1. #1

    Heuristic.Reserved.Word.Exploit malware?

    My computer is a Lenovo Z40-70 laptop. It is infected with something that has been making it run increasingly slow, especially whenever in web-browsers; as well as causing a number of other problems including making my built in webcam not work any more (its still detected in device manager, but shows a black screen or gives an error message "Camera is in use by another app. Close that app and try again" when I try to turn it).

    I have had the free version of AVG running as my primary antivirus, but have downloaded a number of other things to try to figure out what the problem is as suggested to me by various people. I have run Spybot S&D, Hitman Pro, tdsskiller, AdwCleaner, and Malwarebytes. AVG, spybot, and adwcleaner have all found a number of problems that I believe to be more caused by whatever is the root of the problem. I then ran sfc/scannow which found a number of problems which it fixed some of, but not all of. After running sfc/scannow and restarting the computer, the computer is running much more smoothly than it has been (but not as quick as before the problem still, webcam still doesn't work, etc.), but now a number of error messages pop up at start up including:

    BTServer.exe - System Error
    The Program can't start because mfc110u.dll is missing from your computer. Try reinstalling the program to fix the problem

    RunDLL
    There was a problem starting C:\Program Files (x86)\Lenovo\PowerMgr\PWRMGRV.ocx
    This application has failed to start because its side-by-side configuration is incorrect. Please see the application event log or use the command-line sxstrace.exe tool for more detail.
    (This one shows up twice)

    As well as a number of similar messages in regards to AVG not being able to start. Tyring to open AVG at this point just opened an empty blue window, so I uninstalled, and trying to re-install just presents me with an error message and fails. I ran Malwarebytes again at this point, and it detected Heuristic.Reserved.Word.Exploit malware. Whether or not Malwarebytes actually got rid of the root of the problem this time, I do not know, but am left with all the residual problems it caused. Looking for help to clean everything up and get everything running normally again. All requested logs will follow. Thanks!

    Logs:
    FRST.txt:

    Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version:25-01-2016
    Ran by Lorn (administrator) on LORNSLAPTOP (25-01-2016 15:36:36)
    Running from C:\Users\Lorn\Desktop
    Loaded Profiles: UpdatusUser & Lorn (Available Profiles: UpdatusUser & Lorn & pooter)
    Platform: Windows 8.1 (X64) Language: English (United States)
    Internet Explorer Version 11 (Default browser: FF)
    Boot Mode: Normal
    Tutorial for Farbar Recovery Scan Tool: FRST Tutorial - How to use Farbar Recovery Scan Tool - Malware Removal Guides and Tutorials

    ==================== Processes (Whitelisted) =================

    (If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

    (NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
    (NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
    (NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
    (Microsoft Corporation) C:\Windows\System32\wlanext.exe
    (Apple Inc.) C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
    (Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
    (Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
    () C:\Program Files (x86)\Realtek\Realtek Bluetooth\BTDevMgr.exe
    (Conexant Systems Inc.) C:\Windows\System32\CxAudMsg64.exe
    (SEIKO EPSON CORPORATION) C:\Program Files (x86)\EPSON Projector\EPSON USB Display V1.4\EMP_UDSA.exe
    (NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\GeForce Experience Service\GfExperienceService.exe
    (Intel(R) Corporation) C:\Program Files\Intel\iCLS Client\HeciServer.exe
    (LENOVO INCORPORATED.) C:\Program Files\lenovo\iMController\SystemAgentService.exe
    (Lenovo(beijing) Limited) C:\Windows\System32\LenovoWiFiHotspotSvr.exe
    (NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe
    (NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamService.exe
    (NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe
    (Conexant Systems, Inc.) C:\Windows\SysWOW64\SASrv.exe
    (Safer-Networking Ltd.) C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe
    (Safer-Networking Ltd.) C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe
    (Safer-Networking Ltd.) C:\Program Files (x86)\Spybot - Search & Destroy 2\SDWSCSvc.exe
    (Microsoft Corporation) C:\Windows\System32\GWX\GWX.exe
    (Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
    (Microsoft Corporation) C:\Windows\System32\SettingSyncHost.exe
    (NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamNetworkService.exe
    (Microsoft Corporation) C:\Windows\System32\SkyDrive.exe
    (Intel Corporation) C:\Windows\System32\igfxtray.exe
    (Intel Corporation) C:\Windows\System32\igfxsrvc.exe
    (Intel Corporation) C:\Windows\System32\hkcmd.exe
    (Intel Corporation) C:\Windows\System32\igfxpers.exe
    (NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamUserAgent.exe
    (Conexant Systems, Inc.) C:\Program Files\CONEXANT\cAudioFilterAgent\CAudioFilterAgent64.exe
    () C:\Program Files\CONEXANT\ForteConfig\fmapp.exe
    (Lenovo) C:\Program Files\lenovo\Onekey Theater\OnekeyStudio.exe
    (Apple Inc.) C:\Program Files\iTunes\iTunesHelper.exe
    (Realtek semiconductor) C:\Windows\RTFTrack.exe
    (NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe
    (Apple Inc.) C:\Program Files\iPod\bin\iPodService.exe
    (Safer-Networking Ltd.) C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe
    (Microsoft Corporation) C:\Windows\System32\dllhost.exe
    (Microsoft Corporation) C:\Windows\SysWOW64\rundll32.exe
    (Microsoft Corporation) C:\Windows\System32\rundll32.exe
    (Lenovo Group Limited) C:\Program Files (x86)\Lenovo\PowerMgr\SCHTASK.exe
    (Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
    (Lenovo) C:\Users\Lorn\AppData\Local\Apps\2.0\CJTBYB5H.0QE\HZPMNTK5.B34\lsb...tion_91a10ba61c75c82d_0001.0006_f185aae74f563194\LSB.exe
    (Lenovo) C:\Program Files\lenovo\Lenovo Solution Center\LSCNotify.exe
    (Intel Corporation) C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe
    (Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe
    (Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
    (Dolby Laboratories Inc.) C:\Program Files\Dolby Digital Plus\ddpe.exe
    (Adobe Systems, Inc.) C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_20_0_0_286.exe
    (Adobe Systems, Inc.) C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_20_0_0_286.exe
    (AVG Technologies CZ, s.r.o.) C:\Users\Lorn\Downloads\AVG_Protection_Free_698.exe
    (AVG Technologies CZ, s.r.o.) C:\Users\Lorn\AppData\Local\Temp\7zSCD71B3B5\avgsetupx.exe
    (AVG Technologies CZ, s.r.o.) C:\ProgramData\AVG\Setup\_Temp\3cfd8142-f5c6-47cc-a0bf-c141f79fc59d\avgsetupwrkx.exe
    (Microsoft Corporation) C:\Windows\System32\msiexec.exe


    ==================== Registry (Whitelisted) ===========================

    (If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

    HKLM\...\Run: [Nvtmru] => "C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\nvtmru.exe"
    HKLM\...\Run: [BtServer] => C:\Program Files (x86)\REALTEK\Realtek Bluetooth\BTServer.exe [216064 2014-01-06] (Realtek Semiconductor Corporation)
    HKLM\...\Run: [cAudioFilterAgent] => C:\Program Files\Conexant\cAudioFilterAgent\cAudioFilterAgent64.exe [907480 2013-09-04] (Conexant Systems, Inc.)
    HKLM\...\Run: [ForteConfig] => C:\Program Files\Conexant\ForteConfig\fmapp.exe [49056 2010-10-25] ()
    HKLM\...\Run: [SmartAudio] => C:\Program Files\CONEXANT\SAII\SACpl.exe [1647616 2012-06-12] (Conexant Systems, Inc.)
    HKLM\...\Run: [OnekeyStudio] => C:\Program Files\Lenovo\Onekey Theater\OnekeyStudio.exe [4196432 2012-09-14] (Lenovo)
    HKLM\...\Run: [AdobeAAMUpdater-1.0] => C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe [446392 2012-04-04] (Adobe Systems Incorporated)
    HKLM\...\Run: [iTunesHelper] => C:\Program Files\iTunes\iTunesHelper.exe [170256 2015-12-09] (Apple Inc.)
    HKLM\...\Run: [RtsFT] => C:\windows\RTFTrack.exe [6340312 2013-10-18] (Realtek semiconductor)
    HKLM\...\Run: [NvBackend] => C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe [2771576 2015-12-16] (NVIDIA Corporation)
    HKLM\...\Run: [ShadowPlay] => C:\windows\system32\rundll32.exe C:\windows\system32\nvspcap64.dll,ShadowPlayOnSystemStart
    HKLM-x32\...\Run: [SwitchBoard] => C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [517096 2010-02-19] (Adobe Systems Incorporated)
    HKLM-x32\...\Run: [AdobeCS6ServiceManager] => C:\Program Files (x86)\Common Files\Adobe\CS6ServiceManager\CS6ServiceManager.exe [1073312 2012-03-09] (Adobe Systems Incorporated)
    HKLM-x32\...\Run: [SDTray] => C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe [4101576 2014-06-24] (Safer-Networking Ltd.)
    HKLM-x32\...\Run: [Power Manager Startup Utility] => C:\Program Files (x86)\Lenovo\PowerMgr\DPMHost.exe [27496 2014-03-05] ()
    HKLM-x32\...\Run: [EPSON_UD_START] => C:\Program Files (x86)\EPSON Projector\EPSON USB Display V1.4\EMP_UD.exe [329704 2010-06-09] (SEIKO EPSON CORPORATION)
    HKLM-x32\...\Run: [AvgUi] => C:\Program Files (x86)\AVG\Framework\Common\avguirnx.exe [179624 2016-01-12] (AVG Technologies CZ, s.r.o.)
    HKLM-x32\...\Run: [SunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [596528 2015-12-22] (Oracle Corporation)
    Winlogon\Notify\igfxcui: C:\windows\system32\igfxdev.dll (Intel Corporation)
    HKU\S-1-5-21-3574037338-378681773-173497233-1002\...\Run: [Spotify Web Helper] => C:\Users\Lorn\AppData\Roaming\Spotify\SpotifyWebHelper.exe [2018360 2015-09-16] (Spotify Ltd)
    HKU\S-1-5-21-3574037338-378681773-173497233-1002\...\Run: [Spotify] => C:\Users\Lorn\AppData\Roaming\Spotify\Spotify.exe [7675448 2015-09-16] (Spotify Ltd)
    HKU\S-1-5-21-3574037338-378681773-173497233-1002\...\Run: [SpybotPostWindows10UpgradeReInstall] => C:\Program Files\Common Files\AV\Spybot - Search and Destroy\Test.exe [1011200 2015-07-28] (Safer-Networking Ltd.)
    HKU\S-1-5-21-3574037338-378681773-173497233-1002\...\MountPoints2: {2ad1b564-c361-11e4-8285-1008b17b2c6e} - "F:\ZTE_Handset_USB_Driver.exe"
    HKU\S-1-5-21-3574037338-378681773-173497233-1002\...\MountPoints2: {d093ff6e-42fb-11e5-82a8-1008b17b2c6e} - "F:\EMP_UDSe.exe" /autorun
    HKU\S-1-5-21-3574037338-378681773-173497233-1002\Control Panel\Desktop\\SCRNSAVE.EXE -> C:\windows\system32\logon.scr
    CHR HKLM\SOFTWARE\Policies\Google: Restriction <======= ATTENTION
    CHR HKU\S-1-5-21-3574037338-378681773-173497233-1001\SOFTWARE\Policies\Google: Restriction <======= ATTENTION
    CHR HKU\S-1-5-21-3574037338-378681773-173497233-1002\SOFTWARE\Policies\Google: Restriction <======= ATTENTION

    ==================== Internet (Whitelisted) ====================

    (If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

    Tcpip\Parameters: [DhcpNameServer] 192.168.0.1 205.171.2.25
    Tcpip\..\Interfaces\{6E28B74E-9B56-4902-A920-D1D15A5E364D}: [DhcpNameServer] 192.168.0.1 205.171.2.25

    Internet Explorer:
    ==================
    HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
    HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = about:blank
    HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL =
    HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Page_URL =
    HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL =
    HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Search_URL =
    HKU\S-1-5-21-3574037338-378681773-173497233-1001\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
    HKU\S-1-5-21-3574037338-378681773-173497233-1002\Software\Microsoft\Internet Explorer\Main,Search Bar = hxxp://search.msn.com/spbasic.htm
    HKU\S-1-5-21-3574037338-378681773-173497233-1002\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
    URLSearchHook: [S-1-5-21-3574037338-378681773-173497233-1001] ATTENTION => Default URLSearchHook is missing
    SearchScopes: HKLM -> DefaultScope {8A005B2A-8C7C-4E36-B92B-59A7B799E363} URL =
    SearchScopes: HKLM -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
    SearchScopes: HKLM-x32 -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
    SearchScopes: HKU\S-1-5-21-3574037338-378681773-173497233-1002 -> DefaultScope {8554C2D2-8DED-48D6-A96E-FAD3FFA49DED} URL = hxxps://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:{language}:{referrer:source}&ie={inputEncoding?}&oe={outputEncoding?}
    SearchScopes: HKU\S-1-5-21-3574037338-378681773-173497233-1002 -> OldSearch URL =
    SearchScopes: HKU\S-1-5-21-3574037338-378681773-173497233-1002 -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
    SearchScopes: HKU\S-1-5-21-3574037338-378681773-173497233-1002 -> {8554C2D2-8DED-48D6-A96E-FAD3FFA49DED} URL = hxxps://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:{language}:{referrer:source}&ie={inputEncoding?}&oe={outputEncoding?}
    SearchScopes: HKU\S-1-5-21-3574037338-378681773-173497233-1002 -> {8A005B2A-8C7C-4E36-B92B-59A7B799E363} URL =
    BHO: Adblock Plus for IE Browser Helper Object -> {FFCB3198-32F3-4E8B-9539-4324694ED664} -> C:\Program Files\Adblock Plus for IE\AdblockPlus64.dll [2015-09-22] (Eyeo GmbH)
    BHO-x32: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre1.8.0_71\bin\ssv.dll [2016-01-25] (Oracle Corporation)
    BHO-x32: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre1.8.0_71\bin\jp2ssv.dll [2016-01-25] (Oracle Corporation)
    BHO-x32: Adblock Plus for IE Browser Helper Object -> {FFCB3198-32F3-4E8B-9539-4324694ED664} -> C:\Program Files\Adblock Plus for IE\AdblockPlus32.dll [2015-09-22] (Eyeo GmbH)
    DPF: HKLM-x32 {7530BFB8-7293-4D34-9923-61A11451AFC5} hxxp://download.eset.com/special/eos/OnlineScanner.cab

    FireFox:
    ========
    FF ProfilePath: C:\Users\Lorn\AppData\Roaming\Mozilla\Firefox\Profiles\ioeqg5cx.default-1433829270056
    FF DefaultSearchEngine.US: Google
    FF Homepage: about:home
    FF Plugin: @adobe.com/FlashPlayer -> C:\windows\system32\Macromed\Flash\NPSWF64_20_0_0_286.dll [2016-01-22] ()
    FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.41212.0\npctrl.dll [2015-12-11] ( Microsoft Corporation)
    FF Plugin-x32: @adobe.com/FlashPlayer -> C:\windows\SysWOW64\Macromed\Flash\NPSWF32_20_0_0_286.dll [2016-01-22] ()
    FF Plugin-x32: @Apple.com/iTunes,version=1.0 -> C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll [2015-10-14] ()
    FF Plugin-x32: @Google.com/GoogleEarthPlugin -> C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll [2013-10-07] (Google)
    FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI ipt;version=4.0.5 -> C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIIPT.dll [2013-09-16] (Intel Corporation)
    FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI updater -> C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIUpdater.dll [2013-09-16] (Intel Corporation)
    FF Plugin-x32: @java.com/DTPlugin,version=11.71.2 -> C:\Program Files (x86)\Java\jre1.8.0_71\bin\dtplugin\npDeployJava1.dll [2016-01-25] (Oracle Corporation)
    FF Plugin-x32: @java.com/JavaPlugin,version=11.71.2 -> C:\Program Files (x86)\Java\jre1.8.0_71\bin\plugin2\npjp2.dll [2016-01-25] (Oracle Corporation)
    FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files (x86)\Microsoft Silverlight\5.1.41212.0\npctrl.dll [2015-12-11] ( Microsoft Corporation)
    FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.27.5\npGoogleUpdate3.dll [2015-05-16] (Google Inc.)
    FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.27.5\npGoogleUpdate3.dll [2015-05-16] (Google Inc.)
    FF Plugin-x32: @videolan.org/vlc,version=2.1.5 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [2015-04-13] (VideoLAN)
    FF Plugin-x32: @videolan.org/vlc,version=2.2.1 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [2015-04-13] (VideoLAN)
    FF Plugin HKU\S-1-5-21-3574037338-378681773-173497233-1002: @citrixonline.com/appdetectorplugin -> C:\Users\Lorn\AppData\Local\Citrix\Plugins\104\npappdetector.dll [2015-08-20] (Citrix Online)
    FF Extension: RAMBack - C:\Users\Lorn\AppData\Roaming\Mozilla\Firefox\Profiles\ioeqg5cx.default-1433829270056\extensions\ramback@pavlov.net.xpi [2016-01-11]
    FF Extension: Adblock Plus - C:\Users\Lorn\AppData\Roaming\Mozilla\Firefox\Profiles\ioeqg5cx.default-1433829270056\Extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi [2016-01-19]

    Chrome:
    =======
    CHR dev: Chrome dev build detected! <======= ATTENTION

    ==================== Services (Whitelisted) ========================

    (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

    R2 Apple Mobile Device Service; C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe [77104 2015-10-07] (Apple Inc.)
    S2 avgsvc; C:\Program Files (x86)\AVG\Framework\Common\avgsvca.exe [1048488 2016-01-12] (AVG Technologies CZ, s.r.o.)
    R2 BTDevManager; C:\Program Files (x86)\REALTEK\Realtek Bluetooth\BTDevMgr.exe [79872 2014-01-06] () [File not signed]
    R2 EMP_UDSA; C:\Program Files (x86)\EPSON Projector\EPSON USB Display V1.4\EMP_UDSA.exe [104424 2010-06-09] (SEIKO EPSON CORPORATION)
    R2 GfExperienceService; C:\Program Files\NVIDIA Corporation\GeForce Experience Service\GfExperienceService.exe [1156216 2015-12-16] (NVIDIA Corporation)
    R2 IAStorDataMgrSvc; C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe [15720 2013-11-21] (Intel Corporation)
    R2 Intel(R) Capability Licensing Service Interface; C:\Program Files\Intel\iCLS Client\HeciServer.exe [747520 2013-08-27] (Intel(R) Corporation) [File not signed]
    S3 Intel(R) Capability Licensing Service TCP IP Interface; C:\Program Files\Intel\iCLS Client\SocketHeciServer.exe [828376 2013-08-27] (Intel(R) Corporation)
    R2 jhi_service; C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe [169432 2013-09-16] (Intel Corporation)
    R2 Lenovo System Agent Service; C:\Program Files\Lenovo\iMController\SystemAgentService.exe [584632 2015-03-06] (LENOVO INCORPORATED.)
    R2 LenovoWiFiHotspotSvr; C:\Windows\System32\LenovoWiFiHotspotSvr.exe [198192 2014-09-23] (Lenovo(beijing) Limited)
    S3 LSCWinService; C:\Program Files\Lenovo\Lenovo Solution Center\App\LSCWinService.exe [272864 2015-12-10] (Lenovo)
    S2 MBAMService; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe [1135416 2015-10-05] (Malwarebytes)
    R2 NvNetworkService; C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe [1872504 2015-12-16] (NVIDIA Corporation)
    R3 NvStreamNetworkSvc; C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamNetworkService.exe [8185464 2015-12-16] (NVIDIA Corporation)
    R2 NvStreamSvc; C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamService.exe [6477432 2015-12-16] (NVIDIA Corporation)
    S3 Power Manager DBC Service; C:\Program Files (x86)\Lenovo\PowerMgr\PWMDBSVC.EXE [63848 2014-03-05] (Lenovo)
    S3 PwmEWSvc; C:\Program Files (x86)\Lenovo\PowerMgr\PWMEWSVC.EXE [186728 2014-03-05] (Lenovo Group Limited)
    R2 SDScannerService; C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe [1738168 2014-06-24] (Safer-Networking Ltd.)
    R2 SDUpdateService; C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe [2088408 2014-06-27] (Safer-Networking Ltd.)
    R2 SDWSCService; C:\Program Files (x86)\Spybot - Search & Destroy 2\SDWSCSvc.exe [171928 2014-04-25] (Safer-Networking Ltd.)
    S3 SwitchBoard; C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [517096 2010-02-19] (Adobe Systems Incorporated) [File not signed]

    ===================== Drivers (Whitelisted) ==========================

    (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

    R1 Avgfwfd; C:\Windows\system32\DRIVERS\avgfwd6a.sys [97208 2015-08-29] (AVG Technologies CZ, s.r.o.)
    S0 ebdrv; C:\Windows\System32\drivers\evbda.sys [3357024 2013-08-22] (Broadcom Corporation)
    S3 ldiagio_uefi; C:\Program Files\Lenovo\Lenovo Solution Center\App\ldiag\x64\ldiagio_uefi.sys [24808 2015-07-16] (Lenovo Group Limited (R))
    R3 MBAMProtector; C:\windows\system32\drivers\mbam.sys [25816 2015-10-05] (Malwarebytes)
    S3 MBAMWebAccessControl; C:\windows\system32\drivers\mwac.sys [64216 2015-10-05] (Malwarebytes Corporation)
    R3 MEIx64; C:\Windows\system32\DRIVERS\TeeDriverx64.sys [99288 2013-09-16] (Intel Corporation)
    S3 NETwNe64; C:\Windows\system32\DRIVERS\NETwew02.sys [4649440 2013-06-18] (Intel Corporation)
    R3 NvStreamKms; C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamKms.sys [19576 2015-12-16] (NVIDIA Corporation)
    R3 nvvad_WaveExtensible; C:\Windows\system32\drivers\nvvad64v.sys [50472 2015-12-16] (NVIDIA Corporation)
    R3 RtkBtFilter; C:\Windows\system32\DRIVERS\RtkBtfilter.sys [558296 2014-01-05] (Realtek Semiconductor Corporation)
    R3 RTSUER; C:\Windows\system32\Drivers\RtsUer.sys [402136 2015-05-27] (Realsil Semiconductor Corporation)
    S3 rtsuvc; C:\Windows\system32\DRIVERS\rtsuvc.sys [8876248 2013-10-18] (Realtek Semiconductor Corp.)
    R3 RTWlanE; C:\Windows\system32\DRIVERS\rtwlane.sys [2982104 2013-12-26] (Realtek Semiconductor Corporation )
    R3 SmbDrvI; C:\Windows\system32\DRIVERS\Smb_driver_Intel.sys [34544 2013-12-23] (Synaptics Incorporated)
    U3 TrueSight; C:\Windows\System32\drivers\TrueSight.sys [35064 2015-10-31] ()
    S3 WdBoot; C:\Windows\system32\drivers\WdBoot.sys [44560 2015-07-07] (Microsoft Corporation)
    S3 WdFilter; C:\Windows\system32\drivers\WdFilter.sys [270168 2015-07-07] (Microsoft Corporation)
    S3 WdNisDrv; C:\Windows\System32\Drivers\WdNisDrv.sys [114520 2015-07-07] (Microsoft Corporation)
    S3 wsvd; C:\Windows\system32\DRIVERS\wsvd.sys [102376 2012-06-13] ("CyberLink)
    S3 avchv; \SystemRoot\system32\DRIVERS\avchv.sys [X]
    S3 RSUSBVSTOR; \SystemRoot\System32\Drivers\RtsUVStor.sys [X]

    ==================== NetSvcs (Whitelisted) ===================

    (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)


    ==================== One Month Created files and folders ========

    (If an entry is included in the fixlist, the file/folder will be moved.)

    2016-01-25 15:09 - 2016-01-25 15:09 - 02946424 _____ (AVG Technologies CZ, s.r.o.) C:\Users\Lorn\Downloads\AVG_Protection_Free_698.exe
    2016-01-25 14:57 - 2016-01-25 14:57 - 00000000 ____D C:\Program Files (x86)\Microsoft ASP.NET
    2016-01-25 14:13 - 2016-01-25 14:15 - 00049869 _____ C:\Users\Lorn\Desktop\Addition.txt
    2016-01-25 14:12 - 2016-01-25 15:36 - 00020631 _____ C:\Users\Lorn\Desktop\FRST.txt
    2016-01-25 14:12 - 2016-01-25 15:36 - 00000000 ____D C:\FRST
    2016-01-25 14:08 - 2016-01-25 14:08 - 02370560 _____ (Farbar) C:\Users\Lorn\Desktop\FRST64.exe
    2016-01-25 13:14 - 2016-01-25 13:15 - 05652316 _____ (Swearware) C:\Users\Lorn\Desktop\ComboFix.exe
    2016-01-25 13:14 - 2016-01-25 13:14 - 00852720 _____ C:\Users\Lorn\Desktop\SecurityCheck.exe
    2016-01-25 01:21 - 2016-01-25 01:22 - 52988120 _____ (Microsoft Corporation) C:\Users\Lorn\Downloads\Windows-KB890830-x64-V5.32.exe
    2016-01-25 00:58 - 2016-01-25 00:59 - 00000000 ____D C:\Users\Lorn\AppData\Local\NVIDIA
    2016-01-25 00:58 - 2015-12-16 09:34 - 01846016 _____ (NVIDIA Corporation) C:\windows\system32\nvspcap64.dll
    2016-01-25 00:58 - 2015-12-16 09:34 - 01756424 _____ (NVIDIA Corporation) C:\windows\system32\nvspbridge64.dll
    2016-01-25 00:58 - 2015-12-16 09:34 - 01530240 _____ (NVIDIA Corporation) C:\windows\SysWOW64\nvspcap.dll
    2016-01-25 00:58 - 2015-12-16 09:34 - 01316184 _____ (NVIDIA Corporation) C:\windows\SysWOW64\nvspbridge.dll
    2016-01-25 00:58 - 2015-12-16 09:34 - 00111520 _____ C:\windows\system32\NvRtmpStreamer64.dll
    2016-01-25 00:56 - 2016-01-25 00:56 - 00000000 ____D C:\windows\LastGood.Tmp
    2016-01-25 00:55 - 2015-12-16 09:34 - 42977072 _____ C:\windows\system32\nvcompiler.dll
    2016-01-25 00:55 - 2015-12-16 09:34 - 37609080 _____ C:\windows\SysWOW64\nvcompiler.dll
    2016-01-25 00:55 - 2015-12-16 09:34 - 31061624 _____ (NVIDIA Corporation) C:\windows\system32\nvoglv64.dll
    2016-01-25 00:55 - 2015-12-16 09:34 - 24895792 _____ (NVIDIA Corporation) C:\windows\SysWOW64\nvoglv32.dll
    2016-01-25 00:55 - 2015-12-16 09:34 - 21122456 _____ (NVIDIA Corporation) C:\windows\system32\nvopencl.dll
    2016-01-25 00:55 - 2015-12-16 09:34 - 20663816 _____ (NVIDIA Corporation) C:\windows\system32\nvcuda.dll
    2016-01-25 00:55 - 2015-12-16 09:34 - 18716176 _____ (NVIDIA Corporation) C:\windows\system32\nvwgf2umx.dll
    2016-01-25 00:55 - 2015-12-16 09:34 - 17561432 _____ (NVIDIA Corporation) C:\windows\SysWOW64\nvopencl.dll
    2016-01-25 00:55 - 2015-12-16 09:34 - 17156968 _____ (NVIDIA Corporation) C:\windows\SysWOW64\nvcuda.dll
    2016-01-25 00:55 - 2015-12-16 09:34 - 16981976 _____ (NVIDIA Corporation) C:\windows\system32\nvd3dumx.dll
    2016-01-25 00:55 - 2015-12-16 09:34 - 16286888 _____ (NVIDIA Corporation) C:\windows\SysWOW64\nvwgf2um.dll
    2016-01-25 00:55 - 2015-12-16 09:34 - 14005408 _____ (NVIDIA Corporation) C:\windows\SysWOW64\nvd3dum.dll
    2016-01-25 00:55 - 2015-12-16 09:34 - 12334200 _____ (NVIDIA Corporation) C:\windows\system32\Drivers\nvlddmkm.sys
    2016-01-25 00:55 - 2015-12-16 09:34 - 03637352 _____ (NVIDIA Corporation) C:\windows\system32\nvapi64.dll
    2016-01-25 00:55 - 2015-12-16 09:34 - 03168376 _____ (NVIDIA Corporation) C:\windows\system32\nvcuvid.dll
    2016-01-25 00:55 - 2015-12-16 09:34 - 02755704 _____ (NVIDIA Corporation) C:\windows\SysWOW64\nvcuvid.dll
    2016-01-25 00:55 - 2015-12-16 09:34 - 01915696 _____ (NVIDIA Corporation) C:\windows\system32\nvdispco6436143.dll
    2016-01-25 00:55 - 2015-12-16 09:34 - 01564976 _____ (NVIDIA Corporation) C:\windows\system32\nvdispgenco6436143.dll
    2016-01-25 00:55 - 2015-12-16 09:34 - 00938104 _____ (NVIDIA Corporation) C:\windows\system32\NvFBC64.dll
    2016-01-25 00:55 - 2015-12-16 09:34 - 00872056 _____ (NVIDIA Corporation) C:\windows\system32\NvIFR64.dll
    2016-01-25 00:55 - 2015-12-16 09:34 - 00734512 _____ (NVIDIA Corporation) C:\windows\SysWOW64\NvFBC.dll
    2016-01-25 00:55 - 2015-12-16 09:34 - 00681592 _____ (NVIDIA Corporation) C:\windows\SysWOW64\NvIFR.dll
    2016-01-25 00:55 - 2015-12-16 09:34 - 00175368 _____ (NVIDIA Corporation) C:\windows\system32\nvinitx.dll
    2016-01-25 00:55 - 2015-12-16 09:34 - 00153392 _____ (NVIDIA Corporation) C:\windows\SysWOW64\nvinit.dll
    2016-01-25 00:55 - 2015-12-16 09:34 - 00072504 _____ (NVIDIA Corporation) C:\windows\system32\nvaudcap64v.dll
    2016-01-25 00:55 - 2015-12-16 09:34 - 00069416 _____ (NVIDIA Corporation) C:\windows\SysWOW64\nvaudcap32v.dll
    2016-01-25 00:55 - 2015-12-16 09:34 - 00050472 _____ (NVIDIA Corporation) C:\windows\system32\Drivers\nvvad64v.sys
    2016-01-25 00:54 - 2016-01-25 00:54 - 00000000 ____D C:\NVIDIA
    2016-01-25 00:48 - 2016-01-25 00:54 - 336974040 _____ (NVIDIA Corporation) C:\Users\Lorn\Downloads\361.43-notebook-win8-win7-64bit-international-whql.exe
    2016-01-25 00:46 - 2016-01-25 00:46 - 00643680 _____ (Oracle Corporation) C:\Users\Lorn\Downloads\jxpiinstall.exe
    2016-01-24 16:34 - 2016-01-24 16:36 - 56222755 _____ C:\Users\Lorn\Desktop\Voynich-Manuscript.pdf
    2016-01-24 16:34 - 2016-01-24 16:36 - 56143825 _____ C:\Users\Lorn\Desktop\CodexSeraphinianus.pdf
    2016-01-23 01:40 - 2016-01-23 01:40 - 00002018 _____ C:\Users\Public\Desktop\Lenovo Solution Center.lnk
    2016-01-23 01:40 - 2016-01-23 01:40 - 00000000 ____H C:\windows\system32\Drivers\Msft_Kernel_ldiagio_uefi_01009.Wdf
    2016-01-23 01:40 - 2016-01-23 01:40 - 00000000 ____D C:\Users\Lorn\AppData\Roaming\LSC
    2016-01-23 01:40 - 2016-01-23 01:40 - 00000000 ____D C:\Users\Default\AppData\Roaming\Macromedia
    2016-01-23 01:40 - 2016-01-23 01:40 - 00000000 ____D C:\Users\Default User\AppData\Roaming\Macromedia
    2016-01-23 01:38 - 2016-01-23 01:39 - 00000000 ____D C:\Users\Lorn\AppData\Local\LenovoServiceBridge
    2016-01-23 01:38 - 2016-01-23 01:38 - 00000000 ____D C:\Users\Lorn\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Lenovo
    2016-01-23 01:37 - 2016-01-23 01:38 - 00000000 ____D C:\Users\Lorn\AppData\Local\Deployment
    2016-01-23 01:37 - 2016-01-23 01:37 - 00000000 ____D C:\Users\Lorn\AppData\Local\Apps\2.0
    2016-01-23 01:37 - 2015-05-27 14:13 - 00402136 _____ (Realsil Semiconductor Corporation) C:\windows\system32\Drivers\RtsUer.sys
    2016-01-23 01:37 - 2014-10-20 17:50 - 00083160 _____ (Realtek Semiconductor.) C:\windows\system32\RtCRX64.dll
    2016-01-23 01:37 - 2014-01-27 13:39 - 09890008 _____ (Realtek Semiconductor Corp.) C:\windows\SysWOW64\RsCRIcon.dll
    2016-01-23 01:35 - 2016-01-23 01:36 - 25329640 _____ (Lenovo Group Limited ) C:\Users\Lorn\Downloads\2uz7019f(1).exe
    2016-01-23 01:35 - 2016-01-23 01:36 - 06345976 _____ (Lenovo Group Limited ) C:\Users\Lorn\Downloads\2tlk01af.exe
    2016-01-23 01:34 - 2016-01-23 01:34 - 00500816 _____ () C:\Users\Lorn\Downloads\LSBsetup.exe
    2016-01-23 00:55 - 2016-01-23 00:55 - 00000000 ____D C:\windows\AUInstallAgent
    2016-01-23 00:49 - 2016-01-23 00:50 - 11788560 _____ (Lenovo Group Limited ) C:\Users\Lorn\Downloads\g1c814ww.exe
    2016-01-22 20:23 - 2016-01-22 20:23 - 01319424 _____ (niemiro) C:\Users\Lorn\Downloads\SFCFix.exe
    2016-01-22 19:57 - 2016-01-22 19:57 - 00001126 _____ C:\Users\Lorn\Desktop\SFCFix.txt
    2016-01-22 19:57 - 2016-01-22 19:57 - 00000000 ____D C:\SFCFix
    2016-01-22 18:09 - 2016-01-22 18:09 - 00480763 _____ C:\Users\Lorn\Desktop\SFCFix.zip
    2016-01-21 15:46 - 2016-01-22 17:20 - 00000000 ____D C:\AdwCleaner
    2016-01-21 15:43 - 2016-01-21 15:46 - 00483348 _____ C:\TDSSKiller.3.1.0.9_21.01.2016_15.43.16_log.txt
    2016-01-21 15:42 - 2016-01-21 15:42 - 01107912 _____ (Bleeping Computer, LLC) C:\Users\Lorn\Desktop\WiNlOgOn64.exe
    2016-01-21 15:42 - 2016-01-21 15:42 - 00000560 _____ C:\TDSSKiller.3.1.0.9_21.01.2016_15.42.29_log.txt
    2016-01-20 02:17 - 2013-10-18 03:36 - 06340312 _____ (Realtek semiconductor) C:\windows\RTFTrack.exe
    2016-01-20 02:17 - 2013-10-18 03:36 - 02628312 _____ (Realtek Semiconductor Corp.) C:\windows\RtCamU64.exe
    2016-01-20 02:17 - 2013-10-18 03:36 - 00463576 _____ (Realtek Semiconductor Corp.) C:\windows\system32\RtCamX64.dll
    2016-01-20 02:17 - 2013-10-18 03:36 - 00411352 _____ (Realtek Semiconductor Corp.) C:\windows\SysWOW64\RtCamX.dll
    2016-01-20 02:01 - 2013-10-18 03:36 - 08876248 _____ (Realtek Semiconductor Corp.) C:\windows\system32\Drivers\rtsuvc.sys
    2016-01-20 01:59 - 2016-01-20 02:00 - 25329640 _____ (Lenovo Group Limited ) C:\Users\Lorn\Downloads\2uz7019f.exe
    2016-01-20 01:58 - 2016-01-20 02:00 - 23334526 _____ C:\Users\Lorn\Downloads\Win8_Camera.exe
    2016-01-20 01:56 - 2016-01-20 01:56 - 08583576 _____ (Lenovo Group ) C:\Users\Lorn\Downloads\IN1CAM16WW5.exe
    2016-01-20 01:53 - 2016-01-20 01:53 - 20113400 _____ (Lenovo Group Limited ) C:\Users\Lorn\Downloads\h1c307ww.exe
    2016-01-17 15:19 - 2016-01-17 15:19 - 00236236 _____ C:\TDSSKiller.3.1.0.9_17.01.2016_15.19.29_log.txt
    2016-01-17 15:14 - 2016-01-25 14:11 - 00001616 _____ C:\Users\Lorn\Desktop\Rkill.txt
    2016-01-17 15:06 - 2016-01-17 15:06 - 01505280 _____ C:\Users\Lorn\Desktop\AdwCleaner.exe
    2016-01-17 14:17 - 2016-01-17 14:17 - 00090060 _____ C:\Users\Lorn\Desktop\Extras.Txt
    2016-01-17 14:16 - 2016-01-17 14:16 - 00109294 _____ C:\Users\Lorn\Desktop\OTL.Txt
    2016-01-17 13:54 - 2016-01-17 13:56 - 00236094 _____ C:\TDSSKiller.3.1.0.9_17.01.2016_13.54.59_log.txt
    2016-01-17 13:49 - 2016-01-17 13:49 - 00602112 _____ (OldTimer Tools) C:\Users\Lorn\Desktop\OTL.exe
    2016-01-17 13:47 - 2016-01-17 13:47 - 04727984 _____ (Kaspersky Lab ZAO) C:\Users\Lorn\Desktop\tdsskiller.exe
    2016-01-13 16:49 - 2015-12-09 16:40 - 00033456 _____ (Microsoft Corporation) C:\windows\system32\CompatTelRunner.exe
    2016-01-13 16:49 - 2015-11-17 13:07 - 01380864 _____ (Microsoft Corporation) C:\windows\system32\appraiser.dll
    2016-01-13 16:49 - 2015-11-17 13:07 - 00792064 _____ (Microsoft Corporation) C:\windows\system32\generaltel.dll
    2016-01-13 16:49 - 2015-11-17 13:07 - 00076800 _____ (Microsoft Corporation) C:\windows\system32\acmigration.dll
    2016-01-13 13:18 - 2015-12-10 20:38 - 25837568 _____ (Microsoft Corporation) C:\windows\system32\mshtml.dll
    2016-01-13 13:18 - 2015-12-10 20:00 - 00571904 _____ (Microsoft Corporation) C:\windows\system32\vbscript.dll
    2016-01-13 13:18 - 2015-12-10 19:55 - 06051328 _____ (Microsoft Corporation) C:\windows\system32\jscript9.dll
    2016-01-13 13:18 - 2015-12-10 19:50 - 20367360 _____ (Microsoft Corporation) C:\windows\SysWOW64\mshtml.dll
    2016-01-13 13:18 - 2015-12-10 19:45 - 00817664 _____ (Microsoft Corporation) C:\windows\system32\jscript.dll
    2016-01-13 13:18 - 2015-12-10 19:21 - 00496640 _____ (Microsoft Corporation) C:\windows\SysWOW64\vbscript.dll
    2016-01-13 13:18 - 2015-12-10 19:18 - 00092160 _____ (Microsoft Corporation) C:\windows\system32\mshtmled.dll
    2016-01-13 13:18 - 2015-12-10 19:09 - 01032704 _____ (Microsoft Corporation) C:\windows\system32\inetcomm.dll
    2016-01-13 13:18 - 2015-12-10 19:09 - 00663552 _____ (Microsoft Corporation) C:\windows\SysWOW64\jscript.dll
    2016-01-13 13:18 - 2015-12-10 19:03 - 14456832 _____ (Microsoft Corporation) C:\windows\system32\ieframe.dll
    2016-01-13 13:18 - 2015-12-10 18:59 - 00798208 _____ (Microsoft Corporation) C:\windows\system32\msfeeds.dll
    2016-01-13 13:18 - 2015-12-10 18:43 - 04610560 _____ (Microsoft Corporation) C:\windows\SysWOW64\jscript9.dll
    2016-01-13 13:18 - 2015-12-10 18:43 - 00880128 _____ (Microsoft Corporation) C:\windows\SysWOW64\inetcomm.dll
    2016-01-13 13:18 - 2015-12-10 18:38 - 02487808 _____ (Microsoft Corporation) C:\windows\system32\wininet.dll
    2016-01-13 13:18 - 2015-12-10 18:37 - 00687104 _____ (Microsoft Corporation) C:\windows\SysWOW64\msfeeds.dll
    2016-01-13 13:18 - 2015-12-10 18:35 - 12856320 _____ (Microsoft Corporation) C:\windows\SysWOW64\ieframe.dll
    2016-01-13 13:18 - 2015-12-10 18:26 - 01546752 _____ (Microsoft Corporation) C:\windows\system32\urlmon.dll
    2016-01-13 13:18 - 2015-12-10 18:14 - 00800768 _____ (Microsoft Corporation) C:\windows\system32\ieapfltr.dll
    2016-01-13 13:18 - 2015-12-10 18:12 - 02011136 _____ (Microsoft Corporation) C:\windows\SysWOW64\wininet.dll
    2016-01-13 13:18 - 2015-12-10 18:08 - 01311744 _____ (Microsoft Corporation) C:\windows\SysWOW64\urlmon.dll
    2016-01-13 13:18 - 2015-12-10 18:07 - 00710144 _____ (Microsoft Corporation) C:\windows\SysWOW64\ieapfltr.dll
    2016-01-13 13:15 - 2015-12-04 21:58 - 02745184 _____ (Microsoft Corporation) C:\windows\system32\WMVDECOD.DLL
    2016-01-13 13:15 - 2015-12-04 21:58 - 02528784 _____ (Microsoft Corporation) C:\windows\SysWOW64\WMVDECOD.DLL
    2016-01-13 13:15 - 2015-12-04 21:58 - 02450240 _____ (Microsoft Corporation) C:\windows\system32\WMVENCOD.DLL
    2016-01-13 13:15 - 2015-12-04 21:58 - 02447136 _____ (Microsoft Corporation) C:\windows\SysWOW64\WMVENCOD.DLL
    2016-01-13 13:15 - 2015-12-04 21:58 - 02334104 _____ (Microsoft Corporation) C:\windows\system32\mfcore.dll
    2016-01-13 13:15 - 2015-12-04 21:58 - 02324744 _____ (Microsoft Corporation) C:\windows\SysWOW64\mfcore.dll
    2016-01-13 13:15 - 2015-12-04 21:58 - 01877504 _____ (Microsoft Corporation) C:\windows\system32\msmpeg2adec.dll
    2016-01-13 13:15 - 2015-12-04 21:58 - 01484888 _____ (Microsoft Corporation) C:\windows\SysWOW64\msmpeg2adec.dll
    2016-01-13 13:15 - 2015-12-04 21:58 - 01288128 _____ (Microsoft Corporation) C:\windows\system32\mfnetsrc.dll
    2016-01-13 13:15 - 2015-12-04 21:58 - 01210200 _____ (Microsoft Corporation) C:\windows\system32\WMADMOD.DLL
    2016-01-13 13:15 - 2015-12-04 21:58 - 01150232 _____ (Microsoft Corporation) C:\windows\system32\WMADMOE.DLL
    2016-01-13 13:15 - 2015-12-04 21:58 - 01115640 _____ (Microsoft Corporation) C:\windows\SysWOW64\mfnetsrc.dll
    2016-01-13 13:15 - 2015-12-04 21:58 - 01037680 _____ (Microsoft Corporation) C:\windows\SysWOW64\WMADMOD.DLL
    2016-01-13 13:15 - 2015-12-04 21:58 - 00914672 _____ (Microsoft Corporation) C:\windows\SysWOW64\WMADMOE.DLL
    2016-01-13 13:15 - 2015-12-04 21:58 - 00850680 _____ (Microsoft Corporation) C:\windows\system32\mfnetcore.dll
    2016-01-13 13:15 - 2015-12-04 21:58 - 00735496 _____ (Microsoft Corporation) C:\windows\system32\evr.dll
    2016-01-13 13:15 - 2015-12-04 21:58 - 00700360 _____ (Microsoft Corporation) C:\windows\SysWOW64\mfnetcore.dll
    2016-01-13 13:15 - 2015-12-04 21:58 - 00629600 _____ (Microsoft Corporation) C:\windows\system32\MP4SDECD.DLL
    2016-01-13 13:15 - 2015-12-04 21:58 - 00584656 _____ (Microsoft Corporation) C:\windows\SysWOW64\evr.dll
    2016-01-13 13:15 - 2015-12-04 21:58 - 00557856 _____ (Microsoft Corporation) C:\windows\system32\WMVSDECD.DLL
    2016-01-13 13:15 - 2015-12-04 21:58 - 00498472 _____ (Microsoft Corporation) C:\windows\system32\mfsvr.dll
    2016-01-13 13:15 - 2015-12-04 21:58 - 00492736 _____ (Microsoft Corporation) C:\windows\SysWOW64\WMVSDECD.DLL
    2016-01-13 13:15 - 2015-12-04 21:58 - 00463776 _____ (Microsoft Corporation) C:\windows\SysWOW64\MP4SDECD.DLL
    2016-01-13 13:15 - 2015-12-04 21:58 - 00399776 _____ (Microsoft Corporation) C:\windows\SysWOW64\mfsvr.dll
    2016-01-13 13:15 - 2015-12-04 21:58 - 00299080 _____ (Microsoft Corporation) C:\windows\system32\VIDRESZR.DLL
    2016-01-13 13:15 - 2015-12-04 21:58 - 00275312 _____ (Microsoft Corporation) C:\windows\SysWOW64\MPG4DECD.DLL
    2016-01-13 13:15 - 2015-12-04 21:58 - 00274280 _____ (Microsoft Corporation) C:\windows\SysWOW64\MP43DECD.DLL
    2016-01-13 13:15 - 2015-12-04 21:58 - 00250520 _____ (Microsoft Corporation) C:\windows\system32\MPG4DECD.DLL
    2016-01-13 13:15 - 2015-12-04 21:58 - 00248432 _____ (Microsoft Corporation) C:\windows\system32\MP43DECD.DLL
    2016-01-13 13:15 - 2015-12-04 21:58 - 00246856 _____ (Microsoft Corporation) C:\windows\system32\RESAMPLEDMO.DLL
    2016-01-13 13:15 - 2015-12-04 21:58 - 00244296 _____ (Microsoft Corporation) C:\windows\system32\mfps.dll
    2016-01-13 13:15 - 2015-12-04 21:58 - 00229272 _____ (Microsoft Corporation) C:\windows\SysWOW64\RESAMPLEDMO.DLL
    2016-01-13 13:15 - 2015-12-04 21:58 - 00203016 _____ (Microsoft Corporation) C:\windows\system32\COLORCNV.DLL
    2016-01-13 13:15 - 2015-12-04 21:58 - 00184912 _____ (Microsoft Corporation) C:\windows\SysWOW64\COLORCNV.DLL
    2016-01-13 13:15 - 2015-12-04 21:58 - 00183856 _____ (Microsoft Corporation) C:\windows\SysWOW64\VIDRESZR.DLL
    2016-01-13 13:15 - 2015-12-04 21:58 - 00116720 _____ (Microsoft Corporation) C:\windows\system32\MP3DMOD.DLL
    2016-01-13 13:15 - 2015-12-04 21:58 - 00110544 _____ (Microsoft Corporation) C:\windows\SysWOW64\mfps.dll
    2016-01-13 13:15 - 2015-12-04 21:58 - 00099136 _____ (Microsoft Corporation) C:\windows\SysWOW64\MP3DMOD.DLL
    2016-01-13 13:15 - 2015-12-04 21:58 - 00090904 _____ (Microsoft Corporation) C:\windows\system32\devenum.dll
    2016-01-13 13:15 - 2015-12-04 21:58 - 00090392 _____ (Microsoft Corporation) C:\windows\system32\mfvdsp.dll
    2016-01-13 13:15 - 2015-12-04 21:58 - 00081032 _____ (Microsoft Corporation) C:\windows\SysWOW64\devenum.dll
    2016-01-13 13:15 - 2015-12-04 21:58 - 00076936 _____ (Microsoft Corporation) C:\windows\SysWOW64\mfvdsp.dll
    2016-01-13 13:15 - 2015-12-03 10:07 - 00340992 _____ (Microsoft Corporation) C:\windows\system32\qdvd.dll
    2016-01-13 13:15 - 2015-12-03 10:07 - 00289792 _____ (Microsoft Corporation) C:\windows\system32\ksproxy.ax
    2016-01-13 13:15 - 2015-12-03 10:05 - 00644608 _____ (Microsoft Corporation) C:\windows\system32\WMVXENCD.DLL
    2016-01-13 13:15 - 2015-12-03 10:02 - 01664000 _____ (Microsoft Corporation) C:\windows\system32\WMSPDMOE.DLL
    2016-01-13 13:15 - 2015-12-03 10:00 - 00451072 _____ (Microsoft Corporation) C:\windows\system32\WMVSENCD.DLL
    2016-01-13 13:15 - 2015-12-03 09:36 - 01697792 _____ (Microsoft Corporation) C:\windows\system32\quartz.dll
    2016-01-13 13:15 - 2015-12-03 09:30 - 00468480 _____ (Microsoft Corporation) C:\windows\system32\MFWMAAEC.DLL
    2016-01-13 13:15 - 2015-12-03 09:28 - 00519680 _____ (Microsoft Corporation) C:\windows\SysWOW64\qdvd.dll
    2016-01-13 13:15 - 2015-12-03 09:28 - 00245760 _____ (Microsoft Corporation) C:\windows\SysWOW64\ksproxy.ax
    2016-01-13 13:15 - 2015-12-03 09:27 - 00736256 _____ (Microsoft Corporation) C:\windows\SysWOW64\WMVXENCD.DLL
    2016-01-13 13:15 - 2015-12-03 09:24 - 01411584 _____ (Microsoft Corporation) C:\windows\SysWOW64\WMSPDMOE.DLL
    2016-01-13 13:15 - 2015-12-03 09:23 - 00402432 _____ (Microsoft Corporation) C:\windows\SysWOW64\WMVSENCD.DLL
    2016-01-13 13:15 - 2015-12-03 09:06 - 01501184 _____ (Microsoft Corporation) C:\windows\SysWOW64\quartz.dll
    2016-01-13 13:15 - 2015-12-03 09:01 - 00743936 _____ (Microsoft Corporation) C:\windows\SysWOW64\MFWMAAEC.DLL
    2016-01-13 13:15 - 2015-12-03 08:40 - 01010688 _____ (Microsoft Corporation) C:\windows\system32\WMSPDMOD.DLL
    2016-01-13 13:15 - 2015-12-03 08:29 - 00887296 _____ (Microsoft Corporation) C:\windows\SysWOW64\WMSPDMOD.DLL
    2016-01-13 13:15 - 2015-12-02 07:04 - 00670208 _____ (Microsoft Corporation) C:\windows\system32\qedit.dll
    2016-01-13 13:15 - 2015-12-02 07:01 - 00561664 _____ (Microsoft Corporation) C:\windows\SysWOW64\qedit.dll
    2016-01-13 13:14 - 2015-12-30 11:32 - 07453016 _____ (Microsoft Corporation) C:\windows\system32\ntoskrnl.exe
    2016-01-13 13:14 - 2015-12-30 11:32 - 01735000 _____ (Microsoft Corporation) C:\windows\system32\ntdll.dll
    2016-01-13 13:14 - 2015-12-30 11:32 - 01499912 _____ (Microsoft Corporation) C:\windows\SysWOW64\ntdll.dll
    2016-01-13 13:14 - 2015-12-10 16:13 - 01164800 _____ (Microsoft Corporation) C:\windows\system32\aeinv.dll
    2016-01-13 13:14 - 2015-12-10 16:13 - 00705024 _____ (Microsoft Corporation) C:\windows\system32\invagent.dll
    2016-01-13 13:14 - 2015-12-10 16:13 - 00505344 _____ (Microsoft Corporation) C:\windows\system32\devinv.dll
    2016-01-13 13:14 - 2015-12-10 16:13 - 00210432 _____ (Microsoft Corporation) C:\windows\system32\aepic.dll
    2016-01-13 13:14 - 2015-12-03 11:42 - 00561952 _____ (Microsoft Corporation) C:\windows\system32\Drivers\cng.sys
    2016-01-13 13:14 - 2015-12-03 11:42 - 00397224 _____ (Microsoft Corporation) C:\windows\system32\bcryptprimitives.dll
    2016-01-13 13:14 - 2015-12-03 11:42 - 00137968 _____ (Microsoft Corporation) C:\windows\system32\ncrypt.dll
    2016-01-13 13:14 - 2015-12-03 11:42 - 00106960 _____ (Microsoft Corporation) C:\windows\system32\ncryptsslp.dll
    2016-01-13 13:14 - 2015-12-03 11:41 - 00177488 _____ (Microsoft Corporation) C:\windows\system32\Drivers\ksecpkg.sys
    2016-01-13 13:14 - 2015-12-03 10:52 - 00340872 _____ (Microsoft Corporation) C:\windows\SysWOW64\bcryptprimitives.dll
    2016-01-13 13:14 - 2015-12-03 10:52 - 00120376 _____ (Microsoft Corporation) C:\windows\SysWOW64\ncrypt.dll
    2016-01-13 13:14 - 2015-12-03 10:52 - 00091416 _____ (Microsoft Corporation) C:\windows\SysWOW64\ncryptsslp.dll
    2016-01-13 13:14 - 2015-12-03 10:28 - 00401920 _____ (Microsoft Corporation) C:\windows\system32\Drivers\mrxsmb.sys
    2016-01-13 13:14 - 2015-12-03 10:28 - 00202240 _____ (Microsoft Corporation) C:\windows\system32\Drivers\mrxsmb20.sys
    2016-01-13 13:14 - 2015-12-03 09:51 - 00445440 _____ (Microsoft Corporation) C:\windows\system32\certcli.dll
    2016-01-13 13:14 - 2015-12-03 09:16 - 00324096 _____ (Microsoft Corporation) C:\windows\SysWOW64\certcli.dll
    2016-01-13 13:14 - 2015-12-03 09:13 - 01441280 _____ (Microsoft Corporation) C:\windows\system32\lsasrv.dll
    2016-01-13 13:14 - 2015-12-03 09:07 - 00432128 _____ (Microsoft Corporation) C:\windows\system32\schannel.dll
    2016-01-13 13:14 - 2015-12-03 08:45 - 00357888 _____ (Microsoft Corporation) C:\windows\SysWOW64\schannel.dll
    2016-01-13 13:13 - 2015-12-07 02:56 - 01380600 _____ (Microsoft Corporation) C:\windows\system32\gdi32.dll
    2016-01-13 13:13 - 2015-12-04 07:00 - 01097216 _____ (Microsoft Corporation) C:\windows\SysWOW64\gdi32.dll
    2016-01-13 13:11 - 2015-12-08 11:08 - 00685432 _____ (Microsoft Corporation) C:\windows\system32\advapi32.dll
    2016-01-13 13:11 - 2015-12-08 11:07 - 00507176 _____ (Microsoft Corporation) C:\windows\SysWOW64\advapi32.dll
    2015-12-29 02:03 - 2015-12-29 02:03 - 00000000 ____D C:\Users\Lorn\Documents\Nexus Mod Manager
    2015-12-29 02:03 - 2015-12-29 02:03 - 00000000 ____D C:\Users\Lorn\AppData\Local\Black_Tree_Gaming
    2015-12-29 01:58 - 2015-12-29 01:58 - 00000913 _____ C:\Users\Public\Desktop\Nexus Mod Manager.lnk
    2015-12-29 01:58 - 2015-12-29 01:58 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Nexus Mod Manager
    2015-12-29 01:58 - 2015-12-29 01:58 - 00000000 ____D C:\Program Files\Nexus Mod Manager

    ==================== One Month Modified files and folders ========

    (If an entry is included in the fixlist, the file/folder will be moved.)

    2016-01-25 15:33 - 2014-11-25 16:11 - 00000000 ____D C:\ProgramData\AVG
    2016-01-25 15:33 - 2014-11-25 15:00 - 00000000 ____D C:\Program Files (x86)\AVG
    2016-01-25 15:32 - 2015-10-28 16:20 - 00000000 ____D C:\Users\Lorn\AppData\Local\AvgSetupLog
    2016-01-25 15:14 - 2014-03-18 01:53 - 00865408 _____ C:\windows\system32\PerfStringBackup.INI
    2016-01-25 15:14 - 2013-08-22 05:36 - 00000000 ____D C:\windows\Inf
    2016-01-25 15:13 - 2014-09-30 18:24 - 00003594 _____ C:\windows\System32\Tasks\Optimize Start Menu Cache Files-S-1-5-21-3574037338-378681773-173497233-1002
    2016-01-25 15:08 - 2015-11-12 22:36 - 00000000 ____D C:\Users\Lorn\AppData\Local\CrashDumps
    2016-01-25 15:08 - 2014-09-30 18:20 - 00000000 ___DO C:\Users\Lorn\OneDrive
    2016-01-25 15:08 - 2013-08-22 06:45 - 00000006 ____H C:\windows\Tasks\SA.DAT
    2016-01-25 15:04 - 2014-11-25 16:15 - 00000000 ____D C:\Users\Lorn\AppData\Local\Avg
    2016-01-25 15:04 - 2014-11-25 14:58 - 00000000 ____D C:\ProgramData\MFAData
    2016-01-25 15:03 - 2013-08-22 07:36 - 00000000 ___HD C:\windows\ELAMBKUP
    2016-01-25 14:57 - 2014-09-30 22:12 - 00000000 ____D C:\Program Files\Vuze
    2016-01-25 14:14 - 2013-08-22 05:36 - 00000000 ____D C:\Windows
    2016-01-25 14:09 - 2014-03-18 01:38 - 00000000 ____D C:\windows\ShellNew
    2016-01-25 14:09 - 2013-08-22 05:25 - 00524288 ___SH C:\windows\system32\config\BBI
    2016-01-25 11:57 - 2015-10-30 11:31 - 00192216 _____ (Malwarebytes) C:\windows\system32\Drivers\MBAMSwissArmy.sys
    2016-01-25 02:52 - 2014-10-01 01:43 - 00000000 ____D C:\Users\Lorn\AppData\Roaming\Skype
    2016-01-25 02:28 - 2014-10-01 01:43 - 00000000 ____D C:\ProgramData\Skype
    2016-01-25 01:22 - 2014-09-30 19:11 - 143671360 _____ (Microsoft Corporation) C:\windows\system32\MRT.exe
    2016-01-25 01:13 - 2014-10-01 02:39 - 00000000 ____D C:\Users\Lorn\AppData\LocalLow\Adblock Plus for IE
    2016-01-25 00:59 - 2014-09-23 03:38 - 00000000 ____D C:\ProgramData\NVIDIA Corporation
    2016-01-25 00:58 - 2014-09-23 03:39 - 00000000 ____D C:\Program Files (x86)\NVIDIA Corporation
    2016-01-25 00:58 - 2014-09-23 03:38 - 00000000 ____D C:\Program Files\NVIDIA Corporation
    2016-01-25 00:57 - 2014-09-23 03:39 - 00000000 ____D C:\ProgramData\NVIDIA
    2016-01-25 00:47 - 2015-11-01 15:10 - 00097888 _____ (Oracle Corporation) C:\windows\SysWOW64\WindowsAccessBridge-32.dll
    2016-01-25 00:47 - 2015-11-01 15:10 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Java
    2016-01-25 00:47 - 2015-11-01 15:10 - 00000000 ____D C:\Program Files (x86)\Java
    2016-01-25 00:47 - 2015-11-01 14:26 - 00000000 ____D C:\Users\Lorn\.oracle_jre_usage
    2016-01-25 00:47 - 2014-10-23 15:21 - 00000000 ____D C:\ProgramData\Oracle
    2016-01-24 18:42 - 2014-10-12 17:20 - 01379328 ___SH C:\Users\Lorn\Downloads\Thumbs.db
    2016-01-24 02:11 - 2013-08-22 07:36 - 00000000 ___HD C:\Program Files\WindowsApps
    2016-01-24 02:11 - 2013-08-22 07:36 - 00000000 ____D C:\windows\AppReadiness
    2016-01-23 01:40 - 2014-10-13 18:10 - 00000000 ____D C:\Program Files (x86)\Adobe
    2016-01-23 01:40 - 2014-09-23 04:25 - 00000000 ____D C:\windows\System32\Tasks\Lenovo
    2016-01-23 01:40 - 2014-09-23 04:25 - 00000000 ____D C:\windows\Downloaded Installations
    2016-01-23 01:40 - 2014-09-23 04:25 - 00000000 ____D C:\ProgramData\Lenovo
    2016-01-23 01:40 - 2014-09-23 04:25 - 00000000 ____D C:\Program Files\lenovo
    2016-01-23 01:37 - 2014-09-23 03:42 - 00000000 ____D C:\windows\SysWOW64\sda
    2016-01-23 01:37 - 2014-09-23 03:42 - 00000000 ____D C:\Program Files (x86)\Realtek
    2016-01-23 00:57 - 2014-10-07 14:46 - 00000000 ____D C:\Users\Lorn\AppData\Local\ElevatedDiagnostics
    2016-01-23 00:51 - 2014-09-23 03:42 - 00000000 ___HD C:\Program Files (x86)\InstallShield Installation Information
    2016-01-23 00:43 - 2013-08-22 07:36 - 00000000 __RSD C:\windows\Media
    2016-01-22 20:09 - 2014-10-13 18:07 - 00000000 ____D C:\Users\Lorn\AppData\Local\Adobe
    2016-01-22 19:58 - 2013-08-22 07:36 - 00000000 ____D C:\Program Files\Common Files\microsoft shared
    2016-01-22 19:51 - 2013-08-22 07:20 - 00000000 ____D C:\windows\CbsTemp
    2016-01-22 19:18 - 2015-08-13 16:39 - 00000000 ____D C:\Program Files\Windows Defender
    2016-01-22 17:33 - 2014-09-23 03:46 - 00000000 ____D C:\ProgramData\Package Cache
    2016-01-22 17:29 - 2014-10-24 01:27 - 00000000 ____D C:\Users\Public\Games
    2016-01-22 17:28 - 2014-10-13 19:15 - 00000000 ____D C:\ProgramData\Ableton
    2016-01-22 17:22 - 2015-11-01 14:31 - 00000000 ____D C:\Users\Lorn\AppData\Roaming\.minecraft
    2016-01-22 17:22 - 2015-01-03 20:09 - 00000000 ____D C:\Games
    2016-01-22 14:16 - 2013-08-22 05:25 - 00262144 ___SH C:\windows\system32\config\ELAM
    2016-01-20 01:57 - 2013-08-22 05:25 - 00000116 _____ C:\windows\win.ini
    2016-01-18 17:10 - 2015-02-02 17:33 - 00000000 ____D C:\Users\Lorn\Desktop\Games
    2016-01-17 15:34 - 2015-08-03 19:45 - 00000000 ____D C:\Program Files\Common Files\AV
    2016-01-17 12:16 - 2015-06-24 18:40 - 00367616 ___SH C:\Users\Lorn\Desktop\Thumbs.db
    2016-01-17 11:20 - 2014-09-30 22:11 - 00000000 ____D C:\Users\Lorn\Documents\Vuze Downloads
    2016-01-17 02:31 - 2015-08-06 18:00 - 00000000 ____D C:\Program Files (x86)\Mozilla Maintenance Service
    2016-01-17 02:26 - 2014-09-30 22:12 - 00000000 ____D C:\Users\Lorn\AppData\Roaming\Azureus
    2016-01-16 00:59 - 2015-08-06 18:00 - 00001182 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Firefox.lnk
    2016-01-16 00:59 - 2015-08-06 18:00 - 00001170 _____ C:\Users\Public\Desktop\Mozilla Firefox.lnk
    2016-01-16 00:59 - 2015-07-07 13:45 - 00000000 ____D C:\Program Files (x86)\Mozilla Firefox
    2016-01-16 00:45 - 2014-10-12 00:35 - 00000000 ____D C:\Users\Lorn\AppData\Roaming\vlc
    2016-01-15 15:37 - 2013-08-22 07:36 - 00000000 ____D C:\windows\rescache
    2016-01-15 11:56 - 2015-04-18 09:23 - 00000000 ____D C:\windows\system32\appraiser
    2016-01-15 11:56 - 2015-03-05 09:51 - 00000000 ___SD C:\windows\system32\CompatTel
    2016-01-14 13:49 - 2014-10-06 00:34 - 00000000 ____D C:\Program Files\Microsoft Silverlight
    2016-01-14 13:49 - 2014-10-06 00:34 - 00000000 ____D C:\Program Files (x86)\Microsoft Silverlight
    2016-01-14 13:48 - 2014-09-30 19:11 - 00000000 ____D C:\windows\system32\MRT
    2016-01-13 15:37 - 2014-10-06 00:34 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Silverlight
    2016-01-13 13:28 - 2014-11-25 16:16 - 00000000 ____D C:\Users\Lorn\AppData\Roaming\AVG
    2016-01-12 21:04 - 2015-09-27 23:56 - 00007607 _____ C:\Users\Lorn\AppData\Local\Resmon.ResmonCfg
    2016-01-11 14:01 - 2015-08-05 17:55 - 00000000 ____D C:\ProgramData\AVG2015
    2016-01-11 14:00 - 2015-08-05 17:49 - 00000000 ____D C:\Users\Lorn\AppData\Local\Avg2015
    2016-01-11 13:59 - 2013-08-22 07:36 - 00000000 ____D C:\windows\LiveKernelReports
    2016-01-11 13:44 - 2014-09-30 18:19 - 00000000 ____D C:\Users\Lorn
    2016-01-11 00:28 - 2013-08-22 07:36 - 00000000 ____D C:\windows\system32\NDF
    2016-01-10 19:56 - 2015-08-05 19:46 - 00000000 ____D C:\Users\pooter
    2016-01-10 19:51 - 2014-09-23 03:39 - 00000000 ____D C:\Users\UpdatusUser
    2016-01-05 12:04 - 2013-08-22 07:38 - 00826872 _____ (Adobe Systems Incorporated) C:\windows\SysWOW64\FlashPlayerApp.exe
    2016-01-05 12:04 - 2013-08-22 07:38 - 00176632 _____ (Adobe Systems Incorporated) C:\windows\SysWOW64\FlashPlayerCPLApp.cpl
    2015-12-29 02:05 - 2015-11-11 11:59 - 00000000 ____D C:\Users\Lorn\AppData\Local\Fallout4

    ==================== Files in the root of some directories =======

    2014-09-30 19:48 - 2014-09-30 19:48 - 1249792 _____ (http://www.ruby-lang.org/) C:\Users\Lorn\AppData\Roaming\msvcr90-ruby191.dll
    2015-01-04 17:05 - 2015-01-04 17:05 - 0000064 _____ () C:\Users\Lorn\AppData\Local\506c5a37eebffb83f05a958c693e43b0
    2014-09-30 18:19 - 2016-01-22 19:58 - 1849971 _____ () C:\Users\Lorn\AppData\Local\BTServer.log
    2015-09-27 23:56 - 2016-01-12 21:04 - 0007607 _____ () C:\Users\Lorn\AppData\Local\Resmon.ResmonCfg
    2015-04-09 19:55 - 2015-04-09 19:55 - 0011728 _____ () C:\Users\Lorn\AppData\Local\Temp-log.txt
    2015-06-08 21:48 - 2015-06-08 21:48 - 0000000 _____ () C:\Users\Lorn\AppData\Local\Temp.dat
    2014-09-23 03:50 - 2014-09-23 03:50 - 0000000 _____ () C:\ProgramData\DP45977C.lfl

    ==================== Bamital & volsnap =================

    (There is no automatic fix for files that do not pass verification.)

    C:\windows\system32\winlogon.exe => File is digitally signed
    C:\windows\system32\wininit.exe => File is digitally signed
    C:\windows\explorer.exe => File is digitally signed
    C:\windows\SysWOW64\explorer.exe => File is digitally signed
    C:\windows\system32\svchost.exe => File is digitally signed
    C:\windows\SysWOW64\svchost.exe => File is digitally signed
    C:\windows\system32\services.exe => File is digitally signed
    C:\windows\system32\User32.dll => File is digitally signed
    C:\windows\SysWOW64\User32.dll => File is digitally signed
    C:\windows\system32\userinit.exe => File is digitally signed
    C:\windows\SysWOW64\userinit.exe => File is digitally signed
    C:\windows\system32\rpcss.dll => File is digitally signed
    C:\windows\system32\dnsapi.dll => File is digitally signed
    C:\windows\SysWOW64\dnsapi.dll => File is digitally signed
    C:\windows\system32\Drivers\volsnap.sys => File is digitally signed


    LastRegBack: 2016-01-16 17:40

    ==================== End of FRST.txt ============================

    Addition.txt:

    Additional scan result of Farbar Recovery Scan Tool (x64) Version:25-01-2016
    Ran by Lorn (2016-01-25 14:13:13)
    Running from C:\Users\Lorn\Desktop
    Windows 8.1 (X64) (2014-10-01 02:19:28)
    Boot Mode: Normal
    ==========================================================


    ==================== Accounts: =============================

    Administrator (S-1-5-21-3574037338-378681773-173497233-500 - Administrator - Disabled)
    Guest (S-1-5-21-3574037338-378681773-173497233-501 - Limited - Disabled)
    HomeGroupUser$ (S-1-5-21-3574037338-378681773-173497233-1004 - Limited - Enabled)
    Lorn (S-1-5-21-3574037338-378681773-173497233-1002 - Administrator - Enabled) => C:\Users\Lorn
    pooter (S-1-5-21-3574037338-378681773-173497233-1005 - Limited - Enabled) => C:\Users\pooter
    UpdatusUser (S-1-5-21-3574037338-378681773-173497233-1001 - Limited - Enabled) => C:\Users\UpdatusUser

    ==================== Security Center ========================

    (If an entry is included in the fixlist, it will be removed.)

    AV: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
    AV: AVG Internet Security (Enabled - Up to date) {4D41356F-32AD-7C42-C820-63775EE4F413}
    AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
    AS: Spybot - Search and Destroy (Enabled - Up to date) {9BC38DF1-3CCA-732D-A930-C1CA5F20A4B0}
    AS: AVG Internet Security (Enabled - Up to date) {F620D48B-1497-73CC-F290-58052563BEAE}
    FW: AVG Internet Security (Enabled) {757AB44A-78C2-7D1A-E37F-CA42A037B368}

    ==================== Installed Programs ======================

    (Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

    7-Zip 9.20 (x64 edition) (HKLM\...\{23170F69-40C1-2702-0920-000001000000}) (Version: 9.20.00.0 - Igor Pavlov)
    Adblock Plus for IE (32-bit and 64-bit) (HKLM\...\{0F347A49-E36C-4639-8D2E-003AD408B8B2}) (Version: 1.5 - Eyeo GmbH)
    Adobe AIR (HKLM-x32\...\Adobe AIR) (Version: 20.0.0.233 - Adobe Systems Incorporated)
    Adobe Flash Player 20 NPAPI (HKLM-x32\...\Adobe Flash Player NPAPI) (Version: 20.0.0.286 - Adobe Systems Incorporated)
    Adobe Help Manager (HKLM-x32\...\chc.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1) (Version: 4.0.244 - Adobe Systems Incorporated)
    Apple Application Support (32-bit) (HKLM-x32\...\{C5815ACF-FD34-4553-8A22-C7411B7E662B}) (Version: 4.1.1 - Apple Inc.)
    Apple Application Support (64-bit) (HKLM\...\{CBF12D2F-CF64-4CB7-858B-2C1F21068E5F}) (Version: 4.1.1 - Apple Inc.)
    Apple Mobile Device Support (HKLM\...\{3540181E-340A-4E7A-B409-31663472B2F7}) (Version: 9.1.0.6 - Apple Inc.)
    Apple Software Update (HKLM-x32\...\{FFD1F7F1-1AC9-4BC4-A908-0686D635ABAF}) (Version: 2.1.4.131 - Apple Inc.)
    AVG (HKLM\...\AvgZen) (Version: 1.31.1.48846 - AVG Technologies)
    AVG (Version: 16.31.7357 - AVG Technologies) Hidden
    AVG 2016 (Version: 16.0.4522 - AVG Technologies) Hidden
    AVG Protection (HKLM\...\AVG) (Version: 2016.31.7357 - AVG Technologies)
    AVG Zen (Version: 1.31.9 - AVG Technologies) Hidden
    Battle.net (HKLM-x32\...\Battle.net) (Version: - Blizzard Entertainment)
    bl (x32 Version: 1.0.0 - Your Company Name) Hidden
    Bonjour (HKLM\...\{56DDDFB8-7F79-4480-89D5-25E1F52AB28F}) (Version: 3.1.0.1 - Apple Inc.)
    CDisplayEx 1.10.29 (HKLM\...\CDisplayEx_is1) (Version: - Progdigy Software S.A.R.L.)
    Cisco EAP-FAST Module (HKLM-x32\...\{64BF0187-F3D2-498B-99EA-163AF9AE6EC9}) (Version: 2.2.14 - Cisco Systems, Inc.)
    Cisco LEAP Module (HKLM-x32\...\{AF312B06-5C5C-468E-89B3-BE6DE2645722}) (Version: 1.0.19 - Cisco Systems, Inc.)
    Cisco PEAP Module (HKLM-x32\...\{0A4EF0E6-A912-4CDE-A7F3-6E56E7C13A2F}) (Version: 1.1.6 - Cisco Systems, Inc.)
    Conexant HD Audio (HKLM\...\CNXT_AUDIO_HDA) (Version: 8.65.28.50 - Conexant)
    Dead Rising 2: OTR (HKLM-x32\...\GFWL_{43430FA2-C625-49DA-8882-351000008300}) (Version: 1.0.0000.131 - Capcom)
    Dead Rising 2: OTR (x32 Version: 1.0.0000.131 - Capcom) Hidden
    Decrap my Computer (HKLM-x32\...\Decrap my Computer) (Version: - Macecraft Software)
    Dependency Package Update (Version: 1.6.25.00 - Lenovo Inc.) Hidden
    Dependency Package Update (Version: 1.6.29.00 - Lenovo Inc.) Hidden
    Dependency Package Update (Version: 1.6.36.00 - Lenovo Inc.) Hidden
    Dependency Package Update (x32 Version: 1.6.32.00 - Lenovo Group Limited) Hidden
    Dolby Digital Plus Home Theater (HKLM\...\{7E3D8FA1-6092-469A-955B-68FC4A2C67CA}) (Version: 7.5.1.1 - Dolby Laboratories Inc)
    EPSON USB Display (HKLM-x32\...\{7650F538-6274-44EA-8F50-843479073333}) (Version: 1.45.000 - SEIKO EPSON CORPORATION)
    Fallout Mod Manager 0.13.21 (HKLM-x32\...\Generic Mod Manager_is1) (Version: - Q, Timeslip)
    Fallout New Vegas - Ultimate Edition (HKLM-x32\...\Fallout New Vegas - Ultimate Edition_R.G. Mechanics_is1) (Version: - R.G. Mechanics, Panky)
    FMW 1 (Version: 1.52.1 - AVG Technologies) Hidden
    Google Earth Plug-in (HKLM-x32\...\{4AB54F11-2F8C-11E3-B09F-B8AC6F97B88E}) (Version: 7.1.2.2041 - Google)
    Google Update Helper (x32 Version: 1.3.25.11 - Google Inc.) Hidden
    Google Update Helper (x32 Version: 1.3.27.5 - Google Inc.) Hidden
    HitmanPro 3.7 (HKLM\...\HitmanPro37) (Version: 3.7.12.253 - SurfRight B.V.)
    Hotline Miami 2: Wrong Number (HKLM-x32\...\Hotline Miami 2: Wrong Number_is1) (Version: - )
    Intel(R) Management Engine Components (HKLM-x32\...\{65153EA5-8B6E-43B6-857B-C6E4FC25798A}) (Version: 9.5.15.1730 - Intel Corporation)
    Intel(R) Processor Graphics (HKLM-x32\...\{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}) (Version: 10.18.10.3379 - Intel Corporation)
    Intel(R) Rapid Storage Technology (HKLM\...\{409CB30E-E457-4008-9B1A-ED1B9EA21140}) (Version: 12.9.0.1001 - Intel Corporation)
    iTunes (HKLM\...\{0D44E3A4-6C3D-45D7-B443-079509E5BE5D}) (Version: 12.3.2.35 - Apple Inc.)
    Java 8 Update 71 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F83218071F0}) (Version: 8.0.710.15 - Oracle Corporation)
    Lenovo Dependency Package (HKLM\...\Lenovo Dependency Package_is1) (Version: 1.6.36.00 - Lenovo Group Limited)
    Lenovo EasyCamera (HKLM-x32\...\{E0A7ED39-8CD6-4351-93C3-69CCA00D12B4}) (Version: 6.2.9200.10249 - Realtek Semiconductor Corp.)
    Lenovo FusionEngine (HKLM-x32\...\Lenovo FusionEngine) (Version: 1.0.13.0 - Lenovo, Inc.)
    Lenovo OneKey Recovery (HKLM-x32\...\InstallShield_{46F4D124-20E5-4D12-BE52-EC177A7A4B42}) (Version: 8.0.0.2105 - CyberLink Corp.)
    Lenovo OneKey Recovery (Version: 8.0.0.2105 - CyberLink Corp.) Hidden
    Lenovo Service Bridge (HKU\S-1-5-21-3574037338-378681773-173497233-1002\...\cbe8636f7dd0cf1d) (Version: 1.6.2.0 - Lenovo)
    Lenovo Solution Center (HKLM\...\{4386A5EF-BD23-49F4-9DAD-CD76B4F6A8BF}) (Version: 2.8.006.00 - Lenovo Group Limited)
    Logitech Gaming Software 5.10 (HKLM\...\{1444D2EE-C7AD-44A8-844F-2634B49353D1}) (Version: 5.10.127 - Logitech)
    Malwarebytes Anti-Malware version 2.2.0.1024 (HKLM-x32\...\Malwarebytes Anti-Malware_is1) (Version: 2.2.0.1024 - Malwarebytes)
    Metric Collection SDK 35 (x32 Version: 1.2.0001.00 - Lenovo Group Limited) Hidden
    Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.41212.0 - Microsoft Corporation)
    Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
    Microsoft Visual C++ 2013 Redistributable (x64) - 12.0.30501 (HKLM-x32\...\{050d4fc8-5d48-4b8f-8972-47c82c46020f}) (Version: 12.0.30501.0 - Microsoft Corporation)
    Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.30501 (HKLM-x32\...\{f65db027-aff3-4070-886a-0d87064aabb1}) (Version: 12.0.30501.0 - Microsoft Corporation)
    mIRC (HKLM-x32\...\mIRC) (Version: 7.41 - mIRC Co. Ltd.)
    Mozilla Firefox 43.0.4 (x86 en-US) (HKLM-x32\...\Mozilla Firefox 43.0.4 (x86 en-US)) (Version: 43.0.4 - Mozilla)
    Mozilla Maintenance Service (HKLM-x32\...\MozillaMaintenanceService) (Version: 43.0.4 - Mozilla)
    Nexus Mod Manager (HKLM\...\6af12c54-643b-4752-87d0-8335503010de_is1) (Version: 0.61.4 - Black Tree Gaming)
    NVIDIA GeForce Experience 2.8.1.21 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.GFExperience) (Version: 2.8.1.21 - NVIDIA Corporation)
    NVIDIA Graphics Driver 361.43 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver) (Version: 361.43 - NVIDIA Corporation)
    NVIDIA PhysX System Software 9.15.0428 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.PhysX) (Version: 9.15.0428 - NVIDIA Corporation)
    Onekey Theater (HKLM-x32\...\{91CC5BAE-A098-40D3-A43B-C0DC7CE263FE}) (Version: 3.0.1.2 - Lenovo)
    OpenOffice 4.1.1 (HKLM-x32\...\{9395F41D-0F80-432E-9A59-B8E477E7E163}) (Version: 4.11.9775 - Apache Software Foundation)
    ph (x32 Version: 1.0.0 - Your Company Name) Hidden
    Portal 2 (HKLM-x32\...\Postal 2_is1) (Version: - )
    Power Manager (HKLM-x32\...\{DAC01CEE-5BAE-42D5-81FC-B687E84E8405}_is1) (Version: 3.20.0008 - Lenovo Group Limited)
    REALTEK Bluetooth Driver (HKLM-x32\...\{9D3D8C60-A5EF-4123-B2B9-172095903AB}) (Version: 3.805.802.010814 - REALTEK Semiconductor Corp.)
    Realtek Card Reader (HKLM-x32\...\{5BC2B5AB-80DE-4E83-B8CF-426902051D0A}) (Version: 10.0.10125.31214 - Realtek Semiconductor Corp.)
    Realtek Ethernet Controller Driver (HKLM-x32\...\{8833FFB6-5B0C-4764-81AA-06DFEED9A476}) (Version: 8.20.815.2013 - Realtek)
    REALTEK Wireless LAN Driver (HKLM-x32\...\{9DAABC60-A5EF-41FF-B2B9-17329590CD5}) (Version: 1.00.0238 - REALTEK Semiconductor Corp.)
    ScummVM 1.7.0 (HKLM-x32\...\ScummVM_is1) (Version: - The ScummVM Team)
    SHIELD Streaming (Version: 4.1.0250 - NVIDIA Corporation) Hidden
    SHIELD Wireless Controller Driver (Version: 2.8.1.21 - NVIDIA Corporation) Hidden
    Skype™ 7.18 (HKLM-x32\...\{FC965A47-4839-40CA-B618-18F486F042C6}) (Version: 7.18.109 - Skype Technologies S.A.)
    Spotify (HKU\S-1-5-21-3574037338-378681773-173497233-1002\...\Spotify) (Version: 1.0.11.134.ga37df67b - Spotify AB)
    Spybot - Search & Destroy (HKLM-x32\...\{B4092C6D-E886-4CB2-BA68-FE5A99D31DE7}_is1) (Version: 2.4.40 - Safer-Networking Ltd.)
    Steam (HKLM-x32\...\Steam) (Version: 2.10.91.91 - Valve Corporation)
    Synaptics Pointing Device Driver (HKLM\...\SynTPDeinstKey) (Version: 17.0.14.74 - Synaptics Incorporated)
    System Requirements Lab (HKLM-x32\...\{F89CDED6-B1F1-489F-BA44-698BF6A737C2}) (Version: 6.1.6.0 - Husdawg, LLC)
    the static speaks my name (HKLM-x32\...\Steam App 387860) (Version: - Jesse Barksdale)
    Torchlight II (c) Runic Games version 1 (HKLM-x32\...\Torchlight II (c) Runic Games_is1) (Version: 1 - )
    User Manuals (HKLM-x32\...\InstallShield_{F07C2CF8-4C53-4EC3-8162-A6221E36EB88}) (Version: 3.0.0.3 - Lenovo)
    User Manuals (x32 Version: 3.0.0.3 - Lenovo) Hidden
    Velvet Sundown (HKLM-x32\...\Steam App 307290) (Version: - Tribe Studios)
    version 5.13.415.31/1.0.0.27/3.4.5.11(H1C307WW) (HKLM-x32\...\{4AD4461B-8BD4-4354-805C-E97E7A404906}_is1) (Version: - Lenovo Group Limited)
    VLC media player (HKLM-x32\...\VLC media player) (Version: 2.2.1 - VideoLAN)
    Vuze (HKLM\...\8461-7759-5462-8226) (Version: 5.7.0.0 - Azureus Software, Inc.)

    ==================== Custom CLSID (Whitelisted): ==========================

    (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)


    ==================== Scheduled Tasks (Whitelisted) =============

    (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

    Task: {01D23920-F812-4893-82F7-D491B0B87596} - System32\Tasks\Microsoft\Windows\Setup\GWXTriggers\ScheduleUpgradeTime => C:\Windows\system32\GWX\GWXUXWorker.exe [2015-12-04] (Microsoft Corporation)
    Task: {12921B44-9715-4078-9459-65E261FCA50D} - System32\Tasks\Lenovo\LSC\Lenovo Solution Center Notifications => C:\Program Files\Lenovo\Lenovo Solution Center\LSCNotify.exe [2015-12-10] (Lenovo)
    Task: {322A90A3-BBC0-4832-B7C1-645984C7C3F9} - System32\Tasks\Lenovo\LSC\LSCHardwareScan => C:\Program Files\Lenovo\Lenovo Solution Center\LSC.exe [2015-12-10] (Lenovo)
    Task: {45E6F287-D487-4263-991F-7C5908D21BCF} - System32\Tasks\Lenovo\Lenovo Customer Feedback Program 64 35 => C:\Program Files (x86)\Lenovo\Customer Feedback Program 35\Lenovo.TVT.CustomerFeedback.Agent35.exe [2015-12-10] (Lenovo)
    Task: {4B3BB225-328B-45DE-9FA6-303F554DFA59} - System32\Tasks\Lenovo\Lenovo Solution Center Launcher => C:\Program Files\lenovo\lenovo solution center\App\LSCService.exe [2015-12-10] (Lenovo)
    Task: {51DD253C-C35F-40C3-9FBA-0489C0E1B996} - System32\Tasks\Lenovo\Dependency Package Auto Update => C:\Program Files\Lenovo\iMController\AutoUpdate.exe [2015-03-06] ()
    Task: {716B92BF-BF54-4FD9-9996-922FE042C475} - System32\Tasks\Apple\AppleSoftwareUpdate => C:\Program Files (x86)\Apple Software Update\SoftwareUpdate.exe [2015-08-27] (Apple Inc.)
    Task: {8B82F390-1C7B-4FE4-A179-9B572DF61AA5} - System32\Tasks\PDVDServ Task => C:\Program Files (x86)\Lenovo\PowerDVD10\PDVD10Serv.EXE
    Task: {8E093C0E-1BF0-4739-8614-250D0D337FC4} - System32\Tasks\Lenovo\Lenovo Service Bridge\S-1-5-21-3574037338-378681773-173497233-1002 => Rundll32.exe dfshim.dll,ShOpenVerbShortcut C:\Users\Lorn\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Lenovo\Lenovo Service Bridge.appref-ms
    Task: {9355A27C-014D-4DFD-A83D-EAF84F7FCD55} - System32\Tasks\Java(TM) Platform SE Auto Updater => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [2015-12-22] (Oracle Corporation)
    Task: {96CCECC9-2389-4053-869D-1C4938B915BD} - System32\Tasks\Synaptics TouchPad Enhancements => C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [2013-12-23] (Synaptics Incorporated)
    Task: {A7143D69-EF94-4BCB-824F-4CABE138B448} - System32\Tasks\Microsoft\Windows\Setup\GWXTriggers\ScheduleUpgradeReminderTime => C:\Windows\system32\GWX\GWXUXWorker.exe [2015-12-04] (Microsoft Corporation)
    Task: {BA48FCCD-F364-42BF-B684-E7B4DCC4D3D1} - System32\Tasks\Microsoft\Windows\UPnP\UPnPHostConfig => config upnphost start= auto
    Task: {E14D7C1F-05AD-4B29-B7C9-5FD63A430D9A} - System32\Tasks\{A8E1093A-23EF-4DD1-92D8-483E87761D01} => pcalua.exe -a "C:\Program Files (x86)\InstallShield Installation Information\{91CC5BAE-A098-40D3-A43B-C0DC7CE263FE}\setup.exe" -c -runfromtemp -l0x0009
    Task: {F570E42C-465E-4573-BC41-DCF3513384D6} - System32\Tasks\PMTask => C:\Program Files (x86)\Lenovo\PowerMgr\PwmIdTsv.exe [2014-03-05] (Lenovo Group Limited)

    (If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)


    ==================== Shortcuts =============================

    (The entries could be listed to be restored or removed.)

    ==================== Loaded Modules (Whitelisted) ==============

    2014-09-23 03:38 - 2015-12-16 06:53 - 00126072 _____ () C:\Program Files\NVIDIA Corporation\Display\NvSmartMax64.dll
    2015-11-20 14:57 - 2015-11-20 14:57 - 00085800 _____ () C:\Program Files\Common Files\Apple\Apple Application Support\zlib1.dll
    2015-11-20 14:57 - 2015-11-20 14:57 - 01328912 _____ () C:\Program Files\Common Files\Apple\Apple Application Support\libxml2.dll
    2014-09-23 03:45 - 2014-01-06 13:56 - 00079872 _____ () C:\Program Files (x86)\REALTEK\Realtek Bluetooth\BTDevMgr.exe
    2016-01-25 00:57 - 2015-12-16 09:34 - 00217720 _____ () C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamBase.dll
    2014-09-23 03:50 - 2010-10-25 20:40 - 00049056 _____ () C:\Program Files\CONEXANT\ForteConfig\fmapp.exe
    2014-12-06 23:54 - 2014-03-05 08:55 - 00035688 _____ () C:\Program Files (x86)\Lenovo\PowerMgr\US\PWMRT64V.DLL
    2014-12-05 16:11 - 2014-05-13 12:04 - 00109400 _____ () C:\Program Files (x86)\Spybot - Search & Destroy 2\snlThirdParty150.bpl
    2014-12-05 16:11 - 2014-05-13 12:04 - 00167768 _____ () C:\Program Files (x86)\Spybot - Search & Destroy 2\snlFileFormats150.bpl
    2014-12-05 16:11 - 2014-05-13 12:04 - 00416600 _____ () C:\Program Files (x86)\Spybot - Search & Destroy 2\DEC150.bpl
    2014-12-05 16:11 - 2012-08-23 10:38 - 00574840 _____ () C:\Program Files (x86)\Spybot - Search & Destroy 2\sqlite3.dll
    2014-12-05 16:11 - 2012-04-03 17:06 - 00565640 _____ () C:\Program Files (x86)\Spybot - Search & Destroy 2\av\BDSmartDB.dll
    2016-01-25 00:57 - 2015-12-16 09:34 - 00011896 _____ () C:\Program Files (x86)\NVIDIA Corporation\Update Core\detoured.dll
    2016-01-13 13:03 - 2016-01-17 14:55 - 40500224 _____ () C:\Program Files (x86)\AVG\UiDll\2171\libcef.dll
    2014-09-23 03:43 - 2013-09-16 11:20 - 01242584 _____ () C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\ACE.dll
    2015-03-06 19:53 - 2015-03-06 19:53 - 00074168 _____ () C:\Program Files\Lenovo\iMController\AutoUpdate.exe
    2015-03-06 19:53 - 2015-03-06 19:53 - 00020920 _____ () C:\Program Files\Lenovo\iMController\LegacyFeatures.exe
    2015-03-06 19:53 - 2015-03-06 19:53 - 00026552 _____ () C:\Program Files\Lenovo\iMController\PluginCommunication.exe

    ==================== Alternate Data Streams (Whitelisted) =========

    (If an entry is included in the fixlist, only the ADS will be removed.)

    AlternateDataStreams: C:\Windows:nlsPreferences
    AlternateDataStreams: C:\Users\Lorn\AppData\Local\BFtVASs5XROXX:R2vy4coCe7tOEQpFccqUc
    AlternateDataStreams: C:\Users\Lorn\AppData\Local\Jg3dtCJmqaLILUt:fQJ7RA7MnG3hUP6mBCUPzJ
    AlternateDataStreams: C:\Users\Lorn\AppData\Local\Temp47ue6TnehOBcOR8z1SUsbV
    AlternateDataStreams: C:\Users\Lorn\AppData\Local\Temporary Internet Files:vJBOpqDvv08GCZfdUllCW5BNOU3
    AlternateDataStreams: C:\Users\Lorn\AppData\Local\Temporary Internet Files:wLgppMlrHer0eCHB3v5UqAp

    ==================== Safe Mode (Whitelisted) ===================

    (If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)

    HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\mcpltsvc => ""=""
    HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mcpltsvc => ""=""

    ==================== EXE Association (Whitelisted) ===============

    (If an entry is included in the fixlist, the registry item will be restored to default or removed.)


    ==================== Internet Explorer trusted/restricted ===============

    (If an entry is included in the fixlist, it will be removed from the registry.)

    IE restricted site: HKU\.DEFAULT\...\007guard.com -> install.007guard.com
    IE restricted site: HKU\.DEFAULT\...\008i.com -> 008i.com
    IE restricted site: HKU\.DEFAULT\...\008k.com -> www.008k.com
    IE restricted site: HKU\.DEFAULT\...\00hq.com -> www.00hq.com
    IE restricted site: HKU\.DEFAULT\...\010402.com -> 010402.com
    IE restricted site: HKU\.DEFAULT\...\032439.com -> 80gw6ry3i3x3qbrkwhxhw.032439.com
    IE restricted site: HKU\.DEFAULT\...\0scan.com -> www.0scan.com
    IE restricted site: HKU\.DEFAULT\...\1-2005-search.com -> www.1-2005-search.com
    IE restricted site: HKU\.DEFAULT\...\1-domains-registrations.com -> www.1-domains-registrations.com
    IE restricted site: HKU\.DEFAULT\...\1000gratisproben.com -> www.1000gratisproben.com
    IE restricted site: HKU\.DEFAULT\...\1001namen.com -> www.1001namen.com
    IE restricted site: HKU\.DEFAULT\...\100888290cs.com -> mir.100888290cs.com
    IE restricted site: HKU\.DEFAULT\...\100sexlinks.com -> www.100sexlinks.com
    IE restricted site: HKU\.DEFAULT\...\10sek.com -> www.10sek.com
    IE restricted site: HKU\.DEFAULT\...\12-26.net -> user1.12-26.net
    IE restricted site: HKU\.DEFAULT\...\12-27.net -> user1.12-27.net
    IE restricted site: HKU\.DEFAULT\...\123fporn.info -> www.123fporn.info
    IE restricted site: HKU\.DEFAULT\...\123haustiereundmehr.com -> www.123haustiereundmehr.com
    IE restricted site: HKU\.DEFAULT\...\123moviedownload.com -> www.123moviedownload.com
    IE restricted site: HKU\.DEFAULT\...\123simsen.com -> www.123simsen.com

    There are 7866 more sites.

    IE restricted site: HKU\S-1-5-21-3574037338-378681773-173497233-1001\...\007guard.com -> install.007guard.com
    IE restricted site: HKU\S-1-5-21-3574037338-378681773-173497233-1001\...\008i.com -> 008i.com
    IE restricted site: HKU\S-1-5-21-3574037338-378681773-173497233-1001\...\008k.com -> www.008k.com
    IE restricted site: HKU\S-1-5-21-3574037338-378681773-173497233-1001\...\00hq.com -> www.00hq.com
    IE restricted site: HKU\S-1-5-21-3574037338-378681773-173497233-1001\...\010402.com -> 010402.com
    IE restricted site: HKU\S-1-5-21-3574037338-378681773-173497233-1001\...\032439.com -> 80gw6ry3i3x3qbrkwhxhw.032439.com
    IE restricted site: HKU\S-1-5-21-3574037338-378681773-173497233-1001\...\0scan.com -> www.0scan.com
    IE restricted site: HKU\S-1-5-21-3574037338-378681773-173497233-1001\...\1-2005-search.com -> www.1-2005-search.com
    IE restricted site: HKU\S-1-5-21-3574037338-378681773-173497233-1001\...\1-domains-registrations.com -> www.1-domains-registrations.com
    IE restricted site: HKU\S-1-5-21-3574037338-378681773-173497233-1001\...\1000gratisproben.com -> www.1000gratisproben.com
    IE restricted site: HKU\S-1-5-21-3574037338-378681773-173497233-1001\...\1001namen.com -> www.1001namen.com
    IE restricted site: HKU\S-1-5-21-3574037338-378681773-173497233-1001\...\100888290cs.com -> mir.100888290cs.com
    IE restricted site: HKU\S-1-5-21-3574037338-378681773-173497233-1001\...\100sexlinks.com -> www.100sexlinks.com
    IE restricted site: HKU\S-1-5-21-3574037338-378681773-173497233-1001\...\10sek.com -> www.10sek.com
    IE restricted site: HKU\S-1-5-21-3574037338-378681773-173497233-1001\...\12-26.net -> user1.12-26.net
    IE restricted site: HKU\S-1-5-21-3574037338-378681773-173497233-1001\...\12-27.net -> user1.12-27.net
    IE restricted site: HKU\S-1-5-21-3574037338-378681773-173497233-1001\...\123fporn.info -> www.123fporn.info
    IE restricted site: HKU\S-1-5-21-3574037338-378681773-173497233-1001\...\123haustiereundmehr.com -> www.123haustiereundmehr.com
    IE restricted site: HKU\S-1-5-21-3574037338-378681773-173497233-1001\...\123moviedownload.com -> www.123moviedownload.com
    IE restricted site: HKU\S-1-5-21-3574037338-378681773-173497233-1001\...\123simsen.com -> www.123simsen.com

    There are 7866 more sites.

    IE restricted site: HKU\S-1-5-21-3574037338-378681773-173497233-1002\...\007guard.com -> install.007guard.com
    IE restricted site: HKU\S-1-5-21-3574037338-378681773-173497233-1002\...\008i.com -> 008i.com
    IE restricted site: HKU\S-1-5-21-3574037338-378681773-173497233-1002\...\008k.com -> www.008k.com
    IE restricted site: HKU\S-1-5-21-3574037338-378681773-173497233-1002\...\00hq.com -> www.00hq.com
    IE restricted site: HKU\S-1-5-21-3574037338-378681773-173497233-1002\...\010402.com -> 010402.com
    IE restricted site: HKU\S-1-5-21-3574037338-378681773-173497233-1002\...\032439.com -> 80gw6ry3i3x3qbrkwhxhw.032439.com
    IE restricted site: HKU\S-1-5-21-3574037338-378681773-173497233-1002\...\0scan.com -> www.0scan.com
    IE restricted site: HKU\S-1-5-21-3574037338-378681773-173497233-1002\...\1-2005-search.com -> www.1-2005-search.com
    IE restricted site: HKU\S-1-5-21-3574037338-378681773-173497233-1002\...\1-domains-registrations.com -> www.1-domains-registrations.com
    IE restricted site: HKU\S-1-5-21-3574037338-378681773-173497233-1002\...\1000gratisproben.com -> www.1000gratisproben.com
    IE restricted site: HKU\S-1-5-21-3574037338-378681773-173497233-1002\...\1001namen.com -> www.1001namen.com
    IE restricted site: HKU\S-1-5-21-3574037338-378681773-173497233-1002\...\100888290cs.com -> mir.100888290cs.com
    IE restricted site: HKU\S-1-5-21-3574037338-378681773-173497233-1002\...\100sexlinks.com -> www.100sexlinks.com
    IE restricted site: HKU\S-1-5-21-3574037338-378681773-173497233-1002\...\10sek.com -> www.10sek.com
    IE restricted site: HKU\S-1-5-21-3574037338-378681773-173497233-1002\...\12-26.net -> user1.12-26.net
    IE restricted site: HKU\S-1-5-21-3574037338-378681773-173497233-1002\...\12-27.net -> user1.12-27.net
    IE restricted site: HKU\S-1-5-21-3574037338-378681773-173497233-1002\...\123fporn.info -> www.123fporn.info
    IE restricted site: HKU\S-1-5-21-3574037338-378681773-173497233-1002\...\123haustiereundmehr.com -> www.123haustiereundmehr.com
    IE restricted site: HKU\S-1-5-21-3574037338-378681773-173497233-1002\...\123moviedownload.com -> www.123moviedownload.com
    IE restricted site: HKU\S-1-5-21-3574037338-378681773-173497233-1002\...\123simsen.com -> www.123simsen.com

    There are 7866 more sites.


    ==================== Hosts content: ===============================

    (If needed Hosts: directive could be included in the fixlist to reset Hosts.)

    2013-08-22 05:25 - 2015-12-18 02:39 - 00000826 ____A C:\windows\system32\Drivers\etc\hosts


    ==================== Other Areas ============================

    (Currently there is no automatic fix for this section.)

    HKU\S-1-5-21-3574037338-378681773-173497233-1002\Control Panel\Desktop\\Wallpaper -> C:\Users\Lorn\AppData\Roaming\Mozilla\Firefox\Desktop Background.bmp
    DNS Servers: 192.168.0.1 - 205.171.2.25
    HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1)
    Windows Firewall is enabled.

    ==================== MSCONFIG/TASK MANAGER disabled items ==

    (Currently there is no automatic fix for this section.)

    HKLM\...\StartupApproved\Run32: => "iTunesHelper"
    HKLM\...\StartupApproved\Run32: => "SunJavaUpdateSched"
    HKLM\...\StartupApproved\Run32: => "QuickTime Task"
    HKLM\...\StartupApproved\Run32: => "AdobeCS6ServiceManager"
    HKU\S-1-5-21-3574037338-378681773-173497233-1002\...\StartupApproved\Run: => "Spotify"
    HKU\S-1-5-21-3574037338-378681773-173497233-1002\...\StartupApproved\Run: => "Spotify Web Helper"
    HKU\S-1-5-21-3574037338-378681773-173497233-1002\...\StartupApproved\Run: => "AdobeBridge"

    ==================== FirewallRules (Whitelisted) ===============

    (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

    FirewallRules: [vm-monitoring-nb-session] => (Allow) LPort=139
    FirewallRules: [{1C24C40D-4D56-40FF-84AF-9AE5265ACB8E}] => (Allow) C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe
    FirewallRules: [{E0884B77-65E4-4368-8721-F9D51E81254B}] => (Allow) C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe
    FirewallRules: [{8BD0DAA0-0FF9-48A0-B7F5-4DF17756C581}] => (Allow) C:\ProgramData\Battle.net\Agent\Agent.3427\Agent.exe
    FirewallRules: [{B42051D1-EB49-4CF7-9D67-8ABB5996FBDE}] => (Allow) C:\ProgramData\Battle.net\Agent\Agent.3427\Agent.exe
    FirewallRules: [{5C72DF7C-AF19-4E10-87AF-984CD5AF9CE2}] => (Allow) C:\Program Files (x86)\Steam\Steam.exe
    FirewallRules: [{47B519B0-2577-489C-868A-649EEE2B6C8F}] => (Allow) C:\Program Files (x86)\Steam\Steam.exe
    FirewallRules: [{374701F4-4C85-4AC2-846A-41436121E808}] => (Allow) C:\Program Files (x86)\Skype\Phone\Skype.exe
    FirewallRules: [TCP Query User{06149AB3-D985-485F-BD91-5E9E52A533F6}C:\users\lorn\appdata\roaming\spotify\spotify.exe] => (Allow) C:\users\lorn\appdata\roaming\spotify\spotify.exe
    FirewallRules: [UDP Query User{3CE89A14-EBEE-46A6-9BE0-28E6D0E01195}C:\users\lorn\appdata\roaming\spotify\spotify.exe] => (Allow) C:\users\lorn\appdata\roaming\spotify\spotify.exe
    FirewallRules: [TCP Query User{A280F7F4-D0F1-4A76-8253-79D963BEDCE3}C:\program files (x86)\mirc\mirc.exe] => (Allow) C:\program files (x86)\mirc\mirc.exe
    FirewallRules: [UDP Query User{9D94A1DE-5598-45E9-A61A-4AB29A4C7597}C:\program files (x86)\mirc\mirc.exe] => (Allow) C:\program files (x86)\mirc\mirc.exe
    FirewallRules: [{FCA99A04-4757-4C81-B18D-13D832AFA725}] => (Allow) C:\Program Files (x86)\Capcom\Dead Rising 2 Off The Record\deadrising2otr.exe
    FirewallRules: [{F9423CA4-0705-431C-8493-DBEE24265F1E}] => (Allow) C:\Program Files (x86)\Capcom\Dead Rising 2 Off The Record\deadrising2otr.exe
    FirewallRules: [TCP Query User{0DCC3A7D-C8C0-48D9-BF3B-8CFD3418E1C9}C:\program files\vuze\azureus.exe] => (Block) C:\program files\vuze\azureus.exe
    FirewallRules: [UDP Query User{89089E15-22B9-468D-92C3-1EC6418EC7C4}C:\program files\vuze\azureus.exe] => (Block) C:\program files\vuze\azureus.exe
    FirewallRules: [TCP Query User{22FC8D3D-96C6-4D60-B818-AEFAFB968A37}C:\program files (x86)\torchlight ii\torchlight2.exe] => (Allow) C:\program files (x86)\torchlight ii\torchlight2.exe
    FirewallRules: [UDP Query User{1C541F35-471D-4864-966C-7A7A7BCCAE2C}C:\program files (x86)\torchlight ii\torchlight2.exe] => (Allow) C:\program files (x86)\torchlight ii\torchlight2.exe
    FirewallRules: [{FBD36A6B-C406-4108-ADC2-EDDFF772B07D}] => (Allow) C:\ProgramData\Battle.net\Agent\Agent.3427\Agent.exe
    FirewallRules: [{0355BCF4-E816-4D68-86A6-EC8F5291F372}] => (Allow) C:\ProgramData\Battle.net\Agent\Agent.3427\Agent.exe
    FirewallRules: [TCP Query User{9EF0774D-1375-46D1-96B2-D416D330EA5A}C:\program files (x86)\valve\portal 2\portal2.exe] => (Allow) C:\program files (x86)\valve\portal 2\portal2.exe
    FirewallRules: [UDP Query User{D3F44961-E99A-4B99-A9B3-28803CE0E704}C:\program files (x86)\valve\portal 2\portal2.exe] => (Allow) C:\program files (x86)\valve\portal 2\portal2.exe
    FirewallRules: [TCP Query User{FFA5EC9F-846C-4CB9-A620-186843643DBE}C:\games\dead island riptide\deadislandgame_x86_rwdi.exe] => (Allow) C:\games\dead island riptide\deadislandgame_x86_rwdi.exe
    FirewallRules: [UDP Query User{0F43029B-AB21-48F3-AE04-3FB32E7D0E34}C:\games\dead island riptide\deadislandgame_x86_rwdi.exe] => (Allow) C:\games\dead island riptide\deadislandgame_x86_rwdi.exe
    FirewallRules: [{AAAEC521-122D-4AA9-83AC-A440C270E868}] => (Allow) C:\ProgramData\Battle.net\Agent\Agent.3688\Agent.exe
    FirewallRules: [{69CFB418-A366-48D1-B008-A7BC4FE38BD2}] => (Allow) C:\ProgramData\Battle.net\Agent\Agent.3688\Agent.exe
    FirewallRules: [{C495514A-C1A9-4B9F-9F88-DB0B6B0886CD}] => (Allow) C:\Program Files (x86)\Battle.net\Battle.net.exe
    FirewallRules: [{0875147C-2CFF-4CCA-B101-990BA835AD69}] => (Allow) C:\Program Files (x86)\Battle.net\Battle.net.exe
    FirewallRules: [{FF6BB9E0-05DE-4868-A81E-6A4E2A09E5DA}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
    FirewallRules: [TCP Query User{DF20E90D-A462-4345-8935-EAA1E5416A3E}C:\program files (x86)\r.g. catalyst\saints row. the third\saintsrowthethird_dx11.exe] => (Block) C:\program files (x86)\r.g. catalyst\saints row. the third\saintsrowthethird_dx11.exe
    FirewallRules: [UDP Query User{709066EC-CFC1-40CA-8F6F-6A4102CB2DB0}C:\program files (x86)\r.g. catalyst\saints row. the third\saintsrowthethird_dx11.exe] => (Block) C:\program files (x86)\r.g. catalyst\saints row. the third\saintsrowthethird_dx11.exe
    FirewallRules: [TCP Query User{A3777AAF-D7CB-4CDD-82E0-399457C6B79C}C:\program files (x86)\r.g. catalyst\saints row. the third\saintsrowthethird.exe] => (Block) C:\program files (x86)\r.g. catalyst\saints row. the third\saintsrowthethird.exe
    FirewallRules: [UDP Query User{5B0876F1-99B2-449E-8C13-5EC3D00FD805}C:\program files (x86)\r.g. catalyst\saints row. the third\saintsrowthethird.exe] => (Block) C:\program files (x86)\r.g. catalyst\saints row. the third\saintsrowthethird.exe
    FirewallRules: [{CBBFC016-7E48-42B3-8738-64812735B416}] => (Allow) C:\Program Files (x86)\Steam\bin\steamwebhelper.exe
    FirewallRules: [{084561C2-08E3-4FC4-BD5C-71F011E4003D}] => (Allow) C:\Program Files (x86)\Steam\bin\steamwebhelper.exe
    FirewallRules: [TCP Query User{84B4E84D-97F1-41C1-900E-835500311553}C:\games\broforce alien infestation update\broforce_beta.exe] => (Allow) C:\games\broforce alien infestation update\broforce_beta.exe
    FirewallRules: [UDP Query User{215D9C28-73E4-4A8A-926F-B9A6FF8E1A22}C:\games\broforce alien infestation update\broforce_beta.exe] => (Allow) C:\games\broforce alien infestation update\broforce_beta.exe
    FirewallRules: [{F4C9A36B-342E-4DE2-A592-31F674DA6A07}] => (Allow) C:\Program Files (x86)\AVG\AVG2015\avgmfapx.exe
    FirewallRules: [{6CDA0BBF-A567-402F-9143-F39909C95508}] => (Allow) C:\Program Files (x86)\AVG\AVG2015\avgmfapx.exe
    FirewallRules: [{4A722C70-6A14-4D2A-95D1-2CFD607495DE}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\the static speaks my name\thestatic_win.exe
    FirewallRules: [{3017B558-9D14-44C8-975A-FDDEB98C49D5}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\the static speaks my name\thestatic_win.exe
    FirewallRules: [{CAF27128-8C75-48C9-BDE1-0F70EC8F47BA}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\VelvetSundown\VelvetSundown.exe
    FirewallRules: [{D7243E32-B600-496F-B020-8C6BE451D9D8}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\VelvetSundown\VelvetSundown.exe
    FirewallRules: [TCP Query User{8236EE35-78B2-47EA-B091-5827A8743B03}C:\program files\epic games\unrealtournamentdev\engine\binaries\win64\ue4-win64-test.exe] => (Allow) C:\program files\epic games\unrealtournamentdev\engine\binaries\win64\ue4-win64-test.exe
    FirewallRules: [UDP Query User{118E3D12-12CF-4A12-BA8A-7D3CCF1495CF}C:\program files\epic games\unrealtournamentdev\engine\binaries\win64\ue4-win64-test.exe] => (Allow) C:\program files\epic games\unrealtournamentdev\engine\binaries\win64\ue4-win64-test.exe
    FirewallRules: [TCP Query User{F0ADDAAD-C605-4F97-8A0A-4D068E01E5EF}C:\program files (x86)\java\jre1.8.0_65\bin\javaw.exe] => (Allow) C:\program files (x86)\java\jre1.8.0_65\bin\javaw.exe
    FirewallRules: [UDP Query User{332D29D9-721A-49DF-8DEA-49030735DA59}C:\program files (x86)\java\jre1.8.0_65\bin\javaw.exe] => (Allow) C:\program files (x86)\java\jre1.8.0_65\bin\javaw.exe
    FirewallRules: [{E6636355-8A14-4F99-90B3-3ACC693DD424}] => (Allow) C:\Program Files (x86)\AVG\AVG2015\avgnsa.exe
    FirewallRules: [{322D31E6-AE0E-4D50-AC6C-55104266618E}] => (Allow) C:\Program Files (x86)\AVG\AVG2015\avgnsa.exe
    FirewallRules: [{494612CF-358B-4D35-ABEE-535B5E4AF5BD}] => (Allow) C:\Program Files (x86)\AVG\AVG2015\avgdiagex.exe
    FirewallRules: [{09E2388B-60E1-49A6-82E2-867EF9A58FC1}] => (Allow) C:\Program Files (x86)\AVG\AVG2015\avgdiagex.exe
    FirewallRules: [{5CE2A19A-8B90-4803-921D-E89214809526}] => (Allow) C:\Program Files (x86)\AVG\AVG2015\avgemca.exe
    FirewallRules: [{9BC3AE19-DBB2-4EEC-80E9-DDD44F4A3C4D}] => (Allow) C:\Program Files (x86)\AVG\AVG2015\avgemca.exe
    FirewallRules: [TCP Query User{AFEAE210-D55A-4EDB-A1DF-BAFC877C12A5}C:\games\fallout 4\fallout 4\fallout4.exe] => (Allow) C:\games\fallout 4\fallout 4\fallout4.exe
    FirewallRules: [UDP Query User{F59B7611-22F7-4EFB-957C-DDAFABE7D40A}C:\games\fallout 4\fallout 4\fallout4.exe] => (Allow) C:\games\fallout 4\fallout 4\fallout4.exe
    FirewallRules: [{BABA94F5-A4A7-4DFA-99B9-CA4F0EC36A88}] => (Allow) C:\Program Files\Vuze\Azureus.exe
    FirewallRules: [{401B80F4-B4D8-4BDE-A903-4FD42B2A9484}] => (Allow) C:\Program Files\Vuze\Azureus.exe
    FirewallRules: [{93FD922A-672B-4236-A584-F04F5FF7CB5B}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe
    FirewallRules: [{23CF5A77-A724-4B8F-9F72-A8A366213488}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe
    FirewallRules: [{4F16F6E6-DD3B-4E26-8D4F-16BEE6509FE7}] => (Allow) C:\Program Files (x86)\Bonjour\mDNSResponder.exe
    FirewallRules: [{630B31EC-94E9-411F-8A70-3C11DFCB7FB4}] => (Allow) C:\Program Files (x86)\Bonjour\mDNSResponder.exe
    FirewallRules: [{C31F06D9-338A-4256-8FA3-08757FF3785A}] => (Allow) C:\Program Files\iTunes\iTunes.exe
    FirewallRules: [{F744FC27-78F2-41F6-A67B-6B107F20ACD0}] => (Allow) C:\Program Files (x86)\AVG\Av\avgdiagex.exe
    FirewallRules: [{BCC9D13F-7605-497C-A367-35D6C5F62005}] => (Allow) C:\Program Files (x86)\AVG\Av\avgdiagex.exe
    FirewallRules: [{A8746BEF-7796-4BAB-AABC-B1522579B9F1}] => (Allow) C:\Program Files (x86)\AVG\Av\avgmfapx.exe
    FirewallRules: [{7DE9D94D-76D1-48FB-A6AA-2ED47982BD4A}] => (Allow) C:\Program Files (x86)\AVG\Av\avgmfapx.exe
    FirewallRules: [{679D4C64-C5E4-4AA7-AACF-CAE6E1AE18F7}] => (Allow) C:\Program Files (x86)\AVG\Av\avgnsa.exe
    FirewallRules: [{4511D2FF-D3E4-4CF3-BE67-BE6CE7C8FC70}] => (Allow) C:\Program Files (x86)\AVG\Av\avgnsa.exe
    FirewallRules: [{2B3EF2B6-B2B2-441F-AF19-9E6319AABDBC}] => (Allow) C:\Program Files (x86)\AVG\Av\avgdiagex.exe
    FirewallRules: [{BA9CB269-9745-4FE9-A2F9-90BC7D954AC4}] => (Allow) C:\Program Files (x86)\AVG\Av\avgdiagex.exe
    FirewallRules: [{F58FE3AC-0FBA-4A00-981F-134B90AD7F15}] => (Allow) C:\Program Files (x86)\AVG\Av\avgmfapx.exe
    FirewallRules: [{DFADB35C-A27F-4656-BEEF-F5807D8B8245}] => (Allow) C:\Program Files (x86)\AVG\Av\avgmfapx.exe
    FirewallRules: [{8BBA34DF-1156-4E19-9A7E-6250ECD6B7BA}] => (Allow) C:\Program Files (x86)\AVG\Av\avgemca.exe
    FirewallRules: [{01C8BC18-1216-471F-9AF2-9DAB7CA83110}] => (Allow) C:\Program Files (x86)\AVG\Av\avgemca.exe
    FirewallRules: [{61DEE219-351E-4345-8D0F-61D343E1447D}] => (Allow) C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe
    FirewallRules: [{940B6868-46A3-4A30-B667-8FD0146834A9}] => (Allow) C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe
    FirewallRules: [{CBBA7422-857A-4A15-ADF7-D5939404B538}] => (Allow) C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamNetworkService.exe
    FirewallRules: [{EDCC2CAC-5218-465D-A494-2F8BE2524271}] => (Allow) C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamNetworkService.exe
    FirewallRules: [{8770C85C-38E8-4A2E-99F8-B86E2A3FD2B6}] => (Allow) C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamUserAgent.exe
    FirewallRules: [{B94F19C2-9E17-458E-9BED-AB1A6350C8DB}] => (Allow) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamer.exe
    FirewallRules: [{48EAF331-FAE9-4144-91BB-18E0771111EE}] => (Allow) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamer.exe
    StandardProfile\AuthorizedApplications: [C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe] => Enabled:Spybot - Search & Destroy tray access
    StandardProfile\AuthorizedApplications: [C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe] => Enabled:Spybot-S&D 2 Scanner Service
    StandardProfile\AuthorizedApplications: [C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdate.exe] => Enabled:Spybot-S&D 2 Updater
    StandardProfile\AuthorizedApplications: [C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe] => Enabled:Spybot-S&D 2 Background update service

    ==================== Restore Points =========================

    17-01-2016 02:28:48 Removed Visual Studio 2012 x64 Redistributables
    20-01-2016 01:56:49 Installed Lenovo EasyCamera
    22-01-2016 17:23:17 Removed Ableton Live 9 Suite
    25-01-2016 00:57:26 Removed NVIDIA PhysX

    ==================== Faulty Device Manager Devices =============

    Name:
    Description:
    Class Guid:
    Manufacturer:
    Service:
    Problem: : The drivers for this device are not installed. (Code 28)
    Resolution: To install the drivers for this device, click "Update Driver", which starts the Hardware Update wizard.


    ==================== Event log errors: =========================

    Application errors:
    ==================
    Error: (01/25/2016 02:10:48 PM) (Source: SideBySide) (EventID: 33) (User: )
    Description: Activation context generation failed for "Microsoft.VC90.MFC,processorArchitecture="x86",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="9.0.21022.8"1".
    Dependent Assembly Microsoft.VC90.MFC,processorArchitecture="x86",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="9.0.21022.8" could not be found.
    Please use sxstrace.exe for detailed diagnosis.

    Error: (01/25/2016 02:10:47 PM) (Source: SideBySide) (EventID: 33) (User: )
    Description: Activation context generation failed for "Microsoft.VC90.MFC,processorArchitecture="x86",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="9.0.21022.8"1".
    Dependent Assembly Microsoft.VC90.MFC,processorArchitecture="x86",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="9.0.21022.8" could not be found.
    Please use sxstrace.exe for detailed diagnosis.

    Error: (01/25/2016 02:10:46 PM) (Source: SideBySide) (EventID: 33) (User: )
    Description: Activation context generation failed for "Microsoft.VC90.MFC,processorArchitecture="x86",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="9.0.21022.8"1".
    Dependent Assembly Microsoft.VC90.MFC,processorArchitecture="x86",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="9.0.21022.8" could not be found.
    Please use sxstrace.exe for detailed diagnosis.

    Error: (01/25/2016 02:10:41 PM) (Source: SideBySide) (EventID: 33) (User: )
    Description: Activation context generation failed for "Microsoft.VC90.ATL,processorArchitecture="x86",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="9.0.21022.8"1".
    Dependent Assembly Microsoft.VC90.ATL,processorArchitecture="x86",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="9.0.21022.8" could not be found.
    Please use sxstrace.exe for detailed diagnosis.

    Error: (01/25/2016 02:10:30 PM) (Source: Application Error) (EventID: 1000) (User: )
    Description: Faulting application name: avgui.exe, version: 16.31.0.7357, time stamp: 0x568f94e5
    Faulting module name: mfc110u.dll, version: 6.3.9600.18185, time stamp: 0x5683eff4
    Exception code: 0xc0000135
    Fault offset: 0x0009d5b2
    Faulting process id: 0x1a00
    Faulting application start time: 0xavgui.exe0
    Faulting application path: avgui.exe1
    Faulting module path: avgui.exe2
    Report Id: avgui.exe3
    Faulting package full name: avgui.exe4
    Faulting package-relative application ID: avgui.exe5

    Error: (01/25/2016 02:10:23 PM) (Source: Application Error) (EventID: 1000) (User: )
    Description: Faulting application name: BTServer.exe, version: 1.0.85.1, time stamp: 0x52ca48cc
    Faulting module name: mfc110u.dll, version: 6.3.9600.18185, time stamp: 0x5683f0c5
    Exception code: 0xc0000135
    Fault offset: 0x00000000000ec580
    Faulting process id: 0x1784
    Faulting application start time: 0xBTServer.exe0
    Faulting application path: BTServer.exe1
    Faulting module path: BTServer.exe2
    Report Id: BTServer.exe3
    Faulting package full name: BTServer.exe4
    Faulting package-relative application ID: BTServer.exe5

    Error: (01/25/2016 02:09:56 PM) (Source: Application Error) (EventID: 1000) (User: )
    Description: Faulting application name: avgnsa.exe, version: 16.31.0.7357, time stamp: 0x568f94c9
    Faulting module name: MSVCP110.dll, version: 6.3.9600.18185, time stamp: 0x5683f0c5
    Exception code: 0xc0000135
    Fault offset: 0x00000000000ec580
    Faulting process id: 0xa64
    Faulting application start time: 0xavgnsa.exe0
    Faulting application path: avgnsa.exe1
    Faulting module path: avgnsa.exe2
    Report Id: avgnsa.exe3
    Faulting package full name: avgnsa.exe4
    Faulting package-relative application ID: avgnsa.exe5

    Error: (01/25/2016 02:09:56 PM) (Source: Application Error) (EventID: 1000) (User: )
    Description: Faulting application name: avgemca.exe, version: 16.31.0.7357, time stamp: 0x568f9464
    Faulting module name: MSVCP110.dll, version: 6.3.9600.18185, time stamp: 0x5683f0c5
    Exception code: 0xc0000135
    Fault offset: 0x00000000000ec580
    Faulting process id: 0xa70
    Faulting application start time: 0xavgemca.exe0
    Faulting application path: avgemca.exe1
    Faulting module path: avgemca.exe2
    Report Id: avgemca.exe3
    Faulting package full name: avgemca.exe4
    Faulting package-relative application ID: avgemca.exe5

    Error: (01/25/2016 01:19:16 PM) (Source: SideBySide) (EventID: 33) (User: )
    Description: Activation context generation failed for "Microsoft.VC90.MFC,processorArchitecture="x86",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="9.0.21022.8"1".
    Dependent Assembly Microsoft.VC90.MFC,processorArchitecture="x86",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="9.0.21022.8" could not be found.
    Please use sxstrace.exe for detailed diagnosis.

    Error: (01/25/2016 12:01:31 PM) (Source: SideBySide) (EventID: 33) (User: )
    Description: Activation context generation failed for "Microsoft.VC90.MFC,processorArchitecture="x86",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="9.0.21022.8"1".
    Dependent Assembly Microsoft.VC90.MFC,processorArchitecture="x86",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="9.0.21022.8" could not be found.
    Please use sxstrace.exe for detailed diagnosis.


    System errors:
    =============
    Error: (01/25/2016 02:10:41 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
    Description: The Power Manager DBC Service service failed to start due to the following error:
    %%14001

    Error: (01/25/2016 02:09:52 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
    Description: The AVG Service service failed to start due to the following error:
    %%1053

    Error: (01/25/2016 02:09:52 PM) (Source: Service Control Manager) (EventID: 7009) (User: )
    Description: A timeout was reached (30000 milliseconds) while waiting for the AVG Service service to connect.

    Error: (01/25/2016 01:18:43 AM) (Source: Service Control Manager) (EventID: 7000) (User: )
    Description: The Power Manager DBC Service service failed to start due to the following error:
    %%14001

    Error: (01/25/2016 01:18:07 AM) (Source: Service Control Manager) (EventID: 7000) (User: )
    Description: The AVG Service service failed to start due to the following error:
    %%1053

    Error: (01/25/2016 01:18:07 AM) (Source: Service Control Manager) (EventID: 7009) (User: )
    Description: A timeout was reached (30000 milliseconds) while waiting for the AVG Service service to connect.

    Error: (01/25/2016 01:05:45 AM) (Source: Service Control Manager) (EventID: 7000) (User: )
    Description: The Power Manager DBC Service service failed to start due to the following error:
    %%14001

    Error: (01/25/2016 01:03:08 AM) (Source: Service Control Manager) (EventID: 7000) (User: )
    Description: The AVG Service service failed to start due to the following error:
    %%1053

    Error: (01/25/2016 01:03:08 AM) (Source: Service Control Manager) (EventID: 7009) (User: )
    Description: A timeout was reached (30000 milliseconds) while waiting for the AVG Service service to connect.

    Error: (01/25/2016 12:39:13 AM) (Source: Service Control Manager) (EventID: 7000) (User: )
    Description: The Power Manager DBC Service service failed to start due to the following error:
    %%14001


    CodeIntegrity:
    ===================================
    Date: 2016-01-25 14:12:33.220
    Description: Code Integrity determined that a process (\Device\HarddiskVolume5\Program Files (x86)\AVG\Av\avgidsagent.exe) attempted to load \Device\HarddiskVolume5\Program Files (x86)\Bonjour\mdnsNSP.dll that did not meet the Custom 3 / Antimalware signing level requirements.

    Date: 2016-01-25 14:12:33.080
    Description: Code Integrity determined that a process (\Device\HarddiskVolume5\Program Files (x86)\AVG\Av\avgidsagent.exe) attempted to load \Device\HarddiskVolume5\Program Files (x86)\Bonjour\mdnsNSP.dll that did not meet the Custom 3 / Antimalware signing level requirements.

    Date: 2016-01-25 14:12:21.191
    Description: Code Integrity determined that a process (\Device\HarddiskVolume5\Program Files (x86)\AVG\Av\avgidsagent.exe) attempted to load \Device\HarddiskVolume5\Program Files (x86)\Bonjour\mdnsNSP.dll that did not meet the Custom 3 / Antimalware signing level requirements.

    Date: 2016-01-25 14:12:21.035
    Description: Code Integrity determined that a process (\Device\HarddiskVolume5\Program Files (x86)\AVG\Av\avgidsagent.exe) attempted to load \Device\HarddiskVolume5\Program Files (x86)\Bonjour\mdnsNSP.dll that did not meet the Custom 3 / Antimalware signing level requirements.

    Date: 2016-01-25 14:09:43.301
    Description: Code Integrity determined that a process (\Device\HarddiskVolume5\Program Files (x86)\AVG\Av\avgidsagent.exe) attempted to load \Device\HarddiskVolume5\Program Files (x86)\AVG\Framework\Common\avgfmwbasex.dll that did not meet the Custom 3 / Antimalware signing level requirements.

    Date: 2016-01-25 14:00:03.149
    Description: Code Integrity determined that a process (\Device\HarddiskVolume5\Program Files (x86)\AVG\Av\avgidsagent.exe) attempted to load \Device\HarddiskVolume5\Program Files (x86)\Bonjour\mdnsNSP.dll that did not meet the Custom 3 / Antimalware signing level requirements.

    Date: 2016-01-25 14:00:02.993
    Description: Code Integrity determined that a process (\Device\HarddiskVolume5\Program Files (x86)\AVG\Av\avgidsagent.exe) attempted to load \Device\HarddiskVolume5\Program Files (x86)\Bonjour\mdnsNSP.dll that did not meet the Custom 3 / Antimalware signing level requirements.

    Date: 2016-01-25 13:57:33.659
    Description: Code Integrity determined that a process (\Device\HarddiskVolume5\Program Files (x86)\AVG\Av\avgidsagent.exe) attempted to load \Device\HarddiskVolume5\Program Files (x86)\Bonjour\mdnsNSP.dll that did not meet the Custom 3 / Antimalware signing level requirements.

    Date: 2016-01-25 13:57:33.478
    Description: Code Integrity determined that a process (\Device\HarddiskVolume5\Program Files (x86)\AVG\Av\avgidsagent.exe) attempted to load \Device\HarddiskVolume5\Program Files (x86)\Bonjour\mdnsNSP.dll that did not meet the Custom 3 / Antimalware signing level requirements.

    Date: 2016-01-25 13:57:21.510
    Description: Code Integrity determined that a process (\Device\HarddiskVolume5\Program Files (x86)\AVG\Av\avgidsagent.exe) attempted to load \Device\HarddiskVolume5\Program Files (x86)\Bonjour\mdnsNSP.dll that did not meet the Custom 3 / Antimalware signing level requirements.


    ==================== Memory info ===========================

    Processor: Intel(R) Core(TM) i7-4510U CPU @ 2.00GHz
    Percentage of memory in use: 29%
    Total physical RAM: 8084.27 MB
    Available physical RAM: 5677.54 MB
    Total Virtual: 9364.27 MB
    Available Virtual: 6709.74 MB

    ==================== Drives ================================

    Drive c: (Windows8_OS) (Fixed) (Total:889.49 GB) (Free:479.05 GB) NTFS ==>[system with boot components (obtained from drive)]
    Drive d: (LENOVO) (Fixed) (Total:25 GB) (Free:22.72 GB) NTFS

    ==================== MBR & Partition Table ==================

    ========================================================
    Disk: 0 (Size: 931.5 GB) (Disk ID: 64E46442)

    Partition: GPT.

    ==================== End of Addition.txt ============================

    Checkup.txt:


    Results of screen317's Security Check version 1.009
    x64 (UAC is enabled)
    Internet Explorer 11
    ``````````````Antivirus/Firewall Check:``````````````
    Windows Firewall Enabled!
    Windows Defender
    WMI entry may not exist for antivirus; attempting automatic update.
    `````````Anti-malware/Other Utilities Check:`````````
    Spybot - Search & Destroy
    Java 8 Update 71
    Java version 32-bit out of Date!
    Adobe Flash Player 20.0.0.286
    Mozilla Firefox (43.0.4)
    ````````Process Check: objlist.exe by Laurent````````
    Spybot Teatimer.exe is disabled!
    `````````````````System Health check`````````````````
    Total Fragmentation on Drive C: %
    ````````````````````End of Log``````````````````````


    • Ad Bot

      advertising
      Beep.

        
       

  2. #2
    Corrine's Avatar
    Join Date
    Feb 2012
    Location
    Upstate, NY
    Posts
    8,470

    Re: Heuristic.Reserved.Word.Exploit malware?

    Hi, SuchSmartMonkeys.

    With all the tools you've run, you have certainly been busy. However, not all the tools you tried are still supported or compatible with Windows 8.1 and could actually damage your computer.

    1. IMPORTANT: Since you cannot get AVG to launch, I'll include any AVG entries in the script. First, uninstall AVG Protection (HKLM\...\AVG) (Version: 2016.31.7357 - AVG Technologies). Next, either download a fresh copy of AVG to install after running the script with FRST below or make sure Windows Defender is working. If you are using a licensed version of AVG, be sure to note the license information first.

    2. Please do the following to run FRST:

    Note: If the tool warns you about the version you're using being an outdated version please download and run the updated version.

    NOTICE: This script was written specifically for this user. Running it on another machine may cause damage to your operating system
    • Open Notepad (Start =>All Programs => Accessories => Notepad).
    • Copy/Paste the entire contents of the code box below into Notepad.
    Code:
    start
    CreateRestorePoint:
    CloseProcesses:
    CHR HKLM\SOFTWARE\Policies\Google: Restriction <======= ATTENTION
    CHR HKU\S-1-5-21-3574037338-378681773-173497233-1001\SOFTWARE\Policies\Google: Restriction <======= ATTENTION
    CHR HKU\S-1-5-21-3574037338-378681773-173497233-1002\SOFTWARE\Policies\Google: Restriction <======= ATTENTION
    CHR dev: Chrome dev build detected! <======= ATTENTION
    S3 avchv; \SystemRoot\system32\DRIVERS\avchv.sys [X]
    S3 RSUSBVSTOR; \SystemRoot\System32\Drivers\RtsUVStor.sys [X]
    2016-01-25 13:14 - 2016-01-25 13:15 - 05652316 _____ (Swearware) C:\Users\Lorn\Desktop\ComboFix.exe
    2016-01-25 15:33 - 2014-11-25 16:11 - 00000000 ____D C:\ProgramData\AVG
    2016-01-25 15:33 - 2014-11-25 15:00 - 00000000 ____D C:\Program Files (x86)\AVG
    2016-01-25 15:32 - 2015-10-28 16:20 - 00000000 ____D C:\Users\Lorn\AppData\Local\AvgSetupLog
    2016-01-25 15:04 - 2014-11-25 16:15 - 00000000 ____D C:\Users\Lorn\AppData\Local\Avg
    2016-01-13 13:28 - 2014-11-25 16:16 - 00000000 ____D C:\Users\Lorn\AppData\Roaming\AVG
    2016-01-11 14:01 - 2015-08-05 17:55 - 00000000 ____D C:\ProgramData\AVG2015
    2016-01-11 14:00 - 2015-08-05 17:49 - 00000000 ____D C:\Users\Lorn\AppData\Local\Avg2015
    AVG (HKLM\...\AvgZen) (Version: 1.31.1.48846 - AVG Technologies)
    AVG (Version: 16.31.7357 - AVG Technologies) Hidden
    AVG 2016 (Version: 16.0.4522 - AVG Technologies) Hidden
    AVG Zen (Version: 1.31.9 - AVG Technologies) Hidden
    C:\Program Files (x86)\AVG
    AlternateDataStreams: C:\Windows:nlsPreferences
    AlternateDataStreams: C:\Users\Lorn\AppData\Local\BFtVASs5XROXX:R2vy4coCe7tOEQpFccqUc
    AlternateDataStreams: C:\Users\Lorn\AppData\Local\Jg3dtCJmqaLILUt:fQJ7RA7MnG3hUP6mBCUPzJ
    AlternateDataStreams: C:\Users\Lorn\AppData\Local\Temp47ue6TnehOBcOR8z1SUsbV
    AlternateDataStreams: C:\Users\Lorn\AppData\Local\Temporary Internet Files:vJBOpqDvv08GCZfdUllCW5BNOU3
    AlternateDataStreams: C:\Users\Lorn\AppData\Local\Temporary Internet Files:wLgppMlrHer0eCHB3v5UqAp
    EmptyTemp:
    end
    • Click Format and ensure Wordwrap is unchecked.
    • Important: Save the code to the same folder/directory that FRST.exe is located in, naming it as fixlist.txt
    • Start FRST in a similar manner to when you ran a scan earlier, but this time when it opens ....
      • Press the Fix button once and wait.
      • FRST will process fixlist.txt
      • When finished, it will produce a log fixlog.txt in the same folder/directory as FRST64.exe
      • Please post the log in your next reply.


    Take a walk through the "Security Garden" -- Where Everything is Coming up Roses!

    Remember - A day without laughter is a day wasted.
    May the wind sing to you and the sun rise in your heart.

  3. #3

    Re: Heuristic.Reserved.Word.Exploit malware?

    Hey Corrine, Thank you very much for taking the time to work with me on this problem! I followed your instructions: I uninstalled AVG Protection, and downloaded a fresh copy of it to install after running the FRST fix. I ran FRST fix as you instructed, and will post the fixlog.txt below. Upon completion it prompted me to restart my computer, and I still got the BTServer.exe and RunDLL errors (but not the AVG errors) upon reaching my desktop. Attempting to install AVG again after running the fix, i still receive the same error message as before from the AVG installer which is: ! Installation Failed Sorry, we're experiencing a problem during initialization. Please try again, and if the issue persists, contact customer support for help. Error Code: 0xC0070643 Description: Event exec_finished

    The fixlog.txt reads:

    Fix result of Farbar Recovery Scan Tool (x64) Version:25-01-2016
    Ran by Lorn (2016-01-25 23:38:23) Run:1
    Running from C:\Users\Lorn\Desktop
    Loaded Profiles: UpdatusUser & Lorn (Available Profiles: UpdatusUser & Lorn & pooter)
    Boot Mode: Normal
    ==============================================

    fixlist content:
    *****************
    start
    CreateRestorePoint:
    CloseProcesses:
    CHR HKLM\SOFTWARE\Policies\Google: Restriction <======= ATTENTION
    CHR HKU\S-1-5-21-3574037338-378681773-173497233-1001\SOFTWARE\Policies\Google: Restriction <======= ATTENTION
    CHR HKU\S-1-5-21-3574037338-378681773-173497233-1002\SOFTWARE\Policies\Google: Restriction <======= ATTENTION
    CHR dev: Chrome dev build detected! <======= ATTENTION
    S3 avchv; \SystemRoot\system32\DRIVERS\avchv.sys [X]
    S3 RSUSBVSTOR; \SystemRoot\System32\Drivers\RtsUVStor.sys [X]
    2016-01-25 13:14 - 2016-01-25 13:15 - 05652316 _____ (Swearware) C:\Users\Lorn\Desktop\ComboFix.exe
    2016-01-25 15:33 - 2014-11-25 16:11 - 00000000 ____D C:\ProgramData\AVG
    2016-01-25 15:33 - 2014-11-25 15:00 - 00000000 ____D C:\Program Files (x86)\AVG
    2016-01-25 15:32 - 2015-10-28 16:20 - 00000000 ____D C:\Users\Lorn\AppData\Local\AvgSetupLog
    2016-01-25 15:04 - 2014-11-25 16:15 - 00000000 ____D C:\Users\Lorn\AppData\Local\Avg
    2016-01-13 13:28 - 2014-11-25 16:16 - 00000000 ____D C:\Users\Lorn\AppData\Roaming\AVG
    2016-01-11 14:01 - 2015-08-05 17:55 - 00000000 ____D C:\ProgramData\AVG2015
    2016-01-11 14:00 - 2015-08-05 17:49 - 00000000 ____D C:\Users\Lorn\AppData\Local\Avg2015
    AVG (HKLM\...\AvgZen) (Version: 1.31.1.48846 - AVG Technologies)
    AVG (Version: 16.31.7357 - AVG Technologies) Hidden
    AVG 2016 (Version: 16.0.4522 - AVG Technologies) Hidden
    AVG Zen (Version: 1.31.9 - AVG Technologies) Hidden
    C:\Program Files (x86)\AVG
    AlternateDataStreams: C:\Windows:nlsPreferences
    AlternateDataStreams: C:\Users\Lorn\AppData\Local\BFtVASs5XROXX:R2vy4coCe7tOEQpFccqUc
    AlternateDataStreams: C:\Users\Lorn\AppData\Local\Jg3dtCJmqaLILUt:fQJ7RA7MnG3hUP6mBCUPzJ
    AlternateDataStreams: C:\Users\Lorn\AppData\Local\Temp47ue6TnehOBcOR8z1SUsbV
    AlternateDataStreams: C:\Users\Lorn\AppData\Local\Temporary Internet Files:vJBOpqDvv08GCZfdUllCW5BNOU3
    AlternateDataStreams: C:\Users\Lorn\AppData\Local\Temporary Internet Files:wLgppMlrHer0eCHB3v5UqAp
    EmptyTemp:
    end
    *****************

    Restore point was successfully created.
    Processes closed successfully.
    "HKLM\SOFTWARE\Policies\Google" => key removed successfully
    "HKU\S-1-5-21-3574037338-378681773-173497233-1001\SOFTWARE\Policies\Google" => key removed successfully
    "HKU\S-1-5-21-3574037338-378681773-173497233-1002\SOFTWARE\Policies\Google" => key removed successfully
    CHR dev: Chrome dev build detected! <======= ATTENTION => Error: No automatic fix found for this entry.
    avchv => service removed successfully
    RSUSBVSTOR => service removed successfully
    "C:\Users\Lorn\Desktop\ComboFix.exe" => not found.
    C:\ProgramData\AVG => moved successfully
    C:\Program Files (x86)\AVG => moved successfully
    C:\Users\Lorn\AppData\Local\AvgSetupLog => moved successfully
    C:\Users\Lorn\AppData\Local\Avg => moved successfully
    C:\Users\Lorn\AppData\Roaming\AVG => moved successfully
    C:\ProgramData\AVG2015 => moved successfully
    C:\Users\Lorn\AppData\Local\Avg2015 => moved successfully
    AVG (HKLM\...\AvgZen) (Version: 1.31.1.48846 - AVG Technologies) => Error: No automatic fix found for this entry.
    HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\\SystemComponent => value not found.
    HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\\SystemComponent => value not found.
    HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\\SystemComponent => value not found.
    "C:\Program Files (x86)\AVG" => not found.
    C:\Windows => ":nlsPreferences" ADS removed successfully.
    C:\Users\Lorn\AppData\Local\BFtVASs5XROXX => ":R2vy4coCe7tOEQpFccqUc" ADS removed successfully.
    C:\Users\Lorn\AppData\Local\Jg3dtCJmqaLILUt => ":fQJ7RA7MnG3hUP6mBCUPzJ" ADS removed successfully.
    "AlternateDataStreams: C:\Users\Lorn\AppData\Local\Temp47ue6TnehOBcOR8z1SUsbV" => "AlternateDataStreams: C:\Users\Lorn\AppData\Local\Temp47ue6TnehOBcOR8z1SUsbV" ADS not found.
    "C:\Users\Lorn\AppData\Local\Temporary Internet Files" => ":vJBOpqDvv08GCZfdUllCW5BNOU3" ADS not found.
    "C:\Users\Lorn\AppData\Local\Temporary Internet Files" => ":wLgppMlrHer0eCHB3v5UqAp" ADS not found.
    EmptyTemp: => 929.6 MB temporary data Removed.


    The system needed a reboot.

    ==== End of Fixlog 23:41:02 ====

  4. #4
    Corrine's Avatar
    Join Date
    Feb 2012
    Location
    Upstate, NY
    Posts
    8,470

    Re: Heuristic.Reserved.Word.Exploit malware?

    For AVG, please download and run the AVG Remover from here: AVG Support tools and utilities | AVG Worldwide. Then download and install a fresh copy of AVG via this link: Download and install AVG AntiVirus Free | AVG

    The BTServer.exe error you are receiving for the missing .dll is for the Realtek Bluetooth software. I suggest you go to the Lenovo Support site to get the latest version. I believe this link may be correct: Laptops and netbooks :: Lenovo Z Series laptops :: Lenovo Z40 70 - Lenovo Support (US).

    Please let us know how you make out.


    Take a walk through the "Security Garden" -- Where Everything is Coming up Roses!

    Remember - A day without laughter is a day wasted.
    May the wind sing to you and the sun rise in your heart.

Similar Threads

  1. Replies: 0
    Last Post: 10-31-2015, 01:51 AM
  2. Replies: 0
    Last Post: 07-13-2012, 08:07 PM
  3. New Java Exploit to Debut in BlackHole Exploit Kits
    By satrow in forum Security News
    Replies: 0
    Last Post: 07-05-2012, 12:39 PM
  4. Replies: 0
    Last Post: 06-21-2012, 04:16 AM

Log in

Log in