1. This site uses cookies. By continuing to use this site, you are agreeing to our use of cookies. Learn More.

[Active] Extremely SLOW

Discussion in 'Spyware, Adware, Viruses and Malware Removal' started by awjohnson2, Apr 11, 2018.

  1. awjohnson2

    awjohnson2 Established Techie7 Member

    Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 14.03.2018
    Ran by Anthony (administrator) on ANTHONYS_LAPTOP (11-04-2018 16:35:41)
    Running from C:\Users\Anthony\Desktop
    Loaded Profiles: Anthony (Available Profiles: Anthony)
    Platform: Windows 8.1 (Update) (X64) Language: English (United States)
    Internet Explorer Version 11 (Default browser: Chrome)
    Boot Mode: Normal
    Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

    ==================== Processes (Whitelisted) =================

    (If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

    (AMD) C:\Windows\System32\atiesrxx.exe
    (Advanced Micro Devices, Inc.) C:\Windows\SysWOW64\tbaseprovisioning.exe
    (AMD) C:\Windows\System32\atieclxx.exe
    (Microsoft Corporation) C:\Windows\System32\wlanext.exe
    (AVAST Software) C:\Program Files\AVAST Software\Avast\AvastSvc.exe
    (Advanced Micro Devices, Inc.) C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe
    (Apple Inc.) C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
    (Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
    (Broadcom Corporation.) C:\Program Files\Lenovo\Bluetooth Software\btwdins.exe
    (Conexant Systems Inc.) C:\Windows\System32\CxAudMsg64.exe
    (LENOVO INCORPORATED.) C:\Program Files\Lenovo\iMController\SystemAgentService.exe
    (Lenovo(beijing) Limited) C:\Windows\System32\LenovoWiFiHotspotSvr.exe
    (Lenovo(beijing) Limited) C:\Program Files (x86)\Lenovo\Lenovo Updates\LUService.exe
    (Conexant Systems, Inc.) C:\Windows\SysWOW64\SASrv.exe
    (DEVGURU Co., LTD.) C:\Program Files\Samsung\USB Drivers\27_ssconn\conn\ss_conn_service.exe
    (McAfee, Inc.) C:\Program Files\TrueKey\McAfee.TrueKey.Service.exe
    (McAfee, Inc.) C:\Program Files\TrueKey\McTkSchedulerService.exe
    (Microsoft Corporation) C:\Windows\System32\dllhost.exe
    (AVAST Software) C:\Program Files\AVAST Software\Avast\x64\aswidsagenta.exe
    (Microsoft Corporation) C:\Program Files\Common Files\microsoft shared\ClickToRun\OfficeClickToRun.exe
    (Microsoft Corporation) C:\Program Files\Common Files\microsoft shared\ClickToRun\AppVShNotify.exe
    (Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
    (Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
    () C:\Program Files\CONEXANT\ForteConfig\fmapp.exe
    (Conexant Systems, Inc.) C:\Program Files\CONEXANT\cAudioFilterAgent\CAudioFilterAgent64.exe
    (Broadcom Corporation.) C:\Program Files\Lenovo\Bluetooth Software\BTTray.exe
    (AVAST Software) C:\Program Files\AVAST Software\Avast\AvastUI.exe
    (Microsoft Corporation) C:\Program Files (x86)\Microsoft Office\root\Office16\ONENOTEM.EXE
    (Advanced Micro Devices Inc.) C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
    (SAMSUNG Electornics Co., Ltd.) C:\Users\Anthony\AppData\Roaming\VERIZON\UA_ar\UA.exe
    (CyberLink Corp.) C:\Program Files (x86)\Lenovo\PowerDVD10\PDVD10Serv.exe
    (Microsoft Corporation) C:\Windows\SysWOW64\rundll32.exe
    (ATI Technologies Inc.) C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
    (AVAST Software) C:\Program Files\AVAST Software\Avast\AvastUI.exe
    (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
    (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
    (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
    (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
    (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
    (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
    (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
    (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
    (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe

    ==================== Registry (Whitelisted) ===========================

    (If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

    HKLM\...\Run: [ForteConfig] => C:\Program Files\Conexant\ForteConfig\fmapp.exe [49056 2010-10-26] ()
    HKLM\...\Run: [SmartAudio] => C:\Program Files\CONEXANT\SAII\SACpl.exe [1647616 2012-06-13] (Conexant Systems, Inc.)
    HKLM\...\Run: [cAudioFilterAgent] => C:\Program Files\Conexant\cAudioFilterAgent\cAudioFilterAgent64.exe [907480 2013-09-04] (Conexant Systems, Inc.)
    HKLM\...\Run: [AvastUI.exe] => C:\Program Files\AVAST Software\Avast\AvLaunch.exe [242392 2018-04-11] (AVAST Software)
    HKLM-x32\...\Run: [StartCCC] => C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\amd64\CLIStart.exe [766688 2014-04-19] (Advanced Micro Devices, Inc.)
    HKLM-x32\...\Run: [UpdateP2GShortCut] => C:\Program Files (x86)\Lenovo\Power2Go\MUITransfer\MUIStartMenu.exe [214312 2011-12-06] (CyberLink Corp.)
    HKLM-x32\...\Run: [NeroFilterCheck] => C:\WINDOWS\SysWOW64\NeroCheck.exe [155648 2001-07-09] (Ahead Software Gmbh)
    HKLM-x32\...\RunOnce: [SBrowserCheck] => C:\ProgramData\Avast Software\Avast\SecureBrowser\avast_browser_setup_checker.exe [4788840 2018-04-11] ()
    HKU\S-1-5-21-2884328260-4161459596-3251688260-1002\...\Run: [Lync] => C:\Program Files (x86)\Microsoft Office\root\Office16\lync.exe [23823024 2018-03-30] (Microsoft Corporation)
    HKU\S-1-5-21-2884328260-4161459596-3251688260-1002\...\RunOnce: [Uninstall C:\Users\Anthony\AppData\Local\Microsoft\OneDrive\17.3.6390.0509\amd64] => C:\WINDOWS\system32\cmd.exe /q /c rmdir /s /q "C:\Users\Anthony\AppData\Local\Microsoft\OneDrive\17.3.6390.0509\amd64"
    HKU\S-1-5-21-2884328260-4161459596-3251688260-1002\...\MountPoints2: {4b1f266e-f88d-11e6-8267-28d244d64eb9} - "F:\VZW_Software_upgrade_assistant.exe"
    HKU\S-1-5-21-2884328260-4161459596-3251688260-1002\Control Panel\Desktop\\SCRNSAVE.EXE -> G:\matrix.scr
    Lsa: [Notification Packages] scecli C:\Program Files\TrueKey\McAfeeTrueKeyPasswordFilter "C:\Program Files\TrueKey\McAfeeTrueKeyPasswordFilter"
    Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Bluetooth.lnk [2014-08-26]
    ShortcutTarget: Bluetooth.lnk -> C:\Program Files\Lenovo\Bluetooth Software\BTTray.exe (Broadcom Corporation.)
    Startup: C:\Users\Anthony\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Send to OneNote.lnk [2017-03-06]
    ShortcutTarget: Send to OneNote.lnk -> C:\Program Files (x86)\Microsoft Office\root\Office16\ONENOTEM.EXE (Microsoft Corporation)
    Startup: C:\Users\Anthony\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Verizon Wireless Software Utility Application for Android – Samsung.lnk [2017-03-08]
    ShortcutTarget: Verizon Wireless Software Utility Application for Android – Samsung.lnk -> C:\Users\Anthony\AppData\Roaming\VERIZON\UA_ar\UA.exe (SAMSUNG Electornics Co., Ltd.)

    ==================== Internet (Whitelisted) ====================

    (If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

    Tcpip\Parameters: [DhcpNameServer] 192.168.1.254
    Tcpip\..\Interfaces\{63C32239-4A94-4DCE-95D2-C4343F23F6E1}: [DhcpNameServer] 150.207.1.2
    Tcpip\..\Interfaces\{C5A49EF7-BBA0-4845-807C-E455326A66F4}: [DhcpNameServer] 192.168.1.254

    Internet Explorer:
    ==================
    HKLM\Software\Microsoft\Internet Explorer\Main,Search Page =
    HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Search Page =
    HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL =
    HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Page_URL =
    HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL =
    HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Search_URL =
    HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
    HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Local Page =
    HKU\S-1-5-21-2884328260-4161459596-3251688260-1002\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://lenovo13.msn.com/?pc=LCJB
    HKU\S-1-5-21-2884328260-4161459596-3251688260-1002\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://lenovo13.msn.com/?pc=LCJB
    HKU\S-1-5-21-2884328260-4161459596-3251688260-1002\Software\Microsoft\Internet Explorer\Main,Secondary Start Pages = hxxp://home.lenovo.com
    SearchScopes: HKU\S-1-5-21-2884328260-4161459596-3251688260-1002 -> DefaultScope {B1AA264A-6136-45CC-9F1C-3BFCB7336906} URL =
    BHO: True Key Helper -> {0F4B8786-5502-4803-8EBC-F652A1153BB6} -> C:\Program Files\Intel Security\True Key\MSIE\truekey_ie64.dll [2017-09-25] (Intel Security)
    BHO: Lync Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files (x86)\Microsoft Office\root\VFS\ProgramFilesX64\Microsoft Office\Office16\OCHelper.dll [2018-03-30] (Microsoft Corporation)
    BHO: avast! Online Security -> {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} -> C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll [2018-04-11] (AVAST Software)
    BHO: Microsoft OneDrive for Business Browser Helper -> {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} -> C:\Program Files (x86)\Microsoft Office\root\VFS\ProgramFilesX64\Microsoft Office\Office16\GROOVEEX.DLL [2018-03-30] (Microsoft Corporation)
    BHO-x32: True Key Helper -> {0F4B8786-5502-4803-8EBC-F652A1153BB6} -> C:\Program Files\Intel Security\True Key\MSIE\truekey_ie.dll [2017-09-25] (Intel Security)
    BHO-x32: Lync Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files (x86)\Microsoft Office\root\Office16\OCHelper.dll [2018-03-30] (Microsoft Corporation)
    BHO-x32: avast! Online Security -> {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} -> C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll [2018-04-11] (AVAST Software)
    BHO-x32: Microsoft OneDrive for Business Browser Helper -> {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} -> C:\Program Files (x86)\Microsoft Office\root\Office16\GROOVEEX.DLL [2018-03-30] (Microsoft Corporation)
    Toolbar: HKLM - True Key - {4BAAC1B8-0800-42C9-8FA6-08B211F356B8} - C:\Program Files\Intel Security\True Key\MSIE\truekey_ie64.dll [2017-09-25] (Intel Security)
    Toolbar: HKLM-x32 - True Key - {4BAAC1B8-0800-42C9-8FA6-08B211F356B8} - C:\Program Files\Intel Security\True Key\MSIE\truekey_ie.dll [2017-09-25] (Intel Security)
    Handler-x32: mso-minsb-roaming.16 - {83C25742-A9F7-49FB-9138-434302C88D07} - C:\Program Files (x86)\Microsoft Office\root\Office16\MSOSB.DLL [2018-03-30] (Microsoft Corporation)
    Handler-x32: mso-minsb.16 - {42089D2D-912D-4018-9087-2B87803E93FB} - C:\Program Files (x86)\Microsoft Office\root\Office16\MSOSB.DLL [2018-03-30] (Microsoft Corporation)
    Handler-x32: osf-roaming.16 - {42089D2D-912D-4018-9087-2B87803E93FB} - C:\Program Files (x86)\Microsoft Office\root\Office16\MSOSB.DLL [2018-03-30] (Microsoft Corporation)
    Handler-x32: osf.16 - {5504BE45-A83B-4808-900A-3A5C36E7F77A} - C:\Program Files (x86)\Microsoft Office\root\Office16\MSOSB.DLL [2018-03-30] (Microsoft Corporation)

    FireFox:
    ========
    FF DefaultProfile: w5ppxccy.default
    FF ProfilePath: C:\Users\Anthony\AppData\Roaming\Mozilla\Firefox\Profiles\w5ppxccy.default [2018-04-11]
    FF Extension: (Avast SafePrice) - C:\Users\Anthony\AppData\Roaming\Mozilla\Firefox\Profiles\w5ppxccy.default\Extensions\sp@avast.com.xpi [2018-02-04]
    FF Extension: (Avast Online Security) - C:\Users\Anthony\AppData\Roaming\Mozilla\Firefox\Profiles\w5ppxccy.default\Extensions\wrc@avast.com.xpi [2018-02-04]
    FF Extension: (TLS 1.3 gradual roll-out) - C:\Users\Anthony\AppData\Roaming\Mozilla\Firefox\Profiles\w5ppxccy.default\features\{2b5e9583-d8d7-4a97-bbc3-cc087547f691}\tls13-rollout-bug1442042@mozilla.org.xpi [2018-04-09] [Legacy]
    FF Plugin-x32: @adobe.com/FlashPlayer -> C:\WINDOWS\SysWOW64\Macromed\Flash\NPSWF32.dll [2017-03-24] ()
    FF Plugin-x32: @microsoft.com/Lync,version=15.0 -> C:\Program Files (x86)\Microsoft Office\root\VFS\ProgramFilesX86\Mozilla Firefox\plugins\npmeetingjoinpluginoc.dll [2018-03-30] (Microsoft Corporation)
    FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\Program Files (x86)\Microsoft Office\root\Office16\NPSPWRAP.DLL [2018-03-30] (Microsoft Corporation)
    FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.33.7\npGoogleUpdate3.dll [2017-11-13] (Google Inc.)
    FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.33.7\npGoogleUpdate3.dll [2017-11-13] (Google Inc.)
    FF Plugin-x32: @videolan.org/vlc,version=2.2.4 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [2017-05-24] (VideoLAN)
    FF Plugin-x32: @videolan.org/vlc,version=2.2.6 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [2017-05-24] (VideoLAN)
    FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AIR\nppdf32.dll [2018-02-22] (Adobe Systems Inc.)

    Chrome:
    =======
    CHR HomePage: Default -> hxxp://www.google.com/
    CHR StartupUrls: Default -> "hxxps://www.google.com/?gws_rd=ssl","hxxps://mail.google.com/mail/u/0/#inbox","hxxp://amazon.com/","hxxps://www.theoutdoorstrader.com/","hxxp://www.radioreference.com/"
    CHR Profile: C:\Users\Anthony\AppData\Local\Google\Chrome\User Data\Default [2018-04-11]
    CHR Extension: (Slides) - C:\Users\Anthony\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2017-11-07]
    CHR Extension: (Entanglement Web App) - C:\Users\Anthony\AppData\Local\Google\Chrome\User Data\Default\Extensions\aciahcmjmecflokailenpkdchphgkefd [2016-09-26]
    CHR Extension: (Docs) - C:\Users\Anthony\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2017-11-07]
    CHR Extension: (Google Drive) - C:\Users\Anthony\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2016-09-26]
    CHR Extension: (YouTube) - C:\Users\Anthony\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2016-09-26]
    CHR Extension: (Adblock for Youtube™) - C:\Users\Anthony\AppData\Local\Google\Chrome\User Data\Default\Extensions\cmedhionkhpnakcndndgjdbohmhepckk [2017-07-08]
    CHR Extension: (ICE Quick Stream) - C:\Users\Anthony\AppData\Local\Google\Chrome\User Data\Default\Extensions\dpioikmjnfipgphjldakcaocbbpnfabl [2017-07-01]
    CHR Extension: (Adobe Acrobat) - C:\Users\Anthony\AppData\Local\Google\Chrome\User Data\Default\Extensions\efaidnbmnnnibpcajpcglclefindmkaj [2017-05-04]
    CHR Extension: (Google Calendar) - C:\Users\Anthony\AppData\Local\Google\Chrome\User Data\Default\Extensions\ejjicmeblgpmajnghnpcppodonldlgfn [2017-02-14]
    CHR Extension: (Full Page Screen Capture) - C:\Users\Anthony\AppData\Local\Google\Chrome\User Data\Default\Extensions\fdpohaocaechififmbbbbbknoalclacl [2018-04-09]
    CHR Extension: (Google Docs Offline) - C:\Users\Anthony\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2016-09-26]
    CHR Extension: (AdBlock) - C:\Users\Anthony\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom [2018-04-09]
    CHR Extension: (Google Calendar) - C:\Users\Anthony\AppData\Local\Google\Chrome\User Data\Default\Extensions\gmbgaklkmjakoegficnlkhebmhkjfich [2018-04-09]
    CHR Extension: (Poppit!) - C:\Users\Anthony\AppData\Local\Google\Chrome\User Data\Default\Extensions\mcbkbpnkkkipelfledbfocopglifcfmi [2016-09-26]
    CHR Extension: (Office Online) - C:\Users\Anthony\AppData\Local\Google\Chrome\User Data\Default\Extensions\ndjpnladcallmjemlbaebfadecfhkepb [2018-04-09]
    CHR Extension: (No Name) - C:\Users\Anthony\AppData\Local\Google\Chrome\User Data\Default\Extensions\nenlahapcbofgnanklpelkaejcehkggg [2017-08-04]
    CHR Extension: (Chrome Web Store Payments) - C:\Users\Anthony\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2018-04-09]
    CHR Extension: (Deer) - C:\Users\Anthony\AppData\Local\Google\Chrome\User Data\Default\Extensions\odcbneomclkimollbpnhbikjgdajfgji [2017-04-12]
    CHR Extension: (Gmail) - C:\Users\Anthony\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2016-09-26]
    CHR Extension: (Chrome Media Router) - C:\Users\Anthony\AppData\Local\Google\Chrome\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm [2018-04-11]
    CHR HKLM-x32\...\Chrome\Extension: [efaidnbmnnnibpcajpcglclefindmkaj] - hxxps://clients2.google.com/service/update2/crx
    CHR HKLM-x32\...\Chrome\Extension: [eofcbnmajmjmplflapaojjnihcjkigck] - hxxps://clients2.google.com/service/update2/crx
    CHR HKLM-x32\...\Chrome\Extension: [gomekmidlodglbbmalcneegieacbdmki] - hxxps://clients2.google.com/service/update2/crx

    ==================== Services (Whitelisted) ====================

    (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

    S3 Adobe LM Service; C:\Program Files (x86)\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe [69632 2017-03-24] (Adobe Systems) [File not signed]
    R2 AMD FUEL Service; C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe [344064 2014-04-19] (Advanced Micro Devices, Inc.) [File not signed]
    R2 Apple Mobile Device Service; C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe [83768 2017-11-27] (Apple Inc.)
    R3 aswbIDSAgent; C:\Program Files\AVAST Software\Avast\x64\aswidsagenta.exe [7603408 2018-04-11] (AVAST Software)
    R2 avast! Antivirus; C:\Program Files\AVAST Software\Avast\AvastSvc.exe [313640 2018-04-11] (AVAST Software)
    S2 BcmBtRSupport; C:\WINDOWS\system32\BtwRSupportService.exe [2251992 2014-04-15] (Broadcom Corporation.)
    R2 btwdins; C:\Program Files\Lenovo\Bluetooth Software\btwdins.exe [976088 2014-03-14] (Broadcom Corporation.)
    R2 ClickToRunSvc; C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exe [8521384 2018-03-24] (Microsoft Corporation)
    R2 Lenovo System Agent Service; C:\Program Files\Lenovo\iMController\SystemAgentService.exe [584960 2014-05-21] (LENOVO INCORPORATED.)
    R2 LenovoWiFiHotspotSvr; C:\Windows\System32\LenovoWiFiHotspotSvr.exe [198192 2014-08-26] (Lenovo(beijing) Limited)
    R2 LUService; C:\Program Files (x86)\Lenovo\Lenovo Updates\LUService.exe [38896 2014-02-18] (Lenovo(beijing) Limited)
    R2 ss_conn_service; C:\Program Files\Samsung\USB Drivers\27_ssconn\conn\ss_conn_service.exe [754784 2016-07-22] (DEVGURU Co., LTD.)
    R2 tbaseprovisioning; C:\WINDOWS\SysWOW64\tbaseprovisioning.exe [51712 2014-02-24] (Advanced Micro Devices, Inc.)
    R2 TrueKey; C:\Program Files\TrueKey\McAfee.TrueKey.Service.exe [1001920 2018-03-29] (McAfee, Inc.)
    R2 TrueKeyScheduler; C:\Program Files\TrueKey\McTkSchedulerService.exe [16928 2018-03-29] (McAfee, Inc.)
    S3 TrueKeyServiceHelper; C:\Program Files\TrueKey\McAfee.TrueKey.ServiceHelper.exe [87760 2018-03-29] (McAfee, Inc.)
    S3 WdNisSvc; C:\Program Files\Windows Defender\NisSrv.exe [347880 2014-03-23] (Microsoft Corporation)
    S3 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [23824 2014-03-23] (Microsoft Corporation)
    S2 InstallerService; C:\Program Files\TrueKey\Mcafee.TrueKey.InstallerService.exe [X]

    ===================== Drivers (Whitelisted) ======================

    (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

    S3 amdkmcsp; C:\WINDOWS\system32\DRIVERS\amdkmcsp.sys [85704 2014-02-24] (Advanced Micro Devices, Inc. )
    R0 amdkmpfd; C:\WINDOWS\System32\drivers\amdkmpfd.sys [36608 2013-12-12] (Advanced Micro Devices, Inc.)
    R0 amdpsp; C:\WINDOWS\System32\DRIVERS\amdpsp.sys [230088 2014-02-24] (Advanced Micro Devices, Inc. )
    R2 APXACC; C:\WINDOWS\system32\DRIVERS\appexDrv.sys [224992 2013-11-01] (AppEx Networks Corporation)
    R1 aswArPot; C:\WINDOWS\System32\drivers\aswArPot.sys [196640 2018-04-11] (AVAST Software)
    R1 aswbidsdriver; C:\WINDOWS\System32\drivers\aswbidsdrivera.sys [227504 2018-04-11] (AVAST Software)
    R0 aswbidsh; C:\WINDOWS\System32\drivers\aswbidsha.sys [199440 2018-04-11] (AVAST Software)
    R0 aswblog; C:\WINDOWS\System32\drivers\aswbloga.sys [343752 2018-04-11] (AVAST Software)
    R0 aswbuniv; C:\WINDOWS\System32\drivers\aswbuniva.sys [57680 2018-04-11] (AVAST Software)
    R1 aswHdsKe; C:\WINDOWS\System32\drivers\aswHdsKe.sys [227784 2018-04-11] (AVAST Software)
    S3 aswHwid; C:\WINDOWS\System32\drivers\aswHwid.sys [46968 2018-04-11] (AVAST Software)
    R1 aswKbd; C:\WINDOWS\system32\drivers\aswKbd.sys [41832 2017-09-08] (AVAST Software)
    R2 aswMonFlt; C:\WINDOWS\System32\drivers\aswMonFlt.sys [147224 2018-04-11] (AVAST Software)
    R1 aswRdr; C:\WINDOWS\System32\drivers\aswRdr2.sys [111352 2018-04-11] (AVAST Software)
    R0 aswRvrt; C:\WINDOWS\System32\drivers\aswRvrt.sys [84368 2018-04-11] (AVAST Software)
    R1 aswSnx; C:\WINDOWS\System32\drivers\aswSnx.sys [1026696 2018-04-11] (AVAST Software)
    R1 aswSP; C:\WINDOWS\System32\drivers\aswSP.sys [460520 2018-04-11] (AVAST Software)
    R2 aswStm; C:\WINDOWS\System32\drivers\aswStm.sys [205976 2018-04-11] (AVAST Software)
    R0 aswVmm; C:\WINDOWS\System32\drivers\aswVmm.sys [380528 2018-04-11] (AVAST Software)
    R3 AtiHDAudioService; C:\WINDOWS\system32\drivers\AtihdWB6.sys [222720 2014-03-12] (Advanced Micro Devices)
    R3 bcbtums; C:\WINDOWS\system32\drivers\bcbtums.sys [170712 2014-04-15] (Broadcom Corporation.)
    R3 BCM43XX; C:\WINDOWS\system32\DRIVERS\bcmwl63a.sys [7545008 2014-01-29] (Broadcom Corporation)
    S3 dg_ssudbus; C:\WINDOWS\system32\DRIVERS\ssudbus.sys [130688 2016-07-22] (Samsung Electronics Co., Ltd.)
    S3 dtlitescsibus; C:\WINDOWS\System32\drivers\dtlitescsibus.sys [30264 2017-03-24] (Disc Soft Ltd)
    S3 dtliteusbbus; C:\WINDOWS\System32\drivers\dtliteusbbus.sys [47672 2017-03-24] (Disc Soft Ltd)
    S3 NETwNe64; C:\WINDOWS\system32\DRIVERS\NETwew02.sys [4649440 2013-06-18] (Intel Corporation)
    S3 ssudmdm; C:\WINDOWS\system32\DRIVERS\ssudmdm.sys [164992 2016-07-22] (Samsung Electronics Co., Ltd.)
    S3 usbrndis6; C:\WINDOWS\system32\DRIVERS\usb80236.sys [20992 2013-08-22] (Microsoft Corporation)
    S3 WdBoot; C:\WINDOWS\system32\drivers\WdBoot.sys [35856 2014-03-23] (Microsoft Corporation)
    S3 WdFilter; C:\WINDOWS\system32\drivers\WdFilter.sys [257880 2014-03-23] (Microsoft Corporation)
    S3 WdNisDrv; C:\WINDOWS\System32\Drivers\WdNisDrv.sys [123224 2014-03-23] (Microsoft Corporation)
    S3 WirelessKeyboardFilter; C:\WINDOWS\System32\drivers\WirelessKeyboardFilter.sys [49896 2016-07-22] (Microsoft Corporation)
    S3 wsvd; C:\WINDOWS\system32\DRIVERS\wsvd.sys [102376 2012-06-13] ("CyberLink)

    ==================== NetSvcs (Whitelisted) ===================

    (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)


    ==================== One Month Created files and folders ========

    (If an entry is included in the fixlist, the file/folder will be moved.)

    2018-04-11 16:35 - 2018-04-11 16:36 - 000022698 _____ C:\Users\Anthony\Desktop\FRST.txt
    2018-04-11 16:34 - 2018-04-11 16:34 - 002403328 _____ (Farbar) C:\Users\Anthony\Desktop\FRST64.exe
    2018-04-11 16:33 - 2018-04-11 16:33 - 001764352 _____ (Farbar) C:\Users\Anthony\Desktop\FRST.exe
    2018-04-11 08:53 - 2018-04-11 08:53 - 000376536 _____ (AVAST Software) C:\WINDOWS\system32\aswBoot.exe
    2018-04-09 19:46 - 2018-04-11 08:42 - 000000000 ____D C:\Users\Anthony\AppData\LocalLow\Mozilla
    2018-04-09 19:46 - 2018-04-09 19:50 - 000000000 ____D C:\Users\Anthony\AppData\Local\Mozilla
    2018-04-09 19:46 - 2018-04-09 19:46 - 000000959 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Firefox.lnk
    2018-04-09 19:46 - 2018-04-09 19:46 - 000000947 _____ C:\Users\Public\Desktop\Firefox.lnk
    2018-04-09 19:46 - 2018-04-09 19:46 - 000000000 ____D C:\Users\Anthony\AppData\Roaming\Mozilla
    2018-04-09 19:46 - 2018-04-09 19:46 - 000000000 ____D C:\Program Files\Mozilla Firefox
    2018-04-09 19:46 - 2018-04-09 19:46 - 000000000 ____D C:\Program Files (x86)\Mozilla Maintenance Service
    2018-04-09 19:45 - 2018-04-09 19:45 - 000313520 _____ (Mozilla) C:\Users\Anthony\Documents\Firefox Installer.exe
    2018-03-16 20:12 - 2018-03-16 20:12 - 000541166 _____ C:\Users\Anthony\Documents\2016_TaxReturn Meghan.pdf

    ==================== One Month Modified files and folders ========

    (If an entry is included in the fixlist, the file/folder will be moved.)

    2018-04-11 16:35 - 2016-11-02 12:16 - 000000000 ____D C:\FRST
    2018-04-11 09:11 - 2016-09-21 13:51 - 000003598 _____ C:\WINDOWS\System32\Tasks\Optimize Start Menu Cache Files-S-1-5-21-2884328260-4161459596-3251688260-1002
    2018-04-11 09:06 - 2016-09-21 13:46 - 000001283 _____ C:\Users\Anthony\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Wi-FiHotspotChgToast.lnk
    2018-04-11 09:06 - 2014-08-26 10:05 - 000000000 ____D C:\ProgramData\LU
    2018-04-11 09:03 - 2014-03-18 05:53 - 000863592 _____ C:\WINDOWS\system32\PerfStringBackup.INI
    2018-04-11 09:03 - 2013-08-22 11:36 - 000000000 ____D C:\ProgramData\regid.1991-06.com.microsoft
    2018-04-11 09:03 - 2013-08-22 09:36 - 000000000 ____D C:\WINDOWS\Inf
    2018-04-11 08:59 - 2016-11-02 11:34 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Office 2016 Tools
    2018-04-11 08:58 - 2016-11-02 11:28 - 000000000 ____D C:\Program Files (x86)\Microsoft Office
    2018-04-11 08:58 - 2014-08-26 08:52 - 000959621 _____ C:\WINDOWS\SysWOW64\rootpa.e2e
    2018-04-11 08:56 - 2017-05-04 20:30 - 000000000 ____D C:\Program Files (x86)\McAfee
    2018-04-11 08:56 - 2013-08-22 10:45 - 000000006 ____H C:\WINDOWS\Tasks\SA.DAT
    2018-04-11 08:55 - 2017-05-04 20:20 - 000000000 ____D C:\Program Files\TrueKey
    2018-04-11 08:54 - 2017-03-29 16:16 - 000003910 _____ C:\WINDOWS\System32\Tasks\Avast Emergency Update
    2018-04-11 08:54 - 2016-09-21 13:45 - 000000000 ____D C:\Users\Anthony
    2018-04-11 08:53 - 2018-02-04 12:54 - 000196640 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswArPot.sys
    2018-04-11 08:53 - 2016-11-02 12:04 - 000460520 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswSP.sys
    2018-04-11 08:53 - 2016-11-02 12:04 - 000380528 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswVmm.sys
    2018-04-11 08:53 - 2016-11-02 12:04 - 000205976 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswStm.sys
    2018-04-11 08:53 - 2016-11-02 12:04 - 000147224 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswMonFlt.sys
    2018-04-11 08:53 - 2016-11-02 12:04 - 000111352 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswRdr2.sys
    2018-04-11 08:53 - 2016-11-02 12:04 - 000084368 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswRvrt.sys
    2018-04-11 08:53 - 2016-11-02 12:04 - 000046968 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswHwid.sys
    2018-04-11 08:52 - 2018-02-04 12:54 - 000227784 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswHdsKe.sys
    2018-04-11 08:52 - 2017-03-29 16:16 - 000343752 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswbloga.sys
    2018-04-11 08:52 - 2017-03-29 16:16 - 000227504 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswbidsdrivera.sys
    2018-04-11 08:52 - 2017-03-29 16:16 - 000199440 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswbidsha.sys
    2018-04-11 08:52 - 2017-03-29 16:16 - 000057680 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswbuniva.sys
    2018-04-11 08:52 - 2016-11-02 12:04 - 001026696 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswSnx.sys
    2018-04-05 08:55 - 2017-05-16 20:14 - 000020480 ___SH C:\Users\Anthony\Desktop\Thumbs.db
    2018-03-22 21:19 - 2016-09-23 19:44 - 000002255 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk
    2018-03-22 21:19 - 2016-09-23 19:44 - 000002214 _____ C:\Users\Public\Desktop\Google Chrome.lnk
    2018-03-22 13:25 - 2017-12-26 17:04 - 000000000 ____D C:\Program Files\iPod
    2018-03-22 13:17 - 2017-12-26 17:02 - 000000000 ____D C:\Program Files\iTunes
    2018-03-22 13:14 - 2017-08-01 20:52 - 000003190 _____ C:\WINDOWS\System32\Tasks\OneDrive Standalone Update Task-S-1-5-21-2884328260-4161459596-3251688260-1002
    2018-03-22 13:14 - 2016-11-02 11:49 - 000002365 _____ C:\Users\Anthony\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\OneDrive for Business.lnk

    ==================== Files in the root of some directories =======

    2017-05-04 19:39 - 2017-05-04 19:39 - 000037883 _____ () C:\Users\Anthony\AppData\Roaming\Comma Separated Values.ADR

    Some files in TEMP:
    ====================
    2011-03-10 20:59 - 2011-03-10 20:59 - 002827776 _____ (Adobe Systems, Inc.) C:\Users\Anthony\AppData\Local\Temp\InstallPlugin.exe
    2017-04-03 16:07 - 2005-07-28 02:06 - 000056832 _____ () C:\Users\Anthony\AppData\Local\Temp\mpegc.dll
    2017-04-03 16:07 - 2005-07-28 02:06 - 000056832 _____ () C:\Users\Anthony\AppData\Local\Temp\mpegm.dll
    2017-03-24 19:32 - 2003-03-24 18:50 - 000098304 _____ (Adobe Systems Inc.) C:\Users\Anthony\AppData\Local\Temp\UninstManager.dll
    2017-05-04 16:22 - 2017-05-04 16:22 - 014456872 _____ (Microsoft Corporation) C:\Users\Anthony\AppData\Local\Temp\vc_redist.x86.exe
    2017-10-03 17:07 - 2017-10-03 17:08 - 030950664 _____ () C:\Users\Anthony\AppData\Local\Temp\vlc-2.2.6-win32.exe

    ==================== Bamital & volsnap ======================

    (There is no automatic fix for files that do not pass verification.)

    C:\WINDOWS\system32\winlogon.exe => File is digitally signed
    C:\WINDOWS\system32\wininit.exe => File is digitally signed
    C:\WINDOWS\explorer.exe => File is digitally signed
    C:\WINDOWS\SysWOW64\explorer.exe => File is digitally signed
    C:\WINDOWS\system32\svchost.exe => File is digitally signed
    C:\WINDOWS\SysWOW64\svchost.exe => File is digitally signed
    C:\WINDOWS\system32\services.exe => File is digitally signed
    C:\WINDOWS\system32\User32.dll => File is digitally signed
    C:\WINDOWS\SysWOW64\User32.dll => File is digitally signed
    C:\WINDOWS\system32\userinit.exe => File is digitally signed
    C:\WINDOWS\SysWOW64\userinit.exe => File is digitally signed
    C:\WINDOWS\system32\rpcss.dll => File is digitally signed
    C:\WINDOWS\system32\dnsapi.dll => File is digitally signed
    C:\WINDOWS\SysWOW64\dnsapi.dll => File is digitally signed
    C:\WINDOWS\system32\Drivers\volsnap.sys => File is digitally signed

    LastRegBack: 2018-04-09 20:02

    ==================== End of FRST.txt ============================


    Additional scan result of Farbar Recovery Scan Tool (x64) Version: 14.03.2018
    Ran by Anthony (11-04-2018 16:37:32)
    Running from C:\Users\Anthony\Desktop
    Windows 8.1 (Update) (X64) (2016-09-21 17:45:18)
    Boot Mode: Normal
    ==========================================================


    ==================== Accounts: =============================

    Administrator (S-1-5-21-2884328260-4161459596-3251688260-500 - Administrator - Disabled)
    Anthony (S-1-5-21-2884328260-4161459596-3251688260-1002 - Administrator - Enabled) => C:\Users\Anthony
    Guest (S-1-5-21-2884328260-4161459596-3251688260-501 - Limited - Disabled)
    HomeGroupUser$ (S-1-5-21-2884328260-4161459596-3251688260-1004 - Limited - Enabled)

    ==================== Security Center ========================

    (If an entry is included in the fixlist, it will be removed.)

    AV: Avast Antivirus (Enabled - Up to date) {8EA8924E-BC81-DC44-8BB0-8BAE75D86EBF}
    AV: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
    AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
    AS: Avast Antivirus (Enabled - Up to date) {35C973AA-9ABB-D3CA-B100-B0DC0E5F2402}

    ==================== Installed Programs ======================

    (Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

    Adobe Acrobat Reader DC (HKLM-x32\...\{AC76BA86-7AD7-1033-7B44-AC0F074E4100}) (Version: 18.011.20038 - Adobe Systems Incorporated)
    Adobe AIR (HKLM-x32\...\Adobe AIR) (Version: 23.0.0.257 - Adobe Systems Incorporated)
    Adobe Community Help (HKLM-x32\...\chc.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1) (Version: 3.4.980 - Adobe Systems Incorporated.)
    Adobe Content Viewer (HKLM-x32\...\com.adobe.dmp.contentviewer) (Version: 1.4.0 - Adobe Systems Incorporated)
    Adobe Flash Player 10 Plugin (HKLM-x32\...\{9C542173-96F0-435D-A95C-468CAAC75EA0}) (Version: 10.2.153.1 - Adobe Systems Incorporated)
    Adobe Story (HKLM-x32\...\com.adobe.AdobeStory.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1) (Version: 1.0.571 - Adobe Systems Incorporated)
    Adobe Widget Browser (HKLM-x32\...\com.adobe.WidgetBrowser.E7BED6E5DDA59983786DD72EBFA46B1598278E07.1) (Version: 2.0 Build 230 - Adobe Systems Incorporated.)
    AMD Catalyst Install Manager (HKLM\...\{665D4B18-EA91-BE16-3212-218C63F5DC4E}) (Version: 8.0.916.0 - Advanced Micro Devices, Inc.)
    AMD Quick Stream (HKLM\...\{E9EED4AE-682B-4501-9574-D09A21717599}_is1) (Version: 3.4.8.0 - AppEx Networks)
    Apple Application Support (32-bit) (HKLM-x32\...\{BC7C46A4-D7A7-48EC-A98C-32A7762B5EFA}) (Version: 6.2.1 - Apple Inc.)
    Apple Application Support (64-bit) (HKLM\...\{F0C4B709-8BF4-4A72-B527-12E7BF5482F8}) (Version: 6.2.1 - Apple Inc.)
    Apple Mobile Device Support (HKLM\...\{BD6778C5-6FA5-492A-ADD6-E706339C2A7B}) (Version: 11.0.2.4 - Apple Inc.)
    Apple Software Update (HKLM-x32\...\{C1BBFD2A-BCDD-45B3-8C0B-66BD434970A8}) (Version: 2.4.8.1 - Apple Inc.)
    Avast Free Antivirus (HKLM-x32\...\Avast Antivirus) (Version: 18.3.2333 - AVAST Software)
    AVS Audio Converter 7.3 (HKLM-x32\...\AVS Audio Converter_is1) (Version: 7.3.1.535 - Online Media Technologies Ltd.)
    AVS Audio Editor 7.3 (HKLM-x32\...\AVS Audio Editor_is1) (Version: 7.3.1.493 - Online Media Technologies Ltd.)
    AVS Disc Creator 5.2 (HKLM-x32\...\AVS Disc Creator_is1) (Version: 5.2.2.532 - Online Media Technologies Ltd.)
    AVS Document Converter 2.3.2 (HKLM-x32\...\AVS Document Converter_is1) (Version: 2.3.2.233 - Online Media Technologies Ltd.)
    AVS Image Converter 3.2.1.277 (HKLM-x32\...\AVS Image Converter_is1) (Version: 3.2.1.277 - Online Media Technologies Ltd.)
    AVS Media Player 4.2.3.106 (HKLM-x32\...\AVS Media Player_is1) (Version: 4.2.3.106 - Online Media Technologies Ltd.)
    AVS Photo Editor 2.3.1.144 (HKLM-x32\...\AVS Photo Editor_is1) (Version: 2.3.1.144 - Online Media Technologies Ltd.)
    AVS Registry Cleaner 2.3.4.261 (HKLM-x32\...\AVS Registry Cleaner_is1) (Version: 2.3.4.261 - Online Media Technologies Ltd.)
    AVS Video Converter 9.0 (HKLM-x32\...\AVS4YOU Video Converter 7_is1) (Version: 9.0.1.566 - Online Media Technologies Ltd.)
    AVS Video Editor 7.0 (HKLM-x32\...\AVS Video Editor_is1) (Version: 7.0.1.258 - Online Media Technologies Ltd.)
    AVS Video ReMaker 4.3.2.166 (HKLM-x32\...\AVS Video ReMaker_is1) (Version: 4.3.2.166 - Online Media Technologies Ltd.)
    Bonjour (HKLM\...\{56DDDFB8-7F79-4480-89D5-25E1F52AB28F}) (Version: 3.1.0.1 - Apple Inc.)
    calibre (HKLM-x32\...\{00F91371-9FE2-4F75-9B49-8F7D1C135214}) (Version: 3.7.0 - Kovid Goyal)
    CHIRP (HKLM-x32\...\CHIRP) (Version: - )
    Conexant HD Audio (HKLM\...\CNXT_AUDIO_HDA) (Version: 8.65.28.52 - Conexant)
    Dependency Package Update (HKLM\...\{0788641D-D31A-478D-BB34-C41564AE9F93}) (Version: 1.6.25.00 - Lenovo Inc.) Hidden
    Dependency Package Update (HKLM\...\{5252431C-288E-409D-ADCF-24407E0E6F70}) (Version: 1.6.25.00 - Lenovo Inc.) Hidden
    Dependency Package Update (HKLM\...\{FFED38DF-94DC-4FF9-96C1-A6990EDA6B03}) (Version: 1.6.25.00 - Lenovo Inc.) Hidden
    Dolby Digital Plus Advanced Audio (HKLM\...\{B0BFC63F-EA07-419E-960B-3FB2ED5DD0B2}) (Version: 7.5.1.1 - Dolby Laboratories Inc)
    Google Chrome (HKLM-x32\...\Google Chrome) (Version: 65.0.3325.181 - Google Inc.)
    Google Update Helper (HKLM-x32\...\{60EC980A-BDA2-4CB6-A427-B07A5498B4CA}) (Version: 1.3.33.7 - Google Inc.) Hidden
    Intel Security True Key (HKLM\...\TrueKey) (Version: 4.20.110.1 - Intel Security)
    Lenovo Bluetooth with Enhanced Data Rate Software (HKLM\...\{C6D9ED03-6FCF-4410-9CB7-45CA285F9E11}) (Version: 12.0.0.9500 - Broadcom Corporation)
    Lenovo Dependency Package (HKLM\...\Lenovo Dependency Package_is1) (Version: 1.6.25.00 - Lenovo Group Limited)
    Lenovo OneKey Recovery (HKLM\...\{46F4D124-20E5-4D12-BE52-EC177A7A4B42}) (Version: 8.1.0.2619 - CyberLink Corp.) Hidden
    Lenovo OneKey Recovery (HKLM-x32\...\InstallShield_{46F4D124-20E5-4D12-BE52-EC177A7A4B42}) (Version: 8.1.0.2619 - CyberLink Corp.)
    Lenovo PowerDVD10 (HKLM-x32\...\{DEC235ED-58A4-4517-A278-C41E8DAEAB3B}) (Version: 10.0.5630.52 - CyberLink Corp.) Hidden
    Lenovo PowerDVD10 (HKLM-x32\...\InstallShield_{DEC235ED-58A4-4517-A278-C41E8DAEAB3B}) (Version: 10.0.5630.52 - CyberLink Corp.)
    Lenovo Updates (HKLM-x32\...\{A2E1E9F0-0B68-4166-8C7F-85B563B84DF4}) (Version: 1.0.0.65 - Lenovo) Hidden
    Lenovo Updates (HKLM-x32\...\InstallShield_{A2E1E9F0-0B68-4166-8C7F-85B563B84DF4}) (Version: 1.0.0.65 - Lenovo)
    Lenovo_Wireless_Driver (HKLM-x32\...\{5D642A72-8194-4A22-80DA-11FE610CCA8E}) (Version: 6.30.223.227 - Lenovo)
    Metric Collection SDK 35 (HKLM-x32\...\{C2B5B5B0-2545-4E94-B4BA-548D4BF0B196}) (Version: 1.2.0001.00 - Lenovo Group Limited) Hidden
    Microsoft Office Professional Plus 2016 - en-us (HKLM\...\ProPlusRetail - en-us) (Version: 16.0.9126.2116 - Microsoft Corporation)
    Microsoft OneDrive (HKU\S-1-5-21-2884328260-4161459596-3251688260-1002\...\OneDriveSetup.exe) (Version: 18.025.0204.0009 - Microsoft Corporation)
    Microsoft Visio Professional 2016 - en-us (HKLM\...\VisioProRetail - en-us) (Version: 16.0.9126.2116 - Microsoft Corporation)
    Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
    Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{7299052b-02a4-4627-81f2-1818da5d550d}) (Version: 8.0.56336 - Microsoft Corporation)
    Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}) (Version: 8.0.61000 - Microsoft Corporation)
    Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation)
    Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
    Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
    Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
    Microsoft Visual C++ 2010 x64 Redistributable - 10.0.30319 (HKLM\...\{DA5E371C-6333-3D8A-93A4-6FD5B20BCC6E}) (Version: 10.0.30319 - Microsoft Corporation)
    Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
    Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.50727 (HKLM-x32\...\{15134cb0-b767-4960-a911-f2d16ae54797}) (Version: 11.0.50727.1 - Microsoft Corporation)
    Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.60610 (HKLM-x32\...\{95716cce-fc71-413f-8ad5-56c2892d4b3a}) (Version: 11.0.60610.1 - Microsoft Corporation)
    Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.61030 (HKLM-x32\...\{33d1fd90-4274-48a1-9bc1-97e33d9c2d6f}) (Version: 11.0.61030.0 - Microsoft Corporation)
    Microsoft Visual C++ 2013 Redistributable (x64) - 12.0.30501 (HKLM-x32\...\{050d4fc8-5d48-4b8f-8972-47c82c46020f}) (Version: 12.0.30501.0 - Microsoft Corporation)
    Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.30501 (HKLM-x32\...\{f65db027-aff3-4070-886a-0d87064aabb1}) (Version: 12.0.30501.0 - Microsoft Corporation)
    Microsoft Visual C++ 2015 Redistributable (x64) - 14.0.24215 (HKLM-x32\...\{d992c12e-cab2-426f-bde3-fb8c53950b0d}) (Version: 14.0.24215.1 - Microsoft Corporation)
    Microsoft Visual C++ 2015 Redistributable (x86) - 14.0.24215 (HKLM-x32\...\{e2803110-78b3-4664-a479-3611a381656a}) (Version: 14.0.24215.1 - Microsoft Corporation)
    MOTOTRBO Customer Programming Software (HKLM-x32\...\{6D74E6CA-FD5C-4429-9238-D8771FEB4BEC}) (Version: 13.5.679.0 - Motorola Solutions, Inc.)
    MOTOTRBO Flashzap Driver (HKLM-x32\...\{4C6D6A7E-A04F-4D6F-891F-F66326C33A55}) (Version: 1.5.0 - Motorola Solutions)
    MOTOTRBO Radio Driver (HKLM-x32\...\{14FA5F3A-9F26-4AF8-BC0D-F45A5370A5D8}) (Version: 7.0.0 - Motorola Solutions)
    MOTOTRBO Tuner (HKLM-x32\...\{DC5876CC-0FA8-4EC8-83FB-7DB3A4DD95F6}) (Version: 13.0.214.0 - Motorola Solutions, Inc.)
    Mozilla Firefox 59.0.2 (x64 en-US) (HKLM\...\Mozilla Firefox 59.0.2 (x64 en-US)) (Version: 59.0.2 - Mozilla)
    Mozilla Maintenance Service (HKLM\...\MozillaMaintenanceService) (Version: 59.0.2 - Mozilla)
    OEM Application Profile (HKLM-x32\...\{8F92E0CF-620B-5C20-F292-59C93567B06D}) (Version: 1.00.0000 - Advanced Micro Devices, Inc.)
    Office 16 Click-to-Run Extensibility Component (HKLM-x32\...\{90160000-008C-0000-0000-0000000FF1CE}) (Version: 16.0.9126.2116 - Microsoft Corporation) Hidden
    Office 16 Click-to-Run Extensibility Component 64-bit Registration (HKLM\...\{90160000-00DD-0000-1000-0000000FF1CE}) (Version: 16.0.9126.2116 - Microsoft Corporation) Hidden
    Office 16 Click-to-Run Licensing Component (HKLM\...\{90160000-008F-0000-1000-0000000FF1CE}) (Version: 16.0.9126.2116 - Microsoft Corporation) Hidden
    Office 16 Click-to-Run Localization Component (HKLM-x32\...\{90160000-008C-0409-0000-0000000FF1CE}) (Version: 16.0.9126.2116 - Microsoft Corporation) Hidden
    Power2Go (HKLM-x32\...\{40BF1E83-20EB-11D8-97C5-0009C5020658}) (Version: 5.6.0.10525 - CyberLink Corp.)
    PxMergeModule (HKLM-x32\...\{024521CF-C07E-4F8E-8481-0D75695E03AF}) (Version: 1.00.0000 - Your Company Name) Hidden
    Realtek Card Reader (HKLM-x32\...\{5BC2B5AB-80DE-4E83-B8CF-426902051D0A}) (Version: 6.3.9600.39058 - Realtek Semiconductor Corp.)
    Realtek Ethernet Controller Driver (HKLM-x32\...\{8833FFB6-5B0C-4764-81AA-06DFEED9A476}) (Version: 8.24.1218.2013 - Realtek)
    SafeZone Stable 4.58.2552.909 (HKLM-x32\...\SafeZone 4.58.2552.909) (Version: 4.58.2552.909 - Avast Software) Hidden
    Samsung USB Driver for Mobile Phones (HKLM\...\{D0795B21-0CDA-4a92-AB9E-6E92D8111E44}) (Version: 1.5.61.0 - Samsung Electronics Co., Ltd.)
    SUABnR (HKLM-x32\...\{2485354C-6B65-4978-BB91-CCE61442377B}) (Version: 1.1.0.13103_1 - Samsung Electronics Co., Ltd.) Hidden
    SUABnR (HKLM-x32\...\InstallShield_{2485354C-6B65-4978-BB91-CCE61442377B}) (Version: 1.1.0.13103_1 - Samsung Electronics Co., Ltd.)
    Synaptics Pointing Device Driver (HKLM\...\SynTPDeinstKey) (Version: 17.0.14.87 - Synaptics Incorporated)
    TVMC (HKU\S-1-5-21-2884328260-4161459596-3251688260-1002\...\TVMC) (Version: - TVADDONS.ag)
    Verizon Wireless Software Upgrade Assistant - Samsung(ar) (HKLM-x32\...\{F3BA1C5E-51F1-4256-B5FD-0C060D963D35}) (Version: 2.17.0214 - Samsung Electronics Co., Ltd.)
    Verizon Wireless Software Utility Application for Android - Samsung (HKLM-x32\...\{EDB7BFB3-9B55-4A70-920F-35226A4E4A12}) (Version: 2.16.0504 - Samsung Electronics Co., Ltd.)
    VLC media player (HKLM-x32\...\VLC media player) (Version: 2.2.6 - VideoLAN)
    Windows Driver Package - Motorola Solutions, Inc. (fudally) MotorolaUSBFlashZap (12/16/2013 03.06.00.00) (HKLM\...\2D90B67314B69A2CF262EE94A03EDAA1172E8062) (Version: 12/16/2013 03.06.00.00 - Motorola Solutions, Inc.)
    Windows Driver Package - Motorola Solutions, Inc. Net (08/14/2012 7.0.0) (HKLM\...\2CDFB2AEF8A1FAE5F8797FE0E2B260D0D5A0F25D) (Version: 08/14/2012 7.0.0 - Motorola Solutions, Inc.)
    WinRAR archiver (HKLM-x32\...\WinRAR archiver) (Version: - )

    ==================== Custom CLSID (Whitelisted): ==========================

    (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

    CustomCLSID: HKU\S-1-5-21-2884328260-4161459596-3251688260-1002_Classes\CLSID\{162C6FB5-44D3-435B-903D-E613FA093FB5}\InprocServer32 -> C:\Users\Anthony\AppData\Local\Microsoft\OneDrive\17.3.6998.0830\amd64\FileCoAuthLib64.dll => No File
    ShellIconOverlayIdentifiers: [00asw] -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Program Files\AVAST Software\Avast\ashShA64.dll [2018-04-11] (AVAST Software)
    ShellIconOverlayIdentifiers: [00avast] -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Program Files\AVAST Software\Avast\ashShA64.dll [2018-04-11] (AVAST Software)
    ContextMenuHandlers1: [avast] -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Program Files\AVAST Software\Avast\ashShA64.dll [2018-04-11] (AVAST Software)
    ContextMenuHandlers1: [ShellConverter] -> {30A4E07E-068A-4d91-8F05-691283A1336B} => C:\Program Files (x86)\Common Files\AVSMedia\ActiveX\AVSShellConverter64.dll [2013-05-27] (Online Media Technologies Ltd.)
    ContextMenuHandlers1-x32: [WinRAR] -> {B41DB860-8EE4-11D2-9906-E49FADC173CA} => C:\Program Files (x86)\WinRAR\rarext.dll [2002-05-14] ()
    ContextMenuHandlers3: [00asw] -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Program Files\AVAST Software\Avast\ashShA64.dll [2018-04-11] (AVAST Software)
    ContextMenuHandlers4-x32: [WinRAR] -> {B41DB860-8EE4-11D2-9906-E49FADC173CA} => C:\Program Files (x86)\WinRAR\rarext.dll [2002-05-14] ()
    ContextMenuHandlers5: [ACE] -> {5E2121EE-0300-11D4-8D3B-444553540000} => C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\atiacm64.dll [2014-04-19] (Advanced Micro Devices, Inc.)
    ContextMenuHandlers6: [avast] -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Program Files\AVAST Software\Avast\ashShA64.dll [2018-04-11] (AVAST Software)
    ContextMenuHandlers6-x32: [WinRAR] -> {B41DB860-8EE4-11D2-9906-E49FADC173CA} => C:\Program Files (x86)\WinRAR\rarext.dll [2002-05-14] ()

    ==================== Scheduled Tasks (Whitelisted) =============

    (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

    Task: {0905D59B-30C1-47C5-977C-8CC15F5780EF} - System32\Tasks\Microsoft\Office\OfficeTelemetryAgentLogOn2016 => C:\Program Files (x86)\Microsoft Office\root\Office16\msoia.exe [2018-03-30] (Microsoft Corporation)
    Task: {14BD9000-045C-414B-977E-61798310D439} - System32\Tasks\Microsoft\Office\OfficeTelemetryAgentFallBack2016 => C:\Program Files (x86)\Microsoft Office\root\Office16\msoia.exe [2018-03-30] (Microsoft Corporation)
    Task: {27F9C398-F44C-4CEA-A31C-F13E0234C4CA} - System32\Tasks\Microsoft\Office\OfficeBackgroundTaskHandlerRegistration => C:\Program Files (x86)\Microsoft Office\root\Office16\officebackgroundtaskhandler.exe [2018-03-30] (Microsoft Corporation)
    Task: {2D475C95-5028-46F3-8FE5-1E61A561018A} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2016-09-21] (Google Inc.)
    Task: {42C9268D-A352-45FB-B34D-E28FF89A509F} - System32\Tasks\McAfee Remediation (Prepare) => C:\Program Files\Common Files\AV\McAfee Anti-Virus And Anti-Spyware\upgrade.exe [2016-12-15] (McAfee, Inc.)
    Task: {432D6F1B-6A60-4767-8352-6A20DE857B6F} - System32\Tasks\Microsoft\Office\OfficeBackgroundTaskHandlerLogon => C:\Program Files (x86)\Microsoft Office\root\Office16\officebackgroundtaskhandler.exe [2018-03-30] (Microsoft Corporation)
    Task: {56C229B2-019A-4F1D-9E52-D51DD97CC0B9} - System32\Tasks\Avast Emergency Update => C:\Program Files\AVAST Software\Avast\AvEmUpdate.exe [2018-04-11] (AVAST Software)
    Task: {6645A935-B059-4D65-A4A0-E988427682CC} - System32\Tasks\Microsoft\Office\Office Automatic Updates 2.0 => C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeC2RClient.exe [2018-03-24] (Microsoft Corporation)
    Task: {729327A2-AE8D-402C-9E62-A0FA6CC9BA83} - System32\Tasks\Apple\AppleSoftwareUpdate => C:\Program Files (x86)\Apple Software Update\SoftwareUpdate.exe [2017-07-24] (Apple Inc.)
    Task: {7F799440-4527-4D48-8123-0204C612AF0B} - System32\Tasks\Lenovo\Lenovo Customer Feedback Program 64 35 => C:\Program Files (x86)\Lenovo\Customer Feedback Program 35\Lenovo.TVT.CustomerFeedback.Agent35.exe [2014-05-30] (Lenovo)
    Task: {9D8EF777-8C16-42C8-AC8E-AA1A3E6ACAFD} - System32\Tasks\Lenovo\Dependency Package Auto Update => C:\Program Files\Lenovo\iMController\AutoUpdate.exe [2014-05-21] ()
    Task: {9FD52BA9-E5AE-46AC-901D-9A5E4FF52439} - System32\Tasks\SafeZone scheduled Autoupdate 1478102784 => C:\Program Files\AVAST Software\SZBrowser\launcher.exe [2017-08-04] (Avast Software)
    Task: {A0EACBDA-35C7-42AF-A9CD-B2672C97A733} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2016-09-21] (Google Inc.)
    Task: {A60718F2-99E2-4B1A-8C04-626DEE05F6FE} - System32\Tasks\PDVDServ Task => C:\Program Files (x86)\Lenovo\PowerDVD10\PDVD10Serv.EXE [2013-03-08] (CyberLink Corp.)
    Task: {A6493868-3635-4018-B3EF-B4B2FD6A2D1F} - System32\Tasks\Avast Software\Overseer => C:\Program Files\Common Files\avast software\overseer\overseer.exe [2018-02-05] (AVAST Software)
    Task: {B1BE05AC-4F65-4A8A-81DA-5A9122D98F48} - System32\Tasks\Synaptics TouchPad Enhancements => C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [2014-04-22] (Synaptics Incorporated)
    Task: {D4307C0E-1538-4922-B38F-83A923068BE9} - System32\Tasks\Microsoft\Office\Office ClickToRun Service Monitor => C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeC2RClient.exe [2018-03-24] (Microsoft Corporation)
    Task: {EA5F3F4C-9B84-48E0-B06F-AFA991A3B5FE} - System32\Tasks\Adobe Acrobat Update Task => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2018-02-09] (Adobe Systems Incorporated)
    Task: {F53812FE-4C92-4603-BAAB-3645F5B5168F} - System32\Tasks\AVAST Software\Avast settings backup => C:\Program Files\Common Files\AV\avast! Antivirus\backup.exe

    (If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)


    ==================== Shortcuts & WMI ========================

    (The entries could be listed to be restored or removed.)


    ==================== Loaded Modules (Whitelisted) ==============

    2014-04-19 01:12 - 2014-04-19 01:12 - 000127488 _____ () C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Container.Wlan.dll
    2017-12-08 02:48 - 2017-12-08 02:48 - 000088888 _____ () C:\Program Files\Common Files\Apple\Apple Application Support\zlib1.dll
    2017-12-08 02:48 - 2017-12-08 02:48 - 001356088 _____ () C:\Program Files\Common Files\Apple\Apple Application Support\libxml2.dll
    2014-03-14 22:33 - 2014-03-14 22:33 - 000049368 _____ () C:\Program Files\Lenovo\Bluetooth Software\btwleapi.dll
    2017-02-21 20:00 - 2018-03-30 16:27 - 008936112 _____ () C:\Program Files (x86)\Microsoft Office\root\VFS\ProgramFilesX64\Microsoft Office\Office16\1033\GrooveIntlResource.dll
    2014-08-26 08:54 - 2010-10-26 16:40 - 000049056 _____ () C:\Program Files\CONEXANT\ForteConfig\fmapp.exe
    2014-04-19 01:12 - 2014-04-19 01:12 - 000102400 _____ () C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Proxy.Native.dll
    2018-03-22 21:19 - 2018-03-20 02:00 - 004435288 _____ () C:\Program Files (x86)\Google\Chrome\Application\65.0.3325.181\libglesv2.dll
    2018-03-22 21:19 - 2018-03-20 02:00 - 000099672 _____ () C:\Program Files (x86)\Google\Chrome\Application\65.0.3325.181\libegl.dll
    2018-04-11 08:52 - 2018-04-11 08:52 - 000282840 _____ () C:\Program Files\AVAST Software\Avast\tasks_core.dll
    2018-04-11 08:53 - 2018-04-11 08:53 - 067126928 _____ () C:\Program Files\AVAST Software\Avast\libcef.dll
    2018-04-11 08:52 - 2018-04-11 08:52 - 000349912 _____ () C:\Program Files\AVAST Software\Avast\streamback_avast.dll
    2018-04-11 08:52 - 2018-04-11 08:52 - 000295640 _____ () C:\Program Files\AVAST Software\Avast\streamback.dll
    2018-04-11 08:52 - 2018-04-11 08:52 - 000281816 _____ () C:\Program Files\AVAST Software\Avast\gaming_mode_ui.dll

    ==================== Alternate Data Streams (Whitelisted) =========

    (If an entry is included in the fixlist, only the ADS will be removed.)

    AlternateDataStreams: C:\Windows:nlsPreferences [386]

    ==================== Safe Mode (Whitelisted) ===================

    (If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)

    HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\mcpltsvc => ""=""
    HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mcpltsvc => ""=""
    HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\VDWFP => ""="Driver"

    ==================== Association (Whitelisted) ===============

    (If an entry is included in the fixlist, the registry item will be restored to default or removed.)


    ==================== Internet Explorer trusted/restricted ===============

    (If an entry is included in the fixlist, it will be removed from the registry.)


    ==================== Hosts content: ===============================

    (If needed Hosts: directive could be included in the fixlist to reset Hosts.)

    2013-08-22 09:25 - 2017-10-03 12:32 - 000000834 _____ C:\WINDOWS\system32\Drivers\etc\hosts


    ==================== Other Areas ============================

    (Currently there is no automatic fix for this section.)

    HKU\S-1-5-21-2884328260-4161459596-3251688260-1002\Control Panel\Desktop\\Wallpaper -> C:\Users\Anthony\Pictures\Camera Dump from Charlie's\DSC_0067.JPG
    DNS Servers: 192.168.1.254
    HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1)
    HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer => (SmartScreenEnabled: RequireAdmin)
    Windows Firewall is enabled.

    ==================== MSCONFIG/TASK MANAGER disabled items ==

    HKU\S-1-5-21-2884328260-4161459596-3251688260-1002\...\StartupApproved\Run: => "Lync"

    ==================== FirewallRules (Whitelisted) ===============

    (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

    FirewallRules: [{11490839-D86C-47CC-A477-DD9B01747220}] => (Allow) C:\Program Files (x86)\Lenovo\PowerDVD10\PowerDVD Cinema\PowerDVDCinema10.exe
    FirewallRules: [{73E5D65B-C234-4998-80A2-CC308A2E0459}] => (Allow) C:\Program Files (x86)\Lenovo\PowerDVD10\PowerDVD10.EXE
    FirewallRules: [{5B55C738-B765-4C7E-B386-27C3BA197809}] => (Allow) LPort=55100
    FirewallRules: [{B475B642-0DE5-4A07-AD87-1B84B964F24A}] => (Allow) C:\Program Files\Lenovo PhotoMasterImport\PhotoMasterImport.exe
    FirewallRules: [{248EF331-63CB-4216-BAC7-691E9F8A0D52}] => (Allow) C:\Program Files (x86)\Microsoft Office\root\Office16\Lync.exe
    FirewallRules: [{B39EDCF1-6BBF-4F93-8252-E1E057A4A1F9}] => (Allow) C:\Program Files (x86)\Microsoft Office\root\Office16\UcMapi.exe
    FirewallRules: [{46E207CD-8510-42FB-8E89-72A5DB10F64B}] => (Allow) C:\Program Files (x86)\Microsoft Office\root\Office16\Lync.exe
    FirewallRules: [{343F0D82-6C2B-4475-824C-85C15B985131}] => (Allow) C:\Program Files (x86)\Microsoft Office\root\Office16\UcMapi.exe
    FirewallRules: [{30001FB2-BA61-471B-A38A-07EB12896195}] => (Allow) LPort=7935
    FirewallRules: [{0F5EE758-ACEE-4375-A0AB-25C7E6DBB27E}] => (Allow) C:\Program Files (x86)\Adobe\Adobe Flash Builder 4.5\FlashBuilder.exe
    FirewallRules: [{DE327004-0FCB-49BF-8241-F325823DE7FE}] => (Allow) C:\Program Files (x86)\Adobe\Adobe Flash Builder 4.5\FlashBuilder.exe
    FirewallRules: [{058D1B50-9F83-48C7-BA87-9D96027D50B3}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe
    FirewallRules: [{4A04FCD9-0DE2-4125-B354-BA0CB50A68F9}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe
    FirewallRules: [{07D19C31-1315-4E42-B2BE-872FA9120651}] => (Allow) C:\Program Files (x86)\Bonjour\mDNSResponder.exe
    FirewallRules: [{DB157690-D706-45F9-A50C-5ECD84369709}] => (Allow) C:\Program Files (x86)\Bonjour\mDNSResponder.exe
    FirewallRules: [{928E5FA9-AE9A-45A1-A179-992CE03771E7}] => (Allow) C:\Program Files\AVAST Software\SZBrowser\4.58.2552.909_0\SZBrowser.exe
    FirewallRules: [{4D688862-2D26-47A2-A582-4522F46237A4}] => (Allow) C:\Program Files\AVAST Software\SZBrowser\4.58.2552.909\SZBrowser.exe
    FirewallRules: [{93BBEBD3-9B79-4959-97CE-321F164F658E}] => (Allow) C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe
    FirewallRules: [{912ACB5D-614F-414F-A5F9-29C7A76B78F5}] => (Allow) C:\Program Files (x86)\Microsoft Office\root\Office16\outlook.exe
    FirewallRules: [{40FB6D6C-460E-4BF5-A3EF-02590BBE9D1A}] => (Allow) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
    FirewallRules: [{09313B79-9351-4574-8F8D-5D38ED5D74CD}] => (Allow) C:\Program Files\Mozilla Firefox\firefox.exe
    FirewallRules: [{D8689396-70DF-4A94-BB51-758C5F666BC1}] => (Allow) C:\Program Files\Mozilla Firefox\firefox.exe

    ==================== Restore Points =========================

    22-03-2018 13:14:49 Removed Apple Application Support (32-bit)
    03-04-2018 11:25:23 Scheduled Checkpoint

    ==================== Faulty Device Manager Devices =============

    Name:
    Description:
    Class Guid:
    Manufacturer:
    Service:
    Problem: : The drivers for this device are not installed. (Code 28)
    Resolution: To install the drivers for this device, click "Update Driver", which starts the Hardware Update wizard.


    ==================== Event log errors: =========================

    Application errors:
    ==================
    Error: (04/11/2018 04:15:15 PM) (Source: Bonjour Service) (EventID: 100) (User: )
    Description: Task Scheduling Error: m->NextScheduledSPRetry 23580172

    Error: (04/11/2018 04:15:15 PM) (Source: Bonjour Service) (EventID: 100) (User: )
    Description: Task Scheduling Error: m->NextScheduledEvent 23580172

    Error: (04/11/2018 04:15:15 PM) (Source: Bonjour Service) (EventID: 100) (User: )
    Description: Task Scheduling Error: Continuously busy for more than a second

    Error: (04/11/2018 09:42:20 AM) (Source: Bonjour Service) (EventID: 100) (User: )
    Description: Task Scheduling Error: m->NextScheduledSPRetry 4610

    Error: (04/11/2018 09:42:20 AM) (Source: Bonjour Service) (EventID: 100) (User: )
    Description: Task Scheduling Error: m->NextScheduledEvent 4610

    Error: (04/11/2018 09:42:20 AM) (Source: Bonjour Service) (EventID: 100) (User: )
    Description: Task Scheduling Error: Continuously busy for more than a second

    Error: (04/11/2018 09:42:18 AM) (Source: Bonjour Service) (EventID: 100) (User: )
    Description: Task Scheduling Error: m->NextScheduledSPRetry 3079

    Error: (04/11/2018 09:42:18 AM) (Source: Bonjour Service) (EventID: 100) (User: )
    Description: Task Scheduling Error: m->NextScheduledEvent 3079


    System errors:
    =============
    Error: (04/11/2018 04:15:21 PM) (Source: Schannel) (EventID: 4120) (User: NT AUTHORITY)
    Description: A fatal alert was generated and sent to the remote endpoint. This may result in termination of the connection. The TLS protocol defined fatal error code is 40. The Windows SChannel error state is 252.

    Error: (04/11/2018 09:28:18 AM) (Source: Schannel) (EventID: 4120) (User: NT AUTHORITY)
    Description: A fatal alert was generated and sent to the remote endpoint. This may result in termination of the connection. The TLS protocol defined fatal error code is 40. The Windows SChannel error state is 252.

    Error: (04/11/2018 09:12:18 AM) (Source: Schannel) (EventID: 4120) (User: NT AUTHORITY)
    Description: A fatal alert was generated and sent to the remote endpoint. This may result in termination of the connection. The TLS protocol defined fatal error code is 40. The Windows SChannel error state is 252.

    Error: (04/11/2018 09:04:14 AM) (Source: Schannel) (EventID: 4120) (User: NT AUTHORITY)
    Description: A fatal alert was generated and sent to the remote endpoint. This may result in termination of the connection. The TLS protocol defined fatal error code is 40. The Windows SChannel error state is 252.

    Error: (04/11/2018 09:00:14 AM) (Source: Schannel) (EventID: 4120) (User: NT AUTHORITY)
    Description: A fatal alert was generated and sent to the remote endpoint. This may result in termination of the connection. The TLS protocol defined fatal error code is 40. The Windows SChannel error state is 252.

    Error: (04/11/2018 08:58:10 AM) (Source: Schannel) (EventID: 4120) (User: NT AUTHORITY)
    Description: A fatal alert was generated and sent to the remote endpoint. This may result in termination of the connection. The TLS protocol defined fatal error code is 40. The Windows SChannel error state is 252.

    Error: (04/11/2018 08:57:09 AM) (Source: Schannel) (EventID: 4120) (User: NT AUTHORITY)
    Description: A fatal alert was generated and sent to the remote endpoint. This may result in termination of the connection. The TLS protocol defined fatal error code is 40. The Windows SChannel error state is 252.

    Error: (04/11/2018 08:56:18 AM) (Source: Service Control Manager) (EventID: 7000) (User: )
    Description: The Service Installer TrueKey service failed to start due to the following error:
    The system cannot find the file specified.


    Windows Defender:
    ===================================
    Date: 2016-10-15 18:01:53.365
    Description:
    Windows Defender has detected malware or other potentially unwanted software.
    For more information please see the following:
    http://go.microsoft.com/fwlink/?linkid=37020&name=HackTool:Win32/Keygen&threatid=2147593794
    Name: HackTool:Win32/Keygen
    ID: 2147593794
    Severity: Medium
    Category: Tool
    Path: file:_F:\WinRar3 plus crack\Crack + Keygen\azl_wrar28_kg.exe
    Detection Origin: Local machine
    Detection Type: Concrete
    Detection Source: Real-Time Protection
    Process Name: C:\Windows\explorer.exe
    Signature Version: AV: 1.169.55.0, AS: 1.169.55.0, NIS: 110.21.0.0
    Engine Version: AM: 1.1.10401.0, NIS: 2.1.10302.0

    Date: 2016-10-15 18:00:47.672
    Description:
    Windows Defender has detected malware or other potentially unwanted software.
    For more information please see the following:
    http://go.microsoft.com/fwlink/?linkid=37020&name=HackTool:Win32/Keygen&threatid=2147593794
    Name: HackTool:Win32/Keygen
    ID: 2147593794
    Severity: Medium
    Category: Tool
    Path: file:_F:\WinRar3 plus crack\Crack + Keygen\azl_wrar28_kg.exe
    Detection Origin: Local machine
    Detection Type: Concrete
    Detection Source: Real-Time Protection
    Process Name: C:\Windows\System32\svchost.exe
    Signature Version: AV: 1.169.55.0, AS: 1.169.55.0, NIS: 110.21.0.0
    Engine Version: AM: 1.1.10401.0, NIS: 2.1.10302.0

    Date: 2016-10-15 17:59:46.206
    Description:
    Windows Defender has detected malware or other potentially unwanted software.
    For more information please see the following:
    http://go.microsoft.com/fwlink/?linkid=37020&name=HackTool:Win32/Keygen&threatid=2147593794
    Name: HackTool:Win32/Keygen
    ID: 2147593794
    Severity: Medium
    Category: Tool
    Path: file:_F:\WinRar3 plus crack\Crack + Keygen\azl_wrar28_kg.exe
    Detection Origin: Local machine
    Detection Type: Concrete
    Detection Source: Real-Time Protection
    Process Name: C:\Windows\explorer.exe
    Signature Version: AV: 1.169.55.0, AS: 1.169.55.0, NIS: 110.21.0.0
    Engine Version: AM: 1.1.10401.0, NIS: 2.1.10302.0

    Date: 2016-10-15 15:46:46.368
    Description:
    Windows Defender scan has been stopped before completion.
    Scan ID: {F152C1D9-22A0-4004-AA65-26C49887BE03}
    Scan Type: Antimalware
    Scan Parameters: Quick Scan

    Date: 2016-10-15 15:42:42.164
    Description:
    Windows Defender scan has been stopped before completion.
    Scan ID: {D52A09C1-F95C-43DD-B9BD-E70B24FF9845}
    Scan Type: Antimalware
    Scan Parameters: Quick Scan

    CodeIntegrity:
    ===================================

    Date: 2018-04-11 08:40:25.462
    Description:
    Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume5\Windows\System32\wow64.dll because the set of per-page image hashes could not be found on the system.

    Date: 2018-04-11 08:40:25.366
    Description:
    Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume5\Windows\System32\wow64.dll because the set of per-page image hashes could not be found on the system.

    Date: 2018-04-10 11:41:14.964
    Description:
    Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume5\Windows\System32\wow64.dll because the set of per-page image hashes could not be found on the system.

    Date: 2018-04-10 11:41:14.871
    Description:
    Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume5\Windows\System32\wow64.dll because the set of per-page image hashes could not be found on the system.

    Date: 2018-04-09 19:44:22.797
    Description:
    Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume5\Windows\System32\wow64.dll because the set of per-page image hashes could not be found on the system.

    Date: 2018-04-09 19:44:22.701
    Description:
    Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume5\Windows\System32\wow64.dll because the set of per-page image hashes could not be found on the system.

    Date: 2018-04-05 08:57:12.045
    Description:
    Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume5\Windows\System32\wow64.dll because the set of per-page image hashes could not be found on the system.

    Date: 2018-04-05 08:57:11.959
    Description:
    Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume5\Windows\System32\wow64.dll because the set of per-page image hashes could not be found on the system.

    ==================== Memory info ===========================

    Processor: AMD A8-6410 APU with AMD Radeon R5 Graphics
    Percentage of memory in use: 54%
    Total physical RAM: 5080.26 MB
    Available physical RAM: 2305.08 MB
    Total Virtual: 5912.26 MB
    Available Virtual: 3282.08 MB

    ==================== Drives ================================

    Drive c: (Windows8_OS) (Fixed) (Total:890.1 GB) (Free:811.48 GB) NTFS ==>[system with boot components (obtained from drive)]
    Drive d: (LENOVO) (Fixed) (Total:25 GB) (Free:24.9 GB) NTFS
    Drive e: (LED Fan Editor) (CDROM) (Total:0.01 GB) (Free:0 GB) UDF
    Drive g: (BROWNING) (Removable) (Total:29.71 GB) (Free:29.71 GB) FAT32

    \\?\Volume{36046337-7e27-4cb1-9373-d278882fd359}\ (WINRE_DRV) (Fixed) (Total:0.98 GB) (Free:0.68 GB) NTFS
    \\?\Volume{16ec3142-726e-4d53-bcaa-b9ab51836b37}\ (PBR_DRV) (Fixed) (Total:14.08 GB) (Free:4.27 GB) NTFS

    ==================== MBR & Partition Table ==================

    ========================================================
    Disk: 0 (Size: 931.5 GB) (Disk ID: 746FD211)

    Partition: GPT.

    ========================================================
    Disk: 1 (Protective MBR) (Size: 29.7 GB) (Disk ID: 00000000)

    Partition: GPT.

    ==================== End of Addition.txt ============================
     
  2. broni

    broni Malware Annihilator Techie7 Moderator Head Security

    Please, observe following rules:
    • Read all of my instructions very carefully. Your mistakes during cleaning process may have very serious consequences, like unbootable computer.
    • If you're stuck, or you're not sure about certain step, always ask before doing anything else.
    • Please refrain from running any tools, fixes or applying any changes to your computer other than those I suggest.
    • Never run more than one scan at a time.
    • Keep updating me regarding your computer behavior, good, or bad.
    • The cleaning process, once started, has to be completed. Even if your computer appears to act better, it may still be infected. Once the computer is totally clean, I'll certainly let you know.
    • If you leave the topic without explanation in the middle of a cleaning process, you may not be eligible to receive any more help in malware removal forum.
    • I close my topics if you have not replied in 5 days. If you need more time, simply let me know. If I closed your topic and you need it to be reopened, simply PM me.

    ===================================

    What exactly is slow?

    [​IMG] Download RogueKiller from one of the following links and save it to your Desktop:

    Link 1
    Link 2
    • Close all the running programs
    • Double click on downloaded setup.exe file to install the program.
    • Click on Start Scan button.
    • Click on another Start Scan button.
    • Wait until the Status box shows Scan Finished
    • Click on Remove Selected.
    • Wait until the Status box shows Deleting Finished.
    • Click on Report and copy/paste the content of the Notepad into your next reply.
    • RKreport.txt could also be found on your desktop.
    • If more than one log is produced post all logs.
    [​IMG] Please download Malwarebytes to your desktop.
    • Double-click mb3-setup-consumer-{version}.exe and follow the prompts to install the program.
    • Then click Finish.
    • Once the program has fully updated, select Scan Now on the Dashboard. Or select the Threat Scan from the Scan menu.
    • If another update of the definitions is available, it will be implemented before the rest of the scanning procedure.
    • When the scan is complete, make sure that all Threats are selected, and click Remove Selected.
    • Restart your computer when prompted to do so.
    • The Scan log is available throughout History ->Application logs. Please post it contents in your next reply.
    [​IMG] Please download AdwCleaner by Xplode and save to your Desktop.
    • Double click on AdwCleaner.exe to run the tool.
      Vista/Windows 7/8/10 users right-click and select Run As Administrator
    • The tool will start to update the database if one is required.
    • Click on the Scan button.
    • AdwCleaner will begin...be patient as the scan may take some time to complete.
    • After the scan has finished, click on the Logfile button.
    • A window will open which lists the logs of your scans.
    • Click on the Scan tab.
    • Double-click the most recent scan which will be at the top of the list....the log will appear.
    • Review the results...see note below
    • After reviewing the log, click on the Clean button.
    • Press OK when asked to close all programs and follow the onscreen prompts.
    • Press OK again to allow AdwCleaner to restart the computer and complete the removal process.
    • After rebooting, a logfile report (AdwCleaner[CX].txt) will open automatically (where the largest value of X represents the most recent report).
    • To open a Cleaning log, launch AdwareClearer, click on the Logfile button, click on the Cleaning tab and double-click the log at the top of the list.
    • Copy and paste the contents of AdwCleaner[CX].txt in your next reply.
    • A copy of all logfiles are saved to C:\AdwCleaner.
    -- Note: The contents of the AdwCleaner log file may be confusing. Unless you see a program name or entry that you recognize and know should not be removed, don't worry about it. If you see an entry you want to keep, return to AdwCleaner before cleaning...all detected items will be listed (and checked) in each tab. Click on and uncheck any items you want to keep.
     
  3. awjohnson2

    awjohnson2 Established Techie7 Member

    The computer has been very slow to respond in general, but particularly online using Chrome or Firefox. Recently, after unwisely allowing one of the kids to use it to apply for a job, when entering web addresses I am either redirected to another site or it just seems to do nothing.

    In your list in the above reply, should I download all the programs at once or go through each instruction individually prior to continuing to the next one?
     
  4. broni

    broni Malware Annihilator Techie7 Moderator Head Security

    It doesn't matter.