Odvirování PC, zrychlení počítače, vzdálená pomoc prostřednictvím služby neslape.cz

prosím o kontrolu

Nemáte v tuto chvíli žádný problém s pc a chcete se jen ujistit, že je vše v pořádku?
Vložte log z FRST nebo RSIT.

Moderátor: Moderátoři

Pravidla fóra
Pokud chcete pomoc, vložte log z FRST [návod zde] nebo RSIT [návod zde]

Jednotlivé thready budou po vyřešení uzamčeny. Stejně tak ty, které budou nečinné déle než 14 dní. Vizte Pravidlo o zamykání témat. Děkujeme za pochopení.

!NOVINKA!
Nově lze využívat služby vzdálené pomoci, kdy se k vašemu počítači připojí odborník a bližší informace o problému si od vás získá telefonicky! Více na www.neslape.cz
Odpovědět
Zpráva
Autor
funnyman_
Návštěvník
Návštěvník
Příspěvky: 16
Registrován: 16 črc 2012 15:47

prosím o kontrolu

#1 Příspěvek od funnyman_ »

Zdravím, prosím o kontrolu počítače.
Po startu cca 5 min disk na 100% využívá 2x svchost - "svchost.exe (LocalSystemNetworkRestricted)" a "svchost.exe (DcomLaunch)"

Děkuji

info.txt logfile of random's system information tool 1.10 2017-10-25 21:22:08

======MBR======

0x33C08ED0BC007C8EC08ED8BE007CBF0006B90002FCF3A450681C06CBFBB90400BDBE07807E00007C0B0F850E0183C510E2F1CD1888560055C6461105C6461000B441BBAA55CD135D720F81FB55AA7509F7C101007403FE46106660807E1000742666680000000066FF760868000068007C680100681000B4428A56008BF4CD139F83C4109EEB14B80102BB007C8A56008A76018A4E028A6E03CD136661731CFE4E11750C807E00800F848A00B280EB845532E48A5600CD135DEB9E813EFE7D55AA756EFF7600E88D007517FAB0D1E664E88300B0DFE660E87C00B0FFE664E87500FBB800BBCD1A6623C0753B6681FB54435041753281F90201722C666807BB00006668000200006668080000006653665366556668000000006668007C0000666168000007CD1A5A32F6EA007C0000CD18A0B707EB08A0B607EB03A0B50732E40500078BF0AC3C007409BB0700B40ECD10EBF2F4EBFD2BC9E464EB002402E0F82402C3496E76616C696420706172746974696F6E207461626C65004572726F72206C6F6164696E67206F7065726174696E672073797374656D004D697373696E67206F7065726174696E672073797374656D000000637B9A6A5BBE9700008020210007DF130C000800000020030000DF140C07FEFFFF00280300B0BA3F25000000000000000000000000000000000000000000000000000000000000000055AA

======Uninstall list======

-->C:\Program Files\Conexant\CxAudMsg\SETUP64.EXE -U -ICxAudMsg
-->C:\Program Files\CONEXANT\ForteConfig\SETUP64.EXE -U -IForteConfig -SM=fmapp.exe,16
-->C:\Program Files\Conexant\SAII\SETUP64.EXE -U -ISAII -SM=SmartAudio.EXE,1801
Avast Free Antivirus-->C:\Program Files\AVAST Software\Avast\Setup\Instup.exe /control_panel
Cisco EAP-FAST Module-->MsiExec.exe /I{64BF0187-F3D2-498B-99EA-163AF9AE6EC9}
Cisco LEAP Module-->MsiExec.exe /I{51C7AD07-C3F6-4635-8E8A-231306D810FE}
Cisco PEAP Module-->MsiExec.exe /I{ED5776D5-59B4-46B7-AF81-5F2D94D7C640}
Conexant 20672 SmartAudio HD-->C:\Program Files\CONEXANT\CNXT_AUDIO_HDA\UIU64a.exe -U -G -Ichdrt.inf
Google Chrome-->"C:\Program Files (x86)\Google\Chrome\Application\61.0.3163.100\Installer\setup.exe" --uninstall --system-level --verbose-logging
Google Update Helper-->MsiExec.exe /I{60EC980A-BDA2-4CB6-A427-B07A5498B4CA}
Google Update Helper-->MsiExec.exe /I{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}
Integrated Camera Driver Installer Package Ver.1.1.0.1147-->"C:\Program Files (x86)\InstallShield Installation Information\{B2CA6F37-1602-4823-81B5-0384B6888AA6}\setup.exe" -runfromtemp -l0x0009 anything -removeonly
Integrated Camera TWAIN-->"C:\Program Files (x86)\InstallShield Installation Information\{9CA0DEE4-E84B-466F-9B96-FC255F3A929F}\setup.exe" -runfromtemp -l0x0409 -removeonly
Intel PROSet Wireless-->Intel PROSet Wireless
Intel PROSet Wireless-->Intel PROSet Wireless
Intel(R) Network Connections Drivers-->Prounstl.exe
Intel(R) Processor Graphics-->C:\Program Files (x86)\Intel\Intel(R) Processor Graphics\Uninstall\setup.exe -uninstall
Intel(R) PROSet/Wireless WiFi Software-->MsiExec.exe /I{D61E4101-9E15-4D0E-ABD1-1ABD36B43330}
Intel(R) SDK for OpenCL - CPU Only Runtime Package-->C:\Program Files (x86)\Intel\OpenCL SDK\2.0\Uninstall\setup.exe -uninstall
Intel® PROSet/Wireless WiMAX Software-->MsiExec.exe /X{5F588B19-C575-4750-86FD-6ED2B76E61F1}
Lenovo Patch Utility 64 bit-->MsiExec.exe /X{ABE4638D-D208-4061-9F26-E3E11E3A1E0C}
Lenovo Patch Utility-->MsiExec.exe /X{AD32F5E9-6BDD-480A-8B7B-95571D04691C}
Lenovo Power Management Driver-->RunDll32.exe tpinspm.dll,Uninstall
Lenovo System Interface Driver-->RunDll32.exe setupapi.dll,InstallHinfSection DefaultUninstall.NTamd64 130 C:\Program Files\Lenovo\SMIIF\lnvsmi.inf
Lenovo System Update-->"C:\Program Files (x86)\Lenovo\System Update\unins000.exe"
Microsoft .NET Framework 4.7-->C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SetupCache\v4.7.02053\\Setup.exe /repair /x86 /x64
Microsoft .NET Framework 4.7-->MsiExec.exe /X{BCF0C1F7-671C-3922-A7EA-8AC11F4FC0EB}
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161-->MsiExec.exe /X{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17-->MsiExec.exe /X{9A25302D-30C0-39D9-BD6F-21E6EC160475}
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161-->MsiExec.exe /X{9BE518E6-ECC6-35A9-88E4-87755C07200F}
Mobile Broadband Drivers-->"C:\Program Files (x86)\InstallShield Installation Information\{EA9640BE-414E-4195-B53B-7905BF1A5A09}\setup.exe" -runfromtemp -l0x0009 -removeonly
On Screen Display-->rundll32.exe "C:\Program Files\Lenovo\HOTKEY\cleanup.dll",InfUninstallEx DefaultUninstall.LH C:\Program Files\Lenovo\HOTKEY\tphk_tp.inf
Power Manager-->C:\Program Files (x86)\InstallShield Installation Information\{DAC01CEE-5BAE-42D5-81FC-B687E84E8405}\Setup.exe -AddRemove
Renesas Electronics USB 3.0 Host Controller Driver-->"C:\Program Files (x86)\InstallShield Installation Information\{5442DAB8-7177-49E1-8B22-09A049EA5996}\setup.exe" -runfromtemp -l0x0409 -removeonly
Renesas Electronics USB 3.0 Host Controller Driver-->MsiExec.exe /X{5442DAB8-7177-49E1-8B22-09A049EA5996}
RICOH_Media_Driver_v2.14.18.01-->"C:\Program Files (x86)\InstallShield Installation Information\{FE041B02-234C-4AAA-9511-80DF6482A458}\setup.exe" -runfromtemp -l0x0009 anything -removeonly
ThinkPad FullScreen Magnifier-->rundll32.exe "C:\Program Files\Lenovo\ZOOM\cleanup.dll",InfUninstall DefaultUninstall 132 C:\Program Files\Lenovo\Zoom\TpScrex.inf
ThinkPad UltraNav Driver-->rundll32.exe "%ProgramFiles%\Synaptics\SynTP\SynISDLL.dll",standAloneUninstall
ThinkPad UltraNav Utility-->"C:\Program Files (x86)\InstallShield Installation Information\{17CBC505-D1AE-459D-B445-3D2000A85842}\setup.exe" -runfromtemp -l0x0009 /zUNINSTALL -removeonly
ThinkPad Wireless LAN Adapter Software-->C:\Program Files (x86)\InstallShield Installation Information\{9D3D2C60-A55F-4fed-B2B9-17311226DF01}\Install.exe -uninst -l0x9
ThinkVantage Fingerprint Software-->MsiExec.exe /I{F58DA859-016E-492D-A588-317D9BB28002}
Update for Microsoft .NET Framework 4.7 (KB4040973)-->C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SetupCache\v4.7.02053\setup.exe /uninstallpatch {801C6191-4F3A-3022-A6A7-D38E232F6B2D}
Update for Microsoft .NET Framework 4.7 (KB4043764)-->C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SetupCache\v4.7.02053\setup.exe /uninstallpatch {1C26814D-CC59-36CD-B920-481F9AC80275}
VLC media player 2.0.5-->C:\Program Files (x86)\VideoLAN\VLC\uninstall.exe

======System event log======

Computer Name: User-PC
Event Code: 2505
Message: The server could not bind to the transport \Device\NetBT_Tcpip_{31AC936F-A22B-4BDC-A93A-AF2FD089A230} because another computer on the network has the same name. The server could not start.
Record Number: 579
Source Name: Server
Time Written: 20131022124239.000000-000
Event Type: Error
User:

Computer Name: User-PC
Event Code: 27
Message: Intel(R) 82579LM Gigabit Network Connection
Network link is disconnected.

Record Number: 575
Source Name: e1cexpress
Time Written: 20131022124231.212528-000
Event Type: Warning
User:

Computer Name: User-PC
Event Code: 10000
Message: WLAN Extensibility Module has failed to start.

Module Path: C:\Windows\system32\Rtlihvs.dll
Error Code: 126

Record Number: 512
Source Name: Microsoft-Windows-WLAN-AutoConfig
Time Written: 20131022121612.915749-000
Event Type: Error
User: NT AUTHORITY\SYSTEM

Computer Name: User-PC
Event Code: 10000
Message: WLAN Extensibility Module has failed to start.

Module Path: C:\Windows\system32\Rtlihvs.dll
Error Code: 126

Record Number: 506
Source Name: Microsoft-Windows-WLAN-AutoConfig
Time Written: 20131022121606.940939-000
Event Type: Error
User: NT AUTHORITY\SYSTEM

Computer Name: User-PC
Event Code: 134
Message: NtpClient was unable to set a manual peer to use as a time source because of DNS resolution error on ''. NtpClient will try again in 3473457 minutes and double the reattempt interval thereafter. The error was: No such host is known. (0x80072AF9)
Record Number: 446
Source Name: Microsoft-Windows-Time-Service
Time Written: 20131022114516.384487-000
Event Type: Warning
User: NT AUTHORITY\LOCAL SERVICE

=====Application event log=====

Computer Name: User-PC
Event Code: 1530
Message: Windows detected your registry file is still in use by other applications or services. The file will be unloaded now. The applications or services that hold your registry file may not function properly afterwards.

DETAIL -
4 user registry handles leaked from \Registry\User\S-1-5-21-1692257356-1526140401-78765580-1000:
Process 392 (\Device\HarddiskVolume2\Windows\System32\svchost.exe) has opened key \REGISTRY\USER\S-1-5-21-1692257356-1526140401-78765580-1000
Process 3676 (\Device\HarddiskVolume2\Windows\System32\wuauclt.exe) has opened key \REGISTRY\USER\S-1-5-21-1692257356-1526140401-78765580-1000
Process 2700 (\Device\HarddiskVolume2\Program Files (x86)\TeamViewer\Version8\TeamViewer_Service.exe) has opened key \REGISTRY\USER\S-1-5-21-1692257356-1526140401-78765580-1000\Software\TeamViewer\Version8
Process 3676 (\Device\HarddiskVolume2\Windows\System32\wuauclt.exe) has opened key \REGISTRY\USER\S-1-5-21-1692257356-1526140401-78765580-1000\Software\Microsoft\Windows\CurrentVersion\Explorer

Record Number: 449
Source Name: Microsoft-Windows-User Profiles Service
Time Written: 20131022150219.921274-000
Event Type: Warning
User: NT AUTHORITY\SYSTEM

Computer Name: User-PC
Event Code: 10
Message: Event filter with query "SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 99" could not be reactivated in namespace "//./root/CIMV2" because of error 0x80041003. Events cannot be delivered through this filter until the problem is corrected.
Record Number: 381
Source Name: Microsoft-Windows-WMI
Time Written: 20131022125830.000000-000
Event Type: Error
User:

Computer Name: User-PC
Event Code: 1530
Message: Windows detected your registry file is still in use by other applications or services. The file will be unloaded now. The applications or services that hold your registry file may not function properly afterwards.

DETAIL -
2 user registry handles leaked from \Registry\User\S-1-5-21-1692257356-1526140401-78765580-1000:
Process 416 (\Device\HarddiskVolume2\Windows\System32\winlogon.exe) has opened key \REGISTRY\USER\S-1-5-21-1692257356-1526140401-78765580-1000
Process 3452 (\Device\HarddiskVolume2\Windows\System32\msiexec.exe) has opened key \REGISTRY\USER\S-1-5-21-1692257356-1526140401-78765580-1000\Software\Microsoft\Windows\CurrentVersion\Explorer

Record Number: 364
Source Name: Microsoft-Windows-User Profiles Service
Time Written: 20131022125608.707968-000
Event Type: Warning
User: NT AUTHORITY\SYSTEM

Computer Name: User-PC
Event Code: 10
Message: Event filter with query "SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 99" could not be reactivated in namespace "//./root/CIMV2" because of error 0x80041003. Events cannot be delivered through this filter until the problem is corrected.
Record Number: 189
Source Name: Microsoft-Windows-WMI
Time Written: 20131022111129.000000-000
Event Type: Error
User:

Computer Name: User-PC
Event Code: 1008
Message: The Windows Search Service is starting up and attempting to remove the old search index {Reason: Full Index Reset}.

Record Number: 171
Source Name: Microsoft-Windows-Search
Time Written: 20131022111101.000000-000
Event Type: Warning
User:

=====Security event log=====

Computer Name: 37L4247F27-25
Event Code: 4735
Message: A security-enabled local group was changed.

Subject:
Security ID: S-1-5-18
Account Name: 37L4247F27-25$
Account Domain: WORKGROUP
Logon ID: 0x3e7

Group:
Security ID: S-1-5-32-551
Group Name: Backup Operators
Group Domain: Builtin

Changed Attributes:
SAM Account Name: -
SID History: -

Additional Information:
Privileges: -
Record Number: 5
Source Name: Microsoft-Windows-Security-Auditing
Time Written: 20131022110539.324438-000
Event Type: Audit Success
User:

Computer Name: 37L4247F27-25
Event Code: 4731
Message: A security-enabled local group was created.

Subject:
Security ID: S-1-5-18
Account Name: 37L4247F27-25$
Account Domain: WORKGROUP
Logon ID: 0x3e7

New Group:
Security ID: S-1-5-32-551
Group Name: Backup Operators
Group Domain: Builtin

Attributes:
SAM Account Name: Backup Operators
SID History: -

Additional Information:
Privileges: -
Record Number: 4
Source Name: Microsoft-Windows-Security-Auditing
Time Written: 20131022110539.324438-000
Event Type: Audit Success
User:

Computer Name: 37L4247F27-25
Event Code: 4902
Message: The Per-user audit policy table was created.

Number of Elements: 0
Policy ID: 0x3107b
Record Number: 3
Source Name: Microsoft-Windows-Security-Auditing
Time Written: 20131022110539.121638-000
Event Type: Audit Success
User:

Computer Name: 37L4247F27-25
Event Code: 4624
Message: An account was successfully logged on.

Subject:
Security ID: S-1-0-0
Account Name: -
Account Domain: -
Logon ID: 0x0

Logon Type: 0

New Logon:
Security ID: S-1-5-18
Account Name: SYSTEM
Account Domain: NT AUTHORITY
Logon ID: 0x3e7
Logon GUID: {00000000-0000-0000-0000-000000000000}

Process Information:
Process ID: 0x4
Process Name:

Network Information:
Workstation Name: -
Source Network Address: -
Source Port: -

Detailed Authentication Information:
Logon Process: -
Authentication Package: -
Transited Services: -
Package Name (NTLM only): -
Key Length: 0

This event is generated when a logon session is created. It is generated on the computer that was accessed.

The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe.

The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network).

The New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on.

The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases.

The authentication information fields provide detailed information about this specific logon request.
- Logon GUID is a unique identifier that can be used to correlate this event with a KDC event.
- Transited services indicate which intermediate services have participated in this logon request.
- Package name indicates which sub-protocol was used among the NTLM protocols.
- Key length indicates the length of the generated session key. This will be 0 if no session key was requested.
Record Number: 2
Source Name: Microsoft-Windows-Security-Auditing
Time Written: 20131022110537.639635-000
Event Type: Audit Success
User:

Computer Name: 37L4247F27-25
Event Code: 4608
Message: Windows is starting up.

This event is logged when LSASS.EXE starts and the auditing subsystem is initialized.
Record Number: 1
Source Name: Microsoft-Windows-Security-Auditing
Time Written: 20131022110537.577235-000
Event Type: Audit Success
User:

======Environment variables======

"ComSpec"=%SystemRoot%\system32\cmd.exe
"FP_NO_HOST_CHECK"=NO
"OS"=Windows_NT
"Path"=%SystemRoot%\system32;%SystemRoot%;%SystemRoot%\System32\Wbem;%SYSTEMROOT%\System32\WindowsPowerShell\v1.0\;C:\Program Files (x86)\Intel\OpenCL SDK\2.0\bin\x86;C:\Program Files (x86)\Intel\OpenCL SDK\2.0\bin\x64;C:\Program Files (x86)\Intel\OpenCL SDK\2.0\bin\x86;C:\Program Files (x86)\Intel\OpenCL SDK\2.0\bin\x64;C:\Program Files\Intel\WiFi\bin\;C:\Program Files\Common Files\Intel\WirelessCommon\;C:\Program Files (x86)\Intel\OpenCL SDK\2.0\bin\x86;C:\Program Files (x86)\Intel\OpenCL SDK\2.0\bin\x64
"PATHEXT"=.COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH;.MSC
"PROCESSOR_ARCHITECTURE"=AMD64
"TEMP"=%SystemRoot%\TEMP
"TMP"=%SystemRoot%\TEMP
"USERNAME"=SYSTEM
"windir"=%SystemRoot%
"PSModulePath"=%SystemRoot%\system32\WindowsPowerShell\v1.0\Modules\
"NUMBER_OF_PROCESSORS"=4
"PROCESSOR_LEVEL"=6
"PROCESSOR_IDENTIFIER"=Intel64 Family 6 Model 42 Stepping 7, GenuineIntel
"PROCESSOR_REVISION"=2a07
"windows_tracing_logfile"=C:\BVTBin\Tests\installpackage\csilogfile.log
"windows_tracing_flags"=3
"TFS_DIR"=C:\Program Files\ThinkVantage Fingerprint Software\
"TSMPATH"=C:\Program Files\ThinkPad\UltraNav Utility

-----------------EOF-----------------




Logfile of random's system information tool 1.10 (written by random/random)
Run by User at 2017-10-25 21:21:53
Microsoft Windows 7 Professional Service Pack 1
System drive C: has 253 GB (83%) free of 305 GB
Total RAM: 6027 MB (84% free)

Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 21:22:01, on 25/10/2017
Platform: Windows 7 SP1 (WinNT 6.00.3505)
MSIE: Internet Explorer v11.0 (11.00.9600.18817)
Boot mode: Normal

Running processes:
C:\Program Files\AVAST Software\Avast\AvastUI.exe
C:\Program Files (x86)\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe
C:\Windows\SysWOW64\rundll32.exe
C:\PROGRA~1\Lenovo\Zoom\TPSCREX.EXE
C:\PROGRA~1\Lenovo\HOTKEY\TPONSCR.EXE
C:\Program Files (x86)\ThinkPad\Utilities\SCHTASK.exe
C:\Program Files\trend micro\User.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/p/?LinkId=255141
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/p/?LinkId=255141
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
F2 - REG:system.ini: UserInit=userinit.exe
O2 - BHO: avast! Online Security - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll
O4 - HKLM\..\Run: [RotateImage] C:\Program Files (x86)\Integrated Camera Driver\X64\RCIMGDIR.exe
O4 - HKLM\..\Run: [NUSB3MON] "C:\Program Files (x86)\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe"
O4 - HKLM\..\Run: [PWMTRV] rundll32 "C:\Program Files (x86)\ThinkPad\Utilities\PWMTR64V.DLL",PwrMgrBkGndMonitor
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-20\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'NETWORK SERVICE')
O11 - Options group: [ACCELERATED_GRAPHICS] Accelerated graphics
O23 - Service: @%SystemRoot%\system32\Alg.exe,-112 (ALG) - Unknown owner - C:\Windows\System32\alg.exe (file missing)
O23 - Service: aswbIDSAgent - AVAST Software s.r.o. - C:\Program Files\AVAST Software\Avast\x64\aswidsagenta.exe
O23 - Service: Avast Antivirus (avast! Antivirus) - AVAST Software - C:\Program Files\AVAST Software\Avast\AvastSvc.exe
O23 - Service: Intel(R) Content Protection HECI Service (cphs) - Intel Corporation - C:\Windows\SysWow64\IntelCpHeciSvc.exe
O23 - Service: @C:\Windows\system32\CxAudMsg64.exe,-100 (CxAudMsg) - Unknown owner - C:\Windows\system32\CxAudMsg64.exe (file missing)
O23 - Service: Intel® PROSet/Wireless WiMAX Red Bend Device Management Service (DMAgent) - Red Bend Ltd. - C:\Program Files\Intel\WiMAX\Bin\DMAgent.exe
O23 - Service: Lenovo Doze Mode Service (DozeSvc) - Lenovo. - C:\Program Files (x86)\ThinkPad\Utilities\DZSVC64.EXE
O23 - Service: @%SystemRoot%\system32\efssvc.dll,-100 (EFS) - Unknown owner - C:\Windows\System32\lsass.exe (file missing)
O23 - Service: Intel(R) PROSet/Wireless Event Log (EvtEng) - Intel(R) Corporation - C:\Program Files\Intel\WiFi\bin\EvtEng.exe
O23 - Service: @%systemroot%\system32\fxsresm.dll,-118 (Fax) - Unknown owner - C:\Windows\system32\fxssvc.exe (file missing)
O23 - Service: Google Update Service (gupdate) (gupdate) - Google Inc. - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
O23 - Service: Google Update Service (gupdatem) (gupdatem) - Google Inc. - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
O23 - Service: Lenovo PM Service (IBMPMSVC) - Unknown owner - C:\Windows\system32\ibmpmsvc.exe (file missing)
O23 - Service: Intel(R) Integrated Clock Controller Service - Intel(R) ICCS (ICCS) - Intel Corporation - C:\Program Files (x86)\Intel\Intel(R) Integrated Clock Controller Service\ICCProxy.exe
O23 - Service: @%SystemRoot%\system32\ieetwcollectorres.dll,-1000 (IEEtwCollectorService) - Unknown owner - C:\Windows\system32\IEEtwCollector.exe (file missing)
O23 - Service: @keyiso.dll,-100 (KeyIso) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: Lenovo Microphone Mute (LENOVO.MICMUTE) - Lenovo Group Limited - C:\Program Files\LENOVO\HOTKEY\MICMUTE.exe
O23 - Service: Lenovo Platform Service (LPlatSvc) - Unknown owner - C:\Windows\system32\LPlatSvc.exe (file missing)
O23 - Service: @comres.dll,-2797 (MSDTC) - Unknown owner - C:\Windows\System32\msdtc.exe (file missing)
O23 - Service: @%SystemRoot%\System32\netlogon.dll,-102 (Netlogon) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: Power Manager Service (Power Manager DBC Service) - Lenovo - C:\Program Files (x86)\ThinkPad\Utilities\PWMDBSVC.EXE
O23 - Service: @%systemroot%\system32\psbase.dll,-300 (ProtectedStorage) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: Intel(R) PROSet/Wireless Registry Service (RegSrvc) - Intel(R) Corporation - C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe
O23 - Service: @%systemroot%\system32\Locator.exe,-2 (RpcLocator) - Unknown owner - C:\Windows\system32\locator.exe (file missing)
O23 - Service: @%SystemRoot%\system32\samsrv.dll,-1 (SamSs) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: Conexant SmartAudio service (SAService) - Conexant Systems, Inc. - C:\Windows\system32\SAsrv.exe
O23 - Service: @%SystemRoot%\system32\snmptrap.exe,-3 (SNMPTRAP) - Unknown owner - C:\Windows\System32\snmptrap.exe (file missing)
O23 - Service: @%systemroot%\system32\spoolsv.exe,-1 (Spooler) - Unknown owner - C:\Windows\System32\spoolsv.exe (file missing)
O23 - Service: @%SystemRoot%\system32\sppsvc.exe,-101 (sppsvc) - Unknown owner - C:\Windows\system32\sppsvc.exe (file missing)
O23 - Service: System Update (SUService) - Unknown owner - C:\Program Files (x86)\Lenovo\System Update\SUService.exe
O23 - Service: Lenovo Hotkey Client Loader (TPHKLOAD) - Lenovo Group Limited - C:\Program Files\LENOVO\HOTKEY\TPHKLOAD.exe
O23 - Service: On Screen Display (TPHKSVC) - Lenovo Group Limited - C:\Program Files\LENOVO\HOTKEY\TPHKSVC.exe
O23 - Service: @%SystemRoot%\system32\ui0detect.exe,-101 (UI0Detect) - Unknown owner - C:\Windows\system32\UI0Detect.exe (file missing)
O23 - Service: @%SystemRoot%\system32\vaultsvc.dll,-1003 (VaultSvc) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%SystemRoot%\system32\vds.exe,-100 (vds) - Unknown owner - C:\Windows\System32\vds.exe (file missing)
O23 - Service: @%systemroot%\system32\vssvc.exe,-102 (VSS) - Unknown owner - C:\Windows\system32\vssvc.exe (file missing)
O23 - Service: @%SystemRoot%\system32\Wat\WatUX.exe,-601 (WatAdminSvc) - Unknown owner - C:\Windows\system32\Wat\WatAdminSvc.exe (file missing)
O23 - Service: @%systemroot%\system32\wbengine.exe,-104 (wbengine) - Unknown owner - C:\Windows\system32\wbengine.exe (file missing)
O23 - Service: Intel® PROSet/Wireless WiMAX Service (WiMAXAppSrv) - Intel(R) Corporation - C:\Program Files\Intel\WiMAX\Bin\AppSrv.exe
O23 - Service: Mobile Broadband Service (WMCoreService) - Ericsson AB - C:\Program Files (x86)\Mobile Broadband drivers\WMCore\mini_WMCore.exe
O23 - Service: @%Systemroot%\system32\wbem\wmiapsrv.exe,-110 (wmiApSrv) - Unknown owner - C:\Windows\system32\wbem\WmiApSrv.exe (file missing)
O23 - Service: @%PROGRAMFILES%\Windows Media Player\wmpnetwk.exe,-101 (WMPNetworkSvc) - Unknown owner - C:\Program Files (x86)\Windows Media Player\wmpnetwk.exe (file missing)

--
End of file - 8119 bytes

======Listing Processes======



\SystemRoot\System32\smss.exe
%SystemRoot%\system32\csrss.exe ObjectDirectory=\Windows SharedSection=1024,20480,768 Windows=On SubSystemType=Windows ServerDll=basesrv,1 ServerDll=winsrv:UserServerDllInitialization,3 ServerDll=winsrv:ConServerDllInitialization,2 ServerDll=sxssrv,4 ProfileControl=Off MaxRequestThreads=16
wininit.exe
%SystemRoot%\system32\csrss.exe ObjectDirectory=\Windows SharedSection=1024,20480,768 Windows=On SubSystemType=Windows ServerDll=basesrv,1 ServerDll=winsrv:UserServerDllInitialization,3 ServerDll=winsrv:ConServerDllInitialization,2 ServerDll=sxssrv,4 ProfileControl=Off MaxRequestThreads=16
C:\Windows\system32\services.exe
C:\Windows\system32\lsass.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\ibmpmsvc.exe
C:\Windows\system32\LPlatSvc.exe
winlogon.exe
C:\Windows\system32\svchost.exe -k RPCSS
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k netsvcs
"C:\Windows\System32\WUDFHost.exe" -HostGUID:{193a1820-d9ac-4997-8c55-be817523f6aa} -IoEventPortName:HostProcess-663dbf52-e18d-47c1-9c15-dbe2f4508873 -SystemEventPortName:HostProcess-3dea44b9-b376-4cfd-849c-d9d309a151fc -IoCancelEventPortName:HostProcess-8a87c80c-080a-4b07-a051-964f14c15ec4 -NonStateChangingEventPortName:HostProcess-8d22fa33-9460-4964-8f10-58ed08981ac9 -ServiceSID:S-1-5-80-2652678385-582572993-1835434367-1344795993-749280709 -LifetimeId:46c028ee-1132-456d-93df-df5ec62497f5 -DeviceGroupId:
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
"C:\Program Files\ThinkVantage Fingerprint Software\upeksvr.exe"
C:\Windows\system32\WLANExt.exe 30513680
\??\C:\Windows\system32\conhost.exe "-2145494737-294716332-863719683428015134-21472633420447239529128079672104751331
"C:\Program Files\AVAST Software\Avast\AvastSvc.exe"
C:\Windows\System32\spoolsv.exe
"taskhost.exe"
"C:\Windows\system32\Dwm.exe"
C:\Windows\Explorer.EXE
taskeng.exe {587852F9-3C43-4844-AF06-4D8DE911942D}
C:\Windows\system32\CxAudMsg64.exe
C:\Windows\System32\svchost.exe -k utcsvc
"C:\Program Files\Intel\WiFi\bin\EvtEng.exe"
"\Program Files\Synaptics\SynTP\SynTPEnh.exe"
C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe
"C:\Program Files\Synaptics\SynTP\SynTPLpr.exe"
"C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe"
C:\Windows\SysWOW64\SAsrv.exe
"C:\Program Files\LENOVO\HOTKEY\TPHKSVC.exe"
"C:\Program Files\Intel\WiMAX\Bin\AppSrv.exe"
"C:\Program Files (x86)\Mobile Broadband drivers\WMCore\mini_WMCore.exe" servicemode
"C:\Program Files\Intel\WiMAX\Bin\DMAgent.exe"
"C:\Program Files\LENOVO\HOTKEY\MICMUTE.exe"
"C:\Program Files\LENOVO\HOTKEY\TPHKLOAD.exe"
"C:\Program Files\CONEXANT\ForteConfig\fmapp.exe"
"C:\Windows\System32\hkcmd.exe"
"C:\Windows\System32\igfxpers.exe"
AvastUI.exe /nogui
"C:\Program Files (x86)\Integrated Camera Driver\X64\RCIMGDIR.exe"
C:\PROGRA~1\LENOVO\HOTKEY\tpnumlkd.exe
C:\PROGRA~1\LENOVO\HOTKEY\tpnumlk.exe
"C:\Program Files (x86)\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe"
"C:\Windows\System32\rundll32.exe" "C:\Program Files (x86)\ThinkPad\Utilities\PWMTR64V.DLL",PwrMgrBkGndMonitor
"C:\Windows\System32\rundll32.exe" "C:\Program Files (x86)\ThinkPad\Utilities\PWMTR64V.DLL",PwrMgrBkGndMonitor
"C:\Program Files (x86)\Intel\Intel(R) Integrated Clock Controller Service\ICCProxy.exe"
"C:\Program Files\AVAST Software\Avast\x64\aswidsagenta.exe"
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Windows\system32\wbem\unsecapp.exe -Embedding
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\system32\SearchIndexer.exe /Embedding
C:\Windows\system32\rundll32.exe "C:\Program Files\LENOVO\HOTKEY\hotkey.dll",InstallAudioHotkeyHook
C:\PROGRA~1\Lenovo\Zoom\TPSCREX.EXE /UEFI\\.\pipe\{C6A9690C-33AE-4a55-8B65-9498CC0A7B34}.FullScreenMagnifier
C:\PROGRA~1\Lenovo\HOTKEY\TPONSCR.EXE /UEFI\\.\pipe\{C6A9690C-33AE-4a55-8B65-9498CC0A7B34}.OnScreenDisplay
C:\PROGRA~1\Lenovo\HOTKEY\SHTCTKY.EXE /UEFI\\.\pipe\{C6A9690C-33AE-4a55-8B65-9498CC0A7B34}.ShortcutKey
"C:\Program Files\Windows Media Player\wmpnetwk.exe"
"C:\Program Files (x86)\ThinkPad\Utilities\SCHTASK.exe"
"C:\Program Files (x86)\ThinkPad\Utilities\PWMDBSVC.EXE"
"C:\PROGRAM FILES\SYNAPTICS\SYNTP\SYNTPHELPER.EXE"
"C:\Windows\system32\LPlatSvc.exe" -EM

"C:\Users\User\Desktop\RSITx64.exe"
"C:\Windows\system32\SearchProtocolHost.exe" Global\UsGthrFltPipeMssGthrPipe8_ Global\UsGthrCtrlFltPipeMssGthrPipe8 1 -2147483646 "Software\Microsoft\Windows Search" "Mozilla/4.0 (compatible; MSIE 6.0; Windows NT; MS Search 4.0 Robot)" "C:\ProgramData\Microsoft\Search\Data\Temp\usgthrsvc" "DownLevelDaemon"
"C:\Windows\system32\SearchFilterHost.exe" 0 520 524 532 65536 528
C:\Windows\system32\wbem\wmiprvse.exe

======Registry dump======

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{8E5E2654-AD2D-48bf-AC2D-D17F00898D06}]
avast! Online Security - C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll [2017-10-20 958328]

[HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{8E5E2654-AD2D-48bf-AC2D-D17F00898D06}]
avast! Online Security - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll [2017-10-20 820672]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"ForteConfig"=C:\Program Files\Conexant\ForteConfig\fmapp.exe [2010-10-26 49056]
"SmartAudio"=C:\Program Files\CONEXANT\SAII\SAIICpl.exe [2010-12-14 316032]
"PSQLLauncher"=C:\Program Files\ThinkVantage Fingerprint Software\launcher.exe [2013-03-05 86312]
"IgfxTray"=C:\Windows\system32\igfxtray.exe [2013-11-30 172016]
"HotKeysCmds"=C:\Windows\system32\hkcmd.exe [2013-11-30 399856]
"Persistence"=C:\Windows\system32\igfxpers.exe [2013-11-30 442352]
"AvastUI.exe"=C:\Program Files\AVAST Software\Avast\AvLaunch.exe [2017-10-20 253344]

[HKEY_LOCAL_MACHINE\Software\wow6432node\Microsoft\Windows\CurrentVersion\Run]
"RotateImage"=C:\Program Files (x86)\Integrated Camera Driver\X64\RCIMGDIR.exe [2008-10-30 55808]
"NUSB3MON"=C:\Program Files (x86)\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe [2011-09-16 115048]
"PWMTRV"=rundll32 C:\Program Files (x86)\ThinkPad\Utilities\PWMTR64V.DLL,PwrMgrBkGndMonitor []

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\igfxcui]
C:\Windows\system32\igfxdev.dll [2013-11-01 442880]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\psfus]
C:\Program Files\ThinkVantage Fingerprint Software\psqlpwd.dll [2013-03-05 136488]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa]
"notification packages"=scecli
C:\Program Files\ThinkVantage Fingerprint Software\psqlpwd.dll

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\securityproviders]
"SecurityProviders"=credssp.dll

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\AFD]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"ConsentPromptBehaviorAdmin"=5
"ConsentPromptBehaviorUser"=3
"EnableUIADesktopToggle"=0
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoActiveDesktop"=1
"NoActiveDesktopChanges"=1
"ForceActiveDesktopOn"=0

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Drivers32]
"vidc.mrle"=msrle32.dll
"vidc.msvc"=msvidc32.dll
"msacm.imaadpcm"=imaadp32.acm
"msacm.msg711"=msg711.acm
"msacm.msgsm610"=msgsm32.acm
"msacm.msadpcm"=msadp32.acm
"midimapper"=midimap.dll
"wavemapper"=msacm32.drv
"VIDC.UYVY"=msyuv.dll
"VIDC.YUY2"=msyuv.dll
"VIDC.YVYU"=msyuv.dll
"VIDC.IYUV"=iyuv_32.dll
"vidc.i420"=iyuv_32.dll
"VIDC.YVU9"=tsbyuv.dll
"msacm.l3acm"=C:\Windows\System32\l3codeca.acm
"MSVideo8"=VfWWDM32.dll
"wave"=wdmaud.drv
"midi"=wdmaud.drv
"mixer"=wdmaud.drv
"aux"=wdmaud.drv
"wave1"=wdmaud.drv
"midi1"=wdmaud.drv
"mixer1"=wdmaud.drv
"aux1"=wdmaud.drv

======File associations======

.js - edit - C:\Windows\System32\Notepad.exe %1
.js - open - C:\Windows\System32\WScript.exe "%1" %*

======List of files/folders created in the last 1 month======

2017-10-25 21:21:54 ----D---- C:\Program Files\trend micro
2017-10-25 21:21:53 ----D---- C:\rsit
2017-10-23 10:31:16 ----D---- C:\ProgramData\SWCUTemp
2017-10-22 23:05:28 ----D---- C:\Users\User\AppData\Roaming\vlc
2017-10-20 15:01:04 ----D---- C:\Users\User\AppData\Roaming\AVAST Software
2017-10-20 14:59:57 ----A---- C:\Windows\system32\drivers\aswStm.sys
2017-10-20 14:59:56 ----A---- C:\Windows\system32\drivers\aswVmm.sys
2017-10-20 14:59:56 ----A---- C:\Windows\system32\drivers\aswSP.sys
2017-10-20 14:59:56 ----A---- C:\Windows\system32\drivers\aswRvrt.sys
2017-10-20 14:59:56 ----A---- C:\Windows\system32\drivers\aswMonFlt.sys
2017-10-20 14:59:55 ----A---- C:\Windows\system32\drivers\aswSnx.sys
2017-10-20 14:59:55 ----A---- C:\Windows\system32\drivers\aswRdr2.sys
2017-10-20 14:59:55 ----A---- C:\Windows\system32\drivers\aswHwid.sys
2017-10-20 14:59:55 ----A---- C:\Windows\system32\drivers\aswbuniva.sys
2017-10-20 14:59:54 ----A---- C:\Windows\system32\drivers\aswbloga.sys
2017-10-20 14:59:54 ----A---- C:\Windows\system32\drivers\aswbidsha.sys
2017-10-20 14:59:54 ----A---- C:\Windows\system32\drivers\aswbidsdrivera.sys
2017-10-20 14:59:43 ----A---- C:\Windows\system32\aswBoot.exe
2017-10-20 14:56:13 ----D---- C:\Program Files\AVAST Software
2017-10-20 14:55:51 ----D---- C:\ProgramData\AVAST Software
2017-10-20 14:50:55 ----A---- C:\Windows\system32\tpinspm.dll
2017-10-20 14:50:55 ----A---- C:\Windows\system32\LPlatSvc.exe
2017-10-20 14:50:55 ----A---- C:\Windows\system32\ibmpmsvc.exe
2017-10-20 14:50:55 ----A---- C:\Windows\system32\ibmpmctl.exe
2017-10-20 14:50:55 ----A---- C:\Windows\system32\drivers\ibmpmdrv.sys
2017-10-20 14:48:32 ----A---- C:\Windows\SYSWOW64\SynTPCOM.dll
2017-10-20 14:48:32 ----A---- C:\Windows\system32\SynTPCo14.dll
2017-10-20 14:48:32 ----A---- C:\Windows\system32\SynTPAPI.dll
2017-10-20 14:48:32 ----A---- C:\Windows\system32\drivers\SynTP.sys
2017-10-20 14:48:30 ----A---- C:\Windows\SYSWOW64\SynCOM.dll
2017-10-20 14:48:27 ----A---- C:\Windows\system32\drivers\Smb_driver_Intel.sys
2017-10-19 03:16:17 ----AC---- C:\Windows\system32\MRT-KB890830.exe
2017-10-16 23:19:20 ----A---- C:\Windows\system32\mshtml.dll
2017-10-16 23:19:19 ----A---- C:\Windows\SYSWOW64\mshtml.dll
2017-10-16 23:19:18 ----A---- C:\Windows\system32\ieframe.dll
2017-10-16 23:19:16 ----A---- C:\Windows\SYSWOW64\ieframe.dll
2017-10-16 23:19:16 ----A---- C:\Windows\system32\jscript9.dll
2017-10-16 23:19:15 ----A---- C:\Windows\SYSWOW64\jscript9.dll
2017-10-16 23:19:15 ----A---- C:\Windows\system32\wininet.dll
2017-10-16 23:19:14 ----A---- C:\Windows\SYSWOW64\wininet.dll
2017-10-16 23:19:14 ----A---- C:\Windows\SYSWOW64\iertutil.dll
2017-10-16 23:19:14 ----A---- C:\Windows\system32\win32k.sys
2017-10-16 23:19:14 ----A---- C:\Windows\system32\iertutil.dll
2017-10-16 23:19:13 ----A---- C:\Windows\SYSWOW64\urlmon.dll
2017-10-16 23:19:13 ----A---- C:\Windows\system32\urlmon.dll
2017-10-16 23:19:13 ----A---- C:\Windows\system32\tquery.dll
2017-10-16 23:19:13 ----A---- C:\Windows\system32\ntoskrnl.exe
2017-10-16 23:19:12 ----A---- C:\Windows\system32\rdpcore.dll
2017-10-16 23:19:12 ----A---- C:\Windows\system32\mf.dll
2017-10-16 23:19:11 ----A---- C:\Windows\SYSWOW64\vbscript.dll
2017-10-16 23:19:11 ----A---- C:\Windows\SYSWOW64\tquery.dll
2017-10-16 23:19:11 ----A---- C:\Windows\SYSWOW64\rdpcore.dll
2017-10-16 23:19:11 ----A---- C:\Windows\SYSWOW64\jscript.dll
2017-10-16 23:19:11 ----A---- C:\Windows\system32\Query.dll
2017-10-16 23:19:11 ----A---- C:\Windows\system32\jscript.dll
2017-10-16 23:19:11 ----A---- C:\Windows\system32\drivers\ntfs.sys
2017-10-16 23:19:10 ----A---- C:\Windows\SYSWOW64\Query.dll
2017-10-16 23:19:10 ----A---- C:\Windows\SYSWOW64\ntoskrnl.exe
2017-10-16 23:19:10 ----A---- C:\Windows\SYSWOW64\ntkrnlpa.exe
2017-10-16 23:19:10 ----A---- C:\Windows\SYSWOW64\msfeeds.dll
2017-10-16 23:19:10 ----A---- C:\Windows\system32\msfeeds.dll
2017-10-16 23:19:10 ----A---- C:\Windows\system32\drivers\srv.sys
2017-10-16 23:19:09 ----A---- C:\Windows\SYSWOW64\ntdll.dll
2017-10-16 23:19:09 ----A---- C:\Windows\SYSWOW64\msexcl40.dll
2017-10-16 23:19:09 ----A---- C:\Windows\SYSWOW64\msctf.dll
2017-10-16 23:19:09 ----A---- C:\Windows\SYSWOW64\mf.dll
2017-10-16 23:19:09 ----A---- C:\Windows\SYSWOW64\gdi32.dll
2017-10-16 23:19:09 ----A---- C:\Windows\system32\wlansec.dll
2017-10-16 23:19:09 ----A---- C:\Windows\system32\msctf.dll
2017-10-16 23:19:09 ----A---- C:\Windows\system32\drivers\nwifi.sys
2017-10-16 23:19:09 ----A---- C:\Windows\system32\drivers\mrxsmb10.sys
2017-10-16 23:19:08 ----A---- C:\Windows\SYSWOW64\wlansec.dll
2017-10-16 23:19:08 ----A---- C:\Windows\SYSWOW64\t2embed.dll
2017-10-16 23:19:08 ----A---- C:\Windows\SYSWOW64\mswstr10.dll
2017-10-16 23:19:08 ----A---- C:\Windows\SYSWOW64\iedkcs32.dll
2017-10-16 23:19:08 ----A---- C:\Windows\system32\wlanmsm.dll
2017-10-16 23:19:08 ----A---- C:\Windows\system32\themeui.dll
2017-10-16 23:19:08 ----A---- C:\Windows\system32\t2embed.dll
2017-10-16 23:19:08 ----A---- C:\Windows\system32\MsSpellCheckingFacility.exe
2017-10-16 23:19:08 ----A---- C:\Windows\system32\MshtmlDac.dll
2017-10-16 23:19:08 ----A---- C:\Windows\system32\mfps.dll
2017-10-16 23:19:08 ----A---- C:\Windows\system32\iedkcs32.dll
2017-10-16 23:19:08 ----A---- C:\Windows\system32\gdi32.dll
2017-10-16 23:19:08 ----A---- C:\Windows\system32\drivers\tssecsrv.sys
2017-10-16 23:19:08 ----A---- C:\Windows\system32\drivers\srv2.sys
2017-10-16 23:19:07 ----A---- C:\Windows\SYSWOW64\wlanmsm.dll
2017-10-16 23:19:07 ----A---- C:\Windows\SYSWOW64\wlanhlp.dll
2017-10-16 23:19:07 ----A---- C:\Windows\SYSWOW64\wlanapi.dll
2017-10-16 23:19:07 ----A---- C:\Windows\SYSWOW64\webcheck.dll
2017-10-16 23:19:07 ----A---- C:\Windows\SYSWOW64\themeui.dll
2017-10-16 23:19:07 ----A---- C:\Windows\SYSWOW64\msjint40.dll
2017-10-16 23:19:07 ----A---- C:\Windows\SYSWOW64\mshtmlmedia.dll
2017-10-16 23:19:07 ----A---- C:\Windows\SYSWOW64\mshtmled.dll
2017-10-16 23:19:07 ----A---- C:\Windows\SYSWOW64\mfps.dll
2017-10-16 23:19:07 ----A---- C:\Windows\SYSWOW64\mfpmp.exe
2017-10-16 23:19:07 ----A---- C:\Windows\SYSWOW64\dxtrans.dll
2017-10-16 23:19:07 ----A---- C:\Windows\SYSWOW64\certcli.dll
2017-10-16 23:19:07 ----A---- C:\Windows\system32\wlansvc.dll
2017-10-16 23:19:07 ----A---- C:\Windows\system32\wlanhlp.dll
2017-10-16 23:19:07 ----A---- C:\Windows\system32\wlanapi.dll
2017-10-16 23:19:07 ----A---- C:\Windows\system32\webcheck.dll
2017-10-16 23:19:07 ----A---- C:\Windows\system32\vbscript.dll
2017-10-16 23:19:07 ----A---- C:\Windows\system32\rpcrt4.dll
2017-10-16 23:19:07 ----A---- C:\Windows\system32\ntdll.dll
2017-10-16 23:19:07 ----A---- C:\Windows\system32\mshtmlmedia.dll
2017-10-16 23:19:07 ----A---- C:\Windows\system32\mshtmled.dll
2017-10-16 23:19:07 ----A---- C:\Windows\system32\mfpmp.exe
2017-10-16 23:19:07 ----A---- C:\Windows\system32\icaapi.dll
2017-10-16 23:19:07 ----A---- C:\Windows\system32\dxtrans.dll
2017-10-16 23:19:07 ----A---- C:\Windows\system32\drivers\ksecpkg.sys
2017-10-16 23:19:07 ----A---- C:\Windows\system32\drivers\ksecdd.sys
2017-10-16 23:19:07 ----A---- C:\Windows\system32\certcli.dll
2017-10-16 23:19:06 ----A---- C:\Windows\SYSWOW64\sspicli.dll
2017-10-16 23:19:06 ----A---- C:\Windows\SYSWOW64\rrinstaller.exe
2017-10-16 23:19:06 ----A---- C:\Windows\SYSWOW64\rpcrt4.dll
2017-10-16 23:19:06 ----A---- C:\Windows\SYSWOW64\ieui.dll
2017-10-16 23:19:06 ----A---- C:\Windows\SYSWOW64\ieapfltr.dll
2017-10-16 23:19:06 ----A---- C:\Windows\SYSWOW64\advapi32.dll
2017-10-16 23:19:06 ----A---- C:\Windows\system32\wow64win.dll
2017-10-16 23:19:06 ----A---- C:\Windows\system32\winsrv.dll
2017-10-16 23:19:06 ----A---- C:\Windows\system32\smss.exe
2017-10-16 23:19:06 ----A---- C:\Windows\system32\schannel.dll
2017-10-16 23:19:06 ----A---- C:\Windows\system32\rrinstaller.exe
2017-10-16 23:19:06 ----A---- C:\Windows\system32\occache.dll
2017-10-16 23:19:06 ----A---- C:\Windows\system32\mssvp.dll
2017-10-16 23:19:06 ----A---- C:\Windows\system32\mssrch.dll
2017-10-16 23:19:06 ----A---- C:\Windows\system32\mssph.dll
2017-10-16 23:19:06 ----A---- C:\Windows\system32\msrating.dll
2017-10-16 23:19:06 ----A---- C:\Windows\system32\lsasrv.dll
2017-10-16 23:19:06 ----A---- C:\Windows\system32\kernel32.dll
2017-10-16 23:19:06 ----A---- C:\Windows\system32\kerberos.dll
2017-10-16 23:19:06 ----A---- C:\Windows\system32\jscript9diag.dll
2017-10-16 23:19:06 ----A---- C:\Windows\system32\ieui.dll
2017-10-16 23:19:06 ----A---- C:\Windows\system32\ieapfltr.dll
2017-10-16 23:19:06 ----A---- C:\Windows\system32\dxtmsft.dll
2017-10-16 23:19:06 ----A---- C:\Windows\system32\drivers\srvnet.sys
2017-10-16 23:19:06 ----A---- C:\Windows\system32\drivers\mrxsmb.sys
2017-10-16 23:19:06 ----A---- C:\Windows\system32\advapi32.dll
2017-10-16 23:19:05 ----A---- C:\Windows\SYSWOW64\wdigest.dll
2017-10-16 23:19:05 ----A---- C:\Windows\SYSWOW64\schannel.dll
2017-10-16 23:19:05 ----A---- C:\Windows\SYSWOW64\rpchttp.dll
2017-10-16 23:19:05 ----A---- C:\Windows\SYSWOW64\occache.dll
2017-10-16 23:19:05 ----A---- C:\Windows\SYSWOW64\ncrypt.dll
2017-10-16 23:19:05 ----A---- C:\Windows\SYSWOW64\msv1_0.dll
2017-10-16 23:19:05 ----A---- C:\Windows\SYSWOW64\mssvp.dll
2017-10-16 23:19:05 ----A---- C:\Windows\SYSWOW64\mssrch.dll
2017-10-16 23:19:05 ----A---- C:\Windows\SYSWOW64\mssph.dll
2017-10-16 23:19:05 ----A---- C:\Windows\SYSWOW64\msrating.dll
2017-10-16 23:19:05 ----A---- C:\Windows\SYSWOW64\MshtmlDac.dll
2017-10-16 23:19:05 ----A---- C:\Windows\SYSWOW64\KernelBase.dll
2017-10-16 23:19:05 ----A---- C:\Windows\SYSWOW64\kerberos.dll
2017-10-16 23:19:05 ----A---- C:\Windows\SYSWOW64\jsproxy.dll
2017-10-16 23:19:05 ----A---- C:\Windows\SYSWOW64\jscript9diag.dll
2017-10-16 23:19:05 ----A---- C:\Windows\SYSWOW64\JavaScriptCollectionAgent.dll
2017-10-16 23:19:05 ----A---- C:\Windows\SYSWOW64\inseng.dll
2017-10-16 23:19:05 ----A---- C:\Windows\SYSWOW64\ieUnatt.exe
2017-10-16 23:19:05 ----A---- C:\Windows\SYSWOW64\ieetwproxystub.dll
2017-10-16 23:19:05 ----A---- C:\Windows\SYSWOW64\dxtmsft.dll
2017-10-16 23:19:05 ----A---- C:\Windows\system32\wow64.dll
2017-10-16 23:19:05 ----A---- C:\Windows\system32\wdigest.dll
2017-10-16 23:19:05 ----A---- C:\Windows\system32\TSpkg.dll
2017-10-16 23:19:05 ----A---- C:\Windows\system32\sspisrv.dll
2017-10-16 23:19:05 ----A---- C:\Windows\system32\sspicli.dll
2017-10-16 23:19:05 ----A---- C:\Windows\system32\srcore.dll
2017-10-16 23:19:05 ----A---- C:\Windows\system32\rpchttp.dll
2017-10-16 23:19:05 ----A---- C:\Windows\system32\ncrypt.dll
2017-10-16 23:19:05 ----A---- C:\Windows\system32\msv1_0.dll
2017-10-16 23:19:05 ----A---- C:\Windows\system32\mssprxy.dll
2017-10-16 23:19:05 ----A---- C:\Windows\system32\mssphtb.dll
2017-10-16 23:19:05 ----A---- C:\Windows\system32\mssitlb.dll
2017-10-16 23:19:05 ----A---- C:\Windows\system32\lsass.exe
2017-10-16 23:19:05 ----A---- C:\Windows\system32\KernelBase.dll
2017-10-16 23:19:05 ----A---- C:\Windows\system32\jsproxy.dll
2017-10-16 23:19:05 ----A---- C:\Windows\system32\JavaScriptCollectionAgent.dll
2017-10-16 23:19:05 ----A---- C:\Windows\system32\inseng.dll
2017-10-16 23:19:05 ----A---- C:\Windows\system32\ieUnatt.exe
2017-10-16 23:19:05 ----A---- C:\Windows\system32\iesetup.dll
2017-10-16 23:19:05 ----A---- C:\Windows\system32\iernonce.dll
2017-10-16 23:19:05 ----A---- C:\Windows\system32\ieetwproxystub.dll
2017-10-16 23:19:05 ----A---- C:\Windows\system32\ie4uinit.exe
2017-10-16 23:19:05 ----A---- C:\Windows\system32\drivers\mrxsmb20.sys
2017-10-16 23:19:05 ----A---- C:\Windows\system32\drivers\appid.sys
2017-10-16 23:19:05 ----A---- C:\Windows\system32\csrsrv.dll
2017-10-16 23:19:05 ----A---- C:\Windows\system32\cryptbase.dll
2017-10-16 23:19:05 ----A---- C:\Windows\system32\conhost.exe
2017-10-16 23:19:05 ----A---- C:\Windows\system32\bcrypt.dll
2017-10-16 23:19:04 ----AH---- C:\Windows\SYSWOW64\api-ms-win-security-base-l1-1-0.dll
2017-10-16 23:19:04 ----AH---- C:\Windows\SYSWOW64\api-ms-win-core-xstate-l1-1-0.dll
2017-10-16 23:19:04 ----AH---- C:\Windows\SYSWOW64\api-ms-win-core-util-l1-1-0.dll
2017-10-16 23:19:04 ----AH---- C:\Windows\SYSWOW64\api-ms-win-core-threadpool-l1-1-0.dll
2017-10-16 23:19:04 ----AH---- C:\Windows\SYSWOW64\api-ms-win-core-sysinfo-l1-1-0.dll
2017-10-16 23:19:04 ----AH---- C:\Windows\SYSWOW64\api-ms-win-core-synch-l1-1-0.dll
2017-10-16 23:19:04 ----AH---- C:\Windows\SYSWOW64\api-ms-win-core-string-l1-1-0.dll
2017-10-16 23:19:04 ----AH---- C:\Windows\SYSWOW64\api-ms-win-core-rtlsupport-l1-1-0.dll
2017-10-16 23:19:04 ----AH---- C:\Windows\SYSWOW64\api-ms-win-core-profile-l1-1-0.dll
2017-10-16 23:19:04 ----AH---- C:\Windows\SYSWOW64\api-ms-win-core-processthreads-l1-1-0.dll
2017-10-16 23:19:04 ----AH---- C:\Windows\SYSWOW64\api-ms-win-core-processenvironment-l1-1-0.dll
2017-10-16 23:19:04 ----AH---- C:\Windows\SYSWOW64\api-ms-win-core-namedpipe-l1-1-0.dll
2017-10-16 23:19:04 ----AH---- C:\Windows\SYSWOW64\api-ms-win-core-misc-l1-1-0.dll
2017-10-16 23:19:04 ----AH---- C:\Windows\SYSWOW64\api-ms-win-core-memory-l1-1-0.dll
2017-10-16 23:19:04 ----AH---- C:\Windows\SYSWOW64\api-ms-win-core-localregistry-l1-1-0.dll
2017-10-16 23:19:04 ----AH---- C:\Windows\SYSWOW64\api-ms-win-core-localization-l1-1-0.dll
2017-10-16 23:19:04 ----AH---- C:\Windows\SYSWOW64\api-ms-win-core-libraryloader-l1-1-0.dll
2017-10-16 23:19:04 ----AH---- C:\Windows\SYSWOW64\api-ms-win-core-io-l1-1-0.dll
2017-10-16 23:19:04 ----AH---- C:\Windows\SYSWOW64\api-ms-win-core-interlocked-l1-1-0.dll
2017-10-16 23:19:04 ----AH---- C:\Windows\SYSWOW64\api-ms-win-core-heap-l1-1-0.dll
2017-10-16 23:19:04 ----AH---- C:\Windows\SYSWOW64\api-ms-win-core-handle-l1-1-0.dll
2017-10-16 23:19:04 ----AH---- C:\Windows\SYSWOW64\api-ms-win-core-file-l1-1-0.dll
2017-10-16 23:19:04 ----AH---- C:\Windows\SYSWOW64\api-ms-win-core-fibers-l1-1-0.dll
2017-10-16 23:19:04 ----AH---- C:\Windows\SYSWOW64\api-ms-win-core-errorhandling-l1-1-0.dll
2017-10-16 23:19:04 ----AH---- C:\Windows\SYSWOW64\api-ms-win-core-delayload-l1-1-0.dll
2017-10-16 23:19:04 ----AH---- C:\Windows\SYSWOW64\api-ms-win-core-debug-l1-1-0.dll
2017-10-16 23:19:04 ----AH---- C:\Windows\SYSWOW64\api-ms-win-core-datetime-l1-1-0.dll
2017-10-16 23:19:04 ----AH---- C:\Windows\SYSWOW64\api-ms-win-core-console-l1-1-0.dll
2017-10-16 23:19:04 ----AH---- C:\Windows\system32\api-ms-win-security-base-l1-1-0.dll
2017-10-16 23:19:04 ----AH---- C:\Windows\system32\api-ms-win-core-xstate-l1-1-0.dll
2017-10-16 23:19:04 ----AH---- C:\Windows\system32\api-ms-win-core-util-l1-1-0.dll
2017-10-16 23:19:04 ----AH---- C:\Windows\system32\api-ms-win-core-threadpool-l1-1-0.dll
2017-10-16 23:19:04 ----AH---- C:\Windows\system32\api-ms-win-core-sysinfo-l1-1-0.dll
2017-10-16 23:19:04 ----AH---- C:\Windows\system32\api-ms-win-core-synch-l1-1-0.dll
2017-10-16 23:19:04 ----AH---- C:\Windows\system32\api-ms-win-core-string-l1-1-0.dll
2017-10-16 23:19:04 ----AH---- C:\Windows\system32\api-ms-win-core-rtlsupport-l1-1-0.dll
2017-10-16 23:19:04 ----AH---- C:\Windows\system32\api-ms-win-core-profile-l1-1-0.dll
2017-10-16 23:19:04 ----AH---- C:\Windows\system32\api-ms-win-core-processthreads-l1-1-0.dll
2017-10-16 23:19:04 ----AH---- C:\Windows\system32\api-ms-win-core-processenvironment-l1-1-0.dll
2017-10-16 23:19:04 ----AH---- C:\Windows\system32\api-ms-win-core-namedpipe-l1-1-0.dll
2017-10-16 23:19:04 ----AH---- C:\Windows\system32\api-ms-win-core-misc-l1-1-0.dll
2017-10-16 23:19:04 ----AH---- C:\Windows\system32\api-ms-win-core-memory-l1-1-0.dll
2017-10-16 23:19:04 ----AH---- C:\Windows\system32\api-ms-win-core-localregistry-l1-1-0.dll
2017-10-16 23:19:04 ----AH---- C:\Windows\system32\api-ms-win-core-localization-l1-1-0.dll
2017-10-16 23:19:04 ----AH---- C:\Windows\system32\api-ms-win-core-libraryloader-l1-1-0.dll
2017-10-16 23:19:04 ----AH---- C:\Windows\system32\api-ms-win-core-io-l1-1-0.dll
2017-10-16 23:19:04 ----AH---- C:\Windows\system32\api-ms-win-core-interlocked-l1-1-0.dll
2017-10-16 23:19:04 ----AH---- C:\Windows\system32\api-ms-win-core-heap-l1-1-0.dll
2017-10-16 23:19:04 ----AH---- C:\Windows\system32\api-ms-win-core-handle-l1-1-0.dll
2017-10-16 23:19:04 ----AH---- C:\Windows\system32\api-ms-win-core-file-l1-1-0.dll
2017-10-16 23:19:04 ----AH---- C:\Windows\system32\api-ms-win-core-fibers-l1-1-0.dll
2017-10-16 23:19:04 ----AH---- C:\Windows\system32\api-ms-win-core-errorhandling-l1-1-0.dll
2017-10-16 23:19:04 ----AH---- C:\Windows\system32\api-ms-win-core-delayload-l1-1-0.dll
2017-10-16 23:19:04 ----AH---- C:\Windows\system32\api-ms-win-core-debug-l1-1-0.dll
2017-10-16 23:19:04 ----AH---- C:\Windows\system32\api-ms-win-core-datetime-l1-1-0.dll
2017-10-16 23:19:04 ----AH---- C:\Windows\system32\api-ms-win-core-console-l1-1-0.dll
2017-10-16 23:19:04 ----A---- C:\Windows\SYSWOW64\wow32.dll
2017-10-16 23:19:04 ----A---- C:\Windows\SYSWOW64\user.exe
2017-10-16 23:19:04 ----A---- C:\Windows\SYSWOW64\TSpkg.dll
2017-10-16 23:19:04 ----A---- C:\Windows\SYSWOW64\srclient.dll
2017-10-16 23:19:04 ----A---- C:\Windows\SYSWOW64\setup16.exe
2017-10-16 23:19:04 ----A---- C:\Windows\SYSWOW64\secur32.dll
2017-10-16 23:19:04 ----A---- C:\Windows\SYSWOW64\SearchProtocolHost.exe
2017-10-16 23:19:04 ----A---- C:\Windows\SYSWOW64\SearchIndexer.exe
2017-10-16 23:19:04 ----A---- C:\Windows\SYSWOW64\SearchFilterHost.exe
2017-10-16 23:19:04 ----A---- C:\Windows\SYSWOW64\ntvdm64.dll
2017-10-16 23:19:04 ----A---- C:\Windows\SYSWOW64\mssprxy.dll
2017-10-16 23:19:04 ----A---- C:\Windows\SYSWOW64\mssphtb.dll
2017-10-16 23:19:04 ----A---- C:\Windows\SYSWOW64\mssitlb.dll
2017-10-16 23:19:04 ----A---- C:\Windows\SYSWOW64\msshooks.dll
2017-10-16 23:19:04 ----A---- C:\Windows\SYSWOW64\msscntrs.dll
2017-10-16 23:19:04 ----A---- C:\Windows\SYSWOW64\msobjs.dll
2017-10-16 23:19:04 ----A---- C:\Windows\SYSWOW64\msaudite.dll
2017-10-16 23:19:04 ----A---- C:\Windows\SYSWOW64\kernel32.dll
2017-10-16 23:19:04 ----A---- C:\Windows\SYSWOW64\instnm.exe
2017-10-16 23:19:04 ----A---- C:\Windows\SYSWOW64\iesetup.dll
2017-10-16 23:19:04 ----A---- C:\Windows\SYSWOW64\iernonce.dll
2017-10-16 23:19:04 ----A---- C:\Windows\SYSWOW64\cryptbase.dll
2017-10-16 23:19:04 ----A---- C:\Windows\SYSWOW64\credssp.dll
2017-10-16 23:19:04 ----A---- C:\Windows\SYSWOW64\bcrypt.dll
2017-10-16 23:19:04 ----A---- C:\Windows\SYSWOW64\auditpol.exe
2017-10-16 23:19:04 ----A---- C:\Windows\SYSWOW64\appidapi.dll
2017-10-16 23:19:04 ----A---- C:\Windows\SYSWOW64\apisetschema.dll
2017-10-16 23:19:04 ----A---- C:\Windows\SYSWOW64\adtschema.dll
2017-10-16 23:19:04 ----A---- C:\Windows\system32\wow64cpu.dll
2017-10-16 23:19:04 ----A---- C:\Windows\system32\srclient.dll
2017-10-16 23:19:04 ----A---- C:\Windows\system32\setbcdlocale.dll
2017-10-16 23:19:04 ----A---- C:\Windows\system32\secur32.dll
2017-10-16 23:19:04 ----A---- C:\Windows\system32\SearchProtocolHost.exe
2017-10-16 23:19:04 ----A---- C:\Windows\system32\SearchIndexer.exe
2017-10-16 23:19:04 ----A---- C:\Windows\system32\SearchFilterHost.exe
2017-10-16 23:19:04 ----A---- C:\Windows\system32\rstrui.exe
2017-10-16 23:19:04 ----A---- C:\Windows\system32\ntvdm64.dll
2017-10-16 23:19:04 ----A---- C:\Windows\system32\msshooks.dll
2017-10-16 23:19:04 ----A---- C:\Windows\system32\msscntrs.dll
2017-10-16 23:19:04 ----A---- C:\Windows\system32\msobjs.dll
2017-10-16 23:19:04 ----A---- C:\Windows\system32\msaudite.dll
2017-10-16 23:19:04 ----A---- C:\Windows\system32\ieetwcollector.exe
2017-10-16 23:19:04 ----A---- C:\Windows\system32\credssp.dll
2017-10-16 23:19:04 ----A---- C:\Windows\system32\auditpol.exe
2017-10-16 23:19:04 ----A---- C:\Windows\system32\appidsvc.dll
2017-10-16 23:19:04 ----A---- C:\Windows\system32\appidpolicyconverter.exe
2017-10-16 23:19:04 ----A---- C:\Windows\system32\appidcertstorecheck.exe
2017-10-16 23:19:04 ----A---- C:\Windows\system32\appidapi.dll
2017-10-16 23:19:04 ----A---- C:\Windows\system32\apisetschema.dll
2017-10-16 23:19:04 ----A---- C:\Windows\system32\adtschema.dll
2017-10-16 23:19:03 ----A---- C:\Windows\SYSWOW64\mferror.dll
2017-10-16 23:19:03 ----A---- C:\Windows\system32\mferror.dll
2017-10-16 23:19:03 ----A---- C:\Windows\system32\ieetwcollectorres.dll

======List of files/folders modified in the last 1 month======

2017-10-25 21:22:01 ----D---- C:\Windows\Prefetch
2017-10-25 21:21:54 ----RD---- C:\Program Files
2017-10-25 21:20:33 ----D---- C:\Windows\Temp
2017-10-25 17:53:22 ----D---- C:\Windows\system32\drivers
2017-10-25 08:36:58 ----D---- C:\Windows\system32\config
2017-10-23 10:35:11 ----D---- C:\Windows\System32
2017-10-23 10:35:11 ----D---- C:\Windows\inf
2017-10-23 10:35:11 ----A---- C:\Windows\system32\PerfStringBackup.INI
2017-10-23 10:31:16 ----HD---- C:\ProgramData
2017-10-22 20:52:12 ----D---- C:\Windows\rescache
2017-10-20 15:00:05 ----D---- C:\Windows\system32\Tasks
2017-10-20 14:59:46 ----D---- C:\Windows\winsxs
2017-10-20 14:55:58 ----D---- C:\Windows
2017-10-20 14:54:54 ----SHD---- C:\Config.Msi
2017-10-20 14:51:05 ----D---- C:\Windows\system32\catroot
2017-10-20 14:50:57 ----D---- C:\Windows\system32\DriverStore
2017-10-20 14:50:19 ----D---- C:\Windows\SysWOW64
2017-10-20 14:50:09 ----SHD---- C:\Windows\Installer
2017-10-20 14:49:58 ----RD---- C:\Program Files (x86)
2017-10-19 19:14:31 ----D---- C:\Windows\system32\wdi
2017-10-19 17:47:33 ----D---- C:\Windows\Microsoft.NET
2017-10-19 13:46:10 ----D---- C:\Program Files\Internet Explorer
2017-10-19 13:46:09 ----D---- C:\Windows\SYSWOW64\migration
2017-10-19 13:46:09 ----D---- C:\Windows\SYSWOW64\en-US
2017-10-19 13:46:09 ----D---- C:\Program Files (x86)\Internet Explorer
2017-10-19 13:46:06 ----D---- C:\Windows\system32\migration
2017-10-19 13:46:06 ----D---- C:\Windows\system32\en-US
2017-10-19 13:46:03 ----D---- C:\Windows\AppPatch
2017-10-19 13:46:02 ----D---- C:\Windows\system32\Boot
2017-10-19 03:20:52 ----SHD---- C:\System Volume Information
2017-10-19 03:16:38 ----D---- C:\Windows\system32\MRT
2017-10-19 03:16:07 ----AC---- C:\Windows\system32\MRT.exe
2017-10-19 03:08:53 ----A---- C:\Windows\SYSWOW64\PerfStringBackup.INI
2017-10-16 23:29:39 ----D---- C:\Windows\system32\catroot2
2017-09-26 19:12:43 ----SD---- C:\ProgramData\Microsoft

======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R0 aswbidsh;aswbidsh; C:\Windows\system32\drivers\aswbidsha.sys [2017-10-20 198976]
R0 aswblog;aswblog; C:\Windows\system32\drivers\aswbloga.sys [2017-10-20 343288]
R0 aswbuniv;aswbuniv; C:\Windows\system32\drivers\aswbuniva.sys [2017-10-20 57736]
R0 aswRvrt;aswRvrt; C:\Windows\system32\drivers\aswRvrt.sys [2017-10-20 84416]
R0 aswVmm;aswVmm; C:\Windows\system32\drivers\aswVmm.sys [2017-10-20 363440]
R0 DzHDD64;DzHDD64; C:\Windows\System32\DRIVERS\DzHDD64.sys [2017-07-27 29512]
R0 rdyboost;ReadyBoost; C:\Windows\System32\drivers\rdyboost.sys [2010-11-21 213888]
R1 aswbidsdriver;aswbidsdriver; C:\Windows\system32\drivers\aswbidsdrivera.sys [2017-10-20 321032]
R1 aswRdr;aswRdr; C:\Windows\system32\drivers\aswRdr2.sys [2017-10-20 110376]
R1 aswSnx;aswSnx; C:\Windows\system32\drivers\aswSnx.sys [2017-10-20 1020536]
R1 aswSP;aswSP; C:\Windows\system32\drivers\aswSP.sys [2017-10-20 587168]
R1 CSC;@%systemroot%\system32\cscsvc.dll,-202; C:\Windows\system32\drivers\csc.sys [2010-11-21 514560]
R1 lenovo.smi;Lenovo System Interface Driver; C:\Windows\system32\DRIVERS\smiifx64.sys [2010-09-07 15472]
R1 TPPWRIF;TPPWRIF; C:\Windows\System32\drivers\Tppwr64v.sys [2017-07-27 39264]
R1 vwififlt;Virtual WiFi Filter Driver; C:\Windows\system32\DRIVERS\vwififlt.sys [2009-07-14 59904]
R2 aswMonFlt;aswMonFlt; C:\Windows\system32\drivers\aswMonFlt.sys [2017-10-20 147776]
R2 aswStm;aswStm; C:\Windows\system32\drivers\aswStm.sys [2017-10-20 201352]
R2 risdxc;risdxc; C:\Windows\system32\DRIVERS\risdxc64.sys [2011-05-25 101888]
R2 smihlp;SMI Helper Driver (smihlp); \??\C:\Program Files\ThinkVantage Fingerprint Software\smihlp.sys [2011-05-30 13128]
R3 5U877;USB Video Device; C:\Windows\system32\DRIVERS\5U877.sys [2011-03-04 166016]
R3 bpenum;Intel(R) Centrino(R) WiMAX Enumerator; C:\Windows\system32\DRIVERS\bpenum.sys [2012-07-03 84480]
R3 CnxtHdAudService;Conexant UAA Function Driver for High Definition Audio Service; C:\Windows\system32\drivers\CHDRT64.sys [2012-06-05 1580704]
R3 e1cexpress;Intel(R) PRO/1000 PCI Express Network Connection Driver C; C:\Windows\system32\DRIVERS\e1c62x64.sys [2012-01-11 360624]
R3 IBMPMDRV;IBMPMDRV; C:\Windows\system32\DRIVERS\ibmpmdrv.sys [2017-09-15 86912]
R3 igfx;igfx; C:\Windows\system32\DRIVERS\igdkmd64.sys [2013-11-01 5363200]
R3 IntcDAud;Intel(R) Display Audio; C:\Windows\system32\DRIVERS\IntcDAud.sys [2012-06-19 342528]
R3 MEIx64;Intel(R) Management Engine Interface ; C:\Windows\system32\DRIVERS\HECIx64.sys [2010-10-20 56344]
R3 NETwNs64;___ Intel(R) Wireless WiFi Link 5000 Series Adapter Driver for Windows 7 - 64 Bit; C:\Windows\system32\DRIVERS\NETwNs64.sys [2011-10-31 8615936]
R3 SmbDrvI;SmbDrvI; C:\Windows\system32\DRIVERS\Smb_driver_Intel.sys [2014-07-28 45296]
R3 SynTP;Synaptics TouchPad Driver; C:\Windows\system32\DRIVERS\SynTP.sys [2014-07-28 461552]
R3 TPM;TPM; C:\Windows\system32\drivers\tpm.sys [2016-02-05 147904]
R3 WinUsb;WinUSB Driver; C:\Windows\system32\DRIVERS\WinUSB.sys [2010-11-21 41984]
S1 MpKsl3cbd91d5;MpKsl3cbd91d5; \??\c:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{998D2713-3871-4023-8635-903BC62A60AD}\MpKsl3cbd91d5.sys []
S3 aswHwid;aswHwid; C:\Windows\system32\drivers\aswHwid.sys [2017-10-20 47008]
S3 BthEnum;Bluetooth Request Block Driver; C:\Windows\system32\drivers\BthEnum.sys [2009-07-14 41984]
S3 BthPan;Bluetooth Device (Personal Area Network); C:\Windows\system32\drivers\bthpan.sys [2017-07-06 119296]
S3 BTHPORT;Bluetooth Port Driver; C:\Windows\System32\Drivers\BTHport.sys [2012-07-06 552960]
S3 BTHUSB;Bluetooth Radio USB Driver; C:\Windows\System32\Drivers\BTHUSB.sys [2011-04-28 80384]
S3 dmvsc;dmvsc; C:\Windows\system32\drivers\dmvsc.sys [2010-11-21 71168]
S3 ecnssndis; Mobile Broadband Driver; C:\Windows\System32\Drivers\wwuss64.sys [2011-06-13 26664]
S3 ecnssndisfltr; Mobile Broadband Driver Filter; C:\Windows\System32\Drivers\wwussf64.sys [2011-06-13 30248]
S3 l36wgps; Mobile Broadband GPS Port; C:\Windows\system32\DRIVERS\l36wgps64.sys [2011-07-01 101416]
S3 Mbm3CBus;F5521gw Mobile Broadband Device (WDM); C:\Windows\system32\DRIVERS\Mbm3CBus.sys [2011-04-29 419400]
S3 Mbm3DevMt; Mobile Broadband Device Management Driver (WDM); C:\Windows\system32\DRIVERS\Mbm3DevMt.sys [2011-04-29 430664]
S3 Mbm3mdfl; Mobile Broadband Modem Port Filter; C:\Windows\system32\DRIVERS\Mbm3mdfl.sys [2011-04-29 19528]
S3 Mbm3Mdm; Mobile Broadband Modem Port Driver; C:\Windows\system32\DRIVERS\Mbm3Mdm.sys [2011-04-29 483400]
S3 pciide;pciide; C:\Windows\system32\drivers\pciide.sys [2009-07-14 12352]
S3 pmxdrv;pmxdrv; \??\C:\Windows\system32\drivers\pmxdrv.sys [2017-10-24 31152]
S3 RDPDR;Terminal Server Device Redirector Driver; C:\Windows\System32\drivers\rdpdr.sys [2010-11-21 165888]
S3 RFCOMM;Bluetooth Device (RFCOMM Protocol TDI); C:\Windows\system32\DRIVERS\rfcomm.sys [2009-07-14 158720]
S3 RTL8192Ce;Realtek Wireless LAN 802.11n PCI-E NIC Driver; C:\Windows\system32\DRIVERS\rtl8192Ce.sys [2012-03-09 876136]
S3 s3cap;s3cap; C:\Windows\system32\drivers\vms3cap.sys [2010-11-21 6656]
S3 storvsc;storvsc; C:\Windows\system32\drivers\storvsc.sys [2010-11-21 34688]
S3 TsUsbFlt;TsUsbFlt; C:\Windows\system32\drivers\tsusbflt.sys [2010-11-21 59392]
S3 TsUsbGD;Remote Desktop Generic USB Device; C:\Windows\system32\drivers\TsUsbGD.sys [2010-11-21 31232]
S3 vmbus;vmbus; C:\Windows\system32\drivers\vmbus.sys [2010-11-21 199552]
S3 VMBusHID;VMBusHID; C:\Windows\system32\drivers\VMBusHID.sys [2010-11-21 21760]

======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R2 avast! Antivirus;Avast Antivirus; C:\Program Files\AVAST Software\Avast\AvastSvc.exe [2017-10-20 281416]
R2 CscService;@%systemroot%\system32\cscsvc.dll,-200; C:\Windows\System32\svchost.exe [2009-07-14 27136]
R2 CxAudMsg;@C:\Windows\system32\CxAudMsg64.exe,-100; C:\Windows\system32\CxAudMsg64.exe [2010-12-17 198784]
R2 DiagTrack;@%SystemRoot%\system32\UtcResources.dll,-3001; C:\Windows\System32\svchost.exe [2009-07-14 27136]
R2 DMAgent;Intel® PROSet/Wireless WiMAX Red Bend Device Management Service; C:\Program Files\Intel\WiMAX\Bin\DMAgent.exe [2012-07-18 514048]
R2 EvtEng;Intel(R) PROSet/Wireless Event Log; C:\Program Files\Intel\WiFi\bin\EvtEng.exe [2011-11-01 1518352]
R2 IBMPMSVC;Lenovo PM Service; C:\Windows\system32\ibmpmsvc.exe [2017-09-15 830032]
R2 LENOVO.MICMUTE;Lenovo Microphone Mute; C:\Program Files\LENOVO\HOTKEY\MICMUTE.exe [2014-05-27 110128]
R2 LPlatSvc;Lenovo Platform Service; C:\Windows\system32\LPlatSvc.exe [2017-09-15 774736]
R2 RegSrvc;Intel(R) PROSet/Wireless Registry Service; C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe [2011-11-01 844560]
R2 SAService;Conexant SmartAudio service; C:\Windows\system32\SAsrv.exe []
R2 TPHKLOAD;Lenovo Hotkey Client Loader; C:\Program Files\LENOVO\HOTKEY\TPHKLOAD.exe [2014-06-10 125424]
R2 TPHKSVC;On Screen Display; C:\Program Files\LENOVO\HOTKEY\TPHKSVC.exe [2014-05-27 125488]
R2 WiMAXAppSrv;Intel® PROSet/Wireless WiMAX Service; C:\Program Files\Intel\WiMAX\Bin\AppSrv.exe [2012-07-18 979456]
R2 WMCoreService;Mobile Broadband Service; C:\Program Files (x86)\Mobile Broadband drivers\WMCore\mini_WMCore.exe [2011-08-12 648744]
R3 AppMgmt;@appmgmts.dll,-3250; C:\Windows\system32\svchost.exe [2009-07-14 27136]
R3 aswbIDSAgent;aswbIDSAgent; C:\Program Files\AVAST Software\Avast\x64\aswidsagenta.exe [2017-10-20 7446024]
R3 ICCS;Intel(R) Integrated Clock Controller Service - Intel(R) ICCS; C:\Program Files (x86)\Intel\Intel(R) Integrated Clock Controller Service\ICCProxy.exe [2012-04-24 169752]
R3 Power Manager DBC Service;Power Manager Service; C:\Program Files (x86)\ThinkPad\Utilities\PWMDBSVC.EXE [2017-07-27 1669488]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86; C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2017-04-21 107656]
S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64; C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2017-04-21 128648]
S2 gupdate;Google Update Service (gupdate); C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2015-04-09 107848]
S3 cphs;Intel(R) Content Protection HECI Service; C:\Windows\SysWow64\IntelCpHeciSvc.exe [2013-11-30 279024]
S3 DozeSvc;Lenovo Doze Mode Service; C:\Program Files (x86)\ThinkPad\Utilities\DZSVC64.EXE [2017-07-27 326160]
S3 gupdatem;Google Update Service (gupdatem); C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2015-04-09 107848]
S3 IEEtwCollectorService;@%SystemRoot%\system32\ieetwcollectorres.dll,-1000; C:\Windows\system32\IEEtwCollector.exe [2017-09-07 116224]
S3 PeerDistSvc;@%SystemRoot%\system32\peerdistsvc.dll,-9000; C:\Windows\System32\svchost.exe [2009-07-14 27136]
S3 StorSvc;@%SystemRoot%\System32\StorSvc.dll,-100; C:\Windows\System32\svchost.exe [2009-07-14 27136]
S3 SUService;System Update; C:\Program Files (x86)\Lenovo\System Update\SUService.exe [2017-08-16 23928]
S3 UmRdpService;@%SystemRoot%\system32\umrdp.dll,-1000; C:\Windows\System32\svchost.exe [2009-07-14 27136]
S3 WatAdminSvc;@%SystemRoot%\system32\Wat\WatUX.exe,-601; C:\Windows\system32\Wat\WatAdminSvc.exe [2013-10-22 1255736]
S4 aspnet_state;ASP.NET State Service; C:\Windows\Microsoft.NET\Framework64\v4.0.30319\aspnet_state.exe [2017-04-21 52856]
S4 NetMsmqActivator;@C:\Windows\Microsoft.NET\Framework64\v4.0.30319\\ServiceModelInstallRC.dll,-8195; C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe [2017-04-21 136312]
S4 NetPipeActivator;@C:\Windows\Microsoft.NET\Framework64\v4.0.30319\\ServiceModelInstallRC.dll,-8197; C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe [2017-04-21 136312]
S4 NetTcpActivator;@C:\Windows\Microsoft.NET\Framework64\v4.0.30319\\ServiceModelInstallRC.dll,-8199; C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe [2017-04-21 136312]

-----------------EOF-----------------

Uživatelský avatar
Rudy
Site Admin
Site Admin
Příspěvky: 118196
Registrován: 30 říj 2003 13:42
Bydliště: Plzeň
Kontaktovat uživatele:

Re: prosím o kontrolu

#2 Příspěvek od Rudy »

Zdravím!
Spusťte tuto utilitu:
Stáhněte AdwCleaner https://toolslib.net/downloads/viewdown ... dwcleaner/
Uložte na plochu
Ukončete všechny programy
Klikněte nejprve na >Scan<(hledání) a pak na >Clean< (mazání).
Proběhne skenováni a pak se objeví log, který sem vložte.
Dotazy a logy vkládejte pouze do vašich threadů. Soukromé zprávy, icq a e-maily neslouží k řešení vašich problémů.

Podpořte, prosím, naše fórum : https://platba.viry.cz/payment/.

Navštivte: Obrázek

e-mail: rudy(zavináč)forum.viry.cz

Varování:
Před odvirováním PC si udělejte zálohy svých důležitých dat (pošta, kontakty, dokumenty, fotografie, videa, hudba apod.). Virus mimo svých "viditelných" aktivit může poškodit systém!


Po dořešení vašeho problému bude vlákno zamknuto. Stejně tak tehdy, pokud bude nečinné více než 14dnů. Pokud budete chtít vlákno aktivovat, napište mi na mail uvedený výše.

funnyman_
Návštěvník
Návštěvník
Příspěvky: 16
Registrován: 16 črc 2012 15:47

Re: prosím o kontrolu

#3 Příspěvek od funnyman_ »

# AdwCleaner 7.0.4.0 - Logfile created on Sat Nov 04 16:19:20 2017
# Updated on 2017/27/10 by Malwarebytes
# Running on Windows 7 Professional (X64)
# Mode: clean
# Support: https://www.malwarebytes.com/support

***** [ Services ] *****

No malicious services deleted.

***** [ Folders ] *****

No malicious folders deleted.

***** [ Files ] *****

No malicious files deleted.

***** [ DLL ] *****

No malicious DLLs cleaned.

***** [ WMI ] *****

No malicious WMI cleaned.

***** [ Shortcuts ] *****

No malicious shortcuts cleaned.

***** [ Tasks ] *****

No malicious tasks deleted.

***** [ Registry ] *****

No malicious registry entries deleted.

***** [ Firefox (and derivatives) ] *****

No malicious Firefox entries deleted.

***** [ Chromium (and derivatives) ] *****

SearchProvider deleted: slunecnice.cz - slunecnice.cz
SearchProvider deleted: Charita Konice - charitakonice.cz


*************************

::Tracing keys deleted
::Winsock settings cleared
::Additional Actions: 0



*************************

C:/AdwCleaner/AdwCleaner[S0].txt - [1211 B] - [2017/11/4 16:18:48]


########## EOF - C:\AdwCleaner\AdwCleaner[C0].txt ##########

Uživatelský avatar
Rudy
Site Admin
Site Admin
Příspěvky: 118196
Registrován: 30 říj 2003 13:42
Bydliště: Plzeň
Kontaktovat uživatele:

Re: prosím o kontrolu

#4 Příspěvek od Rudy »

Dejte nový log RSIT. Obsah souboru info.txt dávat nemusíte.
Dotazy a logy vkládejte pouze do vašich threadů. Soukromé zprávy, icq a e-maily neslouží k řešení vašich problémů.

Podpořte, prosím, naše fórum : https://platba.viry.cz/payment/.

Navštivte: Obrázek

e-mail: rudy(zavináč)forum.viry.cz

Varování:
Před odvirováním PC si udělejte zálohy svých důležitých dat (pošta, kontakty, dokumenty, fotografie, videa, hudba apod.). Virus mimo svých "viditelných" aktivit může poškodit systém!


Po dořešení vašeho problému bude vlákno zamknuto. Stejně tak tehdy, pokud bude nečinné více než 14dnů. Pokud budete chtít vlákno aktivovat, napište mi na mail uvedený výše.

funnyman_
Návštěvník
Návštěvník
Příspěvky: 16
Registrován: 16 črc 2012 15:47

Re: prosím o kontrolu

#5 Příspěvek od funnyman_ »

Povedlo se mi spustit RSIT po startu ve chvíli, kdy počítač stále provádí ty služby zmíněné v prvním příspěvku.

Logfile of random's system information tool 1.10 (written by random/random)
Run by User at 2017-11-05 17:56:52
Microsoft Windows 7 Professional Service Pack 1
System drive C: has 252 GB (83%) free of 305 GB
Total RAM: 6027 MB (75% free)

Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 17:57:06, on 05/11/2017
Platform: Windows 7 SP1 (WinNT 6.00.3505)
MSIE: Internet Explorer v11.0 (11.00.9600.18817)
Boot mode: Normal

Running processes:
C:\Program Files\AVAST Software\Avast\AvastUI.exe
C:\Program Files (x86)\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe
C:\Windows\SysWOW64\rundll32.exe
C:\Program Files (x86)\ThinkPad\Utilities\SCHTASK.exe
C:\PROGRA~1\Lenovo\Zoom\TPSCREX.EXE
C:\PROGRA~1\Lenovo\HOTKEY\TPONSCR.EXE
C:\Program Files\trend micro\User.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/p/?LinkId=255141
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/p/?LinkId=255141
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
F2 - REG:system.ini: UserInit=userinit.exe
O2 - BHO: avast! Online Security - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll
O4 - HKLM\..\Run: [RotateImage] C:\Program Files (x86)\Integrated Camera Driver\X64\RCIMGDIR.exe
O4 - HKLM\..\Run: [NUSB3MON] "C:\Program Files (x86)\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe"
O4 - HKLM\..\Run: [PWMTRV] rundll32 "C:\Program Files (x86)\ThinkPad\Utilities\PWMTR64V.DLL",PwrMgrBkGndMonitor
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-20\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'NETWORK SERVICE')
O11 - Options group: [ACCELERATED_GRAPHICS] Accelerated graphics
O23 - Service: @%SystemRoot%\system32\Alg.exe,-112 (ALG) - Unknown owner - C:\Windows\System32\alg.exe (file missing)
O23 - Service: aswbIDSAgent - AVAST Software s.r.o. - C:\Program Files\AVAST Software\Avast\x64\aswidsagenta.exe
O23 - Service: Avast Antivirus (avast! Antivirus) - AVAST Software - C:\Program Files\AVAST Software\Avast\AvastSvc.exe
O23 - Service: Intel(R) Content Protection HECI Service (cphs) - Intel Corporation - C:\Windows\SysWow64\IntelCpHeciSvc.exe
O23 - Service: @C:\Windows\system32\CxAudMsg64.exe,-100 (CxAudMsg) - Unknown owner - C:\Windows\system32\CxAudMsg64.exe (file missing)
O23 - Service: Intel® PROSet/Wireless WiMAX Red Bend Device Management Service (DMAgent) - Red Bend Ltd. - C:\Program Files\Intel\WiMAX\Bin\DMAgent.exe
O23 - Service: Lenovo Doze Mode Service (DozeSvc) - Lenovo. - C:\Program Files (x86)\ThinkPad\Utilities\DZSVC64.EXE
O23 - Service: @%SystemRoot%\system32\efssvc.dll,-100 (EFS) - Unknown owner - C:\Windows\System32\lsass.exe (file missing)
O23 - Service: Intel(R) PROSet/Wireless Event Log (EvtEng) - Intel(R) Corporation - C:\Program Files\Intel\WiFi\bin\EvtEng.exe
O23 - Service: @%systemroot%\system32\fxsresm.dll,-118 (Fax) - Unknown owner - C:\Windows\system32\fxssvc.exe (file missing)
O23 - Service: Google Update Service (gupdate) (gupdate) - Google Inc. - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
O23 - Service: Google Update Service (gupdatem) (gupdatem) - Google Inc. - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
O23 - Service: Lenovo PM Service (IBMPMSVC) - Unknown owner - C:\Windows\system32\ibmpmsvc.exe (file missing)
O23 - Service: Intel(R) Integrated Clock Controller Service - Intel(R) ICCS (ICCS) - Intel Corporation - C:\Program Files (x86)\Intel\Intel(R) Integrated Clock Controller Service\ICCProxy.exe
O23 - Service: @%SystemRoot%\system32\ieetwcollectorres.dll,-1000 (IEEtwCollectorService) - Unknown owner - C:\Windows\system32\IEEtwCollector.exe (file missing)
O23 - Service: @keyiso.dll,-100 (KeyIso) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: Lenovo Microphone Mute (LENOVO.MICMUTE) - Lenovo Group Limited - C:\Program Files\LENOVO\HOTKEY\MICMUTE.exe
O23 - Service: Lenovo Platform Service (LPlatSvc) - Unknown owner - C:\Windows\system32\LPlatSvc.exe (file missing)
O23 - Service: @comres.dll,-2797 (MSDTC) - Unknown owner - C:\Windows\System32\msdtc.exe (file missing)
O23 - Service: @%SystemRoot%\System32\netlogon.dll,-102 (Netlogon) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: Power Manager Service (Power Manager DBC Service) - Lenovo - C:\Program Files (x86)\ThinkPad\Utilities\PWMDBSVC.EXE
O23 - Service: @%systemroot%\system32\psbase.dll,-300 (ProtectedStorage) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: Intel(R) PROSet/Wireless Registry Service (RegSrvc) - Intel(R) Corporation - C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe
O23 - Service: @%systemroot%\system32\Locator.exe,-2 (RpcLocator) - Unknown owner - C:\Windows\system32\locator.exe (file missing)
O23 - Service: @%SystemRoot%\system32\samsrv.dll,-1 (SamSs) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: Conexant SmartAudio service (SAService) - Conexant Systems, Inc. - C:\Windows\system32\SAsrv.exe
O23 - Service: @%SystemRoot%\system32\snmptrap.exe,-3 (SNMPTRAP) - Unknown owner - C:\Windows\System32\snmptrap.exe (file missing)
O23 - Service: @%systemroot%\system32\spoolsv.exe,-1 (Spooler) - Unknown owner - C:\Windows\System32\spoolsv.exe (file missing)
O23 - Service: @%SystemRoot%\system32\sppsvc.exe,-101 (sppsvc) - Unknown owner - C:\Windows\system32\sppsvc.exe (file missing)
O23 - Service: System Update (SUService) - Unknown owner - C:\Program Files (x86)\Lenovo\System Update\SUService.exe
O23 - Service: Lenovo Hotkey Client Loader (TPHKLOAD) - Lenovo Group Limited - C:\Program Files\LENOVO\HOTKEY\TPHKLOAD.exe
O23 - Service: On Screen Display (TPHKSVC) - Lenovo Group Limited - C:\Program Files\LENOVO\HOTKEY\TPHKSVC.exe
O23 - Service: @%SystemRoot%\system32\ui0detect.exe,-101 (UI0Detect) - Unknown owner - C:\Windows\system32\UI0Detect.exe (file missing)
O23 - Service: @%SystemRoot%\system32\vaultsvc.dll,-1003 (VaultSvc) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%SystemRoot%\system32\vds.exe,-100 (vds) - Unknown owner - C:\Windows\System32\vds.exe (file missing)
O23 - Service: @%systemroot%\system32\vssvc.exe,-102 (VSS) - Unknown owner - C:\Windows\system32\vssvc.exe (file missing)
O23 - Service: @%SystemRoot%\system32\Wat\WatUX.exe,-601 (WatAdminSvc) - Unknown owner - C:\Windows\system32\Wat\WatAdminSvc.exe (file missing)
O23 - Service: @%systemroot%\system32\wbengine.exe,-104 (wbengine) - Unknown owner - C:\Windows\system32\wbengine.exe (file missing)
O23 - Service: Intel® PROSet/Wireless WiMAX Service (WiMAXAppSrv) - Intel(R) Corporation - C:\Program Files\Intel\WiMAX\Bin\AppSrv.exe
O23 - Service: Mobile Broadband Service (WMCoreService) - Ericsson AB - C:\Program Files (x86)\Mobile Broadband drivers\WMCore\mini_WMCore.exe
O23 - Service: @%Systemroot%\system32\wbem\wmiapsrv.exe,-110 (wmiApSrv) - Unknown owner - C:\Windows\system32\wbem\WmiApSrv.exe (file missing)
O23 - Service: @%PROGRAMFILES%\Windows Media Player\wmpnetwk.exe,-101 (WMPNetworkSvc) - Unknown owner - C:\Program Files (x86)\Windows Media Player\wmpnetwk.exe (file missing)

--
End of file - 8119 bytes

======Listing Processes======



\SystemRoot\System32\smss.exe
%SystemRoot%\system32\csrss.exe ObjectDirectory=\Windows SharedSection=1024,20480,768 Windows=On SubSystemType=Windows ServerDll=basesrv,1 ServerDll=winsrv:UserServerDllInitialization,3 ServerDll=winsrv:ConServerDllInitialization,2 ServerDll=sxssrv,4 ProfileControl=Off MaxRequestThreads=16
wininit.exe
%SystemRoot%\system32\csrss.exe ObjectDirectory=\Windows SharedSection=1024,20480,768 Windows=On SubSystemType=Windows ServerDll=basesrv,1 ServerDll=winsrv:UserServerDllInitialization,3 ServerDll=winsrv:ConServerDllInitialization,2 ServerDll=sxssrv,4 ProfileControl=Off MaxRequestThreads=16
C:\Windows\system32\services.exe
C:\Windows\system32\lsass.exe
C:\Windows\system32\lsm.exe
winlogon.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\ibmpmsvc.exe
C:\Windows\system32\LPlatSvc.exe
C:\Windows\system32\svchost.exe -k RPCSS
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k netsvcs
"C:\Windows\System32\WUDFHost.exe" -HostGUID:{193a1820-d9ac-4997-8c55-be817523f6aa} -IoEventPortName:HostProcess-1a3ca865-c2ed-477a-b251-181a792d6a0b -SystemEventPortName:HostProcess-635c78fe-b095-460c-8c1d-6d8d255552e9 -IoCancelEventPortName:HostProcess-4a768961-e017-4bfe-824e-42a7f5bc8faf -NonStateChangingEventPortName:HostProcess-0e5b01e5-ca61-4ce4-9b89-6a1532a424a6 -ServiceSID:S-1-5-80-2652678385-582572993-1835434367-1344795993-749280709 -LifetimeId:822f8ad5-72be-4fd8-8c27-3d5dc7645e42 -DeviceGroupId:
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
"C:\Program Files\AVAST Software\Avast\AvastSvc.exe"
C:\Windows\system32\WLANExt.exe 31846608
\??\C:\Windows\system32\conhost.exe "7345745910619818541248489568-1634405342-16101379871838583027-966311628915667960
"C:\Program Files\ThinkVantage Fingerprint Software\upeksvr.exe"
"C:\Windows\system32\Dwm.exe"
C:\Windows\Explorer.EXE
C:\Windows\System32\spoolsv.exe
"taskhost.exe"
C:\Windows\system32\CxAudMsg64.exe
C:\Windows\System32\svchost.exe -k utcsvc
taskeng.exe {B379BFC0-BED3-4914-BAB2-59ECEB6C1D04}
"C:\Program Files\Intel\WiFi\bin\EvtEng.exe"
C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe
"\Program Files\Synaptics\SynTP\SynTPEnh.exe"
"C:\Program Files\Synaptics\SynTP\SynTPLpr.exe"
"C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe"
C:\Windows\SysWOW64\SAsrv.exe
"C:\Program Files\LENOVO\HOTKEY\TPHKSVC.exe"
C:\PROGRA~1\LENOVO\HOTKEY\tpnumlkd.exe
C:\PROGRA~1\LENOVO\HOTKEY\tpnumlk.exe
"C:\Program Files\Intel\WiMAX\Bin\AppSrv.exe"
"C:\Program Files (x86)\Mobile Broadband drivers\WMCore\mini_WMCore.exe" servicemode
"C:\Program Files\Intel\WiMAX\Bin\DMAgent.exe"
"C:\Program Files\LENOVO\HOTKEY\MICMUTE.exe"
"C:\Program Files\LENOVO\HOTKEY\TPHKLOAD.exe"
"C:\Program Files\CONEXANT\ForteConfig\fmapp.exe"
"C:\Program Files\AVAST Software\Avast\x64\aswidsagenta.exe"
"C:\Windows\System32\hkcmd.exe"
"C:\Windows\System32\igfxpers.exe"
AvastUI.exe /nogui
"C:\Program Files (x86)\Integrated Camera Driver\X64\RCIMGDIR.exe"
"C:\Program Files (x86)\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe"
"C:\Windows\System32\rundll32.exe" "C:\Program Files (x86)\ThinkPad\Utilities\PWMTR64V.DLL",PwrMgrBkGndMonitor
"C:\Windows\System32\rundll32.exe" "C:\Program Files (x86)\ThinkPad\Utilities\PWMTR64V.DLL",PwrMgrBkGndMonitor
"C:\Program Files (x86)\Intel\Intel(R) Integrated Clock Controller Service\ICCProxy.exe"
"C:\PROGRAM FILES\SYNAPTICS\SYNTP\SYNTPHELPER.EXE"
C:\Windows\system32\wbem\unsecapp.exe -Embedding
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\system32\rundll32.exe "C:\Program Files\LENOVO\HOTKEY\hotkey.dll",InstallAudioHotkeyHook
"C:\Program Files (x86)\ThinkPad\Utilities\SCHTASK.exe"
C:\PROGRA~1\Lenovo\Zoom\TPSCREX.EXE /UEFI\\.\pipe\{C6A9690C-33AE-4a55-8B65-9498CC0A7B34}.FullScreenMagnifier
C:\PROGRA~1\Lenovo\HOTKEY\TPONSCR.EXE /UEFI\\.\pipe\{C6A9690C-33AE-4a55-8B65-9498CC0A7B34}.OnScreenDisplay
C:\PROGRA~1\Lenovo\HOTKEY\SHTCTKY.EXE /UEFI\\.\pipe\{C6A9690C-33AE-4a55-8B65-9498CC0A7B34}.ShortcutKey
C:\Windows\system32\SearchIndexer.exe /Embedding
"C:\Program Files\Windows Media Player\wmpnetwk.exe"
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
"C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" --type=crashpad-handler /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\User\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\User\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=61.0.3163.100 --initial-client-data=0x88,0x8c,0x90,0x84,0x94,0x7feed071988,0x7feed071948,0x7feed071958

"C:\Program Files (x86)\Lenovo\System Update\SUService.exe"
"C:\Program Files (x86)\ThinkPad\Utilities\PWMDBSVC.EXE"

taskeng.exe {EED646EE-2AF9-4451-94D5-580CB824FBE7}
"C:\Windows\system32\LPlatSvc.exe" -EM
taskhost.exe $(Arg0)
C:\Windows\System32\svchost.exe -k WerSvcGroup
"C:\Users\User\Desktop\RSITx64.exe"
C:\Windows\system32\wbem\wmiprvse.exe

======Registry dump======

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{8E5E2654-AD2D-48bf-AC2D-D17F00898D06}]
avast! Online Security - C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll [2017-10-20 958328]

[HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{8E5E2654-AD2D-48bf-AC2D-D17F00898D06}]
avast! Online Security - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll [2017-10-20 820672]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"ForteConfig"=C:\Program Files\Conexant\ForteConfig\fmapp.exe [2010-10-26 49056]
"SmartAudio"=C:\Program Files\CONEXANT\SAII\SAIICpl.exe [2010-12-14 316032]
"PSQLLauncher"=C:\Program Files\ThinkVantage Fingerprint Software\launcher.exe [2013-03-05 86312]
"IgfxTray"=C:\Windows\system32\igfxtray.exe [2013-11-30 172016]
"HotKeysCmds"=C:\Windows\system32\hkcmd.exe [2013-11-30 399856]
"Persistence"=C:\Windows\system32\igfxpers.exe [2013-11-30 442352]
"AvastUI.exe"=C:\Program Files\AVAST Software\Avast\AvLaunch.exe [2017-10-20 253344]

[HKEY_LOCAL_MACHINE\Software\wow6432node\Microsoft\Windows\CurrentVersion\Run]
"RotateImage"=C:\Program Files (x86)\Integrated Camera Driver\X64\RCIMGDIR.exe [2008-10-30 55808]
"NUSB3MON"=C:\Program Files (x86)\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe [2011-09-16 115048]
"PWMTRV"=rundll32 C:\Program Files (x86)\ThinkPad\Utilities\PWMTR64V.DLL,PwrMgrBkGndMonitor []

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\igfxcui]
C:\Windows\system32\igfxdev.dll [2013-11-01 442880]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\psfus]
C:\Program Files\ThinkVantage Fingerprint Software\psqlpwd.dll [2013-03-05 136488]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa]
"notification packages"=scecli
C:\Program Files\ThinkVantage Fingerprint Software\psqlpwd.dll

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\securityproviders]
"SecurityProviders"=credssp.dll

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\AFD]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"ConsentPromptBehaviorAdmin"=5
"ConsentPromptBehaviorUser"=3
"EnableUIADesktopToggle"=0
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoActiveDesktop"=1
"NoActiveDesktopChanges"=1
"ForceActiveDesktopOn"=0

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Drivers32]
"vidc.mrle"=msrle32.dll
"vidc.msvc"=msvidc32.dll
"msacm.imaadpcm"=imaadp32.acm
"msacm.msg711"=msg711.acm
"msacm.msgsm610"=msgsm32.acm
"msacm.msadpcm"=msadp32.acm
"midimapper"=midimap.dll
"wavemapper"=msacm32.drv
"VIDC.UYVY"=msyuv.dll
"VIDC.YUY2"=msyuv.dll
"VIDC.YVYU"=msyuv.dll
"VIDC.IYUV"=iyuv_32.dll
"vidc.i420"=iyuv_32.dll
"VIDC.YVU9"=tsbyuv.dll
"msacm.l3acm"=C:\Windows\System32\l3codeca.acm
"MSVideo8"=VfWWDM32.dll
"wave"=wdmaud.drv
"midi"=wdmaud.drv
"mixer"=wdmaud.drv
"aux"=wdmaud.drv
"wave1"=wdmaud.drv
"midi1"=wdmaud.drv
"mixer1"=wdmaud.drv
"aux1"=wdmaud.drv

======File associations======

.js - edit - C:\Windows\System32\Notepad.exe %1
.js - open - C:\Windows\System32\WScript.exe "%1" %*

======List of files/folders created in the last 1 month======

2017-11-04 21:17:22 ----D---- C:\Users\User\AppData\Roaming\uTorrent
2017-11-04 21:15:31 ----D---- C:\ProgramData\SWCUTemp
2017-11-04 17:14:40 ----D---- C:\AdwCleaner
2017-10-25 20:21:54 ----D---- C:\Program Files\trend micro
2017-10-25 20:21:53 ----D---- C:\rsit
2017-10-22 22:05:28 ----D---- C:\Users\User\AppData\Roaming\vlc
2017-10-20 14:01:04 ----D---- C:\Users\User\AppData\Roaming\AVAST Software
2017-10-20 13:59:57 ----A---- C:\Windows\system32\drivers\aswStm.sys
2017-10-20 13:59:56 ----A---- C:\Windows\system32\drivers\aswVmm.sys
2017-10-20 13:59:56 ----A---- C:\Windows\system32\drivers\aswSP.sys
2017-10-20 13:59:56 ----A---- C:\Windows\system32\drivers\aswRvrt.sys
2017-10-20 13:59:56 ----A---- C:\Windows\system32\drivers\aswMonFlt.sys
2017-10-20 13:59:55 ----A---- C:\Windows\system32\drivers\aswsnx.sys
2017-10-20 13:59:55 ----A---- C:\Windows\system32\drivers\aswRdr2.sys
2017-10-20 13:59:55 ----A---- C:\Windows\system32\drivers\aswHwid.sys
2017-10-20 13:59:55 ----A---- C:\Windows\system32\drivers\aswbuniva.sys
2017-10-20 13:59:54 ----A---- C:\Windows\system32\drivers\aswbloga.sys
2017-10-20 13:59:54 ----A---- C:\Windows\system32\drivers\aswbidsha.sys
2017-10-20 13:59:54 ----A---- C:\Windows\system32\drivers\aswbidsdrivera.sys
2017-10-20 13:59:43 ----A---- C:\Windows\system32\aswBoot.exe
2017-10-20 13:56:13 ----D---- C:\Program Files\AVAST Software
2017-10-20 13:55:51 ----D---- C:\ProgramData\AVAST Software
2017-10-20 13:50:55 ----A---- C:\Windows\system32\tpinspm.dll
2017-10-20 13:50:55 ----A---- C:\Windows\system32\LPlatSvc.exe
2017-10-20 13:50:55 ----A---- C:\Windows\system32\ibmpmsvc.exe
2017-10-20 13:50:55 ----A---- C:\Windows\system32\ibmpmctl.exe
2017-10-20 13:50:55 ----A---- C:\Windows\system32\drivers\ibmpmdrv.sys
2017-10-20 13:48:32 ----A---- C:\Windows\SYSWOW64\SynTPCOM.dll
2017-10-20 13:48:32 ----A---- C:\Windows\system32\SynTPCo14.dll
2017-10-20 13:48:32 ----A---- C:\Windows\system32\SynTPAPI.dll
2017-10-20 13:48:32 ----A---- C:\Windows\system32\drivers\SynTP.sys
2017-10-20 13:48:30 ----A---- C:\Windows\SYSWOW64\SynCOM.dll
2017-10-20 13:48:27 ----A---- C:\Windows\system32\drivers\Smb_driver_Intel.sys
2017-10-19 02:16:17 ----AC---- C:\Windows\system32\MRT-KB890830.exe
2017-10-16 22:19:20 ----A---- C:\Windows\system32\mshtml.dll
2017-10-16 22:19:19 ----A---- C:\Windows\SYSWOW64\mshtml.dll
2017-10-16 22:19:18 ----A---- C:\Windows\system32\ieframe.dll
2017-10-16 22:19:16 ----A---- C:\Windows\SYSWOW64\ieframe.dll
2017-10-16 22:19:16 ----A---- C:\Windows\system32\jscript9.dll
2017-10-16 22:19:15 ----A---- C:\Windows\SYSWOW64\jscript9.dll
2017-10-16 22:19:15 ----A---- C:\Windows\system32\wininet.dll
2017-10-16 22:19:14 ----A---- C:\Windows\SYSWOW64\wininet.dll
2017-10-16 22:19:14 ----A---- C:\Windows\SYSWOW64\iertutil.dll
2017-10-16 22:19:14 ----A---- C:\Windows\system32\win32k.sys
2017-10-16 22:19:14 ----A---- C:\Windows\system32\iertutil.dll
2017-10-16 22:19:13 ----A---- C:\Windows\SYSWOW64\urlmon.dll
2017-10-16 22:19:13 ----A---- C:\Windows\system32\urlmon.dll
2017-10-16 22:19:13 ----A---- C:\Windows\system32\tquery.dll
2017-10-16 22:19:13 ----A---- C:\Windows\system32\ntoskrnl.exe
2017-10-16 22:19:12 ----A---- C:\Windows\system32\rdpcore.dll
2017-10-16 22:19:12 ----A---- C:\Windows\system32\mf.dll
2017-10-16 22:19:11 ----A---- C:\Windows\SYSWOW64\vbscript.dll
2017-10-16 22:19:11 ----A---- C:\Windows\SYSWOW64\tquery.dll
2017-10-16 22:19:11 ----A---- C:\Windows\SYSWOW64\rdpcore.dll
2017-10-16 22:19:11 ----A---- C:\Windows\SYSWOW64\jscript.dll
2017-10-16 22:19:11 ----A---- C:\Windows\system32\Query.dll
2017-10-16 22:19:11 ----A---- C:\Windows\system32\jscript.dll
2017-10-16 22:19:11 ----A---- C:\Windows\system32\drivers\ntfs.sys
2017-10-16 22:19:10 ----A---- C:\Windows\SYSWOW64\Query.dll
2017-10-16 22:19:10 ----A---- C:\Windows\SYSWOW64\ntoskrnl.exe
2017-10-16 22:19:10 ----A---- C:\Windows\SYSWOW64\ntkrnlpa.exe
2017-10-16 22:19:10 ----A---- C:\Windows\SYSWOW64\msfeeds.dll
2017-10-16 22:19:10 ----A---- C:\Windows\system32\msfeeds.dll
2017-10-16 22:19:10 ----A---- C:\Windows\system32\drivers\srv.sys
2017-10-16 22:19:09 ----A---- C:\Windows\SYSWOW64\ntdll.dll
2017-10-16 22:19:09 ----A---- C:\Windows\SYSWOW64\msexcl40.dll
2017-10-16 22:19:09 ----A---- C:\Windows\SYSWOW64\msctf.dll
2017-10-16 22:19:09 ----A---- C:\Windows\SYSWOW64\mf.dll
2017-10-16 22:19:09 ----A---- C:\Windows\SYSWOW64\gdi32.dll
2017-10-16 22:19:09 ----A---- C:\Windows\system32\wlansec.dll
2017-10-16 22:19:09 ----A---- C:\Windows\system32\msctf.dll
2017-10-16 22:19:09 ----A---- C:\Windows\system32\drivers\nwifi.sys
2017-10-16 22:19:09 ----A---- C:\Windows\system32\drivers\mrxsmb10.sys
2017-10-16 22:19:08 ----A---- C:\Windows\SYSWOW64\wlansec.dll
2017-10-16 22:19:08 ----A---- C:\Windows\SYSWOW64\t2embed.dll
2017-10-16 22:19:08 ----A---- C:\Windows\SYSWOW64\mswstr10.dll
2017-10-16 22:19:08 ----A---- C:\Windows\SYSWOW64\iedkcs32.dll
2017-10-16 22:19:08 ----A---- C:\Windows\system32\wlanmsm.dll
2017-10-16 22:19:08 ----A---- C:\Windows\system32\themeui.dll
2017-10-16 22:19:08 ----A---- C:\Windows\system32\t2embed.dll
2017-10-16 22:19:08 ----A---- C:\Windows\system32\MsSpellCheckingFacility.exe
2017-10-16 22:19:08 ----A---- C:\Windows\system32\MshtmlDac.dll
2017-10-16 22:19:08 ----A---- C:\Windows\system32\mfps.dll
2017-10-16 22:19:08 ----A---- C:\Windows\system32\iedkcs32.dll
2017-10-16 22:19:08 ----A---- C:\Windows\system32\gdi32.dll
2017-10-16 22:19:08 ----A---- C:\Windows\system32\drivers\tssecsrv.sys
2017-10-16 22:19:08 ----A---- C:\Windows\system32\drivers\srv2.sys
2017-10-16 22:19:07 ----A---- C:\Windows\SYSWOW64\wlanmsm.dll
2017-10-16 22:19:07 ----A---- C:\Windows\SYSWOW64\wlanhlp.dll
2017-10-16 22:19:07 ----A---- C:\Windows\SYSWOW64\wlanapi.dll
2017-10-16 22:19:07 ----A---- C:\Windows\SYSWOW64\webcheck.dll
2017-10-16 22:19:07 ----A---- C:\Windows\SYSWOW64\themeui.dll
2017-10-16 22:19:07 ----A---- C:\Windows\SYSWOW64\msjint40.dll
2017-10-16 22:19:07 ----A---- C:\Windows\SYSWOW64\mshtmlmedia.dll
2017-10-16 22:19:07 ----A---- C:\Windows\SYSWOW64\mshtmled.dll
2017-10-16 22:19:07 ----A---- C:\Windows\SYSWOW64\mfps.dll
2017-10-16 22:19:07 ----A---- C:\Windows\SYSWOW64\mfpmp.exe
2017-10-16 22:19:07 ----A---- C:\Windows\SYSWOW64\dxtrans.dll
2017-10-16 22:19:07 ----A---- C:\Windows\SYSWOW64\certcli.dll
2017-10-16 22:19:07 ----A---- C:\Windows\system32\wlansvc.dll
2017-10-16 22:19:07 ----A---- C:\Windows\system32\wlanhlp.dll
2017-10-16 22:19:07 ----A---- C:\Windows\system32\wlanapi.dll
2017-10-16 22:19:07 ----A---- C:\Windows\system32\webcheck.dll
2017-10-16 22:19:07 ----A---- C:\Windows\system32\vbscript.dll
2017-10-16 22:19:07 ----A---- C:\Windows\system32\rpcrt4.dll
2017-10-16 22:19:07 ----A---- C:\Windows\system32\ntdll.dll
2017-10-16 22:19:07 ----A---- C:\Windows\system32\mshtmlmedia.dll
2017-10-16 22:19:07 ----A---- C:\Windows\system32\mshtmled.dll
2017-10-16 22:19:07 ----A---- C:\Windows\system32\mfpmp.exe
2017-10-16 22:19:07 ----A---- C:\Windows\system32\icaapi.dll
2017-10-16 22:19:07 ----A---- C:\Windows\system32\dxtrans.dll
2017-10-16 22:19:07 ----A---- C:\Windows\system32\drivers\ksecpkg.sys
2017-10-16 22:19:07 ----A---- C:\Windows\system32\drivers\ksecdd.sys
2017-10-16 22:19:07 ----A---- C:\Windows\system32\certcli.dll
2017-10-16 22:19:06 ----A---- C:\Windows\SYSWOW64\sspicli.dll
2017-10-16 22:19:06 ----A---- C:\Windows\SYSWOW64\rrinstaller.exe
2017-10-16 22:19:06 ----A---- C:\Windows\SYSWOW64\rpcrt4.dll
2017-10-16 22:19:06 ----A---- C:\Windows\SYSWOW64\ieui.dll
2017-10-16 22:19:06 ----A---- C:\Windows\SYSWOW64\ieapfltr.dll
2017-10-16 22:19:06 ----A---- C:\Windows\SYSWOW64\advapi32.dll
2017-10-16 22:19:06 ----A---- C:\Windows\system32\wow64win.dll
2017-10-16 22:19:06 ----A---- C:\Windows\system32\winsrv.dll
2017-10-16 22:19:06 ----A---- C:\Windows\system32\smss.exe
2017-10-16 22:19:06 ----A---- C:\Windows\system32\schannel.dll
2017-10-16 22:19:06 ----A---- C:\Windows\system32\rrinstaller.exe
2017-10-16 22:19:06 ----A---- C:\Windows\system32\occache.dll
2017-10-16 22:19:06 ----A---- C:\Windows\system32\mssvp.dll
2017-10-16 22:19:06 ----A---- C:\Windows\system32\mssrch.dll
2017-10-16 22:19:06 ----A---- C:\Windows\system32\mssph.dll
2017-10-16 22:19:06 ----A---- C:\Windows\system32\msrating.dll
2017-10-16 22:19:06 ----A---- C:\Windows\system32\lsasrv.dll
2017-10-16 22:19:06 ----A---- C:\Windows\system32\kernel32.dll
2017-10-16 22:19:06 ----A---- C:\Windows\system32\kerberos.dll
2017-10-16 22:19:06 ----A---- C:\Windows\system32\jscript9diag.dll
2017-10-16 22:19:06 ----A---- C:\Windows\system32\ieui.dll
2017-10-16 22:19:06 ----A---- C:\Windows\system32\ieapfltr.dll
2017-10-16 22:19:06 ----A---- C:\Windows\system32\dxtmsft.dll
2017-10-16 22:19:06 ----A---- C:\Windows\system32\drivers\srvnet.sys
2017-10-16 22:19:06 ----A---- C:\Windows\system32\drivers\mrxsmb.sys
2017-10-16 22:19:06 ----A---- C:\Windows\system32\advapi32.dll
2017-10-16 22:19:05 ----A---- C:\Windows\SYSWOW64\wdigest.dll
2017-10-16 22:19:05 ----A---- C:\Windows\SYSWOW64\schannel.dll
2017-10-16 22:19:05 ----A---- C:\Windows\SYSWOW64\rpchttp.dll
2017-10-16 22:19:05 ----A---- C:\Windows\SYSWOW64\occache.dll
2017-10-16 22:19:05 ----A---- C:\Windows\SYSWOW64\ncrypt.dll
2017-10-16 22:19:05 ----A---- C:\Windows\SYSWOW64\msv1_0.dll
2017-10-16 22:19:05 ----A---- C:\Windows\SYSWOW64\mssvp.dll
2017-10-16 22:19:05 ----A---- C:\Windows\SYSWOW64\mssrch.dll
2017-10-16 22:19:05 ----A---- C:\Windows\SYSWOW64\mssph.dll
2017-10-16 22:19:05 ----A---- C:\Windows\SYSWOW64\msrating.dll
2017-10-16 22:19:05 ----A---- C:\Windows\SYSWOW64\MshtmlDac.dll
2017-10-16 22:19:05 ----A---- C:\Windows\SYSWOW64\KernelBase.dll
2017-10-16 22:19:05 ----A---- C:\Windows\SYSWOW64\kerberos.dll
2017-10-16 22:19:05 ----A---- C:\Windows\SYSWOW64\jsproxy.dll
2017-10-16 22:19:05 ----A---- C:\Windows\SYSWOW64\jscript9diag.dll
2017-10-16 22:19:05 ----A---- C:\Windows\SYSWOW64\JavaScriptCollectionAgent.dll
2017-10-16 22:19:05 ----A---- C:\Windows\SYSWOW64\inseng.dll
2017-10-16 22:19:05 ----A---- C:\Windows\SYSWOW64\ieUnatt.exe
2017-10-16 22:19:05 ----A---- C:\Windows\SYSWOW64\ieetwproxystub.dll
2017-10-16 22:19:05 ----A---- C:\Windows\SYSWOW64\dxtmsft.dll
2017-10-16 22:19:05 ----A---- C:\Windows\system32\wow64.dll
2017-10-16 22:19:05 ----A---- C:\Windows\system32\wdigest.dll
2017-10-16 22:19:05 ----A---- C:\Windows\system32\TSpkg.dll
2017-10-16 22:19:05 ----A---- C:\Windows\system32\sspisrv.dll
2017-10-16 22:19:05 ----A---- C:\Windows\system32\sspicli.dll
2017-10-16 22:19:05 ----A---- C:\Windows\system32\srcore.dll
2017-10-16 22:19:05 ----A---- C:\Windows\system32\rpchttp.dll
2017-10-16 22:19:05 ----A---- C:\Windows\system32\ncrypt.dll
2017-10-16 22:19:05 ----A---- C:\Windows\system32\msv1_0.dll
2017-10-16 22:19:05 ----A---- C:\Windows\system32\mssprxy.dll
2017-10-16 22:19:05 ----A---- C:\Windows\system32\mssphtb.dll
2017-10-16 22:19:05 ----A---- C:\Windows\system32\mssitlb.dll
2017-10-16 22:19:05 ----A---- C:\Windows\system32\lsass.exe
2017-10-16 22:19:05 ----A---- C:\Windows\system32\KernelBase.dll
2017-10-16 22:19:05 ----A---- C:\Windows\system32\jsproxy.dll
2017-10-16 22:19:05 ----A---- C:\Windows\system32\JavaScriptCollectionAgent.dll
2017-10-16 22:19:05 ----A---- C:\Windows\system32\inseng.dll
2017-10-16 22:19:05 ----A---- C:\Windows\system32\ieUnatt.exe
2017-10-16 22:19:05 ----A---- C:\Windows\system32\iesetup.dll
2017-10-16 22:19:05 ----A---- C:\Windows\system32\iernonce.dll
2017-10-16 22:19:05 ----A---- C:\Windows\system32\ieetwproxystub.dll
2017-10-16 22:19:05 ----A---- C:\Windows\system32\ie4uinit.exe
2017-10-16 22:19:05 ----A---- C:\Windows\system32\drivers\mrxsmb20.sys
2017-10-16 22:19:05 ----A---- C:\Windows\system32\drivers\appid.sys
2017-10-16 22:19:05 ----A---- C:\Windows\system32\csrsrv.dll
2017-10-16 22:19:05 ----A---- C:\Windows\system32\cryptbase.dll
2017-10-16 22:19:05 ----A---- C:\Windows\system32\conhost.exe
2017-10-16 22:19:05 ----A---- C:\Windows\system32\bcrypt.dll
2017-10-16 22:19:04 ----AH---- C:\Windows\SYSWOW64\api-ms-win-security-base-l1-1-0.dll
2017-10-16 22:19:04 ----AH---- C:\Windows\SYSWOW64\api-ms-win-core-xstate-l1-1-0.dll
2017-10-16 22:19:04 ----AH---- C:\Windows\SYSWOW64\api-ms-win-core-util-l1-1-0.dll
2017-10-16 22:19:04 ----AH---- C:\Windows\SYSWOW64\api-ms-win-core-threadpool-l1-1-0.dll
2017-10-16 22:19:04 ----AH---- C:\Windows\SYSWOW64\api-ms-win-core-sysinfo-l1-1-0.dll
2017-10-16 22:19:04 ----AH---- C:\Windows\SYSWOW64\api-ms-win-core-synch-l1-1-0.dll
2017-10-16 22:19:04 ----AH---- C:\Windows\SYSWOW64\api-ms-win-core-string-l1-1-0.dll
2017-10-16 22:19:04 ----AH---- C:\Windows\SYSWOW64\api-ms-win-core-rtlsupport-l1-1-0.dll
2017-10-16 22:19:04 ----AH---- C:\Windows\SYSWOW64\api-ms-win-core-profile-l1-1-0.dll
2017-10-16 22:19:04 ----AH---- C:\Windows\SYSWOW64\api-ms-win-core-processthreads-l1-1-0.dll
2017-10-16 22:19:04 ----AH---- C:\Windows\SYSWOW64\api-ms-win-core-processenvironment-l1-1-0.dll
2017-10-16 22:19:04 ----AH---- C:\Windows\SYSWOW64\api-ms-win-core-namedpipe-l1-1-0.dll
2017-10-16 22:19:04 ----AH---- C:\Windows\SYSWOW64\api-ms-win-core-misc-l1-1-0.dll
2017-10-16 22:19:04 ----AH---- C:\Windows\SYSWOW64\api-ms-win-core-memory-l1-1-0.dll
2017-10-16 22:19:04 ----AH---- C:\Windows\SYSWOW64\api-ms-win-core-localregistry-l1-1-0.dll
2017-10-16 22:19:04 ----AH---- C:\Windows\SYSWOW64\api-ms-win-core-localization-l1-1-0.dll
2017-10-16 22:19:04 ----AH---- C:\Windows\SYSWOW64\api-ms-win-core-libraryloader-l1-1-0.dll
2017-10-16 22:19:04 ----AH---- C:\Windows\SYSWOW64\api-ms-win-core-io-l1-1-0.dll
2017-10-16 22:19:04 ----AH---- C:\Windows\SYSWOW64\api-ms-win-core-interlocked-l1-1-0.dll
2017-10-16 22:19:04 ----AH---- C:\Windows\SYSWOW64\api-ms-win-core-heap-l1-1-0.dll
2017-10-16 22:19:04 ----AH---- C:\Windows\SYSWOW64\api-ms-win-core-handle-l1-1-0.dll
2017-10-16 22:19:04 ----AH---- C:\Windows\SYSWOW64\api-ms-win-core-file-l1-1-0.dll
2017-10-16 22:19:04 ----AH---- C:\Windows\SYSWOW64\api-ms-win-core-fibers-l1-1-0.dll
2017-10-16 22:19:04 ----AH---- C:\Windows\SYSWOW64\api-ms-win-core-errorhandling-l1-1-0.dll
2017-10-16 22:19:04 ----AH---- C:\Windows\SYSWOW64\api-ms-win-core-delayload-l1-1-0.dll
2017-10-16 22:19:04 ----AH---- C:\Windows\SYSWOW64\api-ms-win-core-debug-l1-1-0.dll
2017-10-16 22:19:04 ----AH---- C:\Windows\SYSWOW64\api-ms-win-core-datetime-l1-1-0.dll
2017-10-16 22:19:04 ----AH---- C:\Windows\SYSWOW64\api-ms-win-core-console-l1-1-0.dll
2017-10-16 22:19:04 ----AH---- C:\Windows\system32\api-ms-win-security-base-l1-1-0.dll
2017-10-16 22:19:04 ----AH---- C:\Windows\system32\api-ms-win-core-xstate-l1-1-0.dll
2017-10-16 22:19:04 ----AH---- C:\Windows\system32\api-ms-win-core-util-l1-1-0.dll
2017-10-16 22:19:04 ----AH---- C:\Windows\system32\api-ms-win-core-threadpool-l1-1-0.dll
2017-10-16 22:19:04 ----AH---- C:\Windows\system32\api-ms-win-core-sysinfo-l1-1-0.dll
2017-10-16 22:19:04 ----AH---- C:\Windows\system32\api-ms-win-core-synch-l1-1-0.dll
2017-10-16 22:19:04 ----AH---- C:\Windows\system32\api-ms-win-core-string-l1-1-0.dll
2017-10-16 22:19:04 ----AH---- C:\Windows\system32\api-ms-win-core-rtlsupport-l1-1-0.dll
2017-10-16 22:19:04 ----AH---- C:\Windows\system32\api-ms-win-core-profile-l1-1-0.dll
2017-10-16 22:19:04 ----AH---- C:\Windows\system32\api-ms-win-core-processthreads-l1-1-0.dll
2017-10-16 22:19:04 ----AH---- C:\Windows\system32\api-ms-win-core-processenvironment-l1-1-0.dll
2017-10-16 22:19:04 ----AH---- C:\Windows\system32\api-ms-win-core-namedpipe-l1-1-0.dll
2017-10-16 22:19:04 ----AH---- C:\Windows\system32\api-ms-win-core-misc-l1-1-0.dll
2017-10-16 22:19:04 ----AH---- C:\Windows\system32\api-ms-win-core-memory-l1-1-0.dll
2017-10-16 22:19:04 ----AH---- C:\Windows\system32\api-ms-win-core-localregistry-l1-1-0.dll
2017-10-16 22:19:04 ----AH---- C:\Windows\system32\api-ms-win-core-localization-l1-1-0.dll
2017-10-16 22:19:04 ----AH---- C:\Windows\system32\api-ms-win-core-libraryloader-l1-1-0.dll
2017-10-16 22:19:04 ----AH---- C:\Windows\system32\api-ms-win-core-io-l1-1-0.dll
2017-10-16 22:19:04 ----AH---- C:\Windows\system32\api-ms-win-core-interlocked-l1-1-0.dll
2017-10-16 22:19:04 ----AH---- C:\Windows\system32\api-ms-win-core-heap-l1-1-0.dll
2017-10-16 22:19:04 ----AH---- C:\Windows\system32\api-ms-win-core-handle-l1-1-0.dll
2017-10-16 22:19:04 ----AH---- C:\Windows\system32\api-ms-win-core-file-l1-1-0.dll
2017-10-16 22:19:04 ----AH---- C:\Windows\system32\api-ms-win-core-fibers-l1-1-0.dll
2017-10-16 22:19:04 ----AH---- C:\Windows\system32\api-ms-win-core-errorhandling-l1-1-0.dll
2017-10-16 22:19:04 ----AH---- C:\Windows\system32\api-ms-win-core-delayload-l1-1-0.dll
2017-10-16 22:19:04 ----AH---- C:\Windows\system32\api-ms-win-core-debug-l1-1-0.dll
2017-10-16 22:19:04 ----AH---- C:\Windows\system32\api-ms-win-core-datetime-l1-1-0.dll
2017-10-16 22:19:04 ----AH---- C:\Windows\system32\api-ms-win-core-console-l1-1-0.dll
2017-10-16 22:19:04 ----A---- C:\Windows\SYSWOW64\wow32.dll
2017-10-16 22:19:04 ----A---- C:\Windows\SYSWOW64\user.exe
2017-10-16 22:19:04 ----A---- C:\Windows\SYSWOW64\TSpkg.dll
2017-10-16 22:19:04 ----A---- C:\Windows\SYSWOW64\srclient.dll
2017-10-16 22:19:04 ----A---- C:\Windows\SYSWOW64\setup16.exe
2017-10-16 22:19:04 ----A---- C:\Windows\SYSWOW64\secur32.dll
2017-10-16 22:19:04 ----A---- C:\Windows\SYSWOW64\SearchProtocolHost.exe
2017-10-16 22:19:04 ----A---- C:\Windows\SYSWOW64\SearchIndexer.exe
2017-10-16 22:19:04 ----A---- C:\Windows\SYSWOW64\SearchFilterHost.exe
2017-10-16 22:19:04 ----A---- C:\Windows\SYSWOW64\ntvdm64.dll
2017-10-16 22:19:04 ----A---- C:\Windows\SYSWOW64\mssprxy.dll
2017-10-16 22:19:04 ----A---- C:\Windows\SYSWOW64\mssphtb.dll
2017-10-16 22:19:04 ----A---- C:\Windows\SYSWOW64\mssitlb.dll
2017-10-16 22:19:04 ----A---- C:\Windows\SYSWOW64\msshooks.dll
2017-10-16 22:19:04 ----A---- C:\Windows\SYSWOW64\msscntrs.dll
2017-10-16 22:19:04 ----A---- C:\Windows\SYSWOW64\msobjs.dll
2017-10-16 22:19:04 ----A---- C:\Windows\SYSWOW64\msaudite.dll
2017-10-16 22:19:04 ----A---- C:\Windows\SYSWOW64\kernel32.dll
2017-10-16 22:19:04 ----A---- C:\Windows\SYSWOW64\instnm.exe
2017-10-16 22:19:04 ----A---- C:\Windows\SYSWOW64\iesetup.dll
2017-10-16 22:19:04 ----A---- C:\Windows\SYSWOW64\iernonce.dll
2017-10-16 22:19:04 ----A---- C:\Windows\SYSWOW64\cryptbase.dll
2017-10-16 22:19:04 ----A---- C:\Windows\SYSWOW64\credssp.dll
2017-10-16 22:19:04 ----A---- C:\Windows\SYSWOW64\bcrypt.dll
2017-10-16 22:19:04 ----A---- C:\Windows\SYSWOW64\auditpol.exe
2017-10-16 22:19:04 ----A---- C:\Windows\SYSWOW64\appidapi.dll
2017-10-16 22:19:04 ----A---- C:\Windows\SYSWOW64\apisetschema.dll
2017-10-16 22:19:04 ----A---- C:\Windows\SYSWOW64\adtschema.dll
2017-10-16 22:19:04 ----A---- C:\Windows\system32\wow64cpu.dll
2017-10-16 22:19:04 ----A---- C:\Windows\system32\srclient.dll
2017-10-16 22:19:04 ----A---- C:\Windows\system32\setbcdlocale.dll
2017-10-16 22:19:04 ----A---- C:\Windows\system32\secur32.dll
2017-10-16 22:19:04 ----A---- C:\Windows\system32\SearchProtocolHost.exe
2017-10-16 22:19:04 ----A---- C:\Windows\system32\SearchIndexer.exe
2017-10-16 22:19:04 ----A---- C:\Windows\system32\SearchFilterHost.exe
2017-10-16 22:19:04 ----A---- C:\Windows\system32\rstrui.exe
2017-10-16 22:19:04 ----A---- C:\Windows\system32\ntvdm64.dll
2017-10-16 22:19:04 ----A---- C:\Windows\system32\msshooks.dll
2017-10-16 22:19:04 ----A---- C:\Windows\system32\msscntrs.dll
2017-10-16 22:19:04 ----A---- C:\Windows\system32\msobjs.dll
2017-10-16 22:19:04 ----A---- C:\Windows\system32\msaudite.dll
2017-10-16 22:19:04 ----A---- C:\Windows\system32\ieetwcollector.exe
2017-10-16 22:19:04 ----A---- C:\Windows\system32\credssp.dll
2017-10-16 22:19:04 ----A---- C:\Windows\system32\auditpol.exe
2017-10-16 22:19:04 ----A---- C:\Windows\system32\appidsvc.dll
2017-10-16 22:19:04 ----A---- C:\Windows\system32\appidpolicyconverter.exe
2017-10-16 22:19:04 ----A---- C:\Windows\system32\appidcertstorecheck.exe
2017-10-16 22:19:04 ----A---- C:\Windows\system32\appidapi.dll
2017-10-16 22:19:04 ----A---- C:\Windows\system32\apisetschema.dll
2017-10-16 22:19:04 ----A---- C:\Windows\system32\adtschema.dll
2017-10-16 22:19:03 ----A---- C:\Windows\SYSWOW64\mferror.dll
2017-10-16 22:19:03 ----A---- C:\Windows\system32\mferror.dll
2017-10-16 22:19:03 ----A---- C:\Windows\system32\ieetwcollectorres.dll

======List of files/folders modified in the last 1 month======

2017-11-05 17:54:57 ----D---- C:\Windows\Temp
2017-11-05 16:42:06 ----D---- C:\Windows\system32\config
2017-11-04 22:30:43 ----D---- C:\Windows\system32\drivers
2017-11-04 21:21:01 ----D---- C:\Windows\system32\LogFiles
2017-11-04 21:15:46 ----D---- C:\Windows\Prefetch
2017-11-04 21:15:31 ----HD---- C:\ProgramData
2017-11-04 17:25:22 ----D---- C:\Windows\System32
2017-11-04 17:25:22 ----D---- C:\Windows\inf
2017-11-04 17:25:22 ----A---- C:\Windows\system32\PerfStringBackup.INI
2017-10-26 10:22:33 ----D---- C:\Windows\system32\wdi
2017-10-25 20:21:54 ----RD---- C:\Program Files
2017-10-22 19:52:12 ----D---- C:\Windows\rescache
2017-10-20 14:00:05 ----D---- C:\Windows\system32\Tasks
2017-10-20 13:59:46 ----D---- C:\Windows\winsxs
2017-10-20 13:55:58 ----D---- C:\Windows
2017-10-20 13:54:54 ----SHD---- C:\Config.Msi
2017-10-20 13:51:05 ----D---- C:\Windows\system32\catroot
2017-10-20 13:50:57 ----D---- C:\Windows\system32\DriverStore
2017-10-20 13:50:19 ----D---- C:\Windows\SysWOW64
2017-10-20 13:50:09 ----SHD---- C:\Windows\Installer
2017-10-20 13:49:58 ----RD---- C:\Program Files (x86)
2017-10-19 16:47:33 ----D---- C:\Windows\Microsoft.NET
2017-10-19 12:46:10 ----D---- C:\Program Files\Internet Explorer
2017-10-19 12:46:09 ----D---- C:\Windows\SYSWOW64\migration
2017-10-19 12:46:09 ----D---- C:\Windows\SYSWOW64\en-US
2017-10-19 12:46:09 ----D---- C:\Program Files (x86)\Internet Explorer
2017-10-19 12:46:06 ----D---- C:\Windows\system32\migration
2017-10-19 12:46:06 ----D---- C:\Windows\system32\en-US
2017-10-19 12:46:03 ----D---- C:\Windows\AppPatch
2017-10-19 12:46:02 ----D---- C:\Windows\system32\Boot
2017-10-19 02:22:17 ----D---- C:\Windows\system32\MRT
2017-10-19 02:20:52 ----SHD---- C:\System Volume Information
2017-10-19 02:16:07 ----AC---- C:\Windows\system32\MRT.exe
2017-10-19 02:08:53 ----A---- C:\Windows\SYSWOW64\PerfStringBackup.INI
2017-10-16 22:29:39 ----D---- C:\Windows\system32\catroot2

======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R0 aswbidsh;aswbidsh; C:\Windows\system32\drivers\aswbidsha.sys [2017-10-20 198976]
R0 aswblog;aswblog; C:\Windows\system32\drivers\aswbloga.sys [2017-10-20 343288]
R0 aswbuniv;aswbuniv; C:\Windows\system32\drivers\aswbuniva.sys [2017-10-20 57736]
R0 aswRvrt;aswRvrt; C:\Windows\system32\drivers\aswRvrt.sys [2017-10-20 84416]
R0 aswVmm;aswVmm; C:\Windows\system32\drivers\aswVmm.sys [2017-10-20 363440]
R0 DzHDD64;DzHDD64; C:\Windows\System32\DRIVERS\DzHDD64.sys [2017-07-27 29512]
R0 rdyboost;ReadyBoost; C:\Windows\System32\drivers\rdyboost.sys [2010-11-21 213888]
R1 aswbidsdriver;aswbidsdriver; C:\Windows\system32\drivers\aswbidsdrivera.sys [2017-10-20 321032]
R1 aswRdr;aswRdr; C:\Windows\system32\drivers\aswRdr2.sys [2017-10-20 110376]
R1 aswSnx;aswSnx; C:\Windows\system32\drivers\aswSnx.sys [2017-10-27 1029872]
R1 aswSP;aswSP; C:\Windows\system32\drivers\aswSP.sys [2017-10-20 587168]
R1 CSC;@%systemroot%\system32\cscsvc.dll,-202; C:\Windows\system32\drivers\csc.sys [2010-11-21 514560]
R1 lenovo.smi;Lenovo System Interface Driver; C:\Windows\system32\DRIVERS\smiifx64.sys [2010-09-07 15472]
R1 TPPWRIF;TPPWRIF; C:\Windows\System32\drivers\Tppwr64v.sys [2017-07-27 39264]
R1 vwififlt;Virtual WiFi Filter Driver; C:\Windows\system32\DRIVERS\vwififlt.sys [2009-07-14 59904]
R2 aswMonFlt;aswMonFlt; C:\Windows\system32\drivers\aswMonFlt.sys [2017-10-20 147776]
R2 aswStm;aswStm; C:\Windows\system32\drivers\aswStm.sys [2017-10-20 201352]
R2 risdxc;risdxc; C:\Windows\system32\DRIVERS\risdxc64.sys [2011-05-25 101888]
R2 smihlp;SMI Helper Driver (smihlp); \??\C:\Program Files\ThinkVantage Fingerprint Software\smihlp.sys [2011-05-30 13128]
R3 5U877;USB Video Device; C:\Windows\system32\DRIVERS\5U877.sys [2011-03-04 166016]
R3 bpenum;Intel(R) Centrino(R) WiMAX Enumerator; C:\Windows\system32\DRIVERS\bpenum.sys [2012-07-03 84480]
R3 CnxtHdAudService;Conexant UAA Function Driver for High Definition Audio Service; C:\Windows\system32\drivers\CHDRT64.sys [2012-06-05 1580704]
R3 e1cexpress;Intel(R) PRO/1000 PCI Express Network Connection Driver C; C:\Windows\system32\DRIVERS\e1c62x64.sys [2012-01-11 360624]
R3 IBMPMDRV;IBMPMDRV; C:\Windows\system32\DRIVERS\ibmpmdrv.sys [2017-09-15 86912]
R3 igfx;igfx; C:\Windows\system32\DRIVERS\igdkmd64.sys [2013-11-01 5363200]
R3 IntcDAud;Intel(R) Display Audio; C:\Windows\system32\DRIVERS\IntcDAud.sys [2012-06-19 342528]
R3 MEIx64;Intel(R) Management Engine Interface ; C:\Windows\system32\DRIVERS\HECIx64.sys [2010-10-19 56344]
R3 NETwNs64;___ Intel(R) Wireless WiFi Link 5000 Series Adapter Driver for Windows 7 - 64 Bit; C:\Windows\system32\DRIVERS\NETwNs64.sys [2011-10-31 8615936]
R3 SmbDrvI;SmbDrvI; C:\Windows\system32\DRIVERS\Smb_driver_Intel.sys [2014-07-28 45296]
R3 SynTP;Synaptics TouchPad Driver; C:\Windows\system32\DRIVERS\SynTP.sys [2014-07-28 461552]
R3 TPM;TPM; C:\Windows\system32\drivers\tpm.sys [2016-02-05 147904]
R3 WinUsb;WinUSB Driver; C:\Windows\system32\DRIVERS\WinUSB.sys [2010-11-21 41984]
S1 MpKsl3cbd91d5;MpKsl3cbd91d5; \??\c:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{998D2713-3871-4023-8635-903BC62A60AD}\MpKsl3cbd91d5.sys []
S3 aswHwid;aswHwid; C:\Windows\system32\drivers\aswHwid.sys [2017-10-20 47008]
S3 BthEnum;Bluetooth Request Block Driver; C:\Windows\system32\drivers\BthEnum.sys [2009-07-14 41984]
S3 BthPan;Bluetooth Device (Personal Area Network); C:\Windows\system32\drivers\bthpan.sys [2017-07-06 119296]
S3 BTHPORT;Bluetooth Port Driver; C:\Windows\System32\Drivers\BTHport.sys [2012-07-06 552960]
S3 BTHUSB;Bluetooth Radio USB Driver; C:\Windows\System32\Drivers\BTHUSB.sys [2011-04-28 80384]
S3 dmvsc;dmvsc; C:\Windows\system32\drivers\dmvsc.sys [2010-11-21 71168]
S3 ecnssndis; Mobile Broadband Driver; C:\Windows\System32\Drivers\wwuss64.sys [2011-06-13 26664]
S3 ecnssndisfltr; Mobile Broadband Driver Filter; C:\Windows\System32\Drivers\wwussf64.sys [2011-06-13 30248]
S3 l36wgps; Mobile Broadband GPS Port; C:\Windows\system32\DRIVERS\l36wgps64.sys [2011-07-01 101416]
S3 Mbm3CBus;F5521gw Mobile Broadband Device (WDM); C:\Windows\system32\DRIVERS\Mbm3CBus.sys [2011-04-29 419400]
S3 Mbm3DevMt; Mobile Broadband Device Management Driver (WDM); C:\Windows\system32\DRIVERS\Mbm3DevMt.sys [2011-04-29 430664]
S3 Mbm3mdfl; Mobile Broadband Modem Port Filter; C:\Windows\system32\DRIVERS\Mbm3mdfl.sys [2011-04-29 19528]
S3 Mbm3Mdm; Mobile Broadband Modem Port Driver; C:\Windows\system32\DRIVERS\Mbm3Mdm.sys [2011-04-29 483400]
S3 pciide;pciide; C:\Windows\system32\drivers\pciide.sys [2009-07-14 12352]
S3 pmxdrv;pmxdrv; \??\C:\Windows\system32\drivers\pmxdrv.sys [2017-10-31 31152]
S3 RDPDR;Terminal Server Device Redirector Driver; C:\Windows\System32\drivers\rdpdr.sys [2010-11-21 165888]
S3 RFCOMM;Bluetooth Device (RFCOMM Protocol TDI); C:\Windows\system32\DRIVERS\rfcomm.sys [2009-07-14 158720]
S3 RTL8192Ce;Realtek Wireless LAN 802.11n PCI-E NIC Driver; C:\Windows\system32\DRIVERS\rtl8192Ce.sys [2012-03-09 876136]
S3 s3cap;s3cap; C:\Windows\system32\drivers\vms3cap.sys [2010-11-21 6656]
S3 storvsc;storvsc; C:\Windows\system32\drivers\storvsc.sys [2010-11-21 34688]
S3 TsUsbFlt;TsUsbFlt; C:\Windows\system32\drivers\tsusbflt.sys [2010-11-21 59392]
S3 TsUsbGD;Remote Desktop Generic USB Device; C:\Windows\system32\drivers\TsUsbGD.sys [2010-11-21 31232]
S3 vmbus;vmbus; C:\Windows\system32\drivers\vmbus.sys [2010-11-21 199552]
S3 VMBusHID;VMBusHID; C:\Windows\system32\drivers\VMBusHID.sys [2010-11-21 21760]

======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R2 avast! Antivirus;Avast Antivirus; C:\Program Files\AVAST Software\Avast\AvastSvc.exe [2017-10-20 281416]
R2 CscService;@%systemroot%\system32\cscsvc.dll,-200; C:\Windows\System32\svchost.exe [2009-07-14 27136]
R2 CxAudMsg;@C:\Windows\system32\CxAudMsg64.exe,-100; C:\Windows\system32\CxAudMsg64.exe [2010-12-17 198784]
R2 DiagTrack;@%SystemRoot%\system32\UtcResources.dll,-3001; C:\Windows\System32\svchost.exe [2009-07-14 27136]
R2 DMAgent;Intel® PROSet/Wireless WiMAX Red Bend Device Management Service; C:\Program Files\Intel\WiMAX\Bin\DMAgent.exe [2012-07-18 514048]
R2 EvtEng;Intel(R) PROSet/Wireless Event Log; C:\Program Files\Intel\WiFi\bin\EvtEng.exe [2011-11-01 1518352]
R2 IBMPMSVC;Lenovo PM Service; C:\Windows\system32\ibmpmsvc.exe [2017-09-15 830032]
R2 LENOVO.MICMUTE;Lenovo Microphone Mute; C:\Program Files\LENOVO\HOTKEY\MICMUTE.exe [2014-05-27 110128]
R2 LPlatSvc;Lenovo Platform Service; C:\Windows\system32\LPlatSvc.exe [2017-09-15 774736]
R2 RegSrvc;Intel(R) PROSet/Wireless Registry Service; C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe [2011-11-01 844560]
R2 SAService;Conexant SmartAudio service; C:\Windows\system32\SAsrv.exe []
R2 TPHKLOAD;Lenovo Hotkey Client Loader; C:\Program Files\LENOVO\HOTKEY\TPHKLOAD.exe [2014-06-10 125424]
R2 TPHKSVC;On Screen Display; C:\Program Files\LENOVO\HOTKEY\TPHKSVC.exe [2014-05-27 125488]
R2 WiMAXAppSrv;Intel® PROSet/Wireless WiMAX Service; C:\Program Files\Intel\WiMAX\Bin\AppSrv.exe [2012-07-18 979456]
R2 WMCoreService;Mobile Broadband Service; C:\Program Files (x86)\Mobile Broadband drivers\WMCore\mini_WMCore.exe [2011-08-12 648744]
R3 AppMgmt;@appmgmts.dll,-3250; C:\Windows\system32\svchost.exe [2009-07-14 27136]
R3 aswbIDSAgent;aswbIDSAgent; C:\Program Files\AVAST Software\Avast\x64\aswidsagenta.exe [2017-10-20 7446024]
R3 ICCS;Intel(R) Integrated Clock Controller Service - Intel(R) ICCS; C:\Program Files (x86)\Intel\Intel(R) Integrated Clock Controller Service\ICCProxy.exe [2012-04-24 169752]
R3 Power Manager DBC Service;Power Manager Service; C:\Program Files (x86)\ThinkPad\Utilities\PWMDBSVC.EXE [2017-07-27 1669488]
R3 SUService;System Update; C:\Program Files (x86)\Lenovo\System Update\SUService.exe [2017-08-16 23928]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86; C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2017-04-21 107656]
S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64; C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2017-04-21 128648]
S2 gupdate;Google Update Service (gupdate); C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2015-04-09 107848]
S3 cphs;Intel(R) Content Protection HECI Service; C:\Windows\SysWow64\IntelCpHeciSvc.exe [2013-11-30 279024]
S3 DozeSvc;Lenovo Doze Mode Service; C:\Program Files (x86)\ThinkPad\Utilities\DZSVC64.EXE [2017-07-27 326160]
S3 gupdatem;Google Update Service (gupdatem); C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2015-04-09 107848]
S3 IEEtwCollectorService;@%SystemRoot%\system32\ieetwcollectorres.dll,-1000; C:\Windows\system32\IEEtwCollector.exe [2017-09-07 116224]
S3 PeerDistSvc;@%SystemRoot%\system32\peerdistsvc.dll,-9000; C:\Windows\System32\svchost.exe [2009-07-14 27136]
S3 StorSvc;@%SystemRoot%\System32\StorSvc.dll,-100; C:\Windows\System32\svchost.exe [2009-07-14 27136]
S3 UmRdpService;@%SystemRoot%\system32\umrdp.dll,-1000; C:\Windows\System32\svchost.exe [2009-07-14 27136]
S3 WatAdminSvc;@%SystemRoot%\system32\Wat\WatUX.exe,-601; C:\Windows\system32\Wat\WatAdminSvc.exe [2013-10-22 1255736]
S4 aspnet_state;ASP.NET State Service; C:\Windows\Microsoft.NET\Framework64\v4.0.30319\aspnet_state.exe [2017-04-21 52856]
S4 NetMsmqActivator;@C:\Windows\Microsoft.NET\Framework64\v4.0.30319\\ServiceModelInstallRC.dll,-8195; C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe [2017-04-21 136312]
S4 NetPipeActivator;@C:\Windows\Microsoft.NET\Framework64\v4.0.30319\\ServiceModelInstallRC.dll,-8197; C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe [2017-04-21 136312]
S4 NetTcpActivator;@C:\Windows\Microsoft.NET\Framework64\v4.0.30319\\ServiceModelInstallRC.dll,-8199; C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe [2017-04-21 136312]

-----------------EOF-----------------

Uživatelský avatar
Rudy
Site Admin
Site Admin
Příspěvky: 118196
Registrován: 30 říj 2003 13:42
Bydliště: Plzeň
Kontaktovat uživatele:

Re: prosím o kontrolu

#6 Příspěvek od Rudy »

Stáhněte OTM: http://oldtimer.geekstogo.com/OTM.exe a uložte na plochu. Spusťte a do levého okna zkopírujte:
:commands
[Purity]
[Emptytemp]
[Emptyflash]
a klikněte na >MoveIt!<. Před skenem vypněte antivir a po něm restartujte PC. Dejte nový log RSIT. Všechny spuštěné procesy jsou regulérní.
Dotazy a logy vkládejte pouze do vašich threadů. Soukromé zprávy, icq a e-maily neslouží k řešení vašich problémů.

Podpořte, prosím, naše fórum : https://platba.viry.cz/payment/.

Navštivte: Obrázek

e-mail: rudy(zavináč)forum.viry.cz

Varování:
Před odvirováním PC si udělejte zálohy svých důležitých dat (pošta, kontakty, dokumenty, fotografie, videa, hudba apod.). Virus mimo svých "viditelných" aktivit může poškodit systém!


Po dořešení vašeho problému bude vlákno zamknuto. Stejně tak tehdy, pokud bude nečinné více než 14dnů. Pokud budete chtít vlákno aktivovat, napište mi na mail uvedený výše.

funnyman_
Návštěvník
Návštěvník
Příspěvky: 16
Registrován: 16 črc 2012 15:47

Re: prosím o kontrolu

#7 Příspěvek od funnyman_ »

All processes killed
========== COMMANDS ==========

[EMPTYTEMP]

User: All Users

User: Default
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes

User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes

User: Public

User: User
->Temp folder emptied: 129089653 bytes
->Temporary Internet Files folder emptied: 4156774 bytes
->Google Chrome cache emptied: 522484421 bytes

%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32 (64bit) .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 541285660 bytes
%systemroot%\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files folder emptied: 33298 bytes
%systemroot%\sysnative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files folder emptied: 58488144 bytes
RecycleBin emptied: 71028 bytes

Total Files Cleaned = 1,197.00 mb


[EMPTYFLASH]

User: All Users

User: Default

User: Default User

User: Public

User: User

Total Flash Files Cleaned = 0.00 mb


OTM by OldTimer - Version 3.1.21.0 log created on 11222017_180040

Files moved on Reboot...
C:\Users\User\AppData\Local\Temp\FXSAPIDebugLogFile.txt moved successfully.
C:\Users\User\AppData\Local\Microsoft\Windows\Temporary Internet Files\counters.dat moved successfully.
C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Cache\data_0 moved successfully.
C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Cache\data_1 moved successfully.
C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Cache\data_2 moved successfully.
C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Cache\data_3 moved successfully.
C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Cache\data_4 moved successfully.
C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Cache\index moved successfully.
File move failed. C:\Windows\temp\_avast_\AvLock.txt scheduled to be moved on reboot.
File move failed. C:\Windows\SysWow64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\counters.dat scheduled to be moved on reboot.
File move failed. C:\Windows\SysNative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\counters.dat scheduled to be moved on reboot.

Registry entries deleted on Reboot...


-------------------------------------------------------------------------------------------------------------------------------------------------


Logfile of random's system information tool 1.10 (written by random/random)
Run by User at 2017-11-22 18:18:09
Microsoft Windows 7 Professional Service Pack 1
System drive C: has 253 GB (83%) free of 305 GB
Total RAM: 6027 MB (55% free)

Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 18:18:13, on 22/11/2017
Platform: Windows 7 SP1 (WinNT 6.00.3505)
MSIE: Internet Explorer v11.0 (11.00.9600.18838)
Boot mode: Normal

Running processes:
C:\PROGRA~1\Lenovo\Zoom\TPSCREX.EXE
C:\PROGRA~1\Lenovo\HOTKEY\TPONSCR.EXE
C:\Program Files\AVAST Software\Avast\AvastUI.exe
C:\Program Files (x86)\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe
C:\Windows\SysWOW64\rundll32.exe
C:\Program Files (x86)\ThinkPad\Utilities\SCHTASK.exe
C:\Program Files\trend micro\User.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/p/?LinkId=255141
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/p/?LinkId=255141
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
F2 - REG:system.ini: UserInit=userinit.exe
O2 - BHO: avast! Online Security - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll
O4 - HKLM\..\Run: [RotateImage] C:\Program Files (x86)\Integrated Camera Driver\X64\RCIMGDIR.exe
O4 - HKLM\..\Run: [NUSB3MON] "C:\Program Files (x86)\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe"
O4 - HKLM\..\Run: [PWMTRV] rundll32 "C:\Program Files (x86)\ThinkPad\Utilities\PWMTR64V.DLL",PwrMgrBkGndMonitor
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-20\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'NETWORK SERVICE')
O11 - Options group: [ACCELERATED_GRAPHICS] Accelerated graphics
O23 - Service: @%SystemRoot%\system32\Alg.exe,-112 (ALG) - Unknown owner - C:\Windows\System32\alg.exe (file missing)
O23 - Service: aswbIDSAgent - AVAST Software - C:\Program Files\AVAST Software\Avast\x64\aswidsagenta.exe
O23 - Service: Avast Antivirus (avast! Antivirus) - AVAST Software - C:\Program Files\AVAST Software\Avast\AvastSvc.exe
O23 - Service: Intel(R) Content Protection HECI Service (cphs) - Intel Corporation - C:\Windows\SysWow64\IntelCpHeciSvc.exe
O23 - Service: @C:\Windows\system32\CxAudMsg64.exe,-100 (CxAudMsg) - Unknown owner - C:\Windows\system32\CxAudMsg64.exe (file missing)
O23 - Service: Intel® PROSet/Wireless WiMAX Red Bend Device Management Service (DMAgent) - Red Bend Ltd. - C:\Program Files\Intel\WiMAX\Bin\DMAgent.exe
O23 - Service: Lenovo Doze Mode Service (DozeSvc) - Lenovo. - C:\Program Files (x86)\ThinkPad\Utilities\DZSVC64.EXE
O23 - Service: @%SystemRoot%\system32\efssvc.dll,-100 (EFS) - Unknown owner - C:\Windows\System32\lsass.exe (file missing)
O23 - Service: Intel(R) PROSet/Wireless Event Log (EvtEng) - Intel(R) Corporation - C:\Program Files\Intel\WiFi\bin\EvtEng.exe
O23 - Service: @%systemroot%\system32\fxsresm.dll,-118 (Fax) - Unknown owner - C:\Windows\system32\fxssvc.exe (file missing)
O23 - Service: Google Update Service (gupdate) (gupdate) - Google Inc. - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
O23 - Service: Google Update Service (gupdatem) (gupdatem) - Google Inc. - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
O23 - Service: Lenovo PM Service (IBMPMSVC) - Unknown owner - C:\Windows\system32\ibmpmsvc.exe (file missing)
O23 - Service: Intel(R) Integrated Clock Controller Service - Intel(R) ICCS (ICCS) - Intel Corporation - C:\Program Files (x86)\Intel\Intel(R) Integrated Clock Controller Service\ICCProxy.exe
O23 - Service: @%SystemRoot%\system32\ieetwcollectorres.dll,-1000 (IEEtwCollectorService) - Unknown owner - C:\Windows\system32\IEEtwCollector.exe (file missing)
O23 - Service: @keyiso.dll,-100 (KeyIso) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: Lenovo Microphone Mute (LENOVO.MICMUTE) - Lenovo Group Limited - C:\Program Files\LENOVO\HOTKEY\MICMUTE.exe
O23 - Service: Lenovo Platform Service (LPlatSvc) - Unknown owner - C:\Windows\system32\LPlatSvc.exe (file missing)
O23 - Service: @comres.dll,-2797 (MSDTC) - Unknown owner - C:\Windows\System32\msdtc.exe (file missing)
O23 - Service: @%SystemRoot%\System32\netlogon.dll,-102 (Netlogon) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: Power Manager Service (Power Manager DBC Service) - Lenovo - C:\Program Files (x86)\ThinkPad\Utilities\PWMDBSVC.EXE
O23 - Service: @%systemroot%\system32\psbase.dll,-300 (ProtectedStorage) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: Intel(R) PROSet/Wireless Registry Service (RegSrvc) - Intel(R) Corporation - C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe
O23 - Service: @%systemroot%\system32\Locator.exe,-2 (RpcLocator) - Unknown owner - C:\Windows\system32\locator.exe (file missing)
O23 - Service: @%SystemRoot%\system32\samsrv.dll,-1 (SamSs) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: Conexant SmartAudio service (SAService) - Conexant Systems, Inc. - C:\Windows\system32\SAsrv.exe
O23 - Service: @%SystemRoot%\system32\snmptrap.exe,-3 (SNMPTRAP) - Unknown owner - C:\Windows\System32\snmptrap.exe (file missing)
O23 - Service: @%systemroot%\system32\spoolsv.exe,-1 (Spooler) - Unknown owner - C:\Windows\System32\spoolsv.exe (file missing)
O23 - Service: @%SystemRoot%\system32\sppsvc.exe,-101 (sppsvc) - Unknown owner - C:\Windows\system32\sppsvc.exe (file missing)
O23 - Service: System Update (SUService) - Unknown owner - C:\Program Files (x86)\Lenovo\System Update\SUService.exe
O23 - Service: Lenovo Hotkey Client Loader (TPHKLOAD) - Lenovo Group Limited - C:\Program Files\LENOVO\HOTKEY\TPHKLOAD.exe
O23 - Service: On Screen Display (TPHKSVC) - Lenovo Group Limited - C:\Program Files\LENOVO\HOTKEY\TPHKSVC.exe
O23 - Service: @%SystemRoot%\system32\ui0detect.exe,-101 (UI0Detect) - Unknown owner - C:\Windows\system32\UI0Detect.exe (file missing)
O23 - Service: @%SystemRoot%\system32\vaultsvc.dll,-1003 (VaultSvc) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%SystemRoot%\system32\vds.exe,-100 (vds) - Unknown owner - C:\Windows\System32\vds.exe (file missing)
O23 - Service: @%systemroot%\system32\vssvc.exe,-102 (VSS) - Unknown owner - C:\Windows\system32\vssvc.exe (file missing)
O23 - Service: @%SystemRoot%\system32\Wat\WatUX.exe,-601 (WatAdminSvc) - Unknown owner - C:\Windows\system32\Wat\WatAdminSvc.exe (file missing)
O23 - Service: @%systemroot%\system32\wbengine.exe,-104 (wbengine) - Unknown owner - C:\Windows\system32\wbengine.exe (file missing)
O23 - Service: Intel® PROSet/Wireless WiMAX Service (WiMAXAppSrv) - Intel(R) Corporation - C:\Program Files\Intel\WiMAX\Bin\AppSrv.exe
O23 - Service: Mobile Broadband Service (WMCoreService) - Ericsson AB - C:\Program Files (x86)\Mobile Broadband drivers\WMCore\mini_WMCore.exe
O23 - Service: @%Systemroot%\system32\wbem\wmiapsrv.exe,-110 (wmiApSrv) - Unknown owner - C:\Windows\system32\wbem\WmiApSrv.exe (file missing)
O23 - Service: @%PROGRAMFILES%\Windows Media Player\wmpnetwk.exe,-101 (WMPNetworkSvc) - Unknown owner - C:\Program Files (x86)\Windows Media Player\wmpnetwk.exe (file missing)

--
End of file - 8112 bytes

======Listing Processes======



\SystemRoot\System32\smss.exe
%SystemRoot%\system32\csrss.exe ObjectDirectory=\Windows SharedSection=1024,20480,768 Windows=On SubSystemType=Windows ServerDll=basesrv,1 ServerDll=winsrv:UserServerDllInitialization,3 ServerDll=winsrv:ConServerDllInitialization,2 ServerDll=sxssrv,4 ProfileControl=Off MaxRequestThreads=16
wininit.exe
%SystemRoot%\system32\csrss.exe ObjectDirectory=\Windows SharedSection=1024,20480,768 Windows=On SubSystemType=Windows ServerDll=basesrv,1 ServerDll=winsrv:UserServerDllInitialization,3 ServerDll=winsrv:ConServerDllInitialization,2 ServerDll=sxssrv,4 ProfileControl=Off MaxRequestThreads=16
C:\Windows\system32\services.exe
C:\Windows\system32\lsass.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\ibmpmsvc.exe
winlogon.exe
C:\Windows\system32\LPlatSvc.exe
C:\Windows\system32\svchost.exe -k RPCSS
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k netsvcs
"C:\Windows\System32\WUDFHost.exe" -HostGUID:{193a1820-d9ac-4997-8c55-be817523f6aa} -IoEventPortName:HostProcess-1048ec85-afc0-433a-88f8-967ded502cb6 -SystemEventPortName:HostProcess-8f9d46bd-bef6-486d-90a1-c9adcc0a8da6 -IoCancelEventPortName:HostProcess-a0034e9c-a52c-49e0-9a39-68d36dfb4d14 -NonStateChangingEventPortName:HostProcess-f5b21c5b-0b1c-4749-b65d-4137f121d9f5 -ServiceSID:S-1-5-80-2652678385-582572993-1835434367-1344795993-749280709 -LifetimeId:d82b81cf-616b-47f9-8cef-8851257159e4 -DeviceGroupId:
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Windows\system32\WLANExt.exe 27245088
"C:\Program Files\AVAST Software\Avast\AvastSvc.exe"
\??\C:\Windows\system32\conhost.exe "17082001134903548391980638253-8680796411714051206-11622483870825549557032098
"C:\Program Files\ThinkVantage Fingerprint Software\upeksvr.exe"
"C:\Windows\system32\LPlatSvc.exe" -EM
"C:\Windows\system32\Dwm.exe"
C:\Windows\Explorer.EXE
C:\Windows\System32\spoolsv.exe
"taskhost.exe"
taskeng.exe {E604AC39-CDB1-4D67-BE87-6424979A0B42}
C:\Windows\system32\CxAudMsg64.exe
C:\Windows\System32\svchost.exe -k utcsvc
"C:\Program Files\Intel\WiFi\bin\EvtEng.exe"
C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe
"\Program Files\Synaptics\SynTP\SynTPEnh.exe"
"C:\Program Files\Synaptics\SynTP\SynTPLpr.exe"
"C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe"
C:\Windows\SysWOW64\SAsrv.exe
C:\Windows\system32\svchost.exe -k imgsvc
"C:\Program Files\LENOVO\HOTKEY\TPHKSVC.exe"
C:\PROGRA~1\LENOVO\HOTKEY\tpnumlkd.exe
"C:\Program Files\Intel\WiMAX\Bin\AppSrv.exe"
C:\PROGRA~1\LENOVO\HOTKEY\tpnumlk.exe
"C:\Program Files (x86)\Mobile Broadband drivers\WMCore\mini_WMCore.exe" servicemode
"C:\Program Files\Intel\WiMAX\Bin\DMAgent.exe"
"C:\Program Files\LENOVO\HOTKEY\MICMUTE.exe"
"C:\Program Files\LENOVO\HOTKEY\TPHKLOAD.exe"
"C:\Program Files\AVAST Software\Avast\x64\aswidsagenta.exe"
C:\Windows\System32\rundll32.exe shell32.dll,SHCreateLocalServerRunDll {995C996E-D918-4a8c-A302-45719A6F4EA7} -Embedding
"C:\PROGRAM FILES\SYNAPTICS\SYNTP\SYNTPHELPER.EXE"
C:\Windows\system32\wbem\unsecapp.exe -Embedding
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\system32\rundll32.exe "C:\Program Files\LENOVO\HOTKEY\hotkey.dll",InstallAudioHotkeyHook
C:\PROGRA~1\Lenovo\Zoom\TPSCREX.EXE /UEFI\\.\pipe\{C6A9690C-33AE-4a55-8B65-9498CC0A7B34}.FullScreenMagnifier
C:\PROGRA~1\Lenovo\HOTKEY\TPONSCR.EXE /UEFI\\.\pipe\{C6A9690C-33AE-4a55-8B65-9498CC0A7B34}.OnScreenDisplay
C:\PROGRA~1\Lenovo\HOTKEY\SHTCTKY.EXE /UEFI\\.\pipe\{C6A9690C-33AE-4a55-8B65-9498CC0A7B34}.ShortcutKey
C:\Windows\system32\SearchIndexer.exe /Embedding
"C:\Windows\notepad.exe" C:\_OTM\MovedFiles\11222017_180040.log
"C:\Program Files\CONEXANT\ForteConfig\fmapp.exe"
"C:\Windows\System32\hkcmd.exe"
"C:\Windows\System32\igfxpers.exe"
"C:\Program Files (x86)\Intel\Intel(R) Integrated Clock Controller Service\ICCProxy.exe"
AvastUI.exe /nogui
"C:\Program Files (x86)\Integrated Camera Driver\X64\RCIMGDIR.exe"
"C:\Program Files (x86)\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe"
"C:\Windows\System32\rundll32.exe" "C:\Program Files (x86)\ThinkPad\Utilities\PWMTR64V.DLL",PwrMgrBkGndMonitor
"C:\Windows\System32\rundll32.exe" "C:\Program Files (x86)\ThinkPad\Utilities\PWMTR64V.DLL",PwrMgrBkGndMonitor
"C:\Program Files (x86)\ThinkPad\Utilities\SCHTASK.exe"
"C:\Program Files\Windows Media Player\wmpnetwk.exe"
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
"C:\Program Files (x86)\Google\Chrome\Application\chrome.exe"
"C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\User\AppData\Local\Google\Chrome\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\User\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\User\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=62.0.3202.94 --initial-client-data=0x88,0x8c,0x90,0x84,0x94,0x7feecd327e8,0x7feecd327a8,0x7feecd327b8
"C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" --type=watcher --main-thread-id=4264 --on-initialized-event-handle=436 --parent-handle=440 /prefetch:6
"C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" --type=gpu-process --field-trial-handle=1368,4283206894361322347,7044384902627794915,131072 --gpu-vendor-id=0x8086 --gpu-device-id=0x0126 --gpu-driver-vendor="Intel Corporation" --gpu-driver-version=9.17.10.3347 --gpu-driver-date=10-31-2013 --service-request-channel-token=335781296BF0773724FB9A7B67CA1575 --mojo-platform-channel-handle=1376 --ignored=" --type=renderer " /prefetch:2
"C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" --type=renderer --field-trial-handle=1368,4283206894361322347,7044384902627794915,131072 --service-pipe-token=CEAAF511E42F79D456C304428FE5319C --lang=en-US --extension-process --enable-offline-auto-reload --enable-offline-auto-reload-visible-only --blink-settings=disallowFetchForDocWrittenScriptsInMainFrame=false,disallowFetchForDocWrittenScriptsInMainFrameOnSlowConnections=true --enable-pinch --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --content-image-texture-target=0,0,3553;0,1,3553;0,2,3553;0,3,3553;0,4,3553;0,5,3553;0,6,3553;0,7,3553;0,8,3553;0,9,3553;0,10,3553;0,11,3553;0,12,3553;0,13,3553;0,14,3553;0,15,3553;0,16,3553;0,17,3553;1,0,3553;1,1,3553;1,2,3553;1,3,3553;1,4,3553;1,5,3553;1,6,3553;1,7,3553;1,8,3553;1,9,3553;1,10,3553;1,11,3553;1,12,3553;1,13,3553;1,14,3553;1,15,3553;1,16,3553;1,17,3553;2,0,3553;2,1,3553;2,2,3553;2,3,3553;2,4,3553;2,5,3553;2,6,3553;2,7,3553;2,8,3553;2,9,3553;2,10,3553;2,11,3553;2,12,3553;2,13,3553;2,14,3553;2,15,3553;2,16,3553;2,17,3553;3,0,3553;3,1,3553;3,2,3553;3,3,3553;3,4,3553;3,5,3553;3,6,3553;3,7,3553;3,8,3553;3,9,3553;3,10,3553;3,11,3553;3,12,3553;3,13,3553;3,14,3553;3,15,3553;3,16,3553;3,17,3553;4,0,3553;4,1,3553;4,2,3553;4,3,3553;4,4,3553;4,5,3553;4,6,3553;4,7,3553;4,8,3553;4,9,3553;4,10,3553;4,11,3553;4,12,3553;4,13,3553;4,14,3553;4,15,3553;4,16,3553;4,17,3553;5,0,3553;5,1,3553;5,2,3553;5,3,3553;5,4,3553;5,5,3553;5,6,3553;5,7,3553;5,8,3553;5,9,3553;5,10,3553;5,11,3553;5,12,3553;5,13,3553;5,14,3553;5,15,3553;5,16,3553;5,17,3553;6,0,3553;6,1,3553;6,2,3553;6,3,3553;6,4,3553;6,5,3553;6,6,3553;6,7,3553;6,8,3553;6,9,3553;6,10,3553;6,11,3553;6,12,3553;6,13,3553;6,14,3553;6,15,3553;6,16,3553;6,17,3553 --enable-gpu-async-worker-context --service-request-channel-token=CEAAF511E42F79D456C304428FE5319C --renderer-client-id=4 --mojo-platform-channel-handle=2140 /prefetch:1
"C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" --type=renderer --field-trial-handle=1368,4283206894361322347,7044384902627794915,131072 --service-pipe-token=9DF4B4D5B4EAD43F4A9C9C8E1648F8C0 --lang=en-US --extension-process --enable-offline-auto-reload --enable-offline-auto-reload-visible-only --blink-settings=disallowFetchForDocWrittenScriptsInMainFrame=false,disallowFetchForDocWrittenScriptsInMainFrameOnSlowConnections=true --enable-pinch --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --content-image-texture-target=0,0,3553;0,1,3553;0,2,3553;0,3,3553;0,4,3553;0,5,3553;0,6,3553;0,7,3553;0,8,3553;0,9,3553;0,10,3553;0,11,3553;0,12,3553;0,13,3553;0,14,3553;0,15,3553;0,16,3553;0,17,3553;1,0,3553;1,1,3553;1,2,3553;1,3,3553;1,4,3553;1,5,3553;1,6,3553;1,7,3553;1,8,3553;1,9,3553;1,10,3553;1,11,3553;1,12,3553;1,13,3553;1,14,3553;1,15,3553;1,16,3553;1,17,3553;2,0,3553;2,1,3553;2,2,3553;2,3,3553;2,4,3553;2,5,3553;2,6,3553;2,7,3553;2,8,3553;2,9,3553;2,10,3553;2,11,3553;2,12,3553;2,13,3553;2,14,3553;2,15,3553;2,16,3553;2,17,3553;3,0,3553;3,1,3553;3,2,3553;3,3,3553;3,4,3553;3,5,3553;3,6,3553;3,7,3553;3,8,3553;3,9,3553;3,10,3553;3,11,3553;3,12,3553;3,13,3553;3,14,3553;3,15,3553;3,16,3553;3,17,3553;4,0,3553;4,1,3553;4,2,3553;4,3,3553;4,4,3553;4,5,3553;4,6,3553;4,7,3553;4,8,3553;4,9,3553;4,10,3553;4,11,3553;4,12,3553;4,13,3553;4,14,3553;4,15,3553;4,16,3553;4,17,3553;5,0,3553;5,1,3553;5,2,3553;5,3,3553;5,4,3553;5,5,3553;5,6,3553;5,7,3553;5,8,3553;5,9,3553;5,10,3553;5,11,3553;5,12,3553;5,13,3553;5,14,3553;5,15,3553;5,16,3553;5,17,3553;6,0,3553;6,1,3553;6,2,3553;6,3,3553;6,4,3553;6,5,3553;6,6,3553;6,7,3553;6,8,3553;6,9,3553;6,10,3553;6,11,3553;6,12,3553;6,13,3553;6,14,3553;6,15,3553;6,16,3553;6,17,3553 --enable-gpu-async-worker-context --service-request-channel-token=9DF4B4D5B4EAD43F4A9C9C8E1648F8C0 --renderer-client-id=5 --mojo-platform-channel-handle=2288 /prefetch:1
"C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" --type=renderer --field-trial-handle=1368,4283206894361322347,7044384902627794915,131072 --service-pipe-token=1FF4E5C2B547B08B9CEC9023B2130D91 --lang=en-US --enable-offline-auto-reload --enable-offline-auto-reload-visible-only --blink-settings=disallowFetchForDocWrittenScriptsInMainFrame=false,disallowFetchForDocWrittenScriptsInMainFrameOnSlowConnections=true --enable-pinch --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --content-image-texture-target=0,0,3553;0,1,3553;0,2,3553;0,3,3553;0,4,3553;0,5,3553;0,6,3553;0,7,3553;0,8,3553;0,9,3553;0,10,3553;0,11,3553;0,12,3553;0,13,3553;0,14,3553;0,15,3553;0,16,3553;0,17,3553;1,0,3553;1,1,3553;1,2,3553;1,3,3553;1,4,3553;1,5,3553;1,6,3553;1,7,3553;1,8,3553;1,9,3553;1,10,3553;1,11,3553;1,12,3553;1,13,3553;1,14,3553;1,15,3553;1,16,3553;1,17,3553;2,0,3553;2,1,3553;2,2,3553;2,3,3553;2,4,3553;2,5,3553;2,6,3553;2,7,3553;2,8,3553;2,9,3553;2,10,3553;2,11,3553;2,12,3553;2,13,3553;2,14,3553;2,15,3553;2,16,3553;2,17,3553;3,0,3553;3,1,3553;3,2,3553;3,3,3553;3,4,3553;3,5,3553;3,6,3553;3,7,3553;3,8,3553;3,9,3553;3,10,3553;3,11,3553;3,12,3553;3,13,3553;3,14,3553;3,15,3553;3,16,3553;3,17,3553;4,0,3553;4,1,3553;4,2,3553;4,3,3553;4,4,3553;4,5,3553;4,6,3553;4,7,3553;4,8,3553;4,9,3553;4,10,3553;4,11,3553;4,12,3553;4,13,3553;4,14,3553;4,15,3553;4,16,3553;4,17,3553;5,0,3553;5,1,3553;5,2,3553;5,3,3553;5,4,3553;5,5,3553;5,6,3553;5,7,3553;5,8,3553;5,9,3553;5,10,3553;5,11,3553;5,12,3553;5,13,3553;5,14,3553;5,15,3553;5,16,3553;5,17,3553;6,0,3553;6,1,3553;6,2,3553;6,3,3553;6,4,3553;6,5,3553;6,6,3553;6,7,3553;6,8,3553;6,9,3553;6,10,3553;6,11,3553;6,12,3553;6,13,3553;6,14,3553;6,15,3553;6,16,3553;6,17,3553 --enable-gpu-async-worker-context --service-request-channel-token=1FF4E5C2B547B08B9CEC9023B2130D91 --renderer-client-id=18 --mojo-platform-channel-handle=2260 /prefetch:1
"C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" --type=renderer --field-trial-handle=1368,4283206894361322347,7044384902627794915,131072 --service-pipe-token=671588EC34ED6614B7B6E0DD57156F89 --lang=en-US --enable-offline-auto-reload --enable-offline-auto-reload-visible-only --blink-settings=disallowFetchForDocWrittenScriptsInMainFrame=false,disallowFetchForDocWrittenScriptsInMainFrameOnSlowConnections=true --enable-pinch --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --content-image-texture-target=0,0,3553;0,1,3553;0,2,3553;0,3,3553;0,4,3553;0,5,3553;0,6,3553;0,7,3553;0,8,3553;0,9,3553;0,10,3553;0,11,3553;0,12,3553;0,13,3553;0,14,3553;0,15,3553;0,16,3553;0,17,3553;1,0,3553;1,1,3553;1,2,3553;1,3,3553;1,4,3553;1,5,3553;1,6,3553;1,7,3553;1,8,3553;1,9,3553;1,10,3553;1,11,3553;1,12,3553;1,13,3553;1,14,3553;1,15,3553;1,16,3553;1,17,3553;2,0,3553;2,1,3553;2,2,3553;2,3,3553;2,4,3553;2,5,3553;2,6,3553;2,7,3553;2,8,3553;2,9,3553;2,10,3553;2,11,3553;2,12,3553;2,13,3553;2,14,3553;2,15,3553;2,16,3553;2,17,3553;3,0,3553;3,1,3553;3,2,3553;3,3,3553;3,4,3553;3,5,3553;3,6,3553;3,7,3553;3,8,3553;3,9,3553;3,10,3553;3,11,3553;3,12,3553;3,13,3553;3,14,3553;3,15,3553;3,16,3553;3,17,3553;4,0,3553;4,1,3553;4,2,3553;4,3,3553;4,4,3553;4,5,3553;4,6,3553;4,7,3553;4,8,3553;4,9,3553;4,10,3553;4,11,3553;4,12,3553;4,13,3553;4,14,3553;4,15,3553;4,16,3553;4,17,3553;5,0,3553;5,1,3553;5,2,3553;5,3,3553;5,4,3553;5,5,3553;5,6,3553;5,7,3553;5,8,3553;5,9,3553;5,10,3553;5,11,3553;5,12,3553;5,13,3553;5,14,3553;5,15,3553;5,16,3553;5,17,3553;6,0,3553;6,1,3553;6,2,3553;6,3,3553;6,4,3553;6,5,3553;6,6,3553;6,7,3553;6,8,3553;6,9,3553;6,10,3553;6,11,3553;6,12,3553;6,13,3553;6,14,3553;6,15,3553;6,16,3553;6,17,3553 --enable-gpu-async-worker-context --service-request-channel-token=671588EC34ED6614B7B6E0DD57156F89 --renderer-client-id=19 --mojo-platform-channel-handle=4684 /prefetch:1
"C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" --type=renderer --field-trial-handle=1368,4283206894361322347,7044384902627794915,131072 --service-pipe-token=E86324ABAC6FB616784D3FFCC57DFF6A --lang=en-US --enable-offline-auto-reload --enable-offline-auto-reload-visible-only --blink-settings=disallowFetchForDocWrittenScriptsInMainFrame=false,disallowFetchForDocWrittenScriptsInMainFrameOnSlowConnections=true --enable-pinch --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --content-image-texture-target=0,0,3553;0,1,3553;0,2,3553;0,3,3553;0,4,3553;0,5,3553;0,6,3553;0,7,3553;0,8,3553;0,9,3553;0,10,3553;0,11,3553;0,12,3553;0,13,3553;0,14,3553;0,15,3553;0,16,3553;0,17,3553;1,0,3553;1,1,3553;1,2,3553;1,3,3553;1,4,3553;1,5,3553;1,6,3553;1,7,3553;1,8,3553;1,9,3553;1,10,3553;1,11,3553;1,12,3553;1,13,3553;1,14,3553;1,15,3553;1,16,3553;1,17,3553;2,0,3553;2,1,3553;2,2,3553;2,3,3553;2,4,3553;2,5,3553;2,6,3553;2,7,3553;2,8,3553;2,9,3553;2,10,3553;2,11,3553;2,12,3553;2,13,3553;2,14,3553;2,15,3553;2,16,3553;2,17,3553;3,0,3553;3,1,3553;3,2,3553;3,3,3553;3,4,3553;3,5,3553;3,6,3553;3,7,3553;3,8,3553;3,9,3553;3,10,3553;3,11,3553;3,12,3553;3,13,3553;3,14,3553;3,15,3553;3,16,3553;3,17,3553;4,0,3553;4,1,3553;4,2,3553;4,3,3553;4,4,3553;4,5,3553;4,6,3553;4,7,3553;4,8,3553;4,9,3553;4,10,3553;4,11,3553;4,12,3553;4,13,3553;4,14,3553;4,15,3553;4,16,3553;4,17,3553;5,0,3553;5,1,3553;5,2,3553;5,3,3553;5,4,3553;5,5,3553;5,6,3553;5,7,3553;5,8,3553;5,9,3553;5,10,3553;5,11,3553;5,12,3553;5,13,3553;5,14,3553;5,15,3553;5,16,3553;5,17,3553;6,0,3553;6,1,3553;6,2,3553;6,3,3553;6,4,3553;6,5,3553;6,6,3553;6,7,3553;6,8,3553;6,9,3553;6,10,3553;6,11,3553;6,12,3553;6,13,3553;6,14,3553;6,15,3553;6,16,3553;6,17,3553 --enable-gpu-async-worker-context --service-request-channel-token=E86324ABAC6FB616784D3FFCC57DFF6A --renderer-client-id=17 --mojo-platform-channel-handle=5104 /prefetch:1
"C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" --type=renderer --field-trial-handle=1368,4283206894361322347,7044384902627794915,131072 --service-pipe-token=80E2DE59ACE79F25A01E943F06CF1784 --lang=en-US --enable-offline-auto-reload --enable-offline-auto-reload-visible-only --blink-settings=disallowFetchForDocWrittenScriptsInMainFrame=false,disallowFetchForDocWrittenScriptsInMainFrameOnSlowConnections=true --enable-pinch --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --content-image-texture-target=0,0,3553;0,1,3553;0,2,3553;0,3,3553;0,4,3553;0,5,3553;0,6,3553;0,7,3553;0,8,3553;0,9,3553;0,10,3553;0,11,3553;0,12,3553;0,13,3553;0,14,3553;0,15,3553;0,16,3553;0,17,3553;1,0,3553;1,1,3553;1,2,3553;1,3,3553;1,4,3553;1,5,3553;1,6,3553;1,7,3553;1,8,3553;1,9,3553;1,10,3553;1,11,3553;1,12,3553;1,13,3553;1,14,3553;1,15,3553;1,16,3553;1,17,3553;2,0,3553;2,1,3553;2,2,3553;2,3,3553;2,4,3553;2,5,3553;2,6,3553;2,7,3553;2,8,3553;2,9,3553;2,10,3553;2,11,3553;2,12,3553;2,13,3553;2,14,3553;2,15,3553;2,16,3553;2,17,3553;3,0,3553;3,1,3553;3,2,3553;3,3,3553;3,4,3553;3,5,3553;3,6,3553;3,7,3553;3,8,3553;3,9,3553;3,10,3553;3,11,3553;3,12,3553;3,13,3553;3,14,3553;3,15,3553;3,16,3553;3,17,3553;4,0,3553;4,1,3553;4,2,3553;4,3,3553;4,4,3553;4,5,3553;4,6,3553;4,7,3553;4,8,3553;4,9,3553;4,10,3553;4,11,3553;4,12,3553;4,13,3553;4,14,3553;4,15,3553;4,16,3553;4,17,3553;5,0,3553;5,1,3553;5,2,3553;5,3,3553;5,4,3553;5,5,3553;5,6,3553;5,7,3553;5,8,3553;5,9,3553;5,10,3553;5,11,3553;5,12,3553;5,13,3553;5,14,3553;5,15,3553;5,16,3553;5,17,3553;6,0,3553;6,1,3553;6,2,3553;6,3,3553;6,4,3553;6,5,3553;6,6,3553;6,7,3553;6,8,3553;6,9,3553;6,10,3553;6,11,3553;6,12,3553;6,13,3553;6,14,3553;6,15,3553;6,16,3553;6,17,3553 --enable-gpu-async-worker-context --service-request-channel-token=80E2DE59ACE79F25A01E943F06CF1784 --renderer-client-id=16 --mojo-platform-channel-handle=5540 /prefetch:1
"C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" --type=renderer --field-trial-handle=1368,4283206894361322347,7044384902627794915,131072 --service-pipe-token=56A7CE5E9CC9422ADB694995B7A0EFE8 --lang=en-US --enable-offline-auto-reload --enable-offline-auto-reload-visible-only --blink-settings=disallowFetchForDocWrittenScriptsInMainFrame=false,disallowFetchForDocWrittenScriptsInMainFrameOnSlowConnections=true --enable-pinch --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --content-image-texture-target=0,0,3553;0,1,3553;0,2,3553;0,3,3553;0,4,3553;0,5,3553;0,6,3553;0,7,3553;0,8,3553;0,9,3553;0,10,3553;0,11,3553;0,12,3553;0,13,3553;0,14,3553;0,15,3553;0,16,3553;0,17,3553;1,0,3553;1,1,3553;1,2,3553;1,3,3553;1,4,3553;1,5,3553;1,6,3553;1,7,3553;1,8,3553;1,9,3553;1,10,3553;1,11,3553;1,12,3553;1,13,3553;1,14,3553;1,15,3553;1,16,3553;1,17,3553;2,0,3553;2,1,3553;2,2,3553;2,3,3553;2,4,3553;2,5,3553;2,6,3553;2,7,3553;2,8,3553;2,9,3553;2,10,3553;2,11,3553;2,12,3553;2,13,3553;2,14,3553;2,15,3553;2,16,3553;2,17,3553;3,0,3553;3,1,3553;3,2,3553;3,3,3553;3,4,3553;3,5,3553;3,6,3553;3,7,3553;3,8,3553;3,9,3553;3,10,3553;3,11,3553;3,12,3553;3,13,3553;3,14,3553;3,15,3553;3,16,3553;3,17,3553;4,0,3553;4,1,3553;4,2,3553;4,3,3553;4,4,3553;4,5,3553;4,6,3553;4,7,3553;4,8,3553;4,9,3553;4,10,3553;4,11,3553;4,12,3553;4,13,3553;4,14,3553;4,15,3553;4,16,3553;4,17,3553;5,0,3553;5,1,3553;5,2,3553;5,3,3553;5,4,3553;5,5,3553;5,6,3553;5,7,3553;5,8,3553;5,9,3553;5,10,3553;5,11,3553;5,12,3553;5,13,3553;5,14,3553;5,15,3553;5,16,3553;5,17,3553;6,0,3553;6,1,3553;6,2,3553;6,3,3553;6,4,3553;6,5,3553;6,6,3553;6,7,3553;6,8,3553;6,9,3553;6,10,3553;6,11,3553;6,12,3553;6,13,3553;6,14,3553;6,15,3553;6,16,3553;6,17,3553 --enable-gpu-async-worker-context --service-request-channel-token=56A7CE5E9CC9422ADB694995B7A0EFE8 --renderer-client-id=15 --mojo-platform-channel-handle=6272 /prefetch:1
"C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" --type=renderer --field-trial-handle=1368,4283206894361322347,7044384902627794915,131072 --service-pipe-token=5172604B594B4F341ED649DAD05BE697 --lang=en-US --enable-offline-auto-reload --enable-offline-auto-reload-visible-only --blink-settings=disallowFetchForDocWrittenScriptsInMainFrame=false,disallowFetchForDocWrittenScriptsInMainFrameOnSlowConnections=true --enable-pinch --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --content-image-texture-target=0,0,3553;0,1,3553;0,2,3553;0,3,3553;0,4,3553;0,5,3553;0,6,3553;0,7,3553;0,8,3553;0,9,3553;0,10,3553;0,11,3553;0,12,3553;0,13,3553;0,14,3553;0,15,3553;0,16,3553;0,17,3553;1,0,3553;1,1,3553;1,2,3553;1,3,3553;1,4,3553;1,5,3553;1,6,3553;1,7,3553;1,8,3553;1,9,3553;1,10,3553;1,11,3553;1,12,3553;1,13,3553;1,14,3553;1,15,3553;1,16,3553;1,17,3553;2,0,3553;2,1,3553;2,2,3553;2,3,3553;2,4,3553;2,5,3553;2,6,3553;2,7,3553;2,8,3553;2,9,3553;2,10,3553;2,11,3553;2,12,3553;2,13,3553;2,14,3553;2,15,3553;2,16,3553;2,17,3553;3,0,3553;3,1,3553;3,2,3553;3,3,3553;3,4,3553;3,5,3553;3,6,3553;3,7,3553;3,8,3553;3,9,3553;3,10,3553;3,11,3553;3,12,3553;3,13,3553;3,14,3553;3,15,3553;3,16,3553;3,17,3553;4,0,3553;4,1,3553;4,2,3553;4,3,3553;4,4,3553;4,5,3553;4,6,3553;4,7,3553;4,8,3553;4,9,3553;4,10,3553;4,11,3553;4,12,3553;4,13,3553;4,14,3553;4,15,3553;4,16,3553;4,17,3553;5,0,3553;5,1,3553;5,2,3553;5,3,3553;5,4,3553;5,5,3553;5,6,3553;5,7,3553;5,8,3553;5,9,3553;5,10,3553;5,11,3553;5,12,3553;5,13,3553;5,14,3553;5,15,3553;5,16,3553;5,17,3553;6,0,3553;6,1,3553;6,2,3553;6,3,3553;6,4,3553;6,5,3553;6,6,3553;6,7,3553;6,8,3553;6,9,3553;6,10,3553;6,11,3553;6,12,3553;6,13,3553;6,14,3553;6,15,3553;6,16,3553;6,17,3553 --enable-gpu-async-worker-context --service-request-channel-token=5172604B594B4F341ED649DAD05BE697 --renderer-client-id=11 --mojo-platform-channel-handle=900 /prefetch:1
"C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" --type=renderer --field-trial-handle=1368,4283206894361322347,7044384902627794915,131072 --service-pipe-token=932262D513612F102E35267DB8A0A921 --lang=en-US --enable-offline-auto-reload --enable-offline-auto-reload-visible-only --blink-settings=disallowFetchForDocWrittenScriptsInMainFrame=false,disallowFetchForDocWrittenScriptsInMainFrameOnSlowConnections=true --enable-pinch --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --content-image-texture-target=0,0,3553;0,1,3553;0,2,3553;0,3,3553;0,4,3553;0,5,3553;0,6,3553;0,7,3553;0,8,3553;0,9,3553;0,10,3553;0,11,3553;0,12,3553;0,13,3553;0,14,3553;0,15,3553;0,16,3553;0,17,3553;1,0,3553;1,1,3553;1,2,3553;1,3,3553;1,4,3553;1,5,3553;1,6,3553;1,7,3553;1,8,3553;1,9,3553;1,10,3553;1,11,3553;1,12,3553;1,13,3553;1,14,3553;1,15,3553;1,16,3553;1,17,3553;2,0,3553;2,1,3553;2,2,3553;2,3,3553;2,4,3553;2,5,3553;2,6,3553;2,7,3553;2,8,3553;2,9,3553;2,10,3553;2,11,3553;2,12,3553;2,13,3553;2,14,3553;2,15,3553;2,16,3553;2,17,3553;3,0,3553;3,1,3553;3,2,3553;3,3,3553;3,4,3553;3,5,3553;3,6,3553;3,7,3553;3,8,3553;3,9,3553;3,10,3553;3,11,3553;3,12,3553;3,13,3553;3,14,3553;3,15,3553;3,16,3553;3,17,3553;4,0,3553;4,1,3553;4,2,3553;4,3,3553;4,4,3553;4,5,3553;4,6,3553;4,7,3553;4,8,3553;4,9,3553;4,10,3553;4,11,3553;4,12,3553;4,13,3553;4,14,3553;4,15,3553;4,16,3553;4,17,3553;5,0,3553;5,1,3553;5,2,3553;5,3,3553;5,4,3553;5,5,3553;5,6,3553;5,7,3553;5,8,3553;5,9,3553;5,10,3553;5,11,3553;5,12,3553;5,13,3553;5,14,3553;5,15,3553;5,16,3553;5,17,3553;6,0,3553;6,1,3553;6,2,3553;6,3,3553;6,4,3553;6,5,3553;6,6,3553;6,7,3553;6,8,3553;6,9,3553;6,10,3553;6,11,3553;6,12,3553;6,13,3553;6,14,3553;6,15,3553;6,16,3553;6,17,3553 --enable-gpu-async-worker-context --service-request-channel-token=932262D513612F102E35267DB8A0A921 --renderer-client-id=10 --mojo-platform-channel-handle=6548 /prefetch:1
"C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" --type=renderer --field-trial-handle=1368,4283206894361322347,7044384902627794915,131072 --service-pipe-token=E6962D9232A7129D96B5FBB6EB0781A8 --lang=en-US --enable-offline-auto-reload --enable-offline-auto-reload-visible-only --blink-settings=disallowFetchForDocWrittenScriptsInMainFrame=false,disallowFetchForDocWrittenScriptsInMainFrameOnSlowConnections=true --enable-pinch --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --content-image-texture-target=0,0,3553;0,1,3553;0,2,3553;0,3,3553;0,4,3553;0,5,3553;0,6,3553;0,7,3553;0,8,3553;0,9,3553;0,10,3553;0,11,3553;0,12,3553;0,13,3553;0,14,3553;0,15,3553;0,16,3553;0,17,3553;1,0,3553;1,1,3553;1,2,3553;1,3,3553;1,4,3553;1,5,3553;1,6,3553;1,7,3553;1,8,3553;1,9,3553;1,10,3553;1,11,3553;1,12,3553;1,13,3553;1,14,3553;1,15,3553;1,16,3553;1,17,3553;2,0,3553;2,1,3553;2,2,3553;2,3,3553;2,4,3553;2,5,3553;2,6,3553;2,7,3553;2,8,3553;2,9,3553;2,10,3553;2,11,3553;2,12,3553;2,13,3553;2,14,3553;2,15,3553;2,16,3553;2,17,3553;3,0,3553;3,1,3553;3,2,3553;3,3,3553;3,4,3553;3,5,3553;3,6,3553;3,7,3553;3,8,3553;3,9,3553;3,10,3553;3,11,3553;3,12,3553;3,13,3553;3,14,3553;3,15,3553;3,16,3553;3,17,3553;4,0,3553;4,1,3553;4,2,3553;4,3,3553;4,4,3553;4,5,3553;4,6,3553;4,7,3553;4,8,3553;4,9,3553;4,10,3553;4,11,3553;4,12,3553;4,13,3553;4,14,3553;4,15,3553;4,16,3553;4,17,3553;5,0,3553;5,1,3553;5,2,3553;5,3,3553;5,4,3553;5,5,3553;5,6,3553;5,7,3553;5,8,3553;5,9,3553;5,10,3553;5,11,3553;5,12,3553;5,13,3553;5,14,3553;5,15,3553;5,16,3553;5,17,3553;6,0,3553;6,1,3553;6,2,3553;6,3,3553;6,4,3553;6,5,3553;6,6,3553;6,7,3553;6,8,3553;6,9,3553;6,10,3553;6,11,3553;6,12,3553;6,13,3553;6,14,3553;6,15,3553;6,16,3553;6,17,3553 --enable-gpu-async-worker-context --service-request-channel-token=E6962D9232A7129D96B5FBB6EB0781A8 --renderer-client-id=12 --mojo-platform-channel-handle=6792 /prefetch:1
"C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" --type=renderer --field-trial-handle=1368,4283206894361322347,7044384902627794915,131072 --service-pipe-token=1F8F84338E2C4101B9E52B22FFA66292 --lang=en-US --enable-offline-auto-reload --enable-offline-auto-reload-visible-only --blink-settings=disallowFetchForDocWrittenScriptsInMainFrame=false,disallowFetchForDocWrittenScriptsInMainFrameOnSlowConnections=true --enable-pinch --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --content-image-texture-target=0,0,3553;0,1,3553;0,2,3553;0,3,3553;0,4,3553;0,5,3553;0,6,3553;0,7,3553;0,8,3553;0,9,3553;0,10,3553;0,11,3553;0,12,3553;0,13,3553;0,14,3553;0,15,3553;0,16,3553;0,17,3553;1,0,3553;1,1,3553;1,2,3553;1,3,3553;1,4,3553;1,5,3553;1,6,3553;1,7,3553;1,8,3553;1,9,3553;1,10,3553;1,11,3553;1,12,3553;1,13,3553;1,14,3553;1,15,3553;1,16,3553;1,17,3553;2,0,3553;2,1,3553;2,2,3553;2,3,3553;2,4,3553;2,5,3553;2,6,3553;2,7,3553;2,8,3553;2,9,3553;2,10,3553;2,11,3553;2,12,3553;2,13,3553;2,14,3553;2,15,3553;2,16,3553;2,17,3553;3,0,3553;3,1,3553;3,2,3553;3,3,3553;3,4,3553;3,5,3553;3,6,3553;3,7,3553;3,8,3553;3,9,3553;3,10,3553;3,11,3553;3,12,3553;3,13,3553;3,14,3553;3,15,3553;3,16,3553;3,17,3553;4,0,3553;4,1,3553;4,2,3553;4,3,3553;4,4,3553;4,5,3553;4,6,3553;4,7,3553;4,8,3553;4,9,3553;4,10,3553;4,11,3553;4,12,3553;4,13,3553;4,14,3553;4,15,3553;4,16,3553;4,17,3553;5,0,3553;5,1,3553;5,2,3553;5,3,3553;5,4,3553;5,5,3553;5,6,3553;5,7,3553;5,8,3553;5,9,3553;5,10,3553;5,11,3553;5,12,3553;5,13,3553;5,14,3553;5,15,3553;5,16,3553;5,17,3553;6,0,3553;6,1,3553;6,2,3553;6,3,3553;6,4,3553;6,5,3553;6,6,3553;6,7,3553;6,8,3553;6,9,3553;6,10,3553;6,11,3553;6,12,3553;6,13,3553;6,14,3553;6,15,3553;6,16,3553;6,17,3553 --enable-gpu-async-worker-context --service-request-channel-token=1F8F84338E2C4101B9E52B22FFA66292 --renderer-client-id=7 --mojo-platform-channel-handle=7624 /prefetch:1
"C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" --type=renderer --field-trial-handle=1368,4283206894361322347,7044384902627794915,131072 --service-pipe-token=D8E613AE49FD95B3C516F9BB55210408 --lang=en-US --enable-offline-auto-reload --enable-offline-auto-reload-visible-only --blink-settings=disallowFetchForDocWrittenScriptsInMainFrame=false,disallowFetchForDocWrittenScriptsInMainFrameOnSlowConnections=true --enable-pinch --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --content-image-texture-target=0,0,3553;0,1,3553;0,2,3553;0,3,3553;0,4,3553;0,5,3553;0,6,3553;0,7,3553;0,8,3553;0,9,3553;0,10,3553;0,11,3553;0,12,3553;0,13,3553;0,14,3553;0,15,3553;0,16,3553;0,17,3553;1,0,3553;1,1,3553;1,2,3553;1,3,3553;1,4,3553;1,5,3553;1,6,3553;1,7,3553;1,8,3553;1,9,3553;1,10,3553;1,11,3553;1,12,3553;1,13,3553;1,14,3553;1,15,3553;1,16,3553;1,17,3553;2,0,3553;2,1,3553;2,2,3553;2,3,3553;2,4,3553;2,5,3553;2,6,3553;2,7,3553;2,8,3553;2,9,3553;2,10,3553;2,11,3553;2,12,3553;2,13,3553;2,14,3553;2,15,3553;2,16,3553;2,17,3553;3,0,3553;3,1,3553;3,2,3553;3,3,3553;3,4,3553;3,5,3553;3,6,3553;3,7,3553;3,8,3553;3,9,3553;3,10,3553;3,11,3553;3,12,3553;3,13,3553;3,14,3553;3,15,3553;3,16,3553;3,17,3553;4,0,3553;4,1,3553;4,2,3553;4,3,3553;4,4,3553;4,5,3553;4,6,3553;4,7,3553;4,8,3553;4,9,3553;4,10,3553;4,11,3553;4,12,3553;4,13,3553;4,14,3553;4,15,3553;4,16,3553;4,17,3553;5,0,3553;5,1,3553;5,2,3553;5,3,3553;5,4,3553;5,5,3553;5,6,3553;5,7,3553;5,8,3553;5,9,3553;5,10,3553;5,11,3553;5,12,3553;5,13,3553;5,14,3553;5,15,3553;5,16,3553;5,17,3553;6,0,3553;6,1,3553;6,2,3553;6,3,3553;6,4,3553;6,5,3553;6,6,3553;6,7,3553;6,8,3553;6,9,3553;6,10,3553;6,11,3553;6,12,3553;6,13,3553;6,14,3553;6,15,3553;6,16,3553;6,17,3553 --enable-gpu-async-worker-context --service-request-channel-token=D8E613AE49FD95B3C516F9BB55210408 --renderer-client-id=6 --mojo-platform-channel-handle=7088 /prefetch:1
"C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" --type=renderer --field-trial-handle=1368,4283206894361322347,7044384902627794915,131072 --service-pipe-token=E1091D40F9EE465DBAAA208423029D31 --lang=en-US --enable-offline-auto-reload --enable-offline-auto-reload-visible-only --blink-settings=disallowFetchForDocWrittenScriptsInMainFrame=false,disallowFetchForDocWrittenScriptsInMainFrameOnSlowConnections=true --enable-pinch --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --content-image-texture-target=0,0,3553;0,1,3553;0,2,3553;0,3,3553;0,4,3553;0,5,3553;0,6,3553;0,7,3553;0,8,3553;0,9,3553;0,10,3553;0,11,3553;0,12,3553;0,13,3553;0,14,3553;0,15,3553;0,16,3553;0,17,3553;1,0,3553;1,1,3553;1,2,3553;1,3,3553;1,4,3553;1,5,3553;1,6,3553;1,7,3553;1,8,3553;1,9,3553;1,10,3553;1,11,3553;1,12,3553;1,13,3553;1,14,3553;1,15,3553;1,16,3553;1,17,3553;2,0,3553;2,1,3553;2,2,3553;2,3,3553;2,4,3553;2,5,3553;2,6,3553;2,7,3553;2,8,3553;2,9,3553;2,10,3553;2,11,3553;2,12,3553;2,13,3553;2,14,3553;2,15,3553;2,16,3553;2,17,3553;3,0,3553;3,1,3553;3,2,3553;3,3,3553;3,4,3553;3,5,3553;3,6,3553;3,7,3553;3,8,3553;3,9,3553;3,10,3553;3,11,3553;3,12,3553;3,13,3553;3,14,3553;3,15,3553;3,16,3553;3,17,3553;4,0,3553;4,1,3553;4,2,3553;4,3,3553;4,4,3553;4,5,3553;4,6,3553;4,7,3553;4,8,3553;4,9,3553;4,10,3553;4,11,3553;4,12,3553;4,13,3553;4,14,3553;4,15,3553;4,16,3553;4,17,3553;5,0,3553;5,1,3553;5,2,3553;5,3,3553;5,4,3553;5,5,3553;5,6,3553;5,7,3553;5,8,3553;5,9,3553;5,10,3553;5,11,3553;5,12,3553;5,13,3553;5,14,3553;5,15,3553;5,16,3553;5,17,3553;6,0,3553;6,1,3553;6,2,3553;6,3,3553;6,4,3553;6,5,3553;6,6,3553;6,7,3553;6,8,3553;6,9,3553;6,10,3553;6,11,3553;6,12,3553;6,13,3553;6,14,3553;6,15,3553;6,16,3553;6,17,3553 --enable-gpu-async-worker-context --service-request-channel-token=E1091D40F9EE465DBAAA208423029D31 --renderer-client-id=14 --mojo-platform-channel-handle=7100 /prefetch:1
"C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" --type=renderer --field-trial-handle=1368,4283206894361322347,7044384902627794915,131072 --service-pipe-token=7B64A0B09AE1A22FBAFA091433342AED --lang=en-US --enable-offline-auto-reload --enable-offline-auto-reload-visible-only --blink-settings=disallowFetchForDocWrittenScriptsInMainFrame=false,disallowFetchForDocWrittenScriptsInMainFrameOnSlowConnections=true --enable-pinch --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --content-image-texture-target=0,0,3553;0,1,3553;0,2,3553;0,3,3553;0,4,3553;0,5,3553;0,6,3553;0,7,3553;0,8,3553;0,9,3553;0,10,3553;0,11,3553;0,12,3553;0,13,3553;0,14,3553;0,15,3553;0,16,3553;0,17,3553;1,0,3553;1,1,3553;1,2,3553;1,3,3553;1,4,3553;1,5,3553;1,6,3553;1,7,3553;1,8,3553;1,9,3553;1,10,3553;1,11,3553;1,12,3553;1,13,3553;1,14,3553;1,15,3553;1,16,3553;1,17,3553;2,0,3553;2,1,3553;2,2,3553;2,3,3553;2,4,3553;2,5,3553;2,6,3553;2,7,3553;2,8,3553;2,9,3553;2,10,3553;2,11,3553;2,12,3553;2,13,3553;2,14,3553;2,15,3553;2,16,3553;2,17,3553;3,0,3553;3,1,3553;3,2,3553;3,3,3553;3,4,3553;3,5,3553;3,6,3553;3,7,3553;3,8,3553;3,9,3553;3,10,3553;3,11,3553;3,12,3553;3,13,3553;3,14,3553;3,15,3553;3,16,3553;3,17,3553;4,0,3553;4,1,3553;4,2,3553;4,3,3553;4,4,3553;4,5,3553;4,6,3553;4,7,3553;4,8,3553;4,9,3553;4,10,3553;4,11,3553;4,12,3553;4,13,3553;4,14,3553;4,15,3553;4,16,3553;4,17,3553;5,0,3553;5,1,3553;5,2,3553;5,3,3553;5,4,3553;5,5,3553;5,6,3553;5,7,3553;5,8,3553;5,9,3553;5,10,3553;5,11,3553;5,12,3553;5,13,3553;5,14,3553;5,15,3553;5,16,3553;5,17,3553;6,0,3553;6,1,3553;6,2,3553;6,3,3553;6,4,3553;6,5,3553;6,6,3553;6,7,3553;6,8,3553;6,9,3553;6,10,3553;6,11,3553;6,12,3553;6,13,3553;6,14,3553;6,15,3553;6,16,3553;6,17,3553 --enable-gpu-async-worker-context --service-request-channel-token=7B64A0B09AE1A22FBAFA091433342AED --renderer-client-id=13 --mojo-platform-channel-handle=7136 /prefetch:1
"C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" --type=renderer --field-trial-handle=1368,4283206894361322347,7044384902627794915,131072 --service-pipe-token=050A78D086AB408CDAB74F81B1635B3F --lang=en-US --enable-offline-auto-reload --enable-offline-auto-reload-visible-only --blink-settings=disallowFetchForDocWrittenScriptsInMainFrame=false,disallowFetchForDocWrittenScriptsInMainFrameOnSlowConnections=true --enable-pinch --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --content-image-texture-target=0,0,3553;0,1,3553;0,2,3553;0,3,3553;0,4,3553;0,5,3553;0,6,3553;0,7,3553;0,8,3553;0,9,3553;0,10,3553;0,11,3553;0,12,3553;0,13,3553;0,14,3553;0,15,3553;0,16,3553;0,17,3553;1,0,3553;1,1,3553;1,2,3553;1,3,3553;1,4,3553;1,5,3553;1,6,3553;1,7,3553;1,8,3553;1,9,3553;1,10,3553;1,11,3553;1,12,3553;1,13,3553;1,14,3553;1,15,3553;1,16,3553;1,17,3553;2,0,3553;2,1,3553;2,2,3553;2,3,3553;2,4,3553;2,5,3553;2,6,3553;2,7,3553;2,8,3553;2,9,3553;2,10,3553;2,11,3553;2,12,3553;2,13,3553;2,14,3553;2,15,3553;2,16,3553;2,17,3553;3,0,3553;3,1,3553;3,2,3553;3,3,3553;3,4,3553;3,5,3553;3,6,3553;3,7,3553;3,8,3553;3,9,3553;3,10,3553;3,11,3553;3,12,3553;3,13,3553;3,14,3553;3,15,3553;3,16,3553;3,17,3553;4,0,3553;4,1,3553;4,2,3553;4,3,3553;4,4,3553;4,5,3553;4,6,3553;4,7,3553;4,8,3553;4,9,3553;4,10,3553;4,11,3553;4,12,3553;4,13,3553;4,14,3553;4,15,3553;4,16,3553;4,17,3553;5,0,3553;5,1,3553;5,2,3553;5,3,3553;5,4,3553;5,5,3553;5,6,3553;5,7,3553;5,8,3553;5,9,3553;5,10,3553;5,11,3553;5,12,3553;5,13,3553;5,14,3553;5,15,3553;5,16,3553;5,17,3553;6,0,3553;6,1,3553;6,2,3553;6,3,3553;6,4,3553;6,5,3553;6,6,3553;6,7,3553;6,8,3553;6,9,3553;6,10,3553;6,11,3553;6,12,3553;6,13,3553;6,14,3553;6,15,3553;6,16,3553;6,17,3553 --enable-gpu-async-worker-context --service-request-channel-token=050A78D086AB408CDAB74F81B1635B3F --renderer-client-id=8 --mojo-platform-channel-handle=7664 /prefetch:1
"C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" --type=renderer --field-trial-handle=1368,4283206894361322347,7044384902627794915,131072 --service-pipe-token=B64079787E902F93D6ACED8D46BFD72F --lang=en-US --enable-offline-auto-reload --enable-offline-auto-reload-visible-only --blink-settings=disallowFetchForDocWrittenScriptsInMainFrame=false,disallowFetchForDocWrittenScriptsInMainFrameOnSlowConnections=true --enable-pinch --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --content-image-texture-target=0,0,3553;0,1,3553;0,2,3553;0,3,3553;0,4,3553;0,5,3553;0,6,3553;0,7,3553;0,8,3553;0,9,3553;0,10,3553;0,11,3553;0,12,3553;0,13,3553;0,14,3553;0,15,3553;0,16,3553;0,17,3553;1,0,3553;1,1,3553;1,2,3553;1,3,3553;1,4,3553;1,5,3553;1,6,3553;1,7,3553;1,8,3553;1,9,3553;1,10,3553;1,11,3553;1,12,3553;1,13,3553;1,14,3553;1,15,3553;1,16,3553;1,17,3553;2,0,3553;2,1,3553;2,2,3553;2,3,3553;2,4,3553;2,5,3553;2,6,3553;2,7,3553;2,8,3553;2,9,3553;2,10,3553;2,11,3553;2,12,3553;2,13,3553;2,14,3553;2,15,3553;2,16,3553;2,17,3553;3,0,3553;3,1,3553;3,2,3553;3,3,3553;3,4,3553;3,5,3553;3,6,3553;3,7,3553;3,8,3553;3,9,3553;3,10,3553;3,11,3553;3,12,3553;3,13,3553;3,14,3553;3,15,3553;3,16,3553;3,17,3553;4,0,3553;4,1,3553;4,2,3553;4,3,3553;4,4,3553;4,5,3553;4,6,3553;4,7,3553;4,8,3553;4,9,3553;4,10,3553;4,11,3553;4,12,3553;4,13,3553;4,14,3553;4,15,3553;4,16,3553;4,17,3553;5,0,3553;5,1,3553;5,2,3553;5,3,3553;5,4,3553;5,5,3553;5,6,3553;5,7,3553;5,8,3553;5,9,3553;5,10,3553;5,11,3553;5,12,3553;5,13,3553;5,14,3553;5,15,3553;5,16,3553;5,17,3553;6,0,3553;6,1,3553;6,2,3553;6,3,3553;6,4,3553;6,5,3553;6,6,3553;6,7,3553;6,8,3553;6,9,3553;6,10,3553;6,11,3553;6,12,3553;6,13,3553;6,14,3553;6,15,3553;6,16,3553;6,17,3553 --enable-gpu-async-worker-context --service-request-channel-token=B64079787E902F93D6ACED8D46BFD72F --renderer-client-id=9 --mojo-platform-channel-handle=9628 /prefetch:1
"C:\Program Files (x86)\ThinkPad\Utilities\PWMDBSVC.EXE"
C:\Windows\servicing\TrustedInstaller.exe

"C:\Users\User\Desktop\RSITx64.exe"
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\system32\DllHost.exe /Processid:{F9717507-6651-4EDB-BFF7-AE615179BCCF}

======Registry dump======

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{8E5E2654-AD2D-48bf-AC2D-D17F00898D06}]
avast! Online Security - C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll [2017-11-17 958328]

[HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{8E5E2654-AD2D-48bf-AC2D-D17F00898D06}]
avast! Online Security - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll [2017-11-17 820672]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"ForteConfig"=C:\Program Files\Conexant\ForteConfig\fmapp.exe [2010-10-26 49056]
"SmartAudio"=C:\Program Files\CONEXANT\SAII\SAIICpl.exe [2010-12-14 316032]
"PSQLLauncher"=C:\Program Files\ThinkVantage Fingerprint Software\launcher.exe [2013-03-05 86312]
"IgfxTray"=C:\Windows\system32\igfxtray.exe [2013-11-30 172016]
"HotKeysCmds"=C:\Windows\system32\hkcmd.exe [2013-11-30 399856]
"Persistence"=C:\Windows\system32\igfxpers.exe [2013-11-30 442352]
"AvastUI.exe"=C:\Program Files\AVAST Software\Avast\AvLaunch.exe [2017-11-17 253344]

[HKEY_LOCAL_MACHINE\Software\wow6432node\Microsoft\Windows\CurrentVersion\Run]
"RotateImage"=C:\Program Files (x86)\Integrated Camera Driver\X64\RCIMGDIR.exe [2008-10-30 55808]
"NUSB3MON"=C:\Program Files (x86)\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe [2011-09-16 115048]
"PWMTRV"=rundll32 C:\Program Files (x86)\ThinkPad\Utilities\PWMTR64V.DLL,PwrMgrBkGndMonitor []

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\igfxcui]
C:\Windows\system32\igfxdev.dll [2013-11-01 442880]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\psfus]
C:\Program Files\ThinkVantage Fingerprint Software\psqlpwd.dll [2013-03-05 136488]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa]
"notification packages"=scecli
C:\Program Files\ThinkVantage Fingerprint Software\psqlpwd.dll

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\securityproviders]
"SecurityProviders"=credssp.dll

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\AFD]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"ConsentPromptBehaviorAdmin"=5
"ConsentPromptBehaviorUser"=3
"EnableUIADesktopToggle"=0
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoActiveDesktop"=1
"NoActiveDesktopChanges"=1
"ForceActiveDesktopOn"=0

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Drivers32]
"vidc.mrle"=msrle32.dll
"vidc.msvc"=msvidc32.dll
"msacm.imaadpcm"=imaadp32.acm
"msacm.msg711"=msg711.acm
"msacm.msgsm610"=msgsm32.acm
"msacm.msadpcm"=msadp32.acm
"midimapper"=midimap.dll
"wavemapper"=msacm32.drv
"VIDC.UYVY"=msyuv.dll
"VIDC.YUY2"=msyuv.dll
"VIDC.YVYU"=msyuv.dll
"VIDC.IYUV"=iyuv_32.dll
"vidc.i420"=iyuv_32.dll
"VIDC.YVU9"=tsbyuv.dll
"msacm.l3acm"=C:\Windows\System32\l3codeca.acm
"MSVideo8"=VfWWDM32.dll
"wave"=wdmaud.drv
"midi"=wdmaud.drv
"mixer"=wdmaud.drv
"aux"=wdmaud.drv
"wave1"=wdmaud.drv
"midi1"=wdmaud.drv
"mixer1"=wdmaud.drv
"aux1"=wdmaud.drv

======File associations======

.js - edit - C:\Windows\System32\Notepad.exe %1
.js - open - C:\Windows\System32\WScript.exe "%1" %*

======List of files/folders created in the last 1 month======

2017-11-22 18:05:06 ----D---- C:\ProgramData\SWCUTemp
2017-11-22 18:00:40 ----D---- C:\_OTM
2017-11-17 03:04:48 ----SHD---- C:\Config.Msi
2017-11-17 02:10:56 ----A---- C:\Windows\system32\drivers\aswArPot.sys
2017-11-17 02:10:35 ----A---- C:\Windows\system32\aswBoot.exe
2017-11-16 22:27:15 ----A---- C:\Windows\system32\mshtml.dll
2017-11-16 22:27:13 ----A---- C:\Windows\SYSWOW64\mshtml.dll
2017-11-16 22:27:09 ----A---- C:\Windows\system32\ieframe.dll
2017-11-16 22:27:07 ----A---- C:\Windows\SYSWOW64\ieframe.dll
2017-11-16 22:27:06 ----A---- C:\Windows\system32\jscript9.dll
2017-11-16 22:27:05 ----A---- C:\Windows\SYSWOW64\jscript9.dll
2017-11-16 22:27:05 ----A---- C:\Windows\system32\wininet.dll
2017-11-16 22:27:04 ----A---- C:\Windows\SYSWOW64\wininet.dll
2017-11-16 22:27:04 ----A---- C:\Windows\SYSWOW64\iertutil.dll
2017-11-16 22:27:04 ----A---- C:\Windows\system32\win32k.sys
2017-11-16 22:27:04 ----A---- C:\Windows\system32\iertutil.dll
2017-11-16 22:27:03 ----A---- C:\Windows\system32\wmp.dll
2017-11-16 22:27:03 ----A---- C:\Windows\system32\urlmon.dll
2017-11-16 22:27:02 ----A---- C:\Windows\SYSWOW64\urlmon.dll
2017-11-16 22:27:01 ----A---- C:\Windows\SYSWOW64\wmp.dll
2017-11-16 22:27:01 ----A---- C:\Windows\SYSWOW64\jscript.dll
2017-11-16 22:27:01 ----A---- C:\Windows\system32\jscript.dll
2017-11-16 22:27:01 ----A---- C:\Windows\system32\drivers\ntfs.sys
2017-11-16 22:27:00 ----A---- C:\Windows\SYSWOW64\vbscript.dll
2017-11-16 22:27:00 ----A---- C:\Windows\SYSWOW64\ucrtbase.dll
2017-11-16 22:27:00 ----A---- C:\Windows\SYSWOW64\tquery.dll
2017-11-16 22:27:00 ----A---- C:\Windows\SYSWOW64\Query.dll
2017-11-16 22:27:00 ----A---- C:\Windows\system32\ucrtbase.dll
2017-11-16 22:27:00 ----A---- C:\Windows\system32\tquery.dll
2017-11-16 22:26:59 ----A---- C:\Windows\SYSWOW64\msfeeds.dll
2017-11-16 22:26:59 ----A---- C:\Windows\SYSWOW64\msexcl40.dll
2017-11-16 22:26:59 ----A---- C:\Windows\system32\vbscript.dll
2017-11-16 22:26:59 ----A---- C:\Windows\system32\t2embed.dll
2017-11-16 22:26:59 ----A---- C:\Windows\system32\Query.dll
2017-11-16 22:26:59 ----A---- C:\Windows\system32\msfeeds.dll
2017-11-16 22:26:58 ----A---- C:\Windows\SYSWOW64\t2embed.dll
2017-11-16 22:26:58 ----A---- C:\Windows\SYSWOW64\iedkcs32.dll
2017-11-16 22:26:58 ----A---- C:\Windows\SYSWOW64\atmfd.dll
2017-11-16 22:26:58 ----A---- C:\Windows\SYSWOW64\api-ms-win-crt-utility-l1-1-0.dll
2017-11-16 22:26:58 ----A---- C:\Windows\SYSWOW64\api-ms-win-crt-time-l1-1-0.dll
2017-11-16 22:26:58 ----A---- C:\Windows\SYSWOW64\api-ms-win-crt-string-l1-1-0.dll
2017-11-16 22:26:58 ----A---- C:\Windows\SYSWOW64\api-ms-win-crt-stdio-l1-1-0.dll
2017-11-16 22:26:58 ----A---- C:\Windows\SYSWOW64\api-ms-win-crt-runtime-l1-1-0.dll
2017-11-16 22:26:58 ----A---- C:\Windows\SYSWOW64\api-ms-win-crt-private-l1-1-0.dll
2017-11-16 22:26:58 ----A---- C:\Windows\SYSWOW64\api-ms-win-crt-math-l1-1-0.dll
2017-11-16 22:26:58 ----A---- C:\Windows\SYSWOW64\api-ms-win-crt-locale-l1-1-0.dll
2017-11-16 22:26:58 ----A---- C:\Windows\SYSWOW64\api-ms-win-crt-environment-l1-1-0.dll
2017-11-16 22:26:58 ----A---- C:\Windows\SYSWOW64\api-ms-win-core-synch-l1-2-0.dll
2017-11-16 22:26:58 ----A---- C:\Windows\SYSWOW64\api-ms-win-core-localization-l1-2-0.dll
2017-11-16 22:26:58 ----A---- C:\Windows\SYSWOW64\api-ms-win-core-file-l2-1-0.dll
2017-11-16 22:26:58 ----A---- C:\Windows\SYSWOW64\api-ms-win-core-file-l1-2-0.dll
2017-11-16 22:26:58 ----A---- C:\Windows\system32\MsSpellCheckingFacility.exe
2017-11-16 22:26:58 ----A---- C:\Windows\system32\iedkcs32.dll
2017-11-16 22:26:58 ----A---- C:\Windows\system32\drivers\usbhub.sys
2017-11-16 22:26:58 ----A---- C:\Windows\system32\atmfd.dll
2017-11-16 22:26:58 ----A---- C:\Windows\system32\api-ms-win-crt-utility-l1-1-0.dll
2017-11-16 22:26:58 ----A---- C:\Windows\system32\api-ms-win-crt-string-l1-1-0.dll
2017-11-16 22:26:58 ----A---- C:\Windows\system32\api-ms-win-crt-stdio-l1-1-0.dll
2017-11-16 22:26:58 ----A---- C:\Windows\system32\api-ms-win-crt-process-l1-1-0.dll
2017-11-16 22:26:58 ----A---- C:\Windows\system32\api-ms-win-crt-multibyte-l1-1-0.dll
2017-11-16 22:26:58 ----A---- C:\Windows\system32\api-ms-win-crt-math-l1-1-0.dll
2017-11-16 22:26:58 ----A---- C:\Windows\system32\api-ms-win-crt-heap-l1-1-0.dll
2017-11-16 22:26:58 ----A---- C:\Windows\system32\api-ms-win-crt-environment-l1-1-0.dll
2017-11-16 22:26:58 ----A---- C:\Windows\system32\api-ms-win-crt-convert-l1-1-0.dll
2017-11-16 22:26:58 ----A---- C:\Windows\system32\api-ms-win-core-xstate-l2-1-0.dll
2017-11-16 22:26:58 ----A---- C:\Windows\system32\api-ms-win-core-timezone-l1-1-0.dll
2017-11-16 22:26:58 ----A---- C:\Windows\system32\api-ms-win-core-localization-l1-2-0.dll
2017-11-16 22:26:58 ----A---- C:\Windows\system32\api-ms-win-core-file-l1-2-0.dll
2017-11-16 22:26:57 ----A---- C:\Windows\SYSWOW64\api-ms-win-crt-process-l1-1-0.dll
2017-11-16 22:26:57 ----A---- C:\Windows\SYSWOW64\api-ms-win-crt-multibyte-l1-1-0.dll
2017-11-16 22:26:57 ----A---- C:\Windows\SYSWOW64\api-ms-win-crt-heap-l1-1-0.dll
2017-11-16 22:26:57 ----A---- C:\Windows\SYSWOW64\api-ms-win-crt-filesystem-l1-1-0.dll
2017-11-16 22:26:57 ----A---- C:\Windows\SYSWOW64\api-ms-win-crt-convert-l1-1-0.dll
2017-11-16 22:26:57 ----A---- C:\Windows\SYSWOW64\api-ms-win-crt-conio-l1-1-0.dll
2017-11-16 22:26:57 ----A---- C:\Windows\SYSWOW64\api-ms-win-core-xstate-l2-1-0.dll
2017-11-16 22:26:57 ----A---- C:\Windows\SYSWOW64\api-ms-win-core-timezone-l1-1-0.dll
2017-11-16 22:26:57 ----A---- C:\Windows\SYSWOW64\api-ms-win-core-processthreads-l1-1-1.dll
2017-11-16 22:26:57 ----A---- C:\Windows\system32\drivers\usbccgp.sys
2017-11-16 22:26:57 ----A---- C:\Windows\system32\api-ms-win-crt-time-l1-1-0.dll
2017-11-16 22:26:57 ----A---- C:\Windows\system32\api-ms-win-crt-runtime-l1-1-0.dll
2017-11-16 22:26:57 ----A---- C:\Windows\system32\api-ms-win-crt-private-l1-1-0.dll
2017-11-16 22:26:57 ----A---- C:\Windows\system32\api-ms-win-crt-locale-l1-1-0.dll
2017-11-16 22:26:57 ----A---- C:\Windows\system32\api-ms-win-crt-filesystem-l1-1-0.dll
2017-11-16 22:26:57 ----A---- C:\Windows\system32\api-ms-win-crt-conio-l1-1-0.dll
2017-11-16 22:26:57 ----A---- C:\Windows\system32\api-ms-win-core-synch-l1-2-0.dll
2017-11-16 22:26:57 ----A---- C:\Windows\system32\api-ms-win-core-processthreads-l1-1-1.dll
2017-11-16 22:26:57 ----A---- C:\Windows\system32\api-ms-win-core-file-l2-1-0.dll
2017-11-16 22:26:56 ----A---- C:\Windows\SYSWOW64\webcheck.dll
2017-11-16 22:26:56 ----A---- C:\Windows\SYSWOW64\mshtmlmedia.dll
2017-11-16 22:26:56 ----A---- C:\Windows\SYSWOW64\fontsub.dll
2017-11-16 22:26:56 ----A---- C:\Windows\system32\webcheck.dll
2017-11-16 22:26:56 ----A---- C:\Windows\system32\mssrch.dll
2017-11-16 22:26:56 ----A---- C:\Windows\system32\mshtmlmedia.dll
2017-11-16 22:26:56 ----A---- C:\Windows\system32\ie4uinit.exe
2017-11-16 22:26:56 ----A---- C:\Windows\system32\drivers\usbport.sys
2017-11-16 22:26:56 ----A---- C:\Windows\system32\drivers\luafv.sys
2017-11-16 22:26:55 ----A---- C:\Windows\system32\mssvp.dll
2017-11-16 22:26:55 ----A---- C:\Windows\system32\mssph.dll
2017-11-16 22:26:55 ----A---- C:\Windows\system32\mshtmled.dll
2017-11-16 22:26:55 ----A---- C:\Windows\system32\ieui.dll
2017-11-16 22:26:55 ----A---- C:\Windows\system32\ieapfltr.dll
2017-11-16 22:26:55 ----A---- C:\Windows\system32\dxtrans.dll
2017-11-16 22:26:55 ----A---- C:\Windows\system32\dxtmsft.dll
2017-11-16 22:26:54 ----A---- C:\Windows\SYSWOW64\mssrch.dll
2017-11-16 22:26:53 ----A---- C:\Windows\SYSWOW64\ieui.dll
2017-11-16 22:26:53 ----A---- C:\Windows\SYSWOW64\ieapfltr.dll
2017-11-16 22:26:53 ----A---- C:\Windows\system32\occache.dll
2017-11-16 22:26:53 ----A---- C:\Windows\system32\msrating.dll
2017-11-16 22:26:53 ----A---- C:\Windows\system32\jsproxy.dll
2017-11-16 22:26:53 ----A---- C:\Windows\system32\jscript9diag.dll
2017-11-16 22:26:52 ----A---- C:\Windows\SYSWOW64\occache.dll
2017-11-16 22:26:52 ----A---- C:\Windows\SYSWOW64\mssvp.dll
2017-11-16 22:26:52 ----A---- C:\Windows\SYSWOW64\mssphtb.dll
2017-11-16 22:26:52 ----A---- C:\Windows\SYSWOW64\mssph.dll
2017-11-16 22:26:52 ----A---- C:\Windows\SYSWOW64\mssitlb.dll
2017-11-16 22:26:52 ----A---- C:\Windows\SYSWOW64\msrating.dll
2017-11-16 22:26:52 ----A---- C:\Windows\SYSWOW64\mshtmled.dll
2017-11-16 22:26:52 ----A---- C:\Windows\SYSWOW64\MshtmlDac.dll
2017-11-16 22:26:52 ----A---- C:\Windows\SYSWOW64\jsproxy.dll
2017-11-16 22:26:52 ----A---- C:\Windows\SYSWOW64\jscript9diag.dll
2017-11-16 22:26:52 ----A---- C:\Windows\SYSWOW64\JavaScriptCollectionAgent.dll
2017-11-16 22:26:52 ----A---- C:\Windows\SYSWOW64\inseng.dll
2017-11-16 22:26:52 ----A---- C:\Windows\SYSWOW64\ieUnatt.exe
2017-11-16 22:26:52 ----A---- C:\Windows\SYSWOW64\iesetup.dll
2017-11-16 22:26:52 ----A---- C:\Windows\SYSWOW64\ieetwproxystub.dll
2017-11-16 22:26:52 ----A---- C:\Windows\SYSWOW64\dxtrans.dll
2017-11-16 22:26:52 ----A---- C:\Windows\SYSWOW64\dxtmsft.dll
2017-11-16 22:26:52 ----A---- C:\Windows\system32\SearchProtocolHost.exe
2017-11-16 22:26:52 ----A---- C:\Windows\system32\SearchIndexer.exe
2017-11-16 22:26:52 ----A---- C:\Windows\system32\mssprxy.dll
2017-11-16 22:26:52 ----A---- C:\Windows\system32\mssphtb.dll
2017-11-16 22:26:52 ----A---- C:\Windows\system32\mssitlb.dll
2017-11-16 22:26:52 ----A---- C:\Windows\system32\msscntrs.dll
2017-11-16 22:26:52 ----A---- C:\Windows\system32\MshtmlDac.dll
2017-11-16 22:26:52 ----A---- C:\Windows\system32\lpk.dll
2017-11-16 22:26:52 ----A---- C:\Windows\system32\JavaScriptCollectionAgent.dll
2017-11-16 22:26:52 ----A---- C:\Windows\system32\inseng.dll
2017-11-16 22:26:52 ----A---- C:\Windows\system32\ieUnatt.exe
2017-11-16 22:26:52 ----A---- C:\Windows\system32\iesetup.dll
2017-11-16 22:26:52 ----A---- C:\Windows\system32\iernonce.dll
2017-11-16 22:26:52 ----A---- C:\Windows\system32\ieetwproxystub.dll
2017-11-16 22:26:52 ----A---- C:\Windows\system32\ieetwcollector.exe
2017-11-16 22:26:52 ----A---- C:\Windows\system32\dciman32.dll
2017-11-16 22:26:51 ----A---- C:\Windows\SYSWOW64\spwmp.dll
2017-11-16 22:26:51 ----A---- C:\Windows\SYSWOW64\SearchIndexer.exe
2017-11-16 22:26:51 ----A---- C:\Windows\SYSWOW64\mssprxy.dll
2017-11-16 22:26:51 ----A---- C:\Windows\SYSWOW64\msscntrs.dll
2017-11-16 22:26:51 ----A---- C:\Windows\SYSWOW64\lpk.dll
2017-11-16 22:26:51 ----A---- C:\Windows\SYSWOW64\iernonce.dll
2017-11-16 22:26:51 ----A---- C:\Windows\SYSWOW64\dciman32.dll
2017-11-16 22:26:51 ----A---- C:\Windows\system32\spwmp.dll
2017-11-16 22:26:51 ----A---- C:\Windows\system32\SearchFilterHost.exe
2017-11-16 22:26:51 ----A---- C:\Windows\system32\msshooks.dll
2017-11-16 22:26:51 ----A---- C:\Windows\system32\fontsub.dll
2017-11-16 22:26:51 ----A---- C:\Windows\system32\dxmasf.dll
2017-11-16 22:26:50 ----A---- C:\Windows\SYSWOW64\wmploc.DLL
2017-11-16 22:26:50 ----A---- C:\Windows\SYSWOW64\SearchProtocolHost.exe
2017-11-16 22:26:50 ----A---- C:\Windows\SYSWOW64\SearchFilterHost.exe
2017-11-16 22:26:50 ----A---- C:\Windows\SYSWOW64\msshooks.dll
2017-11-16 22:26:50 ----A---- C:\Windows\SYSWOW64\dxmasf.dll
2017-11-16 22:26:50 ----A---- C:\Windows\SYSWOW64\atmlib.dll
2017-11-16 22:26:50 ----A---- C:\Windows\system32\wmploc.DLL
2017-11-16 22:26:50 ----A---- C:\Windows\system32\drivers\usbuhci.sys
2017-11-16 22:26:50 ----A---- C:\Windows\system32\drivers\usbohci.sys
2017-11-16 22:26:50 ----A---- C:\Windows\system32\drivers\usbehci.sys
2017-11-16 22:26:50 ----A---- C:\Windows\system32\drivers\usbd.sys
2017-11-16 22:26:50 ----A---- C:\Windows\system32\atmlib.dll
2017-11-16 22:26:49 ----A---- C:\Windows\system32\ieetwcollectorres.dll
2017-11-16 22:25:11 ----A---- C:\Windows\system32\invagent.dll
2017-11-16 22:25:11 ----A---- C:\Windows\system32\generaltel.dll
2017-11-16 22:25:11 ----A---- C:\Windows\system32\CompatTelRunner.exe
2017-11-16 22:25:11 ----A---- C:\Windows\system32\centel.dll
2017-11-16 22:25:11 ----A---- C:\Windows\system32\aitstatic.exe
2017-11-16 22:25:11 ----A---- C:\Windows\system32\aepic.dll
2017-11-16 22:25:10 ----A---- C:\Windows\system32\devinv.dll
2017-11-16 22:25:10 ----A---- C:\Windows\system32\appraiser.dll
2017-11-16 22:25:10 ----A---- C:\Windows\system32\aeinv.dll
2017-11-16 22:25:10 ----A---- C:\Windows\system32\acmigration.dll
2017-11-04 21:17:22 ----D---- C:\Users\User\AppData\Roaming\uTorrent
2017-11-04 17:14:40 ----D---- C:\AdwCleaner
2017-10-25 20:21:54 ----D---- C:\Program Files\trend micro
2017-10-25 20:21:53 ----D---- C:\rsit

======List of files/folders modified in the last 1 month======

2017-11-22 18:18:13 ----D---- C:\Windows\Prefetch
2017-11-22 18:15:02 ----D---- C:\Windows\Temp
2017-11-22 18:10:43 ----D---- C:\Windows\System32
2017-11-22 18:10:43 ----D---- C:\Windows\inf
2017-11-22 18:10:43 ----A---- C:\Windows\system32\PerfStringBackup.INI
2017-11-22 18:08:12 ----D---- C:\Windows\system32\config
2017-11-22 18:05:06 ----HD---- C:\ProgramData
2017-11-22 17:58:42 ----D---- C:\Users\User\AppData\Roaming\vlc
2017-11-21 23:05:22 ----SHD---- C:\System Volume Information
2017-11-21 22:16:20 ----D---- C:\Windows\system32\drivers
2017-11-18 14:18:43 ----D---- C:\Windows\rescache
2017-11-18 03:09:20 ----D---- C:\Windows\system32\MRT
2017-11-18 03:01:32 ----AC---- C:\Windows\system32\MRT-KB890830.exe
2017-11-18 03:01:08 ----AC---- C:\Windows\system32\MRT.exe
2017-11-17 03:48:46 ----D---- C:\Windows\Microsoft.NET
2017-11-17 03:31:36 ----D---- C:\Windows\winsxs
2017-11-17 03:28:56 ----D---- C:\Windows\SYSWOW64\migration
2017-11-17 03:28:56 ----D---- C:\Windows\SYSWOW64\en-US
2017-11-17 03:28:56 ----D---- C:\Windows\SysWOW64
2017-11-17 03:28:56 ----D---- C:\Program Files\Windows Media Player
2017-11-17 03:28:56 ----D---- C:\Program Files\Internet Explorer
2017-11-17 03:28:56 ----D---- C:\Program Files (x86)\Windows Media Player
2017-11-17 03:28:56 ----D---- C:\Program Files (x86)\Internet Explorer
2017-11-17 03:28:55 ----D---- C:\Windows\system32\migration
2017-11-17 03:28:55 ----D---- C:\Windows\system32\en-US
2017-11-17 03:28:55 ----D---- C:\Windows\system32\drivers\en-US
2017-11-17 03:28:53 ----D---- C:\Windows\system32\appraiser
2017-11-17 03:28:53 ----D---- C:\Windows\AppPatch
2017-11-17 03:28:51 ----D---- C:\Windows\system32\DriverStore
2017-11-17 03:13:13 ----SHD---- C:\Windows\Installer
2017-11-17 03:06:11 ----A---- C:\Windows\SYSWOW64\PerfStringBackup.INI
2017-11-17 02:11:00 ----D---- C:\Windows\system32\Tasks
2017-11-16 22:24:05 ----D---- C:\Windows\system32\catroot2
2017-11-14 21:00:05 ----RD---- C:\Program Files (x86)
2017-11-04 21:21:01 ----D---- C:\Windows\system32\LogFiles
2017-10-26 10:22:33 ----D---- C:\Windows\system32\wdi
2017-10-25 20:21:54 ----RD---- C:\Program Files

======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R0 aswbidsh;aswbidsh; C:\Windows\system32\drivers\aswbidsha.sys [2017-11-17 198968]
R0 aswblog;aswblog; C:\Windows\system32\drivers\aswbloga.sys [2017-11-17 343288]
R0 aswbuniv;aswbuniv; C:\Windows\system32\drivers\aswbuniva.sys [2017-11-17 57728]
R0 aswRvrt;aswRvrt; C:\Windows\system32\drivers\aswRvrt.sys [2017-11-17 84416]
R0 aswVmm;aswVmm; C:\Windows\system32\drivers\aswVmm.sys [2017-11-17 364464]
R0 DzHDD64;DzHDD64; C:\Windows\System32\DRIVERS\DzHDD64.sys [2017-07-27 29512]
R0 rdyboost;ReadyBoost; C:\Windows\System32\drivers\rdyboost.sys [2010-11-21 213888]
R1 aswArPot;aswArPot; C:\Windows\system32\drivers\aswArPot.sys [2017-11-17 183584]
R1 aswbidsdriver;aswbidsdriver; C:\Windows\system32\drivers\aswbidsdrivera.sys [2017-11-17 321032]
R1 aswRdr;aswRdr; C:\Windows\system32\drivers\aswRdr2.sys [2017-11-17 110376]
R1 aswSnx;aswSnx; C:\Windows\system32\drivers\aswSnx.sys [2017-11-17 1026232]
R1 aswSP;aswSP; C:\Windows\system32\drivers\aswSP.sys [2017-11-17 455376]
R1 CSC;@%systemroot%\system32\cscsvc.dll,-202; C:\Windows\system32\drivers\csc.sys [2010-11-21 514560]
R1 lenovo.smi;Lenovo System Interface Driver; C:\Windows\system32\DRIVERS\smiifx64.sys [2010-09-07 15472]
R1 TPPWRIF;TPPWRIF; C:\Windows\System32\drivers\Tppwr64v.sys [2017-07-27 39264]
R1 vwififlt;Virtual WiFi Filter Driver; C:\Windows\system32\DRIVERS\vwififlt.sys [2009-07-14 59904]
R2 aswMonFlt;aswMonFlt; C:\Windows\system32\drivers\aswMonFlt.sys [2017-11-17 148288]
R2 aswStm;aswStm; C:\Windows\system32\drivers\aswStm.sys [2017-11-17 203976]
R2 risdxc;risdxc; C:\Windows\system32\DRIVERS\risdxc64.sys [2011-05-25 101888]
R2 smihlp;SMI Helper Driver (smihlp); \??\C:\Program Files\ThinkVantage Fingerprint Software\smihlp.sys [2011-05-30 13128]
R3 5U877;USB Video Device; C:\Windows\system32\DRIVERS\5U877.sys [2011-03-04 166016]
R3 bpenum;Intel(R) Centrino(R) WiMAX Enumerator; C:\Windows\system32\DRIVERS\bpenum.sys [2012-07-03 84480]
R3 CnxtHdAudService;Conexant UAA Function Driver for High Definition Audio Service; C:\Windows\system32\drivers\CHDRT64.sys [2012-06-05 1580704]
R3 e1cexpress;Intel(R) PRO/1000 PCI Express Network Connection Driver C; C:\Windows\system32\DRIVERS\e1c62x64.sys [2012-01-11 360624]
R3 IBMPMDRV;IBMPMDRV; C:\Windows\system32\DRIVERS\ibmpmdrv.sys [2017-09-15 86912]
R3 igfx;igfx; C:\Windows\system32\DRIVERS\igdkmd64.sys [2013-11-01 5363200]
R3 IntcDAud;Intel(R) Display Audio; C:\Windows\system32\DRIVERS\IntcDAud.sys [2012-06-19 342528]
R3 MEIx64;Intel(R) Management Engine Interface ; C:\Windows\system32\DRIVERS\HECIx64.sys [2010-10-19 56344]
R3 NETwNs64;___ Intel(R) Wireless WiFi Link 5000 Series Adapter Driver for Windows 7 - 64 Bit; C:\Windows\system32\DRIVERS\NETwNs64.sys [2011-10-31 8615936]
R3 SmbDrvI;SmbDrvI; C:\Windows\system32\DRIVERS\Smb_driver_Intel.sys [2014-07-28 45296]
R3 SynTP;Synaptics TouchPad Driver; C:\Windows\system32\DRIVERS\SynTP.sys [2014-07-28 461552]
R3 TPM;TPM; C:\Windows\system32\drivers\tpm.sys [2016-02-05 147904]
R3 WinUsb;WinUSB Driver; C:\Windows\system32\DRIVERS\WinUSB.sys [2010-11-21 41984]
S1 MpKsl3cbd91d5;MpKsl3cbd91d5; \??\c:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{998D2713-3871-4023-8635-903BC62A60AD}\MpKsl3cbd91d5.sys []
S3 aswHwid;aswHwid; C:\Windows\system32\drivers\aswHwid.sys [2017-11-17 47008]
S3 BthEnum;Bluetooth Request Block Driver; C:\Windows\system32\drivers\BthEnum.sys [2009-07-14 41984]
S3 BthPan;Bluetooth Device (Personal Area Network); C:\Windows\system32\drivers\bthpan.sys [2017-07-06 119296]
S3 BTHPORT;Bluetooth Port Driver; C:\Windows\System32\Drivers\BTHport.sys [2012-07-06 552960]
S3 BTHUSB;Bluetooth Radio USB Driver; C:\Windows\System32\Drivers\BTHUSB.sys [2011-04-28 80384]
S3 dmvsc;dmvsc; C:\Windows\system32\drivers\dmvsc.sys [2010-11-21 71168]
S3 ecnssndis; Mobile Broadband Driver; C:\Windows\System32\Drivers\wwuss64.sys [2011-06-13 26664]
S3 ecnssndisfltr; Mobile Broadband Driver Filter; C:\Windows\System32\Drivers\wwussf64.sys [2011-06-13 30248]
S3 l36wgps; Mobile Broadband GPS Port; C:\Windows\system32\DRIVERS\l36wgps64.sys [2011-07-01 101416]
S3 Mbm3CBus;F5521gw Mobile Broadband Device (WDM); C:\Windows\system32\DRIVERS\Mbm3CBus.sys [2011-04-29 419400]
S3 Mbm3DevMt; Mobile Broadband Device Management Driver (WDM); C:\Windows\system32\DRIVERS\Mbm3DevMt.sys [2011-04-29 430664]
S3 Mbm3mdfl; Mobile Broadband Modem Port Filter; C:\Windows\system32\DRIVERS\Mbm3mdfl.sys [2011-04-29 19528]
S3 Mbm3Mdm; Mobile Broadband Modem Port Driver; C:\Windows\system32\DRIVERS\Mbm3Mdm.sys [2011-04-29 483400]
S3 pciide;pciide; C:\Windows\system32\drivers\pciide.sys [2009-07-14 12352]
S3 pmxdrv;pmxdrv; \??\C:\Windows\system32\drivers\pmxdrv.sys [2017-11-21 31152]
S3 RDPDR;Terminal Server Device Redirector Driver; C:\Windows\System32\drivers\rdpdr.sys [2010-11-21 165888]
S3 RFCOMM;Bluetooth Device (RFCOMM Protocol TDI); C:\Windows\system32\DRIVERS\rfcomm.sys [2009-07-14 158720]
S3 RTL8192Ce;Realtek Wireless LAN 802.11n PCI-E NIC Driver; C:\Windows\system32\DRIVERS\rtl8192Ce.sys [2012-03-09 876136]
S3 s3cap;s3cap; C:\Windows\system32\drivers\vms3cap.sys [2010-11-21 6656]
S3 storvsc;storvsc; C:\Windows\system32\drivers\storvsc.sys [2010-11-21 34688]
S3 TsUsbFlt;TsUsbFlt; C:\Windows\system32\drivers\tsusbflt.sys [2010-11-21 59392]
S3 TsUsbGD;Remote Desktop Generic USB Device; C:\Windows\system32\drivers\TsUsbGD.sys [2010-11-21 31232]
S3 vmbus;vmbus; C:\Windows\system32\drivers\vmbus.sys [2010-11-21 199552]
S3 VMBusHID;VMBusHID; C:\Windows\system32\drivers\VMBusHID.sys [2010-11-21 21760]

======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R2 avast! Antivirus;Avast Antivirus; C:\Program Files\AVAST Software\Avast\AvastSvc.exe [2017-11-17 281416]
R2 CscService;@%systemroot%\system32\cscsvc.dll,-200; C:\Windows\System32\svchost.exe [2009-07-14 27136]
R2 CxAudMsg;@C:\Windows\system32\CxAudMsg64.exe,-100; C:\Windows\system32\CxAudMsg64.exe [2010-12-17 198784]
R2 DiagTrack;@%SystemRoot%\system32\UtcResources.dll,-3001; C:\Windows\System32\svchost.exe [2009-07-14 27136]
R2 DMAgent;Intel® PROSet/Wireless WiMAX Red Bend Device Management Service; C:\Program Files\Intel\WiMAX\Bin\DMAgent.exe [2012-07-18 514048]
R2 EvtEng;Intel(R) PROSet/Wireless Event Log; C:\Program Files\Intel\WiFi\bin\EvtEng.exe [2011-11-01 1518352]
R2 IBMPMSVC;Lenovo PM Service; C:\Windows\system32\ibmpmsvc.exe [2017-09-15 830032]
R2 LENOVO.MICMUTE;Lenovo Microphone Mute; C:\Program Files\LENOVO\HOTKEY\MICMUTE.exe [2014-05-27 110128]
R2 LPlatSvc;Lenovo Platform Service; C:\Windows\system32\LPlatSvc.exe [2017-09-15 774736]
R2 RegSrvc;Intel(R) PROSet/Wireless Registry Service; C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe [2011-11-01 844560]
R2 SAService;Conexant SmartAudio service; C:\Windows\system32\SAsrv.exe []
R2 TPHKLOAD;Lenovo Hotkey Client Loader; C:\Program Files\LENOVO\HOTKEY\TPHKLOAD.exe [2014-06-10 125424]
R2 TPHKSVC;On Screen Display; C:\Program Files\LENOVO\HOTKEY\TPHKSVC.exe [2014-05-27 125488]
R2 WiMAXAppSrv;Intel® PROSet/Wireless WiMAX Service; C:\Program Files\Intel\WiMAX\Bin\AppSrv.exe [2012-07-18 979456]
R2 WMCoreService;Mobile Broadband Service; C:\Program Files (x86)\Mobile Broadband drivers\WMCore\mini_WMCore.exe [2011-08-12 648744]
R3 aswbIDSAgent;aswbIDSAgent; C:\Program Files\AVAST Software\Avast\x64\aswidsagenta.exe [2017-11-17 7549928]
R3 ICCS;Intel(R) Integrated Clock Controller Service - Intel(R) ICCS; C:\Program Files (x86)\Intel\Intel(R) Integrated Clock Controller Service\ICCProxy.exe [2012-04-24 169752]
R3 Power Manager DBC Service;Power Manager Service; C:\Program Files (x86)\ThinkPad\Utilities\PWMDBSVC.EXE [2017-07-27 1669488]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86; C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2017-04-21 107656]
S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64; C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2017-04-21 128648]
S2 gupdate;Google Update Service (gupdate); C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2015-04-09 107848]
S3 AppMgmt;@appmgmts.dll,-3250; C:\Windows\system32\svchost.exe [2009-07-14 27136]
S3 cphs;Intel(R) Content Protection HECI Service; C:\Windows\SysWow64\IntelCpHeciSvc.exe [2013-11-30 279024]
S3 DozeSvc;Lenovo Doze Mode Service; C:\Program Files (x86)\ThinkPad\Utilities\DZSVC64.EXE [2017-07-27 326160]
S3 gupdatem;Google Update Service (gupdatem); C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2015-04-09 107848]
S3 IEEtwCollectorService;@%SystemRoot%\system32\ieetwcollectorres.dll,-1000; C:\Windows\system32\IEEtwCollector.exe [2017-10-14 116224]
S3 PeerDistSvc;@%SystemRoot%\system32\peerdistsvc.dll,-9000; C:\Windows\System32\svchost.exe [2009-07-14 27136]
S3 StorSvc;@%SystemRoot%\System32\StorSvc.dll,-100; C:\Windows\System32\svchost.exe [2009-07-14 27136]
S3 SUService;System Update; C:\Program Files (x86)\Lenovo\System Update\SUService.exe [2017-08-16 23928]
S3 UmRdpService;@%SystemRoot%\system32\umrdp.dll,-1000; C:\Windows\System32\svchost.exe [2009-07-14 27136]
S3 WatAdminSvc;@%SystemRoot%\system32\Wat\WatUX.exe,-601; C:\Windows\system32\Wat\WatAdminSvc.exe [2013-10-22 1255736]
S4 aspnet_state;ASP.NET State Service; C:\Windows\Microsoft.NET\Framework64\v4.0.30319\aspnet_state.exe [2017-04-21 52856]
S4 NetMsmqActivator;@C:\Windows\Microsoft.NET\Framework64\v4.0.30319\\ServiceModelInstallRC.dll,-8195; C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe [2017-04-21 136312]
S4 NetPipeActivator;@C:\Windows\Microsoft.NET\Framework64\v4.0.30319\\ServiceModelInstallRC.dll,-8197; C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe [2017-04-21 136312]
S4 NetTcpActivator;@C:\Windows\Microsoft.NET\Framework64\v4.0.30319\\ServiceModelInstallRC.dll,-8199; C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe [2017-04-21 136312]

-----------------EOF-----------------

Uživatelský avatar
Rudy
Site Admin
Site Admin
Příspěvky: 118196
Registrován: 30 říj 2003 13:42
Bydliště: Plzeň
Kontaktovat uživatele:

Re: prosím o kontrolu

#8 Příspěvek od Rudy »

Smazáno. Nastala nějaká změna?
Dotazy a logy vkládejte pouze do vašich threadů. Soukromé zprávy, icq a e-maily neslouží k řešení vašich problémů.

Podpořte, prosím, naše fórum : https://platba.viry.cz/payment/.

Navštivte: Obrázek

e-mail: rudy(zavináč)forum.viry.cz

Varování:
Před odvirováním PC si udělejte zálohy svých důležitých dat (pošta, kontakty, dokumenty, fotografie, videa, hudba apod.). Virus mimo svých "viditelných" aktivit může poškodit systém!


Po dořešení vašeho problému bude vlákno zamknuto. Stejně tak tehdy, pokud bude nečinné více než 14dnů. Pokud budete chtít vlákno aktivovat, napište mi na mail uvedený výše.

funnyman_
Návštěvník
Návštěvník
Příspěvky: 16
Registrován: 16 črc 2012 15:47

Re: prosím o kontrolu

#9 Příspěvek od funnyman_ »

bohužel, oba v prvním příspěvku zmíněné procesy stále po zapnutí nebo i po probuzení někdy až na 20minut zpomalí až zastaví počítač, tak, že uživatel jen čeká.
Snažil jsem se to řešit nějak bez reinstalace, ale nepovedlo se, takže mi nic jiného nezbývá... tedy snad reinstalace pomůže

Tak děkuji za pomoc

Uživatelský avatar
Rudy
Site Admin
Site Admin
Příspěvky: 118196
Registrován: 30 říj 2003 13:42
Bydliště: Plzeň
Kontaktovat uživatele:

Re: prosím o kontrolu

#10 Příspěvek od Rudy »

Není zač. Ještě byste mohl zkusit kompletní sken MBAM: http://www.malwarebytes.org/mbam.php a dár log. Předem nic nemažte.
Dotazy a logy vkládejte pouze do vašich threadů. Soukromé zprávy, icq a e-maily neslouží k řešení vašich problémů.

Podpořte, prosím, naše fórum : https://platba.viry.cz/payment/.

Navštivte: Obrázek

e-mail: rudy(zavináč)forum.viry.cz

Varování:
Před odvirováním PC si udělejte zálohy svých důležitých dat (pošta, kontakty, dokumenty, fotografie, videa, hudba apod.). Virus mimo svých "viditelných" aktivit může poškodit systém!


Po dořešení vašeho problému bude vlákno zamknuto. Stejně tak tehdy, pokud bude nečinné více než 14dnů. Pokud budete chtít vlákno aktivovat, napište mi na mail uvedený výše.

Odpovědět