olojcnagmcbplpdddabmpfehhlleobpb] - hxxps://clients2.google.com/service/update2/crx
      CHR HKU\S-1-5-21-614755349-3072655537-2205226653-1001\SOFTWARE\Google\Chrome\Extensions\...\Chrome\Extension: [olojcnagmcbplpdddabmpfehhlleobpb] - hxxps://clients2.google.com/service/update2/crx
      CHR HKLM-x32\...\Chrome\Extension: [efaidnbmnnnibpcajpcglclefindmkaj] - C:\Program Files (x86)\Adobe\Acrobat 11.0\Acrobat\Browser\WCChromeExtn\WCChromeExtn.crx [2016-06-23]
      CHR HKLM-x32\...\Chrome\Extension: [eofcbnmajmjmplflapaojjnihcjkigck] - C:\Program Files\AVAST Software\Avast\WebRep\Chrome\aswWebRepChromeSp.crx <not found>
      CHR HKLM-x32\...\Chrome\Extension: [gomekmidlodglbbmalcneegieacbdmki] - C:\Program Files\AVAST Software\Avast\WebRep\Chrome\aswWebRepChrome.crx <not found>
      CHR HKLM-x32\...\Chrome\Extension: [olojcnagmcbplpdddabmpfehhlleobpb] - hxxps://clients2.google.com/service/update2/crx
      CustomCLSID: HKU\S-1-5-21-614755349-3072655537-2205226653-1001_Classes\CLSID\{cece6816-6107-4dc7-bdbc-20cd5ae1ffed}\localserver32 -> C:\ProgramData\Lenovo\ImController\Plugins\LenovoAppPromotionPlugin\x64\DesktopToastsHelper.exe => No File
      ContextMenuHandlers5: [igfxcui] -> {3AB1675A-CCFF-11D2-8B20-00A0C93CB1F4} =>  -> No File
      c:\users\cicci\appdata\local\chromium
      C:\Users\cicci\AppData\Roaming\AppSync
      CMD: ipconfig /flushdns
      CMD: ipconfig /release
      CMD: ipconfig /renew
      CMD: netsh advfirewall reset
      CMD: netsh advfirewall set allprofiles state ON
      CMD: netsh winsock reset 
      CMD: netsh int ip reset c:\resetlog.txt
      CMD: netsh int ipv4 reset
      CMD: netsh int ipv6 reset
      Removeproxy:
      CMD: Bitsadmin /Reset /Allusers
      End::
    NOTICE: This script was written specifically for this user, for use on that particular machine. Running this on another machine may cause damage to your operating system
    • Double-click FRST.exe/FRST64.exe to run it.
    • Press the Fix button just once and wait.
    • Restart the computer if prompted.
    • When the fix is complete FRST will generate a log in the same location it was run from (Fixlog.txt)
    • Please copy and paste its contents into your reply.

    ---------------------------------------------------

    In your next reply, please include:
    • Fixlog.txt
    • Addition.txt from new FRST scan
     
    americamba likes this.
  7. americamba

    americamba Thread Starter

    Joined:
    Nov 21, 2002
    Messages:
    685
    1. I don't recognize the registry entry you ask about.
    2. When do I do these steps?
    ---------------------------------------------------
    Uninstall Chrome Extension(s)
    Farbar Recovery Scan Tool - Fix
     

    Attached Files:

  8. iMacg3

    iMacg3 Malware Specialist

    Joined:
    Nov 3, 2018
    Messages:
    777
    Hi americamba,

    Thanks for the new FRST Logs. Please do the following:

    ---------------------------------------------------
    Uninstall Chrome Extension(s)

    • Open Google Chrome. Type chrome://extensions in the address bar and press Enter.
    • Click the trash can icon next to the following extension(s):
    • A confirmation dialog will appear. Click Remove.

    ---------------------------------------------------
    Farbar Recovery Scan Tool - Fix

    • Highlight the contents of the below code box and press Ctrl + C on your keyboard:
      Code:
      Start::
      CreateRestorePoint:
      EmptyTemp:
      CloseProcesses:
      HKU\S-1-5-21-614755349-3072655537-2205226653-1001\...\Policies\Explorer: [NoInternetOpenWith] 1
      HKLM Group Policy restriction on software: %systemroot%\system32\mrt.exe <==== ATTENTION
      HKU\S-1-5-21-614755349-3072655537-2205226653-1001\...\Run: [Chromium] => c:\users\cicci\appdata\local\chromium\application\chrome.exe [1053184 2016-03-09] (The Chromium Authors) [File not signed]
      HKU\S-1-5-21-614755349-3072655537-2205226653-1001\...\Run: [AppSync] => C:\Users\cicci\AppData\Roaming\AppSync\AppSync.exe [4136912 2018-09-05] (Meme Video Ltd -> )
      HKU\S-1-5-21-614755349-3072655537-2205226653-1001\...\MountPoints2: {1a65ee34-017b-11e6-9d8e-48e244e17c66} - "F:\LaunchU3.exe" -a
      FF HKLM\SOFTWARE\Policies\Mozilla\Firefox: Restriction <==== ATTENTION
      Task: {B04EBA97-598C-4625-B665-4811420971BF} - System32\Tasks\{DC6A1702-3DDF-4D9E-8B85-FFE0877A0F9F} => C:\WINDOWS\system32\pcalua.exe -a G:\ACMSETUP.EXE -d G:\
      Task: {EE7A555A-82C4-41A7-9AC1-35E97F435DB2} - \Microsoft\Windows\UNP\RunCampaignManager -> No File <==== ATTENTION
      Tcpip\..\Interfaces\{02b7f6ab-ca0f-407b-8731-dcb7b8aa4681}: [DhcpNameServer] 82.163.143.171
      HKU\S-1-5-21-614755349-3072655537-2205226653-1001\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://go.mennythanks.com/?47A0ADEE59BE36E9E8D9B111EE28E154=H1xAXFBMX11bUFQEEUleSAoRAjMIEFJfXlBLXVBDXV1dUUNdUkBeSA4MGwhcNikrKScwKidEX15YUUQoVTk2WioyQCFRJiteX1lHWVUxKlleVjZVUzFe
      FF HKLM\...\Firefox\Extensions: [[email protected]] - C:\Program Files\AVAST Software\Avast\pam\FF => not found
      FF HKLM-x32\...\Firefox\Extensions: [[email protected]] - C:\Program Files\AVAST Software\Avast\pam\FF => not found
      CHR Profile: C:\Users\cicci\AppData\Local\Google\Chrome\User Data\System Profile [2019-08-31]
      CHR HKLM\...\Chrome\Extension: [olojcnagmcbplpdddabmpfehhlleobpb] - hxxps://clients2.google.com/service/update2/crx
      CHR HKU\S-1-5-21-614755349-3072655537-2205226653-1001\SOFTWARE\Google\Chrome\Extensions\...\Chrome\Extension: [olojcnagmcbplpdddabmpfehhlleobpb] - hxxps://clients2.google.com/service/update2/crx
      CHR HKLM-x32\...\Chrome\Extension: [efaidnbmnnnibpcajpcglclefindmkaj] - C:\Program Files (x86)\Adobe\Acrobat 11.0\Acrobat\Browser\WCChromeExtn\WCChromeExtn.crx [2016-06-23]
      CHR HKLM-x32\...\Chrome\Extension: [eofcbnmajmjmplflapaojjnihcjkigck] - C:\Program Files\AVAST Software\Avast\WebRep\Chrome\aswWebRepChromeSp.crx <not found>
      CHR HKLM-x32\...\Chrome\Extension: [gomekmidlodglbbmalcneegieacbdmki] - C:\Program Files\AVAST Software\Avast\WebRep\Chrome\aswWebRepChrome.crx <not found>
      CHR HKLM-x32\...\Chrome\Extension: [olojcnagmcbplpdddabmpfehhlleobpb] - hxxps://clients2.google.com/service/update2/crx
      CustomCLSID: HKU\S-1-5-21-614755349-3072655537-2205226653-1001_Classes\CLSID\{cece6816-6107-4dc7-bdbc-20cd5ae1ffed}\localserver32 -> C:\ProgramData\Lenovo\ImController\Plugins\LenovoAppPromotionPlugin\x64\DesktopToastsHelper.exe => No File
      ContextMenuHandlers5: [igfxcui] -> {3AB1675A-CCFF-11D2-8B20-00A0C93CB1F4} =>  -> No File
      AlternateDataStreams: C:\ProgramData\Temp:0FF263E8 [255]
      c:\users\cicci\appdata\local\chromium
      C:\Users\cicci\AppData\Roaming\AppSync
      CMD: ipconfig /flushdns
      CMD: ipconfig /release
      CMD: ipconfig /renew
      CMD: netsh advfirewall reset
      CMD: netsh advfirewall set allprofiles state ON
      CMD: netsh winsock reset 
      CMD: netsh int ip reset c:\resetlog.txt
      CMD: netsh int ipv4 reset
      CMD: netsh int ipv6 reset
      Removeproxy:
      CMD: Bitsadmin /Reset /Allusers
      End::
      
    NOTICE: This script was written specifically for this user, for use on that particular machine. Running this on another machine may cause damage to your operating system
    • Double-click FRST.exe/FRST64.exe to run it.
    • Press the Fix button just once and wait.
    • Restart the computer if prompted.
    • When the fix is complete FRST will generate a log in the same location it was run from (Fixlog.txt)
    • Please copy and paste its contents into your reply.

    ---------------------------------------------------
    AdwCleaner

    Download AdwCleaner and save it to your desktop.
    • Double click AdwCleaner.exe to run it.
    • Click Scan Now ...
      • When the scan has finished a Scan Results window will open.
      • Click Cancel (at this point do not attempt to Quarantine anything that is found)
    • Now click the Log Files tab ...
      • Double click on the latest scan log (Scan logs have a [S0*] suffix, where * is replaced by a number, the latest scan will have the largest number)
      • A Notepad file will open containing the results of the scan.
      • Please post the contents of the file in your next reply.

    ---------------------------------------------------

    In your next reply, please include:
    • Fixlog.txt
    • AdwCleaner[S0*].txt
    • Let me know how the computer is doing.
     
    americamba likes this.
  9. americamba

    americamba Thread Starter

    Joined:
    Nov 21, 2002
    Messages:
    685
    I went too fast and quarantined what came up. Is that fatal? sorry for being a klutz. Thanks for your help.
     

    Attached Files:

  10. iMacg3

    iMacg3 Malware Specialist

    Joined:
    Nov 3, 2018
    Messages:
    777
    Hi americamba,

    Please post the contents of the AdwCleaner Clean log:

    • Double click AdwCleaner.exe to run it.
    • Click the Log Files tab ...
    • Double click on the latest Clean log (Clean logs have a [C0*] suffix, where * is replaced by a number, the latest scan will have the largest number)
    • A Notepad file will open containing the results of the removal.
    • Please post the contents of the file in your next reply.
     
    americamba likes this.
  11. americamba

    americamba Thread Starter

    Joined:
    Nov 21, 2002
    Messages:
    685
    here goes latest AdwCleaner log, thanks
     

    Attached Files:

  12. iMacg3

    iMacg3 Malware Specialist

    Joined:
    Nov 3, 2018
    Messages:
    777
    Hi americamba,

    Please run a new FRST scan and copy/paste both reports to your reply.
     
    americamba likes this.
  13. americamba

    americamba Thread Starter

    Joined:
    Nov 21, 2002
    Messages:
    685
    Here's the latest: First FRST.txt and then addition.txt attached. The interface form did not let me copy and paste both because it was more than the limit of characters. I hope this works for you. Thanks, Frank

    Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 14-09-2019
    Ran by cicci (administrator) on LAPTOP-98HKSQO1 (LENOVO 80K9) (17-09-2019 23:47:43)
    Running from C:\Users\cicci\Downloads
    Loaded Profiles: cicci (Available Profiles: cicci)
    Platform: Windows 10 Home Version 1809 17763.737 (X64) Language: English (United States)
    Default browser: Chrome
    Boot Mode: Normal
    Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/
    ==================== Processes (Whitelisted) =================
    (If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
    (AVAST Software s.r.o. -> AVAST Software) C:\Program Files (x86)\AVAST Software\Avast Cleanup\TuneupSvc.exe
    (AVAST Software s.r.o. -> AVAST Software) C:\Program Files\AVAST Software\Avast\aswidsagent.exe
    (AVAST Software s.r.o. -> AVAST Software) C:\Program Files\AVAST Software\Avast\AvastSvc.exe
    (AVAST Software s.r.o. -> AVAST Software) C:\Program Files\AVAST Software\Avast\AvastUI.exe
    (Google Inc -> Google LLC) C:\Program Files (x86)\Google\Update\1.3.34.11\GoogleCrashHandler.exe
    (Google Inc -> Google LLC) C:\Program Files (x86)\Google\Update\1.3.34.11\GoogleCrashHandler64.exe
    (Lenovo -> Lenovo Group Ltd.) C:\Program Files (x86)\Lenovo\ImController\PluginHost\Lenovo.Modern.ImController.PluginHost.CompanionApp.exe
    (Lenovo -> Lenovo Group Ltd.) C:\Program Files (x86)\Lenovo\ImController\PluginHost\Lenovo.Modern.ImController.PluginHost.Device.exe
    (Lenovo -> Lenovo Group Ltd.) C:\Program Files\Lenovo\ImController\PluginHost\Lenovo.Modern.ImController.PluginHost.CompanionApp.exe
    (Lenovo -> Lenovo Group Ltd.) C:\Program Files\Lenovo\ImController\PluginHost\Lenovo.Modern.ImController.PluginHost.SettingsApp.exe
    (Lenovo -> Lenovo Group Ltd.) C:\Program Files\Lenovo\ImController\Service\Lenovo.Modern.ImController.exe
    (LENOVO -> Lenovo) C:\Program Files (x86)\Lenovo\GDCAgentSetupRed\GDCAgent.exe
    (McAfee, Inc. -> McAfee, Inc.) C:\Program Files\TrueKey\McAfee.TrueKey.Service.exe
    (Microsoft Corporation -> Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v3.0\WPF\PresentationFontCache.exe
    (Microsoft Corporation -> Microsoft Corporation) C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe
    (Microsoft Corporation) C:\Program Files\WindowsApps\Microsoft.Windows.Photos_2019.19061.18920.0_x64__8wekyb3d8bbwe\Microsoft.Photos.exe
    (Microsoft Corporation) C:\Program Files\WindowsApps\Microsoft.YourPhone_1.19082.1006.0_x64__8wekyb3d8bbwe\YourPhone.exe
    (Microsoft Windows -> Microsoft Corporation) C:\Windows\ImmersiveControlPanel\SystemSettings.exe
    (Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\browser_broker.exe
    (Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\dllhost.exe
    (Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\dllhost.exe
    (Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\Locator.exe
    (Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\MicrosoftEdgeCP.exe
    (Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\MicrosoftEdgeSH.exe
    (Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\PrintIsolationHost.exe
    (Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\smartscreen.exe
    (Microsoft Windows -> Microsoft Corporation) C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\RemindersServer.exe
    (Mozilla Corporation -> Mozilla Corporation) C:\Program Files (x86)\Mozilla Thunderbird\thunderbird.exe
    (Paramount Software UK Ltd -> Paramount Software UK Ltd) C:\Program Files\Macrium\Common\MacriumService.exe
    (Paramount Software UK Ltd -> Paramount Software UK Ltd) C:\Program Files\Macrium\Common\ReflectMonitor.exe
    (Paramount Software UK Ltd -> Paramount Software UK Ltd) C:\Program Files\Macrium\Common\ReflectUI.exe
    (Piriform Software Ltd -> Piriform Ltd) C:\Program Files\CCleaner\CCleaner64.exe
    (Skype) C:\Program Files\WindowsApps\Microsoft.SkypeApp_14.51.72.0_x64__kzf8qxf38zg5c\SkypeApp.exe
    (Skype) C:\Program Files\WindowsApps\Microsoft.SkypeApp_14.51.72.0_x64__kzf8qxf38zg5c\SkypeBackgroundHost.exe
    (Skype) C:\Program Files\WindowsApps\Microsoft.SkypeApp_14.51.72.0_x64__kzf8qxf38zg5c\SkypeBridge\SkypeBridge.exe
    ==================== Registry (Whitelisted) ===========================
    (If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
    HKLM\...\Run: [RtHDVCpl] => C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [13876952 2015-04-13] (Realtek Semiconductor Corp -> Realtek Semiconductor)
    HKLM\...\Run: [RtHDVBg_Dolby] => C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe [1393880 2015-04-28] (Realtek Semiconductor Corp -> Realtek Semiconductor)
    HKLM\...\Run: [RtHDVBg_LENOVO_DOLBYDRAGON] => C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe [1393880 2015-04-28] (Realtek Semiconductor Corp -> Realtek Semiconductor)
    HKLM\...\Run: [RtHDVBg_LENOVO_MICPKEY] => C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe [1393880 2015-04-28] (Realtek Semiconductor Corp -> Realtek Semiconductor)
    HKLM\...\Run: [IAStorIcon] => C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe [322472 2015-07-27] (Intel Corporation - Rapid Storage Technology -> Intel Corporation)
    HKLM\...\Run: [Bluetooth] => C:\Program Files\Lenovo\Bluetooth Software\bttray.exe [535808 2015-07-08] (Broadcom Corporation -> Broadcom Corporation.)
    HKLM\...\Run: [AvastUI.exe] => C:\Program Files\AVAST Software\Avast\AvLaunch.exe [268680 2019-09-09] (AVAST Software s.r.o. -> AVAST Software)
    HKLM\...\Run: [LenovoUtility] => C:\ProgramData\Lenovo\ImController\Plugins\IdeaOSDPackage\x64\utility.exe [911272 2017-07-27] (LENOVO -> Lenovo(beijing) Limited)
    HKLM\...\Run: [AdobeAAMUpdater-1.0] => C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe [508128 2016-01-07] (Adobe Systems Incorporated -> Adobe Systems Incorporated)
    HKLM\...\Run: [AdobeGCInvoker-1.0] => C:\Program Files (x86)\Common Files\Adobe\AdobeGCClient\AGCInvokerUtility.exe [2849872 2019-07-04] (Adobe Inc. -> Adobe Systems, Incorporated)
    HKLM\...\Run: [Logitech Download Assistant] => C:\Windows\System32\LogiLDA.dll [3942864 2016-10-13] (Logitech -> Logitech, Inc.)
    HKLM\...\Run: [Reflect UI] => C:\Program Files\Macrium\Common\ReflectUI.exe [6523224 2019-08-20] (Paramount Software UK Ltd -> Paramount Software UK Ltd)
    HKLM-x32\...\Run: [WD Quick View] => C:\Program Files (x86)\Western Digital\WD Quick View\WDDMStatus.exe [5571944 2016-04-19] (WESTERN DIGITAL TECHNOLOGIES -> Western Digital Technologies, Inc.)
    HKLM-x32\...\Run: [ISUSPM] => C:\ProgramData\FLEXnet\Connect\11\\isuspm.exe [2068856 2011-10-12] (Flexera Software LLC -> Flexera Software LLC.)
    HKLM-x32\...\Run: [Dropbox] => C:\Program Files (x86)\Dropbox\Client\Dropbox.exe [4050752 2019-01-08] (Dropbox, Inc -> Dropbox, Inc.)
    HKLM-x32\...\Run: [Acrobat Assistant 8.0] => C:\Program Files (x86)\Adobe\Acrobat 11.0\Acrobat\Acrotray.exe [3498720 2016-06-23] (Adobe Systems, Incorporated -> Adobe Systems Inc.)
    HKU\S-1-5-21-614755349-3072655537-2205226653-1001\...\Run: [Adobe Acrobat Synchronizer] => C:\Program Files (x86)\Adobe\Acrobat 11.0\Acrobat\AdobeCollabSync.exe [762080 2016-06-23] (Adobe Systems, Incorporated -> Adobe Systems Incorporated)
    HKU\S-1-5-21-614755349-3072655537-2205226653-1001\...\Run: [ISUSPM] => C:\ProgramData\FLEXnet\Connect\11\ISUSPM.exe [2068856 2011-10-12] (Flexera Software LLC -> Flexera Software LLC.)
    HKU\S-1-5-21-614755349-3072655537-2205226653-1001\...\Run: [CCleaner] => C:\Program Files\CCleaner\CCleaner64.exe [22714912 2019-08-15] (Piriform Software Ltd -> Piriform Ltd)
    HKU\S-1-5-21-614755349-3072655537-2205226653-1001\...\Run: [CCleaner Smart Cleaning] => C:\Program Files\CCleaner\CCleaner64.exe [22714912 2019-08-15] (Piriform Software Ltd -> Piriform Ltd)
    HKLM\...\Drivers32: [msacm.pspgru] => C:\Windows\SysWOW64\pspgru.acm [401920 2010-03-22] (Philips Austria GmbH - Speech Processing) [File not signed]
    HKLM\...\Drivers32: [msacm.voxacm160] => C:\Windows\SysWOW64\vct3216.acm [82944 2003-05-21] (Voxware, Inc.) [File not signed]
    HKLM\...\Drivers32: [msacm.scg726] => C:\Windows\SysWOW64\scg726.acm [13239 2000-03-14] (SHARP Corporation) [File not signed]
    HKLM\...\Drivers32: [msacm.alf2cd] => C:\Windows\SysWOW64\alf2cd.acm [38912 2003-05-21] (NCT Company) [File not signed]
    HKLM\...\Drivers32: [msacm.ac3acm] => C:\Windows\SysWOW64\AC3ACM.acm [81920 2004-02-04] (fccHandler) [File not signed]
    HKLM\...\Drivers32: [msacm.lame] => C:\Windows\SysWOW64\lame.ax [245760 2005-08-01] () [File not signed]
    HKLM\...\Drivers32: [vidc.dvsd] => C:\Windows\SysWOW64\mcdvd_32.dll [261632 2003-05-21] (MainConcept) [File not signed]
    HKLM\...\Drivers32: [vidc.mpg4] => C:\Windows\SysWOW64\mpg4c32.dll [413760 2002-08-20] (Microsoft Corporation) [File not signed]
    HKLM\...\Drivers32: [vidc.mp42] => C:\Windows\SysWOW64\mpg4c32.dll [413760 2002-08-20] (Microsoft Corporation) [File not signed]
    HKLM\...\Drivers32: [vidc.mp43] => C:\Windows\SysWOW64\mpg4c32.dll [413760 2002-08-20] (Microsoft Corporation) [File not signed]
    HKLM\...\Drivers32: [vidc.xvid] => C:\Windows\SysWOW64\xvidvfw.dll [139264 2004-07-03] () [File not signed]
    HKLM\...\Drivers32: [vidc.DIVX] => C:\Windows\SysWOW64\DivX.dll [638976 2003-05-22] (DivXNetworks, Inc.) [File not signed]
    HKLM\...\Drivers32: [vidc.VP60] => C:\Windows\SysWOW64\vp6vfw.dll [438272 2004-12-10] (On2.com) [File not signed]
    HKLM\...\Drivers32: [vidc.VP61] => C:\Windows\SysWOW64\vp6vfw.dll [438272 2004-12-10] (On2.com) [File not signed]
    HKLM\...\Drivers32: [vidc.VP62] => C:\Windows\SysWOW64\vp6vfw.dll [438272 2004-12-10] (On2.com) [File not signed]
    HKLM\...\Drivers32: [vidc.LAGS] => C:\Windows\SysWOW64\lagarith.dll [216064 2011-12-07] ( ) [File not signed]
    HKLM\Software\Microsoft\Active Setup\Installed Components: [{8A69D345-D564-463c-AFF1-A69D9E530F96}] -> C:\Program Files (x86)\Google\Chrome\Application\76.0.3809.132\Installer\chrmstp.exe [2019-08-26] (Google LLC -> Google LLC)
    HKLM\Software\...\Authentication\Credential Providers: [{50968FF7-10C1-4fb3-98B0-CD654D6CB97E}] -> C:\Program Files\Lenovo\Bluetooth Software\\BtwCP.dll [2015-07-08] (Broadcom Corporation -> Broadcom Corporation.)
    HKLM\Software\...\Authentication\Credential Providers: [{B7724AE5-1135-4889-8A5F-CA98BE6CA1ED}] -> C:\Program Files\TrueKey\McAfee.TrueKey.CredentialProvider.dll [2016-07-14] (McAfee, Inc. -> McAfee, Inc.)
    Lsa: [Notification Packages] scecli C:\Program Files\TrueKey\McAfeeTrueKeyPasswordFilter
    Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Avast Cleanup Premium.lnk [2018-07-09]
    ShortcutTarget: Avast Cleanup Premium.lnk -> C:\Program Files (x86)\AVAST Software\Avast Cleanup\TuneupUI.exe (AVAST Software s.r.o. -> AVAST Software)
    FF HKLM\SOFTWARE\Policies\Mozilla\Firefox: Restriction <==== ATTENTION
    ==================== Scheduled Tasks (Whitelisted) =============
    (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
    Task: {01C8C138-83B6-473D-90E7-512F3403D937} - System32\Tasks\Lenovo\SHPrompt => C:\Program Files (x86)\Lenovo\SHAREit\ShareitPrompt.exe [829344 2015-07-12] (LENOVO -> )
    Task: {01FCB817-E2C1-4528-85BE-9ED3B222CDB6} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [154440 2016-04-14] (Google Inc -> Google Inc.)
    Task: {1361CBB1-BEB7-4FB5-97EB-8C8B5BD2ECC5} - System32\Tasks\Lenovo\Experience Improvement => C:\Program Files\Lenovo\ExperienceImprovement\LenovoExperienceImprovement.exe [287688 2016-04-12] (LENOVO -> Lenovo)
    Task: {18FC707E-CD67-4C86-9C75-16DCE7B93C87} - System32\Tasks\AvastUpdateTaskMachineUA => C:\Program Files (x86)\AVAST Software\Browser\Update\AvastBrowserUpdate.exe
    Task: {2325FBA3-F8B0-43F3-9E18-0449C38608F9} - System32\Tasks\DropboxUpdateTaskMachineUA => C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe [143144 2016-12-24] (Dropbox, Inc -> Dropbox, Inc.)
    Task: {236DF1A9-EF55-4078-BA5C-2524850DD93F} - System32\Tasks\Microsoft\Office\OfficeTelemetryAgentLogOn => C:\Program Files\Microsoft Office\Office15\msoia.exe [376496 2014-01-23] (Microsoft Corporation -> Microsoft Corporation)
    Task: {293CC32A-6CAB-4075-B539-26E7F5C4C11B} - System32\Tasks\Adobe Flash Player Updater => C:\WINDOWS\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [335416 2019-05-08] (Adobe Inc. -> Adobe)
    Task: {31EF5C06-53F8-4741-9461-E1F88FFB38F1} - System32\Tasks\AVAST Software\Avast settings backup => C:\Program Files\Common Files\AV\avast! Antivirus\backup.exe
    Task: {3E075D8F-1902-4D19-A29C-66AAAEE24EA4} - System32\Tasks\Lenovo\SHUpdate => C:\Program Files (x86)\Lenovo\SHAREit\ShareitUpdater.exe [808352 2015-07-12] (LENOVO -> )
    Task: {3FDDB5C8-89E1-4932-BC9A-E24C980145D5} - System32\Tasks\Lenovo\ImController\TimeBasedEvents\3ebcad7b-819a-4b86-919b-388bc79eee73 => C:\Program Files\Lenovo\ImController\Service\Lenovo.Modern.ImController.exe [76968 2019-04-24] (Lenovo -> Lenovo Group Ltd.)
    Task: {46B40CB3-2D8C-4E9D-9AD7-05E8E51F3DA0} - System32\Tasks\CCleanerSkipUAC => C:\Program Files\CCleaner\CCleaner.exe [16585328 2019-08-15] (Piriform Software Ltd -> Piriform Ltd)
    Task: {4D340A51-2F90-4445-BD21-255709789DB7} - System32\Tasks\Lenovo\ImController\Lenovo iM Controller Monitor => C:\WINDOWS\system32\ImController.InfInstaller.exe [54440 2019-04-24] (Lenovo -> Lenovo Group Ltd.)
    Task: {56040261-4A26-4F55-AEDB-B0E8FBC5750F} - System32\Tasks\[email protected] => C:\Program Files (x86)\Common Files\Adobe\AdobeGCClient\AGCInvokerUtility.exe [2849872 2019-07-04] (Adobe Inc. -> Adobe Systems, Incorporated)
    Task: {5F647801-929F-4AD3-ABC0-9C7DE8D00ABC} - System32\Tasks\G2MUpdateTask-S-1-5-21-614755349-3072655537-2205226653-1001 => C:\Users\cicci\AppData\Local\GoToMeeting\14172\g2mupdate.exe [32256 2019-08-24] (LogMeIn, Inc. -> LogMeIn, Inc.)
    Task: {68A97972-AD3B-47A1-ACD4-15C2A47C5250} - System32\Tasks\Lenovo\ImController\TimeBasedEvents\3b52b80a-0c8b-4459-9fbc-f57d34cdc4c5 => C:\Program Files\Lenovo\ImController\Service\Lenovo.Modern.ImController.exe [76968 2019-04-24] (Lenovo -> Lenovo Group Ltd.)
    Task: {6C8DF329-75C5-4D68-ADC4-FD087D34E977} - System32\Tasks\Lenovo\ImController\TimeBasedEvents\b8e2438e-c073-4f9b-a0a2-6a9de38dab44 => C:\Program Files\Lenovo\ImController\Service\Lenovo.Modern.ImController.exe [76968 2019-04-24] (Lenovo -> Lenovo Group Ltd.)
    Task: {6E611188-260E-4912-85E8-42407D9AD34F} - System32\Tasks\Adobe Flash Player NPAPI Notifier => C:\WINDOWS\SysWOW64\Macromed\Flash\FlashUtil32_32_0_0_171_Plugin.exe [1456696 2019-05-08] (Adobe Inc. -> Adobe)
    Task: {786371B4-291E-424D-8638-6E879590207E} - System32\Tasks\Avast Emergency Update => C:\Program Files\AVAST Software\Avast\AvEmUpdate.exe [3942792 2019-09-09] (AVAST Software s.r.o. -> AVAST Software)
    Task: {7E87BDE6-FCC4-4242-9228-F1E426847C54} - System32\Tasks\Lenovo\ImController\Plugins\LenovoSystemUpdatePlugin_WeeklyTask => %windir%\System32\reg.exe add hklm\SOFTWARE\Lenovo\SystemUpdatePlugin\scheduler /v start /t reg_dword /d 1 /f /reg:32
    Task: {840EB0DF-8CAA-4A73-A3B9-9F6485C6755E} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [154440 2016-04-14] (Google Inc -> Google Inc.)
    Task: {8EFEF0B8-AD36-426F-B901-A62644878692} - System32\Tasks\DolbySelectorTask => C:\Program Files\Dolby Digital Plus\ddp.exe
    Task: {A3F30813-BDC2-4984-BC49-944D29BAD20C} - System32\Tasks\Avast Software\Overseer => C:\Program Files\Common Files\Avast Software\Overseer\overseer.exe [2045832 2019-08-19] (AVAST Software s.r.o. -> AVAST Software)
    Task: {B04BF0DB-18C6-4AAD-AABC-465217A4F74A} - System32\Tasks\Lenovo\ImController\Lenovo iM Controller Scheduled Maintenance => %windir%\system32\sc.exe START ImControllerService
    Task: {B585AE4F-13D0-46FE-B049-E30B68E30CC9} - System32\Tasks\Microsoft\Office\OfficeTelemetryAgentFallBack => C:\Program Files\Microsoft Office\Office15\msoia.exe [376496 2014-01-23] (Microsoft Corporation -> Microsoft Corporation)
    Task: {C0298C7B-D0D4-42B6-9CAB-7736633D58B1} - System32\Tasks\AvastUpdateTaskMachineCore => C:\Program Files (x86)\AVAST Software\Browser\Update\AvastBrowserUpdate.exe
    Task: {C308A164-1A83-4BC0-8FED-90ED78031B2B} - System32\Tasks\Lenovo\Lenovo Customer Feedback Program 64 => C:\Program Files (x86)\Lenovo\Customer Feedback Program\Lenovo.TVT.CustomerFeedback.Agent.exe [16832 2015-07-08] (LENOVO -> Lenovo)
    Task: {C8555C17-0877-4CA9-A5D9-418926D0743C} - System32\Tasks\CCleaner Update => C:\Program Files\CCleaner\CCUpdate.exe [619416 2019-07-11] (Piriform Software Ltd -> Piriform Software Ltd)
    Task: {DB169108-7E7A-4383-A11D-896F7E201788} - System32\Tasks\Avast TUNEUP Update => C:\Program Files (x86)\AVAST Software\Avast Cleanup\TUNEUpdate.exe [1659000 2019-07-25] (AVAST Software s.r.o. -> AVAST Software)
    Task: {E6F29193-E09B-4A01-90D0-78B89D645E30} - System32\Tasks\DropboxUpdateTaskMachineCore => C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe [143144 2016-12-24] (Dropbox, Inc -> Dropbox, Inc.)
    Task: {E96136F2-23A6-42D5-9408-485C835C4843} - System32\Tasks\Microsoft\Office\Office 15 Subscription Heartbeat => C:\Program Files\Common Files\Microsoft Shared\Office15\OLicenseHeartbeat.exe [1626328 2014-01-23] (Microsoft Corporation -> Microsoft Corporation)
    Task: {F1871343-F8A3-4BAA-8B25-1BBFFE07E031} - System32\Tasks\G2MUploadTask-S-1-5-21-614755349-3072655537-2205226653-1001 => C:\Users\cicci\AppData\Local\GoToMeeting\14172\g2mupload.exe [32256 2019-08-24] (LogMeIn, Inc. -> LogMeIn, Inc.)
    Task: {FDAE82A3-B648-4E51-8B7B-7F3BBCEE0131} - System32\Tasks\Adobe Acrobat Update Task => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [1160408 2017-02-02] (Adobe Systems, Incorporated -> Adobe Systems Incorporated)
    (If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)
    Task: C:\WINDOWS\Tasks\DropboxUpdateTaskMachineCore.job => C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe
    Task: C:\WINDOWS\Tasks\DropboxUpdateTaskMachineUA.job => C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe
    Task: C:\WINDOWS\Tasks\G2MUpdateTask-S-1-5-21-614755349-3072655537-2205226653-1001.job => C:\Users\cicci\AppData\Local\GoToMeeting\14172\g2mupdate.exe
    Task: C:\WINDOWS\Tasks\G2MUploadTask-S-1-5-21-614755349-3072655537-2205226653-1001.job => C:\Users\cicci\AppData\Local\GoToMeeting\14172\g2mupload.exe
    ==================== Internet (Whitelisted) ====================
    (If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
    Tcpip\Parameters: [DhcpNameServer] 192.168.1.1
    Tcpip\..\Interfaces\{a5c89705-043a-4cb3-8317-2129d1697844}: [DhcpNameServer] 192.168.1.1
    Tcpip\..\Interfaces\{a6e830f8-e76e-449e-bb40-889da223f2c1}: [DhcpNameServer] 192.168.1.1
    Internet Explorer:
    ==================
    HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = hxxps://www.bing.com/search?FORM=INCOH1&PC=IC05&PTAG=ICO-864f49be
    HKU\S-1-5-21-614755349-3072655537-2205226653-1001\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://lenovo15.msn.com/?pc=LCTE
    HKU\S-1-5-21-614755349-3072655537-2205226653-1001\Software\Microsoft\Internet Explorer\Main,Secondary Start Pages = hxxp://mystart.lenovo.com
    SearchScopes: HKLM -> DefaultScope {C24D89BB-0AA9-4038-8718-795A7F117FE7} URL = hxxps://www.bing.com/search?FORM=INCOH2&PC=IC05&PTAG=ICO-864f49be&q={searchTerms}
    SearchScopes: HKLM -> {26080cad-4adc-49ac-8c63-eda16e595cbd} URL = hxxps://www.bing.com/search?FORM=INCOH2&PC=IC05&PTAG=ICO-864f49be&q={searchTerms}
    SearchScopes: HKLM -> {C24D89BB-0AA9-4038-8718-795A7F117FE7} URL = hxxps://www.bing.com/search?FORM=INCOH2&PC=IC05&PTAG=ICO-864f49be&q={searchTerms}
    SearchScopes: HKLM-x32 -> DefaultScope {C24D89BB-0AA9-4038-8718-795A7F117FE7} URL = hxxps://www.bing.com/search?FORM=INCOH2&PC=IC05&PTAG=ICO-864f49be&q={searchTerms}
    SearchScopes: HKLM-x32 -> {26080cad-4adc-49ac-8c63-eda16e595cbd} URL = hxxps://www.bing.com/search?FORM=INCOH2&PC=IC05&PTAG=ICO-864f49be&q={searchTerms}
    SearchScopes: HKLM-x32 -> {C24D89BB-0AA9-4038-8718-795A7F117FE7} URL = hxxps://www.bing.com/search?FORM=INCOH2&PC=IC05&PTAG=ICO-864f49be&q={searchTerms}
    SearchScopes: HKU\S-1-5-21-614755349-3072655537-2205226653-1001 -> {26080cad-4adc-49ac-8c63-eda16e595cbd} URL = hxxps://www.bing.com/search?FORM=INCOH2&PC=IC05&PTAG=ICO-864f49be&q={searchTerms}
    BHO: Skype for Business Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files\Microsoft Office\Office15\OCHelper.dll [2019-07-18] (Microsoft Corporation -> Microsoft Corporation)
    BHO: Adobe Acrobat Create PDF Helper -> {AE7CD045-E861-484f-8273-0445EE161910} -> C:\Program Files (x86)\Common Files\Adobe\Acrobat\WCIEActiveX\x64\AcroIEFavClient.dll [2016-04-23] (Adobe Systems, Incorporated -> Adobe Systems Incorporated)
    BHO: Microsoft SkyDrive Pro Browser Helper -> {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} -> C:\Program Files\Microsoft Office\Office15\GROOVEEX.DLL [2018-05-15] (Microsoft Corporation -> Microsoft Corporation)
    BHO: Adobe Acrobat Create PDF from Selection -> {F4971EE7-DAA0-4053-9964-665D8EE6A077} -> C:\Program Files (x86)\Common Files\Adobe\Acrobat\WCIEActiveX\x64\AcroIEFavClient.dll [2016-04-23] (Adobe Systems, Incorporated -> Adobe Systems Incorporated)
    BHO-x32: True Key Helper -> {0F4B8786-5502-4803-8EBC-F652A1153BB6} -> C:\Program Files\Intel Security\True Key\MSIE\truekey_ie.dll [2016-07-15] (Intel(R) Security True Key -> Intel Security)
    BHO-x32: Skype for Business Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files (x86)\Microsoft Office\Office15\OCHelper.dll [2019-07-18] (Microsoft Corporation -> Microsoft Corporation)
    BHO-x32: Adobe Acrobat Create PDF Helper -> {AE7CD045-E861-484f-8273-0445EE161910} -> C:\Program Files (x86)\Common Files\Adobe\Acrobat\WCIEActiveX\AcroIEFavClient.dll [2016-04-23] (Adobe Systems, Incorporated -> Adobe Systems Incorporated)
    BHO-x32: Microsoft SkyDrive Pro Browser Helper -> {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} -> C:\Program Files (x86)\Microsoft Office\Office15\GROOVEEX.DLL [2018-05-15] (Microsoft Corporation -> Microsoft Corporation)
    BHO-x32: Adobe Acrobat Create PDF from Selection -> {F4971EE7-DAA0-4053-9964-665D8EE6A077} -> C:\Program Files (x86)\Common Files\Adobe\Acrobat\WCIEActiveX\AcroIEFavClient.dll [2016-04-23] (Adobe Systems, Incorporated -> Adobe Systems Incorporated)
    Toolbar: HKLM - Adobe Acrobat Create PDF Toolbar - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\WCIEActiveX\x64\AcroIEFavClient.dll [2016-04-23] (Adobe Systems, Incorporated -> Adobe Systems Incorporated)
    Toolbar: HKLM-x32 - True Key - {4BAAC1B8-0800-42C9-8FA6-08B211F356B8} - C:\Program Files\Intel Security\True Key\MSIE\truekey_ie.dll [2016-07-15] (Intel(R) Security True Key -> Intel Security)
    Toolbar: HKLM-x32 - Adobe Acrobat Create PDF Toolbar - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\WCIEActiveX\AcroIEFavClient.dll [2016-04-23] (Adobe Systems, Incorporated -> Adobe Systems Incorporated)
    Toolbar: HKU\S-1-5-21-614755349-3072655537-2205226653-1001 -> Adobe Acrobat Create PDF Toolbar - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\WCIEActiveX\x64\AcroIEFavClient.dll [2016-04-23] (Adobe Systems, Incorporated -> Adobe Systems Incorporated)
    Handler: osf - {D924BDC6-C83A-4BD5-90D0-095128A113D1} - C:\Program Files\Microsoft Office\Office15\MSOSB.DLL [2017-08-15] (Microsoft Corporation -> Microsoft Corporation)
    Edge:
    ======
    DownloadDir: C:\Users\cicci\Downloads
    Edge Extension: (Grammarly for Microsoft Edge) -> EdgeExtension_GrammarlyGrammarlyforMicrosoftEdge_zee0y2571dhse => C:\Program Files\WindowsApps\Grammarly.GrammarlyforMicrosoftEdge_1.120.2309.0_neutral__zee0y2571dhse [2019-05-31]
    FireFox:
    ========
    FF DefaultProfile: kgrna0kh.default-1557356487012
    FF ProfilePath: C:\Users\cicci\AppData\Roaming\Mozilla\Firefox\Profiles\kgrna0kh.default-1557356487012 [2019-09-15]
    FF Homepage: Mozilla\Firefox\Profiles\kgrna0kh.default-1557356487012 -> hxxps://www.condenast.com/contact-us/
    FF Extension: (hotfix-update-xpi-intermediate) - C:\Users\cicci\AppData\Roaming\Mozilla\Firefox\Profiles\kgrna0kh.default-1557356487012\Extensions\[email protected] [2019-05-08]
    FF Extension: (Avast SafePrice | Comparison, deals, coupons) - C:\Users\cicci\AppData\Roaming\Mozilla\Firefox\Profiles\kgrna0kh.default-1557356487012\Extensions\[email protected] [2019-05-09]
    FF Extension: (Avast Online Security) - C:\Users\cicci\AppData\Roaming\Mozilla\Firefox\Profiles\kgrna0kh.default-1557356487012\Extensions\[email protected] [2019-05-09]
    FF HKLM-x32\...\Firefox\Extensions: [[email protected]] - C:\Program Files (x86)\Adobe\Acrobat 11.0\Acrobat\Browser\WCFirefoxExtn
    FF Extension: (Adobe Acrobat - Create PDF) - C:\Program Files (x86)\Adobe\Acrobat 11.0\Acrobat\Browser\WCFirefoxExtn [2018-07-05] [Legacy]
    FF HKLM-x32\...\Firefox\Extensions: [[email protected]] - C:\Program Files (x86)\Nuance\NaturallySpeaking12\Program\ffShim.xpi
    FF Extension: (Dragon NaturallySpeaking Rich Internet Application Support) - C:\Program Files (x86)\Nuance\NaturallySpeaking12\Program\ffShim.xpi [2013-03-14] [Legacy] [not signed]
    FF Plugin: @adobe.com/FlashPlayer -> C:\WINDOWS\system32\Macromed\Flash\NPSWF64_32_0_0_171.dll [2019-05-08] (Adobe Inc. -> )
    FF Plugin: @microsoft.com/SharePoint,version=14.0 -> C:\Program Files\Microsoft Office\Office15\NPSPWRAP.DLL [2014-01-23] (Microsoft Corporation -> Microsoft Corporation)
    FF Plugin: adobe.com/AdobeAAMDetect -> C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\CCM\Utilities\npAdobeAAMDetect64.dll [2015-07-29] (Adobe Systems Incorporated -> Adobe Systems)
    FF Plugin-x32: @adobe.com/FlashPlayer -> C:\WINDOWS\SysWOW64\Macromed\Flash\NPSWF32_32_0_0_171.dll [2019-05-08] (Adobe Inc. -> )
    FF Plugin-x32: @Intel-webapi.intel.com/Intel WebAPI ipt;version=4.0.68 -> C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIIPT.dll [2015-04-21] (Intel(R) Identity Protection Technology Software -> Intel Corporation)
    FF Plugin-x32: @Intel-webapi.intel.com/Intel WebAPI updater -> C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIUpdater.dll [2015-04-21] (Intel(R) Identity Protection Technology Software -> Intel Corporation)
    FF Plugin-x32: @microsoft.com/Lync,version=15.0 -> C:\Program Files (x86)\Mozilla Firefox\plugins\npmeetingjoinpluginoc.dll [2016-07-19] (Microsoft Corporation -> Microsoft Corporation)
    FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\Program Files (x86)\Microsoft Office\Office15\NPSPWRAP.DLL [2014-01-22] (Microsoft Corporation -> Microsoft Corporation)
    FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.34.11\npGoogleUpdate3.dll [2019-05-14] (Google Inc -> Google LLC)
    FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.34.11\npGoogleUpdate3.dll [2019-05-14] (Google Inc -> Google LLC)
    FF Plugin-x32: Adobe Acrobat -> C:\Program Files (x86)\Adobe\Acrobat 11.0\Acrobat\Air\nppdf32.dll [2016-06-23] (Adobe Systems, Incorporated -> Adobe Systems Inc.)
    FF Plugin-x32: adobe.com/AdobeAAMDetect -> C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\CCM\Utilities\npAdobeAAMDetect32.dll [2015-07-29] (Adobe Systems Incorporated -> Adobe Systems)
    FF Plugin-x32: nuance.com/DragonRIAPlugin -> C:\Program Files (x86)\Nuance\NaturallySpeaking12\Program\npDgnRia.dll [2013-03-14] (Nuance Communications, Inc. -> Nuance Communications Inc.)
    Chrome:
    =======
    CHR DefaultProfile: ",
    CHR Profile: C:\Users\cicci\AppData\Local\Google\Chrome\User Data\Default [2019-09-17]
    CHR Extension: (Slides) - C:\Users\cicci\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2017-10-12]
    CHR Extension: (Docs) - C:\Users\cicci\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2017-10-12]
    CHR Extension: (Google Drive) - C:\Users\cicci\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2016-04-14]
    CHR Extension: (YouTube) - C:\Users\cicci\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2016-04-14]
    CHR Extension: (Send to Kindle for Google Chrome) - C:\Users\cicci\AppData\Local\Google\Chrome\User Data\Default\Extensions\cgdjpilhipecahhcilnafpblkieebhea [2016-05-31]
    CHR Extension: (Avast Passwords) - C:\Users\cicci\AppData\Local\Google\Chrome\User Data\Default\Extensions\emhginjpijfggbofeediiojmdlmlkoik [2019-05-07]
    CHR Extension: (Dashlane - Password Manager) - C:\Users\cicci\AppData\Local\Google\Chrome\User Data\Default\Extensions\fdjamakpfbbddfjaooikfcpapjohcfmg [2019-09-12]
    CHR Extension: (Sheets) - C:\Users\cicci\AppData\Local\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2017-10-12]
    CHR Extension: (CSSViewer) - C:\Users\cicci\AppData\Local\Google\Chrome\User Data\Default\Extensions\ggfgijbpiheegefliciemofobhmofgce [2017-04-13]
    CHR Extension: (Google Docs Offline) - C:\Users\cicci\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2018-08-16]
    CHR Extension: (Keywords Everywhere - Keyword Tool) - C:\Users\cicci\AppData\Local\Google\Chrome\User Data\Default\Extensions\hbapdpeemoojbophdfndmlgdhppljgmp [2019-07-17]
    CHR Extension: (Grammarly for Chrome) - C:\Users\cicci\AppData\Local\Google\Chrome\User Data\Default\Extensions\kbfnbcaeplbcioakkpcpgfkobkghlhen [2019-09-13]
    CHR Extension: (Dragon NaturallySpeaking Rich Internet Application Support) - C:\Users\cicci\AppData\Local\Google\Chrome\User Data\Default\Extensions\mikhcaiakabeeokmenglcdebplfdjicn [2016-08-11]
    CHR Extension: (Chrome Web Store Payments) - C:\Users\cicci\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2018-04-05]
    CHR Extension: (Simple EPUB Reader) - C:\Users\cicci\AppData\Local\Google\Chrome\User Data\Default\Extensions\ojhbgcchcbdjdenibfmjofobklkkhofc [2017-01-21]
    CHR Extension: (Template Hub) - C:\Users\cicci\AppData\Local\Google\Chrome\User Data\Default\Extensions\padlojekdiifocgnmfkcalleegjibmip [2019-07-19]
    CHR Extension: (Gmail) - C:\Users\cicci\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2019-05-01]
    CHR Extension: (Chrome Media Router) - C:\Users\cicci\AppData\Local\Google\Chrome\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm [2019-08-08]
    CHR HKLM-x32\...\Chrome\Extension: [mikhcaiakabeeokmenglcdebplfdjicn] - C:\Program Files (x86)\Nuance\NaturallySpeaking12\Program\chromeShim.crx [2013-03-14]
    ==================== Services (Whitelisted) ====================
    (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
    S2 AGMService; C:\Program Files (x86)\Common Files\Adobe\AdobeGCClient\AGMService.exe [3117648 2019-07-04] (Adobe Inc. -> Adobe Systems, Incorporated)
    S2 AGSService; C:\Program Files (x86)\Common Files\Adobe\AdobeGCClient\AGSService.exe [2888272 2019-07-04] (Adobe Inc. -> Adobe Systems, Incorporated)
    R3 aswbIDSAgent; C:\Program Files\AVAST Software\Avast\aswidsagent.exe [5975136 2019-09-09] (AVAST Software s.r.o. -> AVAST Software)
    R2 avast! Antivirus; C:\Program Files\AVAST Software\Avast\AvastSvc.exe [405072 2019-09-09] (AVAST Software s.r.o. -> AVAST Software)
    S3 AvastWscReporter; C:\Program Files\AVAST Software\Avast\wsc_proxy.exe [57504 2019-09-09] (AVAST Software s.r.o. -> AVAST Software)
    S4 btwdins; C:\Program Files\Lenovo\Bluetooth Software\btwdins.exe [980224 2015-07-08] (Broadcom Corporation -> Broadcom Corporation.)
    S2 CCSDK; C:\Program Files (x86)\Lenovo\CCSDK\CCSDK.exe [688992 2017-02-27] (LENOVO -> Lenovo)
    R2 CleanupPSvc; C:\Program Files (x86)\AVAST Software\Avast Cleanup\TuneupSvc.exe [10287216 2019-07-25] (AVAST Software s.r.o. -> AVAST Software)
    S4 dbupdate; C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe [143144 2016-12-24] (Dropbox, Inc -> Dropbox, Inc.)
    S4 dbupdatem; C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe [143144 2016-12-24] (Dropbox, Inc -> Dropbox, Inc.)
    S2 DbxSvc; C:\WINDOWS\system32\DbxSvc.exe [51024 2019-01-08] (Dropbox, Inc -> Dropbox, Inc.)
    R2 GDCAgent; C:\Program Files (x86)\Lenovo\GDCAgentSetupRed\GDCAgent.exe [1155512 2015-07-29] (LENOVO -> Lenovo)
    S2 igfxCUIService2.0.0.0; C:\WINDOWS\system32\igfxCUIService.exe [365040 2017-10-20] (Intel(R) pGFX -> Intel Corporation)
    S4 IJPLMSVC; C:\Program Files (x86)\Canon\IJPLM\IJPLMSVC.EXE [116104 2010-04-05] (Canon Inc. -> )
    R2 ImControllerService; C:\Program Files\Lenovo\ImController\Service\Lenovo.Modern.ImController.exe [76968 2019-04-24] (Lenovo -> Lenovo Group Ltd.)
    S3 Intel(R) Capability Licensing Service TCP IP Interface; C:\Program Files\Intel\iCLS Client\SocketHeciServer.exe [881152 2015-05-22] (Intel® Trusted Connect Service -> Intel(R) Corporation)
    S3 Intel(R) Security Assist; C:\Program Files (x86)\Intel\Intel(R) Security Assist\isa.exe [335872 2015-05-19] (Intel Corporation) [File not signed]
    S4 IntelBCAsvc; C:\Program Files\Intel\BCA\pabeSvc64.exe [3026584 2016-05-06] (Intel(R) Biometric and Context Agent -> Intel(R) Corporation)
    S2 isaHelperSvc; C:\Program Files (x86)\Intel\Intel(R) Security Assist\isaHelperService.exe [7680 2015-05-19] () [File not signed]
    S4 jhi_service; C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe [223008 2015-06-24] (Intel Corporation - Embedded Subsystems and IP Blocks Group -> Intel Corporation)
    S4 KindleDesktopService; C:\Program Files (x86)\Amazon\KindleAddIn\Service\KindleDesktopService.exe [27648 2018-02-26] (Amazon) [File not signed]
    R2 MacriumService; C:\Program Files\Macrium\Common\MacriumService.exe [6408384 2019-08-20] (Paramount Software UK Ltd -> Paramount Software UK Ltd)
    R2 Net Driver HPZ12; C:\Windows\System32\HPZinw12.dll [50688 2019-02-01] (HP Inc.) [File not signed]
    R2 Pml Driver HPZ12; C:\Windows\System32\HPZipm12.dll [66048 2019-02-01] (HP Inc.) [File not signed]
    S2 SynTPEnhService; C:\Program Files\Synaptics\SynTP\SynTPEnhService.exe [267360 2017-01-23] (Synaptics Incorporated -> Synaptics Incorporated)
    R2 TrueKey; C:\Program Files\TrueKey\McAfee.TrueKey.Service.exe [908256 2016-07-14] (McAfee, Inc. -> McAfee, Inc.)
    S2 TrueKeyScheduler; C:\Program Files\TrueKey\McTkSchedulerService.exe [15736 2016-07-14] (McAfee, Inc. -> McAfee, Inc.)
    S3 TrueKeyServiceHelper; C:\Program Files\TrueKey\McAfee.TrueKey.ServiceHelper.exe [86864 2016-07-14] (McAfee, Inc. -> McAfee, Inc.)
    S4 uSHAREitSvc; C:\Program Files (x86)\SHAREit Technologies\SHAREit\SHAREit.Service.exe [33224 2017-09-11] (SHAREit Technologies Co.Ltd -> SHAREit Technologies Co.Ltd)
    S4 WDBackup; C:\Program Files (x86)\Western Digital\WD SmartWare\WDBackupEngine.exe [1049464 2016-04-19] (WESTERN DIGITAL TECHNOLOGIES -> Western Digital Technologies, Inc.)
    S4 WDDriveService; C:\Program Files (x86)\Western Digital\WD Drive Manager\WDDriveService.exe [314744 2016-04-19] (WESTERN DIGITAL TECHNOLOGIES -> Western Digital Technologies, Inc.)
    S3 WdNisSvc; C:\Program Files\Windows Defender\NisSrv.exe [3831576 2019-06-15] (Microsoft Corporation -> Microsoft Corporation)
    S3 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [110944 2018-09-15] (Microsoft Corporation -> Microsoft Corporation)
    S2 avast; "C:\Program Files (x86)\AVAST Software\Browser\Update\AvastBrowserUpdate.exe" /svc [X]
    S3 avastm; "C:\Program Files (x86)\AVAST Software\Browser\Update\AvastBrowserUpdate.exe" /medsvc [X]
    ===================== Drivers (Whitelisted) ======================
    (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
    R0 aswArDisk; C:\WINDOWS\System32\drivers\aswArDisk.sys [37104 2019-09-09] (AVAST Software s.r.o. -> AVAST Software)
    R1 aswArPot; C:\WINDOWS\System32\drivers\aswArPot.sys [209552 2019-09-09] (AVAST Software s.r.o. -> AVAST Software)
    R1 aswbidsdriver; C:\WINDOWS\System32\drivers\aswbidsdriver.sys [263008 2019-09-09] (AVAST Software s.r.o. -> AVAST Software)
    R0 aswbidsh; C:\WINDOWS\System32\drivers\aswbidsh.sys [205848 2019-09-09] (AVAST Software s.r.o. -> AVAST Software)
    R0 aswbuniv; C:\WINDOWS\System32\drivers\aswbuniv.sys [61472 2019-09-09] (AVAST Software s.r.o. -> AVAST Software)
    R0 aswElam; C:\WINDOWS\System32\drivers\aswElam.sys [15488 2019-01-10] (Microsoft Windows Early Launch Anti-malware Publisher -> AVAST Software)
    R1 aswHdsKe; C:\WINDOWS\System32\drivers\aswHdsKe.sys [282768 2019-09-09] (AVAST Software s.r.o. -> AVAST Software)
    R1 aswKbd; C:\WINDOWS\System32\drivers\aswKbd.sys [42288 2019-09-09] (AVAST Software s.r.o. -> AVAST Software)
    R2 aswMonFlt; C:\WINDOWS\System32\drivers\aswMonFlt.sys [169408 2019-09-09] (AVAST Software s.r.o. -> AVAST Software)
    R1 aswRdr; C:\WINDOWS\System32\drivers\aswRdr2.sys [112312 2019-09-09] (AVAST Software s.r.o. -> AVAST Software)
    R0 aswRvrt; C:\WINDOWS\System32\drivers\aswRvrt.sys [87944 2019-09-09] (AVAST Software s.r.o. -> AVAST Software)
    R1 aswSnx; C:\WINDOWS\System32\drivers\aswSnx.sys [1030784 2019-09-09] (AVAST Software s.r.o. -> AVAST Software)
    R1 aswSP; C:\WINDOWS\System32\drivers\aswSP.sys [478096 2019-09-09] (AVAST Software s.r.o. -> AVAST Software)
    R2 aswStm; C:\WINDOWS\System32\drivers\aswStm.sys [236024 2019-09-09] (AVAST Software s.r.o. -> AVAST Software)
    R0 aswVmm; C:\WINDOWS\System32\drivers\aswVmm.sys [387176 2019-09-09] (AVAST Software s.r.o. -> AVAST Software)
    R3 dot4; C:\WINDOWS\system32\DRIVERS\Dot4.sys [151968 2012-10-18] (Hewlett-Packard Company -> Windows (R) Win 7 DDK provider)
    R3 Dot4Print; C:\WINDOWS\System32\drivers\Dot4Prt.sys [27040 2012-10-18] (Hewlett-Packard Company -> Windows (R) Win 7 DDK provider)
    R3 dot4usb; C:\WINDOWS\system32\DRIVERS\dot4usb.sys [49056 2012-10-18] (Hewlett-Packard Company -> Microsoft Corporation)
    S3 GeneStor; C:\WINDOWS\system32\DRIVERS\GeneStor.sys [115704 2015-06-12] (GENESYS LOGIC, INC. -> GenesysLogic)
    R3 iaLPSS_GPIO; C:\WINDOWS\System32\drivers\iaLPSS_GPIO.sys [46856 2015-06-15] (Intel Corporation - Client Components Group -> Intel Corporation)
    S3 PSMounterEx; C:\Windows\system32\drivers\psmounterex.sys [179416 2019-02-15] (Paramount Software UK Ltd -> Windows (R) Win 7 DDK provider)
    R3 rt640x64; C:\WINDOWS\System32\drivers\rt640x64.sys [886528 2015-05-05] (Realtek Semiconductor Corp -> Realtek )
    R3 rtsuvc; C:\WINDOWS\system32\DRIVERS\rtsuvc.sys [3059416 2015-06-11] (Realtek Semiconductor Corp -> Realtek Semiconductor Corp.)
    R3 SmbDrvI; C:\WINDOWS\system32\DRIVERS\Smb_driver_Intel.sys [72800 2017-01-23] (Synaptics Incorporated -> Synaptics Incorporated)
    S3 tap0901; C:\WINDOWS\System32\drivers\tap0901.sys [36168 2019-04-25] (McAfee, Inc. -> The OpenVPN Project)
    R3 VirtualButtons; C:\WINDOWS\System32\drivers\VirtualButtons.sys [41992 2017-03-31] (Intel(R) Software -> Intel Corporation)
    S3 WdBoot; C:\WINDOWS\system32\drivers\WdBoot.sys [46584 2018-09-15] (Microsoft Windows Early Launch Anti-malware Publisher -> Microsoft Corporation)
    S3 WdFilter; C:\WINDOWS\system32\drivers\WdFilter.sys [340008 2018-09-15] (Microsoft Windows -> Microsoft Corporation)
    S3 WdNisDrv; C:\WINDOWS\System32\Drivers\WdNisDrv.sys [61992 2018-09-15] (Microsoft Windows -> Microsoft Corporation)
    S3 WIMMount; C:\program files\macrium\reflect\wimmount.sys [36664 2018-09-15] (Microsoft Windows -> Microsoft Corporation)
    S3 wsvd; C:\WINDOWS\system32\DRIVERS\wsvd.sys [102376 2012-06-13] (CyberLink -> "CyberLink)
    ==================== NetSvcs (Whitelisted) ===================
    (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
    ==================== One month (created) ========
    (If an entry is included in the fixlist, the file/folder will be moved.)
    2019-09-17 23:47 - 2019-09-17 23:49 - 000040249 _____ C:\Users\cicci\Downloads\FRST.txt
    2019-09-16 12:47 - 2019-09-16 12:47 - 007622344 _____ (Malwarebytes) C:\Users\cicci\Downloads\adwcleaner_7.4.1.exe
    2019-09-15 11:20 - 2019-09-15 11:21 - 000510768 _____ C:\WINDOWS\system32\FNTCACHE.DAT
    2019-09-15 11:10 - 2019-09-15 11:17 - 000015412 _____ C:\Users\cicci\Downloads\Fixlog.txt
    2019-09-15 10:42 - 2019-09-15 10:42 - 001614848 _____ (Farbar) C:\Users\cicci\Downloads\FRST64.exe
    2019-09-11 10:25 - 2019-09-11 10:29 - 000000000 ____D C:\Users\cicci\Documents\TECHGUY
    2019-09-11 09:33 - 2019-09-04 15:44 - 000835480 _____ (Adobe) C:\WINDOWS\SysWOW64\FlashPlayerApp.exe
    2019-09-11 09:33 - 2019-09-04 15:44 - 000179816 _____ (Adobe) C:\WINDOWS\SysWOW64\FlashPlayerCPLApp.cpl
    2019-09-11 00:43 - 2019-09-11 00:43 - 026808320 _____ (Microsoft Corporation) C:\WINDOWS\system32\edgehtml.dll
    2019-09-11 00:43 - 2019-09-11 00:43 - 023453696 _____ (Microsoft Corporation) C:\WINDOWS\system32\mshtml.dll
    2019-09-11 00:43 - 2019-09-11 00:43 - 020817408 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\edgehtml.dll
    2019-09-11 00:43 - 2019-09-11 00:43 - 019011584 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mshtml.dll
    2019-09-11 00:43 - 2019-09-11 00:43 - 012939776 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieframe.dll
    2019-09-11 00:43 - 2019-09-11 00:43 - 012244992 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ieframe.dll
    2019-09-11 00:43 - 2019-09-11 00:43 - 008903680 _____ (Microsoft Corporation) C:\WINDOWS\system32\mstscax.dll
    2019-09-11 00:43 - 2019-09-11 00:43 - 007921664 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mstscax.dll
    2019-09-11 00:43 - 2019-09-11 00:43 - 006065664 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Chakra.dll
    2019-09-11 00:43 - 2019-09-11 00:43 - 005436696 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfcore.dll
    2019-09-11 00:43 - 2019-09-11 00:43 - 004488192 _____ (Microsoft Corporation) C:\WINDOWS\system32\xpsrchvw.exe
    2019-09-11 00:43 - 2019-09-11 00:43 - 003702784 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\jscript9.dll
    2019-09-11 00:43 - 2019-09-11 00:43 - 003550384 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mfcore.dll
    2019-09-11 00:43 - 2019-09-11 00:43 - 003442176 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\xpsrchvw.exe
    2019-09-11 00:43 - 2019-09-11 00:43 - 002469432 _____ (Microsoft Corporation) C:\WINDOWS\system32\msmpeg2vdec.dll
    2019-09-11 00:43 - 2019-09-11 00:43 - 002323696 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msmpeg2vdec.dll
    2019-09-11 00:43 - 2019-09-11 00:43 - 002127360 _____ (Microsoft Corporation) C:\WINDOWS\system32\wsp_fs.dll
    2019-09-11 00:43 - 2019-09-11 00:43 - 002099752 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfplat.dll
    2019-09-11 00:43 - 2019-09-11 00:43 - 001782272 _____ (Microsoft Corporation) C:\WINDOWS\system32\wsp_health.dll
    2019-09-11 00:43 - 2019-09-11 00:43 - 001604760 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mfplat.dll
    2019-09-11 00:43 - 2019-09-11 00:43 - 001521664 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wsp_fs.dll
    2019-09-11 00:43 - 2019-09-11 00:43 - 001312256 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msjet40.dll
    2019-09-11 00:43 - 2019-09-11 00:43 - 001309696 _____ (Microsoft Corporation) C:\WINDOWS\system32\webplatstorageserver.dll
    2019-09-11 00:43 - 2019-09-11 00:43 - 001307648 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wsp_health.dll
    2019-09-11 00:43 - 2019-09-11 00:43 - 001297120 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfsvr.dll
    2019-09-11 00:43 - 2019-09-11 00:43 - 001132032 _____ (Microsoft Corporation) C:\WINDOWS\system32\nettrace.dll
    2019-09-11 00:43 - 2019-09-11 00:43 - 001075832 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mfsvr.dll
    2019-09-11 00:43 - 2019-09-11 00:43 - 001071616 _____ (Microsoft Corporation) C:\WINDOWS\HelpPane.exe
    2019-09-11 00:43 - 2019-09-11 00:43 - 000912384 _____ (Microsoft Corporation) C:\WINDOWS\system32\EdgeManager.dll
    2019-09-11 00:43 - 2019-09-11 00:43 - 000883200 _____ (Microsoft Corporation) C:\WINDOWS\system32\CPFilters.dll
    2019-09-11 00:43 - 2019-09-11 00:43 - 000833024 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\webplatstorageserver.dll
    2019-09-11 00:43 - 2019-09-11 00:43 - 000798736 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\fvevol.sys
    2019-09-11 00:43 - 2019-09-11 00:43 - 000793600 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\clusapi.dll
    2019-09-11 00:43 - 2019-09-11 00:43 - 000773632 _____ (Microsoft Corporation) C:\WINDOWS\system32\nshwfp.dll
    2019-09-11 00:43 - 2019-09-11 00:43 - 000690688 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\CPFilters.dll
    2019-09-11 00:43 - 2019-09-11 00:43 - 000663040 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\EdgeManager.dll
    2019-09-11 00:43 - 2019-09-11 00:43 - 000525824 _____ (Microsoft Corporation) C:\WINDOWS\system32\nltest.exe
    2019-09-11 00:43 - 2019-09-11 00:43 - 000480256 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\resutils.dll
    2019-09-11 00:43 - 2019-09-11 00:43 - 000475648 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msxbde40.dll
    2019-09-11 00:43 - 2019-09-11 00:43 - 000409256 _____ (Microsoft Corporation) C:\WINDOWS\system32\tsmf.dll
    2019-09-11 00:43 - 2019-09-11 00:43 - 000386048 _____ (curl, hxxps://curl.haxx.se/) C:\WINDOWS\SysWOW64\curl.exe
    2019-09-11 00:43 - 2019-09-11 00:43 - 000353280 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msrd3x40.dll
    2019-09-11 00:43 - 2019-09-11 00:43 - 000349144 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\tsmf.dll
    2019-09-11 00:43 - 2019-09-11 00:43 - 000313344 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msrd2x40.dll
    2019-09-11 00:43 - 2019-09-11 00:43 - 000195224 _____ (Microsoft Corporation) C:\WINDOWS\system32\SecurityCenterBroker.dll
    2019-09-11 00:43 - 2019-09-11 00:43 - 000154624 _____ (Microsoft Corporation) C:\WINDOWS\system32\fcon.dll
    2019-09-11 00:43 - 2019-09-11 00:43 - 000066048 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ComputerDefaults.exe
    2019-09-11 00:42 - 2019-09-11 00:43 - 007871488 _____ (Microsoft Corporation) C:\WINDOWS\system32\Chakra.dll
    2019-09-11 00:42 - 2019-09-11 00:42 - 022124760 _____ (Microsoft Corporation) C:\WINDOWS\system32\shell32.dll
    2019-09-11 00:42 - 2019-09-11 00:42 - 017484800 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.UI.Xaml.dll
    2019-09-11 00:42 - 2019-09-11 00:42 - 015221248 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.UI.Xaml.dll
    2019-09-11 00:42 - 2019-09-11 00:42 - 009679672 _____ (Microsoft Corporation) C:\WINDOWS\system32\ntoskrnl.exe
    2019-09-11 00:42 - 2019-09-11 00:42 - 007886848 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Data.Pdf.dll
    2019-09-11 00:42 - 2019-09-11 00:42 - 007645392 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Media.Protection.PlayReady.dll
    2019-09-11 00:42 - 2019-09-11 00:42 - 006542464 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Media.Protection.PlayReady.dll
    2019-09-11 00:42 - 2019-09-11 00:42 - 006444544 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Data.Pdf.dll
    2019-09-11 00:42 - 2019-09-11 00:42 - 006310064 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\windows.storage.dll
    2019-09-11 00:42 - 2019-09-11 00:42 - 005597808 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\shell32.dll
    2019-09-11 00:42 - 2019-09-11 00:42 - 005573232 _____ (Microsoft Corporation) C:\WINDOWS\system32\StartTileData.dll
    2019-09-11 00:42 - 2019-09-11 00:42 - 005569024 _____ (Microsoft Corporation) C:\WINDOWS\system32\twinui.pcshell.dll
    2019-09-11 00:42 - 2019-09-11 00:42 - 004874752 _____ (Microsoft Corporation) C:\WINDOWS\system32\jscript9.dll
    2019-09-11 00:42 - 2019-09-11 00:42 - 004588752 _____ (Microsoft Corporation) C:\WINDOWS\system32\sppsvc.exe
    2019-09-11 00:42 - 2019-09-11 00:42 - 004353016 _____ (Microsoft Corporation) C:\WINDOWS\explorer.exe
    2019-09-11 00:42 - 2019-09-11 00:42 - 004056576 _____ (Microsoft Corporation) C:\WINDOWS\system32\EdgeContent.dll
    2019-09-11 00:42 - 2019-09-11 00:42 - 003821728 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\explorer.exe
    2019-09-11 00:42 - 2019-09-11 00:42 - 003634688 _____ (Microsoft Corporation) C:\WINDOWS\system32\win32kfull.sys
    2019-09-11 00:42 - 2019-09-11 00:42 - 003490816 _____ (Microsoft Corporation) C:\WINDOWS\system32\dwmcore.dll
    2019-09-11 00:42 - 2019-09-11 00:42 - 003385856 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppXDeploymentServer.dll
    2019-09-11 00:42 - 2019-09-11 00:42 - 003096576 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dwmcore.dll
    2019-09-11 00:42 - 2019-09-11 00:42 - 003082752 _____ (Microsoft Corporation) C:\WINDOWS\system32\DWrite.dll
    2019-09-11 00:42 - 2019-09-11 00:42 - 002924344 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\tcpip.sys
    2019-09-11 00:42 - 2019-09-11 00:42 - 002879488 _____ (Microsoft Corporation) C:\WINDOWS\system32\xpsservices.dll
    2019-09-11 00:42 - 2019-09-11 00:42 - 002871608 _____ (Microsoft Corporation) C:\WINDOWS\system32\aitstatic.exe
    2019-09-11 00:42 - 2019-09-11 00:42 - 002779488 _____ (Microsoft Corporation) C:\WINDOWS\system32\iertutil.dll
    2019-09-11 00:42 - 2019-09-11 00:42 - 002700784 _____ (Microsoft Corporation) C:\WINDOWS\system32\KernelBase.dll
    2019-09-11 00:42 - 2019-09-11 00:42 - 002693120 _____ (Microsoft Corporation) C:\WINDOWS\system32\WebRuntimeManager.dll
    2019-09-11 00:42 - 2019-09-11 00:42 - 002421248 _____ (Microsoft Corporation) C:\WINDOWS\system32\win32kbase.sys
    2019-09-11 00:42 - 2019-09-11 00:42 - 002279296 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\iertutil.dll
    2019-09-11 00:42 - 2019-09-11 00:42 - 002233688 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.ApplicationModel.Store.dll
    2019-09-11 00:42 - 2019-09-11 00:42 - 002192384 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppXDeploymentExtensions.onecore.dll
    2019-09-11 00:42 - 2019-09-11 00:42 - 002086400 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\xpsservices.dll
    2019-09-11 00:42 - 2019-09-11 00:42 - 002085168 _____ (Microsoft Corporation) C:\WINDOWS\system32\AudioEng.dll
    2019-09-11 00:42 - 2019-09-11 00:42 - 002073240 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\KernelBase.dll
    2019-09-11 00:42 - 2019-09-11 00:42 - 001994768 _____ (Microsoft Corporation) C:\WINDOWS\system32\ntdll.dll
    2019-09-11 00:42 - 2019-09-11 00:42 - 001966096 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\refs.sys
    2019-09-11 00:42 - 2019-09-11 00:42 - 001929728 _____ (Microsoft Corporation) C:\WINDOWS\system32\audiosrv.dll
    2019-09-11 00:42 - 2019-09-11 00:42 - 001904128 _____ (Microsoft Corporation) C:\WINDOWS\system32\FntCache.dll
    2019-09-11 00:42 - 2019-09-11 00:42 - 001899152 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\AudioEng.dll
    2019-09-11 00:42 - 2019-09-11 00:42 - 001864192 _____ (Microsoft Corporation) C:\WINDOWS\system32\urlmon.dll
    2019-09-11 00:42 - 2019-09-11 00:42 - 001764352 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\urlmon.dll
    2019-09-11 00:42 - 2019-09-11 00:42 - 001721360 _____ (Microsoft Corporation) C:\WINDOWS\system32\appraiser.dll
    2019-09-11 00:42 - 2019-09-11 00:42 - 001702096 _____ (Microsoft Corporation) C:\WINDOWS\system32\winload.efi
    2019-09-11 00:42 - 2019-09-11 00:42 - 001687552 _____ (Microsoft Corporation) C:\WINDOWS\system32\enterprisecsps.dll
    2019-09-11 00:42 - 2019-09-11 00:42 - 001674480 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ntdll.dll
    2019-09-11 00:42 - 2019-09-11 00:42 - 001668752 _____ (Microsoft Corporation) C:\WINDOWS\system32\gdi32full.dll
    2019-09-11 00:42 - 2019-09-11 00:42 - 001655976 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.ApplicationModel.Store.dll
    2019-09-11 00:42 - 2019-09-11 00:42 - 001641400 _____ (Microsoft Corporation) C:\WINDOWS\system32\sppobjs.dll
    2019-09-11 00:42 - 2019-09-11 00:42 - 001608192 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppXDeploymentExtensions.desktop.dll
    2019-09-11 00:42 - 2019-09-11 00:42 - 001573240 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\propsys.dll
    2019-09-11 00:42 - 2019-09-11 00:42 - 001563880 _____ (Microsoft Corporation) C:\WINDOWS\system32\ttdrecordcpu.dll
    2019-09-11 00:42 - 2019-09-11 00:42 - 001551360 _____ (Microsoft Corporation) C:\WINDOWS\system32\SpeechPal.dll
    2019-09-11 00:42 - 2019-09-11 00:42 - 001484592 _____ (Microsoft Corporation) C:\WINDOWS\system32\msctf.dll
    2019-09-11 00:42 - 2019-09-11 00:42 - 001472576 _____ (Microsoft Corporation) C:\WINDOWS\system32\winload.exe
    2019-09-11 00:42 - 2019-09-11 00:42 - 001465472 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\gdi32full.dll
    2019-09-11 00:42 - 2019-09-11 00:42 - 001388544 _____ (Microsoft Corporation) C:\WINDOWS\system32\qmgr.dll
    2019-09-11 00:42 - 2019-09-11 00:42 - 001388032 _____ (Microsoft Corporation) C:\WINDOWS\system32\bcastdvruserservice.dll
    2019-09-11 00:42 - 2019-09-11 00:42 - 001344960 _____ (Microsoft Corporation) C:\WINDOWS\system32\winresume.efi
    2019-09-11 00:42 - 2019-09-11 00:42 - 001331536 _____ (Microsoft Corporation) C:\WINDOWS\system32\AudioSes.dll
    2019-09-11 00:42 - 2019-09-11 00:42 - 001318400 _____ (Microsoft Corporation) C:\WINDOWS\system32\NotificationController.dll
    2019-09-11 00:42 - 2019-09-11 00:42 - 001272560 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ttdrecordcpu.dll
    2019-09-11 00:42 - 2019-09-11 00:42 - 001256960 _____ (Microsoft Corporation) C:\WINDOWS\system32\SystemSettings.Handlers.dll
    2019-09-11 00:42 - 2019-09-11 00:42 - 001221528 _____ (Microsoft Corporation) C:\WINDOWS\system32\ClipUp.exe
    2019-09-11 00:42 - 2019-09-11 00:42 - 001182240 _____ (Microsoft Corporation) C:\WINDOWS\system32\winresume.exe
    2019-09-11 00:42 - 2019-09-11 00:42 - 001180248 _____ (Microsoft Corporation) C:\WINDOWS\system32\rpcrt4.dll
    2019-09-11 00:42 - 2019-09-11 00:42 - 001171968 _____ (Microsoft Corporation) C:\WINDOWS\system32\Unistore.dll
    2019-09-11 00:42 - 2019-09-11 00:42 - 001098136 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\AudioSes.dll
    2019-09-11 00:42 - 2019-09-11 00:42 - 001081656 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Services.TargetedContent.dll
    2019-09-11 00:42 - 2019-09-11 00:42 - 001054952 _____ (Microsoft Corporation) C:\WINDOWS\system32\ApplyTrustOffline.exe
    2019-09-11 00:42 - 2019-09-11 00:42 - 001052160 _____ (Microsoft Corporation) C:\WINDOWS\system32\MPSSVC.dll
    2019-09-11 00:42 - 2019-09-11 00:42 - 001047552 _____ (Microsoft Corporation) C:\WINDOWS\system32\clusapi.dll
    2019-09-11 00:42 - 2019-09-11 00:42 - 001010688 _____ (Microsoft Corporation) C:\WINDOWS\system32\refsutil.exe
    2019-09-11 00:42 - 2019-09-11 00:42 - 000988672 _____ (Microsoft Corporation) C:\WINDOWS\system32\StorSvc.dll
    2019-09-11 00:42 - 2019-09-11 00:42 - 000968192 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Unistore.dll
    2019-09-11 00:42 - 2019-09-11 00:42 - 000948224 _____ (Microsoft Corporation) C:\WINDOWS\system32\uDWM.dll
    2019-09-11 00:42 - 2019-09-11 00:42 - 000914432 _____ (Microsoft Corporation) C:\WINDOWS\system32\Microsoft.Graphics.Display.DisplayEnhancementService.dll
    2019-09-11 00:42 - 2019-09-11 00:42 - 000888120 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\pidgenx.dll
    2019-09-11 00:42 - 2019-09-11 00:42 - 000848896 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Internal.Signals.dll
    2019-09-11 00:42 - 2019-09-11 00:42 - 000811024 _____ (Microsoft Corporation) C:\WINDOWS\system32\generaltel.dll
    2019-09-11 00:42 - 2019-09-11 00:42 - 000807760 _____ (Microsoft Corporation) C:\WINDOWS\system32\fontdrvhost.exe
    2019-09-11 00:42 - 2019-09-11 00:42 - 000800768 _____ (Microsoft Corporation) C:\WINDOWS\system32\uReFS.dll
    2019-09-11 00:42 - 2019-09-11 00:42 - 000794112 _____ (Microsoft Corporation) C:\WINDOWS\system32\LogonController.dll
    2019-09-11 00:42 - 2019-09-11 00:42 - 000782968 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\rpcrt4.dll
    2019-09-11 00:42 - 2019-09-11 00:42 - 000779776 _____ (Microsoft Corporation) C:\WINDOWS\system32\winlogon.exe
    2019-09-11 00:42 - 2019-09-11 00:42 - 000774968 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Services.TargetedContent.dll
    2019-09-11 00:42 - 2019-09-11 00:42 - 000749568 _____ (Microsoft Corporation) C:\WINDOWS\system32\AudioEndpointBuilder.dll
    2019-09-11 00:42 - 2019-09-11 00:42 - 000741392 _____ (Microsoft Corporation) C:\WINDOWS\system32\SettingsHandlers_StorageSense.dll
    2019-09-11 00:42 - 2019-09-11 00:42 - 000740904 _____ (Microsoft Corporation) C:\WINDOWS\system32\aeinv.dll
    2019-09-11 00:42 - 2019-09-11 00:42 - 000736768 _____ (Microsoft Corporation) C:\WINDOWS\system32\LockController.dll
    2019-09-11 00:42 - 2019-09-11 00:42 - 000736056 _____ (Microsoft Corporation) C:\WINDOWS\system32\LicensingWinRT.dll
    2019-09-11 00:42 - 2019-09-11 00:42 - 000703488 _____ (Microsoft Corporation) C:\WINDOWS\system32\jscript9diag.dll
    2019-09-11 00:42 - 2019-09-11 00:42 - 000689664 _____ (Microsoft Corporation) C:\WINDOWS\system32\ActivationManager.dll
    2019-09-11 00:42 - 2019-09-11 00:42 - 000682496 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\uReFS.dll
    2019-09-11 00:42 - 2019-09-11 00:42 - 000660544 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\fontdrvhost.exe
    2019-09-11 00:42 - 2019-09-11 00:42 - 000652832 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\AppXDeploymentClient.dll
    2019-09-11 00:42 - 2019-09-11 00:42 - 000637752 _____ (Microsoft Corporation) C:\WINDOWS\system32\devinv.dll
    2019-09-11 00:42 - 2019-09-11 00:42 - 000626176 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\tdh.dll
    2019-09-11 00:42 - 2019-09-11 00:42 - 000622392 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\LicensingWinRT.dll
    2019-09-11 00:42 - 2019-09-11 00:42 - 000622080 _____ (Microsoft Corporation) C:\WINDOWS\system32\resutils.dll
    2019-09-11 00:42 - 2019-09-11 00:42 - 000622080 _____ (Microsoft Corporation) C:\WINDOWS\system32\NgcCtnrSvc.dll
    2019-09-11 00:42 - 2019-09-11 00:42 - 000616448 _____ (Microsoft Corporation) C:\WINDOWS\system32\daxexec.dll
    2019-09-11 00:42 - 2019-09-11 00:42 - 000606088 _____ (Microsoft Corporation) C:\WINDOWS\system32\directmanipulation.dll
    2019-09-11 00:42 - 2019-09-11 00:42 - 000605184 _____ (Microsoft Corporation) C:\WINDOWS\system32\facecredentialprovider.dll
    2019-09-11 00:42 - 2019-09-11 00:42 - 000604344 _____ (Microsoft Corporation) C:\WINDOWS\system32\audiodg.exe
    2019-09-11 00:42 - 2019-09-11 00:42 - 000595456 _____ (Microsoft Corporation) C:\WINDOWS\system32\vbscript.dll
    2019-09-11 00:42 - 2019-09-11 00:42 - 000591160 _____ (Microsoft Corporation) C:\WINDOWS\system32\hal.dll
    2019-09-11 00:42 - 2019-09-11 00:42 - 000589312 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ActivationManager.dll
    2019-09-11 00:42 - 2019-09-11 00:42 - 000585184 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppResolver.dll
    2019-09-11 00:42 - 2019-09-11 00:42 - 000572416 _____ (Microsoft Corporation) C:\WINDOWS\system32\wpnprv.dll
    2019-09-11 00:42 - 2019-09-11 00:42 - 000558592 _____ (Microsoft Corporation) C:\WINDOWS\system32\ngccredprov.dll
    2019-09-11 00:42 - 2019-09-11 00:42 - 000554000 _____ (Microsoft Corporation) C:\WINDOWS\system32\pcasvc.dll
    2019-09-11 00:42 - 2019-09-11 00:42 - 000540240 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\StructuredQuery.dll
    2019-09-11 00:42 - 2019-09-11 00:42 - 000535056 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\mrxsmb.sys
    2019-09-11 00:42 - 2019-09-11 00:42 - 000532992 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\vbscript.dll
    2019-09-11 00:42 - 2019-09-11 00:42 - 000519168 _____ (Microsoft Corporation) C:\WINDOWS\system32\sppcext.dll
    2019-09-11 00:42 - 2019-09-11 00:42 - 000515960 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\directmanipulation.dll
    2019-09-11 00:42 - 2019-09-11 00:42 - 000515152 _____ (Microsoft Corporation) C:\WINDOWS\system32\policymanager.dll
    2019-09-11 00:42 - 2019-09-11 00:42 - 000505128 _____ (Microsoft Corporation) C:\WINDOWS\system32\wow64win.dll
    2019-09-11 00:42 - 2019-09-11 00:42 - 000497152 _____ (Microsoft Corporation) C:\WINDOWS\system32\NgcCtnr.dll
    2019-09-11 00:42 - 2019-09-11 00:42 - 000489984 _____ (Microsoft Corporation) C:\WINDOWS\system32\ResourceMapper.dll
    2019-09-11 00:42 - 2019-09-11 00:42 - 000484352 _____ (Microsoft Corporation) C:\WINDOWS\system32\cloudAP.dll
    2019-09-11 00:42 - 2019-09-11 00:42 - 000464912 _____ (Microsoft Corporation) C:\WINDOWS\system32\invagent.dll
    2019-09-11 00:42 - 2019-09-11 00:42 - 000450872 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\policymanager.dll
    2019-09-11 00:42 - 2019-09-11 00:42 - 000449376 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\AppResolver.dll
    2019-09-11 00:42 - 2019-09-11 00:42 - 000449024 _____ (Microsoft Corporation) C:\WINDOWS\system32\edgeIso.dll
    2019-09-11 00:42 - 2019-09-11 00:42 - 000439808 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ngccredprov.dll
    2019-09-11 00:42 - 2019-09-11 00:42 - 000435712 _____ (Microsoft Corporation) C:\WINDOWS\system32\cryptngc.dll
    2019-09-11 00:42 - 2019-09-11 00:42 - 000425472 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\daxexec.dll
    2019-09-11 00:42 - 2019-09-11 00:42 - 000378368 _____ (Microsoft Corporation) C:\WINDOWS\system32\provengine.dll
    2019-09-11 00:42 - 2019-09-11 00:42 - 000360960 _____ (Microsoft Corporation) C:\WINDOWS\system32\DeviceEnroller.exe
    2019-09-11 00:42 - 2019-09-11 00:42 - 000351432 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Storage.ApplicationData.dll
    2019-09-11 00:42 - 2019-09-11 00:42 - 000347576 _____ (Microsoft Corporation) C:\WINDOWS\system32\AudioSrvPolicyManager.dll
    2019-09-11 00:42 - 2019-09-11 00:42 - 000346624 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppxAllUserStore.dll
    2019-09-11 00:42 - 2019-09-11 00:42 - 000330752 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\edgeIso.dll
    2019-09-11 00:42 - 2019-09-11 00:42 - 000330672 _____ (Microsoft Corporation) C:\WINDOWS\system32\ttdwriter.dll
    2019-09-11 00:42 - 2019-09-11 00:42 - 000330592 _____ (Microsoft Corporation) C:\WINDOWS\system32\wow64.dll
    2019-09-11 00:42 - 2019-09-11 00:42 - 000324408 _____ (Microsoft Corporation) C:\WINDOWS\system32\acmigration.dll
    2019-09-11 00:42 - 2019-09-11 00:42 - 000322048 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\cryptngc.dll
    2019-09-11 00:42 - 2019-09-11 00:42 - 000312832 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.ApplicationModel.Store.TestingFramework.dll
    2019-09-11 00:42 - 2019-09-11 00:42 - 000293376 _____ (Microsoft Corporation) C:\WINDOWS\system32\TDLMigration.dll
    2019-09-11 00:42 - 2019-09-11 00:42 - 000279416 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Storage.ApplicationData.dll
    2019-09-11 00:42 - 2019-09-11 00:42 - 000275968 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.UI.AppDefaults.dll
    2019-09-11 00:42 - 2019-09-11 00:42 - 000274432 _____ (Microsoft Corporation) C:\WINDOWS\system32\SystemEventsBrokerServer.dll
    2019-09-11 00:42 - 2019-09-11 00:42 - 000272648 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ttdwriter.dll
    2019-09-11 00:42 - 2019-09-11 00:42 - 000251904 _____ (Microsoft Corporation) C:\WINDOWS\system32\SettingsHandlers_ManagePhone.dll
    2019-09-11 00:42 - 2019-09-11 00:42 - 000251904 _____ (Microsoft Corporation) C:\WINDOWS\system32\HttpsDataSource.dll
    2019-09-11 00:42 - 2019-09-11 00:42 - 000228864 _____ (Microsoft Corporation) C:\WINDOWS\system32\provisioningcsp.dll
    2019-09-11 00:42 - 2019-09-11 00:42 - 000190976 _____ (Microsoft Corporation) C:\WINDOWS\system32\ngcpopkeysrv.dll
    2019-09-11 00:42 - 2019-09-11 00:42 - 000177176 _____ (Microsoft Corporation) C:\WINDOWS\system32\imm32.dll
    2019-09-11 00:42 - 2019-09-11 00:42 - 000175616 _____ (Microsoft Corporation) C:\WINDOWS\system32\NcaSvc.dll
    2019-09-11 00:42 - 2019-09-11 00:42 - 000168248 _____ (Microsoft Corporation) C:\WINDOWS\system32\dwmapi.dll
    2019-09-11 00:42 - 2019-09-11 00:42 - 000164152 _____ (Microsoft Corporation) C:\WINDOWS\system32\CompatTelRunner.exe
    2019-09-11 00:42 - 2019-09-11 00:42 - 000157696 _____ (Microsoft Corporation) C:\WINDOWS\system32\dssvc.dll
    2019-09-11 00:42 - 2019-09-11 00:42 - 000144080 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\imm32.dll
    2019-09-11 00:42 - 2019-09-11 00:42 - 000140088 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dwmapi.dll
    2019-09-11 00:42 - 2019-09-11 00:42 - 000130872 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Graphics.Display.BrightnessOverride.dll
    2019-09-11 00:42 - 2019-09-11 00:42 - 000130560 _____ (Microsoft Corporation) C:\WINDOWS\system32\dwmredir.dll
    2019-09-11 00:42 - 2019-09-11 00:42 - 000128512 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.UI.Storage.dll
    2019-09-11 00:42 - 2019-09-11 00:42 - 000126976 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppxSysprep.dll
    2019-09-11 00:42 - 2019-09-11 00:42 - 000120344 _____ (Microsoft Corporation) C:\WINDOWS\system32\OpenWith.exe
    2019-09-11 00:42 - 2019-09-11 00:42 - 000106048 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\OpenWith.exe
    2019-09-11 00:42 - 2019-09-11 00:42 - 000099840 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\UcmUcsiCx.sys
    2019-09-11 00:42 - 2019-09-11 00:42 - 000098080 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Graphics.Display.BrightnessOverride.dll
    2019-09-11 00:42 - 2019-09-11 00:42 - 000094208 _____ (Microsoft Corporation) C:\WINDOWS\system32\mcbuilder.exe
    2019-09-11 00:42 - 2019-09-11 00:42 - 000091136 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\drvsetup.dll
    2019-09-11 00:42 - 2019-09-11 00:42 - 000080896 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mcbuilder.exe
    2019-09-11 00:42 - 2019-09-11 00:42 - 000078336 _____ (Microsoft Corporation) C:\WINDOWS\system32\ComputerDefaults.exe
    2019-09-11 00:42 - 2019-09-11 00:42 - 000071696 _____ (Microsoft Corporation) C:\WINDOWS\system32\win32appinventorycsp.dll
    2019-09-11 00:42 - 2019-09-11 00:42 - 000060416 _____ (Microsoft Corporation) C:\WINDOWS\system32\TpmTasks.dll
    2019-09-11 00:42 - 2019-09-11 00:42 - 000025088 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\ws2ifsl.sys
    2019-09-11 00:41 - 2019-09-11 00:41 - 007690648 _____ (Microsoft Corporation) C:\WINDOWS\system32\windows.storage.dll
    2019-09-11 00:41 - 2019-09-11 00:41 - 003333984 _____ (Microsoft Corporation) C:\WINDOWS\system32\combase.dll
    2019-09-11 00:41 - 2019-09-11 00:41 - 002706432 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\win32kfull.sys
    2019-09-11 00:41 - 2019-09-11 00:41 - 002645504 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\DWrite.dll
    2019-09-11 00:41 - 2019-09-11 00:41 - 002593032 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\combase.dll
    2019-09-11 00:41 - 2019-09-11 00:41 - 001893376 _____ (Microsoft Corporation) C:\WINDOWS\system32\wevtsvc.dll
    2019-09-11 00:41 - 2019-09-11 00:41 - 001743168 _____ (Microsoft Corporation) C:\WINDOWS\system32\propsys.dll
    2019-09-11 00:41 - 2019-09-11 00:41 - 001387512 _____ (Microsoft Corporation) C:\WINDOWS\system32\WinTypes.dll
    2019-09-11 00:41 - 2019-09-11 00:41 - 001294280 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msctf.dll
    2019-09-11 00:41 - 2019-09-11 00:41 - 001253688 _____ (Microsoft Corporation) C:\WINDOWS\system32\hvix64.exe
    2019-09-11 00:41 - 2019-09-11 00:41 - 001191512 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ucrtbase.dll
    2019-09-11 00:41 - 2019-09-11 00:41 - 001048888 _____ (Microsoft Corporation) C:\WINDOWS\system32\hvax64.exe
    2019-09-11 00:41 - 2019-09-11 00:41 - 001022824 _____ (Microsoft Corporation) C:\WINDOWS\system32\ucrtbase.dll
    2019-09-11 00:41 - 2019-09-11 00:41 - 000900096 _____ (Microsoft Corporation) C:\WINDOWS\system32\usocore.dll
    2019-09-11 00:41 - 2019-09-11 00:41 - 000865576 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppXDeploymentClient.dll
    2019-09-11 00:41 - 2019-09-11 00:41 - 000851272 _____ (Microsoft Corporation) C:\WINDOWS\system32\ci.dll
    2019-09-11 00:41 - 2019-09-11 00:41 - 000806568 _____ C:\WINDOWS\SysWOW64\locale.nls
    2019-09-11 00:41 - 2019-09-11 00:41 - 000806568 _____ C:\WINDOWS\system32\locale.nls
    2019-09-11 00:41 - 2019-09-11 00:41 - 000793824 _____ (Microsoft Corporation) C:\WINDOWS\system32\oleaut32.dll
    2019-09-11 00:41 - 2019-09-11 00:41 - 000791352 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\acpi.sys
    2019-09-11 00:41 - 2019-09-11 00:41 - 000774192 _____ (Microsoft Corporation) C:\WINDOWS\system32\pkeyhelper.dll
    2019-09-11 00:41 - 2019-09-11 00:41 - 000773632 _____ (Microsoft Corporation) C:\WINDOWS\system32\tdh.dll
    2019-09-11 00:41 - 2019-09-11 00:41 - 000764416 _____ (Microsoft Corporation) C:\WINDOWS\system32\updatehandlers.dll
    2019-09-11 00:41 - 2019-09-11 00:41 - 000751928 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\vhdmp.sys
    2019-09-11 00:41 - 2019-09-11 00:41 - 000675096 _____ (Microsoft Corporation) C:\WINDOWS\system32\StructuredQuery.dll
    2019-09-11 00:41 - 2019-09-11 00:41 - 000652600 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\spaceport.sys
    2019-09-11 00:41 - 2019-09-11 00:41 - 000652304 _____ (Microsoft Corporation) C:\WINDOWS\system32\securekernel.exe
    2019-09-11 00:41 - 2019-09-11 00:41 - 000646656 _____ (Microsoft Corporation) C:\WINDOWS\system32\w32time.dll
    2019-09-11 00:41 - 2019-09-11 00:41 - 000607744 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\nshwfp.dll
    2019-09-11 00:41 - 2019-09-11 00:41 - 000603784 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\oleaut32.dll
    2019-09-11 00:41 - 2019-09-11 00:41 - 000574464 _____ (Microsoft Corporation) C:\WINDOWS\system32\MusNotification.exe
    2019-09-11 00:41 - 2019-09-11 00:41 - 000532192 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mf.dll
    2019-09-11 00:41 - 2019-09-11 00:41 - 000520208 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\Vid.sys
    2019-09-11 00:41 - 2019-09-11 00:41 - 000513336 _____ (Microsoft Corporation) C:\WINDOWS\system32\aepic.dll
    2019-09-11 00:41 - 2019-09-11 00:41 - 000511288 _____ (Microsoft Corporation) C:\WINDOWS\system32\dcntel.dll
    2019-09-11 00:41 - 2019-09-11 00:41 - 000506200 _____ (Microsoft Corporation) C:\WINDOWS\system32\mf.dll
    2019-09-11 00:41 - 2019-09-11 00:41 - 000421376 _____ (curl, hxxps://curl.haxx.se/) C:\WINDOWS\system32\curl.exe
    2019-09-11 00:41 - 2019-09-11 00:41 - 000415544 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\aepic.dll
    2019-09-11 00:41 - 2019-09-11 00:41 - 000405304 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\clfs.sys
    2019-09-11 00:41 - 2019-09-11 00:41 - 000402368 _____ (Microsoft Corporation) C:\WINDOWS\system32\SgrmEnclave.dll
    2019-09-11 00:41 - 2019-09-11 00:41 - 000398208 _____ (Microsoft Corporation) C:\WINDOWS\system32\SgrmEnclave_secure.dll
    2019-09-11 00:41 - 2019-09-11 00:41 - 000294728 _____ (Microsoft Corporation) C:\WINDOWS\system32\skci.dll
    2019-09-11 00:41 - 2019-09-11 00:41 - 000273920 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\AppxAllUserStore.dll
    2019-09-11 00:41 - 2019-09-11 00:41 - 000248832 _____ (Microsoft Corporation) C:\WINDOWS\system32\w32tm.exe
    2019-09-11 00:41 - 2019-09-11 00:41 - 000240128 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\winnat.sys
    2019-09-11 00:41 - 2019-09-11 00:41 - 000224768 _____ (Microsoft Corporation) C:\WINDOWS\system32\ptpprov.dll
    2019-09-11 00:41 - 2019-09-11 00:41 - 000211968 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\w32tm.exe
    2019-09-11 00:41 - 2019-09-11 00:41 - 000209920 _____ (Microsoft Corporation) C:\WINDOWS\system32\hidclass.sys
    2019-09-11 00:41 - 2019-09-11 00:41 - 000209920 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\hidclass.sys
    2019-09-11 00:41 - 2019-09-11 00:41 - 000202752 _____ (Microsoft Corporation) C:\WINDOWS\system32\SecureTimeAggregator.dll
    2019-09-11 00:41 - 2019-09-11 00:41 - 000164504 _____ (Microsoft Corporation) C:\WINDOWS\system32\vertdll.dll
    2019-09-11 00:41 - 2019-09-11 00:41 - 000163328 _____ (Microsoft Corporation) C:\WINDOWS\system32\profext.dll
    2019-09-11 00:41 - 2019-09-11 00:41 - 000140600 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\tm.sys
    2019-09-11 00:41 - 2019-09-11 00:41 - 000133632 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\profext.dll
    2019-09-11 00:41 - 2019-09-11 00:41 - 000120832 _____ (Microsoft Corporation) C:\WINDOWS\system32\updatecsp.dll
    2019-09-11 00:41 - 2019-09-11 00:41 - 000109568 _____ (Microsoft Corporation) C:\WINDOWS\system32\drvsetup.dll
    2019-09-11 00:41 - 2019-09-11 00:41 - 000090632 _____ (Microsoft Corporation) C:\WINDOWS\system32\hvloader.dll
    2019-09-11 00:41 - 2019-09-11 00:41 - 000087056 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\winhvr.sys
    2019-09-11 00:41 - 2019-09-11 00:41 - 000036152 _____ (Microsoft Corporation) C:\WINDOWS\system32\DeviceCensus.exe
    2019-09-11 00:41 - 2019-09-11 00:41 - 000031744 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\UcmUcsiAcpiClient.sys
    2019-09-11 00:41 - 2019-09-11 00:41 - 000000315 _____ C:\WINDOWS\system32\DrtmAuth8.bin
    2019-09-11 00:41 - 2019-09-11 00:41 - 000000315 _____ C:\WINDOWS\system32\DrtmAuth7.bin
    2019-09-11 00:41 - 2019-09-11 00:41 - 000000315 _____ C:\WINDOWS\system32\DrtmAuth6.bin
    2019-09-11 00:41 - 2019-09-11 00:41 - 000000315 _____ C:\WINDOWS\system32\DrtmAuth5.bin
    2019-09-11 00:41 - 2019-09-11 00:41 - 000000315 _____ C:\WINDOWS\system32\DrtmAuth4.bin
    2019-09-11 00:41 - 2019-09-11 00:41 - 000000315 _____ C:\WINDOWS\system32\DrtmAuth3.bin
    2019-09-11 00:41 - 2019-09-11 00:41 - 000000315 _____ C:\WINDOWS\system32\DrtmAuth2.bin
    2019-09-11 00:41 - 2019-09-11 00:41 - 000000315 _____ C:\WINDOWS\system32\DrtmAuth1.bin
    2019-09-10 10:16 - 2019-09-10 10:16 - 000251043 _____ C:\Users\cicci\Downloads\Los_edificadores_de_la_Selva_obras_preco.pdf
    2019-09-09 21:52 - 2019-09-09 21:52 - 000363912 _____ (AVAST Software) C:\WINDOWS\system32\aswBoot.exe
    2019-09-09 21:52 - 2019-09-09 21:52 - 000236024 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswStm.sys
    2019-09-09 21:52 - 2019-09-09 21:52 - 000169408 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswMonFlt.sys
    2019-09-06 15:32 - 2019-09-07 21:03 - 000000000 ____D C:\Users\cicci\Documents\Reflect
    2019-09-06 14:01 - 2019-09-06 14:01 - 000002030 _____ C:\Users\Public\Desktop\Macrium Reflect.lnk
    2019-09-06 14:01 - 2019-09-06 14:01 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Macrium
    2019-09-06 14:01 - 2019-09-06 14:01 - 000000000 ____D C:\Program Files\Macrium
    2019-09-06 13:59 - 2019-09-06 13:59 - 005278464 _____ (Paramount Software UK Ltd) C:\Users\cicci\Downloads\ReflectDLHF (1).exe
    2019-09-06 13:57 - 2019-09-08 11:04 - 000000000 ____D C:\ProgramData\Macrium
    2019-09-06 13:57 - 2019-09-06 13:57 - 000000000 ____D C:\Users\cicci\Downloads\Macrium
    2019-09-06 13:55 - 2019-09-06 13:55 - 005278464 _____ (Paramount Software UK Ltd) C:\Users\cicci\Downloads\ReflectDLHF.exe
    2019-09-02 12:07 - 2019-09-02 12:07 - 000000000 _____ C:\WINDOWS\HPMProp.INI
    2019-09-02 12:06 - 2019-09-02 12:06 - 000000000 ____D C:\ProgramData\Hewlett-Packard
    2019-09-02 12:06 - 2019-05-24 11:27 - 000556680 _____ (HP Inc.) C:\WINDOWS\SysWOW64\hpcdmc32.dll
    2019-09-02 12:06 - 2019-05-24 11:27 - 000537224 _____ (HP Inc.) C:\WINDOWS\system32\hpcpn230.dll
    2019-09-02 12:06 - 2019-05-24 11:27 - 000501896 _____ (HP Inc.) C:\WINDOWS\SysWOW64\hpcc3230.dll
    2019-09-02 12:06 - 2019-05-24 11:27 - 000315528 _____ (HP Inc.) C:\WINDOWS\system32\hpmlm225.dll
    2019-09-02 12:06 - 2019-05-24 11:27 - 000264840 _____ (HP Inc.) C:\WINDOWS\system32\hpmml230.dll
    2019-09-02 12:06 - 2019-05-24 11:27 - 000241800 _____ (HP Inc.) C:\WINDOWS\system32\hpmja230.dll
    2019-09-02 12:06 - 2019-05-24 11:27 - 000229512 _____ (HP Inc.) C:\WINDOWS\system32\hpmpm082.dll
    2019-09-02 12:06 - 2019-05-24 11:27 - 000203912 _____ (HP Inc.) C:\WINDOWS\system32\hpmtp230.dll
    2019-09-02 12:06 - 2019-05-24 11:27 - 000195208 _____ (Hewlett-Packard) C:\WINDOWS\system32\hppdcompio.dll
    2019-09-02 12:06 - 2019-05-24 11:27 - 000178312 _____ (HP Inc.) C:\WINDOWS\system32\hpcjpm.dll
    2019-09-02 12:06 - 2019-05-24 11:27 - 000169096 _____ (Hewlett-Packard) C:\WINDOWS\SysWOW64\hppccompio.dll
    2019-09-02 12:06 - 2019-05-24 11:27 - 000127624 _____ (HP Inc.) C:\WINDOWS\system32\hpmpw082.dll
    2019-09-02 12:06 - 2019-05-24 11:27 - 000061064 _____ (Hewlett-Packard) C:\WINDOWS\system32\FxCompChannel_x64.dll
    2019-09-02 12:04 - 2019-09-02 12:04 - 000000000 ____D C:\HP Universal Print Driver
    2019-09-02 12:03 - 2019-09-02 12:03 - 020048936 _____ C:\Users\cicci\Downloads\upd-pcl6-x64-6.8.0.24296.exe
    2019-09-02 11:57 - 2019-09-02 11:57 - 000000000 ____D C:\Users\cicci\AppData\Local\ElevatedDiagnostics
    2019-08-20 09:35 - 2019-08-20 09:35 - 000000074 _____ C:\Users\cicci\Desktop\amazon prime.txt
    ==================== One month (modified) ========
    (If an entry is included in the fixlist, the file/folder will be moved.)
    2019-09-17 23:47 - 2016-04-26 18:28 - 000000000 ____D C:\FRST
    2019-09-17 23:37 - 2019-03-11 17:48 - 000000000 ____D C:\WINDOWS\system32\SleepStudy
    2019-09-17 23:37 - 2018-09-15 03:33 - 000000000 ____D C:\ProgramData\regid.1991-06.com.microsoft
    2019-09-17 21:04 - 2017-08-09 14:39 - 000000000 ____D C:\Users\cicci\AppData\Roaming\FileZilla
    2019-09-17 20:22 - 2019-03-26 21:14 - 000001750 _____ C:\Users\cicci\Desktop\cpanels emailsMAIN.txt
    2019-09-17 13:46 - 2019-08-02 15:41 - 000000666 _____ C:\WINDOWS\Tasks\G2MUploadTask-S-1-5-21-614755349-3072655537-2205226653-1001.job
    2019-09-17 13:46 - 2019-08-02 15:41 - 000000570 _____ C:\WINDOWS\Tasks\G2MUpdateTask-S-1-5-21-614755349-3072655537-2205226653-1001.job
    2019-09-17 13:46 - 2019-03-11 18:34 - 000000000 ____D C:\WINDOWS\System32\Tasks\AVAST Software
    2019-09-17 12:50 - 2018-09-15 03:33 - 000000000 ___HD C:\Program Files\WindowsApps
    2019-09-17 12:50 - 2018-09-15 03:33 - 000000000 ____D C:\WINDOWS\AppReadiness
    2019-09-17 12:50 - 2018-09-15 03:31 - 000000000 ____D C:\WINDOWS\INF
    2019-09-16 21:53 - 2019-08-02 15:41 - 000000000 ____D C:\Users\cicci\AppData\Local\GoToMeeting
    2019-09-16 09:25 - 2019-03-11 19:42 - 000000000 ____D C:\Users\cicci\AppData\Local\Deployment
    2019-09-16 09:25 - 2018-01-03 12:28 - 000000000 ____D C:\Users\cicci\AppData\Roaming\KindleAddIn
    2019-09-15 12:42 - 2017-08-10 13:27 - 000000000 ____D C:\Users\cicci\AppData\Local\CrashDumps
    2019-09-15 11:56 - 2016-04-29 10:37 - 000000000 ____D C:\AdwCleaner
    2019-09-15 11:49 - 2017-10-31 21:22 - 000000180 _____ C:\WINDOWS\system32\{A6D608F0-0BDE-491A-97AE-5C4B05D86E01}.bat
    2019-09-15 11:49 - 2016-04-12 20:39 - 000000000 __SHD C:\Users\cicci\IntelGraphicsProfiles
    2019-09-15 11:28 - 2019-03-11 18:11 - 000842664 _____ C:\WINDOWS\system32\PerfStringBackup.INI
    2019-09-15 11:20 - 2019-03-11 18:34 - 000000006 ____H C:\WINDOWS\Tasks\SA.DAT
    2019-09-15 11:20 - 2018-09-15 02:09 - 001048576 _____ C:\WINDOWS\system32\config\BBI
    2019-09-15 11:16 - 2016-04-27 18:59 - 000000000 ____D C:\Users\cicci\AppData\LocalLow\Temp
    2019-09-15 03:01 - 2015-12-17 03:04 - 000000000 ____D C:\ProgramData\Temp
    2019-09-15 00:29 - 2018-06-27 20:32 - 000000000 ____D C:\Users\cicci\AppData\Local\D3DSCache
    2019-09-14 20:48 - 2019-05-29 10:32 - 000002416 _____ C:\Users\cicci\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\OneDrive.lnk
    2019-09-14 20:48 - 2016-04-12 20:43 - 000000000 ___RD C:\Users\cicci\OneDrive
    2019-09-14 10:48 - 2016-09-01 21:24 - 000000000 ____D C:\Users\cicci\Documents\databases
    2019-09-11 09:39 - 2019-03-11 17:55 - 000000000 ____D C:\Users\cicci
    2019-09-11 09:39 - 2016-04-16 11:41 - 000000000 ___RD C:\Users\cicci\3D Objects
    2019-09-11 09:39 - 2016-02-13 09:20 - 000000000 __RHD C:\Users\Public\AccountPictures
    2019-09-11 09:26 - 2018-09-15 03:33 - 000000000 ___SD C:\WINDOWS\system32\DiagSvcs
    2019-09-11 09:26 - 2018-09-15 03:33 - 000000000 ___RD C:\WINDOWS\ImmersiveControlPanel
    2019-09-11 09:26 - 2018-09-15 03:33 - 000000000 ____D C:\WINDOWS\SysWOW64\Dism
    2019-09-11 09:26 - 2018-09-15 03:33 - 000000000 ____D C:\WINDOWS\system32\oobe
    2019-09-11 09:26 - 2018-09-15 03:33 - 000000000 ____D C:\WINDOWS\ShellExperiences
    2019-09-11 09:26 - 2018-09-15 03:33 - 000000000 ____D C:\WINDOWS\ShellComponents
    2019-09-11 09:26 - 2018-09-15 03:33 - 000000000 ____D C:\WINDOWS\PolicyDefinitions
    2019-09-11 09:26 - 2018-09-15 03:33 - 000000000 ____D C:\WINDOWS\bcastdvr
    2019-09-11 09:26 - 2018-09-15 02:09 - 000000000 ____D C:\WINDOWS\system32\Dism
    2019-09-11 09:25 - 2018-07-14 16:27 - 000000000 ____D C:\Program Files (x86)\Mozilla Maintenance Service
    2019-09-11 00:54 - 2018-09-15 03:23 - 000000000 ____D C:\WINDOWS\CbsTemp
    2019-09-11 00:50 - 2016-07-18 12:33 - 000000000 ___RD C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Office 2013
    2019-09-09 21:54 - 2016-05-12 17:33 - 000478096 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswSP.sys
    2019-09-09 21:52 - 2019-03-08 14:15 - 000282768 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswHdsKe.sys
    2019-09-09 21:52 - 2019-03-08 14:13 - 000037104 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswArDisk.sys
    2019-09-09 21:52 - 2019-01-14 10:37 - 000263008 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswbidsdriver.sys
    2019-09-09 21:52 - 2019-01-10 02:40 - 000205848 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswbidsh.sys
    2019-09-09 21:52 - 2019-01-10 02:40 - 000061472 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswbuniv.sys
    2019-09-09 21:52 - 2018-10-10 19:37 - 000042288 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswKbd.sys
    2019-09-09 21:52 - 2018-09-15 03:33 - 000000000 ___HD C:\WINDOWS\ELAMBKUP
    2019-09-09 21:52 - 2017-11-21 15:17 - 000209552 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswArPot.sys
    2019-09-09 21:52 - 2016-05-12 17:33 - 001030784 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswSnx.sys
    2019-09-09 21:52 - 2016-05-12 17:33 - 000387176 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswVmm.sys
    2019-09-09 21:52 - 2016-05-12 17:33 - 000112312 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswRdr2.sys
    2019-09-09 21:52 - 2016-05-12 17:33 - 000087944 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswRvrt.sys
    2019-09-08 19:53 - 2016-04-13 00:59 - 000001285 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Thunderbird.lnk
    2019-09-08 19:52 - 2016-07-10 10:36 - 000000000 ____D C:\Program Files (x86)\Mozilla Thunderbird
    2019-09-08 11:56 - 2018-03-08 13:32 - 000002270 _____ C:\Users\cicci\Documents\flashdrivescontents.csv
    2019-09-08 10:40 - 2018-01-12 15:39 - 000000000 ____D C:\Users\cicci\AppData\Local\Packages
    2019-09-07 18:48 - 2016-08-11 11:16 - 000001194 _____ C:\Users\cicci\AppData\Roaming\SAS7_000.DAT
    2019-09-05 09:37 - 2019-05-23 13:08 - 000000000 ____D C:\Users\cicci\Documents\My Kindle Content
    2019-08-31 17:14 - 2019-02-07 12:11 - 000716800 _____ C:\Users\cicci\Desktop\petrika..accdb
    2019-08-29 15:25 - 2019-02-23 19:36 - 000000000 ___DC C:\WINDOWS\Panther
    2019-08-29 13:54 - 2019-03-11 18:30 - 000024768 _____ C:\WINDOWS\diagwrn.xml
    2019-08-29 13:54 - 2019-03-11 18:30 - 000024768 _____ C:\WINDOWS\diagerr.xml
    2019-08-29 12:49 - 2018-09-15 02:09 - 000032768 _____ C:\WINDOWS\system32\config\ELAM
    2019-08-29 12:29 - 2019-03-19 03:02 - 000000000 ___HD C:\$WINDOWS.~BT
    2019-08-28 20:28 - 2016-10-04 18:56 - 000000000 ____D C:\Users\cicci\Documents\glue
    2019-08-27 20:43 - 2016-05-03 19:03 - 000001111 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\paint.net.lnk
    2019-08-27 20:42 - 2016-05-03 19:03 - 000001099 _____ C:\Users\Public\Desktop\paint.net.lnk
    2019-08-27 20:42 - 2016-05-03 19:03 - 000000000 ____D C:\Program Files\paint.net
    2019-08-26 19:42 - 2019-06-09 19:32 - 000421888 _____ C:\Users\cicci\Documents\kindle promotion.accdb
    2019-08-26 16:14 - 2016-04-14 23:09 - 000002308 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk
    2019-08-26 16:14 - 2016-04-14 23:09 - 000002267 _____ C:\Users\Public\Desktop\Google Chrome.lnk
    2019-08-26 09:50 - 2019-03-11 18:34 - 000004264 _____ C:\WINDOWS\System32\Tasks\Avast Emergency Update
    2019-08-24 21:51 - 2017-11-27 21:01 - 000000000 ____D C:\Program Files\CCleaner
    2019-08-24 21:38 - 2018-09-15 03:33 - 000000000 ___SD C:\WINDOWS\system32\UNP
    2019-08-24 21:38 - 2018-09-15 03:33 - 000000000 ____D C:\WINDOWS\SysWOW64\oobe
    2019-08-24 21:38 - 2018-09-15 03:33 - 000000000 ____D C:\WINDOWS\Provisioning
    2019-08-24 13:35 - 2019-08-02 15:41 - 000003834 _____ C:\WINDOWS\System32\Tasks\G2MUploadTask-S-1-5-21-614755349-3072655537-2205226653-1001
    2019-08-24 13:35 - 2019-08-02 15:41 - 000003738 _____ C:\WINDOWS\System32\Tasks\G2MUpdateTask-S-1-5-21-614755349-3072655537-2205226653-1001
    2019-08-22 12:10 - 2016-08-17 20:17 - 000000000 ____D C:\Users\cicci\Documents\airbnb
    2019-08-22 09:46 - 2017-01-18 21:08 - 000000000 ____D C:\Users\cicci\Documents\philosophytheology
    2019-08-20 20:36 - 2017-08-10 13:19 - 000000000 ____D C:\Users\cicci\Documents\images
    2019-08-18 09:18 - 2016-09-01 16:19 - 000000000 ____D C:\Users\cicci\Documents\translate INTERPRETATION editing
    ==================== Files in the root of some directories ================
    2016-08-11 11:16 - 2019-09-07 18:48 - 000001194 _____ () C:\Users\cicci\AppData\Roaming\SAS7_000.DAT
    2018-09-25 13:56 - 2018-09-25 13:56 - 000000000 _____ () C:\Users\cicci\AppData\Local\oobelibMkey.log
    ==================== SigCheck ===============================
    (There is no automatic fix for files that do not pass verification.)
    ==================== End of FRST.txt ============================
     

    Attached Files:

  14. iMacg3

    iMacg3 Malware Specialist

    Joined:
    Nov 3, 2018
    Messages:
    777
    How is the computer doing?
     
    americamba likes this.
  15. americamba

    americamba Thread Starter

    Joined:
    Nov 21, 2002
    Messages:
    685
  16. Sponsor

As Seen On
As Seen On...

Welcome to Tech Support Guy!

Are you looking for the solution to your computer problem? Join our site today to ask your question. This site is completely free -- paid for by advertisers and donations.

If you're not already familiar with forums, watch our Welcome Guide to get started.

Join over 733,556 other people just like you!

Thread Status:
Not open for further replies.

Short URL to this thread: https://techguy.org/1232584

  1. This site uses cookies to help personalise content, tailor your experience and to keep you logged in if you register.
    By continuing to use this site, you are consenting to our use of cookies.
    Dismiss Notice