Jump to content


Photo

Hi. Thanks for your help, Malware persists after Factory Reset.


  • This topic is locked This topic is locked
13 replies to this topic

#1 BillyThwart

BillyThwart

    Member

  • Full Member
  • Pip
  • 9 posts

Posted 18 March 2016 - 02:05 PM

Hey, thanks again! I just got a computer through ebay, so maybe malware from that,
or malware from a "flash download."Eww.

Computer didnt update to right time on start up. So instead

of reading default time 3:00 it reads default time 7:00
probably Downloaded Malware bundled with "Flash Player"
so i got computer ran these multiple times  And Factory Reset (FR) it too multiple times.

CCleaners
Hitman Pro                 **Should be noted after running adaware the first
Adaware**                      few times the internet card would not read
Malwarytes                      and I couldnt get it to turn on so had to FR
Junkware Removal Tool (included in report)

Then computer seemed a lot cleaner and wasnt being

bad (the time and date were probably off though)
So I updated from Lenovo Yoga 3 Windows 8.1 to Windows 10.

So I did that
Computer seemed to be working I logged into an academic account.
worked fine so i went to update time and date. It worked, 1:00; then
went back 5:00, wrong time; back to 1:00, time adjusted, and then just stayed there.

okay oh and now the touch screen doesnt work... which is pretty lame. you just touch it and it doesnt do anything

Okay so thats a pretty good update now scans?

Bit Defender Said I was Good To Go.




Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version:05-03-2016 01
Ran by Billy Thwart (administrator) on UH-COMPUTER (17-03-2016 21:05:44)
Running from C:\Users\Billy Thwart\Downloads
Loaded Profiles: Billy Thwart (Available Profiles: Billy Thwart)
Platform: Windows 10 Home Version 1511 (X64) Language: English (United States)
Internet Explorer Version 11 (Default browser: Edge)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo...very-scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(Intel Corporation) C:\Windows\System32\igfxCUIService.exe
(SurfRight B.V.) C:\Program Files\HitmanPro\hmpsched.exe
(Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v3.0\WPF\PresentationFontCache.exe
(Qualcomm Atheros) C:\Program Files (x86)\Bluetooth Suite\AdminService.exe
(Lenovo) C:\Program Files\Lenovo\OneKey Optimizer\bin\FbService.exe
(Intel Corporation) C:\Windows\SysWOW64\esif_uf.exe
(Lenovo Corporation) C:\Program Files\Lenovo\Communications Utility\AVControlCenter32.exe
(Intel Corporation) C:\Windows\SysWOW64\IntelCpHeciSvc.exe
() C:\Program Files (x86)\Lenovo\Harmony\Picks\HarmonyPicksService.exe
() C:\Program Files (x86)\Lenovo\Harmony\Setting\HarmonySettingService.exe
(Lenovo(beijing) Limited) C:\Program Files (x86)\Lenovo\Lenovo Settings\x86\LenovoSetSvr.exe
(Lenovo(beijing) Limited) C:\Windows\System32\LenovoWiFiHotspotSvr.exe
(LENOVO INCORPORATED.) C:\Program Files\Lenovo\iMController\SystemAgentService.exe
(Lenovo(beijing) Limited) C:\Program Files\Lenovo\OneKey Optimizer\bin\OKOUpdataService.exe
() C:\Program Files\Lenovo PhoneCompanion\LPAWDService.exe
() C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.10.767.8917\AdAwareService.exe
(Lenovo Group Limited) C:\Program Files\Lenovo\SettingsDependency\SettingsService.exe
(Lavasoft Limited) C:\Program Files (x86)\Lavasoft\Web Companion\TcpService\2.3.4.7\LavasoftTcpService.exe
(Nalpeiron Ltd.) C:\Windows\SysWOW64\NLSSRV32.EXE
(Nitro PDF Software) C:\Program Files\Common Files\Nitro\Pro\9.0\NitroPDFDriverService9x64.exe
(Lenovo(beijing) Limited) C:\Program Files\Lenovo\OneKey Optimizer\bin\OKOControlSvc.exe
(Lenovo) C:\Program Files (x86)\Lenovo\PaperDisplay\PaperLookingSrv.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnhService.exe
() C:\Program Files\CyberLink\Shared files\RichVideo64.exe
(PointGrab LTD) C:\Program Files (x86)\Lenovo\Motion Control\PGService.exe
(Lenovo) C:\Program Files\Lenovo PhoneCompanion\PhoneCompanionPusher.exe
() C:\Program Files (x86)\Lenovo\PaperDisplay\PLHotkeyService.exe
(PointGrab LTD) C:\Program Files (x86)\Lenovo\Motion Control\PG_Service_Launcher.exe
() C:\Program Files (x86)\Lavasoft\Web Companion\Application\Lavasoft.WCAssistant.WinService.exe
(Lenovo) C:\ProgramData\LenovoTransition\Server\x64\ymc.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
() C:\Program Files\WindowsApps\Microsoft.Messaging_1.10.22012.0_x86__8wekyb3d8bbwe\SkypeHost.exe
(Lenovo Corporation) C:\Program Files\Lenovo\Communications Utility\avfaudiosw.exe
() C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.10.767.8917\AdAwareTray.exe
(Intel Corporation) C:\Windows\Temp\DPTF\esif_assist.exe
(Intel Corporation) C:\Windows\System32\igfxEM.exe
(Intel Corporation) C:\Windows\System32\igfxHK.exe
() C:\Windows\System32\igfxTray.exe
(PointGrab LTD) C:\Program Files (x86)\Lenovo\Motion Control\WebcamSplitterServer.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
(Lenovo) C:\Windows\System32\LenovoUpdate.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe
(Lenovo(beijing) Limited) C:\Program Files\Lenovo\LenovoUtility\utility.exe
() C:\Program Files (x86)\Lenovo\LenovoTransition\TransitionServer.exe
(Lenovo) C:\Program Files\Lenovo PhoneCompanion\Phone Companion.exe
(Lenovo(beijing) Limited) C:\Program Files\Lenovo\OneKey Optimizer\bin\OneKeyOptimizerTray.exe
(Lenovo(beijing) Limited) C:\Program Files\Lenovo\OneKey Optimizer\bin\OnekeyOptimizerUpdata.exe
(Waves Audio Ltd.) C:\Program Files\Waves\MaxxAudio\WavesSvc64.exe
(Lenovo) C:\Program Files (x86)\Lenovo\Harmony\Picks\Lenovo.HarmonyPicks.exe
(Lenovo) C:\Program Files (x86)\Lenovo\Harmony\Setting\Lenovo.HarmonySetting.exe
(Piriform Ltd) C:\Program Files\CCleaner\CCleaner64.exe
(Malwarebytes) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbam.exe
(Intel Corporation) C:\Program Files\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe
(Intel Corporation) C:\Program Files\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\DAL\jhi_service.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe
(Lenovo Corporation) C:\Program Files\Lenovo\Communications Utility\tpknrres.exe
(Lenovo(beijing) Limited) C:\Program Files\Lenovo\OneKey Optimizer\bin\OneKeyOptimizer.exe
() C:\Program Files\Lenovo PhoneCompanion\adb.exe
(Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe


==================== Registry (Whitelisted) ===========================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [RTHDVCPL] => C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [16412920 2015-10-07] (Realtek Semiconductor)
HKLM\...\Run: [RtHDVBg_BYPASS_AUDIO_EFFECT_WHEN_POWERSAVING] => C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe [1416440 2015-10-07] (Realtek Semiconductor)
HKLM\...\Run: [RtHDVBg_MAXX6] => C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe [1416440 2015-10-07] (Realtek Semiconductor)
HKLM\...\Run: [RtHDVBg_LENOVO_DOLBYDRAGON] => C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe [1416440 2015-10-07] (Realtek Semiconductor)
HKLM\...\Run: [RtHDVBg_LENOVO_MICPKEY] => C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe [1416440 2015-10-07] (Realtek Semiconductor)
HKLM\...\Run: [SynTPEnh] => C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [2809072 2014-11-11] (Synaptics Incorporated)
HKLM\...\Run: [IAStorIcon] => C:\Program Files\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe [322712 2014-10-09] (Intel Corporation)
HKLM\...\Run: [LenovoUtility] => C:\Program Files\Lenovo\LenovoUtility\utility.exe [10828056 2015-01-24] (Lenovo(beijing) Limited)
HKLM\...\Run: [AutoStartTransition] => C:\Program Files (x86)\Lenovo\LenovoTransition\TransitionServer.exe [109840 2014-08-14] ()
HKLM\...\Run: [PhoneCompanion] => C:\Program Files\Lenovo PhoneCompanion\Phone Companion.exe [802800 2015-01-24] (Lenovo)
HKLM\...\Run: [OneKeyOptimizer] => C:\Program Files\Lenovo\OneKey Optimizer\bin\OneKeyOptimizerTray.exe [559896 2014-11-18] (Lenovo(beijing) Limited)
HKLM\...\Run: [LMCSSTART1] => C:\Program Files\Lenovo\Communications Utility\lmcsctrl.exe [30152 2015-03-23] (Lenovo Corporation)
HKLM\...\Run: [LMCSSTART2] => C:\Program Files\Lenovo\Communications Utility\lmcsctrl.exe [30152 2015-03-23] (Lenovo Corporation)
HKLM\...\Run: [LMCSSTART3] => C:\Program Files\Lenovo\Communications Utility\lmcsctrl.exe [30152 2015-03-23] (Lenovo Corporation)
HKLM\...\Run: [WavesSvc] => C:\Program Files\Waves\MaxxAudio\WavesSvc64.exe [606296 2014-10-02] (Waves Audio Ltd.)
HKLM\...\Run: [] => [X]
HKLM\...\Run: [AdAwareTray] => C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.10.767.8917\AdAwareTray.exe [9581280 2016-01-28] ()
HKLM-x32\...\Run: [HarmonyPicks] => C:\Program Files (x86)\Lenovo\Harmony\Picks\Lenovo.HarmonyPicks.exe [1221912 2014-09-28] (Lenovo)
HKLM-x32\...\Run: [HarmonySetting] => C:\Program Files (x86)\Lenovo\Harmony\Setting\Lenovo.HarmonySetting.exe [2696472 2014-09-28] (Lenovo)
HKU\S-1-5-21-4200795788-837917841-911566171-1001\...\Run: [CCleaner Monitoring] => C:\Program Files\CCleaner\CCleaner64.exe [8641240 2016-02-12] (Piriform Ltd)
HKU\S-1-5-21-4200795788-837917841-911566171-1001\...\RunOnce: [Uninstall C:\Users\Billy Thwart\AppData\Local\Microsoft\OneDrive\17.3.5892.0626\amd64] => C:\WINDOWS\system32\cmd.exe /q /c rmdir /s /q "C:\Users\Billy Thwart\AppData\Local\Microsoft\OneDrive\17.3.5892.0626\amd64"
AppInit_DLLs-x32: C:\PROGRA~2\LENOVO~2\LENOVO~1\bin\SPVC32~1.DLL => No File

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

Winsock: Catalog9 01 C:\WINDOWS\SysWOW64\LavasoftTcpService.dll [345360 2016-03-17] (Lavasoft Limited)
Winsock: Catalog9 02 C:\WINDOWS\SysWOW64\LavasoftTcpService.dll [345360 2016-03-17] (Lavasoft Limited)
Winsock: Catalog9 03 C:\WINDOWS\SysWOW64\LavasoftTcpService.dll [345360 2016-03-17] (Lavasoft Limited)
Winsock: Catalog9 04 C:\WINDOWS\SysWOW64\LavasoftTcpService.dll [345360 2016-03-17] (Lavasoft Limited)
Winsock: Catalog9 17 C:\WINDOWS\SysWOW64\LavasoftTcpService.dll [345360 2016-03-17] (Lavasoft Limited)
Winsock: Catalog9-x64 01 C:\WINDOWS\system32\LavasoftTcpService64.dll [425744 2016-03-17] (Lavasoft Limited)
Winsock: Catalog9-x64 02 C:\WINDOWS\system32\LavasoftTcpService64.dll [425744 2016-03-17] (Lavasoft Limited)
Winsock: Catalog9-x64 03 C:\WINDOWS\system32\LavasoftTcpService64.dll [425744 2016-03-17] (Lavasoft Limited)
Winsock: Catalog9-x64 04 C:\WINDOWS\system32\LavasoftTcpService64.dll [425744 2016-03-17] (Lavasoft Limited)
Winsock: Catalog9-x64 17 C:\WINDOWS\system32\LavasoftTcpService64.dll [425744 2016-03-17] (Lavasoft Limited)
Tcpip\Parameters: [DhcpNameServer] 192.168.1.1
Tcpip\..\Interfaces\{22c3e7c1-f94a-4d50-9007-947429d31048}: [DhcpNameServer] 192.168.1.1

Internet Explorer:
==================
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = about:blank
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL =
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Page_URL =
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL =
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Search_URL =
HKU\S-1-5-21-4200795788-837917841-911566171-1001\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
HKU\S-1-5-21-4200795788-837917841-911566171-1001\Software\Microsoft\Internet Explorer\Main,Secondary Start Pages = hxxp://home.lenovo.com
HKU\S-1-5-21-4200795788-837917841-911566171-1001\Software\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = hxxp://home.lenovo.com
SearchScopes: HKU\S-1-5-21-4200795788-837917841-911566171-1001 -> DefaultScope {06AEA116-DBFF-4838-A111-D8CCF7D902D4} URL =

FireFox:
========
FF ProfilePath: C:\Users\Billy Thwart\AppData\Roaming\Mozilla\Firefox\Profiles\bk6ranbf.default
FF NewTab: hxxp://www.bing.com/?pc=COSP&ptag=D031716-A60FA26CFB78147A880F&form=CONMHP&conlogo=CT3332038
FF DefaultSearchEngine: Bing®
FF DefaultSearchEngine.US: DuckDuckGo
FF SelectedSearchEngine: Bing®
FF Homepage: hxxp://www.bing.com/?pc=COSP&ptag=D031716-A60FA26CFB78147A880F&form=CONMHP&conlogo=CT3332038
FF Plugin: @mcafee.com/MSC,version=10 -> C:\Program Files\mcafee\msc\npMcSnFFPl64.dll [No File]
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI ipt;version=4.0.56 -> C:\Program Files (x86)\Intel\Intel® Management Engine Components\IPT\npIntelWebAPIIPT.dll [2014-10-10] (Intel Corporation)
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI updater -> C:\Program Files (x86)\Intel\Intel® Management Engine Components\IPT\npIntelWebAPIUpdater.dll [2014-10-10] (Intel Corporation)
FF Plugin-x32: @mcafee.com/MSC,version=10 -> C:\Program Files (x86)\McAfee\msc\npMcSnFFPl.dll [No File]
FF Plugin-x32: @nitropdf.com/NitroPDF -> C:\Program Files (x86)\Nitro\Pro 9\npnitromozilla.dll [2013-12-12] (Nitro PDF)
FF Extension: Default - C:\Program Files (x86)\Mozilla Firefox\browser\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}.xpi [2016-03-03] [not signed]
FF HKLM-x32\...\Thunderbird\Extensions: [msktbird@mcafee.com] - C:\Program Files\McAfee\MSK => not found

==================== Services (Whitelisted) ========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R2 AtherosSvc; C:\Program Files (x86)\Bluetooth Suite\adminservice.exe [305664 2014-08-22] (Qualcomm Atheros) [File not signed]
R2 AVControlCenter; C:\Program Files\Lenovo\Communications Utility\AVControlCenter32.exe [560584 2015-03-23] (Lenovo Corporation)
R2 esifsvc; C:\windows\SysWOW64\esif_uf.exe [1037568 2014-09-18] (Intel Corporation)
R2 FastbootService; C:\Program Files\Lenovo\OneKey Optimizer\bin\FbService.exe [191512 2014-11-20] (Lenovo) [File not signed]
R2 HarmonyPicksService; C:\Program Files (x86)\Lenovo\Harmony\Picks\HarmonyPicksService.exe [17176 2014-08-25] ()
R2 HarmonySettingService; C:\Program Files (x86)\Lenovo\Harmony\Setting\HarmonySettingService.exe [17688 2014-09-04] ()
R2 HitmanProScheduler; C:\Program Files\HitmanPro\hmpsched.exe [135496 2016-03-17] (SurfRight B.V.)
R2 IAStorDataMgrSvc; C:\Program Files\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe [18584 2014-10-09] (Intel Corporation)
R2 igfxCUIService2.0.0.0; C:\Windows\system32\igfxCUIService.exe [359848 2015-09-04] (Intel Corporation)
S3 Intel® Capability Licensing Service TCP IP Interface; C:\Program Files\Intel\iCLS Client\SocketHeciServer.exe [887256 2014-05-13] (Intel® Corporation)
R2 jhi_service; C:\Program Files (x86)\Intel\Intel® Management Engine Components\DAL\jhi_service.exe [158496 2014-10-10] (Intel Corporation)
R2 LavasoftAdAwareService11; C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.10.767.8917\AdAwareService.exe [712432 2016-01-28] ()
R2 LavasoftTcpService; C:\Program Files (x86)\Lavasoft\Web Companion\TcpService\2.3.4.7\LavasoftTcpService.exe [2751760 2016-03-17] (Lavasoft Limited)
S3 Lenovo EasyPlus Hotspot; C:\Program Files (x86)\Common Files\lenovo\easyplussdk\bin\EPHotspot64.exe [533760 2014-06-03] (Lenovo)
R2 Lenovo OKO Service; C:\Program Files\Lenovo\OneKey Optimizer\bin\OKOUpdataService.exe [2544408 2014-11-18] (Lenovo(beijing) Limited)
R2 Lenovo Settings Service; C:\Program Files\Lenovo\SettingsDependency\SettingsService.exe [2016040 2015-04-10] (Lenovo Group Limited)
R2 Lenovo System Agent Service; C:\Program Files\Lenovo\iMController\SystemAgentService.exe [584960 2014-05-21] (LENOVO INCORPORATED.)
S3 LENOVO.TVTVCAM; C:\Program Files\Lenovo\Communications Utility\vcamsvc.exe [625608 2015-03-23] (Lenovo Corporation)
R2 LenovoPAWDService; C:\Program Files\Lenovo PhoneCompanion\LPAWDService.exe [133440 2015-01-24] ()
R2 LenovoSetSvr; C:\Program Files (x86)\Lenovo\Lenovo Settings\x86\LenovoSetSvr.exe [258544 2014-06-19] (Lenovo(beijing) Limited)
R3 LenovoUpdate; C:\Windows\System32\LenovoUpdate.exe [26608 2016-03-17] (Lenovo)
R2 LenovoWiFiHotspotSvr; C:\Windows\System32\LenovoWiFiHotspotSvr.exe [218952 2014-08-25] (Lenovo(beijing) Limited)
R2 NitroDriverReadSpool9; C:\Program Files\Common Files\Nitro\Pro\9.0\NitroPDFDriverService9x64.exe [230920 2013-12-12] (Nitro PDF Software)
R2 OKOControlSvc; C:\Program Files\Lenovo\OneKey Optimizer\bin\OKOControlSvc.exe [113944 2014-11-17] (Lenovo(beijing) Limited)
R2 PaperLookingSrv; C:\Program Files (x86)\Lenovo\PaperDisplay\PaperLookingSrv.exe [173336 2014-09-25] (Lenovo)
R2 PGService; C:\Program Files (x86)\Lenovo\Motion Control\PGService.exe [167176 2014-05-28] (PointGrab LTD)
R2 PG_Service_Launcher; C:\Program Files (x86)\Lenovo\Motion Control\PG_Service_Launcher.exe [524552 2014-05-28] (PointGrab LTD)
R2 PhoneCompanionPusher; C:\Program Files\Lenovo PhoneCompanion\PhoneCompanionPusher.exe [321520 2015-01-24] (Lenovo)
S3 PhoneCompanionVap; C:\Program Files\Lenovo PhoneCompanion\PhoneCompanionVap.exe [338416 2015-01-24] (Lenovo)
R2 PLHotkeyService; C:\Program Files (x86)\Lenovo\PaperDisplay\PLHotkeyService.exe [25368 2014-09-25] ()
R2 RichVideo64; C:\Program Files\CyberLink\Shared files\RichVideo64.exe [390632 2012-04-24] ()
R2 SynTPEnhService; C:\Program Files\Synaptics\SynTP\SynTPEnhService.exe [190704 2014-11-11] (Synaptics Incorporated)
R2 WCAssistantService; C:\Program Files (x86)\Lavasoft\Web Companion\Application\Lavasoft.WCAssistant.WinService.exe [17168 2016-03-17] ()
S3 WdNisSvc; C:\Program Files\Windows Defender\NisSrv.exe [364464 2015-10-30] (Microsoft Corporation)
S3 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [24864 2015-10-30] (Microsoft Corporation)
R2 ymc; C:\ProgramData\LenovoTransition\Server\x64\ymc.exe [34576 2014-09-03] (Lenovo)

===================== Drivers (Whitelisted) ==========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R3 avc3; C:\Windows\System32\DRIVERS\avc3.sys [1600512 2016-01-05] (BitDefender)
R3 avchv; C:\Windows\system32\DRIVERS\avchv.sys [282000 2016-01-05] (BitDefender)
R3 avckf; C:\Windows\System32\DRIVERS\avckf.sys [775424 2016-01-05] (BitDefender)
R1 BdfNdisf; C:\Program Files\Lavasoft\Ad-Aware Antivirus\Firewall Engine\1.6.0.0\Drivers\bdfndisf6.sys [97816 2015-01-06] (BitDefender LLC)
R1 bdfwfpf; C:\Program Files\Lavasoft\Ad-Aware Antivirus\Firewall Engine\1.6.0.0\Drivers\bdfwfpf.sys [107080 2015-01-06] (BitDefender LLC)
R3 dptf_acpi; C:\Windows\System32\drivers\dptf_acpi.sys [41824 2014-09-18] (Intel Corporation)
R3 dptf_cpu; C:\Windows\System32\drivers\dptf_cpu.sys [38720 2014-09-18] (Intel Corporation)
R3 esif_lf; C:\Windows\System32\drivers\esif_lf.sys [216360 2014-09-18] (Intel Corporation)
R0 Fastboot; C:\Windows\System32\DRIVERS\Fastboot.sys [70168 2014-11-20] (Windows ® Win 7 DDK provider) [File not signed]
R3 gzflt; C:\Program Files\Lavasoft\Ad-Aware Antivirus\Antimalware Engine\3.0.99.0\gzflt.sys [155912 2015-12-09] (BitDefender LLC)
R3 KMDFVirtualKbd; C:\Windows\System32\drivers\KMDFVirtualKbd.sys [22264 2014-08-04] ()
R3 KMDFVirtualMouse; C:\Windows\System32\drivers\KMDFVirtualMouse.sys [21240 2014-08-04] ()
R3 MBAMSwissArmy; C:\WINDOWS\system32\drivers\MBAMSwissArmy.sys [192216 2016-03-17] (Malwarebytes)
R3 MEIx64; C:\Windows\system32\DRIVERS\TeeDriverx64.sys [129312 2014-10-10] (Intel Corporation)
R3 Qcamain10x64; C:\Windows\System32\drivers\Qcamain10x64.sys [2327040 2015-10-30] (Qualcomm Atheros, Inc.)
S3 RTSUER; C:\Windows\system32\Drivers\RtsUer.sys [410880 2015-07-03] (Realsil Semiconductor Corporation)
S3 SPUVCbv; C:\Windows\System32\Drivers\SPUVCbv_x64.sys [744928 2015-06-22] (Sunplus)
R3 SynRMIHID; C:\Windows\system32\DRIVERS\SynRMIHID.sys [41200 2014-11-11] (Synaptics Incorporated)
S3 Trufos; C:\Windows\System32\DRIVERS\Trufos.sys [452040 2015-12-09] (BitDefender S.R.L.)
S3 WdBoot; C:\Windows\system32\drivers\WdBoot.sys [44568 2015-10-30] (Microsoft Corporation)
S3 WdFilter; C:\Windows\system32\drivers\WdFilter.sys [293216 2015-10-30] (Microsoft Corporation)
S3 WdNisDrv; C:\Windows\System32\Drivers\WdNisDrv.sys [118112 2015-10-30] (Microsoft Corporation)
S3 wsvd; C:\Windows\system32\DRIVERS\wsvd.sys [102376 2012-06-13] ("CyberLink)

==================== NetSvcs (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)


==================== One Month Created files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2016-03-17 21:05 - 2016-03-17 21:05 - 00020058 _____ C:\Users\Billy Thwart\Downloads\FRST.txt
2016-03-17 21:04 - 2016-03-17 21:05 - 00000000 ____D C:\FRST
2016-03-17 21:02 - 2016-03-17 21:03 - 02374144 _____ (Farbar) C:\Users\Billy Thwart\Downloads\FRST64.exe
2016-03-17 21:00 - 2015-12-08 23:39 - 00301728 ____N (Microsoft Corporation) C:\WINDOWS\system32\MpSigStub.exe
2016-03-17 20:59 - 2016-03-17 21:00 - 00000000 ____D C:\WINDOWS\system32\MRT
2016-03-17 20:59 - 2016-03-17 20:59 - 143659408 _____ (Microsoft Corporation) C:\WINDOWS\system32\MRT.exe
2016-03-17 19:58 - 2016-03-17 19:58 - 00001704 _____ C:\Users\Billy Thwart\Desktop\heeeelp.txt
2016-03-17 09:33 - 2016-03-17 09:33 - 00003864 _____ C:\Users\Billy Thwart\Documents\cc_20160317_093343.reg
2016-03-17 09:31 - 2016-03-17 09:31 - 00000000 ____D C:\Users\Billy Thwart\AppData\Roaming\Nitro PDF
2016-03-17 09:31 - 2016-03-17 09:31 - 00000000 ____D C:\Users\Billy Thwart\AppData\Roaming\Nitro
2016-03-17 09:15 - 2016-03-17 09:15 - 00093649 _____ C:\Users\Billy Thwart\Desktop\vlsm worksheet - instructor version.pdf
2016-03-17 09:15 - 2016-03-17 00:45 - 00192216 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\MBAMSwissArmy.sys
2016-03-17 09:14 - 2016-03-17 09:14 - 00178513 _____ C:\Users\Billy Thwart\Desktop\jonesr0_IP_Addressing__Subnetting_Workbook__Instructors_Version2.pdf
2016-03-17 09:13 - 2016-03-17 09:13 - 00178513 _____ C:\Users\Billy Thwart\Desktop\jonesr0_IP_Addressing__Subnetting_Workbook__Instructors_Version.pdf
2016-03-17 09:10 - 2016-03-17 09:10 - 00001182 _____ C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
2016-03-17 09:10 - 2016-03-17 09:10 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware
2016-03-17 09:10 - 2016-03-17 09:10 - 00000000 ____D C:\ProgramData\Malwarebytes
2016-03-17 09:10 - 2016-03-17 09:10 - 00000000 ____D C:\Program Files (x86)\Malwarebytes Anti-Malware
2016-03-17 09:10 - 2015-10-05 09:50 - 00109272 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\mbamchameleon.sys
2016-03-17 09:10 - 2015-10-05 09:50 - 00064216 _____ (Malwarebytes Corporation) C:\WINDOWS\system32\Drivers\mwac.sys
2016-03-17 09:10 - 2015-10-05 09:50 - 00025816 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\mbam.sys
2016-03-17 05:13 - 2016-03-17 09:09 - 22908888 _____ (Malwarebytes ) C:\Users\Billy Thwart\Downloads\mbam-setup-2.2.0.1024.exe
2016-03-17 04:56 - 2016-03-17 04:56 - 00003644 _____ C:\WINDOWS\System32\Tasks\ReasonSecurityScheduledScan
2016-03-17 04:56 - 2016-03-17 04:56 - 00003514 _____ C:\WINDOWS\System32\Tasks\ReasonSecurityStart
2016-03-17 04:56 - 2016-03-17 04:56 - 00000959 _____ C:\Users\Public\Desktop\Reason Core Security.lnk
2016-03-17 04:56 - 2016-03-17 04:56 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Reason Core Security
2016-03-17 04:56 - 2016-03-17 04:56 - 00000000 ____D C:\Program Files\Reason
2016-03-17 04:55 - 2016-03-17 04:55 - 03855576 _____ (Reason Software Company Inc.) C:\Users\Billy Thwart\Downloads\reason-core-security-setup_1.1.1.0.exe
2016-03-17 04:50 - 2016-03-17 05:05 - 00000942 _____ C:\Users\Billy Thwart\Desktop\JRT.txt
2016-03-17 04:48 - 2016-03-17 04:48 - 01610352 _____ (Malwarebytes) C:\Users\Billy Thwart\Downloads\JRT.exe
2016-03-17 04:33 - 2016-03-17 04:44 - 00000000 ____D C:\ProgramData\HitmanPro
2016-03-17 04:33 - 2016-03-17 04:33 - 00001973 _____ C:\Users\Public\Desktop\HitmanPro.lnk
2016-03-17 04:33 - 2016-03-17 04:33 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\HitmanPro
2016-03-17 04:33 - 2016-03-17 04:33 - 00000000 ____D C:\Program Files\HitmanPro
2016-03-17 04:32 - 2016-03-17 04:33 - 11441744 _____ (SurfRight B.V.) C:\Users\Billy Thwart\Downloads\hitmanpro_x64.exe
2016-03-17 04:30 - 2016-03-17 04:30 - 00000000 ____D C:\ProgramData\BitDefender
2016-03-17 04:29 - 2016-03-17 05:11 - 00000000 ____D C:\Users\Billy Thwart\AppData\Roaming\Lavasoft
2016-03-17 04:29 - 2016-03-17 04:29 - 00425744 _____ (Lavasoft Limited) C:\WINDOWS\system32\LavasoftTcpService64.dll
2016-03-17 04:29 - 2016-03-17 04:29 - 00345360 _____ (Lavasoft Limited) C:\WINDOWS\SysWOW64\LavasoftTcpService.dll
2016-03-17 04:29 - 2016-03-17 04:29 - 00000000 ____D C:\Users\Billy Thwart\AppData\Local\Lavasoft
2016-03-17 04:29 - 2016-03-17 04:29 - 00000000 ____D C:\Program Files (x86)\Lavasoft
2016-03-17 04:29 - 2016-03-17 00:44 - 00002864 _____ C:\WINDOWS\SysWOW64\LavasoftTcpServiceOff.ini
2016-03-17 04:29 - 2016-03-17 00:44 - 00002864 _____ C:\WINDOWS\system32\LavasoftTcpServiceOff.ini
2016-03-17 04:27 - 2016-03-17 04:27 - 00000000 ____D C:\WINDOWS\system32\SleepStudy
2016-03-17 04:21 - 2016-03-17 04:21 - 00000000 ____D C:\Users\Billy Thwart\AppData\Roaming\LavasoftStatistics
2016-03-17 04:20 - 2016-03-17 04:29 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Lavasoft
2016-03-17 04:20 - 2016-03-17 04:20 - 00000000 ____H C:\WINDOWS\system32\Drivers\Msft_Kernel_avchv_01009.Wdf
2016-03-17 04:20 - 2016-03-17 00:44 - 00002420 _____ C:\Users\Public\Desktop\Ad-Aware Antivirus.lnk
2016-03-17 04:20 - 2015-01-06 12:47 - 01061776 _____ (BitDefender S.R.L.) C:\WINDOWS\system32\bdsmtpp.dll
2016-03-17 04:20 - 2015-01-06 12:47 - 00209984 _____ (BitDefender) C:\WINDOWS\system32\BdFirewallSDK.dll
2016-03-17 04:20 - 2015-01-06 12:47 - 00195016 _____ (BitDefender) C:\WINDOWS\system32\httproxy.dll
2016-03-17 04:20 - 2015-01-06 12:47 - 00156936 _____ C:\WINDOWS\system32\bdfwcore.dll
2016-03-17 04:20 - 2015-01-06 12:47 - 00155912 _____ (BitDefender S.R.L.) C:\WINDOWS\system32\bdpop3p.dll
2016-03-17 04:20 - 2015-01-06 12:47 - 00122928 _____ (BitDefender) C:\WINDOWS\system32\OEMbdpredir.dll
2016-03-17 04:20 - 2015-01-06 12:47 - 00096160 _____ (BitDefender) C:\WINDOWS\system32\bdpredir.dll
2016-03-17 04:19 - 2016-03-17 04:19 - 00000000 ____D C:\Program Files\Lavasoft
2016-03-17 04:02 - 2016-03-17 04:02 - 00000000 ____D C:\Program Files\Common Files\Lavasoft
2016-03-17 04:01 - 2016-03-17 04:20 - 00000000 ____D C:\ProgramData\Lavasoft
2016-03-17 04:01 - 2016-03-17 04:01 - 02085168 _____ C:\Users\Billy Thwart\Desktop\Adaware_Installer.exe
2016-03-17 03:57 - 2016-03-17 03:57 - 00000000 ____D C:\Program Files\Common Files\Atheros
2016-03-17 03:56 - 2016-03-17 03:56 - 00000200 _____ C:\WINDOWS\system32\{EC94D02F-D200-4428-9531-05AF7F9799CB}.bat
2016-03-17 00:43 - 2016-03-17 00:43 - 00003360 _____ C:\WINDOWS\System32\Tasks\LSInstallManager
2016-03-16 23:40 - 2016-03-16 20:03 - 00000000 ___DC C:\WINDOWS\Panther
2016-03-16 23:38 - 2016-03-16 23:38 - 24600576 _____ (Microsoft Corporation) C:\WINDOWS\system32\mshtml.dll
2016-03-16 23:38 - 2016-03-16 23:38 - 22564328 _____ (Microsoft Corporation) C:\WINDOWS\system32\shell32.dll
2016-03-16 23:38 - 2016-03-16 23:38 - 22376960 _____ (Microsoft Corporation) C:\WINDOWS\system32\edgehtml.dll
2016-03-16 23:38 - 2016-03-16 23:38 - 21124344 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\shell32.dll
2016-03-16 23:38 - 2016-03-16 23:38 - 19339776 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mshtml.dll
2016-03-16 23:38 - 2016-03-16 23:38 - 18677760 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\edgehtml.dll
2016-03-16 23:38 - 2016-03-16 23:38 - 14252544 _____ (Microsoft Corporation) C:\WINDOWS\system32\wmp.dll
2016-03-16 23:38 - 2016-03-16 23:38 - 13382656 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieframe.dll
2016-03-16 23:38 - 2016-03-16 23:38 - 12586496 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wmp.dll
2016-03-16 23:38 - 2016-03-16 23:38 - 12125696 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ieframe.dll
2016-03-16 23:38 - 2016-03-16 23:38 - 11545600 _____ (Microsoft Corporation) C:\WINDOWS\system32\twinui.dll
2016-03-16 23:38 - 2016-03-16 23:38 - 09919488 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\twinui.dll
2016-03-16 23:38 - 2016-03-16 23:38 - 07835648 _____ (Microsoft Corporation) C:\WINDOWS\system32\Chakra.dll
2016-03-16 23:38 - 2016-03-16 23:38 - 07533568 _____ (Microsoft Corporation) C:\WINDOWS\system32\mstscax.dll
2016-03-16 23:38 - 2016-03-16 23:38 - 05661696 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Chakra.dll
2016-03-16 23:38 - 2016-03-16 23:38 - 04894208 _____ (Microsoft Corporation) C:\WINDOWS\system32\jscript9.dll
2016-03-16 23:38 - 2016-03-16 23:38 - 04827136 _____ (Microsoft Corporation) C:\WINDOWS\system32\ExplorerFrame.dll
2016-03-16 23:38 - 2016-03-16 23:38 - 04412928 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ExplorerFrame.dll
2016-03-16 23:38 - 2016-03-16 23:38 - 03666432 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\jscript9.dll
2016-03-16 23:38 - 2016-03-16 23:38 - 03425792 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Media.dll
2016-03-16 23:38 - 2016-03-16 23:38 - 02919320 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\iertutil.dll
2016-03-16 23:38 - 2016-03-16 23:38 - 02793472 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Media.dll
2016-03-16 23:38 - 2016-03-16 23:38 - 02635264 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.UI.Logon.dll
2016-03-16 23:38 - 2016-03-16 23:38 - 02581504 _____ (Microsoft Corporation) C:\WINDOWS\system32\MFMediaEngine.dll
2016-03-16 23:38 - 2016-03-16 23:38 - 02544264 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfcore.dll
2016-03-16 23:38 - 2016-03-16 23:38 - 02295808 _____ (Microsoft Corporation) C:\WINDOWS\system32\wlansvc.dll
2016-03-16 23:38 - 2016-03-16 23:38 - 02180136 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mfcore.dll
2016-03-16 23:38 - 2016-03-16 23:38 - 02152288 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\ntfs.sys
2016-03-16 23:38 - 2016-03-16 23:38 - 02061312 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MFMediaEngine.dll
2016-03-16 23:38 - 2016-03-16 23:38 - 01997328 _____ (Microsoft Corporation) C:\WINDOWS\system32\KernelBase.dll
2016-03-16 23:38 - 2016-03-16 23:38 - 01847808 _____ (Microsoft Corporation) C:\WINDOWS\system32\WMPDMC.exe
2016-03-16 23:38 - 2016-03-16 23:38 - 01818696 _____ (Microsoft Corporation) C:\WINDOWS\system32\ntdll.dll
2016-03-16 23:38 - 2016-03-16 23:38 - 01799168 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.UI.Logon.dll
2016-03-16 23:38 - 2016-03-16 23:38 - 01707520 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ActiveSyncProvider.dll
2016-03-16 23:38 - 2016-03-16 23:38 - 01557768 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\KernelBase.dll
2016-03-16 23:38 - 2016-03-16 23:38 - 01542816 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ntdll.dll
2016-03-16 23:38 - 2016-03-16 23:38 - 01497088 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\WMPDMC.exe
2016-03-16 23:38 - 2016-03-16 23:38 - 01390080 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.UI.Shell.dll
2016-03-16 23:38 - 2016-03-16 23:38 - 01213440 _____ (Microsoft Corporation) C:\WINDOWS\system32\wwansvc.dll
2016-03-16 23:38 - 2016-03-16 23:38 - 01152328 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfasfsrcsnk.dll
2016-03-16 23:38 - 2016-03-16 23:38 - 01131520 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Media.Audio.dll
2016-03-16 23:38 - 2016-03-16 23:38 - 01118208 _____ (Microsoft Corporation) C:\WINDOWS\system32\localspl.dll
2016-03-16 23:38 - 2016-03-16 23:38 - 01105920 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Media.Audio.dll
2016-03-16 23:38 - 2016-03-16 23:38 - 01062480 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfmp4srcsnk.dll
2016-03-16 23:38 - 2016-03-16 23:38 - 01054208 _____ (Microsoft Corporation) C:\WINDOWS\system32\audiosrv.dll
2016-03-16 23:38 - 2016-03-16 23:38 - 01017032 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfsrcsnk.dll
2016-03-16 23:38 - 2016-03-16 23:38 - 00989536 _____ (Microsoft Corporation) C:\WINDOWS\system32\SecConfig.efi
2016-03-16 23:38 - 2016-03-16 23:38 - 00988160 _____ (Microsoft Corporation) C:\WINDOWS\system32\SharedStartModel.dll
2016-03-16 23:38 - 2016-03-16 23:38 - 00980352 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mfasfsrcsnk.dll
2016-03-16 23:38 - 2016-03-16 23:38 - 00957608 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ole32.dll
2016-03-16 23:38 - 2016-03-16 23:38 - 00895080 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mfsrcsnk.dll
2016-03-16 23:38 - 2016-03-16 23:38 - 00890368 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\AppxPackaging.dll
2016-03-16 23:38 - 2016-03-16 23:38 - 00882720 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mfmp4srcsnk.dll
2016-03-16 23:38 - 2016-03-16 23:38 - 00870912 _____ (Microsoft Corporation) C:\WINDOWS\system32\MPSSVC.dll
2016-03-16 23:38 - 2016-03-16 23:38 - 00848168 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfsvr.dll
2016-03-16 23:38 - 2016-03-16 23:38 - 00838144 _____ (Microsoft Corporation) C:\WINDOWS\system32\uDWM.dll
2016-03-16 23:38 - 2016-03-16 23:38 - 00819648 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfmpeg2srcsnk.dll
2016-03-16 23:38 - 2016-03-16 23:38 - 00794888 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfds.dll
2016-03-16 23:38 - 2016-03-16 23:38 - 00764928 _____ (Microsoft Corporation) C:\WINDOWS\system32\Chakradiag.dll
2016-03-16 23:38 - 2016-03-16 23:38 - 00755712 _____ (Microsoft Corporation) C:\WINDOWS\system32\spoolsv.exe
2016-03-16 23:38 - 2016-03-16 23:38 - 00713824 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mfmpeg2srcsnk.dll
2016-03-16 23:38 - 2016-03-16 23:38 - 00709688 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mfsvr.dll
2016-03-16 23:38 - 2016-03-16 23:38 - 00696160 _____ (Microsoft Corporation) C:\WINDOWS\system32\NetSetupEngine.dll
2016-03-16 23:38 - 2016-03-16 23:38 - 00673792 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.UI.dll
2016-03-16 23:38 - 2016-03-16 23:38 - 00670928 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mfds.dll
2016-03-16 23:38 - 2016-03-16 23:38 - 00630632 _____ (Microsoft Corporation) C:\WINDOWS\system32\fontdrvhost.exe
2016-03-16 23:38 - 2016-03-16 23:38 - 00613376 _____ (Microsoft Corporation) C:\WINDOWS\system32\SettingSync.dll
2016-03-16 23:38 - 2016-03-16 23:38 - 00606720 _____ (Microsoft Corporation) C:\WINDOWS\system32\wcmsvc.dll
2016-03-16 23:38 - 2016-03-16 23:38 - 00572272 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\taskschd.dll
2016-03-16 23:38 - 2016-03-16 23:38 - 00567808 _____ (Microsoft Corporation) C:\WINDOWS\system32\MCRecvSrc.dll
2016-03-16 23:38 - 2016-03-16 23:38 - 00557056 _____ (Microsoft Corporation) C:\WINDOWS\system32\PsmServiceExtHost.dll
2016-03-16 23:38 - 2016-03-16 23:38 - 00536256 _____ (Microsoft Corporation) C:\WINDOWS\system32\AudioSes.dll
2016-03-16 23:38 - 2016-03-16 23:38 - 00526336 _____ (Microsoft Corporation) C:\WINDOWS\system32\FirewallAPI.dll
2016-03-16 23:38 - 2016-03-16 23:38 - 00517632 _____ (Microsoft Corporation) C:\WINDOWS\system32\winspool.drv
2016-03-16 23:38 - 2016-03-16 23:38 - 00503296 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\SettingSync.dll
2016-03-16 23:38 - 2016-03-16 23:38 - 00502112 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\NetSetupEngine.dll
2016-03-16 23:38 - 2016-03-16 23:38 - 00498448 _____ (Microsoft Corporation) C:\WINDOWS\system32\MFCaptureEngine.dll
2016-03-16 23:38 - 2016-03-16 23:38 - 00493568 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfmkvsrcsnk.dll
2016-03-16 23:38 - 2016-03-16 23:38 - 00480256 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MCRecvSrc.dll
2016-03-16 23:38 - 2016-03-16 23:38 - 00476728 _____ (Microsoft Corporation) C:\WINDOWS\system32\msvproc.dll
2016-03-16 23:38 - 2016-03-16 23:38 - 00474624 _____ (Microsoft Corporation) C:\WINDOWS\system32\NetSetupShim.dll
2016-03-16 23:38 - 2016-03-16 23:38 - 00463360 _____ (Microsoft Corporation) C:\WINDOWS\system32\wlansec.dll
2016-03-16 23:38 - 2016-03-16 23:38 - 00456704 _____ (Microsoft Corporation) C:\WINDOWS\system32\ipnathlp.dll
2016-03-16 23:38 - 2016-03-16 23:38 - 00451584 _____ (Microsoft Corporation) C:\WINDOWS\system32\werui.dll
2016-03-16 23:38 - 2016-03-16 23:38 - 00450912 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MFCaptureEngine.dll
2016-03-16 23:38 - 2016-03-16 23:38 - 00450560 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\SyncController.dll
2016-03-16 23:38 - 2016-03-16 23:38 - 00430944 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\mrxsmb.sys
2016-03-16 23:38 - 2016-03-16 23:38 - 00420928 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msvproc.dll
2016-03-16 23:38 - 2016-03-16 23:38 - 00412672 _____ (Microsoft Corporation) C:\WINDOWS\system32\wlanmsm.dll
2016-03-16 23:38 - 2016-03-16 23:38 - 00408120 _____ (Microsoft Corporation) C:\WINDOWS\system32\AUDIOKSE.dll
2016-03-16 23:38 - 2016-03-16 23:38 - 00401408 _____ (Microsoft Corporation) C:\WINDOWS\system32\sharemediacpl.dll
2016-03-16 23:38 - 2016-03-16 23:38 - 00400896 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\winspool.drv
2016-03-16 23:38 - 2016-03-16 23:38 - 00389992 _____ (Microsoft Corporation) C:\WINDOWS\system32\wlanapi.dll
2016-03-16 23:38 - 2016-03-16 23:38 - 00379392 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mfmkvsrcsnk.dll
2016-03-16 23:38 - 2016-03-16 23:38 - 00372224 _____ (Microsoft Corporation) C:\WINDOWS\system32\MDEServer.exe
2016-03-16 23:38 - 2016-03-16 23:38 - 00369912 _____ (Microsoft Corporation) C:\WINDOWS\system32\audiodg.exe
2016-03-16 23:38 - 2016-03-16 23:38 - 00369664 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\FirewallAPI.dll
2016-03-16 23:38 - 2016-03-16 23:38 - 00365568 _____ (Adobe Systems Incorporated) C:\WINDOWS\system32\atmfd.dll
2016-03-16 23:38 - 2016-03-16 23:38 - 00349696 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\NetSetupShim.dll
2016-03-16 23:38 - 2016-03-16 23:38 - 00320000 _____ (Microsoft Corporation) C:\WINDOWS\system32\MSFlacDecoder.dll
2016-03-16 23:38 - 2016-03-16 23:38 - 00307712 _____ (Microsoft Corporation) C:\WINDOWS\system32\usbmon.dll
2016-03-16 23:38 - 2016-03-16 23:38 - 00305664 _____ (Microsoft Corporation) C:\WINDOWS\system32\wifiprofilessettinghandler.dll
2016-03-16 23:38 - 2016-03-16 23:38 - 00287712 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Media.MediaControl.dll
2016-03-16 23:38 - 2016-03-16 23:38 - 00285696 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\mrxsmb10.sys
2016-03-16 23:38 - 2016-03-16 23:38 - 00275456 _____ (Microsoft Corporation) C:\WINDOWS\system32\AudioEndpointBuilder.dll
2016-03-16 23:38 - 2016-03-16 23:38 - 00266752 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MSFlacDecoder.dll
2016-03-16 23:38 - 2016-03-16 23:38 - 00258280 _____ (Microsoft Corporation) C:\WINDOWS\system32\sqmapi.dll
2016-03-16 23:38 - 2016-03-16 23:38 - 00228352 _____ (Microsoft Corporation) C:\WINDOWS\system32\wsqmcons.exe
2016-03-16 23:38 - 2016-03-16 23:38 - 00216576 _____ (Microsoft Corporation) C:\WINDOWS\system32\QuickActionsDataModel.dll
2016-03-16 23:38 - 2016-03-16 23:38 - 00214528 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Devices.Scanners.dll
2016-03-16 23:38 - 2016-03-16 23:38 - 00204288 _____ (Microsoft Corporation) C:\WINDOWS\system32\NetSetupSvc.dll
2016-03-16 23:38 - 2016-03-16 23:38 - 00196608 _____ (Microsoft Corporation) C:\WINDOWS\system32\fwpolicyiomgr.dll
2016-03-16 23:38 - 2016-03-16 23:38 - 00187744 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\AppxAllUserStore.dll
2016-03-16 23:38 - 2016-03-16 23:38 - 00184320 _____ (Microsoft Corporation) C:\WINDOWS\system32\fwbase.dll
2016-03-16 23:38 - 2016-03-16 23:38 - 00168448 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Devices.Scanners.dll
2016-03-16 23:38 - 2016-03-16 23:38 - 00164864 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\fwpolicyiomgr.dll
2016-03-16 23:38 - 2016-03-16 23:38 - 00163328 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\fwbase.dll
2016-03-16 23:38 - 2016-03-16 23:38 - 00157184 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\WiFiDisplay.dll
2016-03-16 23:38 - 2016-03-16 23:38 - 00129536 _____ (Microsoft Corporation) C:\WINDOWS\system32\flvprophandler.dll
2016-03-16 23:38 - 2016-03-16 23:38 - 00118272 _____ (Microsoft Corporation) C:\WINDOWS\system32\fontsub.dll
2016-03-16 23:38 - 2016-03-16 23:38 - 00114688 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\bridge.sys
2016-03-16 23:38 - 2016-03-16 23:38 - 00104960 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\rasl2tp.sys
2016-03-16 23:38 - 2016-03-16 23:38 - 00093184 _____ (Microsoft Corporation) C:\WINDOWS\system32\wpninprc.dll
2016-03-16 23:38 - 2016-03-16 23:38 - 00088576 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\olepro32.dll
2016-03-16 23:38 - 2016-03-16 23:38 - 00078848 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\asycfilt.dll
2016-03-16 23:38 - 2016-03-16 23:38 - 00074240 _____ (Microsoft Corporation) C:\WINDOWS\system32\SMSRouter.dll
2016-03-16 23:38 - 2016-03-16 23:38 - 00048640 _____ (Microsoft Corporation) C:\WINDOWS\system32\wfdprov.dll
2016-03-16 23:38 - 2016-03-16 23:38 - 00045568 _____ (Adobe Systems) C:\WINDOWS\system32\atmlib.dll
2016-03-16 23:38 - 2016-03-16 23:38 - 00037376 _____ (Microsoft Corporation) C:\WINDOWS\system32\LaunchWinApp.exe
2016-03-16 23:38 - 2016-03-16 23:38 - 00031744 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\TimeBrokerClient.dll
2016-03-16 23:38 - 2016-03-16 23:38 - 00029696 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\LaunchWinApp.exe
2016-03-16 23:38 - 2016-03-16 23:38 - 00027648 _____ (Microsoft Corporation) C:\WINDOWS\system32\WiFiConfigSP.dll
2016-03-16 23:38 - 2016-03-16 23:38 - 00026112 _____ (Microsoft Corporation) C:\WINDOWS\system32\wlansvcpal.dll
2016-03-16 23:38 - 2016-03-16 23:38 - 00025600 _____ (Microsoft Corporation) C:\WINDOWS\system32\wfapigp.dll
2016-03-16 23:38 - 2016-03-16 23:38 - 00020480 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wfapigp.dll
2016-03-16 23:38 - 2016-03-16 23:38 - 00000000 ____D C:\Windows.old
2016-03-16 23:37 - 2016-03-16 23:37 - 08705672 _____ (Microsoft Corp.) C:\WINDOWS\system32\Windows.Media.Protection.PlayReady.dll
2016-03-16 23:37 - 2016-03-16 23:37 - 07474528 _____ (Microsoft Corporation) C:\WINDOWS\system32\ntoskrnl.exe
2016-03-16 23:37 - 2016-03-16 23:37 - 06972416 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Data.Pdf.dll
2016-03-16 23:37 - 2016-03-16 23:37 - 06952088 _____ (Microsoft Corp.) C:\WINDOWS\SysWOW64\Windows.Media.Protection.PlayReady.dll
2016-03-16 23:37 - 2016-03-16 23:37 - 06740992 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mstscax.dll
2016-03-16 23:37 - 2016-03-16 23:37 - 06607080 _____ (Microsoft Corporation) C:\WINDOWS\system32\windows.storage.dll
2016-03-16 23:37 - 2016-03-16 23:37 - 05321728 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Data.Pdf.dll
2016-03-16 23:37 - 2016-03-16 23:37 - 05242496 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\windows.storage.dll
2016-03-16 23:37 - 2016-03-16 23:37 - 03671888 _____ (Microsoft Corporation) C:\WINDOWS\system32\iertutil.dll
2016-03-16 23:37 - 2016-03-16 23:37 - 03593216 _____ (Microsoft Corporation) C:\WINDOWS\system32\win32kfull.sys
2016-03-16 23:37 - 2016-03-16 23:37 - 03449168 _____ (Microsoft Corporation) C:\WINDOWS\system32\WSService.dll
2016-03-16 23:37 - 2016-03-16 23:37 - 02912256 _____ (Microsoft Corporation) C:\WINDOWS\system32\CertEnroll.dll
2016-03-16 23:37 - 2016-03-16 23:37 - 02773096 _____ (Microsoft Corporation) C:\WINDOWS\system32\d3d11.dll
2016-03-16 23:37 - 2016-03-16 23:37 - 02755584 _____ (Microsoft Corporation) C:\WINDOWS\system32\wininet.dll
2016-03-16 23:37 - 2016-03-16 23:37 - 02654872 _____ C:\WINDOWS\system32\CoreUIComponents.dll
2016-03-16 23:37 - 2016-03-16 23:37 - 02624512 _____ (Microsoft Corporation) C:\WINDOWS\system32\InputService.dll
2016-03-16 23:37 - 2016-03-16 23:37 - 02604032 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\CertEnroll.dll
2016-03-16 23:37 - 2016-03-16 23:37 - 02273792 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuaueng.dll
2016-03-16 23:37 - 2016-03-16 23:37 - 02229760 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wininet.dll
2016-03-16 23:37 - 2016-03-16 23:37 - 02186864 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\d3d11.dll
2016-03-16 23:37 - 2016-03-16 23:37 - 02158592 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppXDeploymentServer.dll
2016-03-16 23:37 - 2016-03-16 23:37 - 01997152 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\dxgkrnl.sys
2016-03-16 23:37 - 2016-03-16 23:37 - 01996288 _____ (Microsoft Corporation) C:\WINDOWS\system32\ActiveSyncProvider.dll
2016-03-16 23:37 - 2016-03-16 23:37 - 01946624 _____ (Microsoft Corporation) C:\WINDOWS\system32\dwmcore.dll
2016-03-16 23:37 - 2016-03-16 23:37 - 01944576 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\InputService.dll
2016-03-16 23:37 - 2016-03-16 23:37 - 01859960 _____ C:\WINDOWS\SysWOW64\CoreUIComponents.dll
2016-03-16 23:37 - 2016-03-16 23:37 - 01831936 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppXDeploymentExtensions.dll
2016-03-16 23:37 - 2016-03-16 23:37 - 01731584 _____ (Microsoft Corporation) C:\WINDOWS\system32\urlmon.dll
2016-03-16 23:37 - 2016-03-16 23:37 - 01713664 _____ (Microsoft Corporation) C:\WINDOWS\system32\SRHInproc.dll
2016-03-16 23:37 - 2016-03-16 23:37 - 01626624 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dwmcore.dll
2016-03-16 23:37 - 2016-03-16 23:37 - 01613664 _____ (Microsoft Corporation) C:\WINDOWS\system32\diagtrack.dll
2016-03-16 23:37 - 2016-03-16 23:37 - 01500672 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\urlmon.dll
2016-03-16 23:37 - 2016-03-16 23:37 - 01490432 _____ (Microsoft Corporation) C:\WINDOWS\system32\UserDataService.dll
2016-03-16 23:37 - 2016-03-16 23:37 - 01443328 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\SRHInproc.dll
2016-03-16 23:37 - 2016-03-16 23:37 - 01390592 _____ (Microsoft Corporation) C:\WINDOWS\system32\win32kbase.sys
2016-03-16 23:37 - 2016-03-16 23:37 - 01322248 _____ (Microsoft Corporation) C:\WINDOWS\system32\ole32.dll
2016-03-16 23:37 - 2016-03-16 23:37 - 01318912 _____ (Microsoft Corporation) C:\WINDOWS\system32\wifinetworkmanager.dll
2016-03-16 23:37 - 2016-03-16 23:37 - 01317640 _____ (Microsoft Corporation) C:\WINDOWS\system32\winload.efi
2016-03-16 23:37 - 2016-03-16 23:37 - 01224704 _____ (Microsoft Corporation) C:\WINDOWS\system32\Unistore.dll
2016-03-16 23:37 - 2016-03-16 23:37 - 01173344 _____ (Microsoft Corporation) C:\WINDOWS\system32\aeinv.dll
2016-03-16 23:37 - 2016-03-16 23:37 - 01141504 _____ (Microsoft Corporation) C:\WINDOWS\system32\winload.exe
2016-03-16 23:37 - 2016-03-16 23:37 - 01139712 _____ (Microsoft Corporation) C:\WINDOWS\system32\XblGameSave.dll
2016-03-16 23:37 - 2016-03-16 23:37 - 01098752 _____ (Microsoft Corporation) C:\WINDOWS\system32\dosvc.dll
2016-03-16 23:37 - 2016-03-16 23:37 - 01030416 _____ (Microsoft Corporation) C:\WINDOWS\system32\winresume.efi
2016-03-16 23:37 - 2016-03-16 23:37 - 00997376 _____ (Microsoft Corporation) C:\WINDOWS\system32\schedsvc.dll
2016-03-16 23:37 - 2016-03-16 23:37 - 00990720 _____ (Microsoft Corporation) C:\WINDOWS\system32\SettingSyncCore.dll
2016-03-16 23:37 - 2016-03-16 23:37 - 00982016 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppxPackaging.dll
2016-03-16 23:37 - 2016-03-16 23:37 - 00957952 _____ (Microsoft Corporation) C:\WINDOWS\system32\SRH.dll
2016-03-16 23:37 - 2016-03-16 23:37 - 00954368 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\bthport.sys
2016-03-16 23:37 - 2016-03-16 23:37 - 00949248 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Unistore.dll
2016-03-16 23:37 - 2016-03-16 23:37 - 00948736 _____ (Microsoft Corporation) C:\WINDOWS\system32\XblAuthManager.dll
2016-03-16 23:37 - 2016-03-16 23:37 - 00938496 _____ (Microsoft Corporation) C:\WINDOWS\system32\ContactApis.dll
2016-03-16 23:37 - 2016-03-16 23:37 - 00915456 _____ (Microsoft Corporation) C:\WINDOWS\system32\configurationclient.dll
2016-03-16 23:37 - 2016-03-16 23:37 - 00874968 _____ (Microsoft Corporation) C:\WINDOWS\system32\winresume.exe
2016-03-16 23:37 - 2016-03-16 23:37 - 00870400 _____ (Microsoft Corporation) C:\WINDOWS\system32\modernexecserver.dll
2016-03-16 23:37 - 2016-03-16 23:37 - 00852480 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.ApplicationModel.Store.dll
2016-03-16 23:37 - 2016-03-16 23:37 - 00847360 _____ (Microsoft Corporation) C:\WINDOWS\system32\netlogon.dll
2016-03-16 23:37 - 2016-03-16 23:37 - 00828928 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.AccountsControl.dll
2016-03-16 23:37 - 2016-03-16 23:37 - 00808800 _____ (Microsoft Corporation) C:\WINDOWS\system32\WWAHost.exe
2016-03-16 23:37 - 2016-03-16 23:37 - 00793600 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\SRH.dll
2016-03-16 23:37 - 2016-03-16 23:37 - 00791744 _____ (Microsoft Corporation) C:\WINDOWS\system32\generaltel.dll
2016-03-16 23:37 - 2016-03-16 23:37 - 00790528 _____ (Microsoft Corporation) C:\WINDOWS\system32\EmailApis.dll
2016-03-16 23:37 - 2016-03-16 23:37 - 00779384 _____ (Microsoft Corporation) C:\WINDOWS\system32\taskschd.dll
2016-03-16 23:37 - 2016-03-16 23:37 - 00769536 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ContactApis.dll
2016-03-16 23:37 - 2016-03-16 23:37 - 00754176 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\SettingSyncCore.dll
2016-03-16 23:37 - 2016-03-16 23:37 - 00726528 _____ (Microsoft Corporation) C:\WINDOWS\system32\ChatApis.dll
2016-03-16 23:37 - 2016-03-16 23:37 - 00713728 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\netlogon.dll
2016-03-16 23:37 - 2016-03-16 23:37 - 00713568 _____ (Microsoft Corporation) C:\WINDOWS\system32\invagent.dll
2016-03-16 23:37 - 2016-03-16 23:37 - 00703840 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\WWAHost.exe
2016-03-16 23:37 - 2016-03-16 23:37 - 00700416 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppointmentApis.dll
2016-03-16 23:37 - 2016-03-16 23:37 - 00685568 _____ (Microsoft Corporation) C:\WINDOWS\system32\scapi.dll
2016-03-16 23:37 - 2016-03-16 23:37 - 00652392 _____ (Microsoft Corporation) C:\WINDOWS\system32\dxgi.dll
2016-03-16 23:37 - 2016-03-16 23:37 - 00649216 _____ (Microsoft Corporation) C:\WINDOWS\system32\ngcsvc.dll
2016-03-16 23:37 - 2016-03-16 23:37 - 00646656 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.ApplicationModel.Store.dll
2016-03-16 23:37 - 2016-03-16 23:37 - 00641536 _____ (Microsoft Corporation) C:\WINDOWS\system32\enterprisecsps.dll
2016-03-16 23:37 - 2016-03-16 23:37 - 00640472 _____ (Microsoft Corporation) C:\WINDOWS\system32\wer.dll
2016-03-16 23:37 - 2016-03-16 23:37 - 00625000 _____ (Microsoft Corporation) C:\WINDOWS\system32\ClipSVC.dll
2016-03-16 23:37 - 2016-03-16 23:37 - 00617984 _____ (Microsoft Corporation) C:\WINDOWS\system32\StorSvc.dll
2016-03-16 23:37 - 2016-03-16 23:37 - 00591872 _____ (Microsoft Corporation) C:\WINDOWS\system32\SmsRouterSvc.dll
2016-03-16 23:37 - 2016-03-16 23:37 - 00587776 _____ (Microsoft Corporation) C:\WINDOWS\system32\bisrv.dll
2016-03-16 23:37 - 2016-03-16 23:37 - 00585216 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.AccountsControl.dll
2016-03-16 23:37 - 2016-03-16 23:37 - 00576864 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\dxgmms2.sys
2016-03-16 23:37 - 2016-03-16 23:37 - 00575488 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\EmailApis.dll
2016-03-16 23:37 - 2016-03-16 23:37 - 00563552 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\acpi.sys
2016-03-16 23:37 - 2016-03-16 23:37 - 00558080 _____ (Microsoft Corporation) C:\WINDOWS\system32\MBMediaManager.dll
2016-03-16 23:37 - 2016-03-16 23:37 - 00555520 _____ (Microsoft Corporation) C:\WINDOWS\system32\SyncController.dll
2016-03-16 23:37 - 2016-03-16 23:37 - 00552960 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\AppointmentApis.dll
2016-03-16 23:37 - 2016-03-16 23:37 - 00540752 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\fontdrvhost.exe
2016-03-16 23:37 - 2016-03-16 23:37 - 00540160 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ChatApis.dll
2016-03-16 23:37 - 2016-03-16 23:37 - 00538736 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wer.dll
2016-03-16 23:37 - 2016-03-16 23:37 - 00534368 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\USBHUB3.SYS
2016-03-16 23:37 - 2016-03-16 23:37 - 00523752 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dxgi.dll
2016-03-16 23:37 - 2016-03-16 23:37 - 00513888 _____ (Microsoft Corporation) C:\WINDOWS\system32\devinv.dll
2016-03-16 23:37 - 2016-03-16 23:37 - 00489984 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.UI.dll
2016-03-16 23:37 - 2016-03-16 23:37 - 00450560 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Internal.Bluetooth.dll
2016-03-16 23:37 - 2016-03-16 23:37 - 00436736 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppXDeploymentClient.dll
2016-03-16 23:37 - 2016-03-16 23:37 - 00414720 _____ (Microsoft Corporation) C:\WINDOWS\system32\bcastdvr.exe
2016-03-16 23:37 - 2016-03-16 23:37 - 00394752 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\werui.dll
2016-03-16 23:37 - 2016-03-16 23:37 - 00394080 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\dxgmms1.sys
2016-03-16 23:37 - 2016-03-16 23:37 - 00382464 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuuhext.dll
2016-03-16 23:37 - 2016-03-16 23:37 - 00376536 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Media.MediaControl.dll
2016-03-16 23:37 - 2016-03-16 23:37 - 00360448 _____ (Microsoft Corporation) C:\WINDOWS\system32\vaultsvc.dll
2016-03-16 23:37 - 2016-03-16 23:37 - 00358752 _____ (Microsoft Corporation) C:\WINDOWS\system32\msv1_0.dll
2016-03-16 23:37 - 2016-03-16 23:37 - 00345600 _____ (Microsoft Corporation) C:\WINDOWS\system32\TextInputFramework.dll
2016-03-16 23:37 - 2016-03-16 23:37 - 00342528 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\AppXDeploymentClient.dll
2016-03-16 23:37 - 2016-03-16 23:37 - 00330240 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.ApplicationModel.Store.TestingFramework.dll
2016-03-16 23:37 - 2016-03-16 23:37 - 00318976 _____ (Microsoft Corporation) C:\WINDOWS\system32\domgmt.dll
2016-03-16 23:37 - 2016-03-16 23:37 - 00315904 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Internal.Bluetooth.dll
2016-03-16 23:37 - 2016-03-16 23:37 - 00303104 _____ (Adobe Systems Incorporated) C:\WINDOWS\SysWOW64\atmfd.dll
2016-03-16 23:37 - 2016-03-16 23:37 - 00297472 _____ (Microsoft Corporation) C:\WINDOWS\system32\thumbcache.dll
2016-03-16 23:37 - 2016-03-16 23:37 - 00294752 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msv1_0.dll
2016-03-16 23:37 - 2016-03-16 23:37 - 00288768 _____ (Microsoft Corporation) C:\WINDOWS\system32\vaultcli.dll
2016-03-16 23:37 - 2016-03-16 23:37 - 00286720 _____ (Microsoft Corporation) C:\WINDOWS\system32\deviceaccess.dll
2016-03-16 23:37 - 2016-03-16 23:37 - 00274944 _____ (Microsoft Corporation) C:\WINDOWS\system32\ExSMime.dll
2016-03-16 23:37 - 2016-03-16 23:37 - 00274944 _____ (Microsoft Corporation) C:\WINDOWS\system32\DisplayManager.dll
2016-03-16 23:37 - 2016-03-16 23:37 - 00258560 _____ (Microsoft Corporation) C:\WINDOWS\system32\UserDataAccountApis.dll
2016-03-16 23:37 - 2016-03-16 23:37 - 00256512 _____ (Microsoft Corporation) C:\WINDOWS\system32\accountaccessor.dll
2016-03-16 23:37 - 2016-03-16 23:37 - 00252928 _____ (Microsoft Corporation) C:\WINDOWS\system32\PimIndexMaintenance.dll
2016-03-16 23:37 - 2016-03-16 23:37 - 00250880 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.ApplicationModel.Store.TestingFramework.dll
2016-03-16 23:37 - 2016-03-16 23:37 - 00245760 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\TextInputFramework.dll
2016-03-16 23:37 - 2016-03-16 23:37 - 00243712 _____ (Microsoft Corporation) C:\WINDOWS\system32\cemapi.dll
2016-03-16 23:37 - 2016-03-16 23:37 - 00238592 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\xboxgip.sys
2016-03-16 23:37 - 2016-03-16 23:37 - 00237056 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\thumbcache.dll
2016-03-16 23:37 - 2016-03-16 23:37 - 00228352 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\deviceaccess.dll
2016-03-16 23:37 - 2016-03-16 23:37 - 00224256 _____ (Microsoft Corporation) C:\WINDOWS\system32\PackageStateRoaming.dll
2016-03-16 23:37 - 2016-03-16 23:37 - 00223744 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ExSMime.dll
2016-03-16 23:37 - 2016-03-16 23:37 - 00221184 _____ (Microsoft Corporation) C:\WINDOWS\system32\PhoneCallHistoryApis.dll
2016-03-16 23:37 - 2016-03-16 23:37 - 00220064 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\sqmapi.dll
2016-03-16 23:37 - 2016-03-16 23:37 - 00216416 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppxAllUserStore.dll
2016-03-16 23:37 - 2016-03-16 23:37 - 00208896 _____ (Microsoft Corporation) C:\WINDOWS\system32\storewuauth.dll
2016-03-16 23:37 - 2016-03-16 23:37 - 00200704 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\DisplayManager.dll
2016-03-16 23:37 - 2016-03-16 23:37 - 00200704 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\cemapi.dll
2016-03-16 23:37 - 2016-03-16 23:37 - 00199168 _____ (Microsoft Corporation) C:\WINDOWS\system32\InstallAgent.exe
2016-03-16 23:37 - 2016-03-16 23:37 - 00196608 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\UserDataAccountApis.dll
2016-03-16 23:37 - 2016-03-16 23:37 - 00195072 _____ (Microsoft Corporation) C:\WINDOWS\system32\VCardParser.dll
2016-03-16 23:37 - 2016-03-16 23:37 - 00189952 _____ (Microsoft Corporation) C:\WINDOWS\system32\WiFiDisplay.dll
2016-03-16 23:37 - 2016-03-16 23:37 - 00184832 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\PackageStateRoaming.dll
2016-03-16 23:37 - 2016-03-16 23:37 - 00178176 _____ (Microsoft Corporation) C:\WINDOWS\system32\psmsrv.dll
2016-03-16 23:37 - 2016-03-16 23:37 - 00176640 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\rfcomm.sys
2016-03-16 23:37 - 2016-03-16 23:37 - 00175616 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.UI.Core.TextInput.dll
2016-03-16 23:37 - 2016-03-16 23:37 - 00169984 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\PhoneCallHistoryApis.dll
2016-03-16 23:37 - 2016-03-16 23:37 - 00167936 _____ (Microsoft Corporation) C:\WINDOWS\system32\dafBth.dll
2016-03-16 23:37 - 2016-03-16 23:37 - 00163840 _____ (Microsoft Corporation) C:\WINDOWS\system32\TimeBrokerServer.dll
2016-03-16 23:37 - 2016-03-16 23:37 - 00161792 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppxSip.dll
2016-03-16 23:37 - 2016-03-16 23:37 - 00161280 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\InstallAgent.exe
2016-03-16 23:37 - 2016-03-16 23:37 - 00161280 _____ (Microsoft Corporation) C:\WINDOWS\system32\CallHistoryClient.dll
2016-03-16 23:37 - 2016-03-16 23:37 - 00159232 _____ (Microsoft Corporation) C:\WINDOWS\system32\DeviceCensus.exe
2016-03-16 23:37 - 2016-03-16 23:37 - 00150528 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\VCardParser.dll
2016-03-16 23:37 - 2016-03-16 23:37 - 00147808 _____ (Microsoft Corporation) C:\WINDOWS\system32\wermgr.exe
2016-03-16 23:37 - 2016-03-16 23:37 - 00146432 _____ (Microsoft Corporation) C:\WINDOWS\system32\AuthBroker.dll
2016-03-16 23:37 - 2016-03-16 23:37 - 00146272 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\appid.sys
2016-03-16 23:37 - 2016-03-16 23:37 - 00145408 _____ (Microsoft Corporation) C:\WINDOWS\system32\dssvc.dll
2016-03-16 23:37 - 2016-03-16 23:37 - 00141664 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wermgr.exe
2016-03-16 23:37 - 2016-03-16 23:37 - 00141560 _____ (Microsoft Corporation) C:\WINDOWS\system32\AuthHost.exe
2016-03-16 23:37 - 2016-03-16 23:37 - 00135168 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\AppxSip.dll
2016-03-16 23:37 - 2016-03-16 23:37 - 00133632 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.UI.Core.TextInput.dll
2016-03-16 23:37 - 2016-03-16 23:37 - 00129024 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\CallHistoryClient.dll
2016-03-16 23:37 - 2016-03-16 23:37 - 00127840 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\USBSTOR.SYS
2016-03-16 23:37 - 2016-03-16 23:37 - 00121856 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppointmentActivation.dll
2016-03-16 23:37 - 2016-03-16 23:37 - 00115712 _____ (Microsoft Corporation) C:\WINDOWS\system32\srpapi.dll
2016-03-16 23:37 - 2016-03-16 23:37 - 00112640 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\bthenum.sys
2016-03-16 23:37 - 2016-03-16 23:37 - 00111616 _____ (Microsoft Corporation) C:\WINDOWS\system32\UserDataTimeUtil.dll
2016-03-16 23:37 - 2016-03-16 23:37 - 00108544 _____ (Microsoft Corporation) C:\WINDOWS\system32\InputLocaleManager.dll
2016-03-16 23:37 - 2016-03-16 23:37 - 00099328 _____ (Microsoft Corporation) C:\WINDOWS\system32\ngckeyenum.dll
2016-03-16 23:37 - 2016-03-16 23:37 - 00098304 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\AppointmentActivation.dll
2016-03-16 23:37 - 2016-03-16 23:37 - 00093696 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\fontsub.dll
2016-03-16 23:37 - 2016-03-16 23:37 - 00091648 _____ (Microsoft Corporation) C:\WINDOWS\system32\asycfilt.dll
2016-03-16 23:37 - 2016-03-16 23:37 - 00089088 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\UserDataTimeUtil.dll
2016-03-16 23:37 - 2016-03-16 23:37 - 00087552 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppxSysprep.dll
2016-03-16 23:37 - 2016-03-16 23:37 - 00087040 _____ (Microsoft Corporation) C:\WINDOWS\system32\MDMAppInstaller.exe
2016-03-16 23:37 - 2016-03-16 23:37 - 00086528 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppCapture.dll
2016-03-16 23:37 - 2016-03-16 23:37 - 000


#2 nasdaq

nasdaq

    Forum Deity

  • Global Moderator
  • PipPipPipPipPip
  • 49,165 posts

Posted 19 March 2016 - 09:46 AM

Hello, Welcome to SpywareInfoForum.
I'm nasdaq and will be helping you.

If you can please print this topic it will make it easier for you to follow the instructions and complete all of the necessary steps in the order listed.
===

Please remove this program via the Control Panel > Programs and Features applet.
Pokki (HKU\S-1-5-21-4200795788-837917841-911566171-1001\...\Pokki) (Version: 0.269.2.471 - Pokki)
===

Press the windows key Windows_Logo_key.gif+ r on your keyboard at the same time. This will open the RUN BOX.
Type Notepad and and click the OK key.

Please copy the entire contents of the code box below to the a new file.
 
Start

CreateRestorePoint:
EmptyTemp:
CloseProcesses:

HKLM\...\Run: [] => [X]
AppInit_DLLs-x32: C:\PROGRA~2\LENOVO~2\LENOVO~1\bin\SPVC32~1.DLL => No File
FF NewTab: hxxp://www.bing.com/?pc=COSP&ptag=D031716-A60FA26CFB78147A880F&form=CONMHP&conlogo=CT3332038
FF DefaultSearchEngine.US: DuckDuckGo
FF Homepage: hxxp://www.bing.com/?pc=COSP&ptag=D031716-A60FA26CFB78147A880F&form=CONMHP&conlogo=CT3332038
FF Plugin: @mcafee.com/MSC,version=10 -> C:\Program Files\mcafee\msc\npMcSnFFPl64.dll [No File]
FF Plugin-x32: @mcafee.com/MSC,version=10 -> C:\Program Files (x86)\McAfee\msc\npMcSnFFPl.dll [No File]
FF HKLM-x32\...\Thunderbird\Extensions: [msktbird@mcafee.com] - C:\Program Files\McAfee\MSK => not found
C:\Users\Billy Thwart\AppData\Local\Temp\6067408a-eac3-47c9-8281-054ef4a6a0f8.exe
C:\Users\Billy Thwart\AppData\Local\Temp\d19519dc-3caf-45e0-ab2f-122b8ee656bf.exe
AlternateDataStreams: C:\Windows:nlsPreferences [386]

End
Save the file as fixlist.txt in the same folder where the Farbar tool is running from.
The location is listed in the 3rd line of the Farbar log you have submitted.

Run FRST and click Fix only once and wait.

Restart the computer normally to reset the registry.

The tool will create a log (Fixlog.txt) please post it to your reply.
===

Please download AdwCleaner by Xplode onto your Desktop.
  • Close all open programs and internet browsers.
  • Double click on AdwCleaner.exe to run the tool.
  • Click the Scan button and wait for the process to complete.
  • Click the LogFile button and the report will open in Notepad.
IMPORTANT
  • If you click the Clean button all items listed in the report will be removed.
If you find some false positive items or programs that you wish to keep, Close the AdwCleaner windows.
  • Close all open programs and internet browsers.
  • Double click on AdwCleaner.exe to run the tool.
  • Click the Scan button and wait for the process to complete.
  • Check off the element(s) you wish to keep.
  • Click on the Clean button follow the prompts.
  • A log file will automatically open after the scan has finished.
  • Please post the content of that log file with your next answer.
  • You can find the log file at C:\AdwCleanerCx.txt (x is a number).
===

The issue with the TIME and DATE may be caused by a dying or dead battery on the Motherboard.

With the computer powered ON, note the Time and Date.

Power down the computer and remove the power line to the AC outlet.
Wait at least 15 minutes.

Re-connect the computer to AC outlet and start the computer.

If the Time and or date has changed then we know that the cause is the battery.

===

You will need to replace the battery.

In the mean time you can edit the AUTOEXEC.BAT file, if one exists on the C:\ drive.

Add the following commands in bold.

DATE
TIME


Save the file.

If the file does not exists, then create one with the commands listed above.
Save it to the root of the computer the C:\ drive.

Next time you re-start the computer you will be prompted to enter a DATE and the TIME.

The time and date should be set until you shut the computer down.
Check it out with your watch.

Keep me posted on this issue.

===

Have a look at this Microsoft article concerning the problem with the touch screen.
https://www.microsof...ws-10#beforeW10

Try the suggested fix.
Any improvement?
nasdaq

Favorite tools: [ SpywareBlaster ] [ Spybot ] [ AdAware ] [ HijackThis ]
[ Housecall online virus scan ] [ Bitdefender online virus scan ]
[ AVG antivirus ] [ Sunbelt Personal Firewall ] [ ZoneAlarm firewall ]

My help is free, but if we have helped you in anyway,please considerDonating ,
see this topic for details.
We need members like you.

========
Shouldn't water be worth more than diamonds?
Adam Smith Glasgow, 1760

#3 BillyThwart

BillyThwart

    Member

  • Full Member
  • Pip
  • 9 posts

Posted 19 March 2016 - 12:53 PM

Thank you nasdaq.

Okay in removing pokki my control pannel said it had been uninstalled so I chose to "remove it any way" then went to ccleaners uninstaller and dialog box said " Error: 2 - The syste cannot find the file specified."

Tried draining mother board battery time and date came back as correct.

After you help me take care of these issues, which by the way thank you so much, I was planning on factory reset and upgrade back to windows 10, would you recommend that? and if that Doesnt fix the issue with my touch screen then I will follow up with the link you provided.

Do you have an opinion on that?

Okay now logs?



Fix result of Farbar Recovery Scan Tool (x64) Version:05-03-2016 01
Ran by Billy Thwart (2016-03-19 13:35:56) Run:1
Running from C:\Users\Billy Thwart\Downloads
Loaded Profiles: Billy Thwart (Available Profiles: Billy Thwart)
Boot Mode: Normal
==============================================

fixlist content:
*****************
Start

CreateRestorePoint:
EmptyTemp:
CloseProcesses:

HKLM\...\Run: [] => [X]
AppInit_DLLs-x32: C:\PROGRA~2\LENOVO~2\LENOVO~1\bin\SPVC32~1.DLL => No File
FF NewTab: hxxp://www.bing.com/?pc=COSP&ptag=D031716-A60FA26CFB78147A880F&form=CONMHP&conlogo=CT3332038
FF DefaultSearchEngine.US: DuckDuckGo
FF Homepage: hxxp://www.bing.com/?pc=COSP&ptag=D031716-A60FA26CFB78147A880F&form=CONMHP&conlogo=CT3332038
FF Plugin: @mcafee.com/MSC,version=10 -> C:\Program Files\mcafee\msc\npMcSnFFPl64.dll [No File]
FF Plugin-x32: @mcafee.com/MSC,version=10 -> C:\Program Files (x86)\McAfee\msc\npMcSnFFPl.dll [No File]
FF HKLM-x32\...\Thunderbird\Extensions: [msktbird@mcafee.com] - C:\Program Files\McAfee\MSK => not found
C:\Users\Billy Thwart\AppData\Local\Temp\6067408a-eac3-47c9-8281-054ef4a6a0f8.exe
C:\Users\Billy Thwart\AppData\Local\Temp\d19519dc-3caf-45e0-ab2f-122b8ee656bf.exe
AlternateDataStreams: C:\Windows:nlsPreferences [386]

End
*****************

Restore point was successfully created.
Processes closed successfully.
HKLM\Software\Microsoft\Windows\CurrentVersion\Run\\ => value removed successfully
"C:\PROGRA~2\LENOVO~2\LENOVO~1\bin\SPVC32~1.DLL" => Value data removed successfully.
Firefox "newtab" removed successfully
Firefox DefaultSearchEngine.US removed successfully
Firefox "homepage" removed successfully
"HKLM\Software\MozillaPlugins\@mcafee.com/MSC,version=10" => key removed successfully
"HKLM\Software\Wow6432Node\MozillaPlugins\@mcafee.com/MSC,version=10" => key removed successfully
HKLM\Software\Wow6432Node\Mozilla\Thunderbird\Extensions\\msktbird@mcafee.com => value removed successfully
C:\Users\Billy Thwart\AppData\Local\Temp\6067408a-eac3-47c9-8281-054ef4a6a0f8.exe => moved successfully
C:\Users\Billy Thwart\AppData\Local\Temp\d19519dc-3caf-45e0-ab2f-122b8ee656bf.exe => moved successfully
C:\Windows => ":nlsPreferences" ADS removed successfully.
EmptyTemp: => 572.8 MB temporary data Removed.


The system needed a reboot.

==== End of Fixlog 13:36:21 ====





 Additional scan result of Farbar Recovery Scan Tool (x64) Version:05-03-2016 01
Ran by Billy Thwart (2016-03-19 13:32:56)
Running from C:\Users\Billy Thwart\Downloads
Windows 10 Home Version 1511 (X64) (2016-03-16 23:53:53)
Boot Mode: Normal
==========================================================


==================== Accounts: =============================

Administrator (S-1-5-21-4200795788-837917841-911566171-500 - Administrator - Disabled)
Billy Thwart (S-1-5-21-4200795788-837917841-911566171-1001 - Administrator - Enabled) => C:\Users\Billy Thwart
DefaultAccount (S-1-5-21-4200795788-837917841-911566171-503 - Limited - Disabled)
Guest (S-1-5-21-4200795788-837917841-911566171-501 - Limited - Disabled)

==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AV: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AV: Ad-Aware Antivirus (Enabled - Up to date) {B0CC18C6-E527-6EE6-874C-9D19920E5619}
AV: Kaspersky Internet Security (Enabled - Up to date) {B41C7598-35F6-4D89-7D0E-7ADE69B4047B}
AS: Kaspersky Internet Security (Enabled - Up to date) {0F7D947C-13CC-4207-47BE-41AC12334EC6}
AS: Ad-Aware Antivirus (Enabled - Up to date) {0BADF922-C31D-6168-BDFC-A66BE9891CA4}
AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
FW: Kaspersky Internet Security (Enabled) {8C27F4BD-7F99-4CD1-5651-D3EB97674300}
FW: Ad-Aware Firewall (Disabled) {88F799E3-AF48-6FBE-AC13-342C6CDD1162}

==================== Installed Programs ======================

(Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

Ad-Aware Antivirus (HKLM\...\{50E2E8FE-1F8B-4F21-BE9F-F9152D3EA5B1}_AdAwareUpdater) (Version: 11.10.767.8917 - Lavasoft)
AdAwareInstaller (Version: 11.10.767.8917 - Lavasoft) Hidden
AdAwareUpdater (Version: 11.10.767.8917 - Lavasoft) Hidden
AntimalwareEngine (Version: 3.0.99.0 - Lavasoft) Hidden
AntispamEngine (Version: 2.4.4244.0 - Lavasoft) Hidden
AvcEngine (Version: 3.11.12293.0 - Lavasoft) Hidden
CCleaner (HKLM\...\CCleaner) (Version: 5.15 - Piriform)
CyberLink PowerDirector 10 (HKLM-x32\...\InstallShield_{B0B4F6D2-F2AE-451A-9496-6F2F6A897B32}) (Version: 10.0.0.2810 - CyberLink Corp.)
CyberLink PowerDirector 10 (Version: 10.0.0.2810 - CyberLink Corp.) Hidden
Dependency Package Update (Version: 1.6.25.00 - Lenovo Inc.) Hidden
Dependency Package Update (Version: 1.6.29.00 - Lenovo Inc.) Hidden
Dependency Package Update (Version: 1.6.38.00 - Lenovo Inc.) Hidden
FirewallEngine (Version: 1.6.0.0 - Lavasoft) Hidden
Harmony (HKLM-x32\...\{D02D9427-507D-4912-9285-97FCD5417E72}) (Version: 1.0.0.0929 - Lenovo)
Harmony (x32 Version: 1.0.0.0929 - Lenovo) Hidden
HitmanPro 3.7 (HKLM\...\HitmanPro37) (Version: 3.7.13.258 - SurfRight B.V.)
Intel® Chipset Device Software (x32 Version: 10.0.22 - Intel® Corporation) Hidden
Intel® Dynamic Platform and Thermal Framework (HKLM-x32\...\{654EE65D-FAA4-4EA6-8C07-DC94E6A304D4}) (Version: 8.0.10100.71 - Intel Corporation)
Intel® Management Engine Components (HKLM\...\{1CEAC85D-2590-4760-800F-8DE5E91F3700}) (Version: 10.0.30.1072 - Intel Corporation)
Intel® Processor Graphics (HKLM-x32\...\{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}) (Version: 10.18.15.4279 - Intel Corporation)
Intel® Rapid Storage Technology (HKLM\...\{409CB30E-E457-4008-9B1A-ED1B9EA21140}) (Version: 13.5.0.1056 - Intel Corporation)
Intel® Serial IO (HKLM\...\{9FD91C5C-44AE-4D9D-85BE-AE52816B0294}) (Version: 1.1.226.0 - Intel Corporation)
Kaspersky Internet Security (HKLM-x32\...\InstallWIX_{77E7AE5C-181C-4CAF-ADBF-946F11C1CE26}) (Version: 16.0.0.614 - Kaspersky Lab)
Kaspersky Internet Security (x32 Version: 16.0.0.614 - Kaspersky Lab) Hidden
Lenovo Dependency Package (HKLM\...\Lenovo Dependency Package_is1) (Version: 1.6.25.00 - Lenovo Group Limited)
Lenovo EasyCamera (HKLM-x32\...\Sunplus SPUVCb) (Version: 3.5.5.5 - SunplusIT)
Lenovo Experience Improvement (HKLM\...\LenovoExperienceImprovement) (Version: 1.1.12.0 - Lenovo)
Lenovo FusionEngine  (HKLM-x32\...\Lenovo FusionEngine) (Version: 1.0.13.0 - Lenovo, Inc.)
Lenovo Mobile Phone Wireless Import (HKLM-x32\...\InstallShield_{DFB2E0D6-8DDE-49A4-B8F7-03C14DACCBA6}) (Version: 1.1.1.9 - Lenovo)
Lenovo Mobile Phone Wireless Import (x32 Version: 1.1.1.9 - Lenovo) Hidden
Lenovo Motion Control (HKLM-x32\...\InstallShield_{D3F38500-4C99-4E4F-9786-B907224E13A1}) (Version: 2.6.0.0528 - PointGrab)
Lenovo Motion Control (x32 Version: 2.6.0.0528 - PointGrab) Hidden
Lenovo OneKey Recovery (HKLM-x32\...\InstallShield_{46F4D124-20E5-4D12-BE52-EC177A7A4B42}) (Version: 8.1.0.2619 - CyberLink Corp.)
Lenovo OneKey Recovery (Version: 8.1.0.2619 - CyberLink Corp.) Hidden
Lenovo Paper Display (HKLM-x32\...\InstallShield_{B5E4B638-FFF0-408F-9FB6-732CAFC73063}) (Version: 1.0.0.022 - Lenovo)
Lenovo Paper Display (x32 Version: 1.0.0.022 - Lenovo) Hidden
Lenovo Patch Utility (x32 Version: 1.3.2.6 - Lenovo Group Limited) Hidden
Lenovo Patch Utility 64 bit (Version: 1.3.2.6 - Lenovo Group Limited) Hidden
Lenovo PhoneCompanion (HKLM-x32\...\InstallShield_{0F82EA83-B0C5-4AB9-9695-DFE92C5FD57B}) (Version: 2.0.0.19 - Lenovo)
Lenovo PhoneCompanion (x32 Version: 2.0.0.19 - Lenovo) Hidden
Lenovo Photo Master (HKLM-x32\...\InstallShield_{BC94C56A-3649-420C-8756-2ADEBE399D33}) (Version: 1.0.1826.01 - CyberLink Corp.)
Lenovo Photo Master (x32 Version: 1.0.1826.01 - CyberLink Corp.) Hidden
Lenovo Reach (HKLM-x32\...\{3245D8C8-7FE0-4FD4-B04B-2720A333D592}) (Version: 1.1.3.7 - Stoneware, Inc.)
Lenovo Settings - Camera Audio (HKLM\...\{88C6A6D9-324C-46E8-BA87-563D14021442}_is1) (Version: 4.3.24.256 - Lenovo Corporation)
Lenovo Settings (HKLM\...\{D14CCBF5-1A3A-4C08-955B-BE6D519835C4}_is1) (Version: 2.0.0.5 - Lenovo)
Lenovo Settings Dependency Package (HKLM\...\{3694BA2E-BE31-4B7E-886B-A0B559E69D4D}_is1) (Version: 2.3.1.27 - Lenovo Group Limited)
Lenovo Settings Service (HKLM\...\{8C6F1EBA-17F1-4481-B688-9777E63E985F}_is1) (Version: 2.3.0.21 - Lenovo Group Limited)
Lenovo Settings UMDF driver (HKLM\...\{2BDC7413-65EA-4B99-8C4B-02F11075BE6D}_is1) (Version: 1.2.0.7 - Lenovo Group Limited)
Lenovo Settings WiFi (HKLM\...\{86045A6C-C156-4349-A3E2-47A88A42F5C2}_is1) (Version: 2.0.0.4 - Lenovo)
Lenovo SHAREit (HKLM-x32\...\Lenovo SHAREit_is1) (Version: 2.0.5.0 - Lenovo Group Limited)
Lenovo Yoga 3 Demo (HKLM-x32\...\{22000764-22E0-4313-AA51-FB9E191E0542}) (Version: 1.0.6 - Lenovo)
LenovoUtility (HKLM-x32\...\InstallShield_{6ADA7E88-8D16-4D0D-BC90-2B93AC5E56DA}) (Version: 1.5.0.26 - Lenovo)
LenovoUtility (x32 Version: 1.5.0.26 - Lenovo) Hidden
Malwarebytes Anti-Malware version 2.2.0.1024 (HKLM-x32\...\Malwarebytes Anti-Malware_is1) (Version: 2.2.0.1024 - Malwarebytes)
Maxx Audio Installer (x64) (Version: 1.6.4815.83 - Waves Audio Ltd.) Hidden
Metric Collection SDK 35 (x32 Version: 1.2.0001.00 - Lenovo Group Limited) Hidden
Microsoft Office (HKLM-x32\...\{90150000-0138-0409-0000-0000000FF1CE}) (Version: 15.0.4569.1506 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{837b34e3-7c30-493c-8f6a-2b0f04e2912c}) (Version: 8.0.59193 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.61030 (HKLM-x32\...\{33d1fd90-4274-48a1-9bc1-97e33d9c2d6f}) (Version: 11.0.61030.0 - Microsoft Corporation)
Mozilla Firefox 45.0 (x86 en-US) (HKLM-x32\...\Mozilla Firefox 45.0 (x86 en-US)) (Version: 45.0 - Mozilla)
Mozilla Maintenance Service (HKLM-x32\...\MozillaMaintenanceService) (Version: 45.0 - Mozilla)
Nitro Pro 9 (HKLM\...\{70B831B7-A8EE-4C5F-8F34-F383D24B3A04}) (Version: 9.0.5.9 - Nitro)
OneKey Optimizer (HKLM-x32\...\InstallShield_{D5D573DC-D989-4769-9B56-D6A7EA503D7F}) (Version: 1.1.20.16 - Lenovo)
OneKey Optimizer (x32 Version: 1.1.20.16 - Lenovo) Hidden
OnlineThreatsEngine (Version: 3.0.1.23 - Lavasoft) Hidden
Qualcomm Atheros 61x4 Bluetooth Suite (64) (HKLM\...\{628988B4-3FA5-4EA6-BAA3-DA640F6718BD}) (Version: 3.0.0.373 - Qualcomm Atheros)
Qualcomm Atheros 61x4 Wireless LAN Installer (HKLM-x32\...\{20CA507E-24AA-4741-87CF-CC1B250790B7}) (Version: 11.0.0.619A - Qualcomm Atheros)
Realtek Card Reader (HKLM-x32\...\{5BC2B5AB-80DE-4E83-B8CF-426902051D0A}) (Version: 6.3.9600.39060 - Realtek Semiconductor Corp.)
Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.7614 - Realtek Semiconductor Corp.)
Reason Core Security (HKLM-x32\...\Reason Core Security) (Version: 1.1.1.0 - Reason Software Company Inc.)
Synaptics Pointing Device Driver (HKLM\...\SynTPDeinstKey) (Version: 18.0.7.135 - Synaptics Incorporated)
UESDK (HKLM-x32\...\{EB3F6640-58AE-4886-B8BA-466B6939A933}_is1) (Version: 1.0.2.7 - Lenovo)
User Manuals (HKLM-x32\...\InstallShield_{F07C2CF8-4C53-4EC3-8162-A6221E36EB88}) (Version: 3.0.0.3 - Lenovo)
User Manuals (x32 Version: 3.0.0.3 - Lenovo) Hidden
Windows Driver Package - Lenovo (ACPIVPC) System  (09/24/2013 19.29.2.34) (HKLM\...\EE9B1F2037C580F36D92FA431CC02BFF04C31F15) (Version: 09/24/2013 19.29.2.34 - Lenovo)
Windows Driver Package - Lenovo (WUDFRd) LenovoVhid  (07/25/2013 10.30.0.288) (HKLM\...\6BCA401E9CBEED970D75F55FA5320F60D11984E9) (Version: 07/25/2013 10.30.0.288 - Lenovo)
Windows Driver Package - Lenovo (WUDFRd) Paper Display  (06/21/2014 1.0.0.0) (HKLM\...\5ECF5D114CC46EABC43D0207157DEFB68E9A74FB) (Version: 06/21/2014 1.0.0.0 - Lenovo)

==================== Custom CLSID (Whitelisted): ==========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

CustomCLSID: HKU\S-1-5-21-4200795788-837917841-911566171-1001_Classes\CLSID\{71DCE5D6-4B57-496B-AC21-CD5B54EB93FD}\localserver32 -> C:\Users\Billy Thwart\AppData\Local\Microsoft\OneDrive\17.3.6302.0225\FileCoAuth.exe (Microsoft Corporation)

==================== Scheduled Tasks (Whitelisted) =============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

Task: {16FB6987-3D23-4A26-AC49-4C2E0A1C5289} - System32\Tasks\Lenovo\Lenovo Customer Feedback Program 64 => C:\Program Files (x86)\Lenovo\Customer Feedback Program\Lenovo.TVT.CustomerFeedback.Agent.exe [2014-09-02] (Lenovo)
Task: {3E76967B-DFDC-4473-A0C3-B90602372F2F} - System32\Tasks\Lenovo\Experience Improvement => C:\Program Files\Lenovo\ExperienceImprovement\LenovoExperienceImprovement.exe [2016-03-15] (Lenovo)
Task: {59511ED0-99B5-408F-957E-40359E929094} - System32\Tasks\McAfee Remediation (Prepare) => C:\Program Files\Common Files\AV\McAfee Anti-Virus And Anti-Spyware\upgrade.exe [2015-11-03] (McAfee, Inc.)
Task: {9666A54C-3232-4E17-9508-916DDFE937F0} - System32\Tasks\ReasonSecurityScheduledScan => C:\Program Files\Reason\Security\rsUI.exe [2015-12-24] (Reason Software Company Inc.)
Task: {99DFE6EF-27B3-4DAC-9F85-E4417E8ABE87} - System32\Tasks\Lenovo\Lenovo Customer Feedback Program 64 35 => C:\Program Files (x86)\Lenovo\Customer Feedback Program 35\Lenovo.TVT.CustomerFeedback.Agent35.exe [2014-05-30] (Lenovo)
Task: {BBFC6736-DCCA-4475-99DC-4423C1452276} - System32\Tasks\Lenovo\Dependency Package Auto Update => C:\Program Files\Lenovo\iMController\AutoUpdate.exe [2014-05-21] ()
Task: {C0323192-1F52-4DA6-B54D-BC44F0513FCB} - System32\Tasks\Microsoft\Windows\RemovalTools\MRT_ERROR_HB => C:\WINDOWS\system32\MRT.exe [2016-03-17] (Microsoft Corporation)
Task: {E3B830A7-B09E-42A8-B30A-0C9A29316E64} - System32\Tasks\ReasonSecurityStart => C:\Program Files\Reason\Security\rsUI.exe [2015-12-24] (Reason Software Company Inc.)
Task: {F886E990-F182-4C57-9E33-E8A350ACEE69} - System32\Tasks\CCleanerSkipUAC => C:\Program Files\CCleaner\CCleaner.exe [2016-02-12] (Piriform Ltd)

(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)


==================== Shortcuts =============================

(The entries could be listed to be restored or removed.)

==================== Loaded Modules (Whitelisted) ==============

2015-10-30 03:18 - 2015-10-30 03:18 - 00185856 _____ () C:\WINDOWS\SYSTEM32\ism32k.dll
2016-03-16 23:37 - 2016-03-16 23:37 - 02654872 _____ () C:\WINDOWS\system32\CoreUIComponents.dll
2016-03-16 23:37 - 2016-03-16 23:37 - 02654872 _____ () C:\WINDOWS\System32\CoreUIComponents.dll
2015-01-24 04:22 - 2014-11-17 19:35 - 00036632 _____ () C:\Program Files\Lenovo\OneKey Optimizer\bin\Metric.dll
2015-01-24 04:22 - 2014-11-17 19:35 - 00166680 _____ () C:\Program Files\Lenovo\OneKey Optimizer\bin\Lenovo.MetricCollectionMFCx64.dll
2016-01-28 16:48 - 2016-01-28 16:48 - 02794744 _____ () C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.10.767.8917\AdAwareShellExtension.dll
2016-01-28 16:48 - 2016-01-28 16:48 - 03549904 _____ () C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.10.767.8917\RCF.dll
2016-01-28 16:48 - 2016-01-28 16:48 - 00123656 _____ () C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.10.767.8917\boost_filesystem-vc120-mt-1_57.dll
2016-01-28 16:48 - 2016-01-28 16:48 - 00025856 _____ () C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.10.767.8917\boost_system-vc120-mt-1_57.dll
2016-03-18 14:20 - 2016-03-18 14:22 - 00144384 _____ () C:\Program Files\WindowsApps\Microsoft.Messaging_2.13.20000.0_x86__8wekyb3d8bbwe\SkypeHost.exe
2015-01-24 04:24 - 2014-11-20 14:43 - 00016920 _____ () C:\Program Files\Lenovo\OneKey Optimizer\bin\FbServicePS.dll
2015-01-24 04:11 - 2014-09-04 18:46 - 00017688 _____ () C:\Program Files (x86)\Lenovo\Harmony\Setting\HarmonySettingService.exe
2016-03-17 04:27 - 2016-03-17 04:27 - 00980480 _____ () C:\WINDOWS\assembly\NativeImages_v4.0.30319_64\Windows.Security\1c1eaaa6dfaad00c8ec14e57782c6015\Windows.Security.ni.dll
2015-01-24 04:11 - 2014-08-25 14:30 - 00075032 _____ () C:\Program Files (x86)\Lenovo\Harmony\Setting\HarmonyAudio.dll
2015-01-24 04:11 - 2014-08-25 14:33 - 00017176 _____ () C:\Program Files (x86)\Lenovo\Harmony\Setting\TouchScreenContronlDLL.dll
2015-01-24 04:11 - 2014-08-25 14:32 - 00026392 _____ () C:\Program Files (x86)\Lenovo\Harmony\Setting\PowerDll.DLL
2015-01-24 04:10 - 2014-08-25 14:26 - 00017176 _____ () C:\Program Files (x86)\Lenovo\Harmony\Picks\HarmonyPicksService.exe
2016-01-28 16:44 - 2016-01-28 16:44 - 00712432 _____ () C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.10.767.8917\AdAwareService.exe
2016-01-28 16:48 - 2016-01-28 16:48 - 00057096 _____ () C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.10.767.8917\boost_date_time-vc120-mt-1_57.dll
2016-01-28 16:48 - 2016-01-28 16:48 - 11674360 _____ () C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.10.767.8917\AdAwareServiceKernel.dll
2016-01-28 16:48 - 2016-01-28 16:48 - 00911616 _____ () C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.10.767.8917\boost_regex-vc120-mt-1_57.dll
2016-01-28 16:48 - 2016-01-28 16:48 - 00107776 _____ () C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.10.767.8917\boost_thread-vc120-mt-1_57.dll
2016-01-28 16:48 - 2016-01-28 16:48 - 00035072 _____ () C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.10.767.8917\boost_chrono-vc120-mt-1_57.dll
2016-01-28 16:47 - 2016-01-28 16:47 - 00973040 _____ () C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.10.767.8917\AdAwareActivation.dll
2016-01-28 16:48 - 2016-01-28 16:48 - 00561920 _____ () C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.10.767.8917\AdAwareApplicationUpdater.dll
2016-01-28 16:48 - 2016-01-28 16:48 - 00847600 _____ () C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.10.767.8917\AdAwareGamingMode.dll
2016-01-28 16:48 - 2016-01-28 16:48 - 00101096 _____ () C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.10.767.8917\AdAwareReset.dll
2016-01-28 16:48 - 2016-01-28 16:48 - 00123104 _____ () C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.10.767.8917\AdAwareTime.dll
2016-01-28 16:48 - 2016-01-28 16:48 - 01030912 _____ () C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.10.767.8917\AdAwareDefinitionsUpdater.dll
2016-01-28 16:48 - 2016-01-28 16:48 - 00905488 _____ () C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.10.767.8917\AdAwareDefinitionsUpdaterScheduler.dll
2016-01-28 16:48 - 2016-01-28 16:48 - 01146608 _____ () C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.10.767.8917\AdAwareIgnoreList.dll
2016-01-28 16:48 - 2016-01-28 16:48 - 00243440 _____ () C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.10.767.8917\AdAwareQuarantine.dll
2016-01-28 16:47 - 2016-01-28 16:47 - 01594624 _____ () C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.10.767.8917\AdAwareAntiMalwareEngine.dll
2016-01-28 16:48 - 2016-01-28 16:48 - 00206080 _____ () C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.10.767.8917\AdAwareAntiRootkitEngine.dll
2016-01-28 16:48 - 2016-01-28 16:48 - 01210616 _____ () C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.10.767.8917\AdAwareScannerHistory.dll
2016-01-28 16:48 - 2016-01-28 16:48 - 01373928 _____ () C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.10.767.8917\AdAwareScanner.dll
2016-01-28 16:48 - 2016-01-28 16:48 - 00036096 _____ () C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.10.767.8917\boost_timer-vc120-mt-1_57.dll
2016-01-28 16:48 - 2016-01-28 16:48 - 01019640 _____ () C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.10.767.8917\AdAwareScannerScheduler.dll
2016-01-28 16:48 - 2016-01-28 16:48 - 01190656 _____ () C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.10.767.8917\AdAwareRealTimeProtection.dll
2016-01-28 16:48 - 2016-01-28 16:48 - 02547448 _____ () C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.10.767.8917\AdAwareIncompatibles.dll
2016-01-28 16:48 - 2016-01-28 16:48 - 01489640 _____ () C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.10.767.8917\AdAwareAntiSpam.dll
2016-01-28 16:48 - 2016-01-28 16:48 - 01437424 _____ () C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.10.767.8917\AdAwareAntiPhishing.dll
2016-01-28 16:48 - 2016-01-28 16:48 - 03263736 _____ () C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.10.767.8917\AdAwareParentalControl.dll
2016-01-28 16:48 - 2016-01-28 16:48 - 03107576 _____ () C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.10.767.8917\AdAwareWebProtection.dll
2016-01-28 16:48 - 2016-01-28 16:48 - 01325816 _____ () C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.10.767.8917\AdAwareEmailProtection.dll
2016-01-28 16:48 - 2016-01-28 16:48 - 00059656 _____ () C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.10.767.8917\boost_iostreams-vc120-mt-1_57.dll
2016-01-28 16:48 - 2016-01-28 16:48 - 01878784 _____ () C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.10.767.8917\AdAwareNetworkProtection.dll
2016-01-28 16:48 - 2016-01-28 16:48 - 01024744 _____ () C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.10.767.8917\AdAwarePromo.dll
2016-01-28 16:48 - 2016-01-28 16:48 - 00457448 _____ () C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.10.767.8917\AdAwareFeedback.dll
2016-01-28 16:48 - 2016-01-28 16:48 - 02958592 _____ () C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.10.767.8917\AdAwareThreatWorkAlliance.dll
2016-01-28 16:48 - 2016-01-28 16:48 - 01310952 _____ () C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.10.767.8917\AdAwarePinCode.dll
2016-01-28 16:48 - 2016-01-28 16:48 - 01027304 _____ () C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.10.767.8917\AdAwareNotice.dll
2016-01-28 16:48 - 2016-01-28 16:48 - 01563888 _____ () C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.10.767.8917\AdAwareAvcEngine.dll
2016-01-28 16:48 - 2016-01-28 16:48 - 01222416 _____ () C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.10.767.8917\AdAwareRealTimeProtectionHistory.dll
2016-01-28 16:48 - 2016-01-28 16:48 - 00519920 _____ () C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.10.767.8917\AdAwareStatistics.dll
2016-03-17 04:20 - 2015-01-06 12:47 - 00156936 _____ () C:\WINDOWS\SYSTEM32\bdfwcore.dll
2016-03-17 04:30 - 2016-03-17 04:30 - 01119064 _____ () C:\Program Files\Lavasoft\Ad-Aware Antivirus\Online Threats Engine\3.0.1.23\definitions\loc2\ashttpbr.mdl
2016-03-17 04:30 - 2016-03-17 04:30 - 00794832 _____ () C:\Program Files\Lavasoft\Ad-Aware Antivirus\Online Threats Engine\3.0.1.23\definitions\loc2\ashttpdsp.mdl
2016-03-17 04:30 - 2016-03-17 04:30 - 03038112 _____ () C:\Program Files\Lavasoft\Ad-Aware Antivirus\Online Threats Engine\3.0.1.23\definitions\loc2\ashttpph.mdl
2016-03-17 04:30 - 2016-03-17 04:30 - 01648408 _____ () C:\Program Files\Lavasoft\Ad-Aware Antivirus\Online Threats Engine\3.0.1.23\definitions\loc2\ashttprbl.mdl
2015-01-24 04:17 - 2015-01-24 04:17 - 00133440 _____ () C:\Program Files\Lenovo PhoneCompanion\LPAWDService.exe
2014-09-25 18:41 - 2014-09-25 18:41 - 00025368 _____ () C:\Program Files (x86)\Lenovo\PaperDisplay\PLHotkeyService.exe
2015-01-24 04:16 - 2012-04-24 06:43 - 00390632 _____ () C:\Program Files\CyberLink\Shared files\RichVideo64.exe
2015-01-24 04:11 - 2014-05-20 20:16 - 00061200 _____ () C:\ProgramData\LenovoTransition\Server\x64\dptf.dll
2016-03-17 04:29 - 2016-03-17 04:29 - 00017168 _____ () C:\Program Files (x86)\Lavasoft\Web Companion\Application\Lavasoft.WCAssistant.WinService.exe
2016-03-17 04:29 - 2016-03-17 04:29 - 00008976 _____ () C:\Program Files (x86)\Lavasoft\Web Companion\Application\Lavasoft.WCAssistant.Service.Logger.dll
2016-03-17 04:29 - 2016-03-17 04:29 - 00028944 _____ () C:\Program Files (x86)\Lavasoft\Web Companion\Application\Lavasoft.WCAssistant.WcfService.dll
2015-09-04 04:55 - 2015-09-04 04:55 - 00406944 _____ () C:\WINDOWS\system32\igfxTray.exe
2016-01-28 16:48 - 2016-01-28 16:48 - 09581280 _____ () C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.10.767.8917\AdAwareTray.exe
2016-01-28 16:48 - 2016-01-28 16:48 - 00492288 _____ () C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.10.767.8917\boost_locale-vc120-mt-1_57.dll
2016-01-28 16:48 - 2016-01-28 16:48 - 02266344 _____ () C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.10.767.8917\HtmlFramework.dll
2016-01-28 16:48 - 2016-01-28 16:48 - 00868600 _____ () C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.10.767.8917\AdAwareTrayDefaultSkin.dll
2016-02-13 08:54 - 2016-02-13 08:54 - 00093696 _____ () C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\Windows.UI.Shell.SharedUtilities.dll
2016-03-16 23:38 - 2016-03-16 23:38 - 00472064 _____ () C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\QuickActions.dll
2016-02-13 08:54 - 2016-02-13 08:54 - 07992832 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\CortanaApi.dll
2016-02-13 08:54 - 2016-02-13 08:54 - 00591360 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\Cortana.Core.dll
2016-02-13 08:54 - 2016-02-13 08:54 - 02483200 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\Cortana.BackgroundTask.dll
2016-02-13 08:54 - 2016-02-13 08:54 - 04089856 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\RemindersUI.dll
2016-02-13 08:54 - 2016-02-13 08:54 - 00936960 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\Cortana.Actions.dll
2015-01-24 04:04 - 2015-01-24 04:04 - 00097048 _____ () C:\Program Files\Lenovo\LenovoUtility\kbdhook.dll
2015-01-24 04:11 - 2014-08-14 14:47 - 00109840 _____ () C:\Program Files (x86)\Lenovo\LenovoTransition\TransitionServer.exe
2015-01-24 04:22 - 2014-11-17 19:35 - 00040216 _____ () C:\Program Files\Lenovo\OneKey Optimizer\bin\EnglishRes.dll
2015-01-24 04:10 - 2014-08-25 14:27 - 00074520 _____ () C:\Program Files (x86)\Lenovo\Harmony\Picks\Lenovo.Harmonydll.dll
2016-01-06 12:41 - 2016-01-06 12:41 - 00062168 _____ () C:\Program Files\CCleaner\branding.dll
2015-01-24 04:24 - 2014-11-20 14:43 - 00159256 _____ () C:\Program Files\Lenovo\OneKey Optimizer\bin\FbApi.dll
2015-01-24 04:23 - 2014-11-17 19:35 - 00036120 _____ () C:\Program Files\Lenovo\OneKey Optimizer\bin\zd.dll
2016-03-18 14:20 - 2016-03-18 14:22 - 00141312 _____ () C:\Program Files\WindowsApps\Microsoft.Messaging_2.13.20000.0_x86__8wekyb3d8bbwe\SkypeBackgroundTasks.dll
2016-03-18 14:20 - 2016-03-18 14:22 - 22330368 _____ () C:\Program Files\WindowsApps\Microsoft.Messaging_2.13.20000.0_x86__8wekyb3d8bbwe\SkyWrap.dll
2015-07-08 23:18 - 2015-07-08 23:18 - 00794920 _____ () C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 16.0.0\kpcengine.2.3.dll
2014-05-28 17:16 - 2014-05-28 17:16 - 00013576 _____ () C:\Program Files (x86)\Lenovo\Motion Control\PointGrabDeviceAPI.dll
2015-01-24 04:11 - 2014-08-25 14:32 - 00168216 _____ () C:\Program Files (x86)\Lenovo\Harmony\Setting\PG_SettingsLib.dll
2015-01-24 04:11 - 2014-08-25 14:30 - 00018200 _____ () C:\Program Files (x86)\Lenovo\Harmony\Setting\Lenovo.Harmonydll.dll
2014-10-10 13:37 - 2014-10-10 13:37 - 01243936 _____ () C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\ACE.dll

==================== Alternate Data Streams (Whitelisted) =========

(If an entry is included in the fixlist, only the ADS will be removed.)

AlternateDataStreams: C:\Windows:nlsPreferences [386]

==================== Safe Mode (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)


==================== EXE Association (Whitelisted) ===============

(If an entry is included in the fixlist, the registry item will be restored to default or removed.)


==================== Internet Explorer trusted/restricted ===============

(If an entry is included in the fixlist, it will be removed from the registry.)

IE trusted site: HKU\S-1-5-21-4200795788-837917841-911566171-1001\...\localhost -> localhost
IE trusted site: HKU\S-1-5-21-4200795788-837917841-911566171-1001\...\webcompanion.com -> hxxp://webcompanion.com

==================== Hosts content: ===============================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2013-08-22 09:25 - 2013-08-22 09:25 - 00000824 ____A C:\WINDOWS\system32\Drivers\etc\hosts


==================== Other Areas ============================

(Currently there is no automatic fix for this section.)

HKU\S-1-5-21-4200795788-837917841-911566171-1001\Control Panel\Desktop\\Wallpaper -> C:\windows\Web\Wallpaper\Lenovo\LenovoWallPaper.jpg
DNS Servers: 209.18.47.61 - 209.18.47.62
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1)
Windows Firewall is enabled.

==================== MSCONFIG/TASK MANAGER disabled items ==

(Currently there is no automatic fix for this section.)


==================== FirewallRules (Whitelisted) ===============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

FirewallRules: [vm-monitoring-nb-session] => (Allow) LPort=139
FirewallRules: [{F82BE279-76DE-48AB-9795-B5B0C88E546A}] => (Allow) C:\Program Files\Lenovo PhotoMasterImport\PhotoMasterImport.exe
FirewallRules: [{E00AEA4F-F61C-44CF-99FD-C4584EAA19F0}] => (Allow) LPort=55100
FirewallRules: [{F7EFB365-EF11-4CF3-8908-1A74CBE799FE}] => (Allow) C:\Program Files (x86)\Lenovo\Lenovo Photo Master\subsys\AdvPhotoEditor\PhotoDirector5.exe
FirewallRules: [{613BD2DE-BAB9-4C99-BF6A-316EE2729AA4}] => (Allow) C:\Program Files\Lenovo PhoneCompanion\LPAWDService.exe
FirewallRules: [{7868C5FE-D293-4928-AA5D-886CCF97B7FB}] => (Allow) C:\Program Files\Lenovo PhoneCompanion\LPAWDService.exe
FirewallRules: [{A477BD69-9E67-4E73-80E6-8A4118251E01}] => (Allow) C:\Program Files\CyberLink\PowerDirector10\PDR10.EXE
FirewallRules: [{F12A51BD-4D33-40AF-A35B-CED6426E3AE8}] => (Allow) C:\Program Files (x86)\Lenovo\SHAREit\SHAREit.exe
FirewallRules: [{52AAB534-FCCE-49D1-B7D5-9F76AA445398}] => (Allow) C:\Program Files (x86)\Lenovo\SHAREit\SHAREit.exe
FirewallRules: [{18D5913E-E89B-4461-8EDC-E7B14D4E54D7}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
FirewallRules: [{084A172D-0C77-47C4-B47A-FAF2395F2E9D}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe

==================== Restore Points =========================

17-03-2016 19:58:44 Windows Update

==================== Faulty Device Manager Devices =============

Name: Intel® USB 3.0 eXtensible Host Controller - 1.0 (Microsoft)
Description: USB xHCI Compliant Host Controller
Class Guid: {36fc9e60-c465-11cf-8056-444553540000}
Manufacturer: Generic USB xHCI Host Controller
Service: USBXHCI
Problem: : This device is disabled. (Code 22)
Resolution: In Device Manager, click "Action", and then click "Enable Device". This starts the Enable Device wizard. Follow the instructions.


==================== Event log errors: =========================

Application errors:
==================
Error: (03/19/2016 01:33:12 PM) (Source: PLCoreService) (EventID: 0) (User: )
Description: PLCoreServiceevent type =  failed w/err 0x0000000a

Error: (03/19/2016 01:32:24 PM) (Source: lupdate) (EventID: 0) (User: )
Description: lupdateloopTime is  failed w/err 0x000036d8

Error: (03/19/2016 01:32:24 PM) (Source: lupdate) (EventID: 0) (User: )
Description: lupdateloopNum1++, loopNum1 is  failed w/err 0x00000001

Error: (03/19/2016 01:27:29 PM) (Source: PLCoreService) (EventID: 0) (User: )
Description: PLCoreServiceevent type =  failed w/err 0x0000000a

Error: (03/19/2016 01:21:47 PM) (Source: PLCoreService) (EventID: 0) (User: )
Description: PLCoreServiceevent type =  failed w/err 0x0000000a

Error: (03/19/2016 01:18:54 PM) (Source: lupdate) (EventID: 0) (User: )
Description: lupdateloopTime is  failed w/err 0x0000031f

Error: (03/19/2016 01:16:04 PM) (Source: PLCoreService) (EventID: 0) (User: )
Description: PLCoreServiceevent type =  failed w/err 0x0000000a

Error: (03/19/2016 01:15:49 PM) (Source: PLCoreService) (EventID: 0) (User: )
Description: PLCoreServiceget IsPDenable flag =  failed w/err 0x00000000

Error: (03/19/2016 01:15:49 PM) (Source: PLCoreService) (EventID: 0) (User: )
Description: PLCoreServiceevent type =  failed w/err 0x00008013

Error: (03/19/2016 01:15:48 PM) (Source: PLCoreService) (EventID: 0) (User: )
Description: PLCoreServiceevent type =  failed w/err 0x00008013


System errors:
=============
Error: (03/19/2016 01:16:28 PM) (Source: DCOM) (EventID: 10016) (User: Uh-Computer)
Description: machine-defaultLocalActivation{C2F03A33-21F5-47FA-B4BB-156362A2F239}{316CDED5-E4AE-4B15-9113-7055D84DCC97}Uh-ComputerBilly ThwartS-1-5-21-4200795788-837917841-911566171-1001LocalHost (Using LRPC)Microsoft.Windows.FeatureOnDemand.InsiderHub_10.0.10586.0_neutral_neutral_cw5n1h2txyewyS-1-15-2-4016783169-893401051-2237370320-274899566-412088533-2398988950-2155762795

Error: (03/19/2016 01:15:43 PM) (Source: EventLog) (EventID: 6008) (User: )
Description: The previous system shutdown at 3:04:20 PM on ‎3/‎18/‎2016 was unexpected.

Error: (03/17/2016 09:17:28 PM) (Source: DCOM) (EventID: 10016) (User: NT AUTHORITY)
Description: application-specificLocalActivation{D63B10C5-BB46-4990-A94F-E40B9D520160}{9CA88EE3-ACB7-47C8-AFC4-AB702511C276}NT AUTHORITYSYSTEMS-1-5-18LocalHost (Using LRPC)UnavailableUnavailable

Error: (03/17/2016 09:01:03 PM) (Source: Microsoft-Windows-WindowsUpdateClient) (EventID: 20) (User: NT AUTHORITY)
Description: Installation Failure: Windows failed to install the following update with error 0x80070643: Definition Update for Windows Defender - KB2267602 (Definition 1.215.2092.0).

Error: (03/17/2016 12:43:44 AM) (Source: Microsoft-Windows-HAL) (EventID: 13) (User: NT AUTHORITY)
Description: The system watchdog timer was triggered.

Error: (03/17/2016 12:43:58 AM) (Source: EventLog) (EventID: 6008) (User: )
Description: The previous system shutdown at 12:43:30 AM on ‎3/‎17/‎2016 was unexpected.

Error: (03/17/2016 12:43:30 AM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: The Windows Connect Now - Config Registrar service terminated unexpectedly.  It has done this 1 time(s).  The following corrective action will be taken in 120000 milliseconds: Restart the service.

Error: (03/17/2016 12:43:30 AM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: The Time Broker service terminated unexpectedly.  It has done this 1 time(s).  The following corrective action will be taken in 120000 milliseconds: Restart the service.

Error: (03/17/2016 12:43:30 AM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: The SSDP Discovery service terminated unexpectedly.  It has done this 1 time(s).  The following corrective action will be taken in 100 milliseconds: Restart the service.

Error: (03/17/2016 12:43:30 AM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: The Sensor Monitoring Service service terminated unexpectedly.  It has done this 1 time(s).


CodeIntegrity:
===================================
  Date: 2016-03-19 13:19:28.092
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume5\Windows\System32\efswrt.dll because the set of per-page image hashes could not be found on the system.

  Date: 2016-03-16 19:46:30.848
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume5\Windows\System32\efswrt.dll because the set of per-page image hashes could not be found on the system.

  Date: 2016-03-16 19:46:30.594
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume5\Windows\System32\efswrt.dll because the set of per-page image hashes could not be found on the system.

  Date: 2016-03-16 19:41:30.457
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume5\Windows\System32\efswrt.dll because the set of per-page image hashes could not be found on the system.


==================== Memory info ===========================

Processor: Intel® Core™ M-5Y71 CPU @ 1.20GHz
Percentage of memory in use: 35%
Total physical RAM: 8105.84 MB
Available physical RAM: 5252.58 MB
Total Virtual: 10025.84 MB
Available Virtual: 6905.8 MB

==================== Drives ================================

Drive c: (Windows8_OS) (Fixed) (Total:198.11 GB) (Free:150.34 GB) NTFS ==>[system with boot components (obtained from drive)]
Drive d: (LENOVO) (Fixed) (Total:25 GB) (Free:24.9 GB) NTFS

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (Size: 238.5 GB) (Disk ID: 48794370)

Partition: GPT.

==================== End of Addition.txt ============================







# AdwCleaner v5.102 - Logfile created 19/03/2016 at 13:43:49
# Updated 13/03/2016 by Xplode
# Database : 2016-03-19.1 [Server]
# Operating system : Windows 10 Home  (x64)
# Username : Billy Thwart - UH-COMPUTER
# Running from : C:\Users\Billy Thwart\Downloads\adwcleaner_5.102.exe
# Option : Scan
# Support : http://toolslib.net/forum

***** [ Services ] *****


***** [ Folders ] *****


***** [ Files ] *****

File Found : C:\WINDOWS\SysNative\LavasoftTcpService64.dll
File Found : C:\WINDOWS\SysNative\LavasoftTcpServiceOff.ini
File Found : C:\WINDOWS\SysWOW64\lavasofttcpservice.dll
File Found : C:\WINDOWS\SysWOW64\LavasoftTcpServiceOff.ini

***** [ DLL ] *****


***** [ Shortcuts ] *****


***** [ Scheduled tasks ] *****


***** [ Registry ] *****

Key Found : HKCU\Software\Pokki
Key Found : HKCU\Software\AppDataLow\Software\adawarebp
Key Found : HKU\S-1-5-21-4200795788-837917841-911566171-1001\Software\Pokki
Key Found : HKU\S-1-5-21-4200795788-837917841-911566171-1001\Software\AppDataLow\Software\adawarebp
Key Found : HKCU\Software\Classes\pokki
Key Found : HKU\S-1-5-21-4200795788-837917841-911566171-1001\Software\Classes\pokki

***** [ Web browsers ] *****

[C:\Users\Billy Thwart\AppData\Roaming\Mozilla\Firefox\Profiles\bk6ranbf.default\prefs.js] [Preference] Found : user_pref("browser.newtabpage.url", "hxxp://www.bing.com/?pc=COSP&ptag=D031716-A60FA26CFB78147A880F&form=CONMHP&conlogo=CT3332038");

*************************

C:\Program Files (x86)\AdwCleaner\AdwCleaner[S1].txt - [1687 bytes] - [19/03/2016 13:41:29]
C:\Program Files (x86)\AdwCleaner\AdwCleaner[S2].txt - [1588 bytes] - [19/03/2016 13:43:49]

########## EOF - C:\Program Files (x86)\AdwCleaner\AdwCleaner[S2].txt - [1681 bytes] ##########




PS I feel the touch screen will fix its self with removal of malware and factory reset and if everything is safe to do that, however if you want me to experiment with that trouble shooting for you I dont mind just will take a little longer with my replioes.


Thank you nasdaq
Billythwart



#4 BillyThwart

BillyThwart

    Member

  • Full Member
  • Pip
  • 9 posts

Posted 19 March 2016 - 11:32 PM

A few other things I want to mention. I've never set a password to this computer but when login appears, for a second a password interface appears, then non-password protected login interface.The computer has also been adjusting brightness with out input.

I tried all the steps on the touch screen windows page, I didn't think I'd have time to, the setting "Calibrate the screen for pen and touch input," suggested by Microsoft doesnt seem to exsist. I'm almost positive it will come back with system restore or with elimination of malware, like wifi issue I had previously.

One option suggested draining the battery by up volume arrow and power button, now the touch button windows logo works, but no other part of the touch screen. 

Lastly during browsing, (I'm not sure what its called) maybe the display of transfer packets, in the right corner of the browser window:

Waiting http://www.DuckDuckGo.com
Read http://www.DuckDuckGo.com
Transfer http://www.DuckDuckGo.com

Used be much murkier. i.e. Other sites/ whatever were being accessed in those protocols, maybe more stuff too.
So somethings happening. So thats awesome!

Anyway thanks for your hard work I'm eagerly waiting your reply!



#5 nasdaq

nasdaq

    Forum Deity

  • Global Moderator
  • PipPipPipPipPip
  • 49,165 posts

Posted 20 March 2016 - 07:09 AM


Lastly during browsing, (I'm not sure what its called) maybe the display of transfer packets, in the right corner of the browser window:


Try this.
Clear Cache - Microsoft Edge Browser
https://www.wiknix.c...t-edge-browser/
===


If not already done, pleaserun the AdwCeaner tool and delete everything that was is identified.

==

Returning to the Factory level may not be a good idea at this time.

I just want you to make sure you have all the latest Windows security Updates.

Then check to see if you have all the latest drivers for your system.

Navigate to this page.
http://secunia.com/v...nning/personal/

Download and install the Secunia PSI.

Run the application and update all the programs/drivers that needs to be updated.

===
p.s.

Secunia will start looking for new updates every time you boot the system.
This is an overkill. When all is well you can remove it using the Add/Remove programs applet.

---


Let me know what problem persists.
nasdaq

Favorite tools: [ SpywareBlaster ] [ Spybot ] [ AdAware ] [ HijackThis ]
[ Housecall online virus scan ] [ Bitdefender online virus scan ]
[ AVG antivirus ] [ Sunbelt Personal Firewall ] [ ZoneAlarm firewall ]

My help is free, but if we have helped you in anyway,please considerDonating ,
see this topic for details.
We need members like you.

========
Shouldn't water be worth more than diamonds?
Adam Smith Glasgow, 1760

#6 BillyThwart

BillyThwart

    Member

  • Full Member
  • Pip
  • 9 posts

Posted 20 March 2016 - 10:49 AM

Running Adaware returns an empty list but still has the "fix option" I've been clicking "Fix?" "Ok" it's been "fixing." So I'm not sure what on about. Should I run adaware in safe mode to get registry to fill?

Thanks

Will do the other scans after work, and post an update



#7 nasdaq

nasdaq

    Forum Deity

  • Global Moderator
  • PipPipPipPipPip
  • 49,165 posts

Posted 20 March 2016 - 01:26 PM

If you do not see any of these in the sections Registry and Web Browsers then all is well with the AdwCleaner tool.

***** [ Registry ] *****

Key Found : HKCU\Software\Pokki
Key Found : HKCU\Software\AppDataLow\Software\adawarebp
Key Found : HKU\S-1-5-21-4200795788-837917841-911566171-1001\Software\Pokki
Key Found : HKU\S-1-5-21-4200795788-837917841-911566171-1001\Software\AppDataLow\Software\adawarebp
Key Found : HKCU\Software\Classes\pokki
Key Found : HKU\S-1-5-21-4200795788-837917841-911566171-1001\Software\Classes\pokki

***** [ Web browsers ] *****

[C:\Users\Billy Thwart\AppData\Roaming\Mozilla\Firefox\Profiles\bk6ranbf.default\prefs.js] [Preference] Found : user_pref("browser.newtabpage.url", "hxxp://www.bing.com/?pc=COSP&ptag=D031716-A60FA26CFB78147A880F&form=CONMHP&conlogo=CT3332038");


---
nasdaq

Favorite tools: [ SpywareBlaster ] [ Spybot ] [ AdAware ] [ HijackThis ]
[ Housecall online virus scan ] [ Bitdefender online virus scan ]
[ AVG antivirus ] [ Sunbelt Personal Firewall ] [ ZoneAlarm firewall ]

My help is free, but if we have helped you in anyway,please considerDonating ,
see this topic for details.
We need members like you.

========
Shouldn't water be worth more than diamonds?
Adam Smith Glasgow, 1760

#8 BillyThwart

BillyThwart

    Member

  • Full Member
  • Pip
  • 9 posts

Posted 21 March 2016 - 11:30 PM

fyi tried to enter safe mode through lenovo button (bios menu/ factory reset/ safe modes/ etc.). however wasnt able to enter correct meunu and was given error code


"SYSTEM_THREAD_EXCEPTION_NOT_HANDLED (ntfs.sys)" and "system restarting"
stayed at 0% restarting for a while clicked power button on and off

was able to enter safe mode through windows --> settings

but when entering safe mode networking enabled no internet connection was present


I'm pretty sure I havent uninstalled adaware however I had to reinstall for this scan (log below)

And with this scan all of the files you mentioned


"****Key Found*****"


were in registry tab, was upset and neglected to check browsers tabs before restarting
didnt check tabs during other scans, so sorry for being dull. and have not scanned again

to see if those files were removed figured id wait to see if thats what i should do next.

 

 

Securia psi updated malware bytes


like i said earlier i just downloaded the free windows 8.1 --> 10 upgrade so should have latest windows updates

There is a touch screen windows soft key and that button works,
So my touch screen is responsive at some level,
and i dont believe my touch screen is broken,
i just believe the malware currently running is causing it to not work,
and am confident that, like earlier when internet wasnt reading,
it will fix with factory reset...

am looking to trouble shooting my touch screen issues before sleep tonight.
Microsoft site suggested "Calibrate the screen for pen and touch input"
however the only calibration i can find is for display. anyway cheers for the help!

im committed to finding a solution with you to these unwanted programs before the point where i reset.



# AdwCleaner v5.105 - Logfile created 21/03/2016 at 23:45:15
# Updated 21/03/2016 by Xplode
# Database : 2016-03-21.3 [Server]
# Operating system : Windows 10 Home  (x64)
# Username : Billy Thwart - UH-COMPUTER
# Running from : C:\Users\Billy Thwart\Downloads\adwcleaner_5.105.exe
# Option : Clean
# Support : http://toolslib.net/forum

***** [ Services ] *****


***** [ Folders ] *****

[-] Folder Deleted : C:\Program Files (x86)\DriverToolkit
[-] Folder Deleted : C:\Users\Billy Thwart\AppData\Local\DriverToolkit

***** [ Files ] *****

[-] File Deleted : C:\WINDOWS\SysNative\LavasoftTcpService64.dll
[-] File Deleted : C:\WINDOWS\SysNative\LavasoftTcpServiceOff.ini
[-] File Deleted : C:\WINDOWS\SysWOW64\lavasofttcpservice.dll
[-] File Deleted : C:\WINDOWS\SysWOW64\LavasoftTcpServiceOff.ini

***** [ DLLs ] *****


***** [ Shortcuts ] *****


***** [ Scheduled tasks ] *****


***** [ Registry ] *****

[-] Key Deleted : HKCU\Software\Classes\pokki
[-] Key Deleted : HKCU\Software\DriverToolkit
[-] Key Deleted : HKCU\Software\Pokki
[-] Key Deleted : HKCU\Software\AppDataLow\Software\adawarebp

***** [ Web browsers ] *****

[-] [C:\Users\Billy Thwart\AppData\Roaming\Mozilla\Firefox\Profiles\bk6ranbf.default\prefs.js] [Preference] Deleted : user_pref("browser.newtabpage.url", "hxxp://www.bing.com/?pc=COSP&ptag=D031716-A60FA26CFB78147A880F&form=CONMHP&conlogo=CT3332038");

*************************

:: "Tracing" keys removed
:: Winsock settings cleared

*************************

C:\AdwCleaner\AdwCleaner[C1].txt - [1547 bytes] - [21/03/2016 23:45:15]
C:\AdwCleaner\AdwCleaner[S1].txt - [1892 bytes] - [21/03/2016 14:33:39]
C:\AdwCleaner\AdwCleaner[S2].txt - [1965 bytes] - [21/03/2016 23:39:30]

########## EOF - C:\AdwCleaner\AdwCleaner[C1].txt - [1766 bytes] ##########
 



#9 nasdaq

nasdaq

    Forum Deity

  • Global Moderator
  • PipPipPipPipPip
  • 49,165 posts

Posted 22 March 2016 - 06:43 AM


One last repairt you an try before doing a factory reset.
Whilch means reinstalling everyghint and getting the Microsoft Updates.

Please Download Tweaking.com - Windows Repair from Here
[list]
  • Install and then run the program
  • Execute the instructions on Step 1 Important
  • Click Next on Step 2 Optional, do the Pre Scan skip Step 3 and 4 Optional for now.
  • On Step 5 Backup System Restore Do a Registry backup. When you have completed this click Next
  • Click on Repairs
  • Click Repairs - Open Repairs in the bottom right corner
  • Click the Unselect All button then select just the item(s) listed below

  • 01 - Repair Registry Permissions
    03 - Reset Service permissions
    04 - Register System Files
    10 - Remove Policies Set By Infections
    11 - Repair Start Menu Icons Removed by Infections
    12 - Repair Icons
    17 - Repair Windows Updates
    19 - Repair Volume Shadow Copy Service
    20 - Repair Windows Sidebar/Gadgets
    21 - Repair MSI (Windows Installer)
    22 - Repair Windows Snipping tool
    24 - Repair Windows Safe Mode
    26 - Restore Important Windows Services
    27 - Set Windows Service to Default Startup
    
  • Click the Start button and let the process run to completion. Copy any error messages into Notepad, Save it on your Desktop. ( Reboot if asked to do so)
  • Please copy and paste the Contents of this file on your next reply.

  • ===

    Restart the computer normally.

    How is the computer running now?

nasdaq

Favorite tools: [ SpywareBlaster ] [ Spybot ] [ AdAware ] [ HijackThis ]
[ Housecall online virus scan ] [ Bitdefender online virus scan ]
[ AVG antivirus ] [ Sunbelt Personal Firewall ] [ ZoneAlarm firewall ]

My help is free, but if we have helped you in anyway,please considerDonating ,
see this topic for details.
We need members like you.

========
Shouldn't water be worth more than diamonds?
Adam Smith Glasgow, 1760

#10 BillyThwart

BillyThwart

    Member

  • Full Member
  • Pip
  • 9 posts

Posted 23 March 2016 - 11:07 AM

Nasdaq you are awesome!

Computer seems to be working a little better after sending this ill see if i can get into boot menu from lenovo button
And the computer has been working much better with all your help. I know I've said thank you a lot but...
You really are awesome for helping me.

 

The only responsive part of my touch screen is still just the windows soft key.


I noticed during the tweaker scan windows app notifications would pop up

I remember them saying something like

windows app changed _______ effecting .png files

and windwos app changed (maybe didnt find) so changed default to microsoft edge

Let me know what steps to take or if im ready to try a factory reinstall.

anyway thanks a lot!
good luck on 50.000 posts!

 



Prescan




 Tweaking.com - Windows Repair v3.8.4 - Pre-Scan
│ Computer: UH-COMPUTER (Windows 10 Home 10.0.10586 ) (64-bit)
│ [Started Scan - 3/23/2016 10:45:12 AM]
└────────────────────────────────────────────────────────────────────────────────┘
┌────────────────────────────────────────────────────────────────────────────────┐
│ Scanning Windows Packages Files.
│ Started at (3/23/2016 10:45:12 AM)

│ No problems were found with the Packages Files.

│ Files Checked & Verified: 5,272

│ Done Scanning Windows Packages Files.(3/23/2016 10:47:59 AM)
└────────────────────────────────────────────────────────────────────────────────┘
┌────────────────────────────────────────────────────────────────────────────────┐
│ Scanning Reparse Points.
│ Started at (3/23/2016 10:47:59 AM)

Reparse Point: (Type: JUNCTION) (Name: Content.IE5) (Original Path: C:\Windows.old\Users\Billy Thwart\AppData\Local\Microsoft\Windows\INetCache\Low\Content.IE5) (Target Path: C:\Users\Billy Thwart\AppData\Local\Microsoft\Windows\INetCache\Low\IE\) (Creation Time: 3/15/2016 8:42:25 PM)
Target Path doesn't exist!

│ Problems were found with the Reparse Points.
│ You can use the Repair Reparse Points Tool at the bottom of this Window to try and fix these problems.

│ Files & Folders Searched: 377,575
│ Reparse Points Found: 97

│ Done Scanning Reparse Points.(3/23/2016 10:48:24 AM)
└────────────────────────────────────────────────────────────────────────────────┘
┌────────────────────────────────────────────────────────────────────────────────┐
│ Checking Environment Variables.
│ Started at (3/23/2016 10:48:24 AM)

│ No problems were found with the Environment Variables.

│ Done Checking Environment Variables. (3/23/2016 10:48:24 AM)
└────────────────────────────────────────────────────────────────────────────────┘
┌────────────────────────────────────────────────────────────────────────────────┐
│ [Finished Scan - 3/23/2016 10:48:24 AM]

│ [x] Scan Complete - Problems Found!
│ [x]
│ [x] You can use the Repair Reparse Points or Repair Environment Variables tools at the bottom of this Window if needed.
│ [x]
│ [x] While problems have been found, you can still run the repairs in the program.
│ [x] But for the best results it is recommended to fix the problems reported in this scan if possible.
│ [x] If you need help fixing any of the items in the log, just post in the forums at Tweaking.com for help.










Log:
Tweaking.com - Windows Repair v3.8.4
────────────────────────────────────────────────────────────────────────────────

System Variables
────────────────────────────────────────────────────────────────────────────────
OS: Windows 10 Home
OS Architecture: 64-bit
OS Version: 10.0.10586
OS Service Pack:
Computer Name: UH-COMPUTER
Windows Drive: C:\
Windows Path: C:\WINDOWS
Program Files: C:\Program Files
Program Files (x86): C:\Program Files (x86)
Current Profile: C:\Users\Billy Thwart
Current Profile SID: S-1-5-21-4200795788-837917841-911566171-1001
Current Profile Classes: S-1-5-21-4200795788-837917841-911566171-1001_Classes
Profiles Location: C:\Users
Profiles Location 2: C:\WINDOWS\ServiceProfiles
Local Settings AppData: C:\Users\Billy Thwart\AppData\Local
────────────────────────────────────────────────────────────────────────────────

System Information
────────────────────────────────────────────────────────────────────────────────
System Up Time: 0 Days 00:05:54

Process Count: 116
Commit Total: 2.83 GB
Commit Limit: 9.79 GB
Commit Peak: 2.91 GB
Handle Count: 44156
Kernel Total: 419.00 MB
Kernel Paged: 258.99 MB
Kernel Non Paged: 160.00 MB
System Cache: 2.79 GB
Thread Count: 2197
────────────────────────────────────────────────────────────────────────────────

Memory Before Cleaning with CleanMem
────────────────────────────────────────────────────────────────────────────────
Memory Total: 7.92 GB
Memory Used: 2.51 GB(31.7527%)
Memory Avail.: 5.40 GB
────────────────────────────────────────────────────────────────────────────────

Cleaning Memory Before Starting Repairs...

Memory After Cleaning with CleanMem
────────────────────────────────────────────────────────────────────────────────
Memory Total: 7.92 GB
Memory Used: 1.93 GB(24.4202%)
Memory Avail.: 5.98 GB
────────────────────────────────────────────────────────────────────────────────

Starting Repairs...
   Started at (3/23/2016 11:31:54 AM)

Setting Any Missing 'InstallDate' From Uninstall Sections Before Running Repair...
Total Missing 'InstallDate' Fixed: 0
 
01 - Reset Registry Permissions
   Restore Windows 7/8/10 Default Registry Permissions
   Start (3/23/2016 11:31:56 AM)


Decompressing & Updating Windows Permission File C:\Program Files (x86)\Tweaking.com\Windows Repair (All in One)\files\permissions\10\hku.7z
Done,  0.44 seconds.


Decompressing & Updating Windows Permission File C:\Program Files (x86)\Tweaking.com\Windows Repair (All in One)\files\permissions\10\hklm.7z
Done,  5.75 seconds.

   Running Repair Under System Account
   Done (3/23/2016 11:51:24 AM)

03 - Reset Service Permissions
   Start (3/23/2016 11:51:24 AM)

   Running Repair Under Current User Account
   Running Repair Under System Account
   Done (3/23/2016 11:52:18 AM)

04 - Register System Files
   Start (3/23/2016 11:52:18 AM)
   Running Repair Under Current User Account
   Running Repair Under System Account
   Done (3/23/2016 11:53:40 AM)

10 - Remove Policies Set By Infections
   Start (3/23/2016 11:53:40 AM)
   Running Repair Under Current User Account
   Running Repair Under System Account
   Done (3/23/2016 11:53:50 AM)

11 - Repair Start Menu Icons Removed By Infections
   Start (3/23/2016 11:53:50 AM)
   Running Repair Under System Account
   Done (3/23/2016 11:53:52 AM)

12 - Repair Icons
   Start (3/23/2016 11:53:52 AM)
   Running Repair Under Current User Account
   Done (3/23/2016 11:53:54 AM)

17 - Repair Windows Updates
   Start (3/23/2016 11:53:55 AM)

Decompressing & Updating Windows Permission File C:\Program Files (x86)\Tweaking.com\Windows Repair (All in One)\files\permissions\10\services.7z
Done,  0.75 seconds.

   Running Repair Under Current User Account
   Running Repair Under System Account
   Setting Windows Updates Files That Are In Use To Be Removed At Next Boot.
   Done (3/23/2016 11:55:18 AM)

19 - Repair Volume Shadow Copy Service
   Start (3/23/2016 11:55:19 AM)

Decompressing & Updating Windows Permission File C:\Program Files (x86)\Tweaking.com\Windows Repair (All in One)\files\permissions\10\services.7z
Done,  0.28 seconds.

   Running Repair Under Current User Account
   Running Repair Under System Account
   Done (3/23/2016 11:56:17 AM)

20 - Repair Windows Sidebar/Gadgets
   Start (3/23/2016 11:56:17 AM)
   Running Repair Under Current User Account
   Running Repair Under System Account
   Done (3/23/2016 11:56:21 AM)

21 - Repair MSI (Windows Installer)
   Start (3/23/2016 11:56:21 AM)

Decompressing & Updating Windows Permission File C:\Program Files (x86)\Tweaking.com\Windows Repair (All in One)\files\permissions\10\services.7z
Done,  0.27 seconds.

   Running Repair Under Current User Account
   Running Repair Under System Account
   Done (3/23/2016 11:56:42 AM)

22 - Repair Windows Snipping Tool
   Start (3/23/2016 11:56:42 AM)
   Done (3/23/2016 11:56:42 AM)

24 - Repair Windows Safe Mode
   Start (3/23/2016 11:56:42 AM)
   Running Repair Under Current User Account
   Running Repair Under System Account
   Done (3/23/2016 11:56:44 AM)

26 - Restore Important Windows Services
   Start (3/23/2016 11:56:44 AM)

Decompressing & Updating Windows Permission File C:\Program Files (x86)\Tweaking.com\Windows Repair (All in One)\files\permissions\10\services.7z
Done,  0.33 seconds.

   Running Repair Under Current User Account
   Running Repair Under System Account
   Done (3/23/2016 11:57:16 AM)

27 - Set Windows Services To Default Startup
   Start (3/23/2016 11:57:16 AM)
   Running Repair Under Current User Account
   Running Repair Under System Account
   Done (3/23/2016 11:57:26 AM)

Cleaning up empty logs...

All Selected Repairs Done.
   Done at (3/23/2016 11:57:26 AM)
   Total Repair Time: 00:25:34


...YOU MUST RESTART YOUR SYSTEM...



#11 BillyThwart

BillyThwart

    Member

  • Full Member
  • Pip
  • 9 posts

Posted 23 March 2016 - 11:44 AM

can access boot menu now. and issue with login screen is also resolved have not had problem with time/date... however with every system restore i took before contacting you it had the issue... system reads 5 if its about five but clock would be forward 4 hours... any way

The issues i was having are much better....

touch screen still mostly un responsive.

Thanks for all your help!

Also before we started this I was experiencing shut down system load times that i thought were too slow for my system... and the speed of both of those have increased so!!! you are very helpful! Thanks so many times.. eager to keep moving.



#12 BillyThwart

BillyThwart

    Member

  • Full Member
  • Pip
  • 9 posts

Posted 23 March 2016 - 07:37 PM

update fixed touch screen

Control pannel--> (large icons)
Troubleshooting--> (view all)
Hardware devices
 

ran the trouble shooter and chootaloo!

you have no idea how many things i tried to get it to work.

Let me know if my computer seems funky still. Should i run another farbar scan?

THANKS SO MUCH!!
Good luck on 50,000!



#13 BillyThwart

BillyThwart

    Member

  • Full Member
  • Pip
  • 9 posts

Posted 23 March 2016 - 11:37 PM

okay update. I'm almost positive my internet connect has been turned off and then when trying to log back on my default network isnt showing up... not problem with isp running netflix through a roku. hmm

internet also got very slow, and the transfer boxes at the bottom left corner of the screen have come back with names of sites im not on and "google tracker .com" or something stupid

 

have deleted broswer cookies cache so maybe that exchange will be better... also restarted too see if that was the issue. upon restarting i see a pop up box with a windows red ex pop up and said break point error... just flashed for a second so i dont have any further information on the code... sorry

then when computer was starting up it had to "scan and repair (c:\) drive

 

the computer that wont quit nasdaq



#14 nasdaq

nasdaq

    Forum Deity

  • Global Moderator
  • PipPipPipPipPip
  • 49,165 posts

Posted 24 March 2016 - 07:15 AM

Lets clean the caches and temporary files.

Temporarily disable your AV program so it does not interfere.
Info on how to disable your security applications How To Temporarily Disable Your Anti-virus, Firewall And Anti-malware Programs - Security Mini-Guides.

Download Zeok tool from here

When the download appears, save to the Desktop.
On the Desktop, right-click the Zoek.exe file and select: Run as Administrator
(Give it a few seconds to appear.)

Next, copy/paste the entire script inside the code box below to the input field of Zoek:
createsrpoint;
autoclean;
emptyalltemp;
emptyalltemp;
emptyCHRcache;
emptyclsid;
emptyFFcache;
emptyflash; 
emptyIEcache;
emptyjava; 
shortcutfix;
Now...
Close any open Browsers.
Click the Run script button, and wait. It takes a few minutes to run all the script.

When the tool finishes, the zoek-results.log is opened in Notepad.
The log is also found on the systemdrive, normally C:\
If a reboot is needed, the log is opened after the reboot.

Please attach the zoek-results.log in your reply.

Also, please provide an update on how the computer is behaving after running the above script.

===

Post the log and let me know what problem persists.
nasdaq

Favorite tools: [ SpywareBlaster ] [ Spybot ] [ AdAware ] [ HijackThis ]
[ Housecall online virus scan ] [ Bitdefender online virus scan ]
[ AVG antivirus ] [ Sunbelt Personal Firewall ] [ ZoneAlarm firewall ]

My help is free, but if we have helped you in anyway,please considerDonating ,
see this topic for details.
We need members like you.

========
Shouldn't water be worth more than diamonds?
Adam Smith Glasgow, 1760




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

Member of

Support SpywareInfo Forum - click the button
PayPal - The safer, easier way to pay online!