Solved New machine w/ Windows 10, can't switch windows without minimizing or closing active window first.

losdavos · Jul 3, 2016

Neither clicking on a tile on the taskbar, nor Alt+tab switches to another active window. When I click on the taskbar, there's a quick flash as if the system is *trying* to switch to the window whose tile I clicked on, but it then the current window just stays the active one. Similarly, Alt+tab DOES show me all the open windows, but doesn't take me to the one I land on; instead the current active window just stays the active window. A couple days ago I downloaded and ran CCleaner, and for a few minutes the problem was gone, but now it's back... Anyway, here are my first logs, thanks in advance!

Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 02-07-2016
Ran by david (administrator) on DESKTOP-3MHNPTN (03-07-2016 04:49:13)
Running from C:\Users\david\Desktop
Loaded Profiles: david (Available Profiles: david)
Platform: Windows 10 Home Version 1511 (X64) Language: English (United States)
Internet Explorer Version 11 (Default browser: Edge)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool:

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(Intel Corporation) C:\Windows\System32\igfxCUIService.exe
(Intel Corporation) C:\Windows\SysWOW64\IntelCpHeciSvc.exe
(Microsoft Corporation) C:\Windows\System32\wlanext.exe
(Intel(R) Corporation) C:\Program Files\Intel\WiFi\bin\EvtEng.exe
(Intel Corporation) C:\Windows\SysWOW64\esif_uf.exe
() C:\Program Files\Dolby\Dolby DAX2\DAX2_API\DolbyDAX2API.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Bluetooth\utilities\ibtsiva.exe
(Lenovo Group Limited) C:\Program Files\Lenovo\ImController\Service\Lenovo.Modern.ImController.exe
(BayHubTech/O2Micro International) C:\Windows\System32\drivers\o2flash.exe
() C:\Program Files (x86)\Real\UpdateService\RealPlayerUpdateSvc.exe
(RealNetworks, Inc.) C:\Program Files (x86)\Real\RealPlayer\RPDS\Bin\rpdsvc.exe
(Intel(R) Corporation) C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe
(Lenovo) C:\ProgramData\LenovoTransition\Server\x64\ymc.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnhService.exe
(Intel® Corporation) C:\Program Files\Intel\WiFi\bin\ZeroConfigService.exe
() C:\ProgramData\Lenovo\PLHotkeyService\PLHotkeyService.exe
(Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v3.0\WPF\PresentationFontCache.exe
(Google Inc.) C:\Program Files (x86)\Google\Update\1.3.30.3\GoogleCrashHandler.exe
(Google Inc.) C:\Program Files (x86)\Google\Update\1.3.30.3\GoogleCrashHandler64.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Intel Corporation) C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe
(Microsoft Corporation) C:\Program Files\Common Files\microsoft shared\ClickToRun\OfficeClickToRun.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\Framework\Common\avgsvca.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\Av\avgfwsa.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\Av\avgwdsvca.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\Av\avgidsagenta.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\Av\avgemca.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\Av\avgnsa.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\Av\avgrsa.exe
(Intel Corporation) C:\Windows\Temp\DPTF\esif_assist_64.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
(Microsoft Corporation) C:\Windows\System32\rundll32.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
(Microsoft Corporation) C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\RemindersServer.exe
(Intel Corporation) C:\Windows\System32\igfxEM.exe
(Intel Corporation) C:\Windows\System32\igfxHK.exe
() C:\Windows\System32\igfxTray.exe
(Microsoft Corporation) C:\Windows\System32\SettingSyncHost.exe
() C:\Program Files\Lenovo\LenovoUtility\utility.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe
() C:\Program Files\Dolby\Dolby DAX2\DAX2_APP\DolbyDAX2TrayIcon.exe
(Piriform Ltd) C:\Program Files\CCleaner\CCleaner64.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\Framework\Common\avguix.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\Av\avgui.exe
(Microsoft Corporation) C:\Program Files (x86)\Microsoft Office\root\VFS\ProgramFilesCommonX86\Microsoft Shared\OFFICE16\CSISYNCCLIENT.EXE
(Intel Corporation) C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe
(Lenovo) C:\Program Files\Lenovo\Lenovo Solution Center\LSCNotify.exe
(Lenovo Group Limited) C:\Program Files\Lenovo\ImController\PluginHost\Lenovo.Modern.ImController.PluginHost.exe
(Lenovo) C:\Users\david\AppData\Local\Apps\2.0\REW9Y2BJ.50E\VROZJWL1.ED4\lsb...tion_2d7b41b05b24775e_0001.0006_6a5d43d0bdf9db4a\LSB.exe
() C:\Program Files\WindowsApps\Microsoft.Messaging_2.15.20002.0_x86__8wekyb3d8bbwe\SkypeHost.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
() C:\Program Files\WindowsApps\E046963F.LenovoCompanion_3.49.1.0_x86__k1h2ywk1493x8\Lenovo.Discovery.exe
(Microsoft Corporation) C:\Windows\System32\sdiagnhost.exe
(Spotify Ltd) C:\Users\david\AppData\Roaming\Spotify\SpotifyWebHelper.exe
(Microsoft Corporation) C:\Windows\ImmersiveControlPanel\SystemSettings.exe
(Microsoft) C:\Program Files\WindowsApps\Microsoft.BingNews_4.11.156.0_x86__8wekyb3d8bbwe\Microsoft.Msn.News.exe
(Microsoft Corporation) C:\Program Files\Common Files\microsoft shared\ink\InputPersonalization.exe
(Microsoft Corporation) C:\Program Files\WindowsApps\Microsoft.ZuneVideo_3.6.21441.0_x64__8wekyb3d8bbwe\Video.UI.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\Av\avgcsrva.exe
(Microsoft Corporation) C:\Program Files (x86)\Microsoft Office\root\Office16\MSOSYNC.EXE
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Microsoft Corporation) C:\Windows\System32\NetworkUXBroker.exe
() C:\Program Files (x86)\RealNetworks\RealDownloader\downloader2.exe
(Lenovo Group Limited) C:\Program Files (x86)\Lenovo\ImController\PluginHost\Lenovo.Modern.ImController.PluginHost.exe
(Lenovo Group Limited) C:\Program Files\Lenovo\ImController\PluginHost\Lenovo.Modern.ImController.PluginHost.exe
(Lenovo Group Limited) C:\Program Files (x86)\Lenovo\ImController\PluginHost\Lenovo.Modern.ImController.PluginHost.exe
(Lenovo Group Limited) C:\Program Files (x86)\Lenovo\ImController\PluginHost\Lenovo.Modern.ImController.PluginHost.exe
() C:\Program Files\WindowsApps\Microsoft.Windows.Photos_16.526.11220.0_x64__8wekyb3d8bbwe\Microsoft.Photos.exe
(Lenovo) C:\Program Files\Lenovo\QuickOptimizer\QuickOptimizerIcon.exe
(Lenovo Group Limited) C:\Program Files\Lenovo\ImController\PluginHost\Lenovo.Modern.ImController.PluginHost.exe

==================== Registry (Whitelisted) ===========================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [LenovoUtility] => C:\Program Files\Lenovo\LenovoUtility\utility.exe [791848 2016-04-08] ()
HKLM\...\Run: [IAStorIcon] => C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe [322472 2015-06-23] (Intel Corporation)
HKLM\...\Run: [RtHDVBg_Dolby] => C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe [1407744 2015-10-01] (Realtek Semiconductor)
HKLM\...\Run: [RtHDVBg_LENOVO_DOLBYDRAGON] => C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe [1407744 2015-10-01] (Realtek Semiconductor)
HKLM\...\Run: [RtHDVBg_LENOVO_MICPKEY] => C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe [1407744 2015-10-01] (Realtek Semiconductor)
HKLM\...\Run: [DAX2_APP] => C:\Program Files\Dolby\Dolby DAX2\DAX2_APP\DolbyDAX2TrayIcon.exe [628736 2015-06-16] ()
HKLM-x32\...\Run: [RealDownloader] => C:\Program Files (x86)\RealNetworks\RealDownloader\downloader2.exe [714992 2016-05-13] ()
HKLM-x32\...\Run: [AvgUi] => C:\Program Files (x86)\AVG\Framework\Common\avguirnx.exe [186640 2016-06-21] (AVG Technologies CZ, s.r.o.)
HKLM-x32\...\Run: [AVG_UI] => C:\Program Files (x86)\AVG\Av\avgui.exe [6570256 2016-06-09] (AVG Technologies CZ, s.r.o.)
HKU\S-1-5-21-483386053-2290206261-2764208400-1001\...\Run: [Spotify Web Helper] => C:\Users\david\AppData\Roaming\Spotify\SpotifyWebHelper.exe [1553520 2016-06-29] (Spotify Ltd)
HKU\S-1-5-21-483386053-2290206261-2764208400-1001\...\Run: [CCleaner Monitoring] => C:\Program Files\CCleaner\CCleaner64.exe [8810200 2016-06-10] (Piriform Ltd)
ShellIconOverlayIdentifiers: [ mozysyncNotUploaded] -> {34DF8AC2-A6BB-4855-B45A-CC1B4D9183E3} => C:\Program Files\Mozy Sync\mozysyncshell.dll [2015-11-10] (Mozy, Inc.)
ShellIconOverlayIdentifiers: [ mozysyncPendingChanges] -> {6673BC77-4A7B-4299-A130-14312E6B203A} => C:\Program Files\Mozy Sync\mozysyncshell.dll [2015-11-10] (Mozy, Inc.)
ShellIconOverlayIdentifiers: [ mozysyncUpToDate] -> {04547006-32F5-4635-844B-B8D7FCE47692} => C:\Program Files\Mozy Sync\mozysyncshell.dll [2015-11-10] (Mozy, Inc.)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\RealTimes.lnk [2016-05-25]
ShortcutTarget: RealTimes.lnk -> C:\Program Files (x86)\Real\RealPlayer\RPDS\Bin\rpsystray.exe (RealNetworks, Inc.)

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

Tcpip\Parameters: [DhcpNameServer] 209.18.47.62 209.18.47.61
Tcpip\..\Interfaces\{3d9db97d-3a4f-46cd-85b4-9a9d85e08e37}: [DhcpNameServer] 150.206.1.2
Tcpip\..\Interfaces\{d817e65e-c451-417b-85a6-5f203999c89a}: [DhcpNameServer] 209.18.47.62 209.18.47.61

Internet Explorer:
==================
HKU\S-1-5-21-483386053-2290206261-2764208400-1001\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://go.microsoft.com/fwlink/p/?LinkId=619797&pc=UE07&ocid=UE07DHP
HKU\S-1-5-21-483386053-2290206261-2764208400-1001\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://lenovo15.msn.com/?pc=LCTE
BHO: RealNetworks Download and Record Plugin for Internet Explorer -> {3049C3E9-B461-4BC5-8870-4C09146192CA} -> C:\Program Files (x86)\RealNetworks\RealDownloader\BrowserPlugins\IE\rndlbrowserrecordplugin64.dll [2016-05-13] (RealDownloader)
BHO: Lync Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files (x86)\Microsoft Office\root\VFS\ProgramFilesX64\Microsoft Office\Office16\OCHelper.dll [2016-06-10] (Microsoft Corporation)
BHO: Microsoft OneDrive for Business Browser Helper -> {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} -> C:\Program Files (x86)\Microsoft Office\root\VFS\ProgramFilesX64\Microsoft Office\Office16\GROOVEEX.DLL [2016-06-22] (Microsoft Corporation)
BHO-x32: RealNetworks Download and Record Plugin for Internet Explorer -> {3049C3E9-B461-4BC5-8870-4C09146192CA} -> C:\Program Files (x86)\RealNetworks\RealDownloader\BrowserPlugins\IE\rndlbrowserrecordplugin.dll [2016-05-13] (RealDownloader)
Handler-x32: mso-minsb-roaming.16 - {83C25742-A9F7-49FB-9138-434302C88D07} - C:\Program Files (x86)\Microsoft Office\root\Office16\MSOSB.DLL [2016-06-10] (Microsoft Corporation)
Handler-x32: mso-minsb.16 - {42089D2D-912D-4018-9087-2B87803E93FB} - C:\Program Files (x86)\Microsoft Office\root\Office16\MSOSB.DLL [2016-06-10] (Microsoft Corporation)
Handler-x32: osf-roaming.16 - {42089D2D-912D-4018-9087-2B87803E93FB} - C:\Program Files (x86)\Microsoft Office\root\Office16\MSOSB.DLL [2016-06-10] (Microsoft Corporation)
Handler-x32: osf.16 - {5504BE45-A83B-4808-900A-3A5C36E7F77A} - C:\Program Files (x86)\Microsoft Office\root\Office16\MSOSB.DLL [2016-06-10] (Microsoft Corporation)

FireFox:
========
FF ProfilePath: C:\Users\david\AppData\Roaming\Mozilla\Firefox\Profiles\u11xwjzo.default
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\Program Files (x86)\Microsoft Office\root\Office16\NPSPWRAP.DLL [2016-06-10] (Microsoft Corporation)
FF Plugin-x32: @real.com/nppl3260;version=18.1.4.135 -> C:\Program Files (x86)\Real\RealPlayer\Netscape6\nppl3260.dll [2016-05-25] (RealNetworks, Inc.)
FF Plugin-x32: @real.com/nprpplugin;version=18.1.4.135 -> C:\Program Files (x86)\Real\RealPlayer\Netscape6\nprpplugin.dll [2016-05-25] (RealPlayer)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.30.3\npGoogleUpdate3.dll [2016-05-11] (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.30.3\npGoogleUpdate3.dll [2016-05-11] (Google Inc.)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AIR\nppdf32.dll [2016-05-27] (Adobe Systems Inc.)
FF Extension: Adblock Plus - C:\Users\david\AppData\Roaming\Mozilla\Firefox\Profiles\u11xwjzo.default\Extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi [2016-05-31]

Chrome:
=======
CHR HomePage: Default -> hxxp://www.trovi.com/?gd=&ctid=CT3323128&octid=EB_ORIGINAL_CTID&ISID=MFA928959-4827-422B-8464-8E9E80937193&SearchSource=55&CUI=&UM=6&UP=SPBDEA24BF-65F7-4987-8F77-5ACA6F7FAF1C&SSPV=
CHR Session Restore: Default -> is enabled.
CHR Profile: C:\Users\david\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (Google Slides) - C:\Users\david\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2016-05-04]
CHR Extension: (Google Docs) - C:\Users\david\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2016-05-04]
CHR Extension: (Google Drive) - C:\Users\david\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2016-05-04]
CHR Extension: (YouTube) - C:\Users\david\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2016-05-04]
CHR Extension: (Adblock Plus) - C:\Users\david\AppData\Local\Google\Chrome\User Data\Default\Extensions\cfhdojbkjhnklbpkdaibdccddilifddb [2016-06-29]
CHR Extension: (MightyText - SMS from PC & Text from Computer) - C:\Users\david\AppData\Local\Google\Chrome\User Data\Default\Extensions\dkfhfaphfkopdgpbfkebjfcblcafcmpi [2016-06-02]
CHR Extension: (Google News) - C:\Users\david\AppData\Local\Google\Chrome\User Data\Default\Extensions\dllkocilcinkggkchnjgegijklcililc [2016-05-05]
CHR Extension: (Dropbox for Gmail) - C:\Users\david\AppData\Local\Google\Chrome\User Data\Default\Extensions\dpdmhfocilnekecfjgimjdeckachfbec [2016-05-05]
CHR Extension: (Google Calendar) - C:\Users\david\AppData\Local\Google\Chrome\User Data\Default\Extensions\ejjicmeblgpmajnghnpcppodonldlgfn [2016-05-05]
CHR Extension: (Google Sheets) - C:\Users\david\AppData\Local\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2016-05-04]
CHR Extension: (Google Docs Offline) - C:\Users\david\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2016-05-04]
CHR Extension: (AdBlock) - C:\Users\david\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom [2016-07-01]
CHR Extension: (Backspace means backspace!) - C:\Users\david\AppData\Local\Google\Chrome\User Data\Default\Extensions\hcicfpjmgbfalapmkdhfgldcnbamicnh [2016-05-05]
CHR Extension: (Google Hangouts) - C:\Users\david\AppData\Local\Google\Chrome\User Data\Default\Extensions\knipolnnllmklapflnccelgolnpehhpl [2016-07-01]
CHR Extension: (Lego Builder) - C:\Users\david\AppData\Local\Google\Chrome\User Data\Default\Extensions\mapnbjhfjionggfhlkmhjbmbpgfdlolh [2016-05-05]
CHR Extension: (Chrome Web Store Payments) - C:\Users\david\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2016-05-04]
CHR Extension: (Gmail) - C:\Users\david\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2016-05-04]

==================== Services (Whitelisted) ========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

S3 AvgAMPS; C:\Program Files (x86)\AVG\Av\avgamps.exe [636312 2016-06-09] (AVG Technologies CZ, s.r.o.)
R2 avgfws; C:\Program Files (x86)\AVG\Av\avgfwsa.exe [1998712 2016-06-09] (AVG Technologies CZ, s.r.o.)
R2 AVGIDSAgent; C:\Program Files (x86)\AVG\Av\avgidsagenta.exe [5165824 2016-06-09] (AVG Technologies CZ, s.r.o.)
R2 avgsvc; C:\Program Files (x86)\AVG\Framework\Common\avgsvca.exe [1080080 2016-06-21] (AVG Technologies CZ, s.r.o.)
R2 avgwd; C:\Program Files (x86)\AVG\Av\avgwdsvca.exe [705528 2016-06-09] (AVG Technologies CZ, s.r.o.)
R2 ClickToRunSvc; C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exe [2944768 2016-06-10] (Microsoft Corporation)
S3 cplspcon; C:\Windows\system32\IntelCpHDCPSvc.exe [600680 2015-11-24] (Intel Corporation)
R2 DAX2API; C:\Program Files\Dolby\Dolby DAX2\DAX2_API\DolbyDAX2API.exe [176640 2015-09-15] () [File not signed]
R2 esifsvc; C:\Windows\SysWOW64\esif_uf.exe [1385640 2015-07-22] (Intel Corporation)
R2 IAStorDataMgrSvc; C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe [18856 2015-06-23] (Intel Corporation)
R2 ibtsiva.exe; C:\Program Files (x86)\Intel\Bluetooth\utilities\ibtsiva.exe [135408 2015-07-01] (Intel Corporation)
R2 igfxCUIService2.0.0.0; C:\Windows\system32\igfxCUIService.exe [353896 2015-11-24] (Intel Corporation)
R2 ImControllerService; C:\Program Files\Lenovo\ImController\Service\Lenovo.Modern.ImController.exe [56144 2016-05-26] (Lenovo Group Limited)
S3 LSC.Services.SystemService; C:\Program Files\Lenovo\Lenovo Solution Center\App\LSC.Services.SystemService.exe [273232 2016-06-02] (Lenovo)
S3 MyWiFiDHCPDNS; C:\Program Files\Intel\WiFi\bin\PanDhcpDns.exe [268192 2015-06-12] ()
R2 O2FLASH; C:\Windows\System32\drivers\o2flash.exe [82096 2015-05-20] (BayHubTech/O2Micro International)
R2 O2FLASH; C:\Windows\SysWOW64\drivers\o2flash.exe [82096 2015-05-20] (BayHubTech/O2Micro International)
R2 RealPlayerUpdateSvc; C:\Program Files (x86)\Real\UpdateService\RealPlayerUpdateSvc.exe [32544 2016-05-13] ()
R2 RealTimes Desktop Service; C:\Program Files (x86)\Real\RealPlayer\RPDS\Bin\rpdsvc.exe [1095440 2016-05-25] (RealNetworks, Inc.)
S3 ShareItSvc; C:\Program Files (x86)\SHAREit\SHAREit\Shareit.Service.exe [33224 2016-04-15] (SHAREit Technologies Co.Ltd)
R2 SynTPEnhService; C:\Program Files\Synaptics\SynTP\SynTPEnhService.exe [246376 2016-01-06] (Synaptics Incorporated)
S3 WdNisSvc; C:\Program Files\Windows Defender\NisSrv.exe [364464 2015-10-30] (Microsoft Corporation)
S3 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [24864 2015-10-30] (Microsoft Corporation)
R2 ymc; C:\ProgramData\LenovoTransition\Server\x64\ymc.exe [42424 2015-12-02] (Lenovo)
R2 YogaPLService; C:\ProgramData\Lenovo\PLHotkeyService\PLHotkeyService.exe [29112 2015-06-27] ()
R2 ZeroConfigService; C:\Program Files\Intel\WiFi\bin\ZeroConfigService.exe [3831200 2015-06-12] (Intel® Corporation)

===================== Drivers (Whitelisted) ==========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

S0 Avgboota; C:\Windows\System32\DRIVERS\avgboota.sys [21632 2016-01-07] (AVG Technologies CZ, s.r.o.)
R1 Avgdiska; C:\Windows\System32\DRIVERS\avgdiska.sys [162592 2016-02-16] (AVG Technologies CZ, s.r.o.)
R1 Avgfwfd; C:\Windows\system32\DRIVERS\avgfwd6a.sys [97208 2015-08-29] (AVG Technologies CZ, s.r.o.)
R1 AVGIDSDriver; C:\Windows\System32\DRIVERS\avgidsdrivera.sys [307456 2016-05-18] (AVG Technologies CZ, s.r.o.)
R0 AVGIDSHA; C:\Windows\System32\DRIVERS\avgidsha.sys [272304 2016-01-26] (AVG Technologies CZ, s.r.o.)
R1 Avgldx64; C:\Windows\System32\DRIVERS\avgldx64.sys [260352 2016-05-02] (AVG Technologies CZ, s.r.o.)
R0 Avgloga; C:\Windows\System32\DRIVERS\avgloga.sys [360736 2016-02-16] (AVG Technologies CZ, s.r.o.)
R0 Avgmfx64; C:\Windows\System32\DRIVERS\avgmfx64.sys [247040 2016-05-05] (AVG Technologies CZ, s.r.o.)
R0 Avgrkx64; C:\Windows\System32\DRIVERS\avgrkx64.sys [51968 2016-05-02] (AVG Technologies CZ, s.r.o.)
R0 avguniva; C:\Windows\System32\DRIVERS\avguniva.sys [71936 2016-05-05] (AVG Technologies CZ, s.r.o.)
R1 Avgwfpa; C:\Windows\system32\DRIVERS\avgwfpa.sys [315840 2015-12-16] (AVG Technologies CZ, s.r.o.)
S3 AX88772; C:\Windows\System32\drivers\ax88772.sys [111616 2015-10-30] (ASIX Electronics Corp.)
R3 dptf_cpu; C:\Windows\System32\drivers\dptf_cpu.sys [43512 2015-07-22] (Intel Corporation)
R3 esif_lf; C:\Windows\system32\DRIVERS\esif_lf.sys [251384 2015-07-22] (Intel Corporation)
R3 iaLPSS2_GPIO2; C:\Windows\System32\drivers\iaLPSS2_GPIO2.sys [84264 2015-06-16] (Intel Corporation)
R3 iaLPSS2_I2C; C:\Windows\System32\drivers\iaLPSS2_I2C.sys [185128 2015-06-16] (Intel Corporation)
R3 ibtusb; C:\Windows\system32\DRIVERS\ibtusb.sys [250096 2015-07-01] (Intel Corporation)
R3 MEIx64; C:\Windows\System32\drivers\TeeDriverW8x64.sys [184608 2015-07-07] (Intel Corporation)
S3 NETwNe64; C:\Windows\System32\drivers\NETwew01.sys [3343872 2015-10-30] (Intel Corporation)
R3 Netwtw02; C:\Windows\System32\drivers\Netwtw02.sys [7043336 2015-10-24] (Intel Corporation)
R3 O2FJ2RDR; C:\Windows\System32\drivers\O2FJ2x64.sys [201240 2015-05-20] (BayHubTech/O2Micro )
R3 rtsuvc; C:\Windows\system32\DRIVERS\rtsuvc.sys [3049176 2015-05-29] (Realtek Semiconductor Corp.)
R3 SynRMIHID; C:\Windows\system32\DRIVERS\SynRMIHID.sys [56936 2016-01-06] (Synaptics Incorporated)
S3 WdBoot; C:\Windows\system32\drivers\WdBoot.sys [44568 2015-10-30] (Microsoft Corporation)
S3 WdFilter; C:\Windows\system32\drivers\WdFilter.sys [293216 2015-10-30] (Microsoft Corporation)
S3 WdNisDrv; C:\Windows\System32\Drivers\WdNisDrv.sys [118112 2015-10-30] (Microsoft Corporation)

==================== NetSvcs (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

losdavos · Jul 3, 2016

==================== One Month Created files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2016-07-03 04:49 - 2016-07-03 04:49 - 00021719 _____ C:\Users\david\Desktop\FRST.txt

2016-07-03 04:49 - 2016-07-03 04:49 - 00000000 ____D C:\FRST

2016-07-03 04:46 - 2016-07-03 04:48 - 02390016 _____ (Farbar) C:\Users\david\Desktop\FRST64.exe

2016-07-01 10:56 - 2016-07-01 10:56 - 00932857 _____ C:\Users\david\Downloads\ssrc-readingsuperhero.pdf

2016-06-29 09:59 - 2016-07-02 12:50 - 00122368 ___SH C:\Users\david\Downloads\Thumbs.db

2016-06-29 02:28 - 2016-06-29 02:28 - 00000000 ___HD C:\OneDriveTemp

2016-06-29 02:27 - 2016-06-29 02:27 - 00004988 _____ C:\Users\david\Desktop\cc_registry backup 2 20160629_022608.reg

2016-06-29 02:26 - 2016-06-29 02:26 - 00034746 _____ C:\Users\david\Desktop\cc_registry backup 20160629_022608.reg

2016-06-29 02:24 - 2016-06-29 02:24 - 00002870 _____ C:\Windows\System32\Tasks\CCleanerSkipUAC

2016-06-29 02:24 - 2016-06-29 02:24 - 00000863 _____ C:\Users\Public\Desktop\CCleaner.lnk

2016-06-29 02:24 - 2016-06-29 02:24 - 00000000 ____D C:\Program Files\CCleaner

2016-06-26 22:21 - 2016-06-26 22:21 - 00001009 _____ C:\Users\Public\Desktop\AVG Protection.lnk

2016-06-26 22:21 - 2016-06-26 22:21 - 00000000 ___HD C:\$AVG

2016-06-26 22:21 - 2016-06-26 22:21 - 00000000 ____D C:\Users\david\AppData\Roaming\TuneUp Software

2016-06-26 22:21 - 2016-06-26 22:21 - 00000000 ____D C:\Users\david\AppData\Roaming\AVG

2016-06-26 22:21 - 2016-06-26 22:21 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AVG

2016-06-26 22:20 - 2016-07-03 04:44 - 00000000 ____D C:\ProgramData\MFAData

2016-06-26 22:20 - 2016-06-26 22:21 - 00000000 ____D C:\Program Files (x86)\AVG

2016-06-26 22:20 - 2016-06-26 22:20 - 00000000 ____D C:\Users\david\AppData\Local\MFAData

2016-06-26 22:17 - 2016-06-26 22:21 - 00000000 ____D C:\Users\david\AppData\Local\Avg

2016-06-26 22:17 - 2016-06-26 22:21 - 00000000 ____D C:\ProgramData\Avg

2016-06-26 22:17 - 2016-06-26 22:20 - 00000000 ____D C:\Users\david\AppData\Local\AvgSetupLog

2016-06-26 22:17 - 2016-06-26 22:17 - 03135880 _____ (AVG Technologies CZ, s.r.o.) C:\Users\david\Desktop\AVG_Internet_Security_742.exe

2016-06-25 23:19 - 2016-06-25 23:19 - 00000000 ____D C:\Users\david\AppData\LocalLow\Lenovo

2016-06-22 14:17 - 2016-06-22 14:17 - 00000000 ____D C:\Users\david\AppData\Roaming\Lenovo

2016-06-20 07:47 - 2016-06-20 07:47 - 00199193 ____T C:\Users\david\Desktop\go shuttle ticket.pdf

2016-06-20 07:26 - 2016-06-20 07:26 - 00035642 ____T C:\Users\david\Desktop\go shuttle receipt.pdf

2016-06-18 14:17 - 2016-06-18 14:17 - 00348376 _____ (Spotify Ltd) C:\Users\david\Downloads\SpotifySetup.exe

2016-06-18 14:16 - 2016-07-03 04:48 - 00000000 ____D C:\Users\david\AppData\Local\Spotify

2016-06-18 14:16 - 2016-07-02 21:45 - 00000000 ____D C:\Users\david\AppData\Roaming\Spotify

2016-06-18 14:16 - 2016-06-29 12:49 - 00001895 _____ C:\Users\david\Desktop\Spotify.lnk

2016-06-18 14:16 - 2016-06-29 12:49 - 00001881 _____ C:\Users\david\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Spotify.lnk

2016-06-18 08:29 - 2016-06-18 08:29 - 02369246 _____ C:\Users\david\Desktop\WaterTaxi_Winter_FY15.pdf

2016-06-17 01:24 - 2016-05-28 00:57 - 01372312 _____ (Microsoft Corporation) C:\Windows\SysWOW64\gdi32.dll

2016-06-17 01:24 - 2016-05-28 00:29 - 00045568 _____ (Adobe Systems) C:\Windows\system32\atmlib.dll

2016-06-17 01:24 - 2016-05-28 00:11 - 00504320 _____ (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll

2016-06-17 01:23 - 2016-05-28 02:13 - 01401024 _____ (Microsoft Corporation) C:\Windows\system32\appraiser.dll

2016-06-17 01:23 - 2016-05-28 02:13 - 01184960 _____ (Microsoft Corporation) C:\Windows\system32\aeinv.dll

2016-06-17 01:23 - 2016-05-28 02:13 - 00514752 _____ (Microsoft Corporation) C:\Windows\system32\devinv.dll

2016-06-17 01:23 - 2016-05-28 02:13 - 00290496 _____ (Microsoft Corporation) C:\Windows\system32\invagent.dll

2016-06-17 01:23 - 2016-05-28 02:13 - 00092352 _____ (Microsoft Corporation) C:\Windows\system32\acmigration.dll

2016-06-17 01:23 - 2016-05-28 02:13 - 00046784 _____ (Microsoft Corporation) C:\Windows\system32\CompatTelRunner.exe

2016-06-17 01:23 - 2016-05-28 01:25 - 04268880 _____ (Microsoft Corporation) C:\Windows\SysWOW64\setupapi.dll

2016-06-17 01:23 - 2016-05-28 01:23 - 00388384 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ws2_32.dll

2016-06-17 01:23 - 2016-05-28 01:23 - 00312160 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mswsock.dll

2016-06-17 01:23 - 2016-05-28 01:22 - 07474528 _____ (Microsoft Corporation) C:\Windows\system32\ntoskrnl.exe

2016-06-17 01:23 - 2016-05-28 01:22 - 04387680 _____ (Microsoft Corporation) C:\Windows\system32\setupapi.dll

2016-06-17 01:23 - 2016-05-28 01:22 - 00428896 _____ (Microsoft Corporation) C:\Windows\system32\hal.dll

2016-06-17 01:23 - 2016-05-28 01:22 - 00211296 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\tpm.sys

2016-06-17 01:23 - 2016-05-28 01:22 - 00118624 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\partmgr.sys

2016-06-17 01:23 - 2016-05-28 01:20 - 00430312 _____ (Microsoft Corporation) C:\Windows\system32\ws2_32.dll

2016-06-17 01:23 - 2016-05-28 01:18 - 00357216 _____ (Microsoft Corporation) C:\Windows\system32\mswsock.dll

2016-06-17 01:23 - 2016-05-28 01:16 - 00026408 _____ (Microsoft Corporation) C:\Windows\system32\wuauclt.exe

2016-06-17 01:23 - 2016-05-28 01:09 - 00501600 _____ (Microsoft Corporation) C:\Windows\SysWOW64\NetSetupEngine.dll

2016-06-17 01:23 - 2016-05-28 01:09 - 00170848 _____ (Microsoft Corporation) C:\Windows\system32\NetworkUXBroker.exe

2016-06-17 01:23 - 2016-05-28 01:09 - 00084832 _____ (Microsoft Corporation) C:\Windows\SysWOW64\NetSetupApi.dll

2016-06-17 01:23 - 2016-05-28 01:08 - 00693600 _____ (Microsoft Corporation) C:\Windows\system32\NetSetupEngine.dll

2016-06-17 01:23 - 2016-05-28 01:08 - 00258912 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ufx01000.sys

2016-06-17 01:23 - 2016-05-28 01:08 - 00115040 _____ (Microsoft Corporation) C:\Windows\system32\NetSetupApi.dll

2016-06-17 01:23 - 2016-05-28 01:07 - 03675512 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll

2016-06-17 01:23 - 2016-05-28 01:07 - 02921880 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll

2016-06-17 01:23 - 2016-05-28 01:07 - 01322248 _____ (Microsoft Corporation) C:\Windows\system32\ole32.dll

2016-06-17 01:23 - 2016-05-28 01:07 - 00957608 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ole32.dll

2016-06-17 01:23 - 2016-05-28 01:07 - 00808288 _____ (Microsoft Corporation) C:\Windows\system32\WWAHost.exe

2016-06-17 01:23 - 2016-05-28 01:07 - 00703840 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WWAHost.exe

2016-06-17 01:23 - 2016-05-28 01:07 - 00331616 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\pci.sys

2016-06-17 01:23 - 2016-05-28 01:06 - 22561256 _____ (Microsoft Corporation) C:\Windows\system32\shell32.dll

2016-06-17 01:23 - 2016-05-28 01:06 - 04074160 _____ (Microsoft Corporation) C:\Windows\SysWOW64\explorer.exe

2016-06-17 01:23 - 2016-05-28 01:06 - 00730344 _____ (Microsoft Corporation) C:\Windows\system32\Windows.Internal.Shell.Broker.dll

2016-06-17 01:23 - 2016-05-28 01:06 - 00303216 _____ (Microsoft Corporation) C:\Windows\system32\LockAppHost.exe

2016-06-17 01:23 - 2016-05-28 01:06 - 00254656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\LockAppHost.exe

2016-06-17 01:23 - 2016-05-28 01:05 - 04515264 _____ (Microsoft Corporation) C:\Windows\explorer.exe

2016-06-17 01:23 - 2016-05-28 01:04 - 00604928 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\cng.sys

2016-06-17 01:23 - 2016-05-28 01:04 - 00431296 _____ (Microsoft Corporation) C:\Windows\system32\bcryptprimitives.dll

2016-06-17 01:23 - 2016-05-28 01:04 - 00360480 _____ (Microsoft Corporation) C:\Windows\SysWOW64\bcryptprimitives.dll

2016-06-17 01:23 - 2016-05-28 01:04 - 00161632 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecpkg.sys

2016-06-17 01:23 - 2016-05-28 01:04 - 00111064 _____ (Microsoft Corporation) C:\Windows\system32\ncryptsslp.dll

2016-06-17 01:23 - 2016-05-28 01:04 - 00097096 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ncryptsslp.dll

2016-06-17 01:23 - 2016-05-28 01:03 - 00131248 _____ (Microsoft Corporation) C:\Windows\system32\gpapi.dll

2016-06-17 01:23 - 2016-05-28 00:58 - 01996640 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\dxgkrnl.sys

2016-06-17 01:23 - 2016-05-28 00:58 - 00379232 _____ (Adobe Systems Incorporated) C:\Windows\system32\atmfd.dll

2016-06-17 01:23 - 2016-05-28 00:57 - 02548944 _____ (Microsoft Corporation) C:\Windows\system32\d3d10warp.dll

2016-06-17 01:23 - 2016-05-28 00:57 - 02195632 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3d10warp.dll

2016-06-17 01:23 - 2016-05-28 00:57 - 01594416 _____ (Microsoft Corporation) C:\Windows\system32\gdi32.dll

2016-06-17 01:23 - 2016-05-28 00:57 - 00649792 _____ (Microsoft Corporation) C:\Windows\system32\dxgi.dll

2016-06-17 01:23 - 2016-05-28 00:57 - 00636304 _____ (Microsoft Corporation) C:\Windows\system32\fontdrvhost.exe

2016-06-17 01:23 - 2016-05-28 00:57 - 00577376 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\dxgmms2.sys

2016-06-17 01:23 - 2016-05-28 00:57 - 00546456 _____ (Microsoft Corporation) C:\Windows\SysWOW64\fontdrvhost.exe

2016-06-17 01:23 - 2016-05-28 00:57 - 00521664 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxgi.dll

2016-06-17 01:23 - 2016-05-28 00:57 - 00316256 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\atmfd.dll

2016-06-17 01:23 - 2016-05-28 00:35 - 00123392 _____ (Microsoft Corporation) C:\Windows\system32\tdlrecover.exe

2016-06-17 01:23 - 2016-05-28 00:35 - 00089088 _____ (Microsoft Corporation) C:\Windows\system32\MapsCSP.dll

2016-06-17 01:23 - 2016-05-28 00:35 - 00031744 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\dumpsdport.sys

2016-06-17 01:23 - 2016-05-28 00:31 - 00091648 _____ (Microsoft Corporation) C:\Windows\SysWOW64\tdlrecover.exe

2016-06-17 01:23 - 2016-05-28 00:31 - 00088576 _____ (Microsoft Corporation) C:\Windows\SysWOW64\olepro32.dll

2016-06-17 01:23 - 2016-05-28 00:31 - 00066560 _____ (Microsoft Corporation) C:\Windows\system32\MosHostClient.dll

2016-06-17 01:23 - 2016-05-28 00:29 - 22379008 _____ (Microsoft Corporation) C:\Windows\system32\edgehtml.dll

2016-06-17 01:23 - 2016-05-28 00:29 - 00079360 _____ (Microsoft Corporation) C:\Windows\system32\adhsvc.dll

2016-06-17 01:23 - 2016-05-28 00:29 - 00019456 _____ (Microsoft Corporation) C:\Windows\system32\httpprxp.dll

2016-06-17 01:23 - 2016-05-28 00:28 - 00166400 _____ (Microsoft Corporation) C:\Windows\system32\MusNotification.exe

2016-06-17 01:23 - 2016-05-28 00:28 - 00118272 _____ (Microsoft Corporation) C:\Windows\system32\fontsub.dll

2016-06-17 01:23 - 2016-05-28 00:28 - 00090112 _____ (Microsoft Corporation) C:\Windows\system32\FwRemoteSvr.dll

2016-06-17 01:23 - 2016-05-28 00:27 - 00050176 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MosHostClient.dll

2016-06-17 01:23 - 2016-05-28 00:27 - 00028672 _____ (Microsoft Corporation) C:\Windows\system32\mapsupdatetask.dll

2016-06-17 01:23 - 2016-05-28 00:26 - 00199168 _____ (Microsoft Corporation) C:\Windows\system32\InstallAgent.exe

2016-06-17 01:23 - 2016-05-28 00:26 - 00157184 _____ (Microsoft Corporation) C:\Windows\system32\dmcertinst.exe

2016-06-17 01:23 - 2016-05-28 00:26 - 00145920 _____ (Microsoft Corporation) C:\Windows\system32\omadmclient.exe

2016-06-17 01:23 - 2016-05-28 00:26 - 00120320 _____ (Microsoft Corporation) C:\Windows\system32\MapsBtSvc.dll

2016-06-17 01:23 - 2016-05-28 00:26 - 00074752 _____ (Microsoft Corporation) C:\Windows\system32\MosStorage.dll

2016-06-17 01:23 - 2016-05-28 00:25 - 00112640 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\bthenum.sys

2016-06-17 01:23 - 2016-05-28 00:25 - 00037376 _____ (Adobe Systems) C:\Windows\SysWOW64\atmlib.dll

2016-06-17 01:23 - 2016-05-28 00:24 - 00218624 _____ (Microsoft Corporation) C:\Windows\system32\cdd.dll

2016-06-17 01:23 - 2016-05-28 00:24 - 00124928 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\Ndu.sys

2016-06-17 01:23 - 2016-05-28 00:24 - 00093696 _____ (Microsoft Corporation) C:\Windows\SysWOW64\fontsub.dll

2016-06-17 01:23 - 2016-05-28 00:24 - 00091136 _____ (Microsoft Corporation) C:\Windows\system32\browserbroker.dll

2016-06-17 01:23 - 2016-05-28 00:24 - 00086528 _____ (Microsoft Corporation) C:\Windows\system32\AppCapture.dll

2016-06-17 01:23 - 2016-05-28 00:24 - 00072704 _____ (Microsoft Corporation) C:\Windows\system32\moshost.dll

2016-06-17 01:23 - 2016-05-28 00:24 - 00067072 _____ (Microsoft Corporation) C:\Windows\system32\dhcpcsvc6.dll

2016-06-17 01:23 - 2016-05-28 00:24 - 00053760 _____ (Microsoft Corporation) C:\Windows\SysWOW64\FwRemoteSvr.dll

2016-06-17 01:23 - 2016-05-28 00:23 - 00155136 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\hidclass.sys

2016-06-17 01:23 - 2016-05-28 00:23 - 00086016 _____ (Microsoft Corporation) C:\Windows\system32\dhcpcsvc.dll

2016-06-17 01:23 - 2016-05-28 00:22 - 00406528 _____ (Microsoft Corporation) C:\Windows\system32\MusUpdateHandlers.dll

2016-06-17 01:23 - 2016-05-28 00:22 - 00368640 _____ (Microsoft Corporation) C:\Windows\system32\usocore.dll

2016-06-17 01:23 - 2016-05-28 00:22 - 00278528 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\netbt.sys

2016-06-17 01:23 - 2016-05-28 00:22 - 00269824 _____ (Microsoft Corporation) C:\Windows\system32\moshostcore.dll

2016-06-17 01:23 - 2016-05-28 00:22 - 00163328 _____ (Microsoft Corporation) C:\Windows\system32\tetheringservice.dll

2016-06-17 01:23 - 2016-05-28 00:22 - 00161280 _____ (Microsoft Corporation) C:\Windows\SysWOW64\InstallAgent.exe

2016-06-17 01:23 - 2016-05-28 00:22 - 00087040 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MapsBtSvc.dll

2016-06-17 01:23 - 2016-05-28 00:22 - 00079872 _____ (Microsoft Corporation) C:\Windows\system32\cryptsvc.dll

2016-06-17 01:23 - 2016-05-28 00:22 - 00059904 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MosStorage.dll

2016-06-17 01:23 - 2016-05-28 00:21 - 00550912 _____ (Microsoft Corporation) C:\Windows\system32\StoreAgent.dll

2016-06-17 01:23 - 2016-05-28 00:21 - 00239104 _____ (Microsoft Corporation) C:\Windows\system32\BrokerLib.dll

2016-06-17 01:23 - 2016-05-28 00:21 - 00207360 _____ (Microsoft Corporation) C:\Windows\system32\NetSetupSvc.dll

2016-06-17 01:23 - 2016-05-28 00:21 - 00190464 _____ (Microsoft Corporation) C:\Windows\system32\wscsvc.dll

2016-06-17 01:23 - 2016-05-28 00:20 - 00641536 _____ (Microsoft Corporation) C:\Windows\system32\enterprisecsps.dll

2016-06-17 01:23 - 2016-05-28 00:20 - 00511488 _____ (Microsoft Corporation) C:\Windows\system32\newdev.dll

2016-06-17 01:23 - 2016-05-28 00:20 - 00332288 _____ (Microsoft Corporation) C:\Windows\system32\polstore.dll

2016-06-17 01:23 - 2016-05-28 00:20 - 00267264 _____ (Microsoft Corporation) C:\Windows\system32\dhcpcore6.dll

2016-06-17 01:23 - 2016-05-28 00:20 - 00199168 _____ (Microsoft Corporation) C:\Windows\system32\GnssAdapter.dll

2016-06-17 01:23 - 2016-05-28 00:20 - 00174080 _____ (Microsoft Corporation) C:\Windows\system32\SettingsHandlers_Privacy.dll

2016-06-17 01:23 - 2016-05-28 00:20 - 00057344 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dhcpcsvc6.dll

2016-06-17 01:23 - 2016-05-28 00:19 - 24605696 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll

2016-06-17 01:23 - 2016-05-28 00:19 - 00764928 _____ (Microsoft Corporation) C:\Windows\system32\Chakradiag.dll

2016-06-17 01:23 - 2016-05-28 00:19 - 00567808 _____ (Microsoft Corporation) C:\Windows\system32\MBMediaManager.dll

2016-06-17 01:23 - 2016-05-28 00:19 - 00414720 _____ (Microsoft Corporation) C:\Windows\system32\bcastdvr.exe

2016-06-17 01:23 - 2016-05-28 00:19 - 00355840 _____ (Microsoft Corporation) C:\Windows\system32\dhcpcore.dll

2016-06-17 01:23 - 2016-05-28 00:19 - 00064000 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dhcpcsvc.dll

2016-06-17 01:23 - 2016-05-28 00:18 - 11545088 _____ (Microsoft Corporation) C:\Windows\system32\twinui.dll

2016-06-17 01:23 - 2016-05-28 00:18 - 07977472 _____ (Microsoft Corporation) C:\Windows\system32\mos.dll

2016-06-17 01:23 - 2016-05-28 00:18 - 00610816 _____ (Microsoft Corporation) C:\Windows\system32\rastls.dll

2016-06-17 01:23 - 2016-05-28 00:18 - 00591360 _____ (Microsoft Corporation) C:\Windows\system32\vpnike.dll

2016-06-17 01:23 - 2016-05-28 00:18 - 00460800 _____ (Microsoft Corporation) C:\Windows\system32\MapConfiguration.dll

2016-06-17 01:23 - 2016-05-28 00:18 - 00392192 _____ (Microsoft Corporation) C:\Windows\system32\IPSECSVC.DLL

2016-06-17 01:23 - 2016-05-28 00:18 - 00380416 _____ (Microsoft Corporation) C:\Windows\system32\SystemEventsBrokerServer.dll

2016-06-17 01:23 - 2016-05-28 00:18 - 00285184 _____ (Microsoft Corporation) C:\Windows\system32\VEEventDispatcher.dll

2016-06-17 01:23 - 2016-05-28 00:17 - 09918976 _____ (Microsoft Corporation) C:\Windows\SysWOW64\twinui.dll

2016-06-17 01:23 - 2016-05-28 00:17 - 00963072 _____ (Microsoft Corporation) C:\Windows\system32\iphlpsvc.dll

2016-06-17 01:23 - 2016-05-28 00:17 - 00630784 _____ (Microsoft Corporation) C:\Windows\system32\MessagingDataModel2.dll

2016-06-17 01:23 - 2016-05-28 00:17 - 00485888 _____ (Microsoft Corporation) C:\Windows\SysWOW64\newdev.dll

2016-06-17 01:23 - 2016-05-28 00:17 - 00415232 _____ (Microsoft Corporation) C:\Windows\SysWOW64\StoreAgent.dll

2016-06-17 01:23 - 2016-05-28 00:17 - 00315392 _____ (Microsoft Corporation) C:\Windows\system32\RDXTaskFactory.dll

2016-06-17 01:23 - 2016-05-28 00:17 - 00278016 _____ (Microsoft Corporation) C:\Windows\system32\Windows.Internal.Management.dll

2016-06-17 01:23 - 2016-05-28 00:17 - 00173056 _____ (Microsoft Corporation) C:\Windows\system32\mdmmigrator.dll

2016-06-17 01:23 - 2016-05-28 00:16 - 19344384 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll

2016-06-17 01:23 - 2016-05-28 00:16 - 00690176 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\srv2.sys

2016-06-17 01:23 - 2016-05-28 00:16 - 00684544 _____ (Microsoft Corporation) C:\Windows\system32\StructuredQuery.dll

2016-06-17 01:23 - 2016-05-28 00:16 - 00592896 _____ (Microsoft Corporation) C:\Windows\system32\AppContracts.dll

2016-06-17 01:23 - 2016-05-28 00:16 - 00503808 _____ (Microsoft Corporation) C:\Windows\system32\tileobjserver.dll

2016-06-17 01:23 - 2016-05-28 00:16 - 00406528 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\srv.sys

2016-06-17 01:23 - 2016-05-28 00:16 - 00291328 _____ (Microsoft Corporation) C:\Windows\SysWOW64\polstore.dll

2016-06-17 01:23 - 2016-05-28 00:16 - 00230400 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dhcpcore6.dll

2016-06-17 01:23 - 2016-05-28 00:15 - 01056256 _____ (Microsoft Corporation) C:\Windows\system32\JpMapControl.dll

2016-06-17 01:23 - 2016-05-28 00:15 - 00853504 _____ (Microsoft Corporation) C:\Windows\system32\MapsStore.dll

2016-06-17 01:23 - 2016-05-28 00:15 - 00794624 _____ (Microsoft Corporation) C:\Windows\system32\winhttp.dll

2016-06-17 01:23 - 2016-05-28 00:15 - 00535040 _____ (Microsoft Corporation) C:\Windows\SysWOW64\rastls.dll

2016-06-17 01:23 - 2016-05-28 00:15 - 00349696 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MapConfiguration.dll

2016-06-17 01:23 - 2016-05-28 00:15 - 00293888 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dhcpcore.dll

2016-06-17 01:23 - 2016-05-28 00:15 - 00237056 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\srvnet.sys

2016-06-17 01:23 - 2016-05-28 00:14 - 18674176 _____ (Microsoft Corporation) C:\Windows\SysWOW64\edgehtml.dll

2016-06-17 01:23 - 2016-05-28 00:14 - 01716736 _____ (Microsoft Corporation) C:\Windows\system32\SRHInproc.dll

2016-06-17 01:23 - 2016-05-28 00:14 - 00988160 _____ (Microsoft Corporation) C:\Windows\system32\NMAA.dll

2016-06-17 01:23 - 2016-05-28 00:14 - 00965632 _____ (Microsoft Corporation) C:\Windows\system32\SRH.dll

2016-06-17 01:23 - 2016-05-28 00:14 - 00784384 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll

2016-06-17 01:23 - 2016-05-28 00:14 - 00606208 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll

2016-06-17 01:23 - 2016-05-28 00:14 - 00499712 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MessagingDataModel2.dll

2016-06-17 01:23 - 2016-05-28 00:14 - 00219136 _____ (Microsoft Corporation) C:\Windows\SysWOW64\VEEventDispatcher.dll

2016-06-17 01:23 - 2016-05-28 00:14 - 00200192 _____ (Microsoft Corporation) C:\Windows\SysWOW64\Windows.Internal.Management.dll

2016-06-17 01:23 - 2016-05-28 00:13 - 01387520 _____ (Microsoft Corporation) C:\Windows\system32\win32kbase.sys

2016-06-17 01:23 - 2016-05-28 00:13 - 00990208 _____ (Microsoft Corporation) C:\Windows\system32\SharedStartModel.dll

2016-06-17 01:23 - 2016-05-28 00:13 - 00982016 _____ (Microsoft Corporation) C:\Windows\system32\AppxPackaging.dll

2016-06-17 01:23 - 2016-05-28 00:13 - 00954368 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\bthport.sys

2016-06-17 01:23 - 2016-05-28 00:13 - 00939520 _____ (Microsoft Corporation) C:\Windows\system32\MapControlCore.dll

2016-06-17 01:23 - 2016-05-28 00:13 - 00587776 _____ (Microsoft Corporation) C:\Windows\system32\bisrv.dll

2016-06-17 01:23 - 2016-05-28 00:13 - 00467456 _____ (Microsoft Corporation) C:\Windows\SysWOW64\AppContracts.dll

2016-06-17 01:23 - 2016-05-28 00:13 - 00084992 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\BTHUSB.SYS

2016-06-17 01:23 - 2016-05-28 00:12 - 00800768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\JpMapControl.dll

2016-06-17 01:23 - 2016-05-28 00:12 - 00614400 _____ (Microsoft Corporation) C:\Windows\SysWOW64\winhttp.dll

2016-06-17 01:23 - 2016-05-28 00:12 - 00521728 _____ (Microsoft Corporation) C:\Windows\SysWOW64\StructuredQuery.dll

2016-06-17 01:23 - 2016-05-28 00:11 - 01445888 _____ (Microsoft Corporation) C:\Windows\SysWOW64\SRHInproc.dll

2016-06-17 01:23 - 2016-05-28 00:11 - 00890368 _____ (Microsoft Corporation) C:\Windows\SysWOW64\AppxPackaging.dll

2016-06-17 01:23 - 2016-05-28 00:11 - 00799744 _____ (Microsoft Corporation) C:\Windows\SysWOW64\SRH.dll

2016-06-17 01:23 - 2016-05-28 00:11 - 00784896 _____ (Microsoft Corporation) C:\Windows\SysWOW64\NMAA.dll

2016-06-17 01:23 - 2016-05-28 00:11 - 00711680 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MapControlCore.dll

2016-06-17 01:23 - 2016-05-28 00:11 - 00687616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll

2016-06-17 01:23 - 2016-05-28 00:11 - 00128512 _____ (Microsoft Corporation) C:\Windows\system32\httpprxm.dll

2016-06-17 01:23 - 2016-05-28 00:09 - 01073152 _____ (Microsoft Corporation) C:\Windows\system32\RDXService.dll

2016-06-17 01:23 - 2016-05-28 00:08 - 13385728 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll

2016-06-17 01:23 - 2016-05-28 00:08 - 06295552 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mos.dll

2016-06-17 01:23 - 2016-05-28 00:06 - 12128256 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll

2016-06-17 01:23 - 2016-05-28 00:06 - 07200256 _____ (Microsoft Corporation) C:\Windows\system32\BingMaps.dll

2016-06-17 01:23 - 2016-05-28 00:06 - 01339904 _____ (Microsoft Corporation) C:\Windows\system32\gpsvc.dll

2016-06-17 01:23 - 2016-05-28 00:05 - 03994624 _____ (Microsoft Corporation) C:\Windows\system32\SettingsHandlers_nt.dll

2016-06-17 01:23 - 2016-05-28 00:05 - 03664896 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll

2016-06-17 01:23 - 2016-05-28 00:05 - 02582016 _____ (Microsoft Corporation) C:\Windows\system32\MFMediaEngine.dll

2016-06-17 01:23 - 2016-05-28 00:05 - 01797120 _____ (Microsoft Corporation) C:\Windows\system32\Windows.UI.Immersive.dll

2016-06-17 01:23 - 2016-05-28 00:04 - 06973952 _____ (Microsoft Corporation) C:\Windows\system32\Windows.Data.Pdf.dll

2016-06-17 01:23 - 2016-05-28 00:04 - 00555520 _____ (Microsoft Corporation) C:\Windows\system32\SyncController.dll

2016-06-17 01:23 - 2016-05-28 00:04 - 00450560 _____ (Microsoft Corporation) C:\Windows\SysWOW64\SyncController.dll

2016-06-17 01:23 - 2016-05-28 00:03 - 05323776 _____ (Microsoft Corporation) C:\Windows\SysWOW64\Windows.Data.Pdf.dll

2016-06-17 01:23 - 2016-05-28 00:03 - 05205504 _____ (Microsoft Corporation) C:\Windows\SysWOW64\BingMaps.dll

2016-06-17 01:23 - 2016-05-28 00:03 - 02609664 _____ (Microsoft Corporation) C:\Windows\system32\NetworkMobileSettings.dll

2016-06-17 01:23 - 2016-05-28 00:03 - 01185280 _____ (Microsoft Corporation) C:\Windows\SysWOW64\LocationFramework.dll

2016-06-17 01:23 - 2016-05-28 00:03 - 00693760 _____ (Microsoft Corporation) C:\Windows\system32\internetmail.dll

2016-06-17 01:23 - 2016-05-28 00:03 - 00417792 _____ (Microsoft Corporation) C:\Windows\system32\dmenrollengine.dll

2016-06-17 01:23 - 2016-05-28 00:02 - 03590144 _____ (Microsoft Corporation) C:\Windows\system32\win32kfull.sys

2016-06-17 01:23 - 2016-05-28 00:02 - 02061824 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MFMediaEngine.dll

2016-06-17 01:23 - 2016-05-28 00:02 - 01534464 _____ (Microsoft Corporation) C:\Windows\system32\LocationFramework.dll

2016-06-17 01:23 - 2016-05-28 00:02 - 00103424 _____ (Microsoft Corporation) C:\Windows\SysWOW64\updatepolicy.dll

2016-06-17 01:23 - 2016-05-28 00:01 - 01799680 _____ (Microsoft Corporation) C:\Windows\SysWOW64\Windows.UI.Logon.dll

2016-06-17 01:23 - 2016-05-28 00:01 - 01582080 _____ (Microsoft Corporation) C:\Windows\SysWOW64\Windows.UI.Immersive.dll

2016-06-17 01:23 - 2016-05-28 00:01 - 01500160 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll

2016-06-17 01:23 - 2016-05-28 00:01 - 00111104 _____ (Microsoft Corporation) C:\Windows\system32\updatepolicy.dll

2016-06-17 01:23 - 2016-05-28 00:00 - 05660160 _____ (Microsoft Corporation) C:\Windows\SysWOW64\Chakra.dll

2016-06-17 01:23 - 2016-05-28 00:00 - 03585536 _____ (Microsoft Corporation) C:\Windows\system32\SystemSettingsThresholdAdminFlowUI.dll

2016-06-17 01:23 - 2016-05-28 00:00 - 02635776 _____ (Microsoft Corporation) C:\Windows\system32\Windows.UI.Logon.dll

2016-06-17 01:23 - 2016-05-28 00:00 - 02230272 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll

2016-06-17 01:23 - 2016-05-28 00:00 - 02168320 _____ (Microsoft Corporation) C:\Windows\system32\AppXDeploymentServer.dll

2016-06-17 01:23 - 2016-05-28 00:00 - 01730560 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll

2016-06-17 01:23 - 2016-05-28 00:00 - 01707520 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ActiveSyncProvider.dll

2016-06-17 01:23 - 2016-05-28 00:00 - 00162816 _____ (Microsoft Corporation) C:\Windows\system32\enrollmentapi.dll

2016-06-17 01:23 - 2016-05-28 00:00 - 00151040 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mdmregistration.dll

2016-06-17 01:23 - 2016-05-28 00:00 - 00090624 _____ (Microsoft Corporation) C:\Windows\system32\DeviceEnroller.exe

2016-06-17 01:23 - 2016-05-27 23:59 - 00176640 _____ (Microsoft Corporation) C:\Windows\system32\mdmregistration.dll

2016-06-17 01:23 - 2016-05-27 23:58 - 07832576 _____ (Microsoft Corporation) C:\Windows\system32\Chakra.dll

2016-06-17 01:23 - 2016-05-27 23:58 - 04896256 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll

2016-06-17 01:23 - 2016-05-27 23:58 - 02755584 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll

2016-06-17 01:23 - 2016-05-27 23:58 - 02066432 _____ (Microsoft Corporation) C:\Windows\system32\AppXDeploymentExtensions.dll

2016-06-17 01:23 - 2016-05-27 23:58 - 01996288 _____ (Microsoft Corporation) C:\Windows\system32\ActiveSyncProvider.dll

2016-06-17 01:23 - 2016-05-27 23:57 - 02281472 _____ (Microsoft Corporation) C:\Windows\system32\wuaueng.dll

2016-06-17 01:23 - 2016-05-27 23:55 - 01390080 _____ (Microsoft Corporation) C:\Windows\system32\Windows.UI.Shell.dll

2016-06-17 01:23 - 2016-05-27 23:53 - 00076800 _____ (Microsoft Corporation) C:\Windows\system32\ngcpopkeysrv.dll

2016-06-14 14:30 - 2016-06-14 14:30 - 00611400 _____ () C:\Users\david\Downloads\LSBsetup.exe

2016-06-14 14:30 - 2016-06-14 14:30 - 00000000 ____D C:\Users\david\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Lenovo

2016-06-14 14:30 - 2016-06-14 14:30 - 00000000 ____D C:\Users\david\AppData\Local\Deployment

2016-06-14 14:30 - 2016-06-14 14:30 - 00000000 ____D C:\Users\david\AppData\Local\Apps\2.0

2016-06-11 10:40 - 2016-06-11 10:41 - 00000000 ____D C:\Users\david\AppData\Local\mozysync

2016-06-11 10:40 - 2016-06-11 10:40 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozy

2016-06-11 10:40 - 2016-06-11 10:40 - 00000000 ____D C:\Program Files\Mozy Sync

2016-06-06 14:15 - 2016-06-29 02:28 - 00159232 ___SH C:\Users\david\Desktop\Thumbs.db

2016-06-04 06:24 - 2016-06-04 06:24 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\SHAREit

losdavos · Jul 3, 2016

==================== One Month Modified files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2016-07-03 04:48 - 2016-05-03 20:06 - 00000000 ___RD C:\Users\david\OneDrive
2016-07-03 04:44 - 2016-05-04 01:33 - 00000938 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2016-07-02 22:00 - 2015-10-30 03:24 - 00000000 ____D C:\Windows\AppReadiness
2016-07-02 19:53 - 2015-11-03 15:28 - 00881036 _____ C:\Windows\system32\PerfStringBackup.INI
2016-07-02 19:53 - 2015-10-30 03:21 - 00000000 ____D C:\Windows\INF
2016-07-02 10:44 - 2016-05-04 01:33 - 00000934 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2016-07-02 01:43 - 2015-10-30 03:24 - 00000000 ___HD C:\Program Files\WindowsApps
2016-06-30 01:16 - 2016-05-03 20:05 - 00000000 ____D C:\Users\david\AppData\Local\Packages
2016-06-29 02:28 - 2016-05-03 20:05 - 00000000 __SHD C:\Users\david\IntelGraphicsProfiles
2016-06-29 02:28 - 2016-05-03 20:03 - 00000180 _____ C:\Windows\system32\{A6D608F0-0BDE-491A-97AE-5C4B05D86E01}.bat
2016-06-29 02:27 - 2016-05-03 20:03 - 00000000 ____D C:\Users\david
2016-06-29 02:25 - 2016-05-20 14:38 - 00000000 ____D C:\Windows\Minidump
2016-06-29 02:25 - 2015-11-03 14:11 - 00000000 ____D C:\Windows\Panther
2016-06-26 22:22 - 2015-10-30 02:28 - 00032768 ___SH C:\Windows\system32\config\ELAM
2016-06-26 22:21 - 2015-10-30 03:24 - 00000000 ___HD C:\Windows\ELAMBKUP
2016-06-25 23:19 - 2016-05-24 10:37 - 00000000 ____D C:\Users\david\AppData\Local\Lenovo
2016-06-25 23:19 - 2016-04-08 19:18 - 00000000 ____D C:\ProgramData\Lenovo
2016-06-22 21:19 - 2015-10-30 03:24 - 00000000 ____D C:\ProgramData\regid.1991-06.com.microsoft
2016-06-22 21:18 - 2016-04-08 19:19 - 00000000 ____D C:\Program Files (x86)\Microsoft Office
2016-06-22 15:14 - 2016-04-08 19:18 - 00000000 ____D C:\Program Files\Lenovo
2016-06-22 15:14 - 2016-04-08 19:18 - 00000000 ____D C:\Program Files (x86)\Lenovo
2016-06-22 14:17 - 2016-05-04 02:25 - 00000000 ____D C:\Users\david\AppData\Local\LSC
2016-06-22 14:17 - 2016-05-04 01:24 - 00002158 _____ C:\Users\Public\Desktop\Lenovo Solution Center.lnk
2016-06-22 14:17 - 2016-04-08 19:20 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Lenovo
2016-06-22 14:17 - 2016-04-08 19:18 - 00000000 ____D C:\Windows\System32\Tasks\Lenovo
2016-06-22 14:16 - 2016-04-08 19:17 - 00000000 ____D C:\Windows\Downloaded Installations
2016-06-21 03:23 - 2016-05-04 02:55 - 00000000 ___RD C:\Users\david\3D Objects
2016-06-20 11:36 - 2015-10-30 03:24 - 00000000 ____D C:\Windows\rescache
2016-06-19 01:56 - 2015-11-03 15:24 - 00000006 ____H C:\Windows\Tasks\SA.DAT
2016-06-19 01:56 - 2015-11-03 15:24 - 00000000 __RHD C:\Users\Public\AccountPictures
2016-06-19 01:56 - 2015-10-30 02:28 - 00524288 ___SH C:\Windows\system32\config\BBI
2016-06-19 01:55 - 2015-11-03 15:23 - 00332240 _____ C:\Windows\system32\FNTCACHE.DAT
2016-06-19 01:54 - 2015-10-30 03:24 - 00000000 ___SD C:\Windows\system32\DiagSvcs
2016-06-19 01:54 - 2015-10-30 03:24 - 00000000 ____D C:\Windows\system32\SystemResetPlatform
2016-06-19 01:54 - 2015-10-30 03:24 - 00000000 ____D C:\Windows\bcastdvr
2016-06-18 02:45 - 2016-05-04 01:33 - 00002272 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk
2016-06-18 02:45 - 2016-05-04 01:33 - 00002260 _____ C:\Users\Public\Desktop\Google Chrome.lnk
2016-06-18 02:29 - 2016-05-04 02:59 - 00000000 ____D C:\Users\david\Documents\Sound recordings
2016-06-17 14:05 - 2015-10-30 03:24 - 00000000 ____D C:\Windows\system32\NDF
2016-06-17 12:31 - 2015-10-30 03:11 - 00000000 ____D C:\Windows\CbsTemp
2016-06-17 12:30 - 2016-05-12 11:47 - 00000000 ____D C:\Windows\system32\MRT
2016-06-17 12:28 - 2016-05-12 11:46 - 142482544 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe
2016-06-15 16:40 - 2016-05-05 01:31 - 00484008 ____N (Microsoft Corporation) C:\Windows\system32\MpSigStub.exe
2016-06-14 14:33 - 2015-10-30 03:26 - 00828408 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2016-06-14 14:33 - 2015-10-30 03:26 - 00176632 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2016-06-04 06:24 - 2016-05-04 01:25 - 00001186 _____ C:\Users\Public\Desktop\SHAREit.lnk
2016-06-03 15:26 - 2016-05-25 12:27 - 00000000 ____D C:\Users\david\AppData\Roaming\Audacity

==================== Files in the root of some directories =======

2016-04-08 19:42 - 2016-04-08 19:42 - 0000000 ____H () C:\ProgramData\DP45977C.lfl
2016-04-08 19:43 - 2016-04-08 19:43 - 0000102 _____ () C:\ProgramData\Microsoft.SqlServer.Compact.400.64.bc

==================== Bamital & volsnap =================

(There is no automatic fix for files that do not pass verification.)

C:\Windows\system32\winlogon.exe => File is digitally signed
C:\Windows\system32\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\system32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\system32\services.exe => File is digitally signed
C:\Windows\system32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\system32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\system32\rpcss.dll => File is digitally signed
C:\Windows\system32\dnsapi.dll => File is digitally signed
C:\Windows\SysWOW64\dnsapi.dll => File is digitally signed
C:\Windows\system32\Drivers\volsnap.sys => File is digitally signed

LastRegBack: 2016-06-27 11:29

==================== End of FRST.txt ============================

Additional scan result of Farbar Recovery Scan Tool (x64) Version: 02-07-2016
Ran by david (2016-07-03 04:49:43)
Running from C:\Users\david\Desktop
Windows 10 Home Version 1511 (X64) (2016-05-04 00:03:05)
Boot Mode: Normal
==========================================================

==================== Accounts: =============================

Administrator (S-1-5-21-483386053-2290206261-2764208400-500 - Administrator - Disabled)
david (S-1-5-21-483386053-2290206261-2764208400-1001 - Administrator - Enabled) => C:\Users\david
DefaultAccount (S-1-5-21-483386053-2290206261-2764208400-503 - Limited - Disabled)
Guest (S-1-5-21-483386053-2290206261-2764208400-501 - Limited - Disabled)
HomeGroupUser$ (S-1-5-21-483386053-2290206261-2764208400-1003 - Limited - Enabled)

==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AV: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AV: AVG Internet Security (Enabled - Up to date) {4D41356F-32AD-7C42-C820-63775EE4F413}
AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: AVG Internet Security (Enabled - Up to date) {F620D48B-1497-73CC-F290-58052563BEAE}
FW: AVG Internet Security (Enabled) {757AB44A-78C2-7D1A-E37F-CA42A037B368}

==================== Installed Programs ======================

(Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

Adobe Acrobat Reader DC (HKLM-x32\...\{AC76BA86-7AD7-1033-7B44-AC0F074E4100}) (Version: 15.016.20045 - Adobe Systems Incorporated)
Audacity 2.1.2 (HKLM-x32\...\Audacity®_is1) (Version: 2.1.2 - Audacity Team)
AVG (Version: 16.81.7640 - AVG Technologies) Hidden
AVG 2016 (Version: 16.0.4627 - AVG Technologies) Hidden
AVG Protection (HKLM\...\AVG) (Version: 2016.81.7640 - AVG Technologies)
CCleaner (HKLM\...\CCleaner) (Version: 5.19 - Piriform)
Dolby Audio X2 Windows API SDK (HKLM\...\{6A478BF2-F67F-4ABC-A7F1-B6B5BA862371}) (Version: 0.5.2.32 - Dolby Laboratories, Inc.)
Dolby Audio X2 Windows APP (HKLM\...\{7DA57EF8-9D20-4126-AF15-D0CC97D0C017}) (Version: 0.4.0.22 - Dolby Laboratories, Inc.)
FMW 1 (Version: 1.102.4 - AVG Technologies) Hidden
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 51.0.2704.103 - Google Inc.)
Google Update Helper (x32 Version: 1.3.30.3 - Google Inc.) Hidden
Intel(R) Chipset Device Software (x32 Version: 10.1.1.9 - Intel(R) Corporation) Hidden
Intel(R) Dynamic Platform and Thermal Framework (HKLM-x32\...\{654EE65D-FAA4-4EA6-8C07-DC94E6A304D4}) (Version: 8.1.10602.174 - Intel Corporation)
Intel(R) Management Engine Components (HKLM\...\{1CEAC85D-2590-4760-800F-8DE5E91F3700}) (Version: 11.0.0.1159 - Intel Corporation)
Intel(R) Processor Graphics (HKLM-x32\...\{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}) (Version: 20.19.15.4326 - Intel Corporation)
Intel(R) Rapid Storage Technology (HKLM\...\{409CB30E-E457-4008-9B1A-ED1B9EA21140}) (Version: 14.5.0.1081 - Intel Corporation)
Intel(R) Serial IO (HKLM\...\{9FD91C5C-44AE-4D9D-85BE-AE52816B0294}) (Version: 30.100.1519.7 - Intel Corporation)
Intel(R) Wireless Bluetooth(R) (HKLM-x32\...\{588DA478-D4FF-48E3-8290-49F8C4B21283}) (Version: 18.1.1527.1551 - Intel Corporation)
Intel® PROSet/Wireless Software (HKLM-x32\...\{2498cbe5-cf23-40b7-970b-cb36f8cee3c5}) (Version: 18.12.2 - Intel Corporation)
LAME v3.99.3 (for Windows) (HKLM-x32\...\LAME_is1) (Version: - )
Lenovo BatteryGauge (HKLM\...\{CBEDEC16-C4F5-4255-99E4-5884EFEDD1BC}) (Version: 1.0.045.00 - Lenovo)
Lenovo EasyCamera (HKLM-x32\...\{E399A5B3-ED53-4DEA-AF04-8011E1EB1EAC}) (Version: 6.3.9600.11103 - Realtek Semiconductor Corp.)
Lenovo QuickOptimizer (HKLM\...\{8D2C871B-1B9F-45AC-9C43-2BB18089CDFA}) (Version: 1.0.019.00 - Lenovo)
Lenovo Service Bridge (HKU\S-1-5-21-483386053-2290206261-2764208400-1001\...\dda9ca0b023f4c56) (Version: 1.6.3.3 - Lenovo)
Lenovo Solution Center (HKLM\...\{C1FC707B-AE6B-4DC4-89A5-6628A01F8103}) (Version: 3.3.003.00 - Lenovo)
Lenovo System Interface Foundation (HKLM\...\{C2E5CA37-C862-4A69-AC6D-24F450A20C16}) (Version: 1.0.059.01 - Lenovo)
LenovoUtility (HKLM-x32\...\InstallShield_{6ADA7E88-8D16-4D0D-BC90-2B93AC5E56DA}) (Version: 3.0.0.3 - Lenovo)
LenovoUtility (x32 Version: 3.0.0.3 - Lenovo) Hidden
Microsoft Office 365 - en-us (HKLM\...\O365HomePremRetail - en-us) (Version: 16.0.6965.2058 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x64) - 12.0.30501 (HKLM-x32\...\{050d4fc8-5d48-4b8f-8972-47c82c46020f}) (Version: 12.0.30501.0 - Microsoft Corporation)
Mozilla Firefox 46.0.1 (x86 en-US) (HKLM-x32\...\Mozilla Firefox 46.0.1 (x86 en-US)) (Version: 46.0.1 - Mozilla)
Mozilla Maintenance Service (HKLM-x32\...\MozillaMaintenanceService) (Version: 46.0.1 - Mozilla)
Mozy Sync (HKLM\...\{E753088F-C4EA-AFB0-BFF3-457CD756E080}) (Version: 1.3.2.5032 - Mozy, Inc.)
O2Micro Flash Memory Card Windows Driver (HKLM-x32\...\InstallShield_{A6668863-B0A3-4812-AAF2-E47749ECFE0E}) (Version: 3.3.00.145 - O2Micro International LTD.)
O2Micro Flash Memory Card Windows Driver (Version: 3.3.00.145 - O2Micro International LTD.) Hidden
Office 16 Click-to-Run Extensibility Component (x32 Version: 16.0.6925.1018 - Microsoft Corporation) Hidden
Office 16 Click-to-Run Licensing Component (Version: 16.0.6925.1018 - Microsoft Corporation) Hidden
Office 16 Click-to-Run Localization Component (x32 Version: 16.0.6925.1018 - Microsoft Corporation) Hidden
RealDownloader (x32 Version: 18.1.4.137 - RealNetworks, Inc.) Hidden
RealDownloader (x32 Version: 18.1.4.142 - RealNetworks) Hidden
RealNetworks - Microsoft Visual C++ 2008 Runtime (x32 Version: 9.0 - RealNetworks, Inc) Hidden
RealNetworks - Microsoft Visual C++ 2010 Runtime (Version: 10.0 - RealNetworks, Inc) Hidden
RealNetworks - Microsoft Visual C++ 2010 Runtime (x32 Version: 10.0 - RealNetworks, Inc) Hidden
RealPlayer (RealTimes) (HKLM-x32\...\RealPlayer 18.1) (Version: 18.1.4 - RealNetworks)
Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.7624 - Realtek Semiconductor Corp.)
RealUpgrade 1.1 (x32 Version: 1.1.0 - RealNetworks, Inc.) Hidden
SHAREit (HKLM-x32\...\SHAREit_is1) (Version: 3.5.0.1144 - Lenovo)
Spotify (HKU\S-1-5-21-483386053-2290206261-2764208400-1001\...\Spotify) (Version: 1.0.32.96.g3c8a06e6 - Spotify AB)
Synaptics Pointing Device Driver (HKLM\...\SynTPDeinstKey) (Version: 19.0.17.57 - Synaptics Incorporated)
UpdateService (x32 Version: 1.0.0 - RealNetworks, Inc.) Hidden
User Manuals (HKLM-x32\...\InstallShield_{F07C2CF8-4C53-4EC3-8162-A6221E36EB88}) (Version: 4.0.0.1 - Lenovo)
User Manuals (x32 Version: 4.0.0.1 - Lenovo) Hidden
vc2012_redist (x32 Version: 1.0.0.0 - Realnetworks) Hidden
Video Downloader (x32 Version: 1.1.0 - RealNetworks) Hidden
Visual Studio 2012 x64 Redistributables (HKLM\...\{8C775E70-A791-4DA8-BCC3-6AB7136F4484}) (Version: 14.0.0.1 - AVG Technologies)
Visual Studio 2012 x86 Redistributables (HKLM-x32\...\{98EFF19A-30AB-4E4B-B943-F06B1C63EBF8}) (Version: 14.0.0.1 - AVG Technologies CZ, s.r.o.)

==================== Custom CLSID (Whitelisted): ==========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

CustomCLSID: HKU\S-1-5-21-483386053-2290206261-2764208400-1001_Classes\CLSID\{71DCE5D6-4B57-496B-AC21-CD5B54EB93FD}\localserver32 -> C:\Users\david\AppData\Local\Microsoft\OneDrive\17.3.6390.0509\FileCoAuth.exe (Microsoft Corporation)

==================== Scheduled Tasks (Whitelisted) =============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

Task: {01A9085D-0031-44E3-92D0-18C065DC0B39} - System32\Tasks\RealDownloaderRealUpgradeScheduledTaskS-1-5-21-483386053-2290206261-2764208400-1001 => C:\Program Files (x86)\RealNetworks\RealDownloader\RealUpgrade.exe [2016-05-13] (RealNetworks, Inc.)
Task: {092B2B83-4054-4936-911E-E530BCDF5736} - System32\Tasks\Lenovo\ImController\Lenovo iM Controller Scheduled Maintenance => Sc.exe control iMControllerService 128
Task: {1F84ADD7-08AA-4537-91ED-BD7CFB3D6F2C} - System32\Tasks\CCleanerSkipUAC => C:\Program Files\CCleaner\CCleaner.exe [2016-06-10] (Piriform Ltd)
Task: {29C555AE-93C0-4C76-9B27-6B28D86AAAE4} - System32\Tasks\RealDownloaderRealUpgradeLogonTaskS-1-5-21-483386053-2290206261-2764208400-1001 => C:\Program Files (x86)\RealNetworks\RealDownloader\RealUpgrade.exe [2016-05-13] (RealNetworks, Inc.)
Task: {34E43E3F-A06C-476F-9810-81189FEC85D1} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2016-05-04] (Google Inc.)
Task: {4103DF9F-6D0C-424C-9F3A-A21011CD05DA} - System32\Tasks\Lenovo\Lenovo Solution Center Launcher => C:\Program Files\lenovo\lenovo solution center\App\LSC.Services.UpdateStatusService.exe [2016-06-02] ()
Task: {4F2E2990-E94F-4CBE-9F48-1250DC13474F} - System32\Tasks\Lenovo\LSC\Lenovo Solution Center Notifications => C:\Program Files\Lenovo\Lenovo Solution Center\LSCNotify.exe [2016-06-02] (Lenovo)
Task: {6AD54828-7396-4ACE-B4AE-6D5B7727B145} - System32\Tasks\Microsoft\Office\Office ClickToRun Service Monitor => C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeC2RClient.exe [2016-06-10] (Microsoft Corporation)
Task: {6B889431-03D0-4DD6-AD99-C880EE6AAC16} - System32\Tasks\Microsoft\Office\Office Subscription Maintenance => C:\Program Files (x86)\Microsoft Office\root\vfs\ProgramFilesCommonx86\Microsoft Shared\Office16\OLicenseHeartbeat.exe [2016-06-10] (Microsoft Corporation)
Task: {86E87C27-8B4D-4565-BA52-946AC61167A5} - System32\Tasks\RealDownloaderDownloaderScheduledTaskS-1-5-21-483386053-2290206261-2764208400-1001 => C:\Program Files (x86)\RealNetworks\RealDownloader\recordingmanager.exe [2016-05-13] (RealNetworks, Inc.)
Task: {B9B3B529-7050-4C38-9A5C-DDF236EFE12B} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2016-05-04] (Google Inc.)
Task: {C00A08A2-6E1D-4F41-B51E-3AD91199D5B7} - System32\Tasks\Lenovo\Lenovo Service Bridge\S-1-5-21-483386053-2290206261-2764208400-1001 => Rundll32.exe dfshim.dll,ShOpenVerbShortcut C:\Users\david\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Lenovo\Lenovo Service Bridge.appref-ms
Task: {C6DF504B-B27D-40AF-8EB7-0F774B724F66} - System32\Tasks\RealDownloader Update Check => C:\Program Files (x86)\RealNetworks\RealDownloader\downloader2.exe [2016-05-13] ()
Task: {CC3A09DC-AB64-454C-9536-CD2AF33C18A5} - System32\Tasks\Adobe Acrobat Update Task => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2016-04-22] (Adobe Systems Incorporated)
Task: {CD3393F2-F09E-4CCC-AFEA-F37B9B28BC86} - System32\Tasks\Lenovo\ImController\Plugins\LenovoSystemUpdatePlugin_TVSUUpdateTask => reg.exe add hklm\SOFTWARE\Lenovo\SystemUpdatePlugin\scheduler /v start /t reg_dword /d 1 /f /reg:32
Task: {DAB1FFF0-104F-4180-8692-FBECE166621F} - System32\Tasks\Lenovo\LSC\LSCHardwareScan => C:\Program Files\Lenovo\Lenovo Solution Center\LSC.exe [2016-06-02] (Lenovo)
Task: {DE105180-6B92-4814-838A-111883055FCD} - System32\Tasks\Microsoft\Office\Office Automatic Updates => C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeC2RClient.exe [2016-06-10] (Microsoft Corporation)
Task: {E51FE309-0F4F-46C6-815E-FEB37C9C8E2E} - System32\Tasks\Lenovo\Lenovo Customer Feedback Program 64 35 => C:\Program Files (x86)\Lenovo\Customer Feedback Program 35\Lenovo.TVT.CustomerFeedback.Agent35.exe

(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)

Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe

==================== Shortcuts =============================

(The entries could be listed to be restored or removed.)

==================== Loaded Modules (Whitelisted) ==============

2015-10-30 03:17 - 2015-10-30 03:17 - 00028672 _____ () C:\Windows\SYSTEM32\efsext.dll
2015-09-15 04:58 - 2015-09-15 04:58 - 00176640 _____ () C:\Program Files\Dolby\Dolby DAX2\DAX2_API\DolbyDAX2API.exe
2016-05-13 15:13 - 2016-05-13 15:13 - 00032544 _____ () C:\Program Files (x86)\Real\UpdateService\RealPlayerUpdateSvc.exe
2016-04-08 19:19 - 2015-08-18 23:00 - 00058296 _____ () C:\ProgramData\LenovoTransition\Server\x64\dptf.dll
2016-04-08 19:20 - 2015-06-27 05:34 - 00029112 _____ () C:\ProgramData\Lenovo\PLHotkeyService\PLHotkeyService.exe
2015-10-30 03:18 - 2015-10-30 03:18 - 00185856 _____ () C:\Windows\SYSTEM32\ism32k.dll
2016-04-08 19:19 - 2015-12-02 04:25 - 00043960 _____ () C:\ProgramData\LenovoTransition\Server\x64\EnableAutoRotation.dll
2016-05-11 09:52 - 2016-03-29 06:20 - 02656952 _____ () C:\Windows\system32\CoreUIComponents.dll
2016-06-17 01:23 - 2016-05-27 23:53 - 00591360 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\Cortana.Core.dll
2016-06-17 01:23 - 2016-05-27 23:54 - 02483200 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\Cortana.BackgroundTask.dll
2015-09-28 14:09 - 2015-09-28 14:09 - 00043976 _____ () C:\Program Files\Lenovo\QuickOptimizer\LNBPrismAssistInf.dll
2016-05-11 09:52 - 2016-03-29 06:20 - 02656952 _____ () C:\Windows\System32\CoreUIComponents.dll
2016-05-20 12:29 - 2016-05-20 12:29 - 00959168 _____ () C:\Users\david\AppData\Local\Microsoft\OneDrive\17.3.6390.0509\amd64\ClientTelemetry.dll
2016-05-07 01:15 - 2016-06-22 21:17 - 08919752 _____ () C:\Program Files (x86)\Microsoft Office\root\VFS\ProgramFilesX64\Microsoft Office\Office16\1033\GrooveIntlResource.dll
2015-12-08 23:53 - 2015-11-24 20:36 - 00384104 _____ () C:\Windows\system32\igfxTray.exe
2016-06-17 01:23 - 2016-05-27 23:59 - 07992832 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\CortanaApi.dll
2016-06-17 01:23 - 2016-05-27 23:55 - 00936960 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\Cortana.Actions.dll
2016-06-17 01:23 - 2016-05-27 23:56 - 04089856 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\RemindersUI.dll
2016-04-08 19:20 - 2016-04-08 19:19 - 00791848 _____ () C:\Program Files\Lenovo\LenovoUtility\utility.exe
2016-04-08 19:20 - 2016-04-08 19:19 - 00097048 _____ () C:\Program Files\Lenovo\LenovoUtility\kbdhook.dll
2015-06-16 06:53 - 2015-06-16 06:53 - 00628736 _____ () C:\Program Files\Dolby\Dolby DAX2\DAX2_APP\DolbyDAX2TrayIcon.exe
2016-05-05 01:23 - 2016-05-05 01:24 - 00144384 _____ () C:\Program Files\WindowsApps\Microsoft.Messaging_2.15.20002.0_x86__8wekyb3d8bbwe\SkypeHost.exe
2016-06-24 11:45 - 2016-06-24 11:45 - 00017920 _____ () C:\Program Files\WindowsApps\E046963F.LenovoCompanion_3.49.1.0_x86__k1h2ywk1493x8\Lenovo.Discovery.exe
2016-05-11 09:51 - 2015-12-07 00:14 - 00093696 _____ () C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\Windows.UI.Shell.SharedUtilities.dll
2016-05-11 09:51 - 2016-04-23 00:25 - 00472064 _____ () C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\QuickActions.dll
2016-05-11 09:51 - 2016-04-23 00:25 - 00674816 _____ () C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\MtcUvc.dll
2016-05-13 14:27 - 2016-05-13 14:27 - 00714992 _____ () C:\Program Files (x86)\RealNetworks\RealDownloader\downloader2.exe
2016-06-03 01:12 - 2016-06-03 01:12 - 00017920 _____ () C:\Program Files\WindowsApps\Microsoft.Windows.Photos_16.526.11220.0_x64__8wekyb3d8bbwe\Microsoft.Photos.exe
2016-06-03 01:12 - 2016-06-03 01:12 - 13105152 _____ () C:\Program Files\WindowsApps\Microsoft.Windows.Photos_16.526.11220.0_x64__8wekyb3d8bbwe\Microsoft.Photos.dll
2016-06-03 01:12 - 2016-06-03 01:12 - 00680448 _____ () C:\Program Files\WindowsApps\Microsoft.Windows.Photos_16.526.11220.0_x64__8wekyb3d8bbwe\Microsoft.DesignCore.dll
2016-05-05 01:25 - 2016-05-05 01:26 - 00291328 _____ () C:\Program Files\WindowsApps\Microsoft.Windows.Photos_16.526.11220.0_x64__8wekyb3d8bbwe\StoreRatingPromotion.dll
2015-09-28 14:09 - 2015-09-28 14:09 - 00016328 _____ () C:\Program Files\Lenovo\QuickOptimizer\ShowTaskbarIcon.dll
2015-09-28 14:09 - 2015-09-28 14:09 - 05067208 _____ () C:\Program Files\Lenovo\QuickOptimizer\DTPrismAssistInf.dll
2016-05-13 15:13 - 2016-05-13 15:13 - 00037688 _____ () C:\Program Files (x86)\Real\UpdateService\DL2UpdatePlugin.dll
2016-05-13 15:13 - 2016-05-13 15:13 - 00039224 _____ () C:\Program Files (x86)\Real\UpdateService\RealDownloaderUpdatePlugin.dll
2016-05-13 15:13 - 2016-05-13 15:13 - 00037192 _____ () C:\Program Files (x86)\Real\UpdateService\VideoDLUpdatePlugin.dll
2016-05-20 12:29 - 2016-05-20 12:29 - 00679624 _____ () C:\Users\david\AppData\Local\Microsoft\OneDrive\17.3.6390.0509\ClientTelemetry.dll
2016-06-26 22:20 - 2016-06-26 22:18 - 40500224 _____ () C:\Program Files (x86)\AVG\UiDll\2171\libcef.dll
2016-05-05 01:23 - 2016-05-05 01:24 - 00141312 _____ () C:\Program Files\WindowsApps\Microsoft.Messaging_2.15.20002.0_x86__8wekyb3d8bbwe\SkypeBackgroundTasks.dll
2016-05-05 01:23 - 2016-05-05 01:24 - 22284800 _____ () C:\Program Files\WindowsApps\Microsoft.Messaging_2.15.20002.0_x86__8wekyb3d8bbwe\SkyWrap.dll
2016-06-24 11:45 - 2016-06-24 11:45 - 29099008 _____ () C:\Program Files\WindowsApps\E046963F.LenovoCompanion_3.49.1.0_x86__k1h2ywk1493x8\Lenovo.Discovery.dll
2016-06-30 01:19 - 2016-06-30 01:19 - 00964096 _____ () C:\Program Files\WindowsApps\Microsoft.BingNews_4.11.156.0_x86__8wekyb3d8bbwe\SQLite3Wrapper.dll
2016-04-08 19:15 - 2016-04-08 19:15 - 00645120 _____ () C:\Program Files\WindowsApps\Microsoft.BingNews_4.11.156.0_x86__8wekyb3d8bbwe\Microsoft.Aria.ClientTelemetry.dll
2016-06-30 01:19 - 2016-06-30 01:19 - 03311000 _____ () C:\Program Files\WindowsApps\Microsoft.BingNews_4.11.156.0_x86__8wekyb3d8bbwe\Microsoft.Advertising.dll
2016-05-13 14:20 - 2016-05-13 14:20 - 01382048 _____ () C:\Program Files (x86)\RealNetworks\RealDownloader\cpprest100_1_2.dll
2016-05-25 23:53 - 2016-05-25 23:53 - 00654608 _____ () C:\Program Files (x86)\Real\RealPlayer\RPDS\Lib\r1api.dll
2016-05-13 14:27 - 2016-05-13 14:27 - 00077552 _____ () C:\Program Files (x86)\RealNetworks\RealDownloader\dtvhooks.dll
2016-05-16 15:18 - 2016-05-16 15:18 - 00101888 _____ () C:\Windows\assembly\NativeImages_v4.0.30319_32\Windows.Management\252667907e1e3e32b11d87fba7af0023\Windows.Management.ni.dll
2016-05-16 15:18 - 2016-05-16 15:18 - 02921472 _____ () C:\Windows\assembly\NativeImages_v4.0.30319_32\Windows.App640a3541#\931208eb21bfb07f9a4995753d6b7f7b\Windows.ApplicationModel.ni.dll
2016-05-16 15:18 - 2016-05-16 15:18 - 00821248 _____ () C:\Windows\assembly\NativeImages_v4.0.30319_32\Windows.Storage\70c31a6aefe21a1501d1b781a0217731\Windows.Storage.ni.dll
2016-05-16 15:18 - 2016-05-16 15:18 - 00335360 _____ () C:\Windows\assembly\NativeImages_v4.0.30319_32\Windows.Foundation\cbafdb4e11c9fd06e0a2e5efa6253883\Windows.Foundation.ni.dll

==================== Alternate Data Streams (Whitelisted) =========

(If an entry is included in the fixlist, only the ADS will be removed.)

==================== Safe Mode (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)

==================== Association (Whitelisted) ===============

(If an entry is included in the fixlist, the registry item will be restored to default or removed.)

==================== Internet Explorer trusted/restricted ===============

(If an entry is included in the fixlist, it will be removed from the registry.)

==================== Hosts content: ===============================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2015-10-30 03:24 - 2015-10-30 03:21 - 00000824 ____A C:\Windows\system32\Drivers\etc\hosts

==================== Other Areas ============================

(Currently there is no automatic fix for this section.)

HKU\S-1-5-21-483386053-2290206261-2764208400-1001\Control Panel\Desktop\\Wallpaper ->
DNS Servers: 209.18.47.62 - 209.18.47.61
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1)
Windows Firewall is enabled.

==================== MSCONFIG/TASK MANAGER disabled items ==

(Currently there is no automatic fix for this section.)

HKLM\...\StartupApproved\StartupFolder: => "RealTimes.lnk"
HKU\S-1-5-21-483386053-2290206261-2764208400-1001\...\StartupApproved\Run: => "Spotify Web Helper"
HKU\S-1-5-21-483386053-2290206261-2764208400-1001\...\StartupApproved\Run: => "CCleaner Monitoring"

==================== FirewallRules (Whitelisted) ===============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

FirewallRules: [vm-monitoring-nb-session] => (Allow) LPort=139
FirewallRules: [{6E942E9F-E7A8-4FE9-9097-55CFA80392B4}] => (Allow) C:\Program Files\Intel\WiFi\bin\PanDhcpDns.exe
FirewallRules: [{FD80B1E1-4A60-43B4-A536-6FF43846BEC4}] => (Allow) C:\Program Files (x86)\Microsoft Office\root\Office16\outlook.exe
FirewallRules: [{D3D428B5-FE30-4CB3-AFC0-AAE928666ED6}] => (Allow) C:\Program Files (x86)\Real\RealPlayer\RPDS\Bin\rpdsvc.exe
FirewallRules: [{53CD0C2D-211C-4F4D-B1E2-E46976B0E846}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
FirewallRules: [{436D8915-1E12-4578-978B-1E5C0847439A}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
FirewallRules: [{1CB1FB6C-7B44-4FF6-A087-8C77E727FBAD}] => (Allow) C:\Program Files (x86)\SHAREit\SHAREit\SHAREit.exe
FirewallRules: [{540988DD-4F49-4160-BC09-E46F3C94EBE3}] => (Allow) C:\Program Files (x86)\SHAREit\SHAREit\SHAREit.exe
FirewallRules: [{BBB5CB01-4C1A-44A8-96D8-E39C5ABB9C87}] => (Allow) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
FirewallRules: [TCP Query User{AE1742A4-6701-47D1-B651-2BD254152DAC}C:\users\david\appdata\roaming\spotify\spotify.exe] => (Allow) C:\users\david\appdata\roaming\spotify\spotify.exe
FirewallRules: [UDP Query User{FFC7AA58-E64A-4CBC-BC65-05356ADD0CAD}C:\users\david\appdata\roaming\spotify\spotify.exe] => (Allow) C:\users\david\appdata\roaming\spotify\spotify.exe
FirewallRules: [{1CFEA469-E72E-4E70-8A14-155102BA3863}] => (Allow) C:\Program Files (x86)\AVG\Av\avgnsa.exe
FirewallRules: [{ADDD4950-2462-4D5A-8B6D-A016A0348274}] => (Allow) C:\Program Files (x86)\AVG\Av\avgnsa.exe
FirewallRules: [{F8D41941-04E0-4B89-B7B3-761BE51363F9}] => (Allow) C:\Program Files (x86)\AVG\Av\avgdiagex.exe
FirewallRules: [{2F422661-9B34-41BE-96A7-C67185371D8B}] => (Allow) C:\Program Files (x86)\AVG\Av\avgdiagex.exe
FirewallRules: [{04262C2B-A5C4-4071-8133-18ED2F4D71FD}] => (Allow) C:\Program Files (x86)\AVG\Av\avgmfapx.exe
FirewallRules: [{6993F577-AFC8-4B22-82D6-689B5F3D7953}] => (Allow) C:\Program Files (x86)\AVG\Av\avgmfapx.exe
FirewallRules: [{E89C33F1-B812-4FE7-99F2-3EB52C8C8EE5}] => (Allow) C:\Program Files (x86)\AVG\Av\avgemca.exe
FirewallRules: [{FF201481-6632-4E8A-909E-472176BD597F}] => (Allow) C:\Program Files (x86)\AVG\Av\avgemca.exe

==================== Restore Points =========================

17-06-2016 12:28:06 Windows Update
22-06-2016 14:17:00 Installed Lenovo Solution Center.
26-06-2016 22:20:55 Installed AVG 2016

==================== Faulty Device Manager Devices =============

==================== Event log errors: =========================

Application errors:
==================
Error: (07/02/2016 08:55:10 PM) (Source: DPTF) (EventID: 256) (User: )
Description: Intel(R) Dynamic Platform and Thermal Framework : ESIF(8.1.10602.174) TYPE: ERROR

DPTF Build Version: 8.1.10602.174
DPTF Build Date: Jul 23 2015 11:24:10
Source File: ..\..\..\Sources\Manager\EsifApplicationInterface.cpp @ line 737
Executing Function: DptfEvent
Message: Received unexpected event
Framework Event: DptfResume [3]

Error: (07/02/2016 07:49:18 PM) (Source: DPTF) (EventID: 256) (User: )
Description: Intel(R) Dynamic Platform and Thermal Framework : ESIF(8.1.10602.174) TYPE: ERROR

DPTF Build Version: 8.1.10602.174
DPTF Build Date: Jul 23 2015 11:24:10
Source File: ..\..\..\Sources\Manager\EsifApplicationInterface.cpp @ line 737
Executing Function: DptfEvent
Message: Received unexpected event
Framework Event: DptfResume [3]

Error: (07/02/2016 04:47:35 PM) (Source: DPTF) (EventID: 256) (User: )
Description: Intel(R) Dynamic Platform and Thermal Framework : ESIF(8.1.10602.174) TYPE: ERROR

DPTF Build Version: 8.1.10602.174
DPTF Build Date: Jul 23 2015 11:24:10
Source File: ..\..\..\Sources\Manager\EsifApplicationInterface.cpp @ line 737
Executing Function: DptfEvent
Message: Received unexpected event
Framework Event: DptfResume [3]

Error: (07/02/2016 01:45:52 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: LockApp.exe, version: 0.0.0.0, time stamp: 0x5632d5a5
Faulting module name: combase.dll, version: 10.0.10586.103, time stamp: 0x56a849ab
Exception code: 0xc0000602
Fault offset: 0x000000000018d8cb
Faulting process id: 0x1c9c
Faulting application start time: 0xLockApp.exe0
Faulting application path: LockApp.exe1
Faulting module path: LockApp.exe2
Report Id: LockApp.exe3
Faulting package full name: LockApp.exe4
Faulting package-relative application ID: LockApp.exe5

Error: (07/02/2016 01:45:47 PM) (Source: DPTF) (EventID: 256) (User: )
Description: Intel(R) Dynamic Platform and Thermal Framework : ESIF(8.1.10602.174) TYPE: ERROR

DPTF Build Version: 8.1.10602.174
DPTF Build Date: Jul 23 2015 11:24:10
Source File: ..\..\..\Sources\Manager\EsifApplicationInterface.cpp @ line 737
Executing Function: DptfEvent
Message: Received unexpected event
Framework Event: DptfResume [3]

Error: (07/02/2016 12:09:01 PM) (Source: DPTF) (EventID: 256) (User: )
Description: Intel(R) Dynamic Platform and Thermal Framework : ESIF(8.1.10602.174) TYPE: ERROR

DPTF Build Version: 8.1.10602.174
DPTF Build Date: Jul 23 2015 11:24:10
Source File: ..\..\..\Sources\Manager\EsifApplicationInterface.cpp @ line 737
Executing Function: DptfEvent
Message: Received unexpected event
Framework Event: DptfResume [3]

Error: (07/02/2016 11:06:05 AM) (Source: DPTF) (EventID: 256) (User: )
Description: Intel(R) Dynamic Platform and Thermal Framework : ESIF(8.1.10602.174) TYPE: ERROR

DPTF Build Version: 8.1.10602.174
DPTF Build Date: Jul 23 2015 11:24:10
Source File: ..\..\..\Sources\Manager\EsifApplicationInterface.cpp @ line 737
Executing Function: DptfEvent
Message: Received unexpected event
Framework Event: DptfResume [3]

Error: (07/02/2016 10:32:39 AM) (Source: DPTF) (EventID: 256) (User: )
Description: Intel(R) Dynamic Platform and Thermal Framework : ESIF(8.1.10602.174) TYPE: ERROR

DPTF Build Version: 8.1.10602.174
DPTF Build Date: Jul 23 2015 11:24:10
Source File: ..\..\..\Sources\Manager\EsifApplicationInterface.cpp @ line 737
Executing Function: DptfEvent
Message: Received unexpected event
Framework Event: DptfResume [3]

Error: (07/02/2016 05:55:39 AM) (Source: DPTF) (EventID: 256) (User: )
Description: Intel(R) Dynamic Platform and Thermal Framework : ESIF(8.1.10602.174) TYPE: ERROR

DPTF Build Version: 8.1.10602.174
DPTF Build Date: Jul 23 2015 11:24:10
Source File: ..\..\..\Sources\Manager\EsifApplicationInterface.cpp @ line 737
Executing Function: DptfEvent
Message: Received unexpected event
Framework Event: DptfResume [3]

Error: (07/02/2016 02:05:04 AM) (Source: DPTF) (EventID: 256) (User: )
Description: Intel(R) Dynamic Platform and Thermal Framework : ESIF(8.1.10602.174) TYPE: ERROR

DPTF Build Version: 8.1.10602.174
DPTF Build Date: Jul 23 2015 11:24:10
Source File: ..\..\..\Sources\Manager\EsifApplicationInterface.cpp @ line 737
Executing Function: DptfEvent
Message: Received unexpected event
Framework Event: DptfResume [3]

System errors:
=============
Error: (07/02/2016 08:25:44 PM) (Source: TPM) (EventID: 12) (User: )
Description: The device driver for the Trusted Platform Module (TPM) encountered an error in the TPM hardware, which might prevent some applications using TPM services from operating correctly. Please restart your computer to reset the TPM hardware. For further assistance on this hardware issue, please contact the computer manufacturer for more information.

Error: (07/02/2016 08:25:42 PM) (Source: DCOM) (EventID: 10016) (User: NT AUTHORITY)
Description: application-specificLocalActivation{D63B10C5-BB46-4990-A94F-E40B9D520160}{9CA88EE3-ACB7-47C8-AFC4-AB702511C276}NT AUTHORITYSYSTEMS-1-5-18LocalHost (Using LRPC)UnavailableUnavailable

Error: (07/02/2016 04:47:44 PM) (Source: TPM) (EventID: 12) (User: )
Description: The device driver for the Trusted Platform Module (TPM) encountered an error in the TPM hardware, which might prevent some applications using TPM services from operating correctly. Please restart your computer to reset the TPM hardware. For further assistance on this hardware issue, please contact the computer manufacturer for more information.

Error: (07/02/2016 01:47:36 PM) (Source: TPM) (EventID: 12) (User: )
Description: The device driver for the Trusted Platform Module (TPM) encountered an error in the TPM hardware, which might prevent some applications using TPM services from operating correctly. Please restart your computer to reset the TPM hardware. For further assistance on this hardware issue, please contact the computer manufacturer for more information.

Error: (07/02/2016 01:47:33 PM) (Source: DCOM) (EventID: 10016) (User: NT AUTHORITY)
Description: application-specificLocalActivation{D63B10C5-BB46-4990-A94F-E40B9D520160}{9CA88EE3-ACB7-47C8-AFC4-AB702511C276}NT AUTHORITYSYSTEMS-1-5-18LocalHost (Using LRPC)UnavailableUnavailable

Error: (07/02/2016 01:30:35 PM) (Source: TPM) (EventID: 12) (User: )
Description: The device driver for the Trusted Platform Module (TPM) encountered an error in the TPM hardware, which might prevent some applications using TPM services from operating correctly. Please restart your computer to reset the TPM hardware. For further assistance on this hardware issue, please contact the computer manufacturer for more information.

Error: (07/02/2016 01:30:33 PM) (Source: DCOM) (EventID: 10016) (User: NT AUTHORITY)
Description: application-specificLocalActivation{D63B10C5-BB46-4990-A94F-E40B9D520160}{9CA88EE3-ACB7-47C8-AFC4-AB702511C276}NT AUTHORITYSYSTEMS-1-5-18LocalHost (Using LRPC)UnavailableUnavailable

Error: (07/02/2016 12:07:38 PM) (Source: TPM) (EventID: 12) (User: )
Description: The device driver for the Trusted Platform Module (TPM) encountered an error in the TPM hardware, which might prevent some applications using TPM services from operating correctly. Please restart your computer to reset the TPM hardware. For further assistance on this hardware issue, please contact the computer manufacturer for more information.

Error: (07/02/2016 12:07:36 PM) (Source: DCOM) (EventID: 10016) (User: NT AUTHORITY)
Description: application-specificLocalActivation{D63B10C5-BB46-4990-A94F-E40B9D520160}{9CA88EE3-ACB7-47C8-AFC4-AB702511C276}NT AUTHORITYSYSTEMS-1-5-18LocalHost (Using LRPC)UnavailableUnavailable

Error: (07/02/2016 11:05:03 AM) (Source: TPM) (EventID: 12) (User: )
Description: The device driver for the Trusted Platform Module (TPM) encountered an error in the TPM hardware, which might prevent some applications using TPM services from operating correctly. Please restart your computer to reset the TPM hardware. For further assistance on this hardware issue, please contact the computer manufacturer for more information.

CodeIntegrity:
===================================
Date: 2016-06-25 20:13:07.392
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume3\Windows\System32\efswrt.dll because the set of per-page image hashes could not be found on the system.

Date: 2016-06-24 11:44:21.478
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume3\Windows\System32\efswrt.dll because the set of per-page image hashes could not be found on the system.

Date: 2016-06-22 21:18:39.968
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume3\Windows\System32\efswrt.dll because the set of per-page image hashes could not be found on the system.

Date: 2016-06-21 01:06:41.999
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume3\Windows\System32\efswrt.dll because the set of per-page image hashes could not be found on the system.

Date: 2016-06-19 01:55:36.480
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume3\Windows\System32\efswrt.dll because the set of per-page image hashes could not be found on the system.

Date: 2016-06-18 02:09:16.059
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume3\Windows\System32\efswrt.dll because the set of per-page image hashes could not be found on the system.

Date: 2016-06-17 12:28:18.273
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume3\Windows\System32\efswrt.dll because the set of per-page image hashes could not be found on the system.

Date: 2016-06-11 18:12:00.038
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume3\Windows\System32\efswrt.dll because the set of per-page image hashes could not be found on the system.

Date: 2016-06-10 11:48:49.226
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume3\Windows\System32\efswrt.dll because the set of per-page image hashes could not be found on the system.

Date: 2016-05-26 10:55:12.783
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume3\Windows\System32\efswrt.dll because the set of per-page image hashes could not be found on the system.

==================== Memory info ===========================

Processor: Intel(R) Core(TM) i7-6500U CPU @ 2.50GHz
Percentage of memory in use: 35%
Total physical RAM: 8097.91 MB
Available physical RAM: 5219.14 MB
Total Virtual: 17313.91 MB
Available Virtual: 11934.89 MB

==================== Drives ================================

Drive c: () (Fixed) (Total:237.23 GB) (Free:180.75 GB) NTFS

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (Size: 238.5 GB) (Disk ID: 82B990EF)

Partition: GPT.

==================== End of Addition.txt ============================

losdavos · Jul 3, 2016

I hope it's okay that I pasted into Word in order to chop up my logs. I see now that that second of my so-far-three posts has extra blank lines, and I suspect that's because I didn't paste as plain text...

Broni · Jul 3, 2016

Please, observe following rules:

Read all of my instructions very carefully. Your mistakes during cleaning process may have very serious consequences, like unbootable computer.
If you're stuck, or you're not sure about certain step, always ask before doing anything else.
Please refrain from running any tools, fixes or applying any changes to your computer other than those I suggest.
Never run more than one scan at a time.
Keep updating me regarding your computer behavior, good, or bad.
The cleaning process, once started, has to be completed. Even if your computer appears to act better, it may still be infected. Once the computer is totally clean, I'll certainly let you know.
If you leave the topic without explanation in the middle of a cleaning process, you may not be eligible to receive any more help in malware removal forum.
I close my topics if you have not replied in 5 days. If you need more time, simply let me know. If I closed your topic and you need it to be reopened, simply PM me.

==============================

Actaully, no.
In the future please use Notepad instead of Wordpad to open logs.
Wordpad creates an extra space and all logs are twice as long and harder for me to read.
Thank you

Download RogueKiller from one of the following links and save it to your Desktop:

Link 1
Link 2

Close all the running programs
Windows Vista/7/8 users: right click on RogueKiller.exe, click Run as Administrator
Otherwise just double-click on RogueKiller.exe
Pre-scan will start. Let it finish.
Click on SCAN button.
Wait until the Status box shows Scan Finished
Click on Delete.
Wait until the Status box shows Deleting Finished.
Click on Report and copy/paste the content of the Notepad into your next reply.
RKreport.txt could also be found on your desktop.
If more than one log is produced post all logs.
If RogueKiller has been blocked, do not hesitate to try a few times more. If really won't run, rename it to winlogon.exe (or winlogon.com) and try again

Please download Malwarebytes Anti-Malware (MBAM) to your desktop.
NOTE. If you already have MBAM 2.0 installed scroll down.

Double-click mbam-setup-2.0.0.1000.exe and follow the prompts to install the program.
At the end, be sure a checkmark is placed next to the following:
Launch Malwarebytes Anti-Malware
A 14 day trial of the Premium features is pre-selected. You may deselect this if you wish, and it will not diminish the scanning and removal capabilities of the program.
Click Finish.
On the Dashboard, click the 'Update Now >>' link
After the update completes, click the 'Scan Now >>' button.
Or, on the Dashboard, click the Scan Now >> button.
If an update is available, click the Update Now button.
A Threat Scan will begin.
When the scan is complete, if there have been detections, click Apply Actions to allow MBAM to clean what was detected.
In most cases, a restart will be required.
Wait for the prompt to restart the computer to appear, then click on Yes.

If you already have MBAM 2.0 installed:

On the Dashboard, click the 'Update Now >>' link
After the update completes, click the 'Scan Now >>' button.
Or, on the Dashboard, click the Scan Now >> button.
If an update is available, click the Update Now button.
A Threat Scan will begin.
When the scan is complete, if there have been detections, click Apply Actions to allow MBAM to clean what was detected.
In most cases, a restart will be required.
Wait for the prompt to restart the computer to appear, then click on Yes.

How to get logs:
(Export log to save as txt)

After the restart once you are back at your desktop, open MBAM once more.
Click on the History tab > Application Logs.
Double click on the Scan Log which shows the Date and time of the scan just performed.
Click 'Export'.
Click 'Text file (*.txt)'
In the Save File dialog box which appears, click on Desktop.
In the File name: box type a name for your scan log.
A message box named 'File Saved' should appear stating "Your file has been successfully exported".
Click Ok
Attach that saved log to your next reply.

(Copy to clipboard for pasting into forum replies or tickets)

After the restart once you are back at your desktop, open MBAM once more.
Click on the History tab > Application Logs.
Double click on the Scan Log which shows the Date and time of the scan just performed.
Click 'Copy to Clipboard'
Paste the contents of the clipboard into your reply.

Please download AdwCleaner by Xplode onto your desktop.

Close all open programs and internet browsers.
Double click on adwcleaner.exe to run the tool.
Click on Scan button.
When the scan has finished click on Clean button.
Your computer will be rebooted automatically. A text file will open after the restart.
Please post the contents of that logfile with your next reply.
You can find the logfile at C:\AdwCleaner[S1].txt as well.

Please download Junkware Removal Tool to your desktop.

Shut down your protection software now to avoid potential conflicts.
Run the tool by double-clicking it. If you are using Windows Vista, 7, or 8; instead of double-clicking, right-mouse click JRT.exe and select "Run as Administrator".
The tool will open and start scanning your system.
Please be patient as this can take a while to complete depending on your system's specifications.
On completion, a log (JRT.txt) is saved to your desktop and will automatically open.
Post the contents of JRT.txt into your next message.

losdavos · Jul 3, 2016

Hi Broni,
I downloaded Roguekiller from Link 1, and when I ran it I got a message saying I'm running the 32 bit version but should be using the 64 bit version--but it did ask if I wanted to continue anyway. I chose no. Should I try again and say yes? I did try Link 2, but my browser said the site can't be reached. (I noticed an apostrophe in the url; could that be the problem? I tried putting the address in my address bar without the apostrophe at the end, but Chrome treated it as a search, not an address.)
Thanks, I'll stand by for now till you reply.

Broni · Jul 3, 2016

Run it and say yes.

losdavos · Jul 3, 2016

Ok, hope you don't mind I'm being extremely careful:
It looks like Roguekiller might have slightly different interfaces now. It's not offering me a "Delete" command, but rather "Remove selected." (It says it found 9 threats, and lists them.) I guess I should go ahead and "remove selected," yes? Thanks!

Broni · Jul 3, 2016

Yes. It's always good to ask

losdavos · Jul 3, 2016

RogueKiller V12.3.6.0 [Jun 27 2016] (Free) by Adlice Software
mail : http://www.adlice.com/contact/
Feedback : http://forum.adlice.com
Website : http://www.adlice.com/software/roguekiller/
Blog : http://www.adlice.com

Operating System : Windows 10 (10.0.10586) 64 bits version
Started in : Normal mode
User : david [Administrator]
Started from : C:\Users\david\Desktop\RogueKiller.exe
Mode : Delete -- Date : 07/03/2016 22:34:37

¤¤¤ Processes : 1 ¤¤¤
[Suspicious.Path] LSB.exe(10516) -- C:\Users\david\AppData\Local\Apps\2.0\REW9Y2BJ.50E\VROZJWL1.ED4\lsb...tion_2d7b41b05b24775e_0001.0006_6a5d43d0bdf9db4a\LSB.exe[7] -> Killed [TermProc]

¤¤¤ Registry : 8 ¤¤¤
[PUM.HomePage] (X64) HKEY_USERS\S-1-5-21-483386053-2290206261-2764208400-1001\Software\Microsoft\Internet Explorer\Main | Default_Page_URL : http://lenovo15.msn.com/?pc=LCTE -> Replaced (http://www.microsoft.com/isapi/redir.dll?prd=ie&pver=6&ar=msnhome)
[PUM.HomePage] (X86) HKEY_USERS\S-1-5-21-483386053-2290206261-2764208400-1001\Software\Microsoft\Internet Explorer\Main | Default_Page_URL : http://lenovo15.msn.com/?pc=LCTE -> Replaced (http://www.microsoft.com/isapi/redir.dll?prd=ie&pver=6&ar=msnhome)
[PUM.Dns] (X64) HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\Tcpip\Parameters | DhcpNameServer : 209.18.47.62 209.18.47.61 ([X][X]) -> Replaced ()
[PUM.Dns] (X64) HKEY_LOCAL_MACHINE\System\ControlSet001\Services\Tcpip\Parameters | DhcpNameServer : 209.18.47.62 209.18.47.61 ([X][X]) -> Replaced ()
[PUM.Dns] (X64) HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{3d9db97d-3a4f-46cd-85b4-9a9d85e08e37} | DhcpNameServer : 150.206.1.2 ([X]) -> Replaced ()
[PUM.Dns] (X64) HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{d817e65e-c451-417b-85a6-5f203999c89a} | DhcpNameServer : 209.18.47.62 209.18.47.61 ([X][X]) -> Replaced ()
[PUM.Dns] (X64) HKEY_LOCAL_MACHINE\System\ControlSet001\Services\Tcpip\Parameters\Interfaces\{3d9db97d-3a4f-46cd-85b4-9a9d85e08e37} | DhcpNameServer : 150.206.1.2 ([X]) -> Replaced ()
[PUM.Dns] (X64) HKEY_LOCAL_MACHINE\System\ControlSet001\Services\Tcpip\Parameters\Interfaces\{d817e65e-c451-417b-85a6-5f203999c89a} | DhcpNameServer : 209.18.47.62 209.18.47.61 ([X][X]) -> Replaced ()

¤¤¤ Tasks : 0 ¤¤¤

¤¤¤ Files : 0 ¤¤¤

¤¤¤ Hosts File : 0 ¤¤¤

¤¤¤ Antirootkit : 0 (Driver: Not loaded [0xc000036b]) ¤¤¤

¤¤¤ Web browsers : 0 ¤¤¤

¤¤¤ MBR Check : ¤¤¤
+++++ PhysicalDrive0: HFS256G39MND-3310A +++++
--- User ---
[MBR] 4348019a6c64f5637927143c9f771d72
[BSP] 255307b5834cb2c62fe7de5307d243a0 : Empty|VT.Unknown MBR Code
Partition table:
0 - [MAN-MOUNT] EFI system partition | Offset (sectors): 2048 | Size: 260 MB
1 - [MAN-MOUNT] Microsoft reserved partition | Offset (sectors): 534528 | Size: 16 MB
2 - Basic data partition | Offset (sectors): 567296 | Size: 242921 MB
3 - [SYSTEM][MAN-MOUNT] Basic data partition | Offset (sectors): 498069504 | Size: 1000 MB
User = LL1 ... OK
User = LL2 ... OK

losdavos · Jul 3, 2016

Proceeding to the mbam step now.

losdavos · Jul 3, 2016

Uh-oh now I can't get to any website. Didn't even successfully get to the mbam download page. Computer says it's connected to my home wifi but all 3 of my browsers say that every site I try to go to "can't be reached." Typing this on my phone now...

Broni · Jul 3, 2016

Tried to restart?

losdavos · Jul 3, 2016

A restart! What sorcery is this?! Ha didn't even think of that. That worked, thank you! Here is my mbam log; am now proceeding to the AdwCleaner step.

Malwarebytes Anti-Malware
www.malwarebytes.org

Scan Date: 7/3/2016
Scan Time: 11:15 PM
Logfile:
Administrator: Yes

Version: 2.2.1.1043
Malware Database: v2016.07.04.01
Rootkit Database: v2016.05.27.01
License: Trial
Malware Protection: Enabled
Malicious Website Protection: Enabled
Self-protection: Disabled

OS: Windows 10
CPU: x64
File System: NTFS
User: david

Scan Type: Threat Scan
Result: Completed
Objects Scanned: 293411
Time Elapsed: 3 min, 44 sec

Memory: Enabled
Startup: Enabled
Filesystem: Enabled
Archives: Enabled
Rootkits: Disabled
Heuristics: Enabled
PUP: Enabled
PUM: Enabled

Processes: 0
(No malicious items detected)

Modules: 0
(No malicious items detected)

Registry Keys: 0
(No malicious items detected)

Registry Values: 0
(No malicious items detected)

Registry Data: 0
(No malicious items detected)

Folders: 0
(No malicious items detected)

Files: 0
(No malicious items detected)

Physical Sectors: 0
(No malicious items detected)

(end)

losdavos · Jul 3, 2016

Here's the AdwCleaner log; proceeding to the JRT step.

# AdwCleaner v5.201 - Logfile created 03/07/2016 at 23:25:06
# Updated 30/06/2016 by ToolsLib
# Database : 2016-07-01.1 [Server]
# Operating system : Windows 10 Home (X64)
# Username : david - DESKTOP-3MHNPTN
# Running from : C:\Users\david\Desktop\adwcleaner_5.201.exe
# Option : Clean
# Support : https://toolslib.net/forum

***** [ Services ] *****

***** [ Folders ] *****

***** [ Files ] *****

[-] File Deleted : C:\Users\david\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxp_www.azlyrics.com_0.localstorage
[-] File Deleted : C:\Users\david\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxp_www.azlyrics.com_0.localstorage-journal

***** [ DLLs ] *****

***** [ WMI ] *****

***** [ Shortcuts ] *****

***** [ Scheduled tasks ] *****

***** [ Registry ] *****

[-] Key Deleted : HKCU\Software\APN PIP

***** [ Web browsers ] *****

[-] [C:\Users\david\AppData\Local\Google\Chrome\User Data\Default\Secure Preferences] [Homepage] Deleted : hxxp://www.trovi.com/?gd=&ctid=CT3323128&octid=EB_ORIGINAL_CTID&ISID=MFA928959-4827-422B-8464-8E9E80937193&SearchSource=55&CUI=&UM=6&UP=SPBDEA24BF-65F7-4987-8F77-5ACA6F7FAF1C&SSPV=

*************************

:: "Tracing" keys deleted
:: Winsock settings cleared

*************************

C:\AdwCleaner\AdwCleaner[C1].txt - [1324 bytes] - [03/07/2016 23:25:06]
C:\AdwCleaner\AdwCleaner[S1].txt - [1443 bytes] - [03/07/2016 23:23:53]

########## EOF - C:\AdwCleaner\AdwCleaner[C1].txt - [1470 bytes] ##########

losdavos · Jul 3, 2016

Ok here's the JRT log. But I just realized--I did disable my normal protection software before running JRT, but I see that mbam's background protection was running while I ran JRT. Let me know if that's a problem, thank you.

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Malwarebytes
Version: 8.0.6 (04.25.2016)
Operating System: Windows 10 Home x64
Ran by david (Administrator) on Sun 07/03/2016 at 23:29:27.38
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

File System: 2

Successfully deleted: C:\Users\david\AppData\Local\crashrpt (Folder)
Successfully deleted: C:\Windows\prefetch\QUICKOPTIMIZERICON.EXE-26602B0B.pf (File)

Registry: 0

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on Sun 07/03/2016 at 23:30:25.64
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

Broni · Jul 3, 2016

Re-run Farbar Recovery Scan Tool (FRST/FRST64) you ran at the very beginning of this topic.

Double click to run it.
Make sure you checkmark Addition.txt box.
Press Scan button.
Scan will create two logs, FRST.txt and Addition.txt in the same directory the tool is run. Please copy and paste them to your reply.

losdavos · Jul 4, 2016

Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 02-07-2016
Ran by david (administrator) on DESKTOP-3MHNPTN (04-07-2016 00:01:40)
Running from C:\Users\david\Desktop
Loaded Profiles: david (Available Profiles: david)
Platform: Windows 10 Home Version 1511 (X64) Language: English (United States)
Internet Explorer Version 11 (Default browser: Edge)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool:

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\Av\avgrsa.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\Av\avgcsrva.exe
(Intel Corporation) C:\Windows\System32\igfxCUIService.exe
(Intel Corporation) C:\Windows\SysWOW64\IntelCpHeciSvc.exe
(Microsoft Corporation) C:\Windows\System32\wlanext.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\Framework\Common\avgsvca.exe
(Microsoft Corporation) C:\Program Files\Common Files\microsoft shared\ClickToRun\OfficeClickToRun.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\Av\avgwdsvca.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\Av\avgfwsa.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\Av\avgidsagenta.exe
() C:\Program Files\Dolby\Dolby DAX2\DAX2_API\DolbyDAX2API.exe
(Intel Corporation) C:\Windows\SysWOW64\esif_uf.exe
(Intel(R) Corporation) C:\Program Files\Intel\WiFi\bin\EvtEng.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Bluetooth\utilities\ibtsiva.exe
(Lenovo Group Limited) C:\Program Files\Lenovo\ImController\Service\Lenovo.Modern.ImController.exe
(Malwarebytes) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe
(Intel(R) Corporation) C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe
(RealNetworks, Inc.) C:\Program Files (x86)\Real\RealPlayer\RPDS\Bin\rpdsvc.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnhService.exe
(BayHubTech/O2Micro International) C:\Windows\System32\drivers\o2flash.exe
() C:\Program Files (x86)\Real\UpdateService\RealPlayerUpdateSvc.exe
(Malwarebytes) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe
(Lenovo) C:\ProgramData\LenovoTransition\Server\x64\ymc.exe
() C:\ProgramData\Lenovo\PLHotkeyService\PLHotkeyService.exe
(Intel® Corporation) C:\Program Files\Intel\WiFi\bin\ZeroConfigService.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\Av\avgnsa.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\Av\avgemca.exe
(Malwarebytes) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbam.exe
(Intel Corporation) C:\Windows\Temp\DPTF\esif_assist_64.exe
(Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v3.0\WPF\PresentationFontCache.exe
(Microsoft Corporation) C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\RemindersServer.exe
() C:\Program Files\WindowsApps\Microsoft.Messaging_2.15.20002.0_x86__8wekyb3d8bbwe\SkypeHost.exe
(Intel Corporation) C:\Windows\System32\igfxEM.exe
(Intel Corporation) C:\Windows\System32\igfxHK.exe
() C:\Windows\System32\igfxTray.exe
(Lenovo Group Limited) C:\Program Files\Lenovo\ImController\PluginHost\Lenovo.Modern.ImController.PluginHost.exe
(Lenovo Group Limited) C:\Program Files (x86)\Lenovo\ImController\PluginHost\Lenovo.Modern.ImController.PluginHost.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
(Microsoft Corporation) C:\Windows\System32\rundll32.exe
(Lenovo Group Limited) C:\Program Files (x86)\Lenovo\ImController\PluginHost\Lenovo.Modern.ImController.PluginHost.exe
(Google Inc.) C:\Program Files (x86)\Google\Update\1.3.30.3\GoogleCrashHandler.exe
(Google Inc.) C:\Program Files (x86)\Google\Update\1.3.30.3\GoogleCrashHandler64.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
() C:\Program Files\Lenovo\LenovoUtility\utility.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe
() C:\Program Files\Dolby\Dolby DAX2\DAX2_APP\DolbyDAX2TrayIcon.exe
() C:\Program Files (x86)\RealNetworks\RealDownloader\downloader2.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\Framework\Common\avguix.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\Av\avgui.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Intel Corporation) C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe
(Lenovo) C:\Program Files\Lenovo\Lenovo Solution Center\LSCNotify.exe
(Intel Corporation) C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe
(Lenovo) C:\Users\david\AppData\Local\Apps\2.0\REW9Y2BJ.50E\VROZJWL1.ED4\lsb...tion_2d7b41b05b24775e_0001.0006_6a5d43d0bdf9db4a\LSB.exe
(Microsoft Corporation) C:\Windows\System32\SettingSyncHost.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Microsoft Corporation) C:\Program Files (x86)\Microsoft Office\root\VFS\ProgramFilesCommonX86\Microsoft Shared\OFFICE16\CSISYNCCLIENT.EXE
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe

==================== Registry (Whitelisted) ===========================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [LenovoUtility] => C:\Program Files\Lenovo\LenovoUtility\utility.exe [791848 2016-04-08] ()
HKLM\...\Run: [IAStorIcon] => C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe [322472 2015-06-23] (Intel Corporation)
HKLM\...\Run: [RtHDVBg_Dolby] => C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe [1407744 2015-10-01] (Realtek Semiconductor)
HKLM\...\Run: [RtHDVBg_LENOVO_DOLBYDRAGON] => C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe [1407744 2015-10-01] (Realtek Semiconductor)
HKLM\...\Run: [RtHDVBg_LENOVO_MICPKEY] => C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe [1407744 2015-10-01] (Realtek Semiconductor)
HKLM\...\Run: [DAX2_APP] => C:\Program Files\Dolby\Dolby DAX2\DAX2_APP\DolbyDAX2TrayIcon.exe [628736 2015-06-16] ()
HKLM-x32\...\Run: [RealDownloader] => C:\Program Files (x86)\RealNetworks\RealDownloader\downloader2.exe [714992 2016-05-13] ()
HKLM-x32\...\Run: [AvgUi] => C:\Program Files (x86)\AVG\Framework\Common\avguirnx.exe [186640 2016-06-21] (AVG Technologies CZ, s.r.o.)
HKLM-x32\...\Run: [AVG_UI] => C:\Program Files (x86)\AVG\Av\avgui.exe [6570256 2016-06-09] (AVG Technologies CZ, s.r.o.)
HKU\S-1-5-21-483386053-2290206261-2764208400-1001\...\Run: [Spotify Web Helper] => C:\Users\david\AppData\Roaming\Spotify\SpotifyWebHelper.exe [1553520 2016-06-29] (Spotify Ltd)
HKU\S-1-5-21-483386053-2290206261-2764208400-1001\...\Run: [CCleaner Monitoring] => C:\Program Files\CCleaner\CCleaner64.exe [8810200 2016-06-10] (Piriform Ltd)
ShellIconOverlayIdentifiers: [ mozysyncNotUploaded] -> {34DF8AC2-A6BB-4855-B45A-CC1B4D9183E3} => C:\Program Files\Mozy Sync\mozysyncshell.dll [2015-11-10] (Mozy, Inc.)
ShellIconOverlayIdentifiers: [ mozysyncPendingChanges] -> {6673BC77-4A7B-4299-A130-14312E6B203A} => C:\Program Files\Mozy Sync\mozysyncshell.dll [2015-11-10] (Mozy, Inc.)
ShellIconOverlayIdentifiers: [ mozysyncUpToDate] -> {04547006-32F5-4635-844B-B8D7FCE47692} => C:\Program Files\Mozy Sync\mozysyncshell.dll [2015-11-10] (Mozy, Inc.)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\RealTimes.lnk [2016-05-25]
ShortcutTarget: RealTimes.lnk -> C:\Program Files (x86)\Real\RealPlayer\RPDS\Bin\rpsystray.exe (RealNetworks, Inc.)

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

Tcpip\Parameters: [DhcpNameServer] 209.18.47.62 209.18.47.61
Tcpip\..\Interfaces\{d817e65e-c451-417b-85a6-5f203999c89a}: [DhcpNameServer] 209.18.47.62 209.18.47.61

Internet Explorer:
==================
HKU\S-1-5-21-483386053-2290206261-2764208400-1001\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://go.microsoft.com/fwlink/p/?LinkId=619797&pc=UE07&ocid=UE07DHP
HKU\S-1-5-21-483386053-2290206261-2764208400-1001\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&pver=6&ar=msnhome
BHO: RealNetworks Download and Record Plugin for Internet Explorer -> {3049C3E9-B461-4BC5-8870-4C09146192CA} -> C:\Program Files (x86)\RealNetworks\RealDownloader\BrowserPlugins\IE\rndlbrowserrecordplugin64.dll [2016-05-13] (RealDownloader)
BHO: Lync Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files (x86)\Microsoft Office\root\VFS\ProgramFilesX64\Microsoft Office\Office16\OCHelper.dll [2016-06-10] (Microsoft Corporation)
BHO: Microsoft OneDrive for Business Browser Helper -> {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} -> C:\Program Files (x86)\Microsoft Office\root\VFS\ProgramFilesX64\Microsoft Office\Office16\GROOVEEX.DLL [2016-06-22] (Microsoft Corporation)
BHO-x32: RealNetworks Download and Record Plugin for Internet Explorer -> {3049C3E9-B461-4BC5-8870-4C09146192CA} -> C:\Program Files (x86)\RealNetworks\RealDownloader\BrowserPlugins\IE\rndlbrowserrecordplugin.dll [2016-05-13] (RealDownloader)
Handler-x32: mso-minsb-roaming.16 - {83C25742-A9F7-49FB-9138-434302C88D07} - C:\Program Files (x86)\Microsoft Office\root\Office16\MSOSB.DLL [2016-06-10] (Microsoft Corporation)
Handler-x32: mso-minsb.16 - {42089D2D-912D-4018-9087-2B87803E93FB} - C:\Program Files (x86)\Microsoft Office\root\Office16\MSOSB.DLL [2016-06-10] (Microsoft Corporation)
Handler-x32: osf-roaming.16 - {42089D2D-912D-4018-9087-2B87803E93FB} - C:\Program Files (x86)\Microsoft Office\root\Office16\MSOSB.DLL [2016-06-10] (Microsoft Corporation)
Handler-x32: osf.16 - {5504BE45-A83B-4808-900A-3A5C36E7F77A} - C:\Program Files (x86)\Microsoft Office\root\Office16\MSOSB.DLL [2016-06-10] (Microsoft Corporation)

FireFox:
========
FF ProfilePath: C:\Users\david\AppData\Roaming\Mozilla\Firefox\Profiles\u11xwjzo.default
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\Program Files (x86)\Microsoft Office\root\Office16\NPSPWRAP.DLL [2016-06-10] (Microsoft Corporation)
FF Plugin-x32: @real.com/nppl3260;version=18.1.4.135 -> C:\Program Files (x86)\Real\RealPlayer\Netscape6\nppl3260.dll [2016-05-25] (RealNetworks, Inc.)
FF Plugin-x32: @real.com/nprpplugin;version=18.1.4.135 -> C:\Program Files (x86)\Real\RealPlayer\Netscape6\nprpplugin.dll [2016-05-25] (RealPlayer)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.30.3\npGoogleUpdate3.dll [2016-05-11] (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.30.3\npGoogleUpdate3.dll [2016-05-11] (Google Inc.)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AIR\nppdf32.dll [2016-05-27] (Adobe Systems Inc.)
FF Extension: Adblock Plus - C:\Users\david\AppData\Roaming\Mozilla\Firefox\Profiles\u11xwjzo.default\Extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi [2016-05-31]

Chrome:
=======
CHR HomePage: Default -> hxxp://www.trovi.com/?gd=&ctid=CT3323128&octid=EB_ORIGINAL_CTID&ISID=MFA928959-4827-422B-8464-8E9E80937193&SearchSource=55&CUI=&UM=6&UP=SPBDEA24BF-65F7-4987-8F77-5ACA6F7FAF1C&SSPV=
CHR Session Restore: Default -> is enabled.
CHR Profile: C:\Users\david\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (Google Slides) - C:\Users\david\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2016-05-04]
CHR Extension: (Google Docs) - C:\Users\david\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2016-05-04]
CHR Extension: (Google Drive) - C:\Users\david\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2016-05-04]
CHR Extension: (YouTube) - C:\Users\david\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2016-05-04]
CHR Extension: (Adblock Plus) - C:\Users\david\AppData\Local\Google\Chrome\User Data\Default\Extensions\cfhdojbkjhnklbpkdaibdccddilifddb [2016-06-29]
CHR Extension: (MightyText - SMS from PC & Text from Computer) - C:\Users\david\AppData\Local\Google\Chrome\User Data\Default\Extensions\dkfhfaphfkopdgpbfkebjfcblcafcmpi [2016-06-02]
CHR Extension: (Google News) - C:\Users\david\AppData\Local\Google\Chrome\User Data\Default\Extensions\dllkocilcinkggkchnjgegijklcililc [2016-05-05]
CHR Extension: (Dropbox for Gmail) - C:\Users\david\AppData\Local\Google\Chrome\User Data\Default\Extensions\dpdmhfocilnekecfjgimjdeckachfbec [2016-05-05]
CHR Extension: (Google Calendar) - C:\Users\david\AppData\Local\Google\Chrome\User Data\Default\Extensions\ejjicmeblgpmajnghnpcppodonldlgfn [2016-05-05]
CHR Extension: (Google Sheets) - C:\Users\david\AppData\Local\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2016-05-04]
CHR Extension: (Google Docs Offline) - C:\Users\david\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2016-05-04]
CHR Extension: (AdBlock) - C:\Users\david\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom [2016-07-01]
CHR Extension: (Backspace means backspace!) - C:\Users\david\AppData\Local\Google\Chrome\User Data\Default\Extensions\hcicfpjmgbfalapmkdhfgldcnbamicnh [2016-05-05]
CHR Extension: (Google Hangouts) - C:\Users\david\AppData\Local\Google\Chrome\User Data\Default\Extensions\knipolnnllmklapflnccelgolnpehhpl [2016-07-01]
CHR Extension: (Lego Builder) - C:\Users\david\AppData\Local\Google\Chrome\User Data\Default\Extensions\mapnbjhfjionggfhlkmhjbmbpgfdlolh [2016-05-05]
CHR Extension: (Chrome Web Store Payments) - C:\Users\david\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2016-05-04]
CHR Extension: (Gmail) - C:\Users\david\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2016-05-04]

==================== Services (Whitelisted) ========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

S3 AvgAMPS; C:\Program Files (x86)\AVG\Av\avgamps.exe [636312 2016-06-09] (AVG Technologies CZ, s.r.o.)
R2 avgfws; C:\Program Files (x86)\AVG\Av\avgfwsa.exe [1998712 2016-06-09] (AVG Technologies CZ, s.r.o.)
R2 AVGIDSAgent; C:\Program Files (x86)\AVG\Av\avgidsagenta.exe [5165824 2016-06-09] (AVG Technologies CZ, s.r.o.)
R2 avgsvc; C:\Program Files (x86)\AVG\Framework\Common\avgsvca.exe [1080080 2016-06-21] (AVG Technologies CZ, s.r.o.)
R2 avgwd; C:\Program Files (x86)\AVG\Av\avgwdsvca.exe [705528 2016-06-09] (AVG Technologies CZ, s.r.o.)
R2 ClickToRunSvc; C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exe [2944768 2016-06-10] (Microsoft Corporation)
S3 cplspcon; C:\Windows\system32\IntelCpHDCPSvc.exe [600680 2015-11-24] (Intel Corporation)
R2 DAX2API; C:\Program Files\Dolby\Dolby DAX2\DAX2_API\DolbyDAX2API.exe [176640 2015-09-15] () [File not signed]
R2 esifsvc; C:\Windows\SysWOW64\esif_uf.exe [1385640 2015-07-22] (Intel Corporation)
R2 IAStorDataMgrSvc; C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe [18856 2015-06-23] (Intel Corporation)
R2 ibtsiva.exe; C:\Program Files (x86)\Intel\Bluetooth\utilities\ibtsiva.exe [135408 2015-07-01] (Intel Corporation)
R2 igfxCUIService2.0.0.0; C:\Windows\system32\igfxCUIService.exe [353896 2015-11-24] (Intel Corporation)
R2 ImControllerService; C:\Program Files\Lenovo\ImController\Service\Lenovo.Modern.ImController.exe [56144 2016-05-26] (Lenovo Group Limited)
S3 LSC.Services.SystemService; C:\Program Files\Lenovo\Lenovo Solution Center\App\LSC.Services.SystemService.exe [273232 2016-06-02] (Lenovo)
R2 MBAMScheduler; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe [1514464 2016-03-10] (Malwarebytes)
R2 MBAMService; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe [1136608 2016-03-10] (Malwarebytes)
S3 MyWiFiDHCPDNS; C:\Program Files\Intel\WiFi\bin\PanDhcpDns.exe [268192 2015-06-12] ()
R2 O2FLASH; C:\Windows\System32\drivers\o2flash.exe [82096 2015-05-20] (BayHubTech/O2Micro International)
R2 O2FLASH; C:\Windows\SysWOW64\drivers\o2flash.exe [82096 2015-05-20] (BayHubTech/O2Micro International)
R2 RealPlayerUpdateSvc; C:\Program Files (x86)\Real\UpdateService\RealPlayerUpdateSvc.exe [32544 2016-05-13] ()
R2 RealTimes Desktop Service; C:\Program Files (x86)\Real\RealPlayer\RPDS\Bin\rpdsvc.exe [1095440 2016-05-25] (RealNetworks, Inc.)
S3 ShareItSvc; C:\Program Files (x86)\SHAREit\SHAREit\Shareit.Service.exe [33224 2016-04-15] (SHAREit Technologies Co.Ltd)
R2 SynTPEnhService; C:\Program Files\Synaptics\SynTP\SynTPEnhService.exe [246376 2016-01-06] (Synaptics Incorporated)
S3 WdNisSvc; C:\Program Files\Windows Defender\NisSrv.exe [364464 2015-10-30] (Microsoft Corporation)
S3 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [24864 2015-10-30] (Microsoft Corporation)
R2 ymc; C:\ProgramData\LenovoTransition\Server\x64\ymc.exe [42424 2015-12-02] (Lenovo)
R2 YogaPLService; C:\ProgramData\Lenovo\PLHotkeyService\PLHotkeyService.exe [29112 2015-06-27] ()
R2 ZeroConfigService; C:\Program Files\Intel\WiFi\bin\ZeroConfigService.exe [3831200 2015-06-12] (Intel® Corporation)

===================== Drivers (Whitelisted) ==========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

S0 Avgboota; C:\Windows\System32\DRIVERS\avgboota.sys [21632 2016-01-07] (AVG Technologies CZ, s.r.o.)
R1 Avgdiska; C:\Windows\System32\DRIVERS\avgdiska.sys [162592 2016-02-16] (AVG Technologies CZ, s.r.o.)
R1 Avgfwfd; C:\Windows\system32\DRIVERS\avgfwd6a.sys [97208 2015-08-29] (AVG Technologies CZ, s.r.o.)
R1 AVGIDSDriver; C:\Windows\System32\DRIVERS\avgidsdrivera.sys [307456 2016-05-18] (AVG Technologies CZ, s.r.o.)
R0 AVGIDSHA; C:\Windows\System32\DRIVERS\avgidsha.sys [272304 2016-01-26] (AVG Technologies CZ, s.r.o.)
R1 Avgldx64; C:\Windows\System32\DRIVERS\avgldx64.sys [260352 2016-05-02] (AVG Technologies CZ, s.r.o.)
R0 Avgloga; C:\Windows\System32\DRIVERS\avgloga.sys [360736 2016-02-16] (AVG Technologies CZ, s.r.o.)
R0 Avgmfx64; C:\Windows\System32\DRIVERS\avgmfx64.sys [247040 2016-05-05] (AVG Technologies CZ, s.r.o.)
R0 Avgrkx64; C:\Windows\System32\DRIVERS\avgrkx64.sys [51968 2016-05-02] (AVG Technologies CZ, s.r.o.)
R0 avguniva; C:\Windows\System32\DRIVERS\avguniva.sys [71936 2016-05-05] (AVG Technologies CZ, s.r.o.)
R1 Avgwfpa; C:\Windows\system32\DRIVERS\avgwfpa.sys [315840 2015-12-16] (AVG Technologies CZ, s.r.o.)
S3 AX88772; C:\Windows\System32\drivers\ax88772.sys [111616 2015-10-30] (ASIX Electronics Corp.)
R3 dptf_cpu; C:\Windows\System32\drivers\dptf_cpu.sys [43512 2015-07-22] (Intel Corporation)
R3 esif_lf; C:\Windows\system32\DRIVERS\esif_lf.sys [251384 2015-07-22] (Intel Corporation)
R3 iaLPSS2_GPIO2; C:\Windows\System32\drivers\iaLPSS2_GPIO2.sys [84264 2015-06-16] (Intel Corporation)
R3 iaLPSS2_I2C; C:\Windows\System32\drivers\iaLPSS2_I2C.sys [185128 2015-06-16] (Intel Corporation)
R3 ibtusb; C:\Windows\system32\DRIVERS\ibtusb.sys [250096 2015-07-01] (Intel Corporation)
R3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [27008 2016-03-10] (Malwarebytes)
R3 MBAMSwissArmy; C:\Windows\system32\drivers\MBAMSwissArmy.sys [192216 2016-07-03] (Malwarebytes)
R3 MBAMWebAccessControl; C:\Windows\system32\drivers\mwac.sys [65408 2016-03-10] (Malwarebytes Corporation)
R3 MEIx64; C:\Windows\System32\drivers\TeeDriverW8x64.sys [184608 2015-07-07] (Intel Corporation)
S3 NETwNe64; C:\Windows\System32\drivers\NETwew01.sys [3343872 2015-10-30] (Intel Corporation)
R3 Netwtw02; C:\Windows\System32\drivers\Netwtw02.sys [7043336 2015-10-24] (Intel Corporation)
R3 O2FJ2RDR; C:\Windows\System32\drivers\O2FJ2x64.sys [201240 2015-05-20] (BayHubTech/O2Micro )
R3 rtsuvc; C:\Windows\system32\DRIVERS\rtsuvc.sys [3049176 2015-05-29] (Realtek Semiconductor Corp.)
R3 SynRMIHID; C:\Windows\system32\DRIVERS\SynRMIHID.sys [56936 2016-01-06] (Synaptics Incorporated)
U3 TrueSight; C:\Windows\System32\drivers\TrueSight.sys [24688 2016-07-03] ()
S3 WdBoot; C:\Windows\system32\drivers\WdBoot.sys [44568 2015-10-30] (Microsoft Corporation)
S3 WdFilter; C:\Windows\system32\drivers\WdFilter.sys [293216 2015-10-30] (Microsoft Corporation)
S3 WdNisDrv; C:\Windows\System32\Drivers\WdNisDrv.sys [118112 2015-10-30] (Microsoft Corporation)

==================== NetSvcs (Whitelisted) ===================

losdavos · Jul 4, 2016

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

==================== One Month Created files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2016-07-03 23:31 - 2016-07-03 23:31 - 00000712 _____ C:\Users\david\Desktop\JRT1.txt
2016-07-03 23:30 - 2016-07-03 23:30 - 00000712 _____ C:\Users\david\Desktop\JRT.txt
2016-07-03 23:28 - 2016-07-03 23:29 - 01610816 _____ (Malwarebytes) C:\Users\david\Desktop\JRT.exe
2016-07-03 23:23 - 2016-07-03 23:25 - 00000000 ____D C:\AdwCleaner
2016-07-03 23:23 - 2016-07-03 23:23 - 03712064 _____ C:\Users\david\Desktop\adwcleaner_5.201.exe
2016-07-03 23:20 - 2016-07-03 23:20 - 00001037 _____ C:\Users\david\Desktop\mbam.txt
2016-07-03 23:14 - 2016-07-03 23:32 - 00192216 _____ (Malwarebytes) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2016-07-03 23:13 - 2016-07-03 23:13 - 00001171 _____ C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
2016-07-03 23:13 - 2016-07-03 23:13 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware
2016-07-03 23:13 - 2016-07-03 23:13 - 00000000 ____D C:\ProgramData\Malwarebytes
2016-07-03 23:13 - 2016-07-03 23:13 - 00000000 ____D C:\Program Files (x86)\Malwarebytes Anti-Malware
2016-07-03 23:13 - 2016-03-10 14:09 - 00065408 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mwac.sys
2016-07-03 23:13 - 2016-03-10 14:08 - 00140672 _____ (Malwarebytes) C:\Windows\system32\Drivers\mbamchameleon.sys
2016-07-03 23:13 - 2016-03-10 14:08 - 00027008 _____ (Malwarebytes) C:\Windows\system32\Drivers\mbam.sys
2016-07-03 23:10 - 2016-07-03 23:10 - 22851472 _____ (Malwarebytes ) C:\Users\david\Desktop\mbam-setup-2.2.1.1043.exe
2016-07-03 23:08 - 2016-07-03 23:08 - 00000000 ___HD C:\OneDriveTemp
2016-07-03 22:59 - 2016-07-03 22:59 - 00006046 _____ C:\Users\david\Desktop\rk_304C.tmp.txt
2016-07-03 20:42 - 2016-07-03 20:42 - 00024688 _____ C:\Windows\system32\Drivers\TrueSight.sys
2016-07-03 20:41 - 2016-07-03 20:41 - 00000000 ____D C:\ProgramData\RogueKiller
2016-07-03 20:18 - 2016-07-03 20:21 - 19927624 _____ C:\Users\david\Desktop\RogueKiller.exe
2016-07-03 04:49 - 2016-07-04 00:01 - 00022581 _____ C:\Users\david\Desktop\FRST.txt
2016-07-03 04:49 - 2016-07-04 00:01 - 00000000 ____D C:\FRST
2016-07-03 04:49 - 2016-07-03 04:50 - 00035154 _____ C:\Users\david\Desktop\Addition.txt
2016-07-03 04:46 - 2016-07-03 04:48 - 02390016 _____ (Farbar) C:\Users\david\Desktop\FRST64.exe
2016-07-01 10:56 - 2016-07-01 10:56 - 00932857 _____ C:\Users\david\Downloads\ssrc-readingsuperhero.pdf
2016-06-29 09:59 - 2016-07-02 12:50 - 00122368 ___SH C:\Users\david\Downloads\Thumbs.db
2016-06-29 02:24 - 2016-06-29 02:24 - 00002870 _____ C:\Windows\System32\Tasks\CCleanerSkipUAC
2016-06-29 02:24 - 2016-06-29 02:24 - 00000863 _____ C:\Users\Public\Desktop\CCleaner.lnk
2016-06-29 02:24 - 2016-06-29 02:24 - 00000000 ____D C:\Program Files\CCleaner
2016-06-26 22:21 - 2016-06-26 22:21 - 00001009 _____ C:\Users\Public\Desktop\AVG Protection.lnk
2016-06-26 22:21 - 2016-06-26 22:21 - 00000000 ___HD C:\$AVG
2016-06-26 22:21 - 2016-06-26 22:21 - 00000000 ____D C:\Users\david\AppData\Roaming\TuneUp Software
2016-06-26 22:21 - 2016-06-26 22:21 - 00000000 ____D C:\Users\david\AppData\Roaming\AVG
2016-06-26 22:21 - 2016-06-26 22:21 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AVG
2016-06-26 22:20 - 2016-07-03 23:35 - 00000000 ____D C:\ProgramData\MFAData
2016-06-26 22:20 - 2016-06-26 22:21 - 00000000 ____D C:\Program Files (x86)\AVG
2016-06-26 22:20 - 2016-06-26 22:20 - 00000000 ____D C:\Users\david\AppData\Local\MFAData
2016-06-26 22:17 - 2016-06-26 22:21 - 00000000 ____D C:\Users\david\AppData\Local\Avg
2016-06-26 22:17 - 2016-06-26 22:21 - 00000000 ____D C:\ProgramData\Avg
2016-06-26 22:17 - 2016-06-26 22:20 - 00000000 ____D C:\Users\david\AppData\Local\AvgSetupLog
2016-06-26 22:17 - 2016-06-26 22:17 - 03135880 _____ (AVG Technologies CZ, s.r.o.) C:\Users\david\Desktop\AVG_Internet_Security_742.exe
2016-06-25 23:19 - 2016-06-25 23:19 - 00000000 ____D C:\Users\david\AppData\LocalLow\Lenovo
2016-06-22 14:17 - 2016-06-22 14:17 - 00000000 ____D C:\Users\david\AppData\Roaming\Lenovo
2016-06-20 07:47 - 2016-06-20 07:47 - 00199193 ____T C:\Users\david\Desktop\go shuttle ticket.pdf
2016-06-20 07:26 - 2016-06-20 07:26 - 00035642 ____T C:\Users\david\Desktop\go shuttle receipt.pdf
2016-06-18 14:17 - 2016-06-18 14:17 - 00348376 _____ (Spotify Ltd) C:\Users\david\Downloads\SpotifySetup.exe
2016-06-18 14:16 - 2016-07-03 20:19 - 00000000 ____D C:\Users\david\AppData\Local\Spotify
2016-06-18 14:16 - 2016-07-03 19:39 - 00000000 ____D C:\Users\david\AppData\Roaming\Spotify
2016-06-18 14:16 - 2016-06-29 12:49 - 00001895 _____ C:\Users\david\Desktop\Spotify.lnk
2016-06-18 14:16 - 2016-06-29 12:49 - 00001881 _____ C:\Users\david\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Spotify.lnk
2016-06-18 08:29 - 2016-06-18 08:29 - 02369246 _____ C:\Users\david\Desktop\WaterTaxi_Winter_FY15.pdf
2016-06-17 01:24 - 2016-05-28 00:57 - 01372312 _____ (Microsoft Corporation) C:\Windows\SysWOW64\gdi32.dll
2016-06-17 01:24 - 2016-05-28 00:29 - 00045568 _____ (Adobe Systems) C:\Windows\system32\atmlib.dll
2016-06-17 01:24 - 2016-05-28 00:11 - 00504320 _____ (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll
2016-06-17 01:23 - 2016-05-28 02:13 - 01401024 _____ (Microsoft Corporation) C:\Windows\system32\appraiser.dll
2016-06-17 01:23 - 2016-05-28 02:13 - 01184960 _____ (Microsoft Corporation) C:\Windows\system32\aeinv.dll
2016-06-17 01:23 - 2016-05-28 02:13 - 00514752 _____ (Microsoft Corporation) C:\Windows\system32\devinv.dll
2016-06-17 01:23 - 2016-05-28 02:13 - 00290496 _____ (Microsoft Corporation) C:\Windows\system32\invagent.dll
2016-06-17 01:23 - 2016-05-28 02:13 - 00092352 _____ (Microsoft Corporation) C:\Windows\system32\acmigration.dll
2016-06-17 01:23 - 2016-05-28 02:13 - 00046784 _____ (Microsoft Corporation) C:\Windows\system32\CompatTelRunner.exe
2016-06-17 01:23 - 2016-05-28 01:25 - 04268880 _____ (Microsoft Corporation) C:\Windows\SysWOW64\setupapi.dll
2016-06-17 01:23 - 2016-05-28 01:23 - 00388384 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ws2_32.dll
2016-06-17 01:23 - 2016-05-28 01:23 - 00312160 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mswsock.dll
2016-06-17 01:23 - 2016-05-28 01:22 - 07474528 _____ (Microsoft Corporation) C:\Windows\system32\ntoskrnl.exe
2016-06-17 01:23 - 2016-05-28 01:22 - 04387680 _____ (Microsoft Corporation) C:\Windows\system32\setupapi.dll
2016-06-17 01:23 - 2016-05-28 01:22 - 00428896 _____ (Microsoft Corporation) C:\Windows\system32\hal.dll
2016-06-17 01:23 - 2016-05-28 01:22 - 00211296 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\tpm.sys
2016-06-17 01:23 - 2016-05-28 01:22 - 00118624 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\partmgr.sys
2016-06-17 01:23 - 2016-05-28 01:20 - 00430312 _____ (Microsoft Corporation) C:\Windows\system32\ws2_32.dll
2016-06-17 01:23 - 2016-05-28 01:18 - 00357216 _____ (Microsoft Corporation) C:\Windows\system32\mswsock.dll
2016-06-17 01:23 - 2016-05-28 01:16 - 00026408 _____ (Microsoft Corporation) C:\Windows\system32\wuauclt.exe
2016-06-17 01:23 - 2016-05-28 01:09 - 00501600 _____ (Microsoft Corporation) C:\Windows\SysWOW64\NetSetupEngine.dll
2016-06-17 01:23 - 2016-05-28 01:09 - 00170848 _____ (Microsoft Corporation) C:\Windows\system32\NetworkUXBroker.exe
2016-06-17 01:23 - 2016-05-28 01:09 - 00084832 _____ (Microsoft Corporation) C:\Windows\SysWOW64\NetSetupApi.dll
2016-06-17 01:23 - 2016-05-28 01:08 - 00693600 _____ (Microsoft Corporation) C:\Windows\system32\NetSetupEngine.dll
2016-06-17 01:23 - 2016-05-28 01:08 - 00258912 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ufx01000.sys
2016-06-17 01:23 - 2016-05-28 01:08 - 00115040 _____ (Microsoft Corporation) C:\Windows\system32\NetSetupApi.dll
2016-06-17 01:23 - 2016-05-28 01:07 - 03675512 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2016-06-17 01:23 - 2016-05-28 01:07 - 02921880 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2016-06-17 01:23 - 2016-05-28 01:07 - 01322248 _____ (Microsoft Corporation) C:\Windows\system32\ole32.dll
2016-06-17 01:23 - 2016-05-28 01:07 - 00957608 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ole32.dll
2016-06-17 01:23 - 2016-05-28 01:07 - 00808288 _____ (Microsoft Corporation) C:\Windows\system32\WWAHost.exe
2016-06-17 01:23 - 2016-05-28 01:07 - 00703840 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WWAHost.exe
2016-06-17 01:23 - 2016-05-28 01:07 - 00331616 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\pci.sys
2016-06-17 01:23 - 2016-05-28 01:06 - 22561256 _____ (Microsoft Corporation) C:\Windows\system32\shell32.dll
2016-06-17 01:23 - 2016-05-28 01:06 - 04074160 _____ (Microsoft Corporation) C:\Windows\SysWOW64\explorer.exe
2016-06-17 01:23 - 2016-05-28 01:06 - 00730344 _____ (Microsoft Corporation) C:\Windows\system32\Windows.Internal.Shell.Broker.dll
2016-06-17 01:23 - 2016-05-28 01:06 - 00303216 _____ (Microsoft Corporation) C:\Windows\system32\LockAppHost.exe
2016-06-17 01:23 - 2016-05-28 01:06 - 00254656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\LockAppHost.exe
2016-06-17 01:23 - 2016-05-28 01:05 - 04515264 _____ (Microsoft Corporation) C:\Windows\explorer.exe
2016-06-17 01:23 - 2016-05-28 01:04 - 00604928 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\cng.sys
2016-06-17 01:23 - 2016-05-28 01:04 - 00431296 _____ (Microsoft Corporation) C:\Windows\system32\bcryptprimitives.dll
2016-06-17 01:23 - 2016-05-28 01:04 - 00360480 _____ (Microsoft Corporation) C:\Windows\SysWOW64\bcryptprimitives.dll
2016-06-17 01:23 - 2016-05-28 01:04 - 00161632 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecpkg.sys
2016-06-17 01:23 - 2016-05-28 01:04 - 00111064 _____ (Microsoft Corporation) C:\Windows\system32\ncryptsslp.dll
2016-06-17 01:23 - 2016-05-28 01:04 - 00097096 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ncryptsslp.dll
2016-06-17 01:23 - 2016-05-28 01:03 - 00131248 _____ (Microsoft Corporation) C:\Windows\system32\gpapi.dll
2016-06-17 01:23 - 2016-05-28 00:58 - 01996640 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\dxgkrnl.sys
2016-06-17 01:23 - 2016-05-28 00:58 - 00379232 _____ (Adobe Systems Incorporated) C:\Windows\system32\atmfd.dll
2016-06-17 01:23 - 2016-05-28 00:57 - 02548944 _____ (Microsoft Corporation) C:\Windows\system32\d3d10warp.dll
2016-06-17 01:23 - 2016-05-28 00:57 - 02195632 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3d10warp.dll
2016-06-17 01:23 - 2016-05-28 00:57 - 01594416 _____ (Microsoft Corporation) C:\Windows\system32\gdi32.dll
2016-06-17 01:23 - 2016-05-28 00:57 - 00649792 _____ (Microsoft Corporation) C:\Windows\system32\dxgi.dll
2016-06-17 01:23 - 2016-05-28 00:57 - 00636304 _____ (Microsoft Corporation) C:\Windows\system32\fontdrvhost.exe
2016-06-17 01:23 - 2016-05-28 00:57 - 00577376 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\dxgmms2.sys
2016-06-17 01:23 - 2016-05-28 00:57 - 00546456 _____ (Microsoft Corporation) C:\Windows\SysWOW64\fontdrvhost.exe
2016-06-17 01:23 - 2016-05-28 00:57 - 00521664 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxgi.dll
2016-06-17 01:23 - 2016-05-28 00:57 - 00316256 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\atmfd.dll
2016-06-17 01:23 - 2016-05-28 00:35 - 00123392 _____ (Microsoft Corporation) C:\Windows\system32\tdlrecover.exe
2016-06-17 01:23 - 2016-05-28 00:35 - 00089088 _____ (Microsoft Corporation) C:\Windows\system32\MapsCSP.dll
2016-06-17 01:23 - 2016-05-28 00:35 - 00031744 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\dumpsdport.sys
2016-06-17 01:23 - 2016-05-28 00:31 - 00091648 _____ (Microsoft Corporation) C:\Windows\SysWOW64\tdlrecover.exe
2016-06-17 01:23 - 2016-05-28 00:31 - 00088576 _____ (Microsoft Corporation) C:\Windows\SysWOW64\olepro32.dll
2016-06-17 01:23 - 2016-05-28 00:31 - 00066560 _____ (Microsoft Corporation) C:\Windows\system32\MosHostClient.dll
2016-06-17 01:23 - 2016-05-28 00:29 - 22379008 _____ (Microsoft Corporation) C:\Windows\system32\edgehtml.dll
2016-06-17 01:23 - 2016-05-28 00:29 - 00079360 _____ (Microsoft Corporation) C:\Windows\system32\adhsvc.dll
2016-06-17 01:23 - 2016-05-28 00:29 - 00019456 _____ (Microsoft Corporation) C:\Windows\system32\httpprxp.dll
2016-06-17 01:23 - 2016-05-28 00:28 - 00166400 _____ (Microsoft Corporation) C:\Windows\system32\MusNotification.exe
2016-06-17 01:23 - 2016-05-28 00:28 - 00118272 _____ (Microsoft Corporation) C:\Windows\system32\fontsub.dll
2016-06-17 01:23 - 2016-05-28 00:28 - 00090112 _____ (Microsoft Corporation) C:\Windows\system32\FwRemoteSvr.dll
2016-06-17 01:23 - 2016-05-28 00:27 - 00050176 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MosHostClient.dll
2016-06-17 01:23 - 2016-05-28 00:27 - 00028672 _____ (Microsoft Corporation) C:\Windows\system32\mapsupdatetask.dll
2016-06-17 01:23 - 2016-05-28 00:26 - 00199168 _____ (Microsoft Corporation) C:\Windows\system32\InstallAgent.exe
2016-06-17 01:23 - 2016-05-28 00:26 - 00157184 _____ (Microsoft Corporation) C:\Windows\system32\dmcertinst.exe
2016-06-17 01:23 - 2016-05-28 00:26 - 00145920 _____ (Microsoft Corporation) C:\Windows\system32\omadmclient.exe
2016-06-17 01:23 - 2016-05-28 00:26 - 00120320 _____ (Microsoft Corporation) C:\Windows\system32\MapsBtSvc.dll
2016-06-17 01:23 - 2016-05-28 00:26 - 00074752 _____ (Microsoft Corporation) C:\Windows\system32\MosStorage.dll
2016-06-17 01:23 - 2016-05-28 00:25 - 00112640 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\bthenum.sys
2016-06-17 01:23 - 2016-05-28 00:25 - 00037376 _____ (Adobe Systems) C:\Windows\SysWOW64\atmlib.dll
2016-06-17 01:23 - 2016-05-28 00:24 - 00218624 _____ (Microsoft Corporation) C:\Windows\system32\cdd.dll
2016-06-17 01:23 - 2016-05-28 00:24 - 00124928 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\Ndu.sys
2016-06-17 01:23 - 2016-05-28 00:24 - 00093696 _____ (Microsoft Corporation) C:\Windows\SysWOW64\fontsub.dll
2016-06-17 01:23 - 2016-05-28 00:24 - 00091136 _____ (Microsoft Corporation) C:\Windows\system32\browserbroker.dll
2016-06-17 01:23 - 2016-05-28 00:24 - 00086528 _____ (Microsoft Corporation) C:\Windows\system32\AppCapture.dll
2016-06-17 01:23 - 2016-05-28 00:24 - 00072704 _____ (Microsoft Corporation) C:\Windows\system32\moshost.dll
2016-06-17 01:23 - 2016-05-28 00:24 - 00067072 _____ (Microsoft Corporation) C:\Windows\system32\dhcpcsvc6.dll
2016-06-17 01:23 - 2016-05-28 00:24 - 00053760 _____ (Microsoft Corporation) C:\Windows\SysWOW64\FwRemoteSvr.dll
2016-06-17 01:23 - 2016-05-28 00:23 - 00155136 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\hidclass.sys
2016-06-17 01:23 - 2016-05-28 00:23 - 00086016 _____ (Microsoft Corporation) C:\Windows\system32\dhcpcsvc.dll
2016-06-17 01:23 - 2016-05-28 00:22 - 00406528 _____ (Microsoft Corporation) C:\Windows\system32\MusUpdateHandlers.dll
2016-06-17 01:23 - 2016-05-28 00:22 - 00368640 _____ (Microsoft Corporation) C:\Windows\system32\usocore.dll
2016-06-17 01:23 - 2016-05-28 00:22 - 00278528 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\netbt.sys
2016-06-17 01:23 - 2016-05-28 00:22 - 00269824 _____ (Microsoft Corporation) C:\Windows\system32\moshostcore.dll
2016-06-17 01:23 - 2016-05-28 00:22 - 00163328 _____ (Microsoft Corporation) C:\Windows\system32\tetheringservice.dll
2016-06-17 01:23 - 2016-05-28 00:22 - 00161280 _____ (Microsoft Corporation) C:\Windows\SysWOW64\InstallAgent.exe
2016-06-17 01:23 - 2016-05-28 00:22 - 00087040 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MapsBtSvc.dll
2016-06-17 01:23 - 2016-05-28 00:22 - 00079872 _____ (Microsoft Corporation) C:\Windows\system32\cryptsvc.dll
2016-06-17 01:23 - 2016-05-28 00:22 - 00059904 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MosStorage.dll
2016-06-17 01:23 - 2016-05-28 00:21 - 00550912 _____ (Microsoft Corporation) C:\Windows\system32\StoreAgent.dll
2016-06-17 01:23 - 2016-05-28 00:21 - 00239104 _____ (Microsoft Corporation) C:\Windows\system32\BrokerLib.dll
2016-06-17 01:23 - 2016-05-28 00:21 - 00207360 _____ (Microsoft Corporation) C:\Windows\system32\NetSetupSvc.dll
2016-06-17 01:23 - 2016-05-28 00:21 - 00190464 _____ (Microsoft Corporation) C:\Windows\system32\wscsvc.dll
2016-06-17 01:23 - 2016-05-28 00:20 - 00641536 _____ (Microsoft Corporation) C:\Windows\system32\enterprisecsps.dll
2016-06-17 01:23 - 2016-05-28 00:20 - 00511488 _____ (Microsoft Corporation) C:\Windows\system32\newdev.dll
2016-06-17 01:23 - 2016-05-28 00:20 - 00332288 _____ (Microsoft Corporation) C:\Windows\system32\polstore.dll
2016-06-17 01:23 - 2016-05-28 00:20 - 00267264 _____ (Microsoft Corporation) C:\Windows\system32\dhcpcore6.dll
2016-06-17 01:23 - 2016-05-28 00:20 - 00199168 _____ (Microsoft Corporation) C:\Windows\system32\GnssAdapter.dll
2016-06-17 01:23 - 2016-05-28 00:20 - 00174080 _____ (Microsoft Corporation) C:\Windows\system32\SettingsHandlers_Privacy.dll
2016-06-17 01:23 - 2016-05-28 00:20 - 00057344 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dhcpcsvc6.dll
2016-06-17 01:23 - 2016-05-28 00:19 - 24605696 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2016-06-17 01:23 - 2016-05-28 00:19 - 00764928 _____ (Microsoft Corporation) C:\Windows\system32\Chakradiag.dll
2016-06-17 01:23 - 2016-05-28 00:19 - 00567808 _____ (Microsoft Corporation) C:\Windows\system32\MBMediaManager.dll
2016-06-17 01:23 - 2016-05-28 00:19 - 00414720 _____ (Microsoft Corporation) C:\Windows\system32\bcastdvr.exe
2016-06-17 01:23 - 2016-05-28 00:19 - 00355840 _____ (Microsoft Corporation) C:\Windows\system32\dhcpcore.dll
2016-06-17 01:23 - 2016-05-28 00:19 - 00064000 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dhcpcsvc.dll
2016-06-17 01:23 - 2016-05-28 00:18 - 11545088 _____ (Microsoft Corporation) C:\Windows\system32\twinui.dll
2016-06-17 01:23 - 2016-05-28 00:18 - 07977472 _____ (Microsoft Corporation) C:\Windows\system32\mos.dll
2016-06-17 01:23 - 2016-05-28 00:18 - 00610816 _____ (Microsoft Corporation) C:\Windows\system32\rastls.dll
2016-06-17 01:23 - 2016-05-28 00:18 - 00591360 _____ (Microsoft Corporation) C:\Windows\system32\vpnike.dll
2016-06-17 01:23 - 2016-05-28 00:18 - 00460800 _____ (Microsoft Corporation) C:\Windows\system32\MapConfiguration.dll
2016-06-17 01:23 - 2016-05-28 00:18 - 00392192 _____ (Microsoft Corporation) C:\Windows\system32\IPSECSVC.DLL
2016-06-17 01:23 - 2016-05-28 00:18 - 00380416 _____ (Microsoft Corporation) C:\Windows\system32\SystemEventsBrokerServer.dll
2016-06-17 01:23 - 2016-05-28 00:18 - 00285184 _____ (Microsoft Corporation) C:\Windows\system32\VEEventDispatcher.dll
2016-06-17 01:23 - 2016-05-28 00:17 - 09918976 _____ (Microsoft Corporation) C:\Windows\SysWOW64\twinui.dll
2016-06-17 01:23 - 2016-05-28 00:17 - 00963072 _____ (Microsoft Corporation) C:\Windows\system32\iphlpsvc.dll
2016-06-17 01:23 - 2016-05-28 00:17 - 00630784 _____ (Microsoft Corporation) C:\Windows\system32\MessagingDataModel2.dll
2016-06-17 01:23 - 2016-05-28 00:17 - 00485888 _____ (Microsoft Corporation) C:\Windows\SysWOW64\newdev.dll
2016-06-17 01:23 - 2016-05-28 00:17 - 00415232 _____ (Microsoft Corporation) C:\Windows\SysWOW64\StoreAgent.dll
2016-06-17 01:23 - 2016-05-28 00:17 - 00315392 _____ (Microsoft Corporation) C:\Windows\system32\RDXTaskFactory.dll
2016-06-17 01:23 - 2016-05-28 00:17 - 00278016 _____ (Microsoft Corporation) C:\Windows\system32\Windows.Internal.Management.dll
2016-06-17 01:23 - 2016-05-28 00:17 - 00173056 _____ (Microsoft Corporation) C:\Windows\system32\mdmmigrator.dll
2016-06-17 01:23 - 2016-05-28 00:16 - 19344384 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2016-06-17 01:23 - 2016-05-28 00:16 - 00690176 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\srv2.sys
2016-06-17 01:23 - 2016-05-28 00:16 - 00684544 _____ (Microsoft Corporation) C:\Windows\system32\StructuredQuery.dll
2016-06-17 01:23 - 2016-05-28 00:16 - 00592896 _____ (Microsoft Corporation) C:\Windows\system32\AppContracts.dll
2016-06-17 01:23 - 2016-05-28 00:16 - 00503808 _____ (Microsoft Corporation) C:\Windows\system32\tileobjserver.dll
2016-06-17 01:23 - 2016-05-28 00:16 - 00406528 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\srv.sys
2016-06-17 01:23 - 2016-05-28 00:16 - 00291328 _____ (Microsoft Corporation) C:\Windows\SysWOW64\polstore.dll
2016-06-17 01:23 - 2016-05-28 00:16 - 00230400 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dhcpcore6.dll
2016-06-17 01:23 - 2016-05-28 00:15 - 01056256 _____ (Microsoft Corporation) C:\Windows\system32\JpMapControl.dll
2016-06-17 01:23 - 2016-05-28 00:15 - 00853504 _____ (Microsoft Corporation) C:\Windows\system32\MapsStore.dll
2016-06-17 01:23 - 2016-05-28 00:15 - 00794624 _____ (Microsoft Corporation) C:\Windows\system32\winhttp.dll
2016-06-17 01:23 - 2016-05-28 00:15 - 00535040 _____ (Microsoft Corporation) C:\Windows\SysWOW64\rastls.dll
2016-06-17 01:23 - 2016-05-28 00:15 - 00349696 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MapConfiguration.dll
2016-06-17 01:23 - 2016-05-28 00:15 - 00293888 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dhcpcore.dll
2016-06-17 01:23 - 2016-05-28 00:15 - 00237056 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\srvnet.sys
2016-06-17 01:23 - 2016-05-28 00:14 - 18674176 _____ (Microsoft Corporation) C:\Windows\SysWOW64\edgehtml.dll
2016-06-17 01:23 - 2016-05-28 00:14 - 01716736 _____ (Microsoft Corporation) C:\Windows\system32\SRHInproc.dll
2016-06-17 01:23 - 2016-05-28 00:14 - 00988160 _____ (Microsoft Corporation) C:\Windows\system32\NMAA.dll
2016-06-17 01:23 - 2016-05-28 00:14 - 00965632 _____ (Microsoft Corporation) C:\Windows\system32\SRH.dll
2016-06-17 01:23 - 2016-05-28 00:14 - 00784384 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2016-06-17 01:23 - 2016-05-28 00:14 - 00606208 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
2016-06-17 01:23 - 2016-05-28 00:14 - 00499712 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MessagingDataModel2.dll
2016-06-17 01:23 - 2016-05-28 00:14 - 00219136 _____ (Microsoft Corporation) C:\Windows\SysWOW64\VEEventDispatcher.dll
2016-06-17 01:23 - 2016-05-28 00:14 - 00200192 _____ (Microsoft Corporation) C:\Windows\SysWOW64\Windows.Internal.Management.dll
2016-06-17 01:23 - 2016-05-28 00:13 - 01387520 _____ (Microsoft Corporation) C:\Windows\system32\win32kbase.sys
2016-06-17 01:23 - 2016-05-28 00:13 - 00990208 _____ (Microsoft Corporation) C:\Windows\system32\SharedStartModel.dll
2016-06-17 01:23 - 2016-05-28 00:13 - 00982016 _____ (Microsoft Corporation) C:\Windows\system32\AppxPackaging.dll
2016-06-17 01:23 - 2016-05-28 00:13 - 00954368 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\bthport.sys
2016-06-17 01:23 - 2016-05-28 00:13 - 00939520 _____ (Microsoft Corporation) C:\Windows\system32\MapControlCore.dll
2016-06-17 01:23 - 2016-05-28 00:13 - 00587776 _____ (Microsoft Corporation) C:\Windows\system32\bisrv.dll
2016-06-17 01:23 - 2016-05-28 00:13 - 00467456 _____ (Microsoft Corporation) C:\Windows\SysWOW64\AppContracts.dll
2016-06-17 01:23 - 2016-05-28 00:13 - 00084992 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\BTHUSB.SYS
2016-06-17 01:23 - 2016-05-28 00:12 - 00800768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\JpMapControl.dll
2016-06-17 01:23 - 2016-05-28 00:12 - 00614400 _____ (Microsoft Corporation) C:\Windows\SysWOW64\winhttp.dll
2016-06-17 01:23 - 2016-05-28 00:12 - 00521728 _____ (Microsoft Corporation) C:\Windows\SysWOW64\StructuredQuery.dll
2016-06-17 01:23 - 2016-05-28 00:11 - 01445888 _____ (Microsoft Corporation) C:\Windows\SysWOW64\SRHInproc.dll
2016-06-17 01:23 - 2016-05-28 00:11 - 00890368 _____ (Microsoft Corporation) C:\Windows\SysWOW64\AppxPackaging.dll
2016-06-17 01:23 - 2016-05-28 00:11 - 00799744 _____ (Microsoft Corporation) C:\Windows\SysWOW64\SRH.dll
2016-06-17 01:23 - 2016-05-28 00:11 - 00784896 _____ (Microsoft Corporation) C:\Windows\SysWOW64\NMAA.dll
2016-06-17 01:23 - 2016-05-28 00:11 - 00711680 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MapControlCore.dll
2016-06-17 01:23 - 2016-05-28 00:11 - 00687616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2016-06-17 01:23 - 2016-05-28 00:11 - 00128512 _____ (Microsoft Corporation) C:\Windows\system32\httpprxm.dll
2016-06-17 01:23 - 2016-05-28 00:09 - 01073152 _____ (Microsoft Corporation) C:\Windows\system32\RDXService.dll
2016-06-17 01:23 - 2016-05-28 00:08 - 13385728 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2016-06-17 01:23 - 2016-05-28 00:08 - 06295552 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mos.dll
2016-06-17 01:23 - 2016-05-28 00:06 - 12128256 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2016-06-17 01:23 - 2016-05-28 00:06 - 07200256 _____ (Microsoft Corporation) C:\Windows\system32\BingMaps.dll
2016-06-17 01:23 - 2016-05-28 00:06 - 01339904 _____ (Microsoft Corporation) C:\Windows\system32\gpsvc.dll
2016-06-17 01:23 - 2016-05-28 00:05 - 03994624 _____ (Microsoft Corporation) C:\Windows\system32\SettingsHandlers_nt.dll
2016-06-17 01:23 - 2016-05-28 00:05 - 03664896 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2016-06-17 01:23 - 2016-05-28 00:05 - 02582016 _____ (Microsoft Corporation) C:\Windows\system32\MFMediaEngine.dll
2016-06-17 01:23 - 2016-05-28 00:05 - 01797120 _____ (Microsoft Corporation) C:\Windows\system32\Windows.UI.Immersive.dll
2016-06-17 01:23 - 2016-05-28 00:04 - 06973952 _____ (Microsoft Corporation) C:\Windows\system32\Windows.Data.Pdf.dll
2016-06-17 01:23 - 2016-05-28 00:04 - 00555520 _____ (Microsoft Corporation) C:\Windows\system32\SyncController.dll
2016-06-17 01:23 - 2016-05-28 00:04 - 00450560 _____ (Microsoft Corporation) C:\Windows\SysWOW64\SyncController.dll
2016-06-17 01:23 - 2016-05-28 00:03 - 05323776 _____ (Microsoft Corporation) C:\Windows\SysWOW64\Windows.Data.Pdf.dll
2016-06-17 01:23 - 2016-05-28 00:03 - 05205504 _____ (Microsoft Corporation) C:\Windows\SysWOW64\BingMaps.dll
2016-06-17 01:23 - 2016-05-28 00:03 - 02609664 _____ (Microsoft Corporation) C:\Windows\system32\NetworkMobileSettings.dll
2016-06-17 01:23 - 2016-05-28 00:03 - 01185280 _____ (Microsoft Corporation) C:\Windows\SysWOW64\LocationFramework.dll
2016-06-17 01:23 - 2016-05-28 00:03 - 00693760 _____ (Microsoft Corporation) C:\Windows\system32\internetmail.dll
2016-06-17 01:23 - 2016-05-28 00:03 - 00417792 _____ (Microsoft Corporation) C:\Windows\system32\dmenrollengine.dll
2016-06-17 01:23 - 2016-05-28 00:02 - 03590144 _____ (Microsoft Corporation) C:\Windows\system32\win32kfull.sys
2016-06-17 01:23 - 2016-05-28 00:02 - 02061824 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MFMediaEngine.dll
2016-06-17 01:23 - 2016-05-28 00:02 - 01534464 _____ (Microsoft Corporation) C:\Windows\system32\LocationFramework.dll
2016-06-17 01:23 - 2016-05-28 00:02 - 00103424 _____ (Microsoft Corporation) C:\Windows\SysWOW64\updatepolicy.dll
2016-06-17 01:23 - 2016-05-28 00:01 - 01799680 _____ (Microsoft Corporation) C:\Windows\SysWOW64\Windows.UI.Logon.dll
2016-06-17 01:23 - 2016-05-28 00:01 - 01582080 _____ (Microsoft Corporation) C:\Windows\SysWOW64\Windows.UI.Immersive.dll
2016-06-17 01:23 - 2016-05-28 00:01 - 01500160 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2016-06-17 01:23 - 2016-05-28 00:01 - 00111104 _____ (Microsoft Corporation) C:\Windows\system32\updatepolicy.dll
2016-06-17 01:23 - 2016-05-28 00:00 - 05660160 _____ (Microsoft Corporation) C:\Windows\SysWOW64\Chakra.dll
2016-06-17 01:23 - 2016-05-28 00:00 - 03585536 _____ (Microsoft Corporation) C:\Windows\system32\SystemSettingsThresholdAdminFlowUI.dll
2016-06-17 01:23 - 2016-05-28 00:00 - 02635776 _____ (Microsoft Corporation) C:\Windows\system32\Windows.UI.Logon.dll
2016-06-17 01:23 - 2016-05-28 00:00 - 02230272 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2016-06-17 01:23 - 2016-05-28 00:00 - 02168320 _____ (Microsoft Corporation) C:\Windows\system32\AppXDeploymentServer.dll
2016-06-17 01:23 - 2016-05-28 00:00 - 01730560 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2016-06-17 01:23 - 2016-05-28 00:00 - 01707520 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ActiveSyncProvider.dll
2016-06-17 01:23 - 2016-05-28 00:00 - 00162816 _____ (Microsoft Corporation) C:\Windows\system32\enrollmentapi.dll
2016-06-17 01:23 - 2016-05-28 00:00 - 00151040 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mdmregistration.dll
2016-06-17 01:23 - 2016-05-28 00:00 - 00090624 _____ (Microsoft Corporation) C:\Windows\system32\DeviceEnroller.exe
2016-06-17 01:23 - 2016-05-27 23:59 - 00176640 _____ (Microsoft Corporation) C:\Windows\system32\mdmregistration.dll
2016-06-17 01:23 - 2016-05-27 23:58 - 07832576 _____ (Microsoft Corporation) C:\Windows\system32\Chakra.dll
2016-06-17 01:23 - 2016-05-27 23:58 - 04896256 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2016-06-17 01:23 - 2016-05-27 23:58 - 02755584 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2016-06-17 01:23 - 2016-05-27 23:58 - 02066432 _____ (Microsoft Corporation) C:\Windows\system32\AppXDeploymentExtensions.dll
2016-06-17 01:23 - 2016-05-27 23:58 - 01996288 _____ (Microsoft Corporation) C:\Windows\system32\ActiveSyncProvider.dll
2016-06-17 01:23 - 2016-05-27 23:57 - 02281472 _____ (Microsoft Corporation) C:\Windows\system32\wuaueng.dll
2016-06-17 01:23 - 2016-05-27 23:55 - 01390080 _____ (Microsoft Corporation) C:\Windows\system32\Windows.UI.Shell.dll
2016-06-17 01:23 - 2016-05-27 23:53 - 00076800 _____ (Microsoft Corporation) C:\Windows\system32\ngcpopkeysrv.dll
2016-06-14 14:30 - 2016-06-14 14:30 - 00611400 _____ () C:\Users\david\Downloads\LSBsetup.exe
2016-06-14 14:30 - 2016-06-14 14:30 - 00000000 ____D C:\Users\david\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Lenovo
2016-06-14 14:30 - 2016-06-14 14:30 - 00000000 ____D C:\Users\david\AppData\Local\Deployment
2016-06-14 14:30 - 2016-06-14 14:30 - 00000000 ____D C:\Users\david\AppData\Local\Apps\2.0
2016-06-11 10:40 - 2016-06-11 10:41 - 00000000 ____D C:\Users\david\AppData\Local\mozysync
2016-06-11 10:40 - 2016-06-11 10:40 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozy
2016-06-11 10:40 - 2016-06-11 10:40 - 00000000 ____D C:\Program Files\Mozy Sync
2016-06-06 14:15 - 2016-06-29 02:28 - 00159232 ___SH C:\Users\david\Desktop\Thumbs.db
2016-06-04 06:24 - 2016-06-04 06:24 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\SHAREit

==================== One Month Modified files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2016-07-03 23:44 - 2016-05-04 01:33 - 00000938 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2016-07-03 23:39 - 2015-11-03 15:28 - 00881036 _____ C:\Windows\system32\PerfStringBackup.INI
2016-07-03 23:39 - 2015-10-30 03:21 - 00000000 ____D C:\Windows\INF
2016-07-03 23:35 - 2016-05-03 20:06 - 00000000 ___RD C:\Users\david\OneDrive
2016-07-03 23:32 - 2016-05-24 10:37 - 00000000 ____D C:\Users\david\AppData\Local\Lenovo
2016-07-03 23:32 - 2016-05-04 01:33 - 00000934 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2016-07-03 23:32 - 2016-05-03 20:05 - 00000000 __SHD C:\Users\david\IntelGraphicsProfiles
2016-07-03 23:32 - 2016-05-03 20:03 - 00000180 _____ C:\Windows\system32\{A6D608F0-0BDE-491A-97AE-5C4B05D86E01}.bat
2016-07-03 23:32 - 2015-11-03 15:24 - 00000006 ____H C:\Windows\Tasks\SA.DAT
2016-07-03 23:31 - 2015-10-30 02:28 - 00524288 ___SH C:\Windows\system32\config\BBI
2016-07-03 19:38 - 2015-10-30 03:24 - 00000000 ____D C:\Windows\AppReadiness
2016-07-02 01:43 - 2015-10-30 03:24 - 00000000 ___HD C:\Program Files\WindowsApps
2016-06-30 01:16 - 2016-05-03 20:05 - 00000000 ____D C:\Users\david\AppData\Local\Packages
2016-06-29 02:27 - 2016-05-03 20:03 - 00000000 ____D C:\Users\david
2016-06-29 02:25 - 2016-05-20 14:38 - 00000000 ____D C:\Windows\Minidump
2016-06-29 02:25 - 2015-11-03 14:11 - 00000000 ____D C:\Windows\Panther
2016-06-26 22:22 - 2015-10-30 02:28 - 00032768 ___SH C:\Windows\system32\config\ELAM
2016-06-26 22:21 - 2015-10-30 03:24 - 00000000 ___HD C:\Windows\ELAMBKUP
2016-06-25 23:19 - 2016-04-08 19:18 - 00000000 ____D C:\ProgramData\Lenovo
2016-06-22 21:19 - 2015-10-30 03:24 - 00000000 ____D C:\ProgramData\regid.1991-06.com.microsoft
2016-06-22 21:18 - 2016-04-08 19:19 - 00000000 ____D C:\Program Files (x86)\Microsoft Office
2016-06-22 15:14 - 2016-04-08 19:18 - 00000000 ____D C:\Program Files\Lenovo
2016-06-22 15:14 - 2016-04-08 19:18 - 00000000 ____D C:\Program Files (x86)\Lenovo
2016-06-22 14:17 - 2016-05-04 02:25 - 00000000 ____D C:\Users\david\AppData\Local\LSC
2016-06-22 14:17 - 2016-05-04 01:24 - 00002158 _____ C:\Users\Public\Desktop\Lenovo Solution Center.lnk
2016-06-22 14:17 - 2016-04-08 19:20 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Lenovo
2016-06-22 14:17 - 2016-04-08 19:18 - 00000000 ____D C:\Windows\System32\Tasks\Lenovo
2016-06-22 14:16 - 2016-04-08 19:17 - 00000000 ____D C:\Windows\Downloaded Installations
2016-06-21 03:23 - 2016-05-04 02:55 - 00000000 ___RD C:\Users\david\3D Objects
2016-06-20 11:36 - 2015-10-30 03:24 - 00000000 ____D C:\Windows\rescache
2016-06-19 01:56 - 2015-11-03 15:24 - 00000000 __RHD C:\Users\Public\AccountPictures
2016-06-19 01:55 - 2015-11-03 15:23 - 00332240 _____ C:\Windows\system32\FNTCACHE.DAT
2016-06-19 01:54 - 2015-10-30 03:24 - 00000000 ___SD C:\Windows\system32\DiagSvcs
2016-06-19 01:54 - 2015-10-30 03:24 - 00000000 ____D C:\Windows\system32\SystemResetPlatform
2016-06-19 01:54 - 2015-10-30 03:24 - 00000000 ____D C:\Windows\bcastdvr
2016-06-18 02:45 - 2016-05-04 01:33 - 00002272 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk
2016-06-18 02:45 - 2016-05-04 01:33 - 00002260 _____ C:\Users\Public\Desktop\Google Chrome.lnk
2016-06-18 02:29 - 2016-05-04 02:59 - 00000000 ____D C:\Users\david\Documents\Sound recordings
2016-06-17 14:05 - 2015-10-30 03:24 - 00000000 ____D C:\Windows\system32\NDF
2016-06-17 12:31 - 2015-10-30 03:11 - 00000000 ____D C:\Windows\CbsTemp
2016-06-17 12:30 - 2016-05-12 11:47 - 00000000 ____D C:\Windows\system32\MRT
2016-06-17 12:28 - 2016-05-12 11:46 - 142482544 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe
2016-06-15 16:40 - 2016-05-05 01:31 - 00484008 ____N (Microsoft Corporation) C:\Windows\system32\MpSigStub.exe
2016-06-14 14:33 - 2015-10-30 03:26 - 00828408 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2016-06-14 14:33 - 2015-10-30 03:26 - 00176632 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2016-06-04 06:24 - 2016-05-04 01:25 - 00001186 _____ C:\Users\Public\Desktop\SHAREit.lnk

==================== Files in the root of some directories =======

2016-04-08 19:42 - 2016-04-08 19:42 - 0000000 ____H () C:\ProgramData\DP45977C.lfl
2016-04-08 19:43 - 2016-04-08 19:43 - 0000102 _____ () C:\ProgramData\Microsoft.SqlServer.Compact.400.64.bc

Some files in TEMP:
====================
C:\Users\david\AppData\Local\Temp\dllnt_dump.dll
C:\Users\david\AppData\Local\Temp\libeay32.dll
C:\Users\david\AppData\Local\Temp\msvcr120.dll
C:\Users\david\AppData\Local\Temp\sqlite3.dll

==================== Bamital & volsnap =================

(There is no automatic fix for files that do not pass verification.)

C:\Windows\system32\winlogon.exe => File is digitally signed
C:\Windows\system32\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\system32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\system32\services.exe => File is digitally signed
C:\Windows\system32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\system32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\system32\rpcss.dll => File is digitally signed
C:\Windows\system32\dnsapi.dll => File is digitally signed
C:\Windows\SysWOW64\dnsapi.dll => File is digitally signed
C:\Windows\system32\Drivers\volsnap.sys => File is digitally signed

LastRegBack: 2016-06-27 11:29

==================== End of FRST.txt ============================

losdavos · Jul 4, 2016

Additional scan result of Farbar Recovery Scan Tool (x64) Version: 02-07-2016
Ran by david (2016-07-04 00:02:09)
Running from C:\Users\david\Desktop
Windows 10 Home Version 1511 (X64) (2016-05-04 00:03:05)
Boot Mode: Normal
==========================================================

==================== Accounts: =============================

Administrator (S-1-5-21-483386053-2290206261-2764208400-500 - Administrator - Disabled)
david (S-1-5-21-483386053-2290206261-2764208400-1001 - Administrator - Enabled) => C:\Users\david
DefaultAccount (S-1-5-21-483386053-2290206261-2764208400-503 - Limited - Disabled)
Guest (S-1-5-21-483386053-2290206261-2764208400-501 - Limited - Disabled)
HomeGroupUser$ (S-1-5-21-483386053-2290206261-2764208400-1003 - Limited - Enabled)

==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AV: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AV: AVG Internet Security (Enabled - Up to date) {4D41356F-32AD-7C42-C820-63775EE4F413}
AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: AVG Internet Security (Enabled - Up to date) {F620D48B-1497-73CC-F290-58052563BEAE}
FW: AVG Internet Security (Enabled) {757AB44A-78C2-7D1A-E37F-CA42A037B368}

==================== Installed Programs ======================

(Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

Adobe Acrobat Reader DC (HKLM-x32\...\{AC76BA86-7AD7-1033-7B44-AC0F074E4100}) (Version: 15.016.20045 - Adobe Systems Incorporated)
Audacity 2.1.2 (HKLM-x32\...\Audacity®_is1) (Version: 2.1.2 - Audacity Team)
AVG (Version: 16.81.7640 - AVG Technologies) Hidden
AVG 2016 (Version: 16.0.4627 - AVG Technologies) Hidden
AVG Protection (HKLM\...\AVG) (Version: 2016.81.7640 - AVG Technologies)
CCleaner (HKLM\...\CCleaner) (Version: 5.19 - Piriform)
Dolby Audio X2 Windows API SDK (HKLM\...\{6A478BF2-F67F-4ABC-A7F1-B6B5BA862371}) (Version: 0.5.2.32 - Dolby Laboratories, Inc.)
Dolby Audio X2 Windows APP (HKLM\...\{7DA57EF8-9D20-4126-AF15-D0CC97D0C017}) (Version: 0.4.0.22 - Dolby Laboratories, Inc.)
FMW 1 (Version: 1.102.4 - AVG Technologies) Hidden
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 51.0.2704.103 - Google Inc.)
Google Update Helper (x32 Version: 1.3.30.3 - Google Inc.) Hidden
Intel(R) Chipset Device Software (x32 Version: 10.1.1.9 - Intel(R) Corporation) Hidden
Intel(R) Dynamic Platform and Thermal Framework (HKLM-x32\...\{654EE65D-FAA4-4EA6-8C07-DC94E6A304D4}) (Version: 8.1.10602.174 - Intel Corporation)
Intel(R) Management Engine Components (HKLM\...\{1CEAC85D-2590-4760-800F-8DE5E91F3700}) (Version: 11.0.0.1159 - Intel Corporation)
Intel(R) Processor Graphics (HKLM-x32\...\{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}) (Version: 20.19.15.4326 - Intel Corporation)
Intel(R) Rapid Storage Technology (HKLM\...\{409CB30E-E457-4008-9B1A-ED1B9EA21140}) (Version: 14.5.0.1081 - Intel Corporation)
Intel(R) Serial IO (HKLM\...\{9FD91C5C-44AE-4D9D-85BE-AE52816B0294}) (Version: 30.100.1519.7 - Intel Corporation)
Intel(R) Wireless Bluetooth(R) (HKLM-x32\...\{588DA478-D4FF-48E3-8290-49F8C4B21283}) (Version: 18.1.1527.1551 - Intel Corporation)
Intel® PROSet/Wireless Software (HKLM-x32\...\{2498cbe5-cf23-40b7-970b-cb36f8cee3c5}) (Version: 18.12.2 - Intel Corporation)
LAME v3.99.3 (for Windows) (HKLM-x32\...\LAME_is1) (Version: - )
Lenovo BatteryGauge (HKLM\...\{CBEDEC16-C4F5-4255-99E4-5884EFEDD1BC}) (Version: 1.0.045.00 - Lenovo)
Lenovo EasyCamera (HKLM-x32\...\{E399A5B3-ED53-4DEA-AF04-8011E1EB1EAC}) (Version: 6.3.9600.11103 - Realtek Semiconductor Corp.)
Lenovo QuickOptimizer (HKLM\...\{8D2C871B-1B9F-45AC-9C43-2BB18089CDFA}) (Version: 1.0.019.00 - Lenovo)
Lenovo Service Bridge (HKU\S-1-5-21-483386053-2290206261-2764208400-1001\...\dda9ca0b023f4c56) (Version: 1.6.3.3 - Lenovo)
Lenovo Solution Center (HKLM\...\{C1FC707B-AE6B-4DC4-89A5-6628A01F8103}) (Version: 3.3.003.00 - Lenovo)
Lenovo System Interface Foundation (HKLM\...\{C2E5CA37-C862-4A69-AC6D-24F450A20C16}) (Version: 1.0.059.01 - Lenovo)
LenovoUtility (HKLM-x32\...\InstallShield_{6ADA7E88-8D16-4D0D-BC90-2B93AC5E56DA}) (Version: 3.0.0.3 - Lenovo)
LenovoUtility (x32 Version: 3.0.0.3 - Lenovo) Hidden
Malwarebytes Anti-Malware version 2.2.1.1043 (HKLM-x32\...\Malwarebytes Anti-Malware_is1) (Version: 2.2.1.1043 - Malwarebytes)
Microsoft Office 365 - en-us (HKLM\...\O365HomePremRetail - en-us) (Version: 16.0.6965.2058 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x64) - 12.0.30501 (HKLM-x32\...\{050d4fc8-5d48-4b8f-8972-47c82c46020f}) (Version: 12.0.30501.0 - Microsoft Corporation)
Mozilla Firefox 46.0.1 (x86 en-US) (HKLM-x32\...\Mozilla Firefox 46.0.1 (x86 en-US)) (Version: 46.0.1 - Mozilla)
Mozilla Maintenance Service (HKLM-x32\...\MozillaMaintenanceService) (Version: 46.0.1 - Mozilla)
Mozy Sync (HKLM\...\{E753088F-C4EA-AFB0-BFF3-457CD756E080}) (Version: 1.3.2.5032 - Mozy, Inc.)
O2Micro Flash Memory Card Windows Driver (HKLM-x32\...\InstallShield_{A6668863-B0A3-4812-AAF2-E47749ECFE0E}) (Version: 3.3.00.145 - O2Micro International LTD.)
O2Micro Flash Memory Card Windows Driver (Version: 3.3.00.145 - O2Micro International LTD.) Hidden
Office 16 Click-to-Run Extensibility Component (x32 Version: 16.0.6925.1018 - Microsoft Corporation) Hidden
Office 16 Click-to-Run Licensing Component (Version: 16.0.6925.1018 - Microsoft Corporation) Hidden
Office 16 Click-to-Run Localization Component (x32 Version: 16.0.6925.1018 - Microsoft Corporation) Hidden
RealDownloader (x32 Version: 18.1.4.137 - RealNetworks, Inc.) Hidden
RealDownloader (x32 Version: 18.1.4.142 - RealNetworks) Hidden
RealNetworks - Microsoft Visual C++ 2008 Runtime (x32 Version: 9.0 - RealNetworks, Inc) Hidden
RealNetworks - Microsoft Visual C++ 2010 Runtime (Version: 10.0 - RealNetworks, Inc) Hidden
RealNetworks - Microsoft Visual C++ 2010 Runtime (x32 Version: 10.0 - RealNetworks, Inc) Hidden
RealPlayer (RealTimes) (HKLM-x32\...\RealPlayer 18.1) (Version: 18.1.4 - RealNetworks)
Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.7624 - Realtek Semiconductor Corp.)
RealUpgrade 1.1 (x32 Version: 1.1.0 - RealNetworks, Inc.) Hidden
SHAREit (HKLM-x32\...\SHAREit_is1) (Version: 3.5.0.1144 - Lenovo)
Spotify (HKU\S-1-5-21-483386053-2290206261-2764208400-1001\...\Spotify) (Version: 1.0.32.96.g3c8a06e6 - Spotify AB)
Synaptics Pointing Device Driver (HKLM\...\SynTPDeinstKey) (Version: 19.0.17.57 - Synaptics Incorporated)
UpdateService (x32 Version: 1.0.0 - RealNetworks, Inc.) Hidden
User Manuals (HKLM-x32\...\InstallShield_{F07C2CF8-4C53-4EC3-8162-A6221E36EB88}) (Version: 4.0.0.1 - Lenovo)
User Manuals (x32 Version: 4.0.0.1 - Lenovo) Hidden
vc2012_redist (x32 Version: 1.0.0.0 - Realnetworks) Hidden
Video Downloader (x32 Version: 1.1.0 - RealNetworks) Hidden
Visual Studio 2012 x64 Redistributables (HKLM\...\{8C775E70-A791-4DA8-BCC3-6AB7136F4484}) (Version: 14.0.0.1 - AVG Technologies)
Visual Studio 2012 x86 Redistributables (HKLM-x32\...\{98EFF19A-30AB-4E4B-B943-F06B1C63EBF8}) (Version: 14.0.0.1 - AVG Technologies CZ, s.r.o.)

==================== Custom CLSID (Whitelisted): ==========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

CustomCLSID: HKU\S-1-5-21-483386053-2290206261-2764208400-1001_Classes\CLSID\{71DCE5D6-4B57-496B-AC21-CD5B54EB93FD}\localserver32 -> C:\Users\david\AppData\Local\Microsoft\OneDrive\17.3.6390.0509\FileCoAuth.exe (Microsoft Corporation)

==================== Scheduled Tasks (Whitelisted) =============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

Task: {01A9085D-0031-44E3-92D0-18C065DC0B39} - System32\Tasks\RealDownloaderRealUpgradeScheduledTaskS-1-5-21-483386053-2290206261-2764208400-1001 => C:\Program Files (x86)\RealNetworks\RealDownloader\RealUpgrade.exe [2016-05-13] (RealNetworks, Inc.)
Task: {092B2B83-4054-4936-911E-E530BCDF5736} - System32\Tasks\Lenovo\ImController\Lenovo iM Controller Scheduled Maintenance => Sc.exe control iMControllerService 128
Task: {1F84ADD7-08AA-4537-91ED-BD7CFB3D6F2C} - System32\Tasks\CCleanerSkipUAC => C:\Program Files\CCleaner\CCleaner.exe [2016-06-10] (Piriform Ltd)
Task: {29C555AE-93C0-4C76-9B27-6B28D86AAAE4} - System32\Tasks\RealDownloaderRealUpgradeLogonTaskS-1-5-21-483386053-2290206261-2764208400-1001 => C:\Program Files (x86)\RealNetworks\RealDownloader\RealUpgrade.exe [2016-05-13] (RealNetworks, Inc.)
Task: {34E43E3F-A06C-476F-9810-81189FEC85D1} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2016-05-04] (Google Inc.)
Task: {4103DF9F-6D0C-424C-9F3A-A21011CD05DA} - System32\Tasks\Lenovo\Lenovo Solution Center Launcher => C:\Program Files\lenovo\lenovo solution center\App\LSC.Services.UpdateStatusService.exe [2016-06-02] ()
Task: {4F2E2990-E94F-4CBE-9F48-1250DC13474F} - System32\Tasks\Lenovo\LSC\Lenovo Solution Center Notifications => C:\Program Files\Lenovo\Lenovo Solution Center\LSCNotify.exe [2016-06-02] (Lenovo)
Task: {6AD54828-7396-4ACE-B4AE-6D5B7727B145} - System32\Tasks\Microsoft\Office\Office ClickToRun Service Monitor => C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeC2RClient.exe [2016-06-10] (Microsoft Corporation)
Task: {6B889431-03D0-4DD6-AD99-C880EE6AAC16} - System32\Tasks\Microsoft\Office\Office Subscription Maintenance => C:\Program Files (x86)\Microsoft Office\root\vfs\ProgramFilesCommonx86\Microsoft Shared\Office16\OLicenseHeartbeat.exe [2016-06-10] (Microsoft Corporation)
Task: {86E87C27-8B4D-4565-BA52-946AC61167A5} - System32\Tasks\RealDownloaderDownloaderScheduledTaskS-1-5-21-483386053-2290206261-2764208400-1001 => C:\Program Files (x86)\RealNetworks\RealDownloader\recordingmanager.exe [2016-05-13] (RealNetworks, Inc.)
Task: {B9B3B529-7050-4C38-9A5C-DDF236EFE12B} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2016-05-04] (Google Inc.)
Task: {C00A08A2-6E1D-4F41-B51E-3AD91199D5B7} - System32\Tasks\Lenovo\Lenovo Service Bridge\S-1-5-21-483386053-2290206261-2764208400-1001 => Rundll32.exe dfshim.dll,ShOpenVerbShortcut C:\Users\david\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Lenovo\Lenovo Service Bridge.appref-ms
Task: {C6DF504B-B27D-40AF-8EB7-0F774B724F66} - System32\Tasks\RealDownloader Update Check => C:\Program Files (x86)\RealNetworks\RealDownloader\downloader2.exe [2016-05-13] ()
Task: {CC3A09DC-AB64-454C-9536-CD2AF33C18A5} - System32\Tasks\Adobe Acrobat Update Task => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2016-04-22] (Adobe Systems Incorporated)
Task: {CD3393F2-F09E-4CCC-AFEA-F37B9B28BC86} - System32\Tasks\Lenovo\ImController\Plugins\LenovoSystemUpdatePlugin_TVSUUpdateTask => reg.exe add hklm\SOFTWARE\Lenovo\SystemUpdatePlugin\scheduler /v start /t reg_dword /d 1 /f /reg:32
Task: {DAB1FFF0-104F-4180-8692-FBECE166621F} - System32\Tasks\Lenovo\LSC\LSCHardwareScan => C:\Program Files\Lenovo\Lenovo Solution Center\LSC.exe [2016-06-02] (Lenovo)
Task: {DE105180-6B92-4814-838A-111883055FCD} - System32\Tasks\Microsoft\Office\Office Automatic Updates => C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeC2RClient.exe [2016-06-10] (Microsoft Corporation)
Task: {E51FE309-0F4F-46C6-815E-FEB37C9C8E2E} - System32\Tasks\Lenovo\Lenovo Customer Feedback Program 64 35 => C:\Program Files (x86)\Lenovo\Customer Feedback Program 35\Lenovo.TVT.CustomerFeedback.Agent35.exe

(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)

Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe

==================== Shortcuts =============================

(The entries could be listed to be restored or removed.)

==================== Loaded Modules (Whitelisted) ==============

2015-10-30 03:17 - 2015-10-30 03:17 - 00028672 _____ () C:\Windows\SYSTEM32\efsext.dll
2015-10-30 03:18 - 2015-10-30 03:18 - 00185856 _____ () C:\Windows\SYSTEM32\ism32k.dll
2015-09-15 04:58 - 2015-09-15 04:58 - 00176640 _____ () C:\Program Files\Dolby\Dolby DAX2\DAX2_API\DolbyDAX2API.exe
2016-05-13 15:13 - 2016-05-13 15:13 - 00032544 _____ () C:\Program Files (x86)\Real\UpdateService\RealPlayerUpdateSvc.exe
2016-04-08 19:19 - 2015-08-18 23:00 - 00058296 _____ () C:\ProgramData\LenovoTransition\Server\x64\dptf.dll
2016-04-08 19:20 - 2015-06-27 05:34 - 00029112 _____ () C:\ProgramData\Lenovo\PLHotkeyService\PLHotkeyService.exe
2016-05-11 09:52 - 2016-03-29 06:20 - 02656952 _____ () C:\Windows\system32\CoreUIComponents.dll
2015-09-28 14:09 - 2015-09-28 14:09 - 00043976 _____ () C:\Program Files\Lenovo\QuickOptimizer\LNBPrismAssistInf.dll
2016-05-11 09:52 - 2016-03-29 06:20 - 02656952 _____ () C:\Windows\System32\CoreUIComponents.dll
2016-05-20 12:29 - 2016-05-20 12:29 - 00959168 _____ () C:\Users\david\AppData\Local\Microsoft\OneDrive\17.3.6390.0509\amd64\ClientTelemetry.dll
2016-05-07 01:15 - 2016-06-22 21:17 - 08919752 _____ () C:\Program Files (x86)\Microsoft Office\root\VFS\ProgramFilesX64\Microsoft Office\Office16\1033\GrooveIntlResource.dll
2016-06-17 01:23 - 2016-05-27 23:53 - 00591360 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\Cortana.Core.dll
2016-05-05 01:23 - 2016-05-05 01:24 - 00144384 _____ () C:\Program Files\WindowsApps\Microsoft.Messaging_2.15.20002.0_x86__8wekyb3d8bbwe\SkypeHost.exe
2015-12-08 23:53 - 2015-11-24 20:36 - 00384104 _____ () C:\Windows\system32\igfxTray.exe
2016-05-11 09:51 - 2015-12-07 00:14 - 00093696 _____ () C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\Windows.UI.Shell.SharedUtilities.dll
2016-05-11 09:51 - 2016-04-23 00:25 - 00472064 _____ () C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\QuickActions.dll
2016-06-17 01:23 - 2016-05-27 23:59 - 07992832 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\CortanaApi.dll
2016-06-17 01:23 - 2016-05-27 23:55 - 00936960 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\Cortana.Actions.dll
2016-06-17 01:23 - 2016-05-27 23:54 - 02483200 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\Cortana.BackgroundTask.dll
2016-06-17 01:23 - 2016-05-27 23:56 - 04089856 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\RemindersUI.dll
2016-04-08 19:19 - 2015-12-02 04:25 - 00043960 _____ () C:\ProgramData\LenovoTransition\Server\x64\EnableAutoRotation.dll
2016-04-08 19:20 - 2016-04-08 19:19 - 00791848 _____ () C:\Program Files\Lenovo\LenovoUtility\utility.exe
2016-04-08 19:20 - 2016-04-08 19:19 - 00097048 _____ () C:\Program Files\Lenovo\LenovoUtility\kbdhook.dll
2015-06-16 06:53 - 2015-06-16 06:53 - 00628736 _____ () C:\Program Files\Dolby\Dolby DAX2\DAX2_APP\DolbyDAX2TrayIcon.exe
2016-05-13 14:27 - 2016-05-13 14:27 - 00714992 _____ () C:\Program Files (x86)\RealNetworks\RealDownloader\downloader2.exe
2016-05-13 15:13 - 2016-05-13 15:13 - 00037688 _____ () C:\Program Files (x86)\Real\UpdateService\DL2UpdatePlugin.dll
2016-05-13 15:13 - 2016-05-13 15:13 - 00039224 _____ () C:\Program Files (x86)\Real\UpdateService\RealDownloaderUpdatePlugin.dll
2016-05-13 15:13 - 2016-05-13 15:13 - 00037192 _____ () C:\Program Files (x86)\Real\UpdateService\VideoDLUpdatePlugin.dll
2016-05-05 01:23 - 2016-05-05 01:24 - 00141312 _____ () C:\Program Files\WindowsApps\Microsoft.Messaging_2.15.20002.0_x86__8wekyb3d8bbwe\SkypeBackgroundTasks.dll
2016-05-05 01:23 - 2016-05-05 01:24 - 22284800 _____ () C:\Program Files\WindowsApps\Microsoft.Messaging_2.15.20002.0_x86__8wekyb3d8bbwe\SkyWrap.dll
2016-06-17 01:09 - 2016-06-02 02:48 - 00161736 _____ () C:\ProgramData\Lenovo\iMController\Plugins\LenovoAudioPlugin\x86\QualityStatsRevInterop.dll
2016-05-13 14:27 - 2016-05-13 14:27 - 00077552 _____ () C:\Program Files (x86)\RealNetworks\RealDownloader\dtvhooks.dll
2016-05-20 12:29 - 2016-05-20 12:29 - 00679624 _____ () C:\Users\david\AppData\Local\Microsoft\OneDrive\17.3.6390.0509\ClientTelemetry.dll
2016-05-13 14:20 - 2016-05-13 14:20 - 01382048 _____ () C:\Program Files (x86)\RealNetworks\RealDownloader\cpprest100_1_2.dll
2016-05-25 23:53 - 2016-05-25 23:53 - 00654608 _____ () C:\Program Files (x86)\Real\RealPlayer\RPDS\Lib\r1api.dll
2016-06-26 22:20 - 2016-06-26 22:18 - 40500224 _____ () C:\Program Files (x86)\AVG\UiDll\2171\libcef.dll
2016-06-18 02:44 - 2016-06-15 05:15 - 01745560 _____ () C:\Program Files (x86)\Google\Chrome\Application\51.0.2704.103\libglesv2.dll
2016-06-18 02:44 - 2016-06-15 05:15 - 00091288 _____ () C:\Program Files (x86)\Google\Chrome\Application\51.0.2704.103\libegl.dll
2016-06-18 02:44 - 2016-06-15 05:15 - 17599640 _____ () C:\Program Files (x86)\Google\Chrome\Application\51.0.2704.103\PepperFlash\pepflashplayer.dll

==================== Alternate Data Streams (Whitelisted) =========

(If an entry is included in the fixlist, only the ADS will be removed.)

==================== Safe Mode (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)

==================== Association (Whitelisted) ===============

(If an entry is included in the fixlist, the registry item will be restored to default or removed.)

==================== Internet Explorer trusted/restricted ===============

(If an entry is included in the fixlist, it will be removed from the registry.)

==================== Hosts content: ===============================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2015-10-30 03:24 - 2015-10-30 03:21 - 00000824 ____A C:\Windows\system32\Drivers\etc\hosts

==================== Other Areas ============================

(Currently there is no automatic fix for this section.)

HKU\S-1-5-21-483386053-2290206261-2764208400-1001\Control Panel\Desktop\\Wallpaper -> C:\Users\david\OneDrive\Pictures\Screenshots\2016-07-03 (1).png
DNS Servers: 209.18.47.62 - 209.18.47.61
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1)
Windows Firewall is enabled.

==================== MSCONFIG/TASK MANAGER disabled items ==

(Currently there is no automatic fix for this section.)

HKLM\...\StartupApproved\StartupFolder: => "RealTimes.lnk"
HKU\S-1-5-21-483386053-2290206261-2764208400-1001\...\StartupApproved\Run: => "Spotify Web Helper"
HKU\S-1-5-21-483386053-2290206261-2764208400-1001\...\StartupApproved\Run: => "CCleaner Monitoring"

==================== FirewallRules (Whitelisted) ===============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

FirewallRules: [vm-monitoring-nb-session] => (Allow) LPort=139
FirewallRules: [{6E942E9F-E7A8-4FE9-9097-55CFA80392B4}] => (Allow) C:\Program Files\Intel\WiFi\bin\PanDhcpDns.exe
FirewallRules: [{FD80B1E1-4A60-43B4-A536-6FF43846BEC4}] => (Allow) C:\Program Files (x86)\Microsoft Office\root\Office16\outlook.exe
FirewallRules: [{D3D428B5-FE30-4CB3-AFC0-AAE928666ED6}] => (Allow) C:\Program Files (x86)\Real\RealPlayer\RPDS\Bin\rpdsvc.exe
FirewallRules: [{53CD0C2D-211C-4F4D-B1E2-E46976B0E846}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
FirewallRules: [{436D8915-1E12-4578-978B-1E5C0847439A}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
FirewallRules: [{1CB1FB6C-7B44-4FF6-A087-8C77E727FBAD}] => (Allow) C:\Program Files (x86)\SHAREit\SHAREit\SHAREit.exe
FirewallRules: [{540988DD-4F49-4160-BC09-E46F3C94EBE3}] => (Allow) C:\Program Files (x86)\SHAREit\SHAREit\SHAREit.exe
FirewallRules: [{BBB5CB01-4C1A-44A8-96D8-E39C5ABB9C87}] => (Allow) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
FirewallRules: [TCP Query User{AE1742A4-6701-47D1-B651-2BD254152DAC}C:\users\david\appdata\roaming\spotify\spotify.exe] => (Allow) C:\users\david\appdata\roaming\spotify\spotify.exe
FirewallRules: [UDP Query User{FFC7AA58-E64A-4CBC-BC65-05356ADD0CAD}C:\users\david\appdata\roaming\spotify\spotify.exe] => (Allow) C:\users\david\appdata\roaming\spotify\spotify.exe
FirewallRules: [{1CFEA469-E72E-4E70-8A14-155102BA3863}] => (Allow) C:\Program Files (x86)\AVG\Av\avgnsa.exe
FirewallRules: [{ADDD4950-2462-4D5A-8B6D-A016A0348274}] => (Allow) C:\Program Files (x86)\AVG\Av\avgnsa.exe
FirewallRules: [{F8D41941-04E0-4B89-B7B3-761BE51363F9}] => (Allow) C:\Program Files (x86)\AVG\Av\avgdiagex.exe
FirewallRules: [{2F422661-9B34-41BE-96A7-C67185371D8B}] => (Allow) C:\Program Files (x86)\AVG\Av\avgdiagex.exe
FirewallRules: [{04262C2B-A5C4-4071-8133-18ED2F4D71FD}] => (Allow) C:\Program Files (x86)\AVG\Av\avgmfapx.exe
FirewallRules: [{6993F577-AFC8-4B22-82D6-689B5F3D7953}] => (Allow) C:\Program Files (x86)\AVG\Av\avgmfapx.exe
FirewallRules: [{E89C33F1-B812-4FE7-99F2-3EB52C8C8EE5}] => (Allow) C:\Program Files (x86)\AVG\Av\avgemca.exe
FirewallRules: [{FF201481-6632-4E8A-909E-472176BD597F}] => (Allow) C:\Program Files (x86)\AVG\Av\avgemca.exe

==================== Restore Points =========================

17-06-2016 12:28:06 Windows Update
22-06-2016 14:17:00 Installed Lenovo Solution Center.
26-06-2016 22:20:55 Installed AVG 2016
03-07-2016 23:29:27 JRT Pre-Junkware Removal

==================== Faulty Device Manager Devices =============

==================== Event log errors: =========================

Application errors:
==================
Error: (07/03/2016 11:32:01 PM) (Source: DPTF) (EventID: 256) (User: )
Description: Intel(R) Dynamic Platform and Thermal Framework : ESIF(8.1.10602.174) TYPE: ERROR FUNC: rsrc_file_extract_resource_file FILE: rsrc_file.c LINE: 384 TIME: 8914 ms

Error: Unable to create resource file.

Error: (07/03/2016 11:32:01 PM) (Source: DPTF) (EventID: 256) (User: )
Description: Intel(R) Dynamic Platform and Thermal Framework : ESIF(8.1.10602.174) TYPE: ERROR FUNC: rsrc_file_extract_resource_file FILE: rsrc_file.c LINE: 384 TIME: 8908 ms

Error: Unable to create resource file.

Error: (07/03/2016 11:29:29 PM) (Source: Microsoft-Windows-CAPI2) (EventID: 513) (User: )
Description: Cryptographic Services failed while processing the OnIdentity() call in the System Writer Object.

Details:
AddLegacyDriverFiles: Unable to back up image of binary Microsoft Link-Layer Discovery Protocol.

System Error:
Access is denied.
.

Error: (07/03/2016 11:25:48 PM) (Source: DPTF) (EventID: 256) (User: )
Description: Intel(R) Dynamic Platform and Thermal Framework : ESIF(8.1.10602.174) TYPE: ERROR FUNC: rsrc_file_extract_resource_file FILE: rsrc_file.c LINE: 384 TIME: 9582 ms

Error: Unable to create resource file.

Error: (07/03/2016 11:25:48 PM) (Source: DPTF) (EventID: 256) (User: )
Description: Intel(R) Dynamic Platform and Thermal Framework : ESIF(8.1.10602.174) TYPE: ERROR FUNC: rsrc_file_extract_resource_file FILE: rsrc_file.c LINE: 384 TIME: 9576 ms

Error: Unable to create resource file.

Error: (07/03/2016 11:25:26 PM) (Source: Microsoft-Windows-Immersive-Shell) (EventID: 5973) (User: DESKTOP-3MHNPTN)
Description: Activation of app Microsoft.Messaging_8wekyb3d8bbwe!ppleae38af2e007f4358a809ac99a64a67c1 failed with error: -2144927141 See the Microsoft-Windows-TWinUI/Operational log for additional information.

Error: (07/03/2016 11:25:26 PM) (Source: Microsoft-Windows-Immersive-Shell) (EventID: 5973) (User: DESKTOP-3MHNPTN)
Description: Activation of app Microsoft.Messaging_8wekyb3d8bbwe!ppleae38af2e007f4358a809ac99a64a67c1 failed with error: -2144927141 See the Microsoft-Windows-TWinUI/Operational log for additional information.

Error: (07/03/2016 11:25:04 PM) (Source: DPTF) (EventID: 256) (User: )
Description: Intel(R) Dynamic Platform and Thermal Framework : ESIF(8.1.10602.174) TYPE: ERROR FUNC: rsrc_file_extract_resource_file FILE: rsrc_file.c LINE: 384 TIME: 1287222782 ms

Error: Unable to create resource file.

Error: (07/03/2016 11:25:04 PM) (Source: DPTF) (EventID: 256) (User: )
Description: Intel(R) Dynamic Platform and Thermal Framework : ESIF(8.1.10602.174) TYPE: ERROR FUNC: rsrc_file_extract_resource_file FILE: rsrc_file.c LINE: 384 TIME: 1287222776 ms

Error: Unable to create resource file.

Error: (07/03/2016 11:07:59 PM) (Source: DPTF) (EventID: 256) (User: )
Description: Intel(R) Dynamic Platform and Thermal Framework : ESIF(8.1.10602.174) TYPE: ERROR

DPTF Build Version: 8.1.10602.174
DPTF Build Date: Jul 23 2015 11:24:10
Source File: ..\..\..\Sources\Manager\EsifApplicationInterface.cpp @ line 737
Executing Function: DptfEvent
Message: Received unexpected event
Framework Event: DptfResume [3]

System errors:
=============
Error: (07/03/2016 11:31:38 PM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: The User Data Access_6f0be service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 10000 milliseconds: Restart the service.

Error: (07/03/2016 11:31:38 PM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: The User Data Storage_6f0be service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 10000 milliseconds: Restart the service.

Error: (07/03/2016 11:31:38 PM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: The Contact Data_6f0be service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 10000 milliseconds: Restart the service.

Error: (07/03/2016 11:31:38 PM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: The Sync Host_6f0be service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 10000 milliseconds: Restart the service.

Error: (07/03/2016 11:31:38 PM) (Source: DCOM) (EventID: 10016) (User: NT AUTHORITY)
Description: application-specificLocalActivation{D63B10C5-BB46-4990-A94F-E40B9D520160}{9CA88EE3-ACB7-47C8-AFC4-AB702511C276}NT AUTHORITYSYSTEMS-1-5-18LocalHost (Using LRPC)UnavailableUnavailable

Error: (07/03/2016 11:25:33 PM) (Source: Service Control Manager) (EventID: 7001) (User: )
Description: The Windows Media Player Network Sharing Service service depends on the Windows Search service which failed to start because of the following error:
%%1069 = The service did not start due to a logon failure.

Error: (07/03/2016 11:25:33 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The Windows Search service failed to start due to the following error:
%%1069 = The service did not start due to a logon failure.

Error: (07/03/2016 11:25:33 PM) (Source: Service Control Manager) (EventID: 7038) (User: )
Description: The WSearch service was unable to log on as NT AUTHORITY\SYSTEM with the currently configured password due to the following error:
%%50 = The request is not supported.

To ensure that the service is configured properly, use the Services snap-in in Microsoft Management Console (MMC).

Error: (07/03/2016 11:25:30 PM) (Source: Microsoft-Windows-WLAN-AutoConfig) (EventID: 10003) (User: NT AUTHORITY)
Description: WLAN Extensibility Module has stopped unexpectedly.

Module Path: C:\Windows\System32\IWMSSvc.dll

Error: (07/03/2016 11:25:30 PM) (Source: Microsoft-Windows-WLAN-AutoConfig) (EventID: 10003) (User: NT AUTHORITY)
Description: WLAN Extensibility Module has stopped unexpectedly.

Module Path: C:\Windows\System32\IWMSSvc.dll

CodeIntegrity:
===================================
Date: 2016-06-25 20:13:07.392
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume3\Windows\System32\efswrt.dll because the set of per-page image hashes could not be found on the system.

Date: 2016-06-24 11:44:21.478
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume3\Windows\System32\efswrt.dll because the set of per-page image hashes could not be found on the system.

Date: 2016-06-22 21:18:39.968
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume3\Windows\System32\efswrt.dll because the set of per-page image hashes could not be found on the system.

Date: 2016-06-21 01:06:41.999
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume3\Windows\System32\efswrt.dll because the set of per-page image hashes could not be found on the system.

Date: 2016-06-19 01:55:36.480
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume3\Windows\System32\efswrt.dll because the set of per-page image hashes could not be found on the system.

Date: 2016-06-18 02:09:16.059
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume3\Windows\System32\efswrt.dll because the set of per-page image hashes could not be found on the system.

Date: 2016-06-17 12:28:18.273
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume3\Windows\System32\efswrt.dll because the set of per-page image hashes could not be found on the system.

Date: 2016-06-11 18:12:00.038
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume3\Windows\System32\efswrt.dll because the set of per-page image hashes could not be found on the system.

Date: 2016-06-10 11:48:49.226
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume3\Windows\System32\efswrt.dll because the set of per-page image hashes could not be found on the system.

Date: 2016-05-26 10:55:12.783
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume3\Windows\System32\efswrt.dll because the set of per-page image hashes could not be found on the system.

==================== Memory info ===========================

Processor: Intel(R) Core(TM) i7-6500U CPU @ 2.50GHz
Percentage of memory in use: 44%
Total physical RAM: 8097.91 MB
Available physical RAM: 4470.35 MB
Total Virtual: 17313.91 MB
Available Virtual: 12280.73 MB

==================== Drives ================================

Drive c: () (Fixed) (Total:237.23 GB) (Free:180.57 GB) NTFS

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (Size: 238.5 GB) (Disk ID: 82B990EF)

Partition: GPT.

==================== End of Addition.txt ============================

Broni · Jul 4, 2016

Download attached fixlist.txt file and save it to the Desktop.
NOTE. It's important that both files, FRST and fixlist.txt are in the same location or the fix will not work.

NOTICE: This script was written specifically for this user, for use on that particular machine. Running this on another machine may cause damage to your operating system

Run FRST(FRST64) and press the Fix button just once and wait.
The tool will make a log on the Desktop (Fixlog.txt). Please post it to your reply.

losdavos · Jul 5, 2016

Fix result of Farbar Recovery Scan Tool (x64) Version: 02-07-2016
Ran by david (2016-07-05 01:30:07) Run:1
Running from C:\Users\david\Desktop
Loaded Profiles: david (Available Profiles: david)
Boot Mode: Normal
==============================================

fixlist content:
*****************
CHR HomePage: Default -> hxxp://www.trovi.com/?gd=&ctid=CT3323128&octid=EB_ORIGINAL_CTID&ISID=MFA928959-4827-422B-8464-8E9E80937193&SearchSource=55&CUI=&UM=6&UP=SPBDEA24BF-65F7-4987-8F77-5ACA6F7FAF1C&SSPV=
2016-04-08 19:42 - 2016-04-08 19:42 - 0000000 ____H () C:\ProgramData\DP45977C.lfl
2016-04-08 19:43 - 2016-04-08 19:43 - 0000102 _____ () C:\ProgramData\Microsoft.SqlServer.Compact.400.64.bc
C:\Users\david\AppData\Local\Temp\dllnt_dump.dll
C:\Users\david\AppData\Local\Temp\libeay32.dll
C:\Users\david\AppData\Local\Temp\msvcr120.dll
C:\Users\david\AppData\Local\Temp\sqlite3.dll

*****************

Chrome HomePage => removed successfully
C:\ProgramData\DP45977C.lfl => moved successfully
C:\ProgramData\Microsoft.SqlServer.Compact.400.64.bc => moved successfully
C:\Users\david\AppData\Local\Temp\dllnt_dump.dll => moved successfully
C:\Users\david\AppData\Local\Temp\libeay32.dll => moved successfully
C:\Users\david\AppData\Local\Temp\msvcr120.dll => moved successfully
C:\Users\david\AppData\Local\Temp\sqlite3.dll => moved successfully

==== End of Fixlog 01:30:07 ====

Broni · Jul 5, 2016

Last scans...

Download Security Check from here or here and save it to your Desktop.

Double-click SecurityCheck.exe
Follow the onscreen instructions inside of the black box.
A Notepad document should open automatically called checkup.txt; please post the contents of that document.

NOTE 1. If one of your security applications (e.g., third-party firewall) requests permission to allow DIG.EXE access the Internet, allow it to do so.
NOTE 2. SecurityCheck may produce some false warning(s), so leave the results reading to me.
NOTE 3. If you receive UNSUPPORTED OPERATING SYSTEM! ABORTED! message restart computer and Security Check should run

Please download Farbar Service Scanner (FSS) and run it on the computer with the issue.
Make sure the following options are checked:

Internet Services
Windows Firewall
System Restore
Security Center
Windows Update
Windows Defender
Other Services

Press "Scan".
It will create a log (FSS.txt) in the same directory the tool is run.
Please copy and paste the log to your reply.

Download Temp File Cleaner (TFC)
Alternate download: http://www.itxassociates.com/OT-Tools/TFC.exe

Double click on TFC.exe to run the program.
Click on Start button to begin cleaning process.
TFC will close all running programs, and it may ask you to restart computer.

Download Sophos Free Virus Removal Tool and save it to your desktop.

Double click the icon and select Run
Click Next
Select I accept the terms in this license agreement, then click Next twice
Click Install
Click Finish to launch the program
Once the virus database has been updated click Start Scanning
If any threats are found click Details, then View log file... (bottom left hand corner)
Copy and paste the results in your reply
Close the Notepad document, close the Threat Details screen, then click Start cleanup
Click Exit to close the program

losdavos · Jul 7, 2016

Results of screen317's Security Check version 1.014 --- 12/23/15
x64 (UAC is enabled)
Internet Explorer 11
``````````````Antivirus/Firewall Check:``````````````
Windows Firewall Enabled!
Windows Defender
AVG Internet Security
Antivirus up to date!
`````````Anti-malware/Other Utilities Check:`````````
Mozilla Firefox (46.0.1)
Google Chrome (51.0.2704.103)
Google Chrome (51.0.2704.84)
Google Chrome (SetupMetrics.pma..)
````````Process Check: objlist.exe by Laurent````````
Malwarebytes Anti-Malware mbamservice.exe
Malwarebytes Anti-Malware mbam.exe
Malwarebytes Anti-Malware mbamscheduler.exe
`````````````````System Health check`````````````````
Total Fragmentation on Drive C: %
````````````````````End of Log``````````````````````

losdavos · Jul 7, 2016

Farbar Service Scanner Version: 27-01-2016
Ran by david (administrator) on 07-07-2016 at 02:03:33
Running from "C:\Users\david\Desktop"
Microsoft Windows 10 Home (X64)
Boot Mode: Normal
****************************************************************

Internet Services:
============

Connection Status:
==============
Localhost is accessible.
LAN connected.
Google IP is accessible.
Google.com is accessible.
Yahoo.com is accessible.

Windows Firewall:
=============

Firewall Disabled Policy:
==================

System Restore:
============

Solved New machine w/ Windows 10, can't switch windows without minimizing or closing active window first.

Posts: 128 +0

Posts: 128 +0

Posts: 128 +0

Posts: 128 +0

Posts: 56,041 +516

Posts: 128 +0

Posts: 56,041 +516

Posts: 128 +0

Posts: 56,041 +516

Posts: 128 +0

Posts: 128 +0

Posts: 128 +0

Posts: 56,041 +516

Posts: 128 +0

Posts: 128 +0

Posts: 128 +0

Posts: 56,041 +516

Posts: 128 +0

Posts: 128 +0

Posts: 128 +0

Posts: 56,041 +516

Attachments

Posts: 128 +0

Posts: 56,041 +516

Posts: 128 +0

Posts: 128 +0

Similar threads