TechSpot

New machine w/ Windows 10, can't switch windows without minimizing or closing active window first.

By losdavos
Jul 3, 2016
  1. Neither clicking on a tile on the taskbar, nor Alt+tab switches to another active window. When I click on the taskbar, there's a quick flash as if the system is *trying* to switch to the window whose tile I clicked on, but it then the current window just stays the active one. Similarly, Alt+tab DOES show me all the open windows, but doesn't take me to the one I land on; instead the current active window just stays the active window. A couple days ago I downloaded and ran CCleaner, and for a few minutes the problem was gone, but now it's back... Anyway, here are my first logs, thanks in advance!

    Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 02-07-2016
    Ran by david (administrator) on DESKTOP-3MHNPTN (03-07-2016 04:49:13)
    Running from C:\Users\david\Desktop
    Loaded Profiles: david (Available Profiles: david)
    Platform: Windows 10 Home Version 1511 (X64) Language: English (United States)
    Internet Explorer Version 11 (Default browser: Edge)
    Boot Mode: Normal
    Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

    ==================== Processes (Whitelisted) =================

    (If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

    (Intel Corporation) C:\Windows\System32\igfxCUIService.exe
    (Intel Corporation) C:\Windows\SysWOW64\IntelCpHeciSvc.exe
    (Microsoft Corporation) C:\Windows\System32\wlanext.exe
    (Intel(R) Corporation) C:\Program Files\Intel\WiFi\bin\EvtEng.exe
    (Intel Corporation) C:\Windows\SysWOW64\esif_uf.exe
    () C:\Program Files\Dolby\Dolby DAX2\DAX2_API\DolbyDAX2API.exe
    (Intel Corporation) C:\Program Files (x86)\Intel\Bluetooth\utilities\ibtsiva.exe
    (Lenovo Group Limited) C:\Program Files\Lenovo\ImController\Service\Lenovo.Modern.ImController.exe
    (BayHubTech/O2Micro International) C:\Windows\System32\drivers\o2flash.exe
    () C:\Program Files (x86)\Real\UpdateService\RealPlayerUpdateSvc.exe
    (RealNetworks, Inc.) C:\Program Files (x86)\Real\RealPlayer\RPDS\Bin\rpdsvc.exe
    (Intel(R) Corporation) C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe
    (Lenovo) C:\ProgramData\LenovoTransition\Server\x64\ymc.exe
    (Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnhService.exe
    (Intel® Corporation) C:\Program Files\Intel\WiFi\bin\ZeroConfigService.exe
    () C:\ProgramData\Lenovo\PLHotkeyService\PLHotkeyService.exe
    (Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v3.0\WPF\PresentationFontCache.exe
    (Google Inc.) C:\Program Files (x86)\Google\Update\1.3.30.3\GoogleCrashHandler.exe
    (Google Inc.) C:\Program Files (x86)\Google\Update\1.3.30.3\GoogleCrashHandler64.exe
    (Microsoft Corporation) C:\Windows\System32\dllhost.exe
    (Intel Corporation) C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe
    (Microsoft Corporation) C:\Program Files\Common Files\microsoft shared\ClickToRun\OfficeClickToRun.exe
    (AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\Framework\Common\avgsvca.exe
    (AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\Av\avgfwsa.exe
    (AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\Av\avgwdsvca.exe
    (AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\Av\avgidsagenta.exe
    (AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\Av\avgemca.exe
    (AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\Av\avgnsa.exe
    (AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\Av\avgrsa.exe
    (Intel Corporation) C:\Windows\Temp\DPTF\esif_assist_64.exe
    (Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
    (Microsoft Corporation) C:\Windows\System32\rundll32.exe
    (Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
    (Microsoft Corporation) C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\RemindersServer.exe
    (Intel Corporation) C:\Windows\System32\igfxEM.exe
    (Intel Corporation) C:\Windows\System32\igfxHK.exe
    () C:\Windows\System32\igfxTray.exe
    (Microsoft Corporation) C:\Windows\System32\SettingSyncHost.exe
    () C:\Program Files\Lenovo\LenovoUtility\utility.exe
    (Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe
    (Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe
    (Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe
    () C:\Program Files\Dolby\Dolby DAX2\DAX2_APP\DolbyDAX2TrayIcon.exe
    (Piriform Ltd) C:\Program Files\CCleaner\CCleaner64.exe
    (AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\Framework\Common\avguix.exe
    (AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\Av\avgui.exe
    (Microsoft Corporation) C:\Program Files (x86)\Microsoft Office\root\VFS\ProgramFilesCommonX86\Microsoft Shared\OFFICE16\CSISYNCCLIENT.EXE
    (Intel Corporation) C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe
    (Lenovo) C:\Program Files\Lenovo\Lenovo Solution Center\LSCNotify.exe
    (Lenovo Group Limited) C:\Program Files\Lenovo\ImController\PluginHost\Lenovo.Modern.ImController.PluginHost.exe
    (Lenovo) C:\Users\david\AppData\Local\Apps\2.0\REW9Y2BJ.50E\VROZJWL1.ED4\lsb...tion_2d7b41b05b24775e_0001.0006_6a5d43d0bdf9db4a\LSB.exe
    () C:\Program Files\WindowsApps\Microsoft.Messaging_2.15.20002.0_x86__8wekyb3d8bbwe\SkypeHost.exe
    (Microsoft Corporation) C:\Windows\System32\dllhost.exe
    () C:\Program Files\WindowsApps\E046963F.LenovoCompanion_3.49.1.0_x86__k1h2ywk1493x8\Lenovo.Discovery.exe
    (Microsoft Corporation) C:\Windows\System32\sdiagnhost.exe
    (Spotify Ltd) C:\Users\david\AppData\Roaming\Spotify\SpotifyWebHelper.exe
    (Microsoft Corporation) C:\Windows\ImmersiveControlPanel\SystemSettings.exe
    (Microsoft) C:\Program Files\WindowsApps\Microsoft.BingNews_4.11.156.0_x86__8wekyb3d8bbwe\Microsoft.Msn.News.exe
    (Microsoft Corporation) C:\Program Files\Common Files\microsoft shared\ink\InputPersonalization.exe
    (Microsoft Corporation) C:\Program Files\WindowsApps\Microsoft.ZuneVideo_3.6.21441.0_x64__8wekyb3d8bbwe\Video.UI.exe
    (AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\Av\avgcsrva.exe
    (Microsoft Corporation) C:\Program Files (x86)\Microsoft Office\root\Office16\MSOSYNC.EXE
    (Microsoft Corporation) C:\Windows\System32\dllhost.exe
    (Microsoft Corporation) C:\Windows\System32\NetworkUXBroker.exe
    () C:\Program Files (x86)\RealNetworks\RealDownloader\downloader2.exe
    (Lenovo Group Limited) C:\Program Files (x86)\Lenovo\ImController\PluginHost\Lenovo.Modern.ImController.PluginHost.exe
    (Lenovo Group Limited) C:\Program Files\Lenovo\ImController\PluginHost\Lenovo.Modern.ImController.PluginHost.exe
    (Lenovo Group Limited) C:\Program Files (x86)\Lenovo\ImController\PluginHost\Lenovo.Modern.ImController.PluginHost.exe
    (Lenovo Group Limited) C:\Program Files (x86)\Lenovo\ImController\PluginHost\Lenovo.Modern.ImController.PluginHost.exe
    () C:\Program Files\WindowsApps\Microsoft.Windows.Photos_16.526.11220.0_x64__8wekyb3d8bbwe\Microsoft.Photos.exe
    (Lenovo) C:\Program Files\Lenovo\QuickOptimizer\QuickOptimizerIcon.exe
    (Lenovo Group Limited) C:\Program Files\Lenovo\ImController\PluginHost\Lenovo.Modern.ImController.PluginHost.exe


    ==================== Registry (Whitelisted) ===========================

    (If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

    HKLM\...\Run: [LenovoUtility] => C:\Program Files\Lenovo\LenovoUtility\utility.exe [791848 2016-04-08] ()
    HKLM\...\Run: [IAStorIcon] => C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe [322472 2015-06-23] (Intel Corporation)
    HKLM\...\Run: [RtHDVBg_Dolby] => C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe [1407744 2015-10-01] (Realtek Semiconductor)
    HKLM\...\Run: [RtHDVBg_LENOVO_DOLBYDRAGON] => C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe [1407744 2015-10-01] (Realtek Semiconductor)
    HKLM\...\Run: [RtHDVBg_LENOVO_MICPKEY] => C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe [1407744 2015-10-01] (Realtek Semiconductor)
    HKLM\...\Run: [DAX2_APP] => C:\Program Files\Dolby\Dolby DAX2\DAX2_APP\DolbyDAX2TrayIcon.exe [628736 2015-06-16] ()
    HKLM-x32\...\Run: [RealDownloader] => C:\Program Files (x86)\RealNetworks\RealDownloader\downloader2.exe [714992 2016-05-13] ()
    HKLM-x32\...\Run: [AvgUi] => C:\Program Files (x86)\AVG\Framework\Common\avguirnx.exe [186640 2016-06-21] (AVG Technologies CZ, s.r.o.)
    HKLM-x32\...\Run: [AVG_UI] => C:\Program Files (x86)\AVG\Av\avgui.exe [6570256 2016-06-09] (AVG Technologies CZ, s.r.o.)
    HKU\S-1-5-21-483386053-2290206261-2764208400-1001\...\Run: [Spotify Web Helper] => C:\Users\david\AppData\Roaming\Spotify\SpotifyWebHelper.exe [1553520 2016-06-29] (Spotify Ltd)
    HKU\S-1-5-21-483386053-2290206261-2764208400-1001\...\Run: [CCleaner Monitoring] => C:\Program Files\CCleaner\CCleaner64.exe [8810200 2016-06-10] (Piriform Ltd)
    ShellIconOverlayIdentifiers: [ mozysyncNotUploaded] -> {34DF8AC2-A6BB-4855-B45A-CC1B4D9183E3} => C:\Program Files\Mozy Sync\mozysyncshell.dll [2015-11-10] (Mozy, Inc.)
    ShellIconOverlayIdentifiers: [ mozysyncPendingChanges] -> {6673BC77-4A7B-4299-A130-14312E6B203A} => C:\Program Files\Mozy Sync\mozysyncshell.dll [2015-11-10] (Mozy, Inc.)
    ShellIconOverlayIdentifiers: [ mozysyncUpToDate] -> {04547006-32F5-4635-844B-B8D7FCE47692} => C:\Program Files\Mozy Sync\mozysyncshell.dll [2015-11-10] (Mozy, Inc.)
    Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\RealTimes.lnk [2016-05-25]
    ShortcutTarget: RealTimes.lnk -> C:\Program Files (x86)\Real\RealPlayer\RPDS\Bin\rpsystray.exe (RealNetworks, Inc.)

    ==================== Internet (Whitelisted) ====================

    (If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

    Tcpip\Parameters: [DhcpNameServer] 209.18.47.62 209.18.47.61
    Tcpip\..\Interfaces\{3d9db97d-3a4f-46cd-85b4-9a9d85e08e37}: [DhcpNameServer] 150.206.1.2
    Tcpip\..\Interfaces\{d817e65e-c451-417b-85a6-5f203999c89a}: [DhcpNameServer] 209.18.47.62 209.18.47.61

    Internet Explorer:
    ==================
    HKU\S-1-5-21-483386053-2290206261-2764208400-1001\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://go.microsoft.com/fwlink/p/?LinkId=619797&pc=UE07&ocid=UE07DHP
    HKU\S-1-5-21-483386053-2290206261-2764208400-1001\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://lenovo15.msn.com/?pc=LCTE
    BHO: RealNetworks Download and Record Plugin for Internet Explorer -> {3049C3E9-B461-4BC5-8870-4C09146192CA} -> C:\Program Files (x86)\RealNetworks\RealDownloader\BrowserPlugins\IE\rndlbrowserrecordplugin64.dll [2016-05-13] (RealDownloader)
    BHO: Lync Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files (x86)\Microsoft Office\root\VFS\ProgramFilesX64\Microsoft Office\Office16\OCHelper.dll [2016-06-10] (Microsoft Corporation)
    BHO: Microsoft OneDrive for Business Browser Helper -> {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} -> C:\Program Files (x86)\Microsoft Office\root\VFS\ProgramFilesX64\Microsoft Office\Office16\GROOVEEX.DLL [2016-06-22] (Microsoft Corporation)
    BHO-x32: RealNetworks Download and Record Plugin for Internet Explorer -> {3049C3E9-B461-4BC5-8870-4C09146192CA} -> C:\Program Files (x86)\RealNetworks\RealDownloader\BrowserPlugins\IE\rndlbrowserrecordplugin.dll [2016-05-13] (RealDownloader)
    Handler-x32: mso-minsb-roaming.16 - {83C25742-A9F7-49FB-9138-434302C88D07} - C:\Program Files (x86)\Microsoft Office\root\Office16\MSOSB.DLL [2016-06-10] (Microsoft Corporation)
    Handler-x32: mso-minsb.16 - {42089D2D-912D-4018-9087-2B87803E93FB} - C:\Program Files (x86)\Microsoft Office\root\Office16\MSOSB.DLL [2016-06-10] (Microsoft Corporation)
    Handler-x32: osf-roaming.16 - {42089D2D-912D-4018-9087-2B87803E93FB} - C:\Program Files (x86)\Microsoft Office\root\Office16\MSOSB.DLL [2016-06-10] (Microsoft Corporation)
    Handler-x32: osf.16 - {5504BE45-A83B-4808-900A-3A5C36E7F77A} - C:\Program Files (x86)\Microsoft Office\root\Office16\MSOSB.DLL [2016-06-10] (Microsoft Corporation)

    FireFox:
    ========
    FF ProfilePath: C:\Users\david\AppData\Roaming\Mozilla\Firefox\Profiles\u11xwjzo.default
    FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\Program Files (x86)\Microsoft Office\root\Office16\NPSPWRAP.DLL [2016-06-10] (Microsoft Corporation)
    FF Plugin-x32: @real.com/nppl3260;version=18.1.4.135 -> C:\Program Files (x86)\Real\RealPlayer\Netscape6\nppl3260.dll [2016-05-25] (RealNetworks, Inc.)
    FF Plugin-x32: @real.com/nprpplugin;version=18.1.4.135 -> C:\Program Files (x86)\Real\RealPlayer\Netscape6\nprpplugin.dll [2016-05-25] (RealPlayer)
    FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.30.3\npGoogleUpdate3.dll [2016-05-11] (Google Inc.)
    FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.30.3\npGoogleUpdate3.dll [2016-05-11] (Google Inc.)
    FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AIR\nppdf32.dll [2016-05-27] (Adobe Systems Inc.)
    FF Extension: Adblock Plus - C:\Users\david\AppData\Roaming\Mozilla\Firefox\Profiles\u11xwjzo.default\Extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi [2016-05-31]

    Chrome:
    =======
    CHR HomePage: Default -> hxxp://www.trovi.com/?gd=&ctid=CT3323128&octid=EB_ORIGINAL_CTID&ISID=MFA928959-4827-422B-8464-8E9E80937193&SearchSource=55&CUI=&UM=6&UP=SPBDEA24BF-65F7-4987-8F77-5ACA6F7FAF1C&SSPV=
    CHR Session Restore: Default -> is enabled.
    CHR Profile: C:\Users\david\AppData\Local\Google\Chrome\User Data\Default
    CHR Extension: (Google Slides) - C:\Users\david\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2016-05-04]
    CHR Extension: (Google Docs) - C:\Users\david\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2016-05-04]
    CHR Extension: (Google Drive) - C:\Users\david\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2016-05-04]
    CHR Extension: (YouTube) - C:\Users\david\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2016-05-04]
    CHR Extension: (Adblock Plus) - C:\Users\david\AppData\Local\Google\Chrome\User Data\Default\Extensions\cfhdojbkjhnklbpkdaibdccddilifddb [2016-06-29]
    CHR Extension: (MightyText - SMS from PC & Text from Computer) - C:\Users\david\AppData\Local\Google\Chrome\User Data\Default\Extensions\dkfhfaphfkopdgpbfkebjfcblcafcmpi [2016-06-02]
    CHR Extension: (Google News) - C:\Users\david\AppData\Local\Google\Chrome\User Data\Default\Extensions\dllkocilcinkggkchnjgegijklcililc [2016-05-05]
    CHR Extension: (Dropbox for Gmail) - C:\Users\david\AppData\Local\Google\Chrome\User Data\Default\Extensions\dpdmhfocilnekecfjgimjdeckachfbec [2016-05-05]
    CHR Extension: (Google Calendar) - C:\Users\david\AppData\Local\Google\Chrome\User Data\Default\Extensions\ejjicmeblgpmajnghnpcppodonldlgfn [2016-05-05]
    CHR Extension: (Google Sheets) - C:\Users\david\AppData\Local\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2016-05-04]
    CHR Extension: (Google Docs Offline) - C:\Users\david\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2016-05-04]
    CHR Extension: (AdBlock) - C:\Users\david\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom [2016-07-01]
    CHR Extension: (Backspace means backspace!) - C:\Users\david\AppData\Local\Google\Chrome\User Data\Default\Extensions\hcicfpjmgbfalapmkdhfgldcnbamicnh [2016-05-05]
    CHR Extension: (Google Hangouts) - C:\Users\david\AppData\Local\Google\Chrome\User Data\Default\Extensions\knipolnnllmklapflnccelgolnpehhpl [2016-07-01]
    CHR Extension: (Lego Builder) - C:\Users\david\AppData\Local\Google\Chrome\User Data\Default\Extensions\mapnbjhfjionggfhlkmhjbmbpgfdlolh [2016-05-05]
    CHR Extension: (Chrome Web Store Payments) - C:\Users\david\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2016-05-04]
    CHR Extension: (Gmail) - C:\Users\david\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2016-05-04]

    ==================== Services (Whitelisted) ========================

    (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

    S3 AvgAMPS; C:\Program Files (x86)\AVG\Av\avgamps.exe [636312 2016-06-09] (AVG Technologies CZ, s.r.o.)
    R2 avgfws; C:\Program Files (x86)\AVG\Av\avgfwsa.exe [1998712 2016-06-09] (AVG Technologies CZ, s.r.o.)
    R2 AVGIDSAgent; C:\Program Files (x86)\AVG\Av\avgidsagenta.exe [5165824 2016-06-09] (AVG Technologies CZ, s.r.o.)
    R2 avgsvc; C:\Program Files (x86)\AVG\Framework\Common\avgsvca.exe [1080080 2016-06-21] (AVG Technologies CZ, s.r.o.)
    R2 avgwd; C:\Program Files (x86)\AVG\Av\avgwdsvca.exe [705528 2016-06-09] (AVG Technologies CZ, s.r.o.)
    R2 ClickToRunSvc; C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exe [2944768 2016-06-10] (Microsoft Corporation)
    S3 cplspcon; C:\Windows\system32\IntelCpHDCPSvc.exe [600680 2015-11-24] (Intel Corporation)
    R2 DAX2API; C:\Program Files\Dolby\Dolby DAX2\DAX2_API\DolbyDAX2API.exe [176640 2015-09-15] () [File not signed]
    R2 esifsvc; C:\Windows\SysWOW64\esif_uf.exe [1385640 2015-07-22] (Intel Corporation)
    R2 IAStorDataMgrSvc; C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe [18856 2015-06-23] (Intel Corporation)
    R2 ibtsiva.exe; C:\Program Files (x86)\Intel\Bluetooth\utilities\ibtsiva.exe [135408 2015-07-01] (Intel Corporation)
    R2 igfxCUIService2.0.0.0; C:\Windows\system32\igfxCUIService.exe [353896 2015-11-24] (Intel Corporation)
    R2 ImControllerService; C:\Program Files\Lenovo\ImController\Service\Lenovo.Modern.ImController.exe [56144 2016-05-26] (Lenovo Group Limited)
    S3 LSC.Services.SystemService; C:\Program Files\Lenovo\Lenovo Solution Center\App\LSC.Services.SystemService.exe [273232 2016-06-02] (Lenovo)
    S3 MyWiFiDHCPDNS; C:\Program Files\Intel\WiFi\bin\PanDhcpDns.exe [268192 2015-06-12] ()
    R2 O2FLASH; C:\Windows\System32\drivers\o2flash.exe [82096 2015-05-20] (BayHubTech/O2Micro International)
    R2 O2FLASH; C:\Windows\SysWOW64\drivers\o2flash.exe [82096 2015-05-20] (BayHubTech/O2Micro International)
    R2 RealPlayerUpdateSvc; C:\Program Files (x86)\Real\UpdateService\RealPlayerUpdateSvc.exe [32544 2016-05-13] ()
    R2 RealTimes Desktop Service; C:\Program Files (x86)\Real\RealPlayer\RPDS\Bin\rpdsvc.exe [1095440 2016-05-25] (RealNetworks, Inc.)
    S3 ShareItSvc; C:\Program Files (x86)\SHAREit\SHAREit\Shareit.Service.exe [33224 2016-04-15] (SHAREit Technologies Co.Ltd)
    R2 SynTPEnhService; C:\Program Files\Synaptics\SynTP\SynTPEnhService.exe [246376 2016-01-06] (Synaptics Incorporated)
    S3 WdNisSvc; C:\Program Files\Windows Defender\NisSrv.exe [364464 2015-10-30] (Microsoft Corporation)
    S3 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [24864 2015-10-30] (Microsoft Corporation)
    R2 ymc; C:\ProgramData\LenovoTransition\Server\x64\ymc.exe [42424 2015-12-02] (Lenovo)
    R2 YogaPLService; C:\ProgramData\Lenovo\PLHotkeyService\PLHotkeyService.exe [29112 2015-06-27] ()
    R2 ZeroConfigService; C:\Program Files\Intel\WiFi\bin\ZeroConfigService.exe [3831200 2015-06-12] (Intel® Corporation)

    ===================== Drivers (Whitelisted) ==========================

    (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

    S0 Avgboota; C:\Windows\System32\DRIVERS\avgboota.sys [21632 2016-01-07] (AVG Technologies CZ, s.r.o.)
    R1 Avgdiska; C:\Windows\System32\DRIVERS\avgdiska.sys [162592 2016-02-16] (AVG Technologies CZ, s.r.o.)
    R1 Avgfwfd; C:\Windows\system32\DRIVERS\avgfwd6a.sys [97208 2015-08-29] (AVG Technologies CZ, s.r.o.)
    R1 AVGIDSDriver; C:\Windows\System32\DRIVERS\avgidsdrivera.sys [307456 2016-05-18] (AVG Technologies CZ, s.r.o.)
    R0 AVGIDSHA; C:\Windows\System32\DRIVERS\avgidsha.sys [272304 2016-01-26] (AVG Technologies CZ, s.r.o.)
    R1 Avgldx64; C:\Windows\System32\DRIVERS\avgldx64.sys [260352 2016-05-02] (AVG Technologies CZ, s.r.o.)
    R0 Avgloga; C:\Windows\System32\DRIVERS\avgloga.sys [360736 2016-02-16] (AVG Technologies CZ, s.r.o.)
    R0 Avgmfx64; C:\Windows\System32\DRIVERS\avgmfx64.sys [247040 2016-05-05] (AVG Technologies CZ, s.r.o.)
    R0 Avgrkx64; C:\Windows\System32\DRIVERS\avgrkx64.sys [51968 2016-05-02] (AVG Technologies CZ, s.r.o.)
    R0 avguniva; C:\Windows\System32\DRIVERS\avguniva.sys [71936 2016-05-05] (AVG Technologies CZ, s.r.o.)
    R1 Avgwfpa; C:\Windows\system32\DRIVERS\avgwfpa.sys [315840 2015-12-16] (AVG Technologies CZ, s.r.o.)
    S3 AX88772; C:\Windows\System32\drivers\ax88772.sys [111616 2015-10-30] (ASIX Electronics Corp.)
    R3 dptf_cpu; C:\Windows\System32\drivers\dptf_cpu.sys [43512 2015-07-22] (Intel Corporation)
    R3 esif_lf; C:\Windows\system32\DRIVERS\esif_lf.sys [251384 2015-07-22] (Intel Corporation)
    R3 iaLPSS2_GPIO2; C:\Windows\System32\drivers\iaLPSS2_GPIO2.sys [84264 2015-06-16] (Intel Corporation)
    R3 iaLPSS2_I2C; C:\Windows\System32\drivers\iaLPSS2_I2C.sys [185128 2015-06-16] (Intel Corporation)
    R3 ibtusb; C:\Windows\system32\DRIVERS\ibtusb.sys [250096 2015-07-01] (Intel Corporation)
    R3 MEIx64; C:\Windows\System32\drivers\TeeDriverW8x64.sys [184608 2015-07-07] (Intel Corporation)
    S3 NETwNe64; C:\Windows\System32\drivers\NETwew01.sys [3343872 2015-10-30] (Intel Corporation)
    R3 Netwtw02; C:\Windows\System32\drivers\Netwtw02.sys [7043336 2015-10-24] (Intel Corporation)
    R3 O2FJ2RDR; C:\Windows\System32\drivers\O2FJ2x64.sys [201240 2015-05-20] (BayHubTech/O2Micro )
    R3 rtsuvc; C:\Windows\system32\DRIVERS\rtsuvc.sys [3049176 2015-05-29] (Realtek Semiconductor Corp.)
    R3 SynRMIHID; C:\Windows\system32\DRIVERS\SynRMIHID.sys [56936 2016-01-06] (Synaptics Incorporated)
    S3 WdBoot; C:\Windows\system32\drivers\WdBoot.sys [44568 2015-10-30] (Microsoft Corporation)
    S3 WdFilter; C:\Windows\system32\drivers\WdFilter.sys [293216 2015-10-30] (Microsoft Corporation)
    S3 WdNisDrv; C:\Windows\System32\Drivers\WdNisDrv.sys [118112 2015-10-30] (Microsoft Corporation)

    ==================== NetSvcs (Whitelisted) ===================

    (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
     
  2. losdavos

    losdavos TS Booster Topic Starter Posts: 112

    ==================== One Month Created files and folders ========


    (If an entry is included in the fixlist, the file/folder will be moved.)


    2016-07-03 04:49 - 2016-07-03 04:49 - 00021719 _____ C:\Users\david\Desktop\FRST.txt

    2016-07-03 04:49 - 2016-07-03 04:49 - 00000000 ____D C:\FRST

    2016-07-03 04:46 - 2016-07-03 04:48 - 02390016 _____ (Farbar) C:\Users\david\Desktop\FRST64.exe

    2016-07-01 10:56 - 2016-07-01 10:56 - 00932857 _____ C:\Users\david\Downloads\ssrc-readingsuperhero.pdf

    2016-06-29 09:59 - 2016-07-02 12:50 - 00122368 ___SH C:\Users\david\Downloads\Thumbs.db

    2016-06-29 02:28 - 2016-06-29 02:28 - 00000000 ___HD C:\OneDriveTemp

    2016-06-29 02:27 - 2016-06-29 02:27 - 00004988 _____ C:\Users\david\Desktop\cc_registry backup 2 20160629_022608.reg

    2016-06-29 02:26 - 2016-06-29 02:26 - 00034746 _____ C:\Users\david\Desktop\cc_registry backup 20160629_022608.reg

    2016-06-29 02:24 - 2016-06-29 02:24 - 00002870 _____ C:\Windows\System32\Tasks\CCleanerSkipUAC

    2016-06-29 02:24 - 2016-06-29 02:24 - 00000863 _____ C:\Users\Public\Desktop\CCleaner.lnk

    2016-06-29 02:24 - 2016-06-29 02:24 - 00000000 ____D C:\Program Files\CCleaner

    2016-06-26 22:21 - 2016-06-26 22:21 - 00001009 _____ C:\Users\Public\Desktop\AVG Protection.lnk

    2016-06-26 22:21 - 2016-06-26 22:21 - 00000000 ___HD C:\$AVG

    2016-06-26 22:21 - 2016-06-26 22:21 - 00000000 ____D C:\Users\david\AppData\Roaming\TuneUp Software

    2016-06-26 22:21 - 2016-06-26 22:21 - 00000000 ____D C:\Users\david\AppData\Roaming\AVG

    2016-06-26 22:21 - 2016-06-26 22:21 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AVG

    2016-06-26 22:20 - 2016-07-03 04:44 - 00000000 ____D C:\ProgramData\MFAData

    2016-06-26 22:20 - 2016-06-26 22:21 - 00000000 ____D C:\Program Files (x86)\AVG

    2016-06-26 22:20 - 2016-06-26 22:20 - 00000000 ____D C:\Users\david\AppData\Local\MFAData

    2016-06-26 22:17 - 2016-06-26 22:21 - 00000000 ____D C:\Users\david\AppData\Local\Avg

    2016-06-26 22:17 - 2016-06-26 22:21 - 00000000 ____D C:\ProgramData\Avg

    2016-06-26 22:17 - 2016-06-26 22:20 - 00000000 ____D C:\Users\david\AppData\Local\AvgSetupLog

    2016-06-26 22:17 - 2016-06-26 22:17 - 03135880 _____ (AVG Technologies CZ, s.r.o.) C:\Users\david\Desktop\AVG_Internet_Security_742.exe

    2016-06-25 23:19 - 2016-06-25 23:19 - 00000000 ____D C:\Users\david\AppData\LocalLow\Lenovo

    2016-06-22 14:17 - 2016-06-22 14:17 - 00000000 ____D C:\Users\david\AppData\Roaming\Lenovo

    2016-06-20 07:47 - 2016-06-20 07:47 - 00199193 ____T C:\Users\david\Desktop\go shuttle ticket.pdf

    2016-06-20 07:26 - 2016-06-20 07:26 - 00035642 ____T C:\Users\david\Desktop\go shuttle receipt.pdf

    2016-06-18 14:17 - 2016-06-18 14:17 - 00348376 _____ (Spotify Ltd) C:\Users\david\Downloads\SpotifySetup.exe

    2016-06-18 14:16 - 2016-07-03 04:48 - 00000000 ____D C:\Users\david\AppData\Local\Spotify

    2016-06-18 14:16 - 2016-07-02 21:45 - 00000000 ____D C:\Users\david\AppData\Roaming\Spotify

    2016-06-18 14:16 - 2016-06-29 12:49 - 00001895 _____ C:\Users\david\Desktop\Spotify.lnk

    2016-06-18 14:16 - 2016-06-29 12:49 - 00001881 _____ C:\Users\david\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Spotify.lnk

    2016-06-18 08:29 - 2016-06-18 08:29 - 02369246 _____ C:\Users\david\Desktop\WaterTaxi_Winter_FY15.pdf

    2016-06-17 01:24 - 2016-05-28 00:57 - 01372312 _____ (Microsoft Corporation) C:\Windows\SysWOW64\gdi32.dll

    2016-06-17 01:24 - 2016-05-28 00:29 - 00045568 _____ (Adobe Systems) C:\Windows\system32\atmlib.dll

    2016-06-17 01:24 - 2016-05-28 00:11 - 00504320 _____ (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll

    2016-06-17 01:23 - 2016-05-28 02:13 - 01401024 _____ (Microsoft Corporation) C:\Windows\system32\appraiser.dll

    2016-06-17 01:23 - 2016-05-28 02:13 - 01184960 _____ (Microsoft Corporation) C:\Windows\system32\aeinv.dll

    2016-06-17 01:23 - 2016-05-28 02:13 - 00514752 _____ (Microsoft Corporation) C:\Windows\system32\devinv.dll

    2016-06-17 01:23 - 2016-05-28 02:13 - 00290496 _____ (Microsoft Corporation) C:\Windows\system32\invagent.dll

    2016-06-17 01:23 - 2016-05-28 02:13 - 00092352 _____ (Microsoft Corporation) C:\Windows\system32\acmigration.dll

    2016-06-17 01:23 - 2016-05-28 02:13 - 00046784 _____ (Microsoft Corporation) C:\Windows\system32\CompatTelRunner.exe

    2016-06-17 01:23 - 2016-05-28 01:25 - 04268880 _____ (Microsoft Corporation) C:\Windows\SysWOW64\setupapi.dll

    2016-06-17 01:23 - 2016-05-28 01:23 - 00388384 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ws2_32.dll

    2016-06-17 01:23 - 2016-05-28 01:23 - 00312160 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mswsock.dll

    2016-06-17 01:23 - 2016-05-28 01:22 - 07474528 _____ (Microsoft Corporation) C:\Windows\system32\ntoskrnl.exe

    2016-06-17 01:23 - 2016-05-28 01:22 - 04387680 _____ (Microsoft Corporation) C:\Windows\system32\setupapi.dll

    2016-06-17 01:23 - 2016-05-28 01:22 - 00428896 _____ (Microsoft Corporation) C:\Windows\system32\hal.dll

    2016-06-17 01:23 - 2016-05-28 01:22 - 00211296 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\tpm.sys

    2016-06-17 01:23 - 2016-05-28 01:22 - 00118624 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\partmgr.sys

    2016-06-17 01:23 - 2016-05-28 01:20 - 00430312 _____ (Microsoft Corporation) C:\Windows\system32\ws2_32.dll

    2016-06-17 01:23 - 2016-05-28 01:18 - 00357216 _____ (Microsoft Corporation) C:\Windows\system32\mswsock.dll

    2016-06-17 01:23 - 2016-05-28 01:16 - 00026408 _____ (Microsoft Corporation) C:\Windows\system32\wuauclt.exe

    2016-06-17 01:23 - 2016-05-28 01:09 - 00501600 _____ (Microsoft Corporation) C:\Windows\SysWOW64\NetSetupEngine.dll

    2016-06-17 01:23 - 2016-05-28 01:09 - 00170848 _____ (Microsoft Corporation) C:\Windows\system32\NetworkUXBroker.exe

    2016-06-17 01:23 - 2016-05-28 01:09 - 00084832 _____ (Microsoft Corporation) C:\Windows\SysWOW64\NetSetupApi.dll

    2016-06-17 01:23 - 2016-05-28 01:08 - 00693600 _____ (Microsoft Corporation) C:\Windows\system32\NetSetupEngine.dll

    2016-06-17 01:23 - 2016-05-28 01:08 - 00258912 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ufx01000.sys

    2016-06-17 01:23 - 2016-05-28 01:08 - 00115040 _____ (Microsoft Corporation) C:\Windows\system32\NetSetupApi.dll

    2016-06-17 01:23 - 2016-05-28 01:07 - 03675512 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll

    2016-06-17 01:23 - 2016-05-28 01:07 - 02921880 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll

    2016-06-17 01:23 - 2016-05-28 01:07 - 01322248 _____ (Microsoft Corporation) C:\Windows\system32\ole32.dll

    2016-06-17 01:23 - 2016-05-28 01:07 - 00957608 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ole32.dll

    2016-06-17 01:23 - 2016-05-28 01:07 - 00808288 _____ (Microsoft Corporation) C:\Windows\system32\WWAHost.exe

    2016-06-17 01:23 - 2016-05-28 01:07 - 00703840 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WWAHost.exe

    2016-06-17 01:23 - 2016-05-28 01:07 - 00331616 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\pci.sys

    2016-06-17 01:23 - 2016-05-28 01:06 - 22561256 _____ (Microsoft Corporation) C:\Windows\system32\shell32.dll

    2016-06-17 01:23 - 2016-05-28 01:06 - 04074160 _____ (Microsoft Corporation) C:\Windows\SysWOW64\explorer.exe

    2016-06-17 01:23 - 2016-05-28 01:06 - 00730344 _____ (Microsoft Corporation) C:\Windows\system32\Windows.Internal.Shell.Broker.dll

    2016-06-17 01:23 - 2016-05-28 01:06 - 00303216 _____ (Microsoft Corporation) C:\Windows\system32\LockAppHost.exe

    2016-06-17 01:23 - 2016-05-28 01:06 - 00254656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\LockAppHost.exe

    2016-06-17 01:23 - 2016-05-28 01:05 - 04515264 _____ (Microsoft Corporation) C:\Windows\explorer.exe

    2016-06-17 01:23 - 2016-05-28 01:04 - 00604928 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\cng.sys

    2016-06-17 01:23 - 2016-05-28 01:04 - 00431296 _____ (Microsoft Corporation) C:\Windows\system32\bcryptprimitives.dll

    2016-06-17 01:23 - 2016-05-28 01:04 - 00360480 _____ (Microsoft Corporation) C:\Windows\SysWOW64\bcryptprimitives.dll

    2016-06-17 01:23 - 2016-05-28 01:04 - 00161632 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecpkg.sys

    2016-06-17 01:23 - 2016-05-28 01:04 - 00111064 _____ (Microsoft Corporation) C:\Windows\system32\ncryptsslp.dll

    2016-06-17 01:23 - 2016-05-28 01:04 - 00097096 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ncryptsslp.dll

    2016-06-17 01:23 - 2016-05-28 01:03 - 00131248 _____ (Microsoft Corporation) C:\Windows\system32\gpapi.dll

    2016-06-17 01:23 - 2016-05-28 00:58 - 01996640 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\dxgkrnl.sys

    2016-06-17 01:23 - 2016-05-28 00:58 - 00379232 _____ (Adobe Systems Incorporated) C:\Windows\system32\atmfd.dll

    2016-06-17 01:23 - 2016-05-28 00:57 - 02548944 _____ (Microsoft Corporation) C:\Windows\system32\d3d10warp.dll

    2016-06-17 01:23 - 2016-05-28 00:57 - 02195632 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3d10warp.dll

    2016-06-17 01:23 - 2016-05-28 00:57 - 01594416 _____ (Microsoft Corporation) C:\Windows\system32\gdi32.dll

    2016-06-17 01:23 - 2016-05-28 00:57 - 00649792 _____ (Microsoft Corporation) C:\Windows\system32\dxgi.dll

    2016-06-17 01:23 - 2016-05-28 00:57 - 00636304 _____ (Microsoft Corporation) C:\Windows\system32\fontdrvhost.exe

    2016-06-17 01:23 - 2016-05-28 00:57 - 00577376 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\dxgmms2.sys

    2016-06-17 01:23 - 2016-05-28 00:57 - 00546456 _____ (Microsoft Corporation) C:\Windows\SysWOW64\fontdrvhost.exe

    2016-06-17 01:23 - 2016-05-28 00:57 - 00521664 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxgi.dll

    2016-06-17 01:23 - 2016-05-28 00:57 - 00316256 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\atmfd.dll

    2016-06-17 01:23 - 2016-05-28 00:35 - 00123392 _____ (Microsoft Corporation) C:\Windows\system32\tdlrecover.exe

    2016-06-17 01:23 - 2016-05-28 00:35 - 00089088 _____ (Microsoft Corporation) C:\Windows\system32\MapsCSP.dll

    2016-06-17 01:23 - 2016-05-28 00:35 - 00031744 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\dumpsdport.sys

    2016-06-17 01:23 - 2016-05-28 00:31 - 00091648 _____ (Microsoft Corporation) C:\Windows\SysWOW64\tdlrecover.exe

    2016-06-17 01:23 - 2016-05-28 00:31 - 00088576 _____ (Microsoft Corporation) C:\Windows\SysWOW64\olepro32.dll

    2016-06-17 01:23 - 2016-05-28 00:31 - 00066560 _____ (Microsoft Corporation) C:\Windows\system32\MosHostClient.dll

    2016-06-17 01:23 - 2016-05-28 00:29 - 22379008 _____ (Microsoft Corporation) C:\Windows\system32\edgehtml.dll

    2016-06-17 01:23 - 2016-05-28 00:29 - 00079360 _____ (Microsoft Corporation) C:\Windows\system32\adhsvc.dll

    2016-06-17 01:23 - 2016-05-28 00:29 - 00019456 _____ (Microsoft Corporation) C:\Windows\system32\httpprxp.dll

    2016-06-17 01:23 - 2016-05-28 00:28 - 00166400 _____ (Microsoft Corporation) C:\Windows\system32\MusNotification.exe

    2016-06-17 01:23 - 2016-05-28 00:28 - 00118272 _____ (Microsoft Corporation) C:\Windows\system32\fontsub.dll

    2016-06-17 01:23 - 2016-05-28 00:28 - 00090112 _____ (Microsoft Corporation) C:\Windows\system32\FwRemoteSvr.dll

    2016-06-17 01:23 - 2016-05-28 00:27 - 00050176 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MosHostClient.dll

    2016-06-17 01:23 - 2016-05-28 00:27 - 00028672 _____ (Microsoft Corporation) C:\Windows\system32\mapsupdatetask.dll

    2016-06-17 01:23 - 2016-05-28 00:26 - 00199168 _____ (Microsoft Corporation) C:\Windows\system32\InstallAgent.exe

    2016-06-17 01:23 - 2016-05-28 00:26 - 00157184 _____ (Microsoft Corporation) C:\Windows\system32\dmcertinst.exe

    2016-06-17 01:23 - 2016-05-28 00:26 - 00145920 _____ (Microsoft Corporation) C:\Windows\system32\omadmclient.exe

    2016-06-17 01:23 - 2016-05-28 00:26 - 00120320 _____ (Microsoft Corporation) C:\Windows\system32\MapsBtSvc.dll

    2016-06-17 01:23 - 2016-05-28 00:26 - 00074752 _____ (Microsoft Corporation) C:\Windows\system32\MosStorage.dll

    2016-06-17 01:23 - 2016-05-28 00:25 - 00112640 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\bthenum.sys

    2016-06-17 01:23 - 2016-05-28 00:25 - 00037376 _____ (Adobe Systems) C:\Windows\SysWOW64\atmlib.dll

    2016-06-17 01:23 - 2016-05-28 00:24 - 00218624 _____ (Microsoft Corporation) C:\Windows\system32\cdd.dll

    2016-06-17 01:23 - 2016-05-28 00:24 - 00124928 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\Ndu.sys

    2016-06-17 01:23 - 2016-05-28 00:24 - 00093696 _____ (Microsoft Corporation) C:\Windows\SysWOW64\fontsub.dll

    2016-06-17 01:23 - 2016-05-28 00:24 - 00091136 _____ (Microsoft Corporation) C:\Windows\system32\browserbroker.dll

    2016-06-17 01:23 - 2016-05-28 00:24 - 00086528 _____ (Microsoft Corporation) C:\Windows\system32\AppCapture.dll

    2016-06-17 01:23 - 2016-05-28 00:24 - 00072704 _____ (Microsoft Corporation) C:\Windows\system32\moshost.dll

    2016-06-17 01:23 - 2016-05-28 00:24 - 00067072 _____ (Microsoft Corporation) C:\Windows\system32\dhcpcsvc6.dll

    2016-06-17 01:23 - 2016-05-28 00:24 - 00053760 _____ (Microsoft Corporation) C:\Windows\SysWOW64\FwRemoteSvr.dll

    2016-06-17 01:23 - 2016-05-28 00:23 - 00155136 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\hidclass.sys

    2016-06-17 01:23 - 2016-05-28 00:23 - 00086016 _____ (Microsoft Corporation) C:\Windows\system32\dhcpcsvc.dll

    2016-06-17 01:23 - 2016-05-28 00:22 - 00406528 _____ (Microsoft Corporation) C:\Windows\system32\MusUpdateHandlers.dll

    2016-06-17 01:23 - 2016-05-28 00:22 - 00368640 _____ (Microsoft Corporation) C:\Windows\system32\usocore.dll

    2016-06-17 01:23 - 2016-05-28 00:22 - 00278528 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\netbt.sys

    2016-06-17 01:23 - 2016-05-28 00:22 - 00269824 _____ (Microsoft Corporation) C:\Windows\system32\moshostcore.dll

    2016-06-17 01:23 - 2016-05-28 00:22 - 00163328 _____ (Microsoft Corporation) C:\Windows\system32\tetheringservice.dll

    2016-06-17 01:23 - 2016-05-28 00:22 - 00161280 _____ (Microsoft Corporation) C:\Windows\SysWOW64\InstallAgent.exe

    2016-06-17 01:23 - 2016-05-28 00:22 - 00087040 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MapsBtSvc.dll

    2016-06-17 01:23 - 2016-05-28 00:22 - 00079872 _____ (Microsoft Corporation) C:\Windows\system32\cryptsvc.dll

    2016-06-17 01:23 - 2016-05-28 00:22 - 00059904 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MosStorage.dll

    2016-06-17 01:23 - 2016-05-28 00:21 - 00550912 _____ (Microsoft Corporation) C:\Windows\system32\StoreAgent.dll

    2016-06-17 01:23 - 2016-05-28 00:21 - 00239104 _____ (Microsoft Corporation) C:\Windows\system32\BrokerLib.dll

    2016-06-17 01:23 - 2016-05-28 00:21 - 00207360 _____ (Microsoft Corporation) C:\Windows\system32\NetSetupSvc.dll

    2016-06-17 01:23 - 2016-05-28 00:21 - 00190464 _____ (Microsoft Corporation) C:\Windows\system32\wscsvc.dll

    2016-06-17 01:23 - 2016-05-28 00:20 - 00641536 _____ (Microsoft Corporation) C:\Windows\system32\enterprisecsps.dll

    2016-06-17 01:23 - 2016-05-28 00:20 - 00511488 _____ (Microsoft Corporation) C:\Windows\system32\newdev.dll

    2016-06-17 01:23 - 2016-05-28 00:20 - 00332288 _____ (Microsoft Corporation) C:\Windows\system32\polstore.dll

    2016-06-17 01:23 - 2016-05-28 00:20 - 00267264 _____ (Microsoft Corporation) C:\Windows\system32\dhcpcore6.dll

    2016-06-17 01:23 - 2016-05-28 00:20 - 00199168 _____ (Microsoft Corporation) C:\Windows\system32\GnssAdapter.dll

    2016-06-17 01:23 - 2016-05-28 00:20 - 00174080 _____ (Microsoft Corporation) C:\Windows\system32\SettingsHandlers_Privacy.dll

    2016-06-17 01:23 - 2016-05-28 00:20 - 00057344 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dhcpcsvc6.dll

    2016-06-17 01:23 - 2016-05-28 00:19 - 24605696 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll

    2016-06-17 01:23 - 2016-05-28 00:19 - 00764928 _____ (Microsoft Corporation) C:\Windows\system32\Chakradiag.dll

    2016-06-17 01:23 - 2016-05-28 00:19 - 00567808 _____ (Microsoft Corporation) C:\Windows\system32\MBMediaManager.dll

    2016-06-17 01:23 - 2016-05-28 00:19 - 00414720 _____ (Microsoft Corporation) C:\Windows\system32\bcastdvr.exe

    2016-06-17 01:23 - 2016-05-28 00:19 - 00355840 _____ (Microsoft Corporation) C:\Windows\system32\dhcpcore.dll

    2016-06-17 01:23 - 2016-05-28 00:19 - 00064000 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dhcpcsvc.dll

    2016-06-17 01:23 - 2016-05-28 00:18 - 11545088 _____ (Microsoft Corporation) C:\Windows\system32\twinui.dll

    2016-06-17 01:23 - 2016-05-28 00:18 - 07977472 _____ (Microsoft Corporation) C:\Windows\system32\mos.dll

    2016-06-17 01:23 - 2016-05-28 00:18 - 00610816 _____ (Microsoft Corporation) C:\Windows\system32\rastls.dll

    2016-06-17 01:23 - 2016-05-28 00:18 - 00591360 _____ (Microsoft Corporation) C:\Windows\system32\vpnike.dll

    2016-06-17 01:23 - 2016-05-28 00:18 - 00460800 _____ (Microsoft Corporation) C:\Windows\system32\MapConfiguration.dll

    2016-06-17 01:23 - 2016-05-28 00:18 - 00392192 _____ (Microsoft Corporation) C:\Windows\system32\IPSECSVC.DLL

    2016-06-17 01:23 - 2016-05-28 00:18 - 00380416 _____ (Microsoft Corporation) C:\Windows\system32\SystemEventsBrokerServer.dll

    2016-06-17 01:23 - 2016-05-28 00:18 - 00285184 _____ (Microsoft Corporation) C:\Windows\system32\VEEventDispatcher.dll

    2016-06-17 01:23 - 2016-05-28 00:17 - 09918976 _____ (Microsoft Corporation) C:\Windows\SysWOW64\twinui.dll

    2016-06-17 01:23 - 2016-05-28 00:17 - 00963072 _____ (Microsoft Corporation) C:\Windows\system32\iphlpsvc.dll

    2016-06-17 01:23 - 2016-05-28 00:17 - 00630784 _____ (Microsoft Corporation) C:\Windows\system32\MessagingDataModel2.dll

    2016-06-17 01:23 - 2016-05-28 00:17 - 00485888 _____ (Microsoft Corporation) C:\Windows\SysWOW64\newdev.dll

    2016-06-17 01:23 - 2016-05-28 00:17 - 00415232 _____ (Microsoft Corporation) C:\Windows\SysWOW64\StoreAgent.dll

    2016-06-17 01:23 - 2016-05-28 00:17 - 00315392 _____ (Microsoft Corporation) C:\Windows\system32\RDXTaskFactory.dll

    2016-06-17 01:23 - 2016-05-28 00:17 - 00278016 _____ (Microsoft Corporation) C:\Windows\system32\Windows.Internal.Management.dll

    2016-06-17 01:23 - 2016-05-28 00:17 - 00173056 _____ (Microsoft Corporation) C:\Windows\system32\mdmmigrator.dll

    2016-06-17 01:23 - 2016-05-28 00:16 - 19344384 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll

    2016-06-17 01:23 - 2016-05-28 00:16 - 00690176 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\srv2.sys

    2016-06-17 01:23 - 2016-05-28 00:16 - 00684544 _____ (Microsoft Corporation) C:\Windows\system32\StructuredQuery.dll

    2016-06-17 01:23 - 2016-05-28 00:16 - 00592896 _____ (Microsoft Corporation) C:\Windows\system32\AppContracts.dll

    2016-06-17 01:23 - 2016-05-28 00:16 - 00503808 _____ (Microsoft Corporation) C:\Windows\system32\tileobjserver.dll

    2016-06-17 01:23 - 2016-05-28 00:16 - 00406528 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\srv.sys

    2016-06-17 01:23 - 2016-05-28 00:16 - 00291328 _____ (Microsoft Corporation) C:\Windows\SysWOW64\polstore.dll

    2016-06-17 01:23 - 2016-05-28 00:16 - 00230400 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dhcpcore6.dll

    2016-06-17 01:23 - 2016-05-28 00:15 - 01056256 _____ (Microsoft Corporation) C:\Windows\system32\JpMapControl.dll

    2016-06-17 01:23 - 2016-05-28 00:15 - 00853504 _____ (Microsoft Corporation) C:\Windows\system32\MapsStore.dll

    2016-06-17 01:23 - 2016-05-28 00:15 - 00794624 _____ (Microsoft Corporation) C:\Windows\system32\winhttp.dll

    2016-06-17 01:23 - 2016-05-28 00:15 - 00535040 _____ (Microsoft Corporation) C:\Windows\SysWOW64\rastls.dll

    2016-06-17 01:23 - 2016-05-28 00:15 - 00349696 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MapConfiguration.dll

    2016-06-17 01:23 - 2016-05-28 00:15 - 00293888 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dhcpcore.dll

    2016-06-17 01:23 - 2016-05-28 00:15 - 00237056 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\srvnet.sys

    2016-06-17 01:23 - 2016-05-28 00:14 - 18674176 _____ (Microsoft Corporation) C:\Windows\SysWOW64\edgehtml.dll

    2016-06-17 01:23 - 2016-05-28 00:14 - 01716736 _____ (Microsoft Corporation) C:\Windows\system32\SRHInproc.dll

    2016-06-17 01:23 - 2016-05-28 00:14 - 00988160 _____ (Microsoft Corporation) C:\Windows\system32\NMAA.dll

    2016-06-17 01:23 - 2016-05-28 00:14 - 00965632 _____ (Microsoft Corporation) C:\Windows\system32\SRH.dll

    2016-06-17 01:23 - 2016-05-28 00:14 - 00784384 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll

    2016-06-17 01:23 - 2016-05-28 00:14 - 00606208 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll

    2016-06-17 01:23 - 2016-05-28 00:14 - 00499712 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MessagingDataModel2.dll

    2016-06-17 01:23 - 2016-05-28 00:14 - 00219136 _____ (Microsoft Corporation) C:\Windows\SysWOW64\VEEventDispatcher.dll

    2016-06-17 01:23 - 2016-05-28 00:14 - 00200192 _____ (Microsoft Corporation) C:\Windows\SysWOW64\Windows.Internal.Management.dll

    2016-06-17 01:23 - 2016-05-28 00:13 - 01387520 _____ (Microsoft Corporation) C:\Windows\system32\win32kbase.sys

    2016-06-17 01:23 - 2016-05-28 00:13 - 00990208 _____ (Microsoft Corporation) C:\Windows\system32\SharedStartModel.dll

    2016-06-17 01:23 - 2016-05-28 00:13 - 00982016 _____ (Microsoft Corporation) C:\Windows\system32\AppxPackaging.dll

    2016-06-17 01:23 - 2016-05-28 00:13 - 00954368 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\bthport.sys

    2016-06-17 01:23 - 2016-05-28 00:13 - 00939520 _____ (Microsoft Corporation) C:\Windows\system32\MapControlCore.dll

    2016-06-17 01:23 - 2016-05-28 00:13 - 00587776 _____ (Microsoft Corporation) C:\Windows\system32\bisrv.dll

    2016-06-17 01:23 - 2016-05-28 00:13 - 00467456 _____ (Microsoft Corporation) C:\Windows\SysWOW64\AppContracts.dll

    2016-06-17 01:23 - 2016-05-28 00:13 - 00084992 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\BTHUSB.SYS

    2016-06-17 01:23 - 2016-05-28 00:12 - 00800768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\JpMapControl.dll

    2016-06-17 01:23 - 2016-05-28 00:12 - 00614400 _____ (Microsoft Corporation) C:\Windows\SysWOW64\winhttp.dll

    2016-06-17 01:23 - 2016-05-28 00:12 - 00521728 _____ (Microsoft Corporation) C:\Windows\SysWOW64\StructuredQuery.dll

    2016-06-17 01:23 - 2016-05-28 00:11 - 01445888 _____ (Microsoft Corporation) C:\Windows\SysWOW64\SRHInproc.dll

    2016-06-17 01:23 - 2016-05-28 00:11 - 00890368 _____ (Microsoft Corporation) C:\Windows\SysWOW64\AppxPackaging.dll

    2016-06-17 01:23 - 2016-05-28 00:11 - 00799744 _____ (Microsoft Corporation) C:\Windows\SysWOW64\SRH.dll

    2016-06-17 01:23 - 2016-05-28 00:11 - 00784896 _____ (Microsoft Corporation) C:\Windows\SysWOW64\NMAA.dll

    2016-06-17 01:23 - 2016-05-28 00:11 - 00711680 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MapControlCore.dll

    2016-06-17 01:23 - 2016-05-28 00:11 - 00687616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll

    2016-06-17 01:23 - 2016-05-28 00:11 - 00128512 _____ (Microsoft Corporation) C:\Windows\system32\httpprxm.dll

    2016-06-17 01:23 - 2016-05-28 00:09 - 01073152 _____ (Microsoft Corporation) C:\Windows\system32\RDXService.dll

    2016-06-17 01:23 - 2016-05-28 00:08 - 13385728 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll

    2016-06-17 01:23 - 2016-05-28 00:08 - 06295552 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mos.dll

    2016-06-17 01:23 - 2016-05-28 00:06 - 12128256 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll

    2016-06-17 01:23 - 2016-05-28 00:06 - 07200256 _____ (Microsoft Corporation) C:\Windows\system32\BingMaps.dll

    2016-06-17 01:23 - 2016-05-28 00:06 - 01339904 _____ (Microsoft Corporation) C:\Windows\system32\gpsvc.dll

    2016-06-17 01:23 - 2016-05-28 00:05 - 03994624 _____ (Microsoft Corporation) C:\Windows\system32\SettingsHandlers_nt.dll

    2016-06-17 01:23 - 2016-05-28 00:05 - 03664896 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll

    2016-06-17 01:23 - 2016-05-28 00:05 - 02582016 _____ (Microsoft Corporation) C:\Windows\system32\MFMediaEngine.dll

    2016-06-17 01:23 - 2016-05-28 00:05 - 01797120 _____ (Microsoft Corporation) C:\Windows\system32\Windows.UI.Immersive.dll

    2016-06-17 01:23 - 2016-05-28 00:04 - 06973952 _____ (Microsoft Corporation) C:\Windows\system32\Windows.Data.Pdf.dll

    2016-06-17 01:23 - 2016-05-28 00:04 - 00555520 _____ (Microsoft Corporation) C:\Windows\system32\SyncController.dll

    2016-06-17 01:23 - 2016-05-28 00:04 - 00450560 _____ (Microsoft Corporation) C:\Windows\SysWOW64\SyncController.dll

    2016-06-17 01:23 - 2016-05-28 00:03 - 05323776 _____ (Microsoft Corporation) C:\Windows\SysWOW64\Windows.Data.Pdf.dll

    2016-06-17 01:23 - 2016-05-28 00:03 - 05205504 _____ (Microsoft Corporation) C:\Windows\SysWOW64\BingMaps.dll

    2016-06-17 01:23 - 2016-05-28 00:03 - 02609664 _____ (Microsoft Corporation) C:\Windows\system32\NetworkMobileSettings.dll

    2016-06-17 01:23 - 2016-05-28 00:03 - 01185280 _____ (Microsoft Corporation) C:\Windows\SysWOW64\LocationFramework.dll

    2016-06-17 01:23 - 2016-05-28 00:03 - 00693760 _____ (Microsoft Corporation) C:\Windows\system32\internetmail.dll

    2016-06-17 01:23 - 2016-05-28 00:03 - 00417792 _____ (Microsoft Corporation) C:\Windows\system32\dmenrollengine.dll

    2016-06-17 01:23 - 2016-05-28 00:02 - 03590144 _____ (Microsoft Corporation) C:\Windows\system32\win32kfull.sys

    2016-06-17 01:23 - 2016-05-28 00:02 - 02061824 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MFMediaEngine.dll

    2016-06-17 01:23 - 2016-05-28 00:02 - 01534464 _____ (Microsoft Corporation) C:\Windows\system32\LocationFramework.dll

    2016-06-17 01:23 - 2016-05-28 00:02 - 00103424 _____ (Microsoft Corporation) C:\Windows\SysWOW64\updatepolicy.dll

    2016-06-17 01:23 - 2016-05-28 00:01 - 01799680 _____ (Microsoft Corporation) C:\Windows\SysWOW64\Windows.UI.Logon.dll

    2016-06-17 01:23 - 2016-05-28 00:01 - 01582080 _____ (Microsoft Corporation) C:\Windows\SysWOW64\Windows.UI.Immersive.dll

    2016-06-17 01:23 - 2016-05-28 00:01 - 01500160 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll

    2016-06-17 01:23 - 2016-05-28 00:01 - 00111104 _____ (Microsoft Corporation) C:\Windows\system32\updatepolicy.dll

    2016-06-17 01:23 - 2016-05-28 00:00 - 05660160 _____ (Microsoft Corporation) C:\Windows\SysWOW64\Chakra.dll

    2016-06-17 01:23 - 2016-05-28 00:00 - 03585536 _____ (Microsoft Corporation) C:\Windows\system32\SystemSettingsThresholdAdminFlowUI.dll

    2016-06-17 01:23 - 2016-05-28 00:00 - 02635776 _____ (Microsoft Corporation) C:\Windows\system32\Windows.UI.Logon.dll

    2016-06-17 01:23 - 2016-05-28 00:00 - 02230272 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll

    2016-06-17 01:23 - 2016-05-28 00:00 - 02168320 _____ (Microsoft Corporation) C:\Windows\system32\AppXDeploymentServer.dll

    2016-06-17 01:23 - 2016-05-28 00:00 - 01730560 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll

    2016-06-17 01:23 - 2016-05-28 00:00 - 01707520 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ActiveSyncProvider.dll

    2016-06-17 01:23 - 2016-05-28 00:00 - 00162816 _____ (Microsoft Corporation) C:\Windows\system32\enrollmentapi.dll

    2016-06-17 01:23 - 2016-05-28 00:00 - 00151040 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mdmregistration.dll

    2016-06-17 01:23 - 2016-05-28 00:00 - 00090624 _____ (Microsoft Corporation) C:\Windows\system32\DeviceEnroller.exe

    2016-06-17 01:23 - 2016-05-27 23:59 - 00176640 _____ (Microsoft Corporation) C:\Windows\system32\mdmregistration.dll

    2016-06-17 01:23 - 2016-05-27 23:58 - 07832576 _____ (Microsoft Corporation) C:\Windows\system32\Chakra.dll

    2016-06-17 01:23 - 2016-05-27 23:58 - 04896256 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll

    2016-06-17 01:23 - 2016-05-27 23:58 - 02755584 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll

    2016-06-17 01:23 - 2016-05-27 23:58 - 02066432 _____ (Microsoft Corporation) C:\Windows\system32\AppXDeploymentExtensions.dll

    2016-06-17 01:23 - 2016-05-27 23:58 - 01996288 _____ (Microsoft Corporation) C:\Windows\system32\ActiveSyncProvider.dll

    2016-06-17 01:23 - 2016-05-27 23:57 - 02281472 _____ (Microsoft Corporation) C:\Windows\system32\wuaueng.dll

    2016-06-17 01:23 - 2016-05-27 23:55 - 01390080 _____ (Microsoft Corporation) C:\Windows\system32\Windows.UI.Shell.dll

    2016-06-17 01:23 - 2016-05-27 23:53 - 00076800 _____ (Microsoft Corporation) C:\Windows\system32\ngcpopkeysrv.dll

    2016-06-14 14:30 - 2016-06-14 14:30 - 00611400 _____ () C:\Users\david\Downloads\LSBsetup.exe

    2016-06-14 14:30 - 2016-06-14 14:30 - 00000000 ____D C:\Users\david\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Lenovo

    2016-06-14 14:30 - 2016-06-14 14:30 - 00000000 ____D C:\Users\david\AppData\Local\Deployment

    2016-06-14 14:30 - 2016-06-14 14:30 - 00000000 ____D C:\Users\david\AppData\Local\Apps\2.0

    2016-06-11 10:40 - 2016-06-11 10:41 - 00000000 ____D C:\Users\david\AppData\Local\mozysync

    2016-06-11 10:40 - 2016-06-11 10:40 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozy

    2016-06-11 10:40 - 2016-06-11 10:40 - 00000000 ____D C:\Program Files\Mozy Sync

    2016-06-06 14:15 - 2016-06-29 02:28 - 00159232 ___SH C:\Users\david\Desktop\Thumbs.db

    2016-06-04 06:24 - 2016-06-04 06:24 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\SHAREit
     
  3. losdavos

    losdavos TS Booster Topic Starter Posts: 112

    ==================== One Month Modified files and folders ========

    (If an entry is included in the fixlist, the file/folder will be moved.)

    2016-07-03 04:48 - 2016-05-03 20:06 - 00000000 ___RD C:\Users\david\OneDrive
    2016-07-03 04:44 - 2016-05-04 01:33 - 00000938 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
    2016-07-02 22:00 - 2015-10-30 03:24 - 00000000 ____D C:\Windows\AppReadiness
    2016-07-02 19:53 - 2015-11-03 15:28 - 00881036 _____ C:\Windows\system32\PerfStringBackup.INI
    2016-07-02 19:53 - 2015-10-30 03:21 - 00000000 ____D C:\Windows\INF
    2016-07-02 10:44 - 2016-05-04 01:33 - 00000934 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
    2016-07-02 01:43 - 2015-10-30 03:24 - 00000000 ___HD C:\Program Files\WindowsApps
    2016-06-30 01:16 - 2016-05-03 20:05 - 00000000 ____D C:\Users\david\AppData\Local\Packages
    2016-06-29 02:28 - 2016-05-03 20:05 - 00000000 __SHD C:\Users\david\IntelGraphicsProfiles
    2016-06-29 02:28 - 2016-05-03 20:03 - 00000180 _____ C:\Windows\system32\{A6D608F0-0BDE-491A-97AE-5C4B05D86E01}.bat
    2016-06-29 02:27 - 2016-05-03 20:03 - 00000000 ____D C:\Users\david
    2016-06-29 02:25 - 2016-05-20 14:38 - 00000000 ____D C:\Windows\Minidump
    2016-06-29 02:25 - 2015-11-03 14:11 - 00000000 ____D C:\Windows\Panther
    2016-06-26 22:22 - 2015-10-30 02:28 - 00032768 ___SH C:\Windows\system32\config\ELAM
    2016-06-26 22:21 - 2015-10-30 03:24 - 00000000 ___HD C:\Windows\ELAMBKUP
    2016-06-25 23:19 - 2016-05-24 10:37 - 00000000 ____D C:\Users\david\AppData\Local\Lenovo
    2016-06-25 23:19 - 2016-04-08 19:18 - 00000000 ____D C:\ProgramData\Lenovo
    2016-06-22 21:19 - 2015-10-30 03:24 - 00000000 ____D C:\ProgramData\regid.1991-06.com.microsoft
    2016-06-22 21:18 - 2016-04-08 19:19 - 00000000 ____D C:\Program Files (x86)\Microsoft Office
    2016-06-22 15:14 - 2016-04-08 19:18 - 00000000 ____D C:\Program Files\Lenovo
    2016-06-22 15:14 - 2016-04-08 19:18 - 00000000 ____D C:\Program Files (x86)\Lenovo
    2016-06-22 14:17 - 2016-05-04 02:25 - 00000000 ____D C:\Users\david\AppData\Local\LSC
    2016-06-22 14:17 - 2016-05-04 01:24 - 00002158 _____ C:\Users\Public\Desktop\Lenovo Solution Center.lnk
    2016-06-22 14:17 - 2016-04-08 19:20 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Lenovo
    2016-06-22 14:17 - 2016-04-08 19:18 - 00000000 ____D C:\Windows\System32\Tasks\Lenovo
    2016-06-22 14:16 - 2016-04-08 19:17 - 00000000 ____D C:\Windows\Downloaded Installations
    2016-06-21 03:23 - 2016-05-04 02:55 - 00000000 ___RD C:\Users\david\3D Objects
    2016-06-20 11:36 - 2015-10-30 03:24 - 00000000 ____D C:\Windows\rescache
    2016-06-19 01:56 - 2015-11-03 15:24 - 00000006 ____H C:\Windows\Tasks\SA.DAT
    2016-06-19 01:56 - 2015-11-03 15:24 - 00000000 __RHD C:\Users\Public\AccountPictures
    2016-06-19 01:56 - 2015-10-30 02:28 - 00524288 ___SH C:\Windows\system32\config\BBI
    2016-06-19 01:55 - 2015-11-03 15:23 - 00332240 _____ C:\Windows\system32\FNTCACHE.DAT
    2016-06-19 01:54 - 2015-10-30 03:24 - 00000000 ___SD C:\Windows\system32\DiagSvcs
    2016-06-19 01:54 - 2015-10-30 03:24 - 00000000 ____D C:\Windows\system32\SystemResetPlatform
    2016-06-19 01:54 - 2015-10-30 03:24 - 00000000 ____D C:\Windows\bcastdvr
    2016-06-18 02:45 - 2016-05-04 01:33 - 00002272 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk
    2016-06-18 02:45 - 2016-05-04 01:33 - 00002260 _____ C:\Users\Public\Desktop\Google Chrome.lnk
    2016-06-18 02:29 - 2016-05-04 02:59 - 00000000 ____D C:\Users\david\Documents\Sound recordings
    2016-06-17 14:05 - 2015-10-30 03:24 - 00000000 ____D C:\Windows\system32\NDF
    2016-06-17 12:31 - 2015-10-30 03:11 - 00000000 ____D C:\Windows\CbsTemp
    2016-06-17 12:30 - 2016-05-12 11:47 - 00000000 ____D C:\Windows\system32\MRT
    2016-06-17 12:28 - 2016-05-12 11:46 - 142482544 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe
    2016-06-15 16:40 - 2016-05-05 01:31 - 00484008 ____N (Microsoft Corporation) C:\Windows\system32\MpSigStub.exe
    2016-06-14 14:33 - 2015-10-30 03:26 - 00828408 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
    2016-06-14 14:33 - 2015-10-30 03:26 - 00176632 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
    2016-06-04 06:24 - 2016-05-04 01:25 - 00001186 _____ C:\Users\Public\Desktop\SHAREit.lnk
    2016-06-03 15:26 - 2016-05-25 12:27 - 00000000 ____D C:\Users\david\AppData\Roaming\Audacity

    ==================== Files in the root of some directories =======

    2016-04-08 19:42 - 2016-04-08 19:42 - 0000000 ____H () C:\ProgramData\DP45977C.lfl
    2016-04-08 19:43 - 2016-04-08 19:43 - 0000102 _____ () C:\ProgramData\Microsoft.SqlServer.Compact.400.64.bc

    ==================== Bamital & volsnap =================

    (There is no automatic fix for files that do not pass verification.)

    C:\Windows\system32\winlogon.exe => File is digitally signed
    C:\Windows\system32\wininit.exe => File is digitally signed
    C:\Windows\explorer.exe => File is digitally signed
    C:\Windows\SysWOW64\explorer.exe => File is digitally signed
    C:\Windows\system32\svchost.exe => File is digitally signed
    C:\Windows\SysWOW64\svchost.exe => File is digitally signed
    C:\Windows\system32\services.exe => File is digitally signed
    C:\Windows\system32\User32.dll => File is digitally signed
    C:\Windows\SysWOW64\User32.dll => File is digitally signed
    C:\Windows\system32\userinit.exe => File is digitally signed
    C:\Windows\SysWOW64\userinit.exe => File is digitally signed
    C:\Windows\system32\rpcss.dll => File is digitally signed
    C:\Windows\system32\dnsapi.dll => File is digitally signed
    C:\Windows\SysWOW64\dnsapi.dll => File is digitally signed
    C:\Windows\system32\Drivers\volsnap.sys => File is digitally signed


    LastRegBack: 2016-06-27 11:29

    ==================== End of FRST.txt ============================


    Additional scan result of Farbar Recovery Scan Tool (x64) Version: 02-07-2016
    Ran by david (2016-07-03 04:49:43)
    Running from C:\Users\david\Desktop
    Windows 10 Home Version 1511 (X64) (2016-05-04 00:03:05)
    Boot Mode: Normal
    ==========================================================


    ==================== Accounts: =============================

    Administrator (S-1-5-21-483386053-2290206261-2764208400-500 - Administrator - Disabled)
    david (S-1-5-21-483386053-2290206261-2764208400-1001 - Administrator - Enabled) => C:\Users\david
    DefaultAccount (S-1-5-21-483386053-2290206261-2764208400-503 - Limited - Disabled)
    Guest (S-1-5-21-483386053-2290206261-2764208400-501 - Limited - Disabled)
    HomeGroupUser$ (S-1-5-21-483386053-2290206261-2764208400-1003 - Limited - Enabled)

    ==================== Security Center ========================

    (If an entry is included in the fixlist, it will be removed.)

    AV: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
    AV: AVG Internet Security (Enabled - Up to date) {4D41356F-32AD-7C42-C820-63775EE4F413}
    AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
    AS: AVG Internet Security (Enabled - Up to date) {F620D48B-1497-73CC-F290-58052563BEAE}
    FW: AVG Internet Security (Enabled) {757AB44A-78C2-7D1A-E37F-CA42A037B368}

    ==================== Installed Programs ======================

    (Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

    Adobe Acrobat Reader DC (HKLM-x32\...\{AC76BA86-7AD7-1033-7B44-AC0F074E4100}) (Version: 15.016.20045 - Adobe Systems Incorporated)
    Audacity 2.1.2 (HKLM-x32\...\Audacity®_is1) (Version: 2.1.2 - Audacity Team)
    AVG (Version: 16.81.7640 - AVG Technologies) Hidden
    AVG 2016 (Version: 16.0.4627 - AVG Technologies) Hidden
    AVG Protection (HKLM\...\AVG) (Version: 2016.81.7640 - AVG Technologies)
    CCleaner (HKLM\...\CCleaner) (Version: 5.19 - Piriform)
    Dolby Audio X2 Windows API SDK (HKLM\...\{6A478BF2-F67F-4ABC-A7F1-B6B5BA862371}) (Version: 0.5.2.32 - Dolby Laboratories, Inc.)
    Dolby Audio X2 Windows APP (HKLM\...\{7DA57EF8-9D20-4126-AF15-D0CC97D0C017}) (Version: 0.4.0.22 - Dolby Laboratories, Inc.)
    FMW 1 (Version: 1.102.4 - AVG Technologies) Hidden
    Google Chrome (HKLM-x32\...\Google Chrome) (Version: 51.0.2704.103 - Google Inc.)
    Google Update Helper (x32 Version: 1.3.30.3 - Google Inc.) Hidden
    Intel(R) Chipset Device Software (x32 Version: 10.1.1.9 - Intel(R) Corporation) Hidden
    Intel(R) Dynamic Platform and Thermal Framework (HKLM-x32\...\{654EE65D-FAA4-4EA6-8C07-DC94E6A304D4}) (Version: 8.1.10602.174 - Intel Corporation)
    Intel(R) Management Engine Components (HKLM\...\{1CEAC85D-2590-4760-800F-8DE5E91F3700}) (Version: 11.0.0.1159 - Intel Corporation)
    Intel(R) Processor Graphics (HKLM-x32\...\{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}) (Version: 20.19.15.4326 - Intel Corporation)
    Intel(R) Rapid Storage Technology (HKLM\...\{409CB30E-E457-4008-9B1A-ED1B9EA21140}) (Version: 14.5.0.1081 - Intel Corporation)
    Intel(R) Serial IO (HKLM\...\{9FD91C5C-44AE-4D9D-85BE-AE52816B0294}) (Version: 30.100.1519.7 - Intel Corporation)
    Intel(R) Wireless Bluetooth(R) (HKLM-x32\...\{588DA478-D4FF-48E3-8290-49F8C4B21283}) (Version: 18.1.1527.1551 - Intel Corporation)
    Intel® PROSet/Wireless Software (HKLM-x32\...\{2498cbe5-cf23-40b7-970b-cb36f8cee3c5}) (Version: 18.12.2 - Intel Corporation)
    LAME v3.99.3 (for Windows) (HKLM-x32\...\LAME_is1) (Version: - )
    Lenovo BatteryGauge (HKLM\...\{CBEDEC16-C4F5-4255-99E4-5884EFEDD1BC}) (Version: 1.0.045.00 - Lenovo)
    Lenovo EasyCamera (HKLM-x32\...\{E399A5B3-ED53-4DEA-AF04-8011E1EB1EAC}) (Version: 6.3.9600.11103 - Realtek Semiconductor Corp.)
    Lenovo QuickOptimizer (HKLM\...\{8D2C871B-1B9F-45AC-9C43-2BB18089CDFA}) (Version: 1.0.019.00 - Lenovo)
    Lenovo Service Bridge (HKU\S-1-5-21-483386053-2290206261-2764208400-1001\...\dda9ca0b023f4c56) (Version: 1.6.3.3 - Lenovo)
    Lenovo Solution Center (HKLM\...\{C1FC707B-AE6B-4DC4-89A5-6628A01F8103}) (Version: 3.3.003.00 - Lenovo)
    Lenovo System Interface Foundation (HKLM\...\{C2E5CA37-C862-4A69-AC6D-24F450A20C16}) (Version: 1.0.059.01 - Lenovo)
    LenovoUtility (HKLM-x32\...\InstallShield_{6ADA7E88-8D16-4D0D-BC90-2B93AC5E56DA}) (Version: 3.0.0.3 - Lenovo)
    LenovoUtility (x32 Version: 3.0.0.3 - Lenovo) Hidden
    Microsoft Office 365 - en-us (HKLM\...\O365HomePremRetail - en-us) (Version: 16.0.6965.2058 - Microsoft Corporation)
    Microsoft Visual C++ 2013 Redistributable (x64) - 12.0.30501 (HKLM-x32\...\{050d4fc8-5d48-4b8f-8972-47c82c46020f}) (Version: 12.0.30501.0 - Microsoft Corporation)
    Mozilla Firefox 46.0.1 (x86 en-US) (HKLM-x32\...\Mozilla Firefox 46.0.1 (x86 en-US)) (Version: 46.0.1 - Mozilla)
    Mozilla Maintenance Service (HKLM-x32\...\MozillaMaintenanceService) (Version: 46.0.1 - Mozilla)
    Mozy Sync (HKLM\...\{E753088F-C4EA-AFB0-BFF3-457CD756E080}) (Version: 1.3.2.5032 - Mozy, Inc.)
    O2Micro Flash Memory Card Windows Driver (HKLM-x32\...\InstallShield_{A6668863-B0A3-4812-AAF2-E47749ECFE0E}) (Version: 3.3.00.145 - O2Micro International LTD.)
    O2Micro Flash Memory Card Windows Driver (Version: 3.3.00.145 - O2Micro International LTD.) Hidden
    Office 16 Click-to-Run Extensibility Component (x32 Version: 16.0.6925.1018 - Microsoft Corporation) Hidden
    Office 16 Click-to-Run Licensing Component (Version: 16.0.6925.1018 - Microsoft Corporation) Hidden
    Office 16 Click-to-Run Localization Component (x32 Version: 16.0.6925.1018 - Microsoft Corporation) Hidden
    RealDownloader (x32 Version: 18.1.4.137 - RealNetworks, Inc.) Hidden
    RealDownloader (x32 Version: 18.1.4.142 - RealNetworks) Hidden
    RealNetworks - Microsoft Visual C++ 2008 Runtime (x32 Version: 9.0 - RealNetworks, Inc) Hidden
    RealNetworks - Microsoft Visual C++ 2010 Runtime (Version: 10.0 - RealNetworks, Inc) Hidden
    RealNetworks - Microsoft Visual C++ 2010 Runtime (x32 Version: 10.0 - RealNetworks, Inc) Hidden
    RealPlayer (RealTimes) (HKLM-x32\...\RealPlayer 18.1) (Version: 18.1.4 - RealNetworks)
    Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.7624 - Realtek Semiconductor Corp.)
    RealUpgrade 1.1 (x32 Version: 1.1.0 - RealNetworks, Inc.) Hidden
    SHAREit (HKLM-x32\...\SHAREit_is1) (Version: 3.5.0.1144 - Lenovo)
    Spotify (HKU\S-1-5-21-483386053-2290206261-2764208400-1001\...\Spotify) (Version: 1.0.32.96.g3c8a06e6 - Spotify AB)
    Synaptics Pointing Device Driver (HKLM\...\SynTPDeinstKey) (Version: 19.0.17.57 - Synaptics Incorporated)
    UpdateService (x32 Version: 1.0.0 - RealNetworks, Inc.) Hidden
    User Manuals (HKLM-x32\...\InstallShield_{F07C2CF8-4C53-4EC3-8162-A6221E36EB88}) (Version: 4.0.0.1 - Lenovo)
    User Manuals (x32 Version: 4.0.0.1 - Lenovo) Hidden
    vc2012_redist (x32 Version: 1.0.0.0 - Realnetworks) Hidden
    Video Downloader (x32 Version: 1.1.0 - RealNetworks) Hidden
    Visual Studio 2012 x64 Redistributables (HKLM\...\{8C775E70-A791-4DA8-BCC3-6AB7136F4484}) (Version: 14.0.0.1 - AVG Technologies)
    Visual Studio 2012 x86 Redistributables (HKLM-x32\...\{98EFF19A-30AB-4E4B-B943-F06B1C63EBF8}) (Version: 14.0.0.1 - AVG Technologies CZ, s.r.o.)

    ==================== Custom CLSID (Whitelisted): ==========================

    (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

    CustomCLSID: HKU\S-1-5-21-483386053-2290206261-2764208400-1001_Classes\CLSID\{71DCE5D6-4B57-496B-AC21-CD5B54EB93FD}\localserver32 -> C:\Users\david\AppData\Local\Microsoft\OneDrive\17.3.6390.0509\FileCoAuth.exe (Microsoft Corporation)

    ==================== Scheduled Tasks (Whitelisted) =============

    (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

    Task: {01A9085D-0031-44E3-92D0-18C065DC0B39} - System32\Tasks\RealDownloaderRealUpgradeScheduledTaskS-1-5-21-483386053-2290206261-2764208400-1001 => C:\Program Files (x86)\RealNetworks\RealDownloader\RealUpgrade.exe [2016-05-13] (RealNetworks, Inc.)
    Task: {092B2B83-4054-4936-911E-E530BCDF5736} - System32\Tasks\Lenovo\ImController\Lenovo iM Controller Scheduled Maintenance => Sc.exe control iMControllerService 128
    Task: {1F84ADD7-08AA-4537-91ED-BD7CFB3D6F2C} - System32\Tasks\CCleanerSkipUAC => C:\Program Files\CCleaner\CCleaner.exe [2016-06-10] (Piriform Ltd)
    Task: {29C555AE-93C0-4C76-9B27-6B28D86AAAE4} - System32\Tasks\RealDownloaderRealUpgradeLogonTaskS-1-5-21-483386053-2290206261-2764208400-1001 => C:\Program Files (x86)\RealNetworks\RealDownloader\RealUpgrade.exe [2016-05-13] (RealNetworks, Inc.)
    Task: {34E43E3F-A06C-476F-9810-81189FEC85D1} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2016-05-04] (Google Inc.)
    Task: {4103DF9F-6D0C-424C-9F3A-A21011CD05DA} - System32\Tasks\Lenovo\Lenovo Solution Center Launcher => C:\Program Files\lenovo\lenovo solution center\App\LSC.Services.UpdateStatusService.exe [2016-06-02] ()
    Task: {4F2E2990-E94F-4CBE-9F48-1250DC13474F} - System32\Tasks\Lenovo\LSC\Lenovo Solution Center Notifications => C:\Program Files\Lenovo\Lenovo Solution Center\LSCNotify.exe [2016-06-02] (Lenovo)
    Task: {6AD54828-7396-4ACE-B4AE-6D5B7727B145} - System32\Tasks\Microsoft\Office\Office ClickToRun Service Monitor => C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeC2RClient.exe [2016-06-10] (Microsoft Corporation)
    Task: {6B889431-03D0-4DD6-AD99-C880EE6AAC16} - System32\Tasks\Microsoft\Office\Office Subscription Maintenance => C:\Program Files (x86)\Microsoft Office\root\vfs\ProgramFilesCommonx86\Microsoft Shared\Office16\OLicenseHeartbeat.exe [2016-06-10] (Microsoft Corporation)
    Task: {86E87C27-8B4D-4565-BA52-946AC61167A5} - System32\Tasks\RealDownloaderDownloaderScheduledTaskS-1-5-21-483386053-2290206261-2764208400-1001 => C:\Program Files (x86)\RealNetworks\RealDownloader\recordingmanager.exe [2016-05-13] (RealNetworks, Inc.)
    Task: {B9B3B529-7050-4C38-9A5C-DDF236EFE12B} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2016-05-04] (Google Inc.)
    Task: {C00A08A2-6E1D-4F41-B51E-3AD91199D5B7} - System32\Tasks\Lenovo\Lenovo Service Bridge\S-1-5-21-483386053-2290206261-2764208400-1001 => Rundll32.exe dfshim.dll,ShOpenVerbShortcut C:\Users\david\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Lenovo\Lenovo Service Bridge.appref-ms
    Task: {C6DF504B-B27D-40AF-8EB7-0F774B724F66} - System32\Tasks\RealDownloader Update Check => C:\Program Files (x86)\RealNetworks\RealDownloader\downloader2.exe [2016-05-13] ()
    Task: {CC3A09DC-AB64-454C-9536-CD2AF33C18A5} - System32\Tasks\Adobe Acrobat Update Task => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2016-04-22] (Adobe Systems Incorporated)
    Task: {CD3393F2-F09E-4CCC-AFEA-F37B9B28BC86} - System32\Tasks\Lenovo\ImController\Plugins\LenovoSystemUpdatePlugin_TVSUUpdateTask => reg.exe add hklm\SOFTWARE\Lenovo\SystemUpdatePlugin\scheduler /v start /t reg_dword /d 1 /f /reg:32
    Task: {DAB1FFF0-104F-4180-8692-FBECE166621F} - System32\Tasks\Lenovo\LSC\LSCHardwareScan => C:\Program Files\Lenovo\Lenovo Solution Center\LSC.exe [2016-06-02] (Lenovo)
    Task: {DE105180-6B92-4814-838A-111883055FCD} - System32\Tasks\Microsoft\Office\Office Automatic Updates => C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeC2RClient.exe [2016-06-10] (Microsoft Corporation)
    Task: {E51FE309-0F4F-46C6-815E-FEB37C9C8E2E} - System32\Tasks\Lenovo\Lenovo Customer Feedback Program 64 35 => C:\Program Files (x86)\Lenovo\Customer Feedback Program 35\Lenovo.TVT.CustomerFeedback.Agent35.exe

    (If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)

    Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
    Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe

    ==================== Shortcuts =============================

    (The entries could be listed to be restored or removed.)

    ==================== Loaded Modules (Whitelisted) ==============

    2015-10-30 03:17 - 2015-10-30 03:17 - 00028672 _____ () C:\Windows\SYSTEM32\efsext.dll
    2015-09-15 04:58 - 2015-09-15 04:58 - 00176640 _____ () C:\Program Files\Dolby\Dolby DAX2\DAX2_API\DolbyDAX2API.exe
    2016-05-13 15:13 - 2016-05-13 15:13 - 00032544 _____ () C:\Program Files (x86)\Real\UpdateService\RealPlayerUpdateSvc.exe
    2016-04-08 19:19 - 2015-08-18 23:00 - 00058296 _____ () C:\ProgramData\LenovoTransition\Server\x64\dptf.dll
    2016-04-08 19:20 - 2015-06-27 05:34 - 00029112 _____ () C:\ProgramData\Lenovo\PLHotkeyService\PLHotkeyService.exe
    2015-10-30 03:18 - 2015-10-30 03:18 - 00185856 _____ () C:\Windows\SYSTEM32\ism32k.dll
    2016-04-08 19:19 - 2015-12-02 04:25 - 00043960 _____ () C:\ProgramData\LenovoTransition\Server\x64\EnableAutoRotation.dll
    2016-05-11 09:52 - 2016-03-29 06:20 - 02656952 _____ () C:\Windows\system32\CoreUIComponents.dll
    2016-06-17 01:23 - 2016-05-27 23:53 - 00591360 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\Cortana.Core.dll
    2016-06-17 01:23 - 2016-05-27 23:54 - 02483200 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\Cortana.BackgroundTask.dll
    2015-09-28 14:09 - 2015-09-28 14:09 - 00043976 _____ () C:\Program Files\Lenovo\QuickOptimizer\LNBPrismAssistInf.dll
    2016-05-11 09:52 - 2016-03-29 06:20 - 02656952 _____ () C:\Windows\System32\CoreUIComponents.dll
    2016-05-20 12:29 - 2016-05-20 12:29 - 00959168 _____ () C:\Users\david\AppData\Local\Microsoft\OneDrive\17.3.6390.0509\amd64\ClientTelemetry.dll
    2016-05-07 01:15 - 2016-06-22 21:17 - 08919752 _____ () C:\Program Files (x86)\Microsoft Office\root\VFS\ProgramFilesX64\Microsoft Office\Office16\1033\GrooveIntlResource.dll
    2015-12-08 23:53 - 2015-11-24 20:36 - 00384104 _____ () C:\Windows\system32\igfxTray.exe
    2016-06-17 01:23 - 2016-05-27 23:59 - 07992832 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\CortanaApi.dll
    2016-06-17 01:23 - 2016-05-27 23:55 - 00936960 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\Cortana.Actions.dll
    2016-06-17 01:23 - 2016-05-27 23:56 - 04089856 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\RemindersUI.dll
    2016-04-08 19:20 - 2016-04-08 19:19 - 00791848 _____ () C:\Program Files\Lenovo\LenovoUtility\utility.exe
    2016-04-08 19:20 - 2016-04-08 19:19 - 00097048 _____ () C:\Program Files\Lenovo\LenovoUtility\kbdhook.dll
    2015-06-16 06:53 - 2015-06-16 06:53 - 00628736 _____ () C:\Program Files\Dolby\Dolby DAX2\DAX2_APP\DolbyDAX2TrayIcon.exe
    2016-05-05 01:23 - 2016-05-05 01:24 - 00144384 _____ () C:\Program Files\WindowsApps\Microsoft.Messaging_2.15.20002.0_x86__8wekyb3d8bbwe\SkypeHost.exe
    2016-06-24 11:45 - 2016-06-24 11:45 - 00017920 _____ () C:\Program Files\WindowsApps\E046963F.LenovoCompanion_3.49.1.0_x86__k1h2ywk1493x8\Lenovo.Discovery.exe
    2016-05-11 09:51 - 2015-12-07 00:14 - 00093696 _____ () C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\Windows.UI.Shell.SharedUtilities.dll
    2016-05-11 09:51 - 2016-04-23 00:25 - 00472064 _____ () C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\QuickActions.dll
    2016-05-11 09:51 - 2016-04-23 00:25 - 00674816 _____ () C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\MtcUvc.dll
    2016-05-13 14:27 - 2016-05-13 14:27 - 00714992 _____ () C:\Program Files (x86)\RealNetworks\RealDownloader\downloader2.exe
    2016-06-03 01:12 - 2016-06-03 01:12 - 00017920 _____ () C:\Program Files\WindowsApps\Microsoft.Windows.Photos_16.526.11220.0_x64__8wekyb3d8bbwe\Microsoft.Photos.exe
    2016-06-03 01:12 - 2016-06-03 01:12 - 13105152 _____ () C:\Program Files\WindowsApps\Microsoft.Windows.Photos_16.526.11220.0_x64__8wekyb3d8bbwe\Microsoft.Photos.dll
    2016-06-03 01:12 - 2016-06-03 01:12 - 00680448 _____ () C:\Program Files\WindowsApps\Microsoft.Windows.Photos_16.526.11220.0_x64__8wekyb3d8bbwe\Microsoft.DesignCore.dll
    2016-05-05 01:25 - 2016-05-05 01:26 - 00291328 _____ () C:\Program Files\WindowsApps\Microsoft.Windows.Photos_16.526.11220.0_x64__8wekyb3d8bbwe\StoreRatingPromotion.dll
    2015-09-28 14:09 - 2015-09-28 14:09 - 00016328 _____ () C:\Program Files\Lenovo\QuickOptimizer\ShowTaskbarIcon.dll
    2015-09-28 14:09 - 2015-09-28 14:09 - 05067208 _____ () C:\Program Files\Lenovo\QuickOptimizer\DTPrismAssistInf.dll
    2016-05-13 15:13 - 2016-05-13 15:13 - 00037688 _____ () C:\Program Files (x86)\Real\UpdateService\DL2UpdatePlugin.dll
    2016-05-13 15:13 - 2016-05-13 15:13 - 00039224 _____ () C:\Program Files (x86)\Real\UpdateService\RealDownloaderUpdatePlugin.dll
    2016-05-13 15:13 - 2016-05-13 15:13 - 00037192 _____ () C:\Program Files (x86)\Real\UpdateService\VideoDLUpdatePlugin.dll
    2016-05-20 12:29 - 2016-05-20 12:29 - 00679624 _____ () C:\Users\david\AppData\Local\Microsoft\OneDrive\17.3.6390.0509\ClientTelemetry.dll
    2016-06-26 22:20 - 2016-06-26 22:18 - 40500224 _____ () C:\Program Files (x86)\AVG\UiDll\2171\libcef.dll
    2016-05-05 01:23 - 2016-05-05 01:24 - 00141312 _____ () C:\Program Files\WindowsApps\Microsoft.Messaging_2.15.20002.0_x86__8wekyb3d8bbwe\SkypeBackgroundTasks.dll
    2016-05-05 01:23 - 2016-05-05 01:24 - 22284800 _____ () C:\Program Files\WindowsApps\Microsoft.Messaging_2.15.20002.0_x86__8wekyb3d8bbwe\SkyWrap.dll
    2016-06-24 11:45 - 2016-06-24 11:45 - 29099008 _____ () C:\Program Files\WindowsApps\E046963F.LenovoCompanion_3.49.1.0_x86__k1h2ywk1493x8\Lenovo.Discovery.dll
    2016-06-30 01:19 - 2016-06-30 01:19 - 00964096 _____ () C:\Program Files\WindowsApps\Microsoft.BingNews_4.11.156.0_x86__8wekyb3d8bbwe\SQLite3Wrapper.dll
    2016-04-08 19:15 - 2016-04-08 19:15 - 00645120 _____ () C:\Program Files\WindowsApps\Microsoft.BingNews_4.11.156.0_x86__8wekyb3d8bbwe\Microsoft.Aria.ClientTelemetry.dll
    2016-06-30 01:19 - 2016-06-30 01:19 - 03311000 _____ () C:\Program Files\WindowsApps\Microsoft.BingNews_4.11.156.0_x86__8wekyb3d8bbwe\Microsoft.Advertising.dll
    2016-05-13 14:20 - 2016-05-13 14:20 - 01382048 _____ () C:\Program Files (x86)\RealNetworks\RealDownloader\cpprest100_1_2.dll
    2016-05-25 23:53 - 2016-05-25 23:53 - 00654608 _____ () C:\Program Files (x86)\Real\RealPlayer\RPDS\Lib\r1api.dll
    2016-05-13 14:27 - 2016-05-13 14:27 - 00077552 _____ () C:\Program Files (x86)\RealNetworks\RealDownloader\dtvhooks.dll
    2016-05-16 15:18 - 2016-05-16 15:18 - 00101888 _____ () C:\Windows\assembly\NativeImages_v4.0.30319_32\Windows.Management\252667907e1e3e32b11d87fba7af0023\Windows.Management.ni.dll
    2016-05-16 15:18 - 2016-05-16 15:18 - 02921472 _____ () C:\Windows\assembly\NativeImages_v4.0.30319_32\Windows.App640a3541#\931208eb21bfb07f9a4995753d6b7f7b\Windows.ApplicationModel.ni.dll
    2016-05-16 15:18 - 2016-05-16 15:18 - 00821248 _____ () C:\Windows\assembly\NativeImages_v4.0.30319_32\Windows.Storage\70c31a6aefe21a1501d1b781a0217731\Windows.Storage.ni.dll
    2016-05-16 15:18 - 2016-05-16 15:18 - 00335360 _____ () C:\Windows\assembly\NativeImages_v4.0.30319_32\Windows.Foundation\cbafdb4e11c9fd06e0a2e5efa6253883\Windows.Foundation.ni.dll

    ==================== Alternate Data Streams (Whitelisted) =========

    (If an entry is included in the fixlist, only the ADS will be removed.)


    ==================== Safe Mode (Whitelisted) ===================

    (If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)


    ==================== Association (Whitelisted) ===============

    (If an entry is included in the fixlist, the registry item will be restored to default or removed.)


    ==================== Internet Explorer trusted/restricted ===============

    (If an entry is included in the fixlist, it will be removed from the registry.)


    ==================== Hosts content: ===============================

    (If needed Hosts: directive could be included in the fixlist to reset Hosts.)

    2015-10-30 03:24 - 2015-10-30 03:21 - 00000824 ____A C:\Windows\system32\Drivers\etc\hosts


    ==================== Other Areas ============================

    (Currently there is no automatic fix for this section.)

    HKU\S-1-5-21-483386053-2290206261-2764208400-1001\Control Panel\Desktop\\Wallpaper ->
    DNS Servers: 209.18.47.62 - 209.18.47.61
    HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1)
    Windows Firewall is enabled.

    ==================== MSCONFIG/TASK MANAGER disabled items ==

    (Currently there is no automatic fix for this section.)

    HKLM\...\StartupApproved\StartupFolder: => "RealTimes.lnk"
    HKU\S-1-5-21-483386053-2290206261-2764208400-1001\...\StartupApproved\Run: => "Spotify Web Helper"
    HKU\S-1-5-21-483386053-2290206261-2764208400-1001\...\StartupApproved\Run: => "CCleaner Monitoring"

    ==================== FirewallRules (Whitelisted) ===============

    (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

    FirewallRules: [vm-monitoring-nb-session] => (Allow) LPort=139
    FirewallRules: [{6E942E9F-E7A8-4FE9-9097-55CFA80392B4}] => (Allow) C:\Program Files\Intel\WiFi\bin\PanDhcpDns.exe
    FirewallRules: [{FD80B1E1-4A60-43B4-A536-6FF43846BEC4}] => (Allow) C:\Program Files (x86)\Microsoft Office\root\Office16\outlook.exe
    FirewallRules: [{D3D428B5-FE30-4CB3-AFC0-AAE928666ED6}] => (Allow) C:\Program Files (x86)\Real\RealPlayer\RPDS\Bin\rpdsvc.exe
    FirewallRules: [{53CD0C2D-211C-4F4D-B1E2-E46976B0E846}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
    FirewallRules: [{436D8915-1E12-4578-978B-1E5C0847439A}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
    FirewallRules: [{1CB1FB6C-7B44-4FF6-A087-8C77E727FBAD}] => (Allow) C:\Program Files (x86)\SHAREit\SHAREit\SHAREit.exe
    FirewallRules: [{540988DD-4F49-4160-BC09-E46F3C94EBE3}] => (Allow) C:\Program Files (x86)\SHAREit\SHAREit\SHAREit.exe
    FirewallRules: [{BBB5CB01-4C1A-44A8-96D8-E39C5ABB9C87}] => (Allow) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
    FirewallRules: [TCP Query User{AE1742A4-6701-47D1-B651-2BD254152DAC}C:\users\david\appdata\roaming\spotify\spotify.exe] => (Allow) C:\users\david\appdata\roaming\spotify\spotify.exe
    FirewallRules: [UDP Query User{FFC7AA58-E64A-4CBC-BC65-05356ADD0CAD}C:\users\david\appdata\roaming\spotify\spotify.exe] => (Allow) C:\users\david\appdata\roaming\spotify\spotify.exe
    FirewallRules: [{1CFEA469-E72E-4E70-8A14-155102BA3863}] => (Allow) C:\Program Files (x86)\AVG\Av\avgnsa.exe
    FirewallRules: [{ADDD4950-2462-4D5A-8B6D-A016A0348274}] => (Allow) C:\Program Files (x86)\AVG\Av\avgnsa.exe
    FirewallRules: [{F8D41941-04E0-4B89-B7B3-761BE51363F9}] => (Allow) C:\Program Files (x86)\AVG\Av\avgdiagex.exe
    FirewallRules: [{2F422661-9B34-41BE-96A7-C67185371D8B}] => (Allow) C:\Program Files (x86)\AVG\Av\avgdiagex.exe
    FirewallRules: [{04262C2B-A5C4-4071-8133-18ED2F4D71FD}] => (Allow) C:\Program Files (x86)\AVG\Av\avgmfapx.exe
    FirewallRules: [{6993F577-AFC8-4B22-82D6-689B5F3D7953}] => (Allow) C:\Program Files (x86)\AVG\Av\avgmfapx.exe
    FirewallRules: [{E89C33F1-B812-4FE7-99F2-3EB52C8C8EE5}] => (Allow) C:\Program Files (x86)\AVG\Av\avgemca.exe
    FirewallRules: [{FF201481-6632-4E8A-909E-472176BD597F}] => (Allow) C:\Program Files (x86)\AVG\Av\avgemca.exe

    ==================== Restore Points =========================

    17-06-2016 12:28:06 Windows Update
    22-06-2016 14:17:00 Installed Lenovo Solution Center.
    26-06-2016 22:20:55 Installed AVG 2016

    ==================== Faulty Device Manager Devices =============


    ==================== Event log errors: =========================

    Application errors:
    ==================
    Error: (07/02/2016 08:55:10 PM) (Source: DPTF) (EventID: 256) (User: )
    Description: Intel(R) Dynamic Platform and Thermal Framework : ESIF(8.1.10602.174) TYPE: ERROR

    DPTF Build Version: 8.1.10602.174
    DPTF Build Date: Jul 23 2015 11:24:10
    Source File: ..\..\..\Sources\Manager\EsifApplicationInterface.cpp @ line 737
    Executing Function: DptfEvent
    Message: Received unexpected event
    Framework Event: DptfResume [3]

    Error: (07/02/2016 07:49:18 PM) (Source: DPTF) (EventID: 256) (User: )
    Description: Intel(R) Dynamic Platform and Thermal Framework : ESIF(8.1.10602.174) TYPE: ERROR

    DPTF Build Version: 8.1.10602.174
    DPTF Build Date: Jul 23 2015 11:24:10
    Source File: ..\..\..\Sources\Manager\EsifApplicationInterface.cpp @ line 737
    Executing Function: DptfEvent
    Message: Received unexpected event
    Framework Event: DptfResume [3]

    Error: (07/02/2016 04:47:35 PM) (Source: DPTF) (EventID: 256) (User: )
    Description: Intel(R) Dynamic Platform and Thermal Framework : ESIF(8.1.10602.174) TYPE: ERROR

    DPTF Build Version: 8.1.10602.174
    DPTF Build Date: Jul 23 2015 11:24:10
    Source File: ..\..\..\Sources\Manager\EsifApplicationInterface.cpp @ line 737
    Executing Function: DptfEvent
    Message: Received unexpected event
    Framework Event: DptfResume [3]

    Error: (07/02/2016 01:45:52 PM) (Source: Application Error) (EventID: 1000) (User: )
    Description: Faulting application name: LockApp.exe, version: 0.0.0.0, time stamp: 0x5632d5a5
    Faulting module name: combase.dll, version: 10.0.10586.103, time stamp: 0x56a849ab
    Exception code: 0xc0000602
    Fault offset: 0x000000000018d8cb
    Faulting process id: 0x1c9c
    Faulting application start time: 0xLockApp.exe0
    Faulting application path: LockApp.exe1
    Faulting module path: LockApp.exe2
    Report Id: LockApp.exe3
    Faulting package full name: LockApp.exe4
    Faulting package-relative application ID: LockApp.exe5

    Error: (07/02/2016 01:45:47 PM) (Source: DPTF) (EventID: 256) (User: )
    Description: Intel(R) Dynamic Platform and Thermal Framework : ESIF(8.1.10602.174) TYPE: ERROR

    DPTF Build Version: 8.1.10602.174
    DPTF Build Date: Jul 23 2015 11:24:10
    Source File: ..\..\..\Sources\Manager\EsifApplicationInterface.cpp @ line 737
    Executing Function: DptfEvent
    Message: Received unexpected event
    Framework Event: DptfResume [3]

    Error: (07/02/2016 12:09:01 PM) (Source: DPTF) (EventID: 256) (User: )
    Description: Intel(R) Dynamic Platform and Thermal Framework : ESIF(8.1.10602.174) TYPE: ERROR

    DPTF Build Version: 8.1.10602.174
    DPTF Build Date: Jul 23 2015 11:24:10
    Source File: ..\..\..\Sources\Manager\EsifApplicationInterface.cpp @ line 737
    Executing Function: DptfEvent
    Message: Received unexpected event
    Framework Event: DptfResume [3]

    Error: (07/02/2016 11:06:05 AM) (Source: DPTF) (EventID: 256) (User: )
    Description: Intel(R) Dynamic Platform and Thermal Framework : ESIF(8.1.10602.174) TYPE: ERROR

    DPTF Build Version: 8.1.10602.174
    DPTF Build Date: Jul 23 2015 11:24:10
    Source File: ..\..\..\Sources\Manager\EsifApplicationInterface.cpp @ line 737
    Executing Function: DptfEvent
    Message: Received unexpected event
    Framework Event: DptfResume [3]

    Error: (07/02/2016 10:32:39 AM) (Source: DPTF) (EventID: 256) (User: )
    Description: Intel(R) Dynamic Platform and Thermal Framework : ESIF(8.1.10602.174) TYPE: ERROR

    DPTF Build Version: 8.1.10602.174
    DPTF Build Date: Jul 23 2015 11:24:10
    Source File: ..\..\..\Sources\Manager\EsifApplicationInterface.cpp @ line 737
    Executing Function: DptfEvent
    Message: Received unexpected event
    Framework Event: DptfResume [3]

    Error: (07/02/2016 05:55:39 AM) (Source: DPTF) (EventID: 256) (User: )
    Description: Intel(R) Dynamic Platform and Thermal Framework : ESIF(8.1.10602.174) TYPE: ERROR

    DPTF Build Version: 8.1.10602.174
    DPTF Build Date: Jul 23 2015 11:24:10
    Source File: ..\..\..\Sources\Manager\EsifApplicationInterface.cpp @ line 737
    Executing Function: DptfEvent
    Message: Received unexpected event
    Framework Event: DptfResume [3]

    Error: (07/02/2016 02:05:04 AM) (Source: DPTF) (EventID: 256) (User: )
    Description: Intel(R) Dynamic Platform and Thermal Framework : ESIF(8.1.10602.174) TYPE: ERROR

    DPTF Build Version: 8.1.10602.174
    DPTF Build Date: Jul 23 2015 11:24:10
    Source File: ..\..\..\Sources\Manager\EsifApplicationInterface.cpp @ line 737
    Executing Function: DptfEvent
    Message: Received unexpected event
    Framework Event: DptfResume [3]


    System errors:
    =============
    Error: (07/02/2016 08:25:44 PM) (Source: TPM) (EventID: 12) (User: )
    Description: The device driver for the Trusted Platform Module (TPM) encountered an error in the TPM hardware, which might prevent some applications using TPM services from operating correctly. Please restart your computer to reset the TPM hardware. For further assistance on this hardware issue, please contact the computer manufacturer for more information.

    Error: (07/02/2016 08:25:42 PM) (Source: DCOM) (EventID: 10016) (User: NT AUTHORITY)
    Description: application-specificLocalActivation{D63B10C5-BB46-4990-A94F-E40B9D520160}{9CA88EE3-ACB7-47C8-AFC4-AB702511C276}NT AUTHORITYSYSTEMS-1-5-18LocalHost (Using LRPC)UnavailableUnavailable

    Error: (07/02/2016 04:47:44 PM) (Source: TPM) (EventID: 12) (User: )
    Description: The device driver for the Trusted Platform Module (TPM) encountered an error in the TPM hardware, which might prevent some applications using TPM services from operating correctly. Please restart your computer to reset the TPM hardware. For further assistance on this hardware issue, please contact the computer manufacturer for more information.

    Error: (07/02/2016 01:47:36 PM) (Source: TPM) (EventID: 12) (User: )
    Description: The device driver for the Trusted Platform Module (TPM) encountered an error in the TPM hardware, which might prevent some applications using TPM services from operating correctly. Please restart your computer to reset the TPM hardware. For further assistance on this hardware issue, please contact the computer manufacturer for more information.

    Error: (07/02/2016 01:47:33 PM) (Source: DCOM) (EventID: 10016) (User: NT AUTHORITY)
    Description: application-specificLocalActivation{D63B10C5-BB46-4990-A94F-E40B9D520160}{9CA88EE3-ACB7-47C8-AFC4-AB702511C276}NT AUTHORITYSYSTEMS-1-5-18LocalHost (Using LRPC)UnavailableUnavailable

    Error: (07/02/2016 01:30:35 PM) (Source: TPM) (EventID: 12) (User: )
    Description: The device driver for the Trusted Platform Module (TPM) encountered an error in the TPM hardware, which might prevent some applications using TPM services from operating correctly. Please restart your computer to reset the TPM hardware. For further assistance on this hardware issue, please contact the computer manufacturer for more information.

    Error: (07/02/2016 01:30:33 PM) (Source: DCOM) (EventID: 10016) (User: NT AUTHORITY)
    Description: application-specificLocalActivation{D63B10C5-BB46-4990-A94F-E40B9D520160}{9CA88EE3-ACB7-47C8-AFC4-AB702511C276}NT AUTHORITYSYSTEMS-1-5-18LocalHost (Using LRPC)UnavailableUnavailable

    Error: (07/02/2016 12:07:38 PM) (Source: TPM) (EventID: 12) (User: )
    Description: The device driver for the Trusted Platform Module (TPM) encountered an error in the TPM hardware, which might prevent some applications using TPM services from operating correctly. Please restart your computer to reset the TPM hardware. For further assistance on this hardware issue, please contact the computer manufacturer for more information.

    Error: (07/02/2016 12:07:36 PM) (Source: DCOM) (EventID: 10016) (User: NT AUTHORITY)
    Description: application-specificLocalActivation{D63B10C5-BB46-4990-A94F-E40B9D520160}{9CA88EE3-ACB7-47C8-AFC4-AB702511C276}NT AUTHORITYSYSTEMS-1-5-18LocalHost (Using LRPC)UnavailableUnavailable

    Error: (07/02/2016 11:05:03 AM) (Source: TPM) (EventID: 12) (User: )
    Description: The device driver for the Trusted Platform Module (TPM) encountered an error in the TPM hardware, which might prevent some applications using TPM services from operating correctly. Please restart your computer to reset the TPM hardware. For further assistance on this hardware issue, please contact the computer manufacturer for more information.


    CodeIntegrity:
    ===================================
    Date: 2016-06-25 20:13:07.392
    Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume3\Windows\System32\efswrt.dll because the set of per-page image hashes could not be found on the system.

    Date: 2016-06-24 11:44:21.478
    Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume3\Windows\System32\efswrt.dll because the set of per-page image hashes could not be found on the system.

    Date: 2016-06-22 21:18:39.968
    Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume3\Windows\System32\efswrt.dll because the set of per-page image hashes could not be found on the system.

    Date: 2016-06-21 01:06:41.999
    Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume3\Windows\System32\efswrt.dll because the set of per-page image hashes could not be found on the system.

    Date: 2016-06-19 01:55:36.480
    Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume3\Windows\System32\efswrt.dll because the set of per-page image hashes could not be found on the system.

    Date: 2016-06-18 02:09:16.059
    Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume3\Windows\System32\efswrt.dll because the set of per-page image hashes could not be found on the system.

    Date: 2016-06-17 12:28:18.273
    Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume3\Windows\System32\efswrt.dll because the set of per-page image hashes could not be found on the system.

    Date: 2016-06-11 18:12:00.038
    Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume3\Windows\System32\efswrt.dll because the set of per-page image hashes could not be found on the system.

    Date: 2016-06-10 11:48:49.226
    Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume3\Windows\System32\efswrt.dll because the set of per-page image hashes could not be found on the system.

    Date: 2016-05-26 10:55:12.783
    Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume3\Windows\System32\efswrt.dll because the set of per-page image hashes could not be found on the system.


    ==================== Memory info ===========================

    Processor: Intel(R) Core(TM) i7-6500U CPU @ 2.50GHz
    Percentage of memory in use: 35%
    Total physical RAM: 8097.91 MB
    Available physical RAM: 5219.14 MB
    Total Virtual: 17313.91 MB
    Available Virtual: 11934.89 MB

    ==================== Drives ================================

    Drive c: () (Fixed) (Total:237.23 GB) (Free:180.75 GB) NTFS

    ==================== MBR & Partition Table ==================

    ========================================================
    Disk: 0 (Size: 238.5 GB) (Disk ID: 82B990EF)

    Partition: GPT.

    ==================== End of Addition.txt ============================
     
  4. losdavos

    losdavos TS Booster Topic Starter Posts: 112

    I hope it's okay that I pasted into Word in order to chop up my logs. I see now that that second of my so-far-three posts has extra blank lines, and I suspect that's because I didn't paste as plain text...
     
  5. Broni

    Broni Malware Annihilator Posts: 52,911   +344

    Please, observe following rules:
    • Read all of my instructions very carefully. Your mistakes during cleaning process may have very serious consequences, like unbootable computer.
    • If you're stuck, or you're not sure about certain step, always ask before doing anything else.
    • Please refrain from running any tools, fixes or applying any changes to your computer other than those I suggest.
    • Never run more than one scan at a time.
    • Keep updating me regarding your computer behavior, good, or bad.
    • The cleaning process, once started, has to be completed. Even if your computer appears to act better, it may still be infected. Once the computer is totally clean, I'll certainly let you know.
    • If you leave the topic without explanation in the middle of a cleaning process, you may not be eligible to receive any more help in malware removal forum.
    • I close my topics if you have not replied in 5 days. If you need more time, simply let me know. If I closed your topic and you need it to be reopened, simply PM me.

    ==============================

    Actaully, no.
    In the future please use Notepad instead of Wordpad to open logs.
    Wordpad creates an extra space and all logs are twice as long and harder for me to read.
    Thank you :)

    [​IMG] Download RogueKiller from one of the following links and save it to your Desktop:

    Link 1
    Link 2
    • Close all the running programs
    • Windows Vista/7/8 users: right click on RogueKiller.exe, click Run as Administrator
    • Otherwise just double-click on RogueKiller.exe
    • Pre-scan will start. Let it finish.
    • Click on SCAN button.
    • Wait until the Status box shows Scan Finished
    • Click on Delete.
    • Wait until the Status box shows Deleting Finished.
    • Click on Report and copy/paste the content of the Notepad into your next reply.
    • RKreport.txt could also be found on your desktop.
    • If more than one log is produced post all logs.
    • If RogueKiller has been blocked, do not hesitate to try a few times more. If really won't run, rename it to winlogon.exe (or winlogon.com) and try again
    [​IMG] Please download Malwarebytes Anti-Malware (MBAM) to your desktop.
    NOTE. If you already have MBAM 2.0 installed scroll down.
    • Double-click mbam-setup-2.0.0.1000.exe and follow the prompts to install the program.
    • At the end, be sure a checkmark is placed next to the following:
    • Launch Malwarebytes Anti-Malware
    • A 14 day trial of the Premium features is pre-selected. You may deselect this if you wish, and it will not diminish the scanning and removal capabilities of the program.
    • Click Finish.
    • On the Dashboard, click the 'Update Now >>' link
    • After the update completes, click the 'Scan Now >>' button.
    • Or, on the Dashboard, click the Scan Now >> button.
    • If an update is available, click the Update Now button.
    • A Threat Scan will begin.
    • When the scan is complete, if there have been detections, click Apply Actions to allow MBAM to clean what was detected.
    • In most cases, a restart will be required.
    • Wait for the prompt to restart the computer to appear, then click on Yes.
    If you already have MBAM 2.0 installed:
    • On the Dashboard, click the 'Update Now >>' link
    • After the update completes, click the 'Scan Now >>' button.
    • Or, on the Dashboard, click the Scan Now >> button.
    • If an update is available, click the Update Now button.
    • A Threat Scan will begin.
    • When the scan is complete, if there have been detections, click Apply Actions to allow MBAM to clean what was detected.
    • In most cases, a restart will be required.
    • Wait for the prompt to restart the computer to appear, then click on Yes.
    How to get logs:
    (Export log to save as txt)
    • After the restart once you are back at your desktop, open MBAM once more.
    • Click on the History tab > Application Logs.
    • Double click on the Scan Log which shows the Date and time of the scan just performed.
    • Click 'Export'.
    • Click 'Text file (*.txt)'
    • In the Save File dialog box which appears, click on Desktop.
    • In the File name: box type a name for your scan log.
    • A message box named 'File Saved' should appear stating "Your file has been successfully exported".
    • Click Ok
    • Attach that saved log to your next reply.
    (Copy to clipboard for pasting into forum replies or tickets)
    • After the restart once you are back at your desktop, open MBAM once more.
    • Click on the History tab > Application Logs.
    • Double click on the Scan Log which shows the Date and time of the scan just performed.
    • Click 'Copy to Clipboard'
    • Paste the contents of the clipboard into your reply.
    [​IMG] Please download AdwCleaner by Xplode onto your desktop.
    • Close all open programs and internet browsers.
    • Double click on adwcleaner.exe to run the tool.
    • Click on Scan button.
    • When the scan has finished click on Clean button.
    • Your computer will be rebooted automatically. A text file will open after the restart.
    • Please post the contents of that logfile with your next reply.
    • You can find the logfile at C:\AdwCleaner[S1].txt as well.
    [​IMG] Please download Junkware Removal Tool to your desktop.
    • Shut down your protection software now to avoid potential conflicts.
    • Run the tool by double-clicking it. If you are using Windows Vista, 7, or 8; instead of double-clicking, right-mouse click JRT.exe and select "Run as Administrator".
    • The tool will open and start scanning your system.
    • Please be patient as this can take a while to complete depending on your system's specifications.
    • On completion, a log (JRT.txt) is saved to your desktop and will automatically open.
    • Post the contents of JRT.txt into your next message.
     
  6. losdavos

    losdavos TS Booster Topic Starter Posts: 112

    Hi Broni,
    I downloaded Roguekiller from Link 1, and when I ran it I got a message saying I'm running the 32 bit version but should be using the 64 bit version--but it did ask if I wanted to continue anyway. I chose no. Should I try again and say yes? I did try Link 2, but my browser said the site can't be reached. (I noticed an apostrophe in the url; could that be the problem? I tried putting the address in my address bar without the apostrophe at the end, but Chrome treated it as a search, not an address.)
    Thanks, I'll stand by for now till you reply.
     
  7. Broni

    Broni Malware Annihilator Posts: 52,911   +344

    Run it and say yes.
     
  8. losdavos

    losdavos TS Booster Topic Starter Posts: 112

    Ok, hope you don't mind I'm being extremely careful:
    It looks like Roguekiller might have slightly different interfaces now. It's not offering me a "Delete" command, but rather "Remove selected." (It says it found 9 threats, and lists them.) I guess I should go ahead and "remove selected," yes? Thanks!
     
  9. Broni

    Broni Malware Annihilator Posts: 52,911   +344

    Yes. It's always good to ask :)
     
  10. losdavos

    losdavos TS Booster Topic Starter Posts: 112

    RogueKiller V12.3.6.0 [Jun 27 2016] (Free) by Adlice Software
    mail : http://www.adlice.com/contact/
    Feedback : http://forum.adlice.com
    Website : http://www.adlice.com/software/roguekiller/
    Blog : http://www.adlice.com

    Operating System : Windows 10 (10.0.10586) 64 bits version
    Started in : Normal mode
    User : david [Administrator]
    Started from : C:\Users\david\Desktop\RogueKiller.exe
    Mode : Delete -- Date : 07/03/2016 22:34:37

    ¤¤¤ Processes : 1 ¤¤¤
    [Suspicious.Path] LSB.exe(10516) -- C:\Users\david\AppData\Local\Apps\2.0\REW9Y2BJ.50E\VROZJWL1.ED4\lsb...tion_2d7b41b05b24775e_0001.0006_6a5d43d0bdf9db4a\LSB.exe[7] -> Killed [TermProc]

    ¤¤¤ Registry : 8 ¤¤¤
    [PUM.HomePage] (X64) HKEY_USERS\S-1-5-21-483386053-2290206261-2764208400-1001\Software\Microsoft\Internet Explorer\Main | Default_Page_URL : http://lenovo15.msn.com/?pc=LCTE -> Replaced (http://www.microsoft.com/isapi/redir.dll?prd=ie&pver=6&ar=msnhome)
    [PUM.HomePage] (X86) HKEY_USERS\S-1-5-21-483386053-2290206261-2764208400-1001\Software\Microsoft\Internet Explorer\Main | Default_Page_URL : http://lenovo15.msn.com/?pc=LCTE -> Replaced (http://www.microsoft.com/isapi/redir.dll?prd=ie&pver=6&ar=msnhome)
    [PUM.Dns] (X64) HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\Tcpip\Parameters | DhcpNameServer : 209.18.47.62 209.18.47.61 ([X][X]) -> Replaced ()
    [PUM.Dns] (X64) HKEY_LOCAL_MACHINE\System\ControlSet001\Services\Tcpip\Parameters | DhcpNameServer : 209.18.47.62 209.18.47.61 ([X][X]) -> Replaced ()
    [PUM.Dns] (X64) HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{3d9db97d-3a4f-46cd-85b4-9a9d85e08e37} | DhcpNameServer : 150.206.1.2 ([X]) -> Replaced ()
    [PUM.Dns] (X64) HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{d817e65e-c451-417b-85a6-5f203999c89a} | DhcpNameServer : 209.18.47.62 209.18.47.61 ([X][X]) -> Replaced ()
    [PUM.Dns] (X64) HKEY_LOCAL_MACHINE\System\ControlSet001\Services\Tcpip\Parameters\Interfaces\{3d9db97d-3a4f-46cd-85b4-9a9d85e08e37} | DhcpNameServer : 150.206.1.2 ([X]) -> Replaced ()
    [PUM.Dns] (X64) HKEY_LOCAL_MACHINE\System\ControlSet001\Services\Tcpip\Parameters\Interfaces\{d817e65e-c451-417b-85a6-5f203999c89a} | DhcpNameServer : 209.18.47.62 209.18.47.61 ([X][X]) -> Replaced ()

    ¤¤¤ Tasks : 0 ¤¤¤

    ¤¤¤ Files : 0 ¤¤¤

    ¤¤¤ Hosts File : 0 ¤¤¤

    ¤¤¤ Antirootkit : 0 (Driver: Not loaded [0xc000036b]) ¤¤¤

    ¤¤¤ Web browsers : 0 ¤¤¤

    ¤¤¤ MBR Check : ¤¤¤
    +++++ PhysicalDrive0: HFS256G39MND-3310A +++++
    --- User ---
    [MBR] 4348019a6c64f5637927143c9f771d72
    [BSP] 255307b5834cb2c62fe7de5307d243a0 : Empty|VT.Unknown MBR Code
    Partition table:
    0 - [MAN-MOUNT] EFI system partition | Offset (sectors): 2048 | Size: 260 MB
    1 - [MAN-MOUNT] Microsoft reserved partition | Offset (sectors): 534528 | Size: 16 MB
    2 - Basic data partition | Offset (sectors): 567296 | Size: 242921 MB
    3 - [SYSTEM][MAN-MOUNT] Basic data partition | Offset (sectors): 498069504 | Size: 1000 MB
    User = LL1 ... OK
    User = LL2 ... OK
     
  11. losdavos

    losdavos TS Booster Topic Starter Posts: 112

    Proceeding to the mbam step now.
     
  12. losdavos

    losdavos TS Booster Topic Starter Posts: 112

    Uh-oh now I can't get to any website. Didn't even successfully get to the mbam download page. Computer says it's connected to my home wifi but all 3 of my browsers say that every site I try to go to "can't be reached." Typing this on my phone now...
     
  13. Broni

    Broni Malware Annihilator Posts: 52,911   +344

    Tried to restart?
     
  14. losdavos

    losdavos TS Booster Topic Starter Posts: 112

    A restart! What sorcery is this?! Ha didn't even think of that. That worked, thank you! Here is my mbam log; am now proceeding to the AdwCleaner step.

    Malwarebytes Anti-Malware
    www.malwarebytes.org

    Scan Date: 7/3/2016
    Scan Time: 11:15 PM
    Logfile:
    Administrator: Yes

    Version: 2.2.1.1043
    Malware Database: v2016.07.04.01
    Rootkit Database: v2016.05.27.01
    License: Trial
    Malware Protection: Enabled
    Malicious Website Protection: Enabled
    Self-protection: Disabled

    OS: Windows 10
    CPU: x64
    File System: NTFS
    User: david

    Scan Type: Threat Scan
    Result: Completed
    Objects Scanned: 293411
    Time Elapsed: 3 min, 44 sec

    Memory: Enabled
    Startup: Enabled
    Filesystem: Enabled
    Archives: Enabled
    Rootkits: Disabled
    Heuristics: Enabled
    PUP: Enabled
    PUM: Enabled

    Processes: 0
    (No malicious items detected)

    Modules: 0
    (No malicious items detected)

    Registry Keys: 0
    (No malicious items detected)

    Registry Values: 0
    (No malicious items detected)

    Registry Data: 0
    (No malicious items detected)

    Folders: 0
    (No malicious items detected)

    Files: 0
    (No malicious items detected)

    Physical Sectors: 0
    (No malicious items detected)


    (end)
     
  15. losdavos

    losdavos TS Booster Topic Starter Posts: 112

    Here's the AdwCleaner log; proceeding to the JRT step.

    # AdwCleaner v5.201 - Logfile created 03/07/2016 at 23:25:06
    # Updated 30/06/2016 by ToolsLib
    # Database : 2016-07-01.1 [Server]
    # Operating system : Windows 10 Home (X64)
    # Username : david - DESKTOP-3MHNPTN
    # Running from : C:\Users\david\Desktop\adwcleaner_5.201.exe
    # Option : Clean
    # Support : https://toolslib.net/forum

    ***** [ Services ] *****


    ***** [ Folders ] *****


    ***** [ Files ] *****

    [-] File Deleted : C:\Users\david\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxp_www.azlyrics.com_0.localstorage
    [-] File Deleted : C:\Users\david\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxp_www.azlyrics.com_0.localstorage-journal

    ***** [ DLLs ] *****


    ***** [ WMI ] *****


    ***** [ Shortcuts ] *****


    ***** [ Scheduled tasks ] *****


    ***** [ Registry ] *****

    [-] Key Deleted : HKCU\Software\APN PIP

    ***** [ Web browsers ] *****

    [-] [C:\Users\david\AppData\Local\Google\Chrome\User Data\Default\Secure Preferences] [Homepage] Deleted : hxxp://www.trovi.com/?gd=&ctid=CT3323128&octid=EB_ORIGINAL_CTID&ISID=MFA928959-4827-422B-8464-8E9E80937193&SearchSource=55&CUI=&UM=6&UP=SPBDEA24BF-65F7-4987-8F77-5ACA6F7FAF1C&SSPV=

    *************************

    :: "Tracing" keys deleted
    :: Winsock settings cleared

    *************************

    C:\AdwCleaner\AdwCleaner[C1].txt - [1324 bytes] - [03/07/2016 23:25:06]
    C:\AdwCleaner\AdwCleaner[S1].txt - [1443 bytes] - [03/07/2016 23:23:53]

    ########## EOF - C:\AdwCleaner\AdwCleaner[C1].txt - [1470 bytes] ##########
     
  16. losdavos

    losdavos TS Booster Topic Starter Posts: 112

    Ok here's the JRT log. But I just realized--I did disable my normal protection software before running JRT, but I see that mbam's background protection was running while I ran JRT. Let me know if that's a problem, thank you.

    ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
    Junkware Removal Tool (JRT) by Malwarebytes
    Version: 8.0.6 (04.25.2016)
    Operating System: Windows 10 Home x64
    Ran by david (Administrator) on Sun 07/03/2016 at 23:29:27.38
    ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~




    File System: 2

    Successfully deleted: C:\Users\david\AppData\Local\crashrpt (Folder)
    Successfully deleted: C:\Windows\prefetch\QUICKOPTIMIZERICON.EXE-26602B0B.pf (File)



    Registry: 0





    ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
    Scan was completed on Sun 07/03/2016 at 23:30:25.64
    End of JRT log
    ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
     
  17. Broni

    Broni Malware Annihilator Posts: 52,911   +344

    Re-run Farbar Recovery Scan Tool (FRST/FRST64) you ran at the very beginning of this topic.

    • Double click to run it.
    • Make sure you checkmark Addition.txt box.
    • Press Scan button.
    • Scan will create two logs, FRST.txt and Addition.txt in the same directory the tool is run. Please copy and paste them to your reply.
     
  18. losdavos

    losdavos TS Booster Topic Starter Posts: 112

    Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 02-07-2016
    Ran by david (administrator) on DESKTOP-3MHNPTN (04-07-2016 00:01:40)
    Running from C:\Users\david\Desktop
    Loaded Profiles: david (Available Profiles: david)
    Platform: Windows 10 Home Version 1511 (X64) Language: English (United States)
    Internet Explorer Version 11 (Default browser: Edge)
    Boot Mode: Normal
    Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

    ==================== Processes (Whitelisted) =================

    (If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

    (AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\Av\avgrsa.exe
    (AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\Av\avgcsrva.exe
    (Intel Corporation) C:\Windows\System32\igfxCUIService.exe
    (Intel Corporation) C:\Windows\SysWOW64\IntelCpHeciSvc.exe
    (Microsoft Corporation) C:\Windows\System32\wlanext.exe
    (AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\Framework\Common\avgsvca.exe
    (Microsoft Corporation) C:\Program Files\Common Files\microsoft shared\ClickToRun\OfficeClickToRun.exe
    (AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\Av\avgwdsvca.exe
    (AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\Av\avgfwsa.exe
    (AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\Av\avgidsagenta.exe
    () C:\Program Files\Dolby\Dolby DAX2\DAX2_API\DolbyDAX2API.exe
    (Intel Corporation) C:\Windows\SysWOW64\esif_uf.exe
    (Intel(R) Corporation) C:\Program Files\Intel\WiFi\bin\EvtEng.exe
    (Intel Corporation) C:\Program Files (x86)\Intel\Bluetooth\utilities\ibtsiva.exe
    (Lenovo Group Limited) C:\Program Files\Lenovo\ImController\Service\Lenovo.Modern.ImController.exe
    (Malwarebytes) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe
    (Intel(R) Corporation) C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe
    (RealNetworks, Inc.) C:\Program Files (x86)\Real\RealPlayer\RPDS\Bin\rpdsvc.exe
    (Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnhService.exe
    (BayHubTech/O2Micro International) C:\Windows\System32\drivers\o2flash.exe
    () C:\Program Files (x86)\Real\UpdateService\RealPlayerUpdateSvc.exe
    (Malwarebytes) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe
    (Lenovo) C:\ProgramData\LenovoTransition\Server\x64\ymc.exe
    () C:\ProgramData\Lenovo\PLHotkeyService\PLHotkeyService.exe
    (Intel® Corporation) C:\Program Files\Intel\WiFi\bin\ZeroConfigService.exe
    (AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\Av\avgnsa.exe
    (AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\Av\avgemca.exe
    (Malwarebytes) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbam.exe
    (Intel Corporation) C:\Windows\Temp\DPTF\esif_assist_64.exe
    (Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v3.0\WPF\PresentationFontCache.exe
    (Microsoft Corporation) C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\RemindersServer.exe
    () C:\Program Files\WindowsApps\Microsoft.Messaging_2.15.20002.0_x86__8wekyb3d8bbwe\SkypeHost.exe
    (Intel Corporation) C:\Windows\System32\igfxEM.exe
    (Intel Corporation) C:\Windows\System32\igfxHK.exe
    () C:\Windows\System32\igfxTray.exe
    (Lenovo Group Limited) C:\Program Files\Lenovo\ImController\PluginHost\Lenovo.Modern.ImController.PluginHost.exe
    (Lenovo Group Limited) C:\Program Files (x86)\Lenovo\ImController\PluginHost\Lenovo.Modern.ImController.PluginHost.exe
    (Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
    (Microsoft Corporation) C:\Windows\System32\rundll32.exe
    (Lenovo Group Limited) C:\Program Files (x86)\Lenovo\ImController\PluginHost\Lenovo.Modern.ImController.PluginHost.exe
    (Google Inc.) C:\Program Files (x86)\Google\Update\1.3.30.3\GoogleCrashHandler.exe
    (Google Inc.) C:\Program Files (x86)\Google\Update\1.3.30.3\GoogleCrashHandler64.exe
    (Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
    () C:\Program Files\Lenovo\LenovoUtility\utility.exe
    (Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe
    (Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe
    (Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe
    () C:\Program Files\Dolby\Dolby DAX2\DAX2_APP\DolbyDAX2TrayIcon.exe
    () C:\Program Files (x86)\RealNetworks\RealDownloader\downloader2.exe
    (AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\Framework\Common\avguix.exe
    (AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\Av\avgui.exe
    (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
    (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
    (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
    (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
    (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
    (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
    (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
    (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
    (Intel Corporation) C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe
    (Lenovo) C:\Program Files\Lenovo\Lenovo Solution Center\LSCNotify.exe
    (Intel Corporation) C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe
    (Lenovo) C:\Users\david\AppData\Local\Apps\2.0\REW9Y2BJ.50E\VROZJWL1.ED4\lsb...tion_2d7b41b05b24775e_0001.0006_6a5d43d0bdf9db4a\LSB.exe
    (Microsoft Corporation) C:\Windows\System32\SettingSyncHost.exe
    (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
    (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
    (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
    (Microsoft Corporation) C:\Windows\System32\dllhost.exe
    (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
    (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
    (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
    (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
    (Microsoft Corporation) C:\Program Files (x86)\Microsoft Office\root\VFS\ProgramFilesCommonX86\Microsoft Shared\OFFICE16\CSISYNCCLIENT.EXE
    (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
    (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
    (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
    (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
    (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
    (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe


    ==================== Registry (Whitelisted) ===========================

    (If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

    HKLM\...\Run: [LenovoUtility] => C:\Program Files\Lenovo\LenovoUtility\utility.exe [791848 2016-04-08] ()
    HKLM\...\Run: [IAStorIcon] => C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe [322472 2015-06-23] (Intel Corporation)
    HKLM\...\Run: [RtHDVBg_Dolby] => C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe [1407744 2015-10-01] (Realtek Semiconductor)
    HKLM\...\Run: [RtHDVBg_LENOVO_DOLBYDRAGON] => C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe [1407744 2015-10-01] (Realtek Semiconductor)
    HKLM\...\Run: [RtHDVBg_LENOVO_MICPKEY] => C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe [1407744 2015-10-01] (Realtek Semiconductor)
    HKLM\...\Run: [DAX2_APP] => C:\Program Files\Dolby\Dolby DAX2\DAX2_APP\DolbyDAX2TrayIcon.exe [628736 2015-06-16] ()
    HKLM-x32\...\Run: [RealDownloader] => C:\Program Files (x86)\RealNetworks\RealDownloader\downloader2.exe [714992 2016-05-13] ()
    HKLM-x32\...\Run: [AvgUi] => C:\Program Files (x86)\AVG\Framework\Common\avguirnx.exe [186640 2016-06-21] (AVG Technologies CZ, s.r.o.)
    HKLM-x32\...\Run: [AVG_UI] => C:\Program Files (x86)\AVG\Av\avgui.exe [6570256 2016-06-09] (AVG Technologies CZ, s.r.o.)
    HKU\S-1-5-21-483386053-2290206261-2764208400-1001\...\Run: [Spotify Web Helper] => C:\Users\david\AppData\Roaming\Spotify\SpotifyWebHelper.exe [1553520 2016-06-29] (Spotify Ltd)
    HKU\S-1-5-21-483386053-2290206261-2764208400-1001\...\Run: [CCleaner Monitoring] => C:\Program Files\CCleaner\CCleaner64.exe [8810200 2016-06-10] (Piriform Ltd)
    ShellIconOverlayIdentifiers: [ mozysyncNotUploaded] -> {34DF8AC2-A6BB-4855-B45A-CC1B4D9183E3} => C:\Program Files\Mozy Sync\mozysyncshell.dll [2015-11-10] (Mozy, Inc.)
    ShellIconOverlayIdentifiers: [ mozysyncPendingChanges] -> {6673BC77-4A7B-4299-A130-14312E6B203A} => C:\Program Files\Mozy Sync\mozysyncshell.dll [2015-11-10] (Mozy, Inc.)
    ShellIconOverlayIdentifiers: [ mozysyncUpToDate] -> {04547006-32F5-4635-844B-B8D7FCE47692} => C:\Program Files\Mozy Sync\mozysyncshell.dll [2015-11-10] (Mozy, Inc.)
    Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\RealTimes.lnk [2016-05-25]
    ShortcutTarget: RealTimes.lnk -> C:\Program Files (x86)\Real\RealPlayer\RPDS\Bin\rpsystray.exe (RealNetworks, Inc.)

    ==================== Internet (Whitelisted) ====================

    (If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

    Tcpip\Parameters: [DhcpNameServer] 209.18.47.62 209.18.47.61
    Tcpip\..\Interfaces\{d817e65e-c451-417b-85a6-5f203999c89a}: [DhcpNameServer] 209.18.47.62 209.18.47.61

    Internet Explorer:
    ==================
    HKU\S-1-5-21-483386053-2290206261-2764208400-1001\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://go.microsoft.com/fwlink/p/?LinkId=619797&pc=UE07&ocid=UE07DHP
    HKU\S-1-5-21-483386053-2290206261-2764208400-1001\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&pver=6&ar=msnhome
    BHO: RealNetworks Download and Record Plugin for Internet Explorer -> {3049C3E9-B461-4BC5-8870-4C09146192CA} -> C:\Program Files (x86)\RealNetworks\RealDownloader\BrowserPlugins\IE\rndlbrowserrecordplugin64.dll [2016-05-13] (RealDownloader)
    BHO: Lync Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files (x86)\Microsoft Office\root\VFS\ProgramFilesX64\Microsoft Office\Office16\OCHelper.dll [2016-06-10] (Microsoft Corporation)
    BHO: Microsoft OneDrive for Business Browser Helper -> {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} -> C:\Program Files (x86)\Microsoft Office\root\VFS\ProgramFilesX64\Microsoft Office\Office16\GROOVEEX.DLL [2016-06-22] (Microsoft Corporation)
    BHO-x32: RealNetworks Download and Record Plugin for Internet Explorer -> {3049C3E9-B461-4BC5-8870-4C09146192CA} -> C:\Program Files (x86)\RealNetworks\RealDownloader\BrowserPlugins\IE\rndlbrowserrecordplugin.dll [2016-05-13] (RealDownloader)
    Handler-x32: mso-minsb-roaming.16 - {83C25742-A9F7-49FB-9138-434302C88D07} - C:\Program Files (x86)\Microsoft Office\root\Office16\MSOSB.DLL [2016-06-10] (Microsoft Corporation)
    Handler-x32: mso-minsb.16 - {42089D2D-912D-4018-9087-2B87803E93FB} - C:\Program Files (x86)\Microsoft Office\root\Office16\MSOSB.DLL [2016-06-10] (Microsoft Corporation)
    Handler-x32: osf-roaming.16 - {42089D2D-912D-4018-9087-2B87803E93FB} - C:\Program Files (x86)\Microsoft Office\root\Office16\MSOSB.DLL [2016-06-10] (Microsoft Corporation)
    Handler-x32: osf.16 - {5504BE45-A83B-4808-900A-3A5C36E7F77A} - C:\Program Files (x86)\Microsoft Office\root\Office16\MSOSB.DLL [2016-06-10] (Microsoft Corporation)

    FireFox:
    ========
    FF ProfilePath: C:\Users\david\AppData\Roaming\Mozilla\Firefox\Profiles\u11xwjzo.default
    FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\Program Files (x86)\Microsoft Office\root\Office16\NPSPWRAP.DLL [2016-06-10] (Microsoft Corporation)
    FF Plugin-x32: @real.com/nppl3260;version=18.1.4.135 -> C:\Program Files (x86)\Real\RealPlayer\Netscape6\nppl3260.dll [2016-05-25] (RealNetworks, Inc.)
    FF Plugin-x32: @real.com/nprpplugin;version=18.1.4.135 -> C:\Program Files (x86)\Real\RealPlayer\Netscape6\nprpplugin.dll [2016-05-25] (RealPlayer)
    FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.30.3\npGoogleUpdate3.dll [2016-05-11] (Google Inc.)
    FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.30.3\npGoogleUpdate3.dll [2016-05-11] (Google Inc.)
    FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AIR\nppdf32.dll [2016-05-27] (Adobe Systems Inc.)
    FF Extension: Adblock Plus - C:\Users\david\AppData\Roaming\Mozilla\Firefox\Profiles\u11xwjzo.default\Extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi [2016-05-31]

    Chrome:
    =======
    CHR HomePage: Default -> hxxp://www.trovi.com/?gd=&ctid=CT3323128&octid=EB_ORIGINAL_CTID&ISID=MFA928959-4827-422B-8464-8E9E80937193&SearchSource=55&CUI=&UM=6&UP=SPBDEA24BF-65F7-4987-8F77-5ACA6F7FAF1C&SSPV=
    CHR Session Restore: Default -> is enabled.
    CHR Profile: C:\Users\david\AppData\Local\Google\Chrome\User Data\Default
    CHR Extension: (Google Slides) - C:\Users\david\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2016-05-04]
    CHR Extension: (Google Docs) - C:\Users\david\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2016-05-04]
    CHR Extension: (Google Drive) - C:\Users\david\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2016-05-04]
    CHR Extension: (YouTube) - C:\Users\david\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2016-05-04]
    CHR Extension: (Adblock Plus) - C:\Users\david\AppData\Local\Google\Chrome\User Data\Default\Extensions\cfhdojbkjhnklbpkdaibdccddilifddb [2016-06-29]
    CHR Extension: (MightyText - SMS from PC & Text from Computer) - C:\Users\david\AppData\Local\Google\Chrome\User Data\Default\Extensions\dkfhfaphfkopdgpbfkebjfcblcafcmpi [2016-06-02]
    CHR Extension: (Google News) - C:\Users\david\AppData\Local\Google\Chrome\User Data\Default\Extensions\dllkocilcinkggkchnjgegijklcililc [2016-05-05]
    CHR Extension: (Dropbox for Gmail) - C:\Users\david\AppData\Local\Google\Chrome\User Data\Default\Extensions\dpdmhfocilnekecfjgimjdeckachfbec [2016-05-05]
    CHR Extension: (Google Calendar) - C:\Users\david\AppData\Local\Google\Chrome\User Data\Default\Extensions\ejjicmeblgpmajnghnpcppodonldlgfn [2016-05-05]
    CHR Extension: (Google Sheets) - C:\Users\david\AppData\Local\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2016-05-04]
    CHR Extension: (Google Docs Offline) - C:\Users\david\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2016-05-04]
    CHR Extension: (AdBlock) - C:\Users\david\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom [2016-07-01]
    CHR Extension: (Backspace means backspace!) - C:\Users\david\AppData\Local\Google\Chrome\User Data\Default\Extensions\hcicfpjmgbfalapmkdhfgldcnbamicnh [2016-05-05]
    CHR Extension: (Google Hangouts) - C:\Users\david\AppData\Local\Google\Chrome\User Data\Default\Extensions\knipolnnllmklapflnccelgolnpehhpl [2016-07-01]
    CHR Extension: (Lego Builder) - C:\Users\david\AppData\Local\Google\Chrome\User Data\Default\Extensions\mapnbjhfjionggfhlkmhjbmbpgfdlolh [2016-05-05]
    CHR Extension: (Chrome Web Store Payments) - C:\Users\david\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2016-05-04]
    CHR Extension: (Gmail) - C:\Users\david\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2016-05-04]

    ==================== Services (Whitelisted) ========================

    (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

    S3 AvgAMPS; C:\Program Files (x86)\AVG\Av\avgamps.exe [636312 2016-06-09] (AVG Technologies CZ, s.r.o.)
    R2 avgfws; C:\Program Files (x86)\AVG\Av\avgfwsa.exe [1998712 2016-06-09] (AVG Technologies CZ, s.r.o.)
    R2 AVGIDSAgent; C:\Program Files (x86)\AVG\Av\avgidsagenta.exe [5165824 2016-06-09] (AVG Technologies CZ, s.r.o.)
    R2 avgsvc; C:\Program Files (x86)\AVG\Framework\Common\avgsvca.exe [1080080 2016-06-21] (AVG Technologies CZ, s.r.o.)
    R2 avgwd; C:\Program Files (x86)\AVG\Av\avgwdsvca.exe [705528 2016-06-09] (AVG Technologies CZ, s.r.o.)
    R2 ClickToRunSvc; C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exe [2944768 2016-06-10] (Microsoft Corporation)
    S3 cplspcon; C:\Windows\system32\IntelCpHDCPSvc.exe [600680 2015-11-24] (Intel Corporation)
    R2 DAX2API; C:\Program Files\Dolby\Dolby DAX2\DAX2_API\DolbyDAX2API.exe [176640 2015-09-15] () [File not signed]
    R2 esifsvc; C:\Windows\SysWOW64\esif_uf.exe [1385640 2015-07-22] (Intel Corporation)
    R2 IAStorDataMgrSvc; C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe [18856 2015-06-23] (Intel Corporation)
    R2 ibtsiva.exe; C:\Program Files (x86)\Intel\Bluetooth\utilities\ibtsiva.exe [135408 2015-07-01] (Intel Corporation)
    R2 igfxCUIService2.0.0.0; C:\Windows\system32\igfxCUIService.exe [353896 2015-11-24] (Intel Corporation)
    R2 ImControllerService; C:\Program Files\Lenovo\ImController\Service\Lenovo.Modern.ImController.exe [56144 2016-05-26] (Lenovo Group Limited)
    S3 LSC.Services.SystemService; C:\Program Files\Lenovo\Lenovo Solution Center\App\LSC.Services.SystemService.exe [273232 2016-06-02] (Lenovo)
    R2 MBAMScheduler; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe [1514464 2016-03-10] (Malwarebytes)
    R2 MBAMService; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe [1136608 2016-03-10] (Malwarebytes)
    S3 MyWiFiDHCPDNS; C:\Program Files\Intel\WiFi\bin\PanDhcpDns.exe [268192 2015-06-12] ()
    R2 O2FLASH; C:\Windows\System32\drivers\o2flash.exe [82096 2015-05-20] (BayHubTech/O2Micro International)
    R2 O2FLASH; C:\Windows\SysWOW64\drivers\o2flash.exe [82096 2015-05-20] (BayHubTech/O2Micro International)
    R2 RealPlayerUpdateSvc; C:\Program Files (x86)\Real\UpdateService\RealPlayerUpdateSvc.exe [32544 2016-05-13] ()
    R2 RealTimes Desktop Service; C:\Program Files (x86)\Real\RealPlayer\RPDS\Bin\rpdsvc.exe [1095440 2016-05-25] (RealNetworks, Inc.)
    S3 ShareItSvc; C:\Program Files (x86)\SHAREit\SHAREit\Shareit.Service.exe [33224 2016-04-15] (SHAREit Technologies Co.Ltd)
    R2 SynTPEnhService; C:\Program Files\Synaptics\SynTP\SynTPEnhService.exe [246376 2016-01-06] (Synaptics Incorporated)
    S3 WdNisSvc; C:\Program Files\Windows Defender\NisSrv.exe [364464 2015-10-30] (Microsoft Corporation)
    S3 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [24864 2015-10-30] (Microsoft Corporation)
    R2 ymc; C:\ProgramData\LenovoTransition\Server\x64\ymc.exe [42424 2015-12-02] (Lenovo)
    R2 YogaPLService; C:\ProgramData\Lenovo\PLHotkeyService\PLHotkeyService.exe [29112 2015-06-27] ()
    R2 ZeroConfigService; C:\Program Files\Intel\WiFi\bin\ZeroConfigService.exe [3831200 2015-06-12] (Intel® Corporation)

    ===================== Drivers (Whitelisted) ==========================

    (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

    S0 Avgboota; C:\Windows\System32\DRIVERS\avgboota.sys [21632 2016-01-07] (AVG Technologies CZ, s.r.o.)
    R1 Avgdiska; C:\Windows\System32\DRIVERS\avgdiska.sys [162592 2016-02-16] (AVG Technologies CZ, s.r.o.)
    R1 Avgfwfd; C:\Windows\system32\DRIVERS\avgfwd6a.sys [97208 2015-08-29] (AVG Technologies CZ, s.r.o.)
    R1 AVGIDSDriver; C:\Windows\System32\DRIVERS\avgidsdrivera.sys [307456 2016-05-18] (AVG Technologies CZ, s.r.o.)
    R0 AVGIDSHA; C:\Windows\System32\DRIVERS\avgidsha.sys [272304 2016-01-26] (AVG Technologies CZ, s.r.o.)
    R1 Avgldx64; C:\Windows\System32\DRIVERS\avgldx64.sys [260352 2016-05-02] (AVG Technologies CZ, s.r.o.)
    R0 Avgloga; C:\Windows\System32\DRIVERS\avgloga.sys [360736 2016-02-16] (AVG Technologies CZ, s.r.o.)
    R0 Avgmfx64; C:\Windows\System32\DRIVERS\avgmfx64.sys [247040 2016-05-05] (AVG Technologies CZ, s.r.o.)
    R0 Avgrkx64; C:\Windows\System32\DRIVERS\avgrkx64.sys [51968 2016-05-02] (AVG Technologies CZ, s.r.o.)
    R0 avguniva; C:\Windows\System32\DRIVERS\avguniva.sys [71936 2016-05-05] (AVG Technologies CZ, s.r.o.)
    R1 Avgwfpa; C:\Windows\system32\DRIVERS\avgwfpa.sys [315840 2015-12-16] (AVG Technologies CZ, s.r.o.)
    S3 AX88772; C:\Windows\System32\drivers\ax88772.sys [111616 2015-10-30] (ASIX Electronics Corp.)
    R3 dptf_cpu; C:\Windows\System32\drivers\dptf_cpu.sys [43512 2015-07-22] (Intel Corporation)
    R3 esif_lf; C:\Windows\system32\DRIVERS\esif_lf.sys [251384 2015-07-22] (Intel Corporation)
    R3 iaLPSS2_GPIO2; C:\Windows\System32\drivers\iaLPSS2_GPIO2.sys [84264 2015-06-16] (Intel Corporation)
    R3 iaLPSS2_I2C; C:\Windows\System32\drivers\iaLPSS2_I2C.sys [185128 2015-06-16] (Intel Corporation)
    R3 ibtusb; C:\Windows\system32\DRIVERS\ibtusb.sys [250096 2015-07-01] (Intel Corporation)
    R3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [27008 2016-03-10] (Malwarebytes)
    R3 MBAMSwissArmy; C:\Windows\system32\drivers\MBAMSwissArmy.sys [192216 2016-07-03] (Malwarebytes)
    R3 MBAMWebAccessControl; C:\Windows\system32\drivers\mwac.sys [65408 2016-03-10] (Malwarebytes Corporation)
    R3 MEIx64; C:\Windows\System32\drivers\TeeDriverW8x64.sys [184608 2015-07-07] (Intel Corporation)
    S3 NETwNe64; C:\Windows\System32\drivers\NETwew01.sys [3343872 2015-10-30] (Intel Corporation)
    R3 Netwtw02; C:\Windows\System32\drivers\Netwtw02.sys [7043336 2015-10-24] (Intel Corporation)
    R3 O2FJ2RDR; C:\Windows\System32\drivers\O2FJ2x64.sys [201240 2015-05-20] (BayHubTech/O2Micro )
    R3 rtsuvc; C:\Windows\system32\DRIVERS\rtsuvc.sys [3049176 2015-05-29] (Realtek Semiconductor Corp.)
    R3 SynRMIHID; C:\Windows\system32\DRIVERS\SynRMIHID.sys [56936 2016-01-06] (Synaptics Incorporated)
    U3 TrueSight; C:\Windows\System32\drivers\TrueSight.sys [24688 2016-07-03] ()
    S3 WdBoot; C:\Windows\system32\drivers\WdBoot.sys [44568 2015-10-30] (Microsoft Corporation)
    S3 WdFilter; C:\Windows\system32\drivers\WdFilter.sys [293216 2015-10-30] (Microsoft Corporation)
    S3 WdNisDrv; C:\Windows\System32\Drivers\WdNisDrv.sys [118112 2015-10-30] (Microsoft Corporation)

    ==================== NetSvcs (Whitelisted) ===================
     
  19. losdavos

    losdavos TS Booster Topic Starter Posts: 112

    (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)


    ==================== One Month Created files and folders ========

    (If an entry is included in the fixlist, the file/folder will be moved.)

    2016-07-03 23:31 - 2016-07-03 23:31 - 00000712 _____ C:\Users\david\Desktop\JRT1.txt
    2016-07-03 23:30 - 2016-07-03 23:30 - 00000712 _____ C:\Users\david\Desktop\JRT.txt
    2016-07-03 23:28 - 2016-07-03 23:29 - 01610816 _____ (Malwarebytes) C:\Users\david\Desktop\JRT.exe
    2016-07-03 23:23 - 2016-07-03 23:25 - 00000000 ____D C:\AdwCleaner
    2016-07-03 23:23 - 2016-07-03 23:23 - 03712064 _____ C:\Users\david\Desktop\adwcleaner_5.201.exe
    2016-07-03 23:20 - 2016-07-03 23:20 - 00001037 _____ C:\Users\david\Desktop\mbam.txt
    2016-07-03 23:14 - 2016-07-03 23:32 - 00192216 _____ (Malwarebytes) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
    2016-07-03 23:13 - 2016-07-03 23:13 - 00001171 _____ C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
    2016-07-03 23:13 - 2016-07-03 23:13 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware
    2016-07-03 23:13 - 2016-07-03 23:13 - 00000000 ____D C:\ProgramData\Malwarebytes
    2016-07-03 23:13 - 2016-07-03 23:13 - 00000000 ____D C:\Program Files (x86)\Malwarebytes Anti-Malware
    2016-07-03 23:13 - 2016-03-10 14:09 - 00065408 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mwac.sys
    2016-07-03 23:13 - 2016-03-10 14:08 - 00140672 _____ (Malwarebytes) C:\Windows\system32\Drivers\mbamchameleon.sys
    2016-07-03 23:13 - 2016-03-10 14:08 - 00027008 _____ (Malwarebytes) C:\Windows\system32\Drivers\mbam.sys
    2016-07-03 23:10 - 2016-07-03 23:10 - 22851472 _____ (Malwarebytes ) C:\Users\david\Desktop\mbam-setup-2.2.1.1043.exe
    2016-07-03 23:08 - 2016-07-03 23:08 - 00000000 ___HD C:\OneDriveTemp
    2016-07-03 22:59 - 2016-07-03 22:59 - 00006046 _____ C:\Users\david\Desktop\rk_304C.tmp.txt
    2016-07-03 20:42 - 2016-07-03 20:42 - 00024688 _____ C:\Windows\system32\Drivers\TrueSight.sys
    2016-07-03 20:41 - 2016-07-03 20:41 - 00000000 ____D C:\ProgramData\RogueKiller
    2016-07-03 20:18 - 2016-07-03 20:21 - 19927624 _____ C:\Users\david\Desktop\RogueKiller.exe
    2016-07-03 04:49 - 2016-07-04 00:01 - 00022581 _____ C:\Users\david\Desktop\FRST.txt
    2016-07-03 04:49 - 2016-07-04 00:01 - 00000000 ____D C:\FRST
    2016-07-03 04:49 - 2016-07-03 04:50 - 00035154 _____ C:\Users\david\Desktop\Addition.txt
    2016-07-03 04:46 - 2016-07-03 04:48 - 02390016 _____ (Farbar) C:\Users\david\Desktop\FRST64.exe
    2016-07-01 10:56 - 2016-07-01 10:56 - 00932857 _____ C:\Users\david\Downloads\ssrc-readingsuperhero.pdf
    2016-06-29 09:59 - 2016-07-02 12:50 - 00122368 ___SH C:\Users\david\Downloads\Thumbs.db
    2016-06-29 02:24 - 2016-06-29 02:24 - 00002870 _____ C:\Windows\System32\Tasks\CCleanerSkipUAC
    2016-06-29 02:24 - 2016-06-29 02:24 - 00000863 _____ C:\Users\Public\Desktop\CCleaner.lnk
    2016-06-29 02:24 - 2016-06-29 02:24 - 00000000 ____D C:\Program Files\CCleaner
    2016-06-26 22:21 - 2016-06-26 22:21 - 00001009 _____ C:\Users\Public\Desktop\AVG Protection.lnk
    2016-06-26 22:21 - 2016-06-26 22:21 - 00000000 ___HD C:\$AVG
    2016-06-26 22:21 - 2016-06-26 22:21 - 00000000 ____D C:\Users\david\AppData\Roaming\TuneUp Software
    2016-06-26 22:21 - 2016-06-26 22:21 - 00000000 ____D C:\Users\david\AppData\Roaming\AVG
    2016-06-26 22:21 - 2016-06-26 22:21 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AVG
    2016-06-26 22:20 - 2016-07-03 23:35 - 00000000 ____D C:\ProgramData\MFAData
    2016-06-26 22:20 - 2016-06-26 22:21 - 00000000 ____D C:\Program Files (x86)\AVG
    2016-06-26 22:20 - 2016-06-26 22:20 - 00000000 ____D C:\Users\david\AppData\Local\MFAData
    2016-06-26 22:17 - 2016-06-26 22:21 - 00000000 ____D C:\Users\david\AppData\Local\Avg
    2016-06-26 22:17 - 2016-06-26 22:21 - 00000000 ____D C:\ProgramData\Avg
    2016-06-26 22:17 - 2016-06-26 22:20 - 00000000 ____D C:\Users\david\AppData\Local\AvgSetupLog
    2016-06-26 22:17 - 2016-06-26 22:17 - 03135880 _____ (AVG Technologies CZ, s.r.o.) C:\Users\david\Desktop\AVG_Internet_Security_742.exe
    2016-06-25 23:19 - 2016-06-25 23:19 - 00000000 ____D C:\Users\david\AppData\LocalLow\Lenovo
    2016-06-22 14:17 - 2016-06-22 14:17 - 00000000 ____D C:\Users\david\AppData\Roaming\Lenovo
    2016-06-20 07:47 - 2016-06-20 07:47 - 00199193 ____T C:\Users\david\Desktop\go shuttle ticket.pdf
    2016-06-20 07:26 - 2016-06-20 07:26 - 00035642 ____T C:\Users\david\Desktop\go shuttle receipt.pdf
    2016-06-18 14:17 - 2016-06-18 14:17 - 00348376 _____ (Spotify Ltd) C:\Users\david\Downloads\SpotifySetup.exe
    2016-06-18 14:16 - 2016-07-03 20:19 - 00000000 ____D C:\Users\david\AppData\Local\Spotify
    2016-06-18 14:16 - 2016-07-03 19:39 - 00000000 ____D C:\Users\david\AppData\Roaming\Spotify
    2016-06-18 14:16 - 2016-06-29 12:49 - 00001895 _____ C:\Users\david\Desktop\Spotify.lnk
    2016-06-18 14:16 - 2016-06-29 12:49 - 00001881 _____ C:\Users\david\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Spotify.lnk
    2016-06-18 08:29 - 2016-06-18 08:29 - 02369246 _____ C:\Users\david\Desktop\WaterTaxi_Winter_FY15.pdf
    2016-06-17 01:24 - 2016-05-28 00:57 - 01372312 _____ (Microsoft Corporation) C:\Windows\SysWOW64\gdi32.dll
    2016-06-17 01:24 - 2016-05-28 00:29 - 00045568 _____ (Adobe Systems) C:\Windows\system32\atmlib.dll
    2016-06-17 01:24 - 2016-05-28 00:11 - 00504320 _____ (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll
    2016-06-17 01:23 - 2016-05-28 02:13 - 01401024 _____ (Microsoft Corporation) C:\Windows\system32\appraiser.dll
    2016-06-17 01:23 - 2016-05-28 02:13 - 01184960 _____ (Microsoft Corporation) C:\Windows\system32\aeinv.dll
    2016-06-17 01:23 - 2016-05-28 02:13 - 00514752 _____ (Microsoft Corporation) C:\Windows\system32\devinv.dll
    2016-06-17 01:23 - 2016-05-28 02:13 - 00290496 _____ (Microsoft Corporation) C:\Windows\system32\invagent.dll
    2016-06-17 01:23 - 2016-05-28 02:13 - 00092352 _____ (Microsoft Corporation) C:\Windows\system32\acmigration.dll
    2016-06-17 01:23 - 2016-05-28 02:13 - 00046784 _____ (Microsoft Corporation) C:\Windows\system32\CompatTelRunner.exe
    2016-06-17 01:23 - 2016-05-28 01:25 - 04268880 _____ (Microsoft Corporation) C:\Windows\SysWOW64\setupapi.dll
    2016-06-17 01:23 - 2016-05-28 01:23 - 00388384 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ws2_32.dll
    2016-06-17 01:23 - 2016-05-28 01:23 - 00312160 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mswsock.dll
    2016-06-17 01:23 - 2016-05-28 01:22 - 07474528 _____ (Microsoft Corporation) C:\Windows\system32\ntoskrnl.exe
    2016-06-17 01:23 - 2016-05-28 01:22 - 04387680 _____ (Microsoft Corporation) C:\Windows\system32\setupapi.dll
    2016-06-17 01:23 - 2016-05-28 01:22 - 00428896 _____ (Microsoft Corporation) C:\Windows\system32\hal.dll
    2016-06-17 01:23 - 2016-05-28 01:22 - 00211296 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\tpm.sys
    2016-06-17 01:23 - 2016-05-28 01:22 - 00118624 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\partmgr.sys
    2016-06-17 01:23 - 2016-05-28 01:20 - 00430312 _____ (Microsoft Corporation) C:\Windows\system32\ws2_32.dll
    2016-06-17 01:23 - 2016-05-28 01:18 - 00357216 _____ (Microsoft Corporation) C:\Windows\system32\mswsock.dll
    2016-06-17 01:23 - 2016-05-28 01:16 - 00026408 _____ (Microsoft Corporation) C:\Windows\system32\wuauclt.exe
    2016-06-17 01:23 - 2016-05-28 01:09 - 00501600 _____ (Microsoft Corporation) C:\Windows\SysWOW64\NetSetupEngine.dll
    2016-06-17 01:23 - 2016-05-28 01:09 - 00170848 _____ (Microsoft Corporation) C:\Windows\system32\NetworkUXBroker.exe
    2016-06-17 01:23 - 2016-05-28 01:09 - 00084832 _____ (Microsoft Corporation) C:\Windows\SysWOW64\NetSetupApi.dll
    2016-06-17 01:23 - 2016-05-28 01:08 - 00693600 _____ (Microsoft Corporation) C:\Windows\system32\NetSetupEngine.dll
    2016-06-17 01:23 - 2016-05-28 01:08 - 00258912 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ufx01000.sys
    2016-06-17 01:23 - 2016-05-28 01:08 - 00115040 _____ (Microsoft Corporation) C:\Windows\system32\NetSetupApi.dll
    2016-06-17 01:23 - 2016-05-28 01:07 - 03675512 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
    2016-06-17 01:23 - 2016-05-28 01:07 - 02921880 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
    2016-06-17 01:23 - 2016-05-28 01:07 - 01322248 _____ (Microsoft Corporation) C:\Windows\system32\ole32.dll
    2016-06-17 01:23 - 2016-05-28 01:07 - 00957608 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ole32.dll
    2016-06-17 01:23 - 2016-05-28 01:07 - 00808288 _____ (Microsoft Corporation) C:\Windows\system32\WWAHost.exe
    2016-06-17 01:23 - 2016-05-28 01:07 - 00703840 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WWAHost.exe
    2016-06-17 01:23 - 2016-05-28 01:07 - 00331616 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\pci.sys
    2016-06-17 01:23 - 2016-05-28 01:06 - 22561256 _____ (Microsoft Corporation) C:\Windows\system32\shell32.dll
    2016-06-17 01:23 - 2016-05-28 01:06 - 04074160 _____ (Microsoft Corporation) C:\Windows\SysWOW64\explorer.exe
    2016-06-17 01:23 - 2016-05-28 01:06 - 00730344 _____ (Microsoft Corporation) C:\Windows\system32\Windows.Internal.Shell.Broker.dll
    2016-06-17 01:23 - 2016-05-28 01:06 - 00303216 _____ (Microsoft Corporation) C:\Windows\system32\LockAppHost.exe
    2016-06-17 01:23 - 2016-05-28 01:06 - 00254656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\LockAppHost.exe
    2016-06-17 01:23 - 2016-05-28 01:05 - 04515264 _____ (Microsoft Corporation) C:\Windows\explorer.exe
    2016-06-17 01:23 - 2016-05-28 01:04 - 00604928 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\cng.sys
    2016-06-17 01:23 - 2016-05-28 01:04 - 00431296 _____ (Microsoft Corporation) C:\Windows\system32\bcryptprimitives.dll
    2016-06-17 01:23 - 2016-05-28 01:04 - 00360480 _____ (Microsoft Corporation) C:\Windows\SysWOW64\bcryptprimitives.dll
    2016-06-17 01:23 - 2016-05-28 01:04 - 00161632 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecpkg.sys
    2016-06-17 01:23 - 2016-05-28 01:04 - 00111064 _____ (Microsoft Corporation) C:\Windows\system32\ncryptsslp.dll
    2016-06-17 01:23 - 2016-05-28 01:04 - 00097096 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ncryptsslp.dll
    2016-06-17 01:23 - 2016-05-28 01:03 - 00131248 _____ (Microsoft Corporation) C:\Windows\system32\gpapi.dll
    2016-06-17 01:23 - 2016-05-28 00:58 - 01996640 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\dxgkrnl.sys
    2016-06-17 01:23 - 2016-05-28 00:58 - 00379232 _____ (Adobe Systems Incorporated) C:\Windows\system32\atmfd.dll
    2016-06-17 01:23 - 2016-05-28 00:57 - 02548944 _____ (Microsoft Corporation) C:\Windows\system32\d3d10warp.dll
    2016-06-17 01:23 - 2016-05-28 00:57 - 02195632 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3d10warp.dll
    2016-06-17 01:23 - 2016-05-28 00:57 - 01594416 _____ (Microsoft Corporation) C:\Windows\system32\gdi32.dll
    2016-06-17 01:23 - 2016-05-28 00:57 - 00649792 _____ (Microsoft Corporation) C:\Windows\system32\dxgi.dll
    2016-06-17 01:23 - 2016-05-28 00:57 - 00636304 _____ (Microsoft Corporation) C:\Windows\system32\fontdrvhost.exe
    2016-06-17 01:23 - 2016-05-28 00:57 - 00577376 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\dxgmms2.sys
    2016-06-17 01:23 - 2016-05-28 00:57 - 00546456 _____ (Microsoft Corporation) C:\Windows\SysWOW64\fontdrvhost.exe
    2016-06-17 01:23 - 2016-05-28 00:57 - 00521664 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxgi.dll
    2016-06-17 01:23 - 2016-05-28 00:57 - 00316256 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\atmfd.dll
    2016-06-17 01:23 - 2016-05-28 00:35 - 00123392 _____ (Microsoft Corporation) C:\Windows\system32\tdlrecover.exe
    2016-06-17 01:23 - 2016-05-28 00:35 - 00089088 _____ (Microsoft Corporation) C:\Windows\system32\MapsCSP.dll
    2016-06-17 01:23 - 2016-05-28 00:35 - 00031744 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\dumpsdport.sys
    2016-06-17 01:23 - 2016-05-28 00:31 - 00091648 _____ (Microsoft Corporation) C:\Windows\SysWOW64\tdlrecover.exe
    2016-06-17 01:23 - 2016-05-28 00:31 - 00088576 _____ (Microsoft Corporation) C:\Windows\SysWOW64\olepro32.dll
    2016-06-17 01:23 - 2016-05-28 00:31 - 00066560 _____ (Microsoft Corporation) C:\Windows\system32\MosHostClient.dll
    2016-06-17 01:23 - 2016-05-28 00:29 - 22379008 _____ (Microsoft Corporation) C:\Windows\system32\edgehtml.dll
    2016-06-17 01:23 - 2016-05-28 00:29 - 00079360 _____ (Microsoft Corporation) C:\Windows\system32\adhsvc.dll
    2016-06-17 01:23 - 2016-05-28 00:29 - 00019456 _____ (Microsoft Corporation) C:\Windows\system32\httpprxp.dll
    2016-06-17 01:23 - 2016-05-28 00:28 - 00166400 _____ (Microsoft Corporation) C:\Windows\system32\MusNotification.exe
    2016-06-17 01:23 - 2016-05-28 00:28 - 00118272 _____ (Microsoft Corporation) C:\Windows\system32\fontsub.dll
    2016-06-17 01:23 - 2016-05-28 00:28 - 00090112 _____ (Microsoft Corporation) C:\Windows\system32\FwRemoteSvr.dll
    2016-06-17 01:23 - 2016-05-28 00:27 - 00050176 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MosHostClient.dll
    2016-06-17 01:23 - 2016-05-28 00:27 - 00028672 _____ (Microsoft Corporation) C:\Windows\system32\mapsupdatetask.dll
    2016-06-17 01:23 - 2016-05-28 00:26 - 00199168 _____ (Microsoft Corporation) C:\Windows\system32\InstallAgent.exe
    2016-06-17 01:23 - 2016-05-28 00:26 - 00157184 _____ (Microsoft Corporation) C:\Windows\system32\dmcertinst.exe
    2016-06-17 01:23 - 2016-05-28 00:26 - 00145920 _____ (Microsoft Corporation) C:\Windows\system32\omadmclient.exe
    2016-06-17 01:23 - 2016-05-28 00:26 - 00120320 _____ (Microsoft Corporation) C:\Windows\system32\MapsBtSvc.dll
    2016-06-17 01:23 - 2016-05-28 00:26 - 00074752 _____ (Microsoft Corporation) C:\Windows\system32\MosStorage.dll
    2016-06-17 01:23 - 2016-05-28 00:25 - 00112640 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\bthenum.sys
    2016-06-17 01:23 - 2016-05-28 00:25 - 00037376 _____ (Adobe Systems) C:\Windows\SysWOW64\atmlib.dll
    2016-06-17 01:23 - 2016-05-28 00:24 - 00218624 _____ (Microsoft Corporation) C:\Windows\system32\cdd.dll
    2016-06-17 01:23 - 2016-05-28 00:24 - 00124928 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\Ndu.sys
    2016-06-17 01:23 - 2016-05-28 00:24 - 00093696 _____ (Microsoft Corporation) C:\Windows\SysWOW64\fontsub.dll
    2016-06-17 01:23 - 2016-05-28 00:24 - 00091136 _____ (Microsoft Corporation) C:\Windows\system32\browserbroker.dll
    2016-06-17 01:23 - 2016-05-28 00:24 - 00086528 _____ (Microsoft Corporation) C:\Windows\system32\AppCapture.dll
    2016-06-17 01:23 - 2016-05-28 00:24 - 00072704 _____ (Microsoft Corporation) C:\Windows\system32\moshost.dll
    2016-06-17 01:23 - 2016-05-28 00:24 - 00067072 _____ (Microsoft Corporation) C:\Windows\system32\dhcpcsvc6.dll
    2016-06-17 01:23 - 2016-05-28 00:24 - 00053760 _____ (Microsoft Corporation) C:\Windows\SysWOW64\FwRemoteSvr.dll
    2016-06-17 01:23 - 2016-05-28 00:23 - 00155136 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\hidclass.sys
    2016-06-17 01:23 - 2016-05-28 00:23 - 00086016 _____ (Microsoft Corporation) C:\Windows\system32\dhcpcsvc.dll
    2016-06-17 01:23 - 2016-05-28 00:22 - 00406528 _____ (Microsoft Corporation) C:\Windows\system32\MusUpdateHandlers.dll
    2016-06-17 01:23 - 2016-05-28 00:22 - 00368640 _____ (Microsoft Corporation) C:\Windows\system32\usocore.dll
    2016-06-17 01:23 - 2016-05-28 00:22 - 00278528 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\netbt.sys
    2016-06-17 01:23 - 2016-05-28 00:22 - 00269824 _____ (Microsoft Corporation) C:\Windows\system32\moshostcore.dll
    2016-06-17 01:23 - 2016-05-28 00:22 - 00163328 _____ (Microsoft Corporation) C:\Windows\system32\tetheringservice.dll
    2016-06-17 01:23 - 2016-05-28 00:22 - 00161280 _____ (Microsoft Corporation) C:\Windows\SysWOW64\InstallAgent.exe
    2016-06-17 01:23 - 2016-05-28 00:22 - 00087040 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MapsBtSvc.dll
    2016-06-17 01:23 - 2016-05-28 00:22 - 00079872 _____ (Microsoft Corporation) C:\Windows\system32\cryptsvc.dll
    2016-06-17 01:23 - 2016-05-28 00:22 - 00059904 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MosStorage.dll
    2016-06-17 01:23 - 2016-05-28 00:21 - 00550912 _____ (Microsoft Corporation) C:\Windows\system32\StoreAgent.dll
    2016-06-17 01:23 - 2016-05-28 00:21 - 00239104 _____ (Microsoft Corporation) C:\Windows\system32\BrokerLib.dll
    2016-06-17 01:23 - 2016-05-28 00:21 - 00207360 _____ (Microsoft Corporation) C:\Windows\system32\NetSetupSvc.dll
    2016-06-17 01:23 - 2016-05-28 00:21 - 00190464 _____ (Microsoft Corporation) C:\Windows\system32\wscsvc.dll
    2016-06-17 01:23 - 2016-05-28 00:20 - 00641536 _____ (Microsoft Corporation) C:\Windows\system32\enterprisecsps.dll
    2016-06-17 01:23 - 2016-05-28 00:20 - 00511488 _____ (Microsoft Corporation) C:\Windows\system32\newdev.dll
    2016-06-17 01:23 - 2016-05-28 00:20 - 00332288 _____ (Microsoft Corporation) C:\Windows\system32\polstore.dll
    2016-06-17 01:23 - 2016-05-28 00:20 - 00267264 _____ (Microsoft Corporation) C:\Windows\system32\dhcpcore6.dll
    2016-06-17 01:23 - 2016-05-28 00:20 - 00199168 _____ (Microsoft Corporation) C:\Windows\system32\GnssAdapter.dll
    2016-06-17 01:23 - 2016-05-28 00:20 - 00174080 _____ (Microsoft Corporation) C:\Windows\system32\SettingsHandlers_Privacy.dll
    2016-06-17 01:23 - 2016-05-28 00:20 - 00057344 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dhcpcsvc6.dll
    2016-06-17 01:23 - 2016-05-28 00:19 - 24605696 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
    2016-06-17 01:23 - 2016-05-28 00:19 - 00764928 _____ (Microsoft Corporation) C:\Windows\system32\Chakradiag.dll
    2016-06-17 01:23 - 2016-05-28 00:19 - 00567808 _____ (Microsoft Corporation) C:\Windows\system32\MBMediaManager.dll
    2016-06-17 01:23 - 2016-05-28 00:19 - 00414720 _____ (Microsoft Corporation) C:\Windows\system32\bcastdvr.exe
    2016-06-17 01:23 - 2016-05-28 00:19 - 00355840 _____ (Microsoft Corporation) C:\Windows\system32\dhcpcore.dll
    2016-06-17 01:23 - 2016-05-28 00:19 - 00064000 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dhcpcsvc.dll
    2016-06-17 01:23 - 2016-05-28 00:18 - 11545088 _____ (Microsoft Corporation) C:\Windows\system32\twinui.dll
    2016-06-17 01:23 - 2016-05-28 00:18 - 07977472 _____ (Microsoft Corporation) C:\Windows\system32\mos.dll
    2016-06-17 01:23 - 2016-05-28 00:18 - 00610816 _____ (Microsoft Corporation) C:\Windows\system32\rastls.dll
    2016-06-17 01:23 - 2016-05-28 00:18 - 00591360 _____ (Microsoft Corporation) C:\Windows\system32\vpnike.dll
    2016-06-17 01:23 - 2016-05-28 00:18 - 00460800 _____ (Microsoft Corporation) C:\Windows\system32\MapConfiguration.dll
    2016-06-17 01:23 - 2016-05-28 00:18 - 00392192 _____ (Microsoft Corporation) C:\Windows\system32\IPSECSVC.DLL
    2016-06-17 01:23 - 2016-05-28 00:18 - 00380416 _____ (Microsoft Corporation) C:\Windows\system32\SystemEventsBrokerServer.dll
    2016-06-17 01:23 - 2016-05-28 00:18 - 00285184 _____ (Microsoft Corporation) C:\Windows\system32\VEEventDispatcher.dll
    2016-06-17 01:23 - 2016-05-28 00:17 - 09918976 _____ (Microsoft Corporation) C:\Windows\SysWOW64\twinui.dll
    2016-06-17 01:23 - 2016-05-28 00:17 - 00963072 _____ (Microsoft Corporation) C:\Windows\system32\iphlpsvc.dll
    2016-06-17 01:23 - 2016-05-28 00:17 - 00630784 _____ (Microsoft Corporation) C:\Windows\system32\MessagingDataModel2.dll
    2016-06-17 01:23 - 2016-05-28 00:17 - 00485888 _____ (Microsoft Corporation) C:\Windows\SysWOW64\newdev.dll
    2016-06-17 01:23 - 2016-05-28 00:17 - 00415232 _____ (Microsoft Corporation) C:\Windows\SysWOW64\StoreAgent.dll
    2016-06-17 01:23 - 2016-05-28 00:17 - 00315392 _____ (Microsoft Corporation) C:\Windows\system32\RDXTaskFactory.dll
    2016-06-17 01:23 - 2016-05-28 00:17 - 00278016 _____ (Microsoft Corporation) C:\Windows\system32\Windows.Internal.Management.dll
    2016-06-17 01:23 - 2016-05-28 00:17 - 00173056 _____ (Microsoft Corporation) C:\Windows\system32\mdmmigrator.dll
    2016-06-17 01:23 - 2016-05-28 00:16 - 19344384 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
    2016-06-17 01:23 - 2016-05-28 00:16 - 00690176 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\srv2.sys
    2016-06-17 01:23 - 2016-05-28 00:16 - 00684544 _____ (Microsoft Corporation) C:\Windows\system32\StructuredQuery.dll
    2016-06-17 01:23 - 2016-05-28 00:16 - 00592896 _____ (Microsoft Corporation) C:\Windows\system32\AppContracts.dll
    2016-06-17 01:23 - 2016-05-28 00:16 - 00503808 _____ (Microsoft Corporation) C:\Windows\system32\tileobjserver.dll
    2016-06-17 01:23 - 2016-05-28 00:16 - 00406528 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\srv.sys
    2016-06-17 01:23 - 2016-05-28 00:16 - 00291328 _____ (Microsoft Corporation) C:\Windows\SysWOW64\polstore.dll
    2016-06-17 01:23 - 2016-05-28 00:16 - 00230400 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dhcpcore6.dll
    2016-06-17 01:23 - 2016-05-28 00:15 - 01056256 _____ (Microsoft Corporation) C:\Windows\system32\JpMapControl.dll
    2016-06-17 01:23 - 2016-05-28 00:15 - 00853504 _____ (Microsoft Corporation) C:\Windows\system32\MapsStore.dll
    2016-06-17 01:23 - 2016-05-28 00:15 - 00794624 _____ (Microsoft Corporation) C:\Windows\system32\winhttp.dll
    2016-06-17 01:23 - 2016-05-28 00:15 - 00535040 _____ (Microsoft Corporation) C:\Windows\SysWOW64\rastls.dll
    2016-06-17 01:23 - 2016-05-28 00:15 - 00349696 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MapConfiguration.dll
    2016-06-17 01:23 - 2016-05-28 00:15 - 00293888 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dhcpcore.dll
    2016-06-17 01:23 - 2016-05-28 00:15 - 00237056 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\srvnet.sys
    2016-06-17 01:23 - 2016-05-28 00:14 - 18674176 _____ (Microsoft Corporation) C:\Windows\SysWOW64\edgehtml.dll
    2016-06-17 01:23 - 2016-05-28 00:14 - 01716736 _____ (Microsoft Corporation) C:\Windows\system32\SRHInproc.dll
    2016-06-17 01:23 - 2016-05-28 00:14 - 00988160 _____ (Microsoft Corporation) C:\Windows\system32\NMAA.dll
    2016-06-17 01:23 - 2016-05-28 00:14 - 00965632 _____ (Microsoft Corporation) C:\Windows\system32\SRH.dll
    2016-06-17 01:23 - 2016-05-28 00:14 - 00784384 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
    2016-06-17 01:23 - 2016-05-28 00:14 - 00606208 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
    2016-06-17 01:23 - 2016-05-28 00:14 - 00499712 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MessagingDataModel2.dll
    2016-06-17 01:23 - 2016-05-28 00:14 - 00219136 _____ (Microsoft Corporation) C:\Windows\SysWOW64\VEEventDispatcher.dll
    2016-06-17 01:23 - 2016-05-28 00:14 - 00200192 _____ (Microsoft Corporation) C:\Windows\SysWOW64\Windows.Internal.Management.dll
    2016-06-17 01:23 - 2016-05-28 00:13 - 01387520 _____ (Microsoft Corporation) C:\Windows\system32\win32kbase.sys
    2016-06-17 01:23 - 2016-05-28 00:13 - 00990208 _____ (Microsoft Corporation) C:\Windows\system32\SharedStartModel.dll
    2016-06-17 01:23 - 2016-05-28 00:13 - 00982016 _____ (Microsoft Corporation) C:\Windows\system32\AppxPackaging.dll
    2016-06-17 01:23 - 2016-05-28 00:13 - 00954368 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\bthport.sys
    2016-06-17 01:23 - 2016-05-28 00:13 - 00939520 _____ (Microsoft Corporation) C:\Windows\system32\MapControlCore.dll
    2016-06-17 01:23 - 2016-05-28 00:13 - 00587776 _____ (Microsoft Corporation) C:\Windows\system32\bisrv.dll
    2016-06-17 01:23 - 2016-05-28 00:13 - 00467456 _____ (Microsoft Corporation) C:\Windows\SysWOW64\AppContracts.dll
    2016-06-17 01:23 - 2016-05-28 00:13 - 00084992 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\BTHUSB.SYS
    2016-06-17 01:23 - 2016-05-28 00:12 - 00800768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\JpMapControl.dll
    2016-06-17 01:23 - 2016-05-28 00:12 - 00614400 _____ (Microsoft Corporation) C:\Windows\SysWOW64\winhttp.dll
    2016-06-17 01:23 - 2016-05-28 00:12 - 00521728 _____ (Microsoft Corporation) C:\Windows\SysWOW64\StructuredQuery.dll
    2016-06-17 01:23 - 2016-05-28 00:11 - 01445888 _____ (Microsoft Corporation) C:\Windows\SysWOW64\SRHInproc.dll
    2016-06-17 01:23 - 2016-05-28 00:11 - 00890368 _____ (Microsoft Corporation) C:\Windows\SysWOW64\AppxPackaging.dll
    2016-06-17 01:23 - 2016-05-28 00:11 - 00799744 _____ (Microsoft Corporation) C:\Windows\SysWOW64\SRH.dll
    2016-06-17 01:23 - 2016-05-28 00:11 - 00784896 _____ (Microsoft Corporation) C:\Windows\SysWOW64\NMAA.dll
    2016-06-17 01:23 - 2016-05-28 00:11 - 00711680 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MapControlCore.dll
    2016-06-17 01:23 - 2016-05-28 00:11 - 00687616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
    2016-06-17 01:23 - 2016-05-28 00:11 - 00128512 _____ (Microsoft Corporation) C:\Windows\system32\httpprxm.dll
    2016-06-17 01:23 - 2016-05-28 00:09 - 01073152 _____ (Microsoft Corporation) C:\Windows\system32\RDXService.dll
    2016-06-17 01:23 - 2016-05-28 00:08 - 13385728 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
    2016-06-17 01:23 - 2016-05-28 00:08 - 06295552 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mos.dll
    2016-06-17 01:23 - 2016-05-28 00:06 - 12128256 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
    2016-06-17 01:23 - 2016-05-28 00:06 - 07200256 _____ (Microsoft Corporation) C:\Windows\system32\BingMaps.dll
    2016-06-17 01:23 - 2016-05-28 00:06 - 01339904 _____ (Microsoft Corporation) C:\Windows\system32\gpsvc.dll
    2016-06-17 01:23 - 2016-05-28 00:05 - 03994624 _____ (Microsoft Corporation) C:\Windows\system32\SettingsHandlers_nt.dll
    2016-06-17 01:23 - 2016-05-28 00:05 - 03664896 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
    2016-06-17 01:23 - 2016-05-28 00:05 - 02582016 _____ (Microsoft Corporation) C:\Windows\system32\MFMediaEngine.dll
    2016-06-17 01:23 - 2016-05-28 00:05 - 01797120 _____ (Microsoft Corporation) C:\Windows\system32\Windows.UI.Immersive.dll
    2016-06-17 01:23 - 2016-05-28 00:04 - 06973952 _____ (Microsoft Corporation) C:\Windows\system32\Windows.Data.Pdf.dll
    2016-06-17 01:23 - 2016-05-28 00:04 - 00555520 _____ (Microsoft Corporation) C:\Windows\system32\SyncController.dll
    2016-06-17 01:23 - 2016-05-28 00:04 - 00450560 _____ (Microsoft Corporation) C:\Windows\SysWOW64\SyncController.dll
    2016-06-17 01:23 - 2016-05-28 00:03 - 05323776 _____ (Microsoft Corporation) C:\Windows\SysWOW64\Windows.Data.Pdf.dll
    2016-06-17 01:23 - 2016-05-28 00:03 - 05205504 _____ (Microsoft Corporation) C:\Windows\SysWOW64\BingMaps.dll
    2016-06-17 01:23 - 2016-05-28 00:03 - 02609664 _____ (Microsoft Corporation) C:\Windows\system32\NetworkMobileSettings.dll
    2016-06-17 01:23 - 2016-05-28 00:03 - 01185280 _____ (Microsoft Corporation) C:\Windows\SysWOW64\LocationFramework.dll
    2016-06-17 01:23 - 2016-05-28 00:03 - 00693760 _____ (Microsoft Corporation) C:\Windows\system32\internetmail.dll
    2016-06-17 01:23 - 2016-05-28 00:03 - 00417792 _____ (Microsoft Corporation) C:\Windows\system32\dmenrollengine.dll
    2016-06-17 01:23 - 2016-05-28 00:02 - 03590144 _____ (Microsoft Corporation) C:\Windows\system32\win32kfull.sys
    2016-06-17 01:23 - 2016-05-28 00:02 - 02061824 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MFMediaEngine.dll
    2016-06-17 01:23 - 2016-05-28 00:02 - 01534464 _____ (Microsoft Corporation) C:\Windows\system32\LocationFramework.dll
    2016-06-17 01:23 - 2016-05-28 00:02 - 00103424 _____ (Microsoft Corporation) C:\Windows\SysWOW64\updatepolicy.dll
    2016-06-17 01:23 - 2016-05-28 00:01 - 01799680 _____ (Microsoft Corporation) C:\Windows\SysWOW64\Windows.UI.Logon.dll
    2016-06-17 01:23 - 2016-05-28 00:01 - 01582080 _____ (Microsoft Corporation) C:\Windows\SysWOW64\Windows.UI.Immersive.dll
    2016-06-17 01:23 - 2016-05-28 00:01 - 01500160 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
    2016-06-17 01:23 - 2016-05-28 00:01 - 00111104 _____ (Microsoft Corporation) C:\Windows\system32\updatepolicy.dll
    2016-06-17 01:23 - 2016-05-28 00:00 - 05660160 _____ (Microsoft Corporation) C:\Windows\SysWOW64\Chakra.dll
    2016-06-17 01:23 - 2016-05-28 00:00 - 03585536 _____ (Microsoft Corporation) C:\Windows\system32\SystemSettingsThresholdAdminFlowUI.dll
    2016-06-17 01:23 - 2016-05-28 00:00 - 02635776 _____ (Microsoft Corporation) C:\Windows\system32\Windows.UI.Logon.dll
    2016-06-17 01:23 - 2016-05-28 00:00 - 02230272 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
    2016-06-17 01:23 - 2016-05-28 00:00 - 02168320 _____ (Microsoft Corporation) C:\Windows\system32\AppXDeploymentServer.dll
    2016-06-17 01:23 - 2016-05-28 00:00 - 01730560 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
    2016-06-17 01:23 - 2016-05-28 00:00 - 01707520 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ActiveSyncProvider.dll
    2016-06-17 01:23 - 2016-05-28 00:00 - 00162816 _____ (Microsoft Corporation) C:\Windows\system32\enrollmentapi.dll
    2016-06-17 01:23 - 2016-05-28 00:00 - 00151040 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mdmregistration.dll
    2016-06-17 01:23 - 2016-05-28 00:00 - 00090624 _____ (Microsoft Corporation) C:\Windows\system32\DeviceEnroller.exe
    2016-06-17 01:23 - 2016-05-27 23:59 - 00176640 _____ (Microsoft Corporation) C:\Windows\system32\mdmregistration.dll
    2016-06-17 01:23 - 2016-05-27 23:58 - 07832576 _____ (Microsoft Corporation) C:\Windows\system32\Chakra.dll
    2016-06-17 01:23 - 2016-05-27 23:58 - 04896256 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
    2016-06-17 01:23 - 2016-05-27 23:58 - 02755584 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
    2016-06-17 01:23 - 2016-05-27 23:58 - 02066432 _____ (Microsoft Corporation) C:\Windows\system32\AppXDeploymentExtensions.dll
    2016-06-17 01:23 - 2016-05-27 23:58 - 01996288 _____ (Microsoft Corporation) C:\Windows\system32\ActiveSyncProvider.dll
    2016-06-17 01:23 - 2016-05-27 23:57 - 02281472 _____ (Microsoft Corporation) C:\Windows\system32\wuaueng.dll
    2016-06-17 01:23 - 2016-05-27 23:55 - 01390080 _____ (Microsoft Corporation) C:\Windows\system32\Windows.UI.Shell.dll
    2016-06-17 01:23 - 2016-05-27 23:53 - 00076800 _____ (Microsoft Corporation) C:\Windows\system32\ngcpopkeysrv.dll
    2016-06-14 14:30 - 2016-06-14 14:30 - 00611400 _____ () C:\Users\david\Downloads\LSBsetup.exe
    2016-06-14 14:30 - 2016-06-14 14:30 - 00000000 ____D C:\Users\david\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Lenovo
    2016-06-14 14:30 - 2016-06-14 14:30 - 00000000 ____D C:\Users\david\AppData\Local\Deployment
    2016-06-14 14:30 - 2016-06-14 14:30 - 00000000 ____D C:\Users\david\AppData\Local\Apps\2.0
    2016-06-11 10:40 - 2016-06-11 10:41 - 00000000 ____D C:\Users\david\AppData\Local\mozysync
    2016-06-11 10:40 - 2016-06-11 10:40 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozy
    2016-06-11 10:40 - 2016-06-11 10:40 - 00000000 ____D C:\Program Files\Mozy Sync
    2016-06-06 14:15 - 2016-06-29 02:28 - 00159232 ___SH C:\Users\david\Desktop\Thumbs.db
    2016-06-04 06:24 - 2016-06-04 06:24 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\SHAREit

    ==================== One Month Modified files and folders ========

    (If an entry is included in the fixlist, the file/folder will be moved.)

    2016-07-03 23:44 - 2016-05-04 01:33 - 00000938 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
    2016-07-03 23:39 - 2015-11-03 15:28 - 00881036 _____ C:\Windows\system32\PerfStringBackup.INI
    2016-07-03 23:39 - 2015-10-30 03:21 - 00000000 ____D C:\Windows\INF
    2016-07-03 23:35 - 2016-05-03 20:06 - 00000000 ___RD C:\Users\david\OneDrive
    2016-07-03 23:32 - 2016-05-24 10:37 - 00000000 ____D C:\Users\david\AppData\Local\Lenovo
    2016-07-03 23:32 - 2016-05-04 01:33 - 00000934 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
    2016-07-03 23:32 - 2016-05-03 20:05 - 00000000 __SHD C:\Users\david\IntelGraphicsProfiles
    2016-07-03 23:32 - 2016-05-03 20:03 - 00000180 _____ C:\Windows\system32\{A6D608F0-0BDE-491A-97AE-5C4B05D86E01}.bat
    2016-07-03 23:32 - 2015-11-03 15:24 - 00000006 ____H C:\Windows\Tasks\SA.DAT
    2016-07-03 23:31 - 2015-10-30 02:28 - 00524288 ___SH C:\Windows\system32\config\BBI
    2016-07-03 19:38 - 2015-10-30 03:24 - 00000000 ____D C:\Windows\AppReadiness
    2016-07-02 01:43 - 2015-10-30 03:24 - 00000000 ___HD C:\Program Files\WindowsApps
    2016-06-30 01:16 - 2016-05-03 20:05 - 00000000 ____D C:\Users\david\AppData\Local\Packages
    2016-06-29 02:27 - 2016-05-03 20:03 - 00000000 ____D C:\Users\david
    2016-06-29 02:25 - 2016-05-20 14:38 - 00000000 ____D C:\Windows\Minidump
    2016-06-29 02:25 - 2015-11-03 14:11 - 00000000 ____D C:\Windows\Panther
    2016-06-26 22:22 - 2015-10-30 02:28 - 00032768 ___SH C:\Windows\system32\config\ELAM
    2016-06-26 22:21 - 2015-10-30 03:24 - 00000000 ___HD C:\Windows\ELAMBKUP
    2016-06-25 23:19 - 2016-04-08 19:18 - 00000000 ____D C:\ProgramData\Lenovo
    2016-06-22 21:19 - 2015-10-30 03:24 - 00000000 ____D C:\ProgramData\regid.1991-06.com.microsoft
    2016-06-22 21:18 - 2016-04-08 19:19 - 00000000 ____D C:\Program Files (x86)\Microsoft Office
    2016-06-22 15:14 - 2016-04-08 19:18 - 00000000 ____D C:\Program Files\Lenovo
    2016-06-22 15:14 - 2016-04-08 19:18 - 00000000 ____D C:\Program Files (x86)\Lenovo
    2016-06-22 14:17 - 2016-05-04 02:25 - 00000000 ____D C:\Users\david\AppData\Local\LSC
    2016-06-22 14:17 - 2016-05-04 01:24 - 00002158 _____ C:\Users\Public\Desktop\Lenovo Solution Center.lnk
    2016-06-22 14:17 - 2016-04-08 19:20 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Lenovo
    2016-06-22 14:17 - 2016-04-08 19:18 - 00000000 ____D C:\Windows\System32\Tasks\Lenovo
    2016-06-22 14:16 - 2016-04-08 19:17 - 00000000 ____D C:\Windows\Downloaded Installations
    2016-06-21 03:23 - 2016-05-04 02:55 - 00000000 ___RD C:\Users\david\3D Objects
    2016-06-20 11:36 - 2015-10-30 03:24 - 00000000 ____D C:\Windows\rescache
    2016-06-19 01:56 - 2015-11-03 15:24 - 00000000 __RHD C:\Users\Public\AccountPictures
    2016-06-19 01:55 - 2015-11-03 15:23 - 00332240 _____ C:\Windows\system32\FNTCACHE.DAT
    2016-06-19 01:54 - 2015-10-30 03:24 - 00000000 ___SD C:\Windows\system32\DiagSvcs
    2016-06-19 01:54 - 2015-10-30 03:24 - 00000000 ____D C:\Windows\system32\SystemResetPlatform
    2016-06-19 01:54 - 2015-10-30 03:24 - 00000000 ____D C:\Windows\bcastdvr
    2016-06-18 02:45 - 2016-05-04 01:33 - 00002272 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk
    2016-06-18 02:45 - 2016-05-04 01:33 - 00002260 _____ C:\Users\Public\Desktop\Google Chrome.lnk
    2016-06-18 02:29 - 2016-05-04 02:59 - 00000000 ____D C:\Users\david\Documents\Sound recordings
    2016-06-17 14:05 - 2015-10-30 03:24 - 00000000 ____D C:\Windows\system32\NDF
    2016-06-17 12:31 - 2015-10-30 03:11 - 00000000 ____D C:\Windows\CbsTemp
    2016-06-17 12:30 - 2016-05-12 11:47 - 00000000 ____D C:\Windows\system32\MRT
    2016-06-17 12:28 - 2016-05-12 11:46 - 142482544 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe
    2016-06-15 16:40 - 2016-05-05 01:31 - 00484008 ____N (Microsoft Corporation) C:\Windows\system32\MpSigStub.exe
    2016-06-14 14:33 - 2015-10-30 03:26 - 00828408 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
    2016-06-14 14:33 - 2015-10-30 03:26 - 00176632 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
    2016-06-04 06:24 - 2016-05-04 01:25 - 00001186 _____ C:\Users\Public\Desktop\SHAREit.lnk

    ==================== Files in the root of some directories =======

    2016-04-08 19:42 - 2016-04-08 19:42 - 0000000 ____H () C:\ProgramData\DP45977C.lfl
    2016-04-08 19:43 - 2016-04-08 19:43 - 0000102 _____ () C:\ProgramData\Microsoft.SqlServer.Compact.400.64.bc

    Some files in TEMP:
    ====================
    C:\Users\david\AppData\Local\Temp\dllnt_dump.dll
    C:\Users\david\AppData\Local\Temp\libeay32.dll
    C:\Users\david\AppData\Local\Temp\msvcr120.dll
    C:\Users\david\AppData\Local\Temp\sqlite3.dll


    ==================== Bamital & volsnap =================

    (There is no automatic fix for files that do not pass verification.)

    C:\Windows\system32\winlogon.exe => File is digitally signed
    C:\Windows\system32\wininit.exe => File is digitally signed
    C:\Windows\explorer.exe => File is digitally signed
    C:\Windows\SysWOW64\explorer.exe => File is digitally signed
    C:\Windows\system32\svchost.exe => File is digitally signed
    C:\Windows\SysWOW64\svchost.exe => File is digitally signed
    C:\Windows\system32\services.exe => File is digitally signed
    C:\Windows\system32\User32.dll => File is digitally signed
    C:\Windows\SysWOW64\User32.dll => File is digitally signed
    C:\Windows\system32\userinit.exe => File is digitally signed
    C:\Windows\SysWOW64\userinit.exe => File is digitally signed
    C:\Windows\system32\rpcss.dll => File is digitally signed
    C:\Windows\system32\dnsapi.dll => File is digitally signed
    C:\Windows\SysWOW64\dnsapi.dll => File is digitally signed
    C:\Windows\system32\Drivers\volsnap.sys => File is digitally signed


    LastRegBack: 2016-06-27 11:29

    ==================== End of FRST.txt ============================
     
  20. losdavos

    losdavos TS Booster Topic Starter Posts: 112

    Additional scan result of Farbar Recovery Scan Tool (x64) Version: 02-07-2016
    Ran by david (2016-07-04 00:02:09)
    Running from C:\Users\david\Desktop
    Windows 10 Home Version 1511 (X64) (2016-05-04 00:03:05)
    Boot Mode: Normal
    ==========================================================


    ==================== Accounts: =============================

    Administrator (S-1-5-21-483386053-2290206261-2764208400-500 - Administrator - Disabled)
    david (S-1-5-21-483386053-2290206261-2764208400-1001 - Administrator - Enabled) => C:\Users\david
    DefaultAccount (S-1-5-21-483386053-2290206261-2764208400-503 - Limited - Disabled)
    Guest (S-1-5-21-483386053-2290206261-2764208400-501 - Limited - Disabled)
    HomeGroupUser$ (S-1-5-21-483386053-2290206261-2764208400-1003 - Limited - Enabled)

    ==================== Security Center ========================

    (If an entry is included in the fixlist, it will be removed.)

    AV: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
    AV: AVG Internet Security (Enabled - Up to date) {4D41356F-32AD-7C42-C820-63775EE4F413}
    AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
    AS: AVG Internet Security (Enabled - Up to date) {F620D48B-1497-73CC-F290-58052563BEAE}
    FW: AVG Internet Security (Enabled) {757AB44A-78C2-7D1A-E37F-CA42A037B368}

    ==================== Installed Programs ======================

    (Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

    Adobe Acrobat Reader DC (HKLM-x32\...\{AC76BA86-7AD7-1033-7B44-AC0F074E4100}) (Version: 15.016.20045 - Adobe Systems Incorporated)
    Audacity 2.1.2 (HKLM-x32\...\Audacity®_is1) (Version: 2.1.2 - Audacity Team)
    AVG (Version: 16.81.7640 - AVG Technologies) Hidden
    AVG 2016 (Version: 16.0.4627 - AVG Technologies) Hidden
    AVG Protection (HKLM\...\AVG) (Version: 2016.81.7640 - AVG Technologies)
    CCleaner (HKLM\...\CCleaner) (Version: 5.19 - Piriform)
    Dolby Audio X2 Windows API SDK (HKLM\...\{6A478BF2-F67F-4ABC-A7F1-B6B5BA862371}) (Version: 0.5.2.32 - Dolby Laboratories, Inc.)
    Dolby Audio X2 Windows APP (HKLM\...\{7DA57EF8-9D20-4126-AF15-D0CC97D0C017}) (Version: 0.4.0.22 - Dolby Laboratories, Inc.)
    FMW 1 (Version: 1.102.4 - AVG Technologies) Hidden
    Google Chrome (HKLM-x32\...\Google Chrome) (Version: 51.0.2704.103 - Google Inc.)
    Google Update Helper (x32 Version: 1.3.30.3 - Google Inc.) Hidden
    Intel(R) Chipset Device Software (x32 Version: 10.1.1.9 - Intel(R) Corporation) Hidden
    Intel(R) Dynamic Platform and Thermal Framework (HKLM-x32\...\{654EE65D-FAA4-4EA6-8C07-DC94E6A304D4}) (Version: 8.1.10602.174 - Intel Corporation)
    Intel(R) Management Engine Components (HKLM\...\{1CEAC85D-2590-4760-800F-8DE5E91F3700}) (Version: 11.0.0.1159 - Intel Corporation)
    Intel(R) Processor Graphics (HKLM-x32\...\{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}) (Version: 20.19.15.4326 - Intel Corporation)
    Intel(R) Rapid Storage Technology (HKLM\...\{409CB30E-E457-4008-9B1A-ED1B9EA21140}) (Version: 14.5.0.1081 - Intel Corporation)
    Intel(R) Serial IO (HKLM\...\{9FD91C5C-44AE-4D9D-85BE-AE52816B0294}) (Version: 30.100.1519.7 - Intel Corporation)
    Intel(R) Wireless Bluetooth(R) (HKLM-x32\...\{588DA478-D4FF-48E3-8290-49F8C4B21283}) (Version: 18.1.1527.1551 - Intel Corporation)
    Intel® PROSet/Wireless Software (HKLM-x32\...\{2498cbe5-cf23-40b7-970b-cb36f8cee3c5}) (Version: 18.12.2 - Intel Corporation)
    LAME v3.99.3 (for Windows) (HKLM-x32\...\LAME_is1) (Version: - )
    Lenovo BatteryGauge (HKLM\...\{CBEDEC16-C4F5-4255-99E4-5884EFEDD1BC}) (Version: 1.0.045.00 - Lenovo)
    Lenovo EasyCamera (HKLM-x32\...\{E399A5B3-ED53-4DEA-AF04-8011E1EB1EAC}) (Version: 6.3.9600.11103 - Realtek Semiconductor Corp.)
    Lenovo QuickOptimizer (HKLM\...\{8D2C871B-1B9F-45AC-9C43-2BB18089CDFA}) (Version: 1.0.019.00 - Lenovo)
    Lenovo Service Bridge (HKU\S-1-5-21-483386053-2290206261-2764208400-1001\...\dda9ca0b023f4c56) (Version: 1.6.3.3 - Lenovo)
    Lenovo Solution Center (HKLM\...\{C1FC707B-AE6B-4DC4-89A5-6628A01F8103}) (Version: 3.3.003.00 - Lenovo)
    Lenovo System Interface Foundation (HKLM\...\{C2E5CA37-C862-4A69-AC6D-24F450A20C16}) (Version: 1.0.059.01 - Lenovo)
    LenovoUtility (HKLM-x32\...\InstallShield_{6ADA7E88-8D16-4D0D-BC90-2B93AC5E56DA}) (Version: 3.0.0.3 - Lenovo)
    LenovoUtility (x32 Version: 3.0.0.3 - Lenovo) Hidden
    Malwarebytes Anti-Malware version 2.2.1.1043 (HKLM-x32\...\Malwarebytes Anti-Malware_is1) (Version: 2.2.1.1043 - Malwarebytes)
    Microsoft Office 365 - en-us (HKLM\...\O365HomePremRetail - en-us) (Version: 16.0.6965.2058 - Microsoft Corporation)
    Microsoft Visual C++ 2013 Redistributable (x64) - 12.0.30501 (HKLM-x32\...\{050d4fc8-5d48-4b8f-8972-47c82c46020f}) (Version: 12.0.30501.0 - Microsoft Corporation)
    Mozilla Firefox 46.0.1 (x86 en-US) (HKLM-x32\...\Mozilla Firefox 46.0.1 (x86 en-US)) (Version: 46.0.1 - Mozilla)
    Mozilla Maintenance Service (HKLM-x32\...\MozillaMaintenanceService) (Version: 46.0.1 - Mozilla)
    Mozy Sync (HKLM\...\{E753088F-C4EA-AFB0-BFF3-457CD756E080}) (Version: 1.3.2.5032 - Mozy, Inc.)
    O2Micro Flash Memory Card Windows Driver (HKLM-x32\...\InstallShield_{A6668863-B0A3-4812-AAF2-E47749ECFE0E}) (Version: 3.3.00.145 - O2Micro International LTD.)
    O2Micro Flash Memory Card Windows Driver (Version: 3.3.00.145 - O2Micro International LTD.) Hidden
    Office 16 Click-to-Run Extensibility Component (x32 Version: 16.0.6925.1018 - Microsoft Corporation) Hidden
    Office 16 Click-to-Run Licensing Component (Version: 16.0.6925.1018 - Microsoft Corporation) Hidden
    Office 16 Click-to-Run Localization Component (x32 Version: 16.0.6925.1018 - Microsoft Corporation) Hidden
    RealDownloader (x32 Version: 18.1.4.137 - RealNetworks, Inc.) Hidden
    RealDownloader (x32 Version: 18.1.4.142 - RealNetworks) Hidden
    RealNetworks - Microsoft Visual C++ 2008 Runtime (x32 Version: 9.0 - RealNetworks, Inc) Hidden
    RealNetworks - Microsoft Visual C++ 2010 Runtime (Version: 10.0 - RealNetworks, Inc) Hidden
    RealNetworks - Microsoft Visual C++ 2010 Runtime (x32 Version: 10.0 - RealNetworks, Inc) Hidden
    RealPlayer (RealTimes) (HKLM-x32\...\RealPlayer 18.1) (Version: 18.1.4 - RealNetworks)
    Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.7624 - Realtek Semiconductor Corp.)
    RealUpgrade 1.1 (x32 Version: 1.1.0 - RealNetworks, Inc.) Hidden
    SHAREit (HKLM-x32\...\SHAREit_is1) (Version: 3.5.0.1144 - Lenovo)
    Spotify (HKU\S-1-5-21-483386053-2290206261-2764208400-1001\...\Spotify) (Version: 1.0.32.96.g3c8a06e6 - Spotify AB)
    Synaptics Pointing Device Driver (HKLM\...\SynTPDeinstKey) (Version: 19.0.17.57 - Synaptics Incorporated)
    UpdateService (x32 Version: 1.0.0 - RealNetworks, Inc.) Hidden
    User Manuals (HKLM-x32\...\InstallShield_{F07C2CF8-4C53-4EC3-8162-A6221E36EB88}) (Version: 4.0.0.1 - Lenovo)
    User Manuals (x32 Version: 4.0.0.1 - Lenovo) Hidden
    vc2012_redist (x32 Version: 1.0.0.0 - Realnetworks) Hidden
    Video Downloader (x32 Version: 1.1.0 - RealNetworks) Hidden
    Visual Studio 2012 x64 Redistributables (HKLM\...\{8C775E70-A791-4DA8-BCC3-6AB7136F4484}) (Version: 14.0.0.1 - AVG Technologies)
    Visual Studio 2012 x86 Redistributables (HKLM-x32\...\{98EFF19A-30AB-4E4B-B943-F06B1C63EBF8}) (Version: 14.0.0.1 - AVG Technologies CZ, s.r.o.)

    ==================== Custom CLSID (Whitelisted): ==========================

    (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

    CustomCLSID: HKU\S-1-5-21-483386053-2290206261-2764208400-1001_Classes\CLSID\{71DCE5D6-4B57-496B-AC21-CD5B54EB93FD}\localserver32 -> C:\Users\david\AppData\Local\Microsoft\OneDrive\17.3.6390.0509\FileCoAuth.exe (Microsoft Corporation)

    ==================== Scheduled Tasks (Whitelisted) =============

    (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

    Task: {01A9085D-0031-44E3-92D0-18C065DC0B39} - System32\Tasks\RealDownloaderRealUpgradeScheduledTaskS-1-5-21-483386053-2290206261-2764208400-1001 => C:\Program Files (x86)\RealNetworks\RealDownloader\RealUpgrade.exe [2016-05-13] (RealNetworks, Inc.)
    Task: {092B2B83-4054-4936-911E-E530BCDF5736} - System32\Tasks\Lenovo\ImController\Lenovo iM Controller Scheduled Maintenance => Sc.exe control iMControllerService 128
    Task: {1F84ADD7-08AA-4537-91ED-BD7CFB3D6F2C} - System32\Tasks\CCleanerSkipUAC => C:\Program Files\CCleaner\CCleaner.exe [2016-06-10] (Piriform Ltd)
    Task: {29C555AE-93C0-4C76-9B27-6B28D86AAAE4} - System32\Tasks\RealDownloaderRealUpgradeLogonTaskS-1-5-21-483386053-2290206261-2764208400-1001 => C:\Program Files (x86)\RealNetworks\RealDownloader\RealUpgrade.exe [2016-05-13] (RealNetworks, Inc.)
    Task: {34E43E3F-A06C-476F-9810-81189FEC85D1} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2016-05-04] (Google Inc.)
    Task: {4103DF9F-6D0C-424C-9F3A-A21011CD05DA} - System32\Tasks\Lenovo\Lenovo Solution Center Launcher => C:\Program Files\lenovo\lenovo solution center\App\LSC.Services.UpdateStatusService.exe [2016-06-02] ()
    Task: {4F2E2990-E94F-4CBE-9F48-1250DC13474F} - System32\Tasks\Lenovo\LSC\Lenovo Solution Center Notifications => C:\Program Files\Lenovo\Lenovo Solution Center\LSCNotify.exe [2016-06-02] (Lenovo)
    Task: {6AD54828-7396-4ACE-B4AE-6D5B7727B145} - System32\Tasks\Microsoft\Office\Office ClickToRun Service Monitor => C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeC2RClient.exe [2016-06-10] (Microsoft Corporation)
    Task: {6B889431-03D0-4DD6-AD99-C880EE6AAC16} - System32\Tasks\Microsoft\Office\Office Subscription Maintenance => C:\Program Files (x86)\Microsoft Office\root\vfs\ProgramFilesCommonx86\Microsoft Shared\Office16\OLicenseHeartbeat.exe [2016-06-10] (Microsoft Corporation)
    Task: {86E87C27-8B4D-4565-BA52-946AC61167A5} - System32\Tasks\RealDownloaderDownloaderScheduledTaskS-1-5-21-483386053-2290206261-2764208400-1001 => C:\Program Files (x86)\RealNetworks\RealDownloader\recordingmanager.exe [2016-05-13] (RealNetworks, Inc.)
    Task: {B9B3B529-7050-4C38-9A5C-DDF236EFE12B} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2016-05-04] (Google Inc.)
    Task: {C00A08A2-6E1D-4F41-B51E-3AD91199D5B7} - System32\Tasks\Lenovo\Lenovo Service Bridge\S-1-5-21-483386053-2290206261-2764208400-1001 => Rundll32.exe dfshim.dll,ShOpenVerbShortcut C:\Users\david\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Lenovo\Lenovo Service Bridge.appref-ms
    Task: {C6DF504B-B27D-40AF-8EB7-0F774B724F66} - System32\Tasks\RealDownloader Update Check => C:\Program Files (x86)\RealNetworks\RealDownloader\downloader2.exe [2016-05-13] ()
    Task: {CC3A09DC-AB64-454C-9536-CD2AF33C18A5} - System32\Tasks\Adobe Acrobat Update Task => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2016-04-22] (Adobe Systems Incorporated)
    Task: {CD3393F2-F09E-4CCC-AFEA-F37B9B28BC86} - System32\Tasks\Lenovo\ImController\Plugins\LenovoSystemUpdatePlugin_TVSUUpdateTask => reg.exe add hklm\SOFTWARE\Lenovo\SystemUpdatePlugin\scheduler /v start /t reg_dword /d 1 /f /reg:32
    Task: {DAB1FFF0-104F-4180-8692-FBECE166621F} - System32\Tasks\Lenovo\LSC\LSCHardwareScan => C:\Program Files\Lenovo\Lenovo Solution Center\LSC.exe [2016-06-02] (Lenovo)
    Task: {DE105180-6B92-4814-838A-111883055FCD} - System32\Tasks\Microsoft\Office\Office Automatic Updates => C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeC2RClient.exe [2016-06-10] (Microsoft Corporation)
    Task: {E51FE309-0F4F-46C6-815E-FEB37C9C8E2E} - System32\Tasks\Lenovo\Lenovo Customer Feedback Program 64 35 => C:\Program Files (x86)\Lenovo\Customer Feedback Program 35\Lenovo.TVT.CustomerFeedback.Agent35.exe

    (If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)

    Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
    Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe

    ==================== Shortcuts =============================

    (The entries could be listed to be restored or removed.)

    ==================== Loaded Modules (Whitelisted) ==============

    2015-10-30 03:17 - 2015-10-30 03:17 - 00028672 _____ () C:\Windows\SYSTEM32\efsext.dll
    2015-10-30 03:18 - 2015-10-30 03:18 - 00185856 _____ () C:\Windows\SYSTEM32\ism32k.dll
    2015-09-15 04:58 - 2015-09-15 04:58 - 00176640 _____ () C:\Program Files\Dolby\Dolby DAX2\DAX2_API\DolbyDAX2API.exe
    2016-05-13 15:13 - 2016-05-13 15:13 - 00032544 _____ () C:\Program Files (x86)\Real\UpdateService\RealPlayerUpdateSvc.exe
    2016-04-08 19:19 - 2015-08-18 23:00 - 00058296 _____ () C:\ProgramData\LenovoTransition\Server\x64\dptf.dll
    2016-04-08 19:20 - 2015-06-27 05:34 - 00029112 _____ () C:\ProgramData\Lenovo\PLHotkeyService\PLHotkeyService.exe
    2016-05-11 09:52 - 2016-03-29 06:20 - 02656952 _____ () C:\Windows\system32\CoreUIComponents.dll
    2015-09-28 14:09 - 2015-09-28 14:09 - 00043976 _____ () C:\Program Files\Lenovo\QuickOptimizer\LNBPrismAssistInf.dll
    2016-05-11 09:52 - 2016-03-29 06:20 - 02656952 _____ () C:\Windows\System32\CoreUIComponents.dll
    2016-05-20 12:29 - 2016-05-20 12:29 - 00959168 _____ () C:\Users\david\AppData\Local\Microsoft\OneDrive\17.3.6390.0509\amd64\ClientTelemetry.dll
    2016-05-07 01:15 - 2016-06-22 21:17 - 08919752 _____ () C:\Program Files (x86)\Microsoft Office\root\VFS\ProgramFilesX64\Microsoft Office\Office16\1033\GrooveIntlResource.dll
    2016-06-17 01:23 - 2016-05-27 23:53 - 00591360 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\Cortana.Core.dll
    2016-05-05 01:23 - 2016-05-05 01:24 - 00144384 _____ () C:\Program Files\WindowsApps\Microsoft.Messaging_2.15.20002.0_x86__8wekyb3d8bbwe\SkypeHost.exe
    2015-12-08 23:53 - 2015-11-24 20:36 - 00384104 _____ () C:\Windows\system32\igfxTray.exe
    2016-05-11 09:51 - 2015-12-07 00:14 - 00093696 _____ () C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\Windows.UI.Shell.SharedUtilities.dll
    2016-05-11 09:51 - 2016-04-23 00:25 - 00472064 _____ () C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\QuickActions.dll
    2016-06-17 01:23 - 2016-05-27 23:59 - 07992832 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\CortanaApi.dll
    2016-06-17 01:23 - 2016-05-27 23:55 - 00936960 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\Cortana.Actions.dll
    2016-06-17 01:23 - 2016-05-27 23:54 - 02483200 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\Cortana.BackgroundTask.dll
    2016-06-17 01:23 - 2016-05-27 23:56 - 04089856 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\RemindersUI.dll
    2016-04-08 19:19 - 2015-12-02 04:25 - 00043960 _____ () C:\ProgramData\LenovoTransition\Server\x64\EnableAutoRotation.dll
    2016-04-08 19:20 - 2016-04-08 19:19 - 00791848 _____ () C:\Program Files\Lenovo\LenovoUtility\utility.exe
    2016-04-08 19:20 - 2016-04-08 19:19 - 00097048 _____ () C:\Program Files\Lenovo\LenovoUtility\kbdhook.dll
    2015-06-16 06:53 - 2015-06-16 06:53 - 00628736 _____ () C:\Program Files\Dolby\Dolby DAX2\DAX2_APP\DolbyDAX2TrayIcon.exe
    2016-05-13 14:27 - 2016-05-13 14:27 - 00714992 _____ () C:\Program Files (x86)\RealNetworks\RealDownloader\downloader2.exe
    2016-05-13 15:13 - 2016-05-13 15:13 - 00037688 _____ () C:\Program Files (x86)\Real\UpdateService\DL2UpdatePlugin.dll
    2016-05-13 15:13 - 2016-05-13 15:13 - 00039224 _____ () C:\Program Files (x86)\Real\UpdateService\RealDownloaderUpdatePlugin.dll
    2016-05-13 15:13 - 2016-05-13 15:13 - 00037192 _____ () C:\Program Files (x86)\Real\UpdateService\VideoDLUpdatePlugin.dll
    2016-05-05 01:23 - 2016-05-05 01:24 - 00141312 _____ () C:\Program Files\WindowsApps\Microsoft.Messaging_2.15.20002.0_x86__8wekyb3d8bbwe\SkypeBackgroundTasks.dll
    2016-05-05 01:23 - 2016-05-05 01:24 - 22284800 _____ () C:\Program Files\WindowsApps\Microsoft.Messaging_2.15.20002.0_x86__8wekyb3d8bbwe\SkyWrap.dll
    2016-06-17 01:09 - 2016-06-02 02:48 - 00161736 _____ () C:\ProgramData\Lenovo\iMController\Plugins\LenovoAudioPlugin\x86\QualityStatsRevInterop.dll
    2016-05-13 14:27 - 2016-05-13 14:27 - 00077552 _____ () C:\Program Files (x86)\RealNetworks\RealDownloader\dtvhooks.dll
    2016-05-20 12:29 - 2016-05-20 12:29 - 00679624 _____ () C:\Users\david\AppData\Local\Microsoft\OneDrive\17.3.6390.0509\ClientTelemetry.dll
    2016-05-13 14:20 - 2016-05-13 14:20 - 01382048 _____ () C:\Program Files (x86)\RealNetworks\RealDownloader\cpprest100_1_2.dll
    2016-05-25 23:53 - 2016-05-25 23:53 - 00654608 _____ () C:\Program Files (x86)\Real\RealPlayer\RPDS\Lib\r1api.dll
    2016-06-26 22:20 - 2016-06-26 22:18 - 40500224 _____ () C:\Program Files (x86)\AVG\UiDll\2171\libcef.dll
    2016-06-18 02:44 - 2016-06-15 05:15 - 01745560 _____ () C:\Program Files (x86)\Google\Chrome\Application\51.0.2704.103\libglesv2.dll
    2016-06-18 02:44 - 2016-06-15 05:15 - 00091288 _____ () C:\Program Files (x86)\Google\Chrome\Application\51.0.2704.103\libegl.dll
    2016-06-18 02:44 - 2016-06-15 05:15 - 17599640 _____ () C:\Program Files (x86)\Google\Chrome\Application\51.0.2704.103\PepperFlash\pepflashplayer.dll

    ==================== Alternate Data Streams (Whitelisted) =========

    (If an entry is included in the fixlist, only the ADS will be removed.)


    ==================== Safe Mode (Whitelisted) ===================

    (If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)


    ==================== Association (Whitelisted) ===============

    (If an entry is included in the fixlist, the registry item will be restored to default or removed.)


    ==================== Internet Explorer trusted/restricted ===============

    (If an entry is included in the fixlist, it will be removed from the registry.)


    ==================== Hosts content: ===============================

    (If needed Hosts: directive could be included in the fixlist to reset Hosts.)

    2015-10-30 03:24 - 2015-10-30 03:21 - 00000824 ____A C:\Windows\system32\Drivers\etc\hosts


    ==================== Other Areas ============================

    (Currently there is no automatic fix for this section.)

    HKU\S-1-5-21-483386053-2290206261-2764208400-1001\Control Panel\Desktop\\Wallpaper -> C:\Users\david\OneDrive\Pictures\Screenshots\2016-07-03 (1).png
    DNS Servers: 209.18.47.62 - 209.18.47.61
    HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1)
    Windows Firewall is enabled.

    ==================== MSCONFIG/TASK MANAGER disabled items ==

    (Currently there is no automatic fix for this section.)

    HKLM\...\StartupApproved\StartupFolder: => "RealTimes.lnk"
    HKU\S-1-5-21-483386053-2290206261-2764208400-1001\...\StartupApproved\Run: => "Spotify Web Helper"
    HKU\S-1-5-21-483386053-2290206261-2764208400-1001\...\StartupApproved\Run: => "CCleaner Monitoring"

    ==================== FirewallRules (Whitelisted) ===============

    (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

    FirewallRules: [vm-monitoring-nb-session] => (Allow) LPort=139
    FirewallRules: [{6E942E9F-E7A8-4FE9-9097-55CFA80392B4}] => (Allow) C:\Program Files\Intel\WiFi\bin\PanDhcpDns.exe
    FirewallRules: [{FD80B1E1-4A60-43B4-A536-6FF43846BEC4}] => (Allow) C:\Program Files (x86)\Microsoft Office\root\Office16\outlook.exe
    FirewallRules: [{D3D428B5-FE30-4CB3-AFC0-AAE928666ED6}] => (Allow) C:\Program Files (x86)\Real\RealPlayer\RPDS\Bin\rpdsvc.exe
    FirewallRules: [{53CD0C2D-211C-4F4D-B1E2-E46976B0E846}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
    FirewallRules: [{436D8915-1E12-4578-978B-1E5C0847439A}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
    FirewallRules: [{1CB1FB6C-7B44-4FF6-A087-8C77E727FBAD}] => (Allow) C:\Program Files (x86)\SHAREit\SHAREit\SHAREit.exe
    FirewallRules: [{540988DD-4F49-4160-BC09-E46F3C94EBE3}] => (Allow) C:\Program Files (x86)\SHAREit\SHAREit\SHAREit.exe
    FirewallRules: [{BBB5CB01-4C1A-44A8-96D8-E39C5ABB9C87}] => (Allow) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
    FirewallRules: [TCP Query User{AE1742A4-6701-47D1-B651-2BD254152DAC}C:\users\david\appdata\roaming\spotify\spotify.exe] => (Allow) C:\users\david\appdata\roaming\spotify\spotify.exe
    FirewallRules: [UDP Query User{FFC7AA58-E64A-4CBC-BC65-05356ADD0CAD}C:\users\david\appdata\roaming\spotify\spotify.exe] => (Allow) C:\users\david\appdata\roaming\spotify\spotify.exe
    FirewallRules: [{1CFEA469-E72E-4E70-8A14-155102BA3863}] => (Allow) C:\Program Files (x86)\AVG\Av\avgnsa.exe
    FirewallRules: [{ADDD4950-2462-4D5A-8B6D-A016A0348274}] => (Allow) C:\Program Files (x86)\AVG\Av\avgnsa.exe
    FirewallRules: [{F8D41941-04E0-4B89-B7B3-761BE51363F9}] => (Allow) C:\Program Files (x86)\AVG\Av\avgdiagex.exe
    FirewallRules: [{2F422661-9B34-41BE-96A7-C67185371D8B}] => (Allow) C:\Program Files (x86)\AVG\Av\avgdiagex.exe
    FirewallRules: [{04262C2B-A5C4-4071-8133-18ED2F4D71FD}] => (Allow) C:\Program Files (x86)\AVG\Av\avgmfapx.exe
    FirewallRules: [{6993F577-AFC8-4B22-82D6-689B5F3D7953}] => (Allow) C:\Program Files (x86)\AVG\Av\avgmfapx.exe
    FirewallRules: [{E89C33F1-B812-4FE7-99F2-3EB52C8C8EE5}] => (Allow) C:\Program Files (x86)\AVG\Av\avgemca.exe
    FirewallRules: [{FF201481-6632-4E8A-909E-472176BD597F}] => (Allow) C:\Program Files (x86)\AVG\Av\avgemca.exe

    ==================== Restore Points =========================

    17-06-2016 12:28:06 Windows Update
    22-06-2016 14:17:00 Installed Lenovo Solution Center.
    26-06-2016 22:20:55 Installed AVG 2016
    03-07-2016 23:29:27 JRT Pre-Junkware Removal

    ==================== Faulty Device Manager Devices =============


    ==================== Event log errors: =========================

    Application errors:
    ==================
    Error: (07/03/2016 11:32:01 PM) (Source: DPTF) (EventID: 256) (User: )
    Description: Intel(R) Dynamic Platform and Thermal Framework : ESIF(8.1.10602.174) TYPE: ERROR FUNC: rsrc_file_extract_resource_file FILE: rsrc_file.c LINE: 384 TIME: 8914 ms

    Error: Unable to create resource file.

    Error: (07/03/2016 11:32:01 PM) (Source: DPTF) (EventID: 256) (User: )
    Description: Intel(R) Dynamic Platform and Thermal Framework : ESIF(8.1.10602.174) TYPE: ERROR FUNC: rsrc_file_extract_resource_file FILE: rsrc_file.c LINE: 384 TIME: 8908 ms

    Error: Unable to create resource file.

    Error: (07/03/2016 11:29:29 PM) (Source: Microsoft-Windows-CAPI2) (EventID: 513) (User: )
    Description: Cryptographic Services failed while processing the OnIdentity() call in the System Writer Object.

    Details:
    AddLegacyDriverFiles: Unable to back up image of binary Microsoft Link-Layer Discovery Protocol.

    System Error:
    Access is denied.
    .

    Error: (07/03/2016 11:25:48 PM) (Source: DPTF) (EventID: 256) (User: )
    Description: Intel(R) Dynamic Platform and Thermal Framework : ESIF(8.1.10602.174) TYPE: ERROR FUNC: rsrc_file_extract_resource_file FILE: rsrc_file.c LINE: 384 TIME: 9582 ms

    Error: Unable to create resource file.

    Error: (07/03/2016 11:25:48 PM) (Source: DPTF) (EventID: 256) (User: )
    Description: Intel(R) Dynamic Platform and Thermal Framework : ESIF(8.1.10602.174) TYPE: ERROR FUNC: rsrc_file_extract_resource_file FILE: rsrc_file.c LINE: 384 TIME: 9576 ms

    Error: Unable to create resource file.

    Error: (07/03/2016 11:25:26 PM) (Source: Microsoft-Windows-Immersive-Shell) (EventID: 5973) (User: DESKTOP-3MHNPTN)
    Description: Activation of app Microsoft.Messaging_8wekyb3d8bbwe!ppleae38af2e007f4358a809ac99a64a67c1 failed with error: -2144927141 See the Microsoft-Windows-TWinUI/Operational log for additional information.

    Error: (07/03/2016 11:25:26 PM) (Source: Microsoft-Windows-Immersive-Shell) (EventID: 5973) (User: DESKTOP-3MHNPTN)
    Description: Activation of app Microsoft.Messaging_8wekyb3d8bbwe!ppleae38af2e007f4358a809ac99a64a67c1 failed with error: -2144927141 See the Microsoft-Windows-TWinUI/Operational log for additional information.

    Error: (07/03/2016 11:25:04 PM) (Source: DPTF) (EventID: 256) (User: )
    Description: Intel(R) Dynamic Platform and Thermal Framework : ESIF(8.1.10602.174) TYPE: ERROR FUNC: rsrc_file_extract_resource_file FILE: rsrc_file.c LINE: 384 TIME: 1287222782 ms

    Error: Unable to create resource file.

    Error: (07/03/2016 11:25:04 PM) (Source: DPTF) (EventID: 256) (User: )
    Description: Intel(R) Dynamic Platform and Thermal Framework : ESIF(8.1.10602.174) TYPE: ERROR FUNC: rsrc_file_extract_resource_file FILE: rsrc_file.c LINE: 384 TIME: 1287222776 ms

    Error: Unable to create resource file.

    Error: (07/03/2016 11:07:59 PM) (Source: DPTF) (EventID: 256) (User: )
    Description: Intel(R) Dynamic Platform and Thermal Framework : ESIF(8.1.10602.174) TYPE: ERROR

    DPTF Build Version: 8.1.10602.174
    DPTF Build Date: Jul 23 2015 11:24:10
    Source File: ..\..\..\Sources\Manager\EsifApplicationInterface.cpp @ line 737
    Executing Function: DptfEvent
    Message: Received unexpected event
    Framework Event: DptfResume [3]


    System errors:
    =============
    Error: (07/03/2016 11:31:38 PM) (Source: Service Control Manager) (EventID: 7031) (User: )
    Description: The User Data Access_6f0be service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 10000 milliseconds: Restart the service.

    Error: (07/03/2016 11:31:38 PM) (Source: Service Control Manager) (EventID: 7031) (User: )
    Description: The User Data Storage_6f0be service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 10000 milliseconds: Restart the service.

    Error: (07/03/2016 11:31:38 PM) (Source: Service Control Manager) (EventID: 7031) (User: )
    Description: The Contact Data_6f0be service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 10000 milliseconds: Restart the service.

    Error: (07/03/2016 11:31:38 PM) (Source: Service Control Manager) (EventID: 7031) (User: )
    Description: The Sync Host_6f0be service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 10000 milliseconds: Restart the service.

    Error: (07/03/2016 11:31:38 PM) (Source: DCOM) (EventID: 10016) (User: NT AUTHORITY)
    Description: application-specificLocalActivation{D63B10C5-BB46-4990-A94F-E40B9D520160}{9CA88EE3-ACB7-47C8-AFC4-AB702511C276}NT AUTHORITYSYSTEMS-1-5-18LocalHost (Using LRPC)UnavailableUnavailable

    Error: (07/03/2016 11:25:33 PM) (Source: Service Control Manager) (EventID: 7001) (User: )
    Description: The Windows Media Player Network Sharing Service service depends on the Windows Search service which failed to start because of the following error:
    %%1069 = The service did not start due to a logon failure.


    Error: (07/03/2016 11:25:33 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
    Description: The Windows Search service failed to start due to the following error:
    %%1069 = The service did not start due to a logon failure.


    Error: (07/03/2016 11:25:33 PM) (Source: Service Control Manager) (EventID: 7038) (User: )
    Description: The WSearch service was unable to log on as NT AUTHORITY\SYSTEM with the currently configured password due to the following error:
    %%50 = The request is not supported.


    To ensure that the service is configured properly, use the Services snap-in in Microsoft Management Console (MMC).

    Error: (07/03/2016 11:25:30 PM) (Source: Microsoft-Windows-WLAN-AutoConfig) (EventID: 10003) (User: NT AUTHORITY)
    Description: WLAN Extensibility Module has stopped unexpectedly.

    Module Path: C:\Windows\System32\IWMSSvc.dll

    Error: (07/03/2016 11:25:30 PM) (Source: Microsoft-Windows-WLAN-AutoConfig) (EventID: 10003) (User: NT AUTHORITY)
    Description: WLAN Extensibility Module has stopped unexpectedly.

    Module Path: C:\Windows\System32\IWMSSvc.dll


    CodeIntegrity:
    ===================================
    Date: 2016-06-25 20:13:07.392
    Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume3\Windows\System32\efswrt.dll because the set of per-page image hashes could not be found on the system.

    Date: 2016-06-24 11:44:21.478
    Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume3\Windows\System32\efswrt.dll because the set of per-page image hashes could not be found on the system.

    Date: 2016-06-22 21:18:39.968
    Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume3\Windows\System32\efswrt.dll because the set of per-page image hashes could not be found on the system.

    Date: 2016-06-21 01:06:41.999
    Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume3\Windows\System32\efswrt.dll because the set of per-page image hashes could not be found on the system.

    Date: 2016-06-19 01:55:36.480
    Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume3\Windows\System32\efswrt.dll because the set of per-page image hashes could not be found on the system.

    Date: 2016-06-18 02:09:16.059
    Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume3\Windows\System32\efswrt.dll because the set of per-page image hashes could not be found on the system.

    Date: 2016-06-17 12:28:18.273
    Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume3\Windows\System32\efswrt.dll because the set of per-page image hashes could not be found on the system.

    Date: 2016-06-11 18:12:00.038
    Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume3\Windows\System32\efswrt.dll because the set of per-page image hashes could not be found on the system.

    Date: 2016-06-10 11:48:49.226
    Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume3\Windows\System32\efswrt.dll because the set of per-page image hashes could not be found on the system.

    Date: 2016-05-26 10:55:12.783
    Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume3\Windows\System32\efswrt.dll because the set of per-page image hashes could not be found on the system.


    ==================== Memory info ===========================

    Processor: Intel(R) Core(TM) i7-6500U CPU @ 2.50GHz
    Percentage of memory in use: 44%
    Total physical RAM: 8097.91 MB
    Available physical RAM: 4470.35 MB
    Total Virtual: 17313.91 MB
    Available Virtual: 12280.73 MB

    ==================== Drives ================================

    Drive c: () (Fixed) (Total:237.23 GB) (Free:180.57 GB) NTFS

    ==================== MBR & Partition Table ==================

    ========================================================
    Disk: 0 (Size: 238.5 GB) (Disk ID: 82B990EF)

    Partition: GPT.

    ==================== End of Addition.txt ============================
     
  21. Broni

    Broni Malware Annihilator Posts: 52,911   +344

    Download attached fixlist.txt file and save it to the Desktop.
    NOTE. It's important that both files, FRST and fixlist.txt are in the same location or the fix will not work.

    NOTICE: This script was written specifically for this user, for use on that particular machine. Running this on another machine may cause damage to your operating system

    Run FRST(FRST64) and press the Fix button just once and wait.
    The tool will make a log on the Desktop (Fixlog.txt). Please post it to your reply.
     

    Attached Files:

  22. losdavos

    losdavos TS Booster Topic Starter Posts: 112

    Fix result of Farbar Recovery Scan Tool (x64) Version: 02-07-2016
    Ran by david (2016-07-05 01:30:07) Run:1
    Running from C:\Users\david\Desktop
    Loaded Profiles: david (Available Profiles: david)
    Boot Mode: Normal
    ==============================================

    fixlist content:
    *****************
    CHR HomePage: Default -> hxxp://www.trovi.com/?gd=&ctid=CT3323128&octid=EB_ORIGINAL_CTID&ISID=MFA928959-4827-422B-8464-8E9E80937193&SearchSource=55&CUI=&UM=6&UP=SPBDEA24BF-65F7-4987-8F77-5ACA6F7FAF1C&SSPV=
    2016-04-08 19:42 - 2016-04-08 19:42 - 0000000 ____H () C:\ProgramData\DP45977C.lfl
    2016-04-08 19:43 - 2016-04-08 19:43 - 0000102 _____ () C:\ProgramData\Microsoft.SqlServer.Compact.400.64.bc
    C:\Users\david\AppData\Local\Temp\dllnt_dump.dll
    C:\Users\david\AppData\Local\Temp\libeay32.dll
    C:\Users\david\AppData\Local\Temp\msvcr120.dll
    C:\Users\david\AppData\Local\Temp\sqlite3.dll

    *****************

    Chrome HomePage => removed successfully
    C:\ProgramData\DP45977C.lfl => moved successfully
    C:\ProgramData\Microsoft.SqlServer.Compact.400.64.bc => moved successfully
    C:\Users\david\AppData\Local\Temp\dllnt_dump.dll => moved successfully
    C:\Users\david\AppData\Local\Temp\libeay32.dll => moved successfully
    C:\Users\david\AppData\Local\Temp\msvcr120.dll => moved successfully
    C:\Users\david\AppData\Local\Temp\sqlite3.dll => moved successfully

    ==== End of Fixlog 01:30:07 ====
     
  23. Broni

    Broni Malware Annihilator Posts: 52,911   +344

    Last scans...

    [​IMG] Download Security Check from here or here and save it to your Desktop.
    • Double-click SecurityCheck.exe
    • Follow the onscreen instructions inside of the black box.
    • A Notepad document should open automatically called checkup.txt; please post the contents of that document.

    NOTE 1. If one of your security applications (e.g., third-party firewall) requests permission to allow DIG.EXE access the Internet, allow it to do so.
    NOTE 2. SecurityCheck may produce some false warning(s), so leave the results reading to me.
    NOTE 3. If you receive UNSUPPORTED OPERATING SYSTEM! ABORTED! message restart computer and Security Check should run


    [​IMG] Please download Farbar Service Scanner (FSS) and run it on the computer with the issue.
    Make sure the following options are checked:
    • Internet Services
    • Windows Firewall
    • System Restore
    • Security Center
    • Windows Update
    • Windows Defender
    • Other Services

    Press "Scan".
    It will create a log (FSS.txt) in the same directory the tool is run.
    Please copy and paste the log to your reply.


    [​IMG] Download Temp File Cleaner (TFC)
    Alternate download: http://www.itxassociates.com/OT-Tools/TFC.exe
    • Double click on TFC.exe to run the program.
    • Click on Start button to begin cleaning process.
    • TFC will close all running programs, and it may ask you to restart computer.


    [​IMG] Download Sophos Free Virus Removal Tool and save it to your desktop.
    • Double click the icon and select Run
    • Click Next
    • Select I accept the terms in this license agreement, then click Next twice
    • Click Install
    • Click Finish to launch the program
    • Once the virus database has been updated click Start Scanning
    • If any threats are found click Details, then View log file... (bottom left hand corner)
    • Copy and paste the results in your reply
    • Close the Notepad document, close the Threat Details screen, then click Start cleanup
    • Click Exit to close the program
     
  24. losdavos

    losdavos TS Booster Topic Starter Posts: 112

    Results of screen317's Security Check version 1.014 --- 12/23/15
    x64 (UAC is enabled)
    Internet Explorer 11
    ``````````````Antivirus/Firewall Check:``````````````
    Windows Firewall Enabled!
    Windows Defender
    AVG Internet Security
    Antivirus up to date!
    `````````Anti-malware/Other Utilities Check:`````````
    Mozilla Firefox (46.0.1)
    Google Chrome (51.0.2704.103)
    Google Chrome (51.0.2704.84)
    Google Chrome (SetupMetrics.pma..)
    ````````Process Check: objlist.exe by Laurent````````
    Malwarebytes Anti-Malware mbamservice.exe
    Malwarebytes Anti-Malware mbam.exe
    Malwarebytes Anti-Malware mbamscheduler.exe
    `````````````````System Health check`````````````````
    Total Fragmentation on Drive C: %
    ````````````````````End of Log``````````````````````
     
  25. losdavos

    losdavos TS Booster Topic Starter Posts: 112

    Farbar Service Scanner Version: 27-01-2016
    Ran by david (administrator) on 07-07-2016 at 02:03:33
    Running from "C:\Users\david\Desktop"
    Microsoft Windows 10 Home (X64)
    Boot Mode: Normal
    ****************************************************************

    Internet Services:
    ============

    Connection Status:
    ==============
    Localhost is accessible.
    LAN connected.
    Google IP is accessible.
    Google.com is accessible.
    Yahoo.com is accessible.


    Windows Firewall:
    =============

    Firewall Disabled Policy:
    ==================


    System Restore:
    ============
     

Similar Topics

Add New Comment

You need to be a member to leave a comment. Join thousands of tech enthusiasts and participate.
TechSpot Account You may also...