FRST file:
Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 22-02-2017 01
Ran by Kayla (administrator) on KAYLA-PC (22-02-2017 16:03:34)
Running from C:\Users\Kayla\Downloads
Loaded Profiles: Kayla (Available Profiles: Kayla)
Platform: Windows 10 Home Version 1607 (X64) Language: English (United States)
Internet Explorer Version 11 (Default browser: Chrome)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/33 ... scan-tool/
==================== Processes (Whitelisted) =================
(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
(Intel Corporation) C:\Windows\System32\igfxCUIService.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RtkAudioService64.exe
(AVAST Software) C:\Program Files\AVAST Software\Avast\AvastSvc.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(Intel Corporation) C:\Windows\System32\DptfPolicyConfigTDPService.exe
(Intel Corporation) C:\Windows\System32\ibtsiva.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Bluetooth\ibtrksrv.exe
(MarkAny) C:\Windows\ImageSAFERSvc.exe
(Intel Corporation) C:\Windows\System32\DptfPolicyCriticalService.exe
(Intel Corporation) C:\Windows\System32\DptfPolicyLpmService.exe
(Apple Inc.) C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(Intel Corporation) C:\Windows\System32\DptfParticipantProcessorService.exe
(Lenovo) C:\Program Files (x86)\Lenovo\Lenovo Smart Voice\LsvUIService.exe
(Malwarebytes) C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe
(Intel(R) Corporation) C:\Program Files\Intel\iCLS Client\HeciServer.exe
(PointGrab LTD) C:\Program Files (x86)\Lenovo\Motion Control\PGService.exe
(Lenovo) C:\Program Files\Lenovo Yoga PhoneCompanion\PhoneCompanionPusher.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnhService.exe
() C:\Program Files\CyberLink\Shared files\RichVideo64.exe
(Lenovo) C:\ProgramData\LenovoTransition\Server\x64\ymc.exe
(MarkAny) C:\Windows\System32\ImageSAFERStart_X86.exe
(MarkAny) C:\Windows\System32\ImageSAFERStart_X64.exe
(AVAST Software s.r.o.) C:\Program Files\AVAST Software\Avast\x64\aswidsagenta.exe
(Intel Corporation) C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe
(Google Inc.) C:\Program Files (x86)\Google\Update\1.3.32.7\GoogleCrashHandler.exe
(Google Inc.) C:\Program Files (x86)\Google\Update\1.3.32.7\GoogleCrashHandler64.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
(Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v3.0\WPF\PresentationFontCache.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
(Intel Corporation) C:\Windows\System32\igfxEM.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
(Intel Corporation) C:\Windows\System32\igfxHK.exe
() C:\Windows\System32\igfxTray.exe
(Microsoft Corporation) C:\Program Files\WindowsApps\Microsoft.MicrosoftStickyNotes_1.4.7.0_x64__8wekyb3d8bbwe\Microsoft.StickyNotes.exe
() C:\Program Files\WindowsApps\Microsoft.SkypeApp_11.11.110.0_x64__kzf8qxf38zg5c\SkypeHost.exe
(Intel Corporation) C:\Windows\System32\DptfPolicyLpmServiceHelper.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe
(Realtek semiconductor) C:\Windows\RTFTrack.exe
(Lenovo) C:\Program Files\Lenovo Yoga PhoneCompanion\Yoga Phone Companion.exe
() C:\Program Files (x86)\Lenovo\Lenovo Transition\Transition.exe
(Lenovo(beijing) Limited) C:\Program Files (x86)\Lenovo\Energy Manager\Energy Manager.exe
() C:\Program Files (x86)\Lenovo\Lenovo Transition\TransitionServer.exe
(Lenovo) C:\Program Files (x86)\Lenovo\Lenovo Smart Voice\LsvTrayLoad.exe
(Lenovo(beijing) Limited) C:\Program Files (x86)\Lenovo\Energy Manager\utility.exe
(Lenovo) C:\Program Files (x86)\Lenovo\Lenovo Smart Voice\LsvController.exe
(Malwarebytes) C:\Program Files\Malwarebytes\Anti-Malware\mbamtray.exe
(Kakao Corp. ) C:\Program Files (x86)\Kakao\KakaoTalk\KakaoTalk.exe
(AVAST Software) C:\Program Files\AVAST Software\Avast\avastui.exe
(Microsoft Corporation) C:\Windows\System32\InstallAgent.exe
(Microsoft Corporation) C:\Windows\System32\InstallAgentUserBroker.exe
(Intel Corporation) C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe
(Microsoft Corporation) C:\Windows\System32\SettingSyncHost.exe
(Microsoft Corporation) C:\Program Files\WindowsApps\Microsoft.ZuneMusic_10.16122.10271.0_x64__8wekyb3d8bbwe\Music.UI.exe
() C:\Program Files\WindowsApps\Microsoft.Windows.Photos_16.1118.10000.0_x64__8wekyb3d8bbwe\Microsoft.Photos.exe
() C:\Program Files\WindowsApps\Microsoft.WindowsCalculator_10.1702.312.0_x64__8wekyb3d8bbwe\Calculator.exe
(Microsoft Corporation) C:\Program Files\WindowsApps\Microsoft.ZuneVideo_10.16122.10291.0_x64__8wekyb3d8bbwe\Video.UI.exe
() C:\Program Files\Lenovo Yoga PhoneCompanion\adb.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
==================== Registry (Whitelisted) ====================
(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
HKLM\...\Run: [DptfPolicyLpmServiceHelper] => C:\WINDOWS\system32\DptfPolicyLpmServiceHelper.exe [111976 2013-08-03] (Intel Corporation)
HKLM\...\Run: [RtHDVCpl] => C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [13653208 2013-09-13] (Realtek Semiconductor)
HKLM\...\Run: [RtHDVBg_Dolby] => C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe [1321688 2013-08-30] (Realtek Semiconductor)
HKLM\...\Run: [RtsFT] => C:\WINDOWS\RTFTrack.exe [6340312 2013-07-19] (Realtek semiconductor)
HKLM\...\Run: [IgfxTray] => C:\windows\system32\igfxtray.exe [401896 2016-11-01] ()
HKLM\...\Run: [IAStorIcon] => C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe [287592 2013-08-07] (Intel Corporation)
HKLM\...\Run: [Yoga PhoneCompanion] => C:\Program Files\Lenovo Yoga PhoneCompanion\Yoga Phone Companion.exe [844304 2016-02-13] (Lenovo)
HKLM\...\Run: [AutoStartTransition] => C:\Program Files (x86)\Lenovo\Lenovo Transition\Transition.exe [294672 2016-02-13] ()
HKLM\...\Run: [Energy Manager] => C:\Program Files (x86)\Lenovo\Energy Manager\Energy Manager.exe [59925488 2016-02-13] (Lenovo(beijing) Limited)
HKLM\...\Run: [Lenovo Utility] => C:\Program Files (x86)\Lenovo\Energy Manager\Utility.exe [80880 2016-02-13] (Lenovo(beijing) Limited)
HKLM\...\Run: [SynTPEnh] => C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [3944136 2015-06-02] (Synaptics Incorporated)
HKLM\...\Run: [Logitech Download Assistant] => C:\Windows\system32\rundll32.exe C:\Windows\System32\LogiLDA.dll,LogiFetch
HKLM\...\Run: [Malwarebytes TrayApp] => C:\PROGRAM FILES\MALWAREBYTES\ANTI-MALWARE\mbamtray.exe [2780112 2017-01-20] (Malwarebytes)
HKLM\...\Run: [iTunesHelper] => C:\Program Files\iTunes\iTunesHelper.exe [176440 2017-01-19] (Apple Inc.)
HKLM-x32\...\Run: [Lenovo App Shop] => C:\Program Files (x86)\Lenovo\LenovoAppShop\bin\ismagent.exe [156000 2013-07-18] (Intel Corporation)
HKLM-x32\...\Run: [Yoga Picks] => C:\Program Files (x86)\Lenovo\Yoga Picks\Yoga Picks.exe [90640 2013-07-09] (Lenovo)
HKLM-x32\...\Run: [AvastUI.exe] => C:\Program Files\AVAST Software\Avast\AvLaunch.exe [205512 2017-02-22] (AVAST Software)
HKU\S-1-5-21-3778868831-2437984709-597761506-1001\...\Run: [KakaoTalk] => C:\Program Files (x86)\Kakao\KakaoTalk\KakaoTalk.exe [7757120 2017-02-20] (Kakao Corp. )
HKU\S-1-5-21-3778868831-2437984709-597761506-1001\...\Run: [Google Update] => C:\Users\Kayla\AppData\Local\Google\Update\1.3.32.7\GoogleUpdateCore.exe [601752 2016-12-16] (Google Inc.)
HKU\S-1-5-21-3778868831-2437984709-597761506-1001\...\Run: [GoogleDriveSync] => C:\Program Files (x86)\Google\Drive\googledrivesync.exe [23818360 2016-11-30] (Google)
HKU\S-1-5-21-3778868831-2437984709-597761506-1001\...\Run: [Steam] => C:\Program Files (x86)\Steam\steam.exe [2860832 2016-10-12] (Valve Corporation)
HKU\S-1-5-21-3778868831-2437984709-597761506-1001\...\Run: [Skype] => C:\Program Files (x86)\Skype\Phone\Skype.exe [27427808 2017-01-23] (Skype Technologies S.A.)
HKU\S-1-5-21-3778868831-2437984709-597761506-1001\...\Run: [RESTART_STICKY_NOTES] => C:\Windows\System32\StikyNot.exe
HKU\S-1-5-21-3778868831-2437984709-597761506-1001\...\Run: [Upwork] => C:\Program Files (x86)\Upwork\upwork.exe [2267912 2016-08-19] ()
HKU\S-1-5-21-3778868831-2437984709-597761506-1001\Control Panel\Desktop\\SCRNSAVE.EXE -> C:\windows\system32\scrnsave.scr [37376 2016-07-16] (Microsoft Corporation)
HKU\S-1-5-18\...\RunOnce: [Application Restart #1] => C:\Program Files\Common Files\microsoft shared\ink\TabTip.exe [371928 2016-07-16] (Microsoft Corporation)
ShellIconOverlayIdentifiers: [ GoogleDriveBlacklisted] -> {81539FE6-33C7-4CE7-90C7-1C7B8F2F2D42} => C:\Program Files (x86)\Google\Drive\googledrivesync64.dll [2016-11-30] (Google)
ShellIconOverlayIdentifiers: [ GoogleDriveSynced] -> {81539FE6-33C7-4CE7-90C7-1C7B8F2F2D40} => C:\Program Files (x86)\Google\Drive\googledrivesync64.dll [2016-11-30] (Google)
ShellIconOverlayIdentifiers: [ GoogleDriveSyncing] -> {81539FE6-33C7-4CE7-90C7-1C7B8F2F2D41} => C:\Program Files (x86)\Google\Drive\googledrivesync64.dll [2016-11-30] (Google)
ShellIconOverlayIdentifiers: [00asw] -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Program Files\AVAST Software\Avast\ashShA64.dll [2017-02-22] (AVAST Software)
Startup: C:\Users\Kayla\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Slack.lnk [2016-09-20]
ShortcutTarget: Slack.lnk -> C:\Users\Kayla\AppData\Local\slack\Update.exe ()
==================== Internet (Whitelisted) ====================
(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
Tcpip\Parameters: [DhcpNameServer] 192.168.1.1
Tcpip\..\Interfaces\{d817da39-a1aa-4fe0-89d1-f37ebb3cc80b}: [DhcpNameServer] 192.168.1.1
Internet Explorer:
==================
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
HKU\S-1-5-21-3778868831-2437984709-597761506-1001\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://lenovo13.msn.com/?pc=LCJB
HKU\S-1-5-21-3778868831-2437984709-597761506-1001\Software\Microsoft\Internet Explorer\Main,Secondary Start Pages = hxxp://home.lenovo.com
SearchScopes: HKU\S-1-5-21-3778868831-2437984709-597761506-1001 -> DefaultScope {5643A7D9-8DED-47EA-AD54-8EB8C4298D32} URL =
SearchScopes: HKU\S-1-5-21-3778868831-2437984709-597761506-1001 -> {5643A7D9-8DED-47EA-AD54-8EB8C4298D32} URL =
DPF: HKLM-x32 {1219B6C3-CD4D-4243-9A4F-4C9F12FCC6E7} hxxps://ck.softforum.co.kr/CKKeyPro/yes ... roInst.cab
DPF: HKLM-x32 {477D5B9A-6479-44F8-9718-9340119B0308} hxxp://bank.keb.co.kr/veraport/down/veraport20.cab
DPF: HKLM-x32 {4F4BF502-1F0B-4955-9F48-16A71C8B53C5} hxxp://home.kobus.co.kr/download/MAOnFP ... _KOBUS.cab
DPF: HKLM-x32 {6CE20149-ABE3-462E-A1B4-5B549971AA38} C:\Users\Kayla\AppData\Local\Temp\4113861\TouchEnkey_Installer_32bit_3.1.0.34.exe
DPF: HKLM-x32 {B0A75875-3622-48BA-B5FF-45AD77AC2D0E} hxxps://www.bankpay.or.kr/BankPayEFT.cab
DPF: HKLM-x32 {C1143E84-B2B1-473B-9F20-E62DD754FCAF}
DPF: HKLM-x32 {E42F7FEB-DE20-43F4-A342-47F1DA77F667} hxxp://pgdownload.uplus.co.kr/lguplus/X ... .0.0.3.cab
DPF: HKLM-x32 {F939FEB8-9518-4A4A-BE60-D10FFB9557F2} hxxp://update.nprotect.net/netizenv55/b ... stall5.cab
FireFox:
========
FF Plugin-x32: @ahnlab.com/asp/npaosmgr.1 -> C:\Program Files (x86)\AhnLab\ASP\Components\aosmgr\conflict_584\npaosmgr.dll [2016-03-21] (AhnLab, Inc.)
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI ipt;version=4.0.5 -> C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIIPT.dll [2013-08-09] (Intel Corporation)
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI updater -> C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIUpdater.dll [2013-08-09] (Intel Corporation)
FF Plugin-x32: @interezen.co.kr/npi3gmanager -> C:\Program Files (x86)\Interezen\Plugins\NPI3GManager.dll [2016-04-13] (Interezen (c) Interezen.)
FF Plugin-x32: @microsoft.com/WLPG,version=16.4.3528.0331 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll [2014-03-31] (Microsoft Corporation)
FF Plugin-x32: @softforum.com/npKeyPro -> C:\windows\system32\npKeyPro.dll [No File]
FF Plugin-x32: @softforum.com/npxwebplugins -> C:\Program Files (x86)\SoftForum\XecureWeb\ActiveX\npxwebplugin.dll [2015-08-12] (SoftForum Co., Ltd.)
FF Plugin-x32: @softforum.com/npxwebplugins_file -> C:\Program Files (x86)\SoftForum\XecureWeb\ActiveX\npxwebplugin_file.dll [2015-08-12] (SoftForum Co., Ltd.)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.32.7\npGoogleUpdate3.dll [2016-12-16] (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.32.7\npGoogleUpdate3.dll [2016-12-16] (Google Inc.)
FF Plugin-x32: @wizvera.com/npVeraport20 -> C:\Program Files (x86)\Wizvera\Veraport20\npveraport20.dll [2013-02-14] ()
FF Plugin-x32: @www.ubikey.co.kr/application/npvinetransfer-plugin -> C:\Program Files (x86)\INFovine\npVineTransfer.dll [2015-07-16] (INFOVINE)
FF Plugin HKU\S-1-5-21-3778868831-2437984709-597761506-1001: @softforum.com/npxwebplugins -> C:\Program Files (x86)\SoftForum\XecureWeb\ActiveX\npxwebplugin.dll [2015-08-12] (SoftForum Co., Ltd.)
FF Plugin HKU\S-1-5-21-3778868831-2437984709-597761506-1001: @softforum.com/npxwebplugins_file -> C:\Program Files (x86)\SoftForum\XecureWeb\ActiveX\npxwebplugin_file.dll [2015-08-12] (SoftForum Co., Ltd.)
FF Plugin HKU\S-1-5-21-3778868831-2437984709-597761506-1001: @tools.google.com/Google Update;version=3 -> C:\Users\Kayla\AppData\Local\Google\Update\1.3.32.7\npGoogleUpdate3.dll [2016-12-16] (Google Inc.)
FF Plugin HKU\S-1-5-21-3778868831-2437984709-597761506-1001: @tools.google.com/Google Update;version=9 -> C:\Users\Kayla\AppData\Local\Google\Update\1.3.32.7\npGoogleUpdate3.dll [2016-12-16] (Google Inc.)
FF Plugin HKU\S-1-5-21-3778868831-2437984709-597761506-1001: @www.ubikey.co.kr/application/npvinetransfer-plugin -> C:\Program Files (x86)\INFovine\npVineTransfer.dll [2015-07-16] (INFOVINE)
FF Plugin HKU\S-1-5-21-3778868831-2437984709-597761506-1001: intel.com/AppUp -> C:\Program Files (x86)\Lenovo\LenovoAppShop\bin\npAppUp.dll [2013-07-18] (Intel)
FF Plugin HKU\S-1-5-21-3778868831-2437984709-597761506-1001: intel.com/AppUpx64 -> C:\Program Files (x86)\Lenovo\LenovoAppShop\bin\npAppUp_x64.dll [2013-07-18] (Intel)
Chrome:
=======
CHR DefaultProfile: Profile 1
CHR Profile: C:\Users\Kayla\AppData\Local\Google\Chrome\User Data\Default [2017-02-21]
CHR Profile: C:\Users\Kayla\AppData\Local\Google\Chrome\User Data\Profile 1 [2017-02-22]
CHR Extension: (Google Slides) - C:\Users\Kayla\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2017-02-21]
CHR Extension: (Google Docs) - C:\Users\Kayla\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\aohghmighlieiainnegkcijnfilokake [2017-02-21]
CHR Extension: (Google Drive) - C:\Users\Kayla\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\apdfllckaahabafndbhieahigkjlhalf [2017-02-21]
CHR Extension: (YouTube) - C:\Users\Kayla\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2017-02-21]
CHR Extension: (Google Sheets) - C:\Users\Kayla\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2017-02-21]
CHR Extension: (Google Docs Offline) - C:\Users\Kayla\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2017-02-21]
CHR Extension: (Application Launcher for Drive (by Google)) - C:\Users\Kayla\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\lmjegmlicamnimmfhcmpkclmigmmcbeh [2017-02-21]
CHR Extension: (Chrome Web Store Payments) - C:\Users\Kayla\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2017-02-21]
CHR Extension: (Gmail) - C:\Users\Kayla\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2017-02-21]
CHR Extension: (Chrome Media Router) - C:\Users\Kayla\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm [2017-02-21]
CHR HKU\S-1-5-21-3778868831-2437984709-597761506-1001\SOFTWARE\Google\Chrome\Extensions\...\Chrome\Extension: [lmjegmlicamnimmfhcmpkclmigmmcbeh] - hxxps://clients2.google.com/service/update2/crx
==================== Services (Whitelisted) ====================
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
R2 Apple Mobile Device Service; C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe [83768 2016-09-22] (Apple Inc.)
R3 aswbIDSAgent; C:\Program Files\AVAST Software\Avast\x64\aswidsagenta.exe [7142136 2017-02-22] (AVAST Software s.r.o.)
R2 avast! Antivirus; C:\Program Files\AVAST Software\Avast\AvastSvc.exe [262736 2017-02-22] (AVAST Software)
R2 DptfParticipantProcessorService; C:\WINDOWS\system32\DptfParticipantProcessorService.exe [115632 2013-08-03] (Intel Corporation)
R2 DptfPolicyConfigTDPService; C:\WINDOWS\system32\DptfPolicyConfigTDPService.exe [116656 2013-08-03] (Intel Corporation)
R2 DptfPolicyCriticalService; C:\WINDOWS\system32\DptfPolicyCriticalService.exe [148688 2013-08-03] (Intel Corporation)
R2 DptfPolicyLpmService; C:\WINDOWS\system32\DptfPolicyLpmService.exe [124880 2013-08-03] (Intel Corporation)
R2 IAStorDataMgrSvc; C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe [15720 2013-08-07] (Intel Corporation)
R2 igfxCUIService2.0.0.0; C:\WINDOWS\system32\igfxCUIService.exe [373744 2016-11-01] (Intel Corporation)
R2 Image Protection; C:\windows\ImageSAFERSvc.exe [438784 2014-11-17] (MarkAny) [File not signed]
R2 Intel(R) Capability Licensing Service Interface; C:\Program Files\Intel\iCLS Client\HeciServer.exe [733696 2013-05-11] (Intel(R) Corporation) [File not signed]
S3 Intel(R) Capability Licensing Service TCP IP Interface; C:\Program Files\Intel\iCLS Client\SocketHeciServer.exe [822232 2013-05-11] (Intel(R) Corporation)
R2 Intel(R) Wireless Bluetooth(R) 4.0 Radio Management; C:\Program Files (x86)\Intel\Bluetooth\ibtrksrv.exe [155448 2013-09-21] (Intel Corporation)
R2 jhi_service; C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe [169432 2013-08-09] (Intel Corporation)
R2 LsvUIService; C:\Program Files (x86)\Lenovo\Lenovo Smart Voice\LsvUIService.exe [70416 2016-02-13] (Lenovo)
R2 MBAMService; C:\Program Files\Malwarebytes\Anti-Malware\mbamservice.exe [4355024 2017-01-20] (Malwarebytes)
S3 MyFw40Service; C:\Program Files\AhnLab\ASP\MyFirewall 4.0\ASDSvc.exe [676832 2015-06-25] (AhnLab, Inc.)
R2 PGService; C:\Program Files (x86)\Lenovo\Motion Control\PGService.exe [162600 2013-08-30] (PointGrab LTD)
R2 PhoneCompanionPusher; C:\Program Files\Lenovo Yoga PhoneCompanion\PhoneCompanionPusher.exe [249872 2016-02-13] (Lenovo)
S3 PhoneCompanionVap; C:\Program Files\Lenovo Yoga PhoneCompanion\PhoneCompanionVap.exe [328720 2016-02-13] (Lenovo)
R2 RichVideo64; C:\Program Files\CyberLink\Shared files\RichVideo64.exe [390632 2012-04-24] ()
R2 RtkAudioService; C:\Program Files\Realtek\Audio\HDA\RtkAudioService64.exe [288472 2013-09-13] (Realtek Semiconductor)
R2 SynTPEnhService; C:\Program Files\Synaptics\SynTP\SynTPEnhService.exe [249032 2015-06-02] (Synaptics Incorporated)
S3 WdNisSvc; C:\Program Files\Windows Defender\NisSrv.exe [347328 2016-07-16] (Microsoft Corporation)
S3 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [103720 2016-07-16] (Microsoft Corporation)
R2 ymc; C:\ProgramData\LenovoTransition\Server\x64\ymc.exe [32016 2016-02-13] (Lenovo)
R2 ibtsiva; %SystemRoot%\system32\ibtsiva [X]
===================== Drivers (Whitelisted) ======================
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
S3 AhnFlt2K; C:\windows\system32\drivers\AhnFlt2K.sys [82248 2015-01-19] (AhnLab, Inc.)
R2 AMonCDW8; C:\windows\system32\Drivers\AMonCDW8.sys [195248 2015-10-27] (AhnLab, Inc.)
S3 AntiStealth_MYFIREWALL40ASD; C:\Program Files\AhnLab\ASP\MyFirewall 4.0\AHAWKENT.sys [52920 2015-10-27] (AhnLab, Inc.)
S3 AntiStealth_MYFIREWALL40ASDF; C:\Program Files\AhnLab\ASP\MyFirewall 4.0\TfFRegNt.sys [191032 2015-10-27] (AhnLab, Inc.)
R1 aswbidsdriver; C:\WINDOWS\system32\drivers\aswbidsdrivera.sys [309784 2017-02-22] (AVAST Software s.r.o.)
R0 aswbidsh; C:\WINDOWS\system32\drivers\aswbidsha.sys [189768 2017-02-22] (AVAST Software s.r.o.)
R0 aswblog; C:\WINDOWS\system32\drivers\aswbloga.sys [334600 2017-02-22] (AVAST Software s.r.o.)
R0 aswbuniv; C:\WINDOWS\system32\drivers\aswbuniva.sys [48528 2017-02-22] (AVAST Software s.r.o.)
S3 aswHwid; C:\WINDOWS\system32\drivers\aswHwid.sys [38296 2017-02-22] (AVAST Software)
R1 aswKbd; C:\WINDOWS\system32\drivers\aswKbd.sys [32088 2017-02-22] (AVAST Software)
R2 aswMonFlt; C:\WINDOWS\system32\drivers\aswMonFlt.sys [126088 2017-02-22] (AVAST Software)
R1 aswRdr; C:\WINDOWS\system32\drivers\aswRdr2.sys [100640 2017-02-22] (AVAST Software)
R0 aswRvrt; C:\WINDOWS\system32\drivers\aswRvrt.sys [74680 2017-02-22] (AVAST Software)
R1 aswSnx; C:\WINDOWS\system32\drivers\aswSnx.sys [991496 2017-02-22] (AVAST Software)
R1 aswSP; C:\WINDOWS\system32\drivers\aswSP.sys [547904 2017-02-22] (AVAST Software)
R2 aswStm; C:\WINDOWS\system32\drivers\aswStm.sys [162528 2017-02-22] (AVAST Software)
R0 aswVmm; C:\WINDOWS\system32\drivers\aswVmm.sys [337080 2017-02-22] (AVAST Software)
S3 ATamptNt_MYFIREWALL40ASD; C:\Program Files\AhnLab\ASP\MyFirewall 4.0\atamptnt.sys [325168 2015-10-27] (AhnLab, Inc.)
S3 Cdm2DrNt; C:\windows\system32\Drivers\Cdm2DrNt.sys [98216 2014-09-16] (AhnLab, Inc.)
S3 dg_ssudbus; C:\WINDOWS\system32\DRIVERS\ssudbus.sys [131712 2016-09-04] (Samsung Electronics Co., Ltd.)
R3 DptfDevPch; C:\WINDOWS\system32\DRIVERS\DptfDevPch.sys [114680 2013-08-03] (Intel Corporation)
R3 DptfDevProc; C:\WINDOWS\system32\DRIVERS\DptfDevProc.sys [287160 2013-08-03] (Intel Corporation)
R3 DptfManager; C:\WINDOWS\system32\DRIVERS\DptfManager.sys [494272 2013-08-03] (Intel Corporation)
R1 ESProtectionDriver; C:\WINDOWS\system32\drivers\mbae64.sys [77416 2017-01-20] ()
R3 ibtusb; C:\WINDOWS\system32\DRIVERS\ibtusb.sys [230656 2016-12-12] (Intel Corporation)
R3 ISCT; C:\WINDOWS\System32\drivers\ISCTD64.sys [47008 2013-07-30] ()
R3 ISMgr; C:\windows\system32\ImageSAFERDrv64.sys [11256 2009-11-25] ()
S3 kck64; C:\windows\system32\kck64.sys [101152 2016-07-13] (Kings Information & Network)
R2 MBAMChameleon; C:\WINDOWS\system32\drivers\MBAMChameleon.sys [176584 2017-02-21] (Malwarebytes)
R3 MBAMFarflt; C:\WINDOWS\system32\drivers\farflt.sys [110536 2017-02-22] (Malwarebytes)
R3 MBAMProtection; C:\WINDOWS\system32\drivers\mbam.sys [43968 2017-02-22] (Malwarebytes)
R3 MBAMSwissArmy; C:\WINDOWS\system32\drivers\MBAMSwissArmy.sys [251848 2017-02-22] (Malwarebytes)
R3 MBAMWebProtection; C:\WINDOWS\system32\drivers\mwac.sys [91584 2017-02-22] (Malwarebytes)
R3 MEIx64; C:\WINDOWS\system32\DRIVERS\TeeDriverx64.sys [99288 2013-12-19] (Intel Corporation)
S3 NetAdapterCx; C:\WINDOWS\System32\drivers\NetAdapterCx.sys [90624 2016-07-16] ()
R3 NETwNb64; C:\WINDOWS\System32\drivers\Netwbw02.sys [3485696 2016-07-16] (Intel Corporation)
R3 rtsuvc; C:\WINDOWS\system32\DRIVERS\rtsuvc.sys [8247640 2013-07-19] (Realtek Semiconductor Corp.)
R3 SmbDrvI; C:\WINDOWS\system32\DRIVERS\Smb_driver_Intel.sys [42696 2015-06-02] (Synaptics Incorporated)
S3 ssudmdm; C:\WINDOWS\system32\DRIVERS\ssudmdm.sys [165504 2016-09-04] (Samsung Electronics Co., Ltd.)
S3 TNFwNt_MYFIREWALL40ASD; C:\Program Files\AhnLab\ASP\MyFirewall 4.0\TNFwNt.sys [162752 2015-08-21] (AhnLab, Inc.)
S3 TNNipsNt_MYFIREWALL40ASD; C:\Program Files\AhnLab\ASP\MyFirewall 4.0\TNNipsNt.sys [202544 2015-08-21] (AhnLab, Inc.)
S3 WdBoot; C:\WINDOWS\system32\drivers\WdBoot.sys [44056 2016-07-16] (Microsoft Corporation)
S3 WdFilter; C:\WINDOWS\system32\drivers\WdFilter.sys [290144 2016-07-16] (Microsoft Corporation)
S3 WdNisDrv; C:\WINDOWS\System32\Drivers\WdNisDrv.sys [123232 2016-07-16] (Microsoft Corporation)
S3 wsvd; C:\WINDOWS\system32\DRIVERS\wsvd.sys [102376 2012-06-13] ("CyberLink)
==================== NetSvcs (Whitelisted) ===================
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
==================== One Month Created files and folders ========
(If an entry is included in the fixlist, the file/folder will be moved.)
2017-02-22 16:03 - 2017-02-22 16:03 - 00025575 _____ C:\Users\Kayla\Downloads\FRST.txt
2017-02-22 16:03 - 2017-02-22 16:03 - 00000000 ____D C:\FRST
2017-02-22 16:02 - 2017-02-22 16:02 - 02423296 _____ (Farbar) C:\Users\Kayla\Downloads\FRST64.exe
2017-02-22 14:17 - 2017-02-22 14:17 - 00000000 ____D C:\ProgramData\SWCUTemp
2017-02-22 13:23 - 2017-02-22 13:23 - 00001833 _____ C:\Users\Public\Desktop\iTunes.lnk
2017-02-22 13:23 - 2017-02-22 13:23 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\iTunes
2017-02-22 13:23 - 2017-02-22 13:23 - 00000000 ____D C:\Program Files\iTunes
2017-02-22 13:23 - 2017-02-22 13:23 - 00000000 ____D C:\Program Files\iPod
2017-02-22 13:16 - 2017-02-22 13:16 - 00001925 _____ C:\Users\Public\Desktop\QuickTime Player.lnk
2017-02-22 13:16 - 2017-02-22 13:16 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\QuickTime
2017-02-22 13:16 - 2017-02-22 13:16 - 00000000 ____D C:\Program Files (x86)\QuickTime
2017-02-22 12:56 - 2017-02-22 15:44 - 00004008 _____ C:\WINDOWS\System32\Tasks\SafeZone scheduled Autoupdate 1487786160
2017-02-22 12:56 - 2017-02-22 15:44 - 00001099 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Avast SafeZone Browser.lnk
2017-02-22 12:56 - 2017-02-22 12:56 - 00001099 _____ C:\Users\Public\Desktop\Avast SafeZone Browser.lnk
2017-02-22 12:55 - 2017-02-22 12:55 - 00032088 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswKbd.sys
2017-02-22 12:54 - 2017-02-22 12:54 - 00000000 ____D C:\Users\Kayla\AppData\Roaming\AVAST Software
2017-02-22 12:53 - 2017-02-22 15:26 - 00004268 _____ C:\WINDOWS\System32\Tasks\Avast Emergency Update
2017-02-22 12:53 - 2017-02-22 12:53 - 00547904 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswSP.sys
2017-02-22 12:53 - 2017-02-22 12:53 - 00398408 _____ (AVAST Software) C:\WINDOWS\system32\aswBoot.exe
2017-02-22 12:53 - 2017-02-22 12:53 - 00337080 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswvmm.sys
2017-02-22 12:53 - 2017-02-22 12:53 - 00162528 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswStm.sys
2017-02-22 12:53 - 2017-02-22 12:53 - 00126088 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswMonFlt.sys
2017-02-22 12:53 - 2017-02-22 12:53 - 00100640 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswRdr2.sys
2017-02-22 12:53 - 2017-02-22 12:53 - 00074680 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswRvrt.sys
2017-02-22 12:53 - 2017-02-22 12:53 - 00038296 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswHwid.sys
2017-02-22 12:53 - 2017-02-22 12:53 - 00001990 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Avast Free Antivirus.lnk
2017-02-22 12:53 - 2017-02-22 12:53 - 00001978 _____ C:\Users\Public\Desktop\Avast Free Antivirus.lnk
2017-02-22 12:53 - 2017-02-22 12:53 - 00000000 ____D C:\WINDOWS\System32\Tasks\AVAST Software
2017-02-22 12:53 - 2017-02-22 12:53 - 00000000 ____D C:\Program Files\Common Files\AV
2017-02-22 12:53 - 2017-02-22 12:52 - 00991496 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswSnx.sys
2017-02-22 12:53 - 2017-02-22 12:52 - 00334600 _____ (AVAST Software s.r.o.) C:\WINDOWS\system32\Drivers\aswbloga.sys
2017-02-22 12:53 - 2017-02-22 12:52 - 00309784 _____ (AVAST Software s.r.o.) C:\WINDOWS\system32\Drivers\aswbidsdrivera.sys
2017-02-22 12:53 - 2017-02-22 12:52 - 00189768 _____ (AVAST Software s.r.o.) C:\WINDOWS\system32\Drivers\aswbidsha.sys
2017-02-22 12:53 - 2017-02-22 12:52 - 00048528 _____ (AVAST Software s.r.o.) C:\WINDOWS\system32\Drivers\aswbuniva.sys
2017-02-22 12:51 - 2017-02-22 12:55 - 00000000 ____D C:\Program Files\AVAST Software
2017-02-22 12:50 - 2017-02-22 12:55 - 00000000 ____D C:\ProgramData\AVAST Software
2017-02-22 12:50 - 2017-02-22 12:50 - 06654960 _____ (AVAST Software) C:\Users\Kayla\Downloads\avast_free_antivirus_setup_online_cnet2.exe
2017-02-21 23:57 - 2017-02-22 14:16 - 00110536 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\farflt.sys
2017-02-21 20:35 - 2017-02-21 20:48 - 00414922 _____ C:\files.txt
2017-02-21 17:59 - 2017-02-22 14:16 - 00251848 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\MBAMSwissArmy.sys
2017-02-21 17:59 - 2017-02-22 14:16 - 00091584 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\mwac.sys
2017-02-21 17:59 - 2017-02-22 14:16 - 00043968 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\mbam.sys
2017-02-21 17:59 - 2017-02-21 17:59 - 55566792 _____ (Malwarebytes ) C:\Users\Kayla\Downloads\mb3-setup-consumer-3.0.6.1469.exe
2017-02-21 17:59 - 2017-02-21 17:59 - 00176584 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\MBAMChameleon.sys
2017-02-21 17:59 - 2017-02-21 17:59 - 00001923 _____ C:\Users\Public\Desktop\Malwarebytes.lnk
2017-02-21 17:59 - 2017-02-21 17:59 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes
2017-02-21 17:59 - 2017-02-21 17:59 - 00000000 ____D C:\ProgramData\Malwarebytes
2017-02-21 17:59 - 2017-02-21 17:59 - 00000000 ____D C:\Program Files\Malwarebytes
2017-02-21 17:59 - 2017-01-20 07:47 - 00077416 _____ C:\WINDOWS\system32\Drivers\mbae64.sys
2017-02-21 17:38 - 2017-02-21 17:38 - 00000214 _____ C:\WINDOWS\Tasks\CreateExplorerShellUnelevatedTask.job
2017-02-21 14:39 - 2017-02-21 14:39 - 00000068 ___SH C:\Users\Kayla\AppData\Roaming\.Identifier
2017-02-21 14:39 - 2017-02-21 14:39 - 00000000 ____D C:\WINDOWS\System32\Tasks\Update
2017-02-15 11:13 - 2017-02-18 15:36 - 00000000 ____D C:\Users\Kayla\Desktop\Katsu Panels
2017-02-11 23:54 - 2017-02-11 23:55 - 00000000 ____D C:\Users\Kayla\Documents\Tax
2017-02-11 21:34 - 2017-02-11 21:34 - 00413692 _____ C:\WINDOWS\Minidump\021117-4984-01.dmp
2017-02-09 15:09 - 2017-02-09 15:09 - 00000000 ____D C:\WINDOWS\Panther
2017-02-02 12:42 - 2017-02-02 12:42 - 00000000 ____D C:\WINDOWS\LastGood.Tmp
2017-01-30 21:56 - 2017-01-30 21:56 - 00003276 _____ C:\WINDOWS\System32\Tasks\OneDrive Standalone Update Task v2
2017-01-26 21:35 - 2017-01-26 21:35 - 00000000 ____D C:\Users\Kayla\Documents\Freelance Knowledge
2017-01-25 13:44 - 2016-12-21 02:08 - 00142848 _____ (Microsoft Corporation) C:\WINDOWS\system32\poqexec.exe
2017-01-25 13:44 - 2016-12-20 23:44 - 00120320 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\poqexec.exe
==================== One Month Modified files and folders ========
(If an entry is included in the fixlist, the file/folder will be moved.)
2017-02-22 16:00 - 2016-09-11 21:46 - 00000000 ____D C:\Users\Kayla
2017-02-22 15:28 - 2016-09-11 21:45 - 00000000 ____D C:\WINDOWS\system32\SleepStudy
2017-02-22 15:28 - 2016-07-16 06:47 - 00000000 ____D C:\WINDOWS\AppReadiness
2017-02-22 14:32 - 2016-09-11 21:45 - 00000180 _____ C:\WINDOWS\system32\{A6D608F0-0BDE-491A-97AE-5C4B05D86E01}.bat
2017-02-22 14:32 - 2016-07-28 11:04 - 00000000 __SHD C:\Users\Kayla\IntelGraphicsProfiles
2017-02-22 14:21 - 2016-07-28 10:54 - 05151954 _____ C:\WINDOWS\system32\PerfStringBackup.INI
2017-02-22 14:16 - 2016-09-11 21:50 - 00000006 ____H C:\WINDOWS\Tasks\SA.DAT
2017-02-22 13:58 - 2016-07-16 01:04 - 00786432 _____ C:\WINDOWS\system32\config\BBI
2017-02-22 13:23 - 2016-10-02 10:04 - 00000000 ____D C:\Program Files\Common Files\Apple
2017-02-22 13:15 - 2016-08-26 08:27 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\7-Zip
2017-02-22 13:15 - 2016-08-26 08:27 - 00000000 ____D C:\Program Files\7-Zip
2017-02-22 12:59 - 2016-03-29 08:43 - 00000000 ___RD C:\Program Files (x86)\Skype
2017-02-22 12:59 - 2016-03-29 08:43 - 00000000 ____D C:\ProgramData\Skype
2017-02-22 12:57 - 2016-10-31 11:14 - 00000000 ____D C:\ProgramData\WinZip
2017-02-22 12:53 - 2016-07-16 06:47 - 00000000 ___HD C:\Program Files\WindowsApps
2017-02-21 23:40 - 2016-07-16 06:47 - 00000000 ____D C:\WINDOWS\registration
2017-02-21 15:54 - 2016-12-19 13:21 - 00000000 ____D C:\Users\Kayla\AppData\Local\CrashDumps
2017-02-21 15:46 - 2016-03-29 08:43 - 00000000 ____D C:\Users\Kayla\AppData\Roaming\Skype
2017-02-20 19:20 - 2016-07-16 06:47 - 00000000 ____D C:\WINDOWS\LiveKernelReports
2017-02-13 12:47 - 2016-09-17 00:49 - 00000000 ____D C:\Users\Kayla\Documents\Upwork
2017-02-11 21:34 - 2016-10-02 20:14 - 768618409 _____ C:\WINDOWS\MEMORY.DMP
2017-02-11 21:34 - 2016-10-02 20:14 - 00000000 ____D C:\WINDOWS\Minidump
2017-02-10 20:23 - 2016-06-11 03:47 - 00000000 ____D C:\Users\Kayla\AppData\Roaming\Audacity
2017-02-09 15:09 - 2016-02-15 11:20 - 00000000 __RDO C:\Users\Kayla\SkyDrive
2017-02-07 13:32 - 2016-07-16 06:47 - 00000000 ____D C:\WINDOWS\system32\NDF
2017-02-02 19:11 - 2016-02-15 11:37 - 00002283 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk
2017-02-02 19:11 - 2016-02-15 11:37 - 00002271 _____ C:\Users\Public\Desktop\Google Chrome.lnk
2017-02-02 12:42 - 2016-07-16 06:45 - 00000000 ____D C:\WINDOWS\INF
2017-01-30 21:56 - 2016-07-28 11:08 - 00002374 _____ C:\Users\Kayla\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\OneDrive.lnk
2017-01-25 14:22 - 2016-07-16 06:36 - 00000000 ____D C:\WINDOWS\CbsTemp
==================== Files in the root of some directories =======
2017-02-21 14:39 - 2017-02-21 14:39 - 0000068 ___SH () C:\Users\Kayla\AppData\Roaming\.Identifier
2016-02-15 11:17 - 2016-05-19 08:29 - 0023081 _____ () C:\Users\Kayla\AppData\Roaming\AbsoluteReminder.xml
2017-01-22 02:18 - 2017-01-22 02:18 - 0099384 _____ () C:\Users\Kayla\AppData\Roaming\inst.exe
2017-01-22 02:18 - 2017-01-22 02:18 - 0007859 _____ () C:\Users\Kayla\AppData\Roaming\pcouffin.cat
2017-01-22 02:18 - 2017-01-22 02:18 - 0001167 _____ () C:\Users\Kayla\AppData\Roaming\pcouffin.inf
2017-01-22 02:18 - 2017-01-22 02:18 - 0000055 _____ () C:\Users\Kayla\AppData\Roaming\pcouffin.log
2017-01-22 02:18 - 2017-01-22 02:18 - 0082816 _____ (VSO Software) C:\Users\Kayla\AppData\Roaming\pcouffin.sys
2016-09-11 21:45 - 2016-09-11 21:45 - 0000000 ____H () C:\ProgramData\DP45977C.lfl
Some files in TEMP:
====================
2017-02-22 12:56 - 2017-02-22 12:56 - 0095840 _____ (WinZip Computing, S.L.) C:\Users\Kayla\AppData\Local\Temp\CloseFAH.exe
==================== Bamital & volsnap ======================
(There is no automatic fix for files that do not pass verification.)
C:\WINDOWS\system32\winlogon.exe => File is digitally signed
C:\WINDOWS\system32\wininit.exe => File is digitally signed
C:\WINDOWS\explorer.exe => File is digitally signed
C:\WINDOWS\SysWOW64\explorer.exe => File is digitally signed
C:\WINDOWS\system32\svchost.exe => File is digitally signed
C:\WINDOWS\SysWOW64\svchost.exe => File is digitally signed
C:\WINDOWS\system32\services.exe => File is digitally signed
C:\WINDOWS\system32\User32.dll => File is digitally signed
C:\WINDOWS\SysWOW64\User32.dll => File is digitally signed
C:\WINDOWS\system32\userinit.exe => File is digitally signed
C:\WINDOWS\SysWOW64\userinit.exe => File is digitally signed
C:\WINDOWS\system32\rpcss.dll => File is digitally signed
C:\WINDOWS\system32\dnsapi.dll => File is digitally signed
C:\WINDOWS\SysWOW64\dnsapi.dll => File is digitally signed
C:\WINDOWS\system32\Drivers\volsnap.sys => File is digitally signed
LastRegBack: 2017-02-17 00:55
==================== End of FRST.txt ============================
Addition file:
Additional scan result of Farbar Recovery Scan Tool (x64) Version: 22-02-2017 01
Ran by Kayla (22-02-2017 16:04:18)
Running from C:\Users\Kayla\Downloads
Windows 10 Home Version 1607 (X64) (2016-09-12 02:53:05)
Boot Mode: Normal
==========================================================
==================== Accounts: =============================
Administrator (S-1-5-21-3778868831-2437984709-597761506-500 - Administrator - Disabled)
DefaultAccount (S-1-5-21-3778868831-2437984709-597761506-503 - Limited - Disabled)
Guest (S-1-5-21-3778868831-2437984709-597761506-501 - Limited - Disabled)
Kayla (S-1-5-21-3778868831-2437984709-597761506-1001 - Administrator - Enabled) => C:\Users\Kayla
==================== Security Center ========================
(If an entry is included in the fixlist, it will be removed.)
AV: Avast Antivirus (Enabled - Up to date) {8EA8924E-BC81-DC44-8BB0-8BAE75D86EBF}
AV: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AV: Malwarebytes (Enabled - Up to date) {23007AD3-69FE-687C-2629-D584AFFAF72B}
AS: Malwarebytes (Enabled - Up to date) {98619B37-4FC4-67F2-1C99-EEF6D47DBD96}
AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: Avast Antivirus (Enabled - Up to date) {35C973AA-9ABB-D3CA-B100-B0DC0E5F2402}
==================== Installed Programs ======================
(Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)
7-Zip 16.02 (x64) (HKLM\...\7-Zip) (Version: 16.02 - Igor Pavlov)
7-Zip 16.04 (x64 edition) (HKLM\...\{23170F69-40C1-2702-1604-000001000000}) (Version: 16.04.00.0 - Igor Pavlov)
Absolute Reminder (HKLM-x32\...\{40F4FF7A-B214-4453-B973-080B09CED019}) (Version: 2.3.0.1 - Absolute Software)
AhnLab Online Security (HKLM-x32\...\AhnLab Online Security) (Version: - AhnLab, Inc)
Apple Application Support (32-bit) (HKLM-x32\...\{9BA1A894-B42F-4805-BC8C-349C905A3930}) (Version: 5.3.1 - Apple Inc.)
Apple Application Support (64-bit) (HKLM\...\{7EAC8A42-9FAC-4F6B-AABF-C08C9F2E0F13}) (Version: 5.3.1 - Apple Inc.)
Apple Mobile Device Support (HKLM\...\{55BB2110-FB43-49B3-93F4-945A0CFB0A6C}) (Version: 10.0.1.3 - Apple Inc.)
Apple Software Update (HKLM-x32\...\{56EC47AA-5813-4FF6-8E75-544026FBEA83}) (Version: 2.2.0.150 - Apple Inc.)
Audacity 2.1.2 (HKLM-x32\...\Audacity®_is1) (Version: 2.1.2 - Audacity Team)
Avast Free Antivirus (HKLM-x32\...\Avast Antivirus) (Version: 17.1.2286 - AVAST Software)
AviSynth 2.6 (HKLM-x32\...\AviSynth) (Version: 2.6.0.6 - GPL Public release.)
AVStoDVD 2.8.5 (HKLM-x32\...\AVStoDVD) (Version: 2.8.5 - MrC)
Bonjour (HKLM\...\{56DDDFB8-7F79-4480-89D5-25E1F52AB28F}) (Version: 3.1.0.1 - Apple Inc.)
ChromecastApp (HKU\S-1-5-21-3778868831-2437984709-597761506-1001\...\{079ede36-133d-44b0-8053-c7c1fa8d2e0d}_is1) (Version: 1.5.1693.0 - Google Inc.)
CyberLink PowerDirector 10 (HKLM-x32\...\InstallShield_{B0B4F6D2-F2AE-451A-9496-6F2F6A897B32}) (Version: 10.0.0.2810 - CyberLink Corp.)
CyberLink PowerDirector 10 (Version: 10.0.0.2810 - CyberLink Corp.) Hidden
D3DX10 (x32 Version: 15.4.2368.0902 - Microsoft) Hidden
DaVinci Resolve (HKLM\...\{A6768A12-548B-45FF-9474-A62153C7DAB4}) (Version: 12.5.3014 - Blackmagic Design)
Dolby Digital Plus Home Theater (HKLM\...\{7E3D8FA1-6092-469A-955B-68FC4A2C67CA}) (Version: 7.3.2.2 - Dolby Laboratories Inc)
Energy Manager (HKLM-x32\...\InstallShield_{AC768037-7079-4658-AC24-2897650E0ABE}) (Version: 1.0.1.38 - Lenovo)
Energy Manager (x32 Version: 1.0.1.38 - Lenovo) Hidden
ÈÞ´ëÆùÀÎÁõ¼(º¸°ü)¼ºñ½º (HKLM-x32\...\INFovine) (Version: - INFovine)
FINAL FANTASY VII (HKLM-x32\...\Steam App 39140) (Version: - Square Enix)
FINAL FANTASY VIII (HKLM-x32\...\Steam App 39150) (Version: - SQUARE ENIX)
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 56.0.2924.87 - Google Inc.)
Google Drive (HKLM-x32\...\{07A12123-B717-496B-B471-48AF6407B433}) (Version: 1.32.4066.7445 - Google, Inc.)
Google Update Helper (x32 Version: 1.3.32.7 - Google Inc.) Hidden
HitFilm 4 Express (HKLM\...\{F8BB3662-69A1-4EF1-8674-ADD90AAD3D08}) (Version: 4.0.5723.10801 - FXHOME)
ImgBurn (HKLM-x32\...\ImgBurn) (Version: 2.5.8.0 - LIGHTNING UK!)
Intel Experience Center - Configuration (x32 Version: 1.7.0.179 - Intel) Hidden
Intel(R) Dynamic Platform and Thermal Framework (HKLM-x32\...\FFD10ECE-F715-4a86-9BD8-F6F47DA5DA1C) (Version: 7.1.0.2103 - Intel Corporation)
Intel(R) Experience Center Desktop Software (HKLM-x32\...\{3608ec0a-56b4-4d9d-b038-9b3e51d72582}) (Version: 1.7.0.179 - Intel)
Intel(R) Management Engine Components (HKLM-x32\...\{65153EA5-8B6E-43B6-857B-C6E4FC25798A}) (Version: 9.5.13.1706 - Intel Corporation)
Intel(R) Processor Graphics (HKLM-x32\...\{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}) (Version: 20.19.15.4531 - Intel Corporation)
Intel(R) PROSet/Wireless Software for Bluetooth(R) Technology(patch version 3.0.1337.1) (HKLM\...\{302600C1-6BDF-4FD1-1307-148929CC1385}) (Version: 3.1.1307.0362 - Intel Corporation)
Intel(R) Rapid Storage Technology (HKLM\...\{409CB30E-E457-4008-9B1A-ED1B9EA21140}) (Version: 12.8.0.1016 - Intel Corporation)
Intel(R) Update Manager (x32 Version: 1.6.2.69 - Intel Corporation) Hidden
Intel® PROSet/Wireless Software (HKLM-x32\...\{313c06de-4aa7-4a1f-930a-f10f80380426}) (Version: 17.14.0 - Intel Corporation)
IPinside Agent (HKLM-x32\...\IPinside Agent) (Version: 1.0.1.30 - interezen)
iTunes (HKLM\...\{9D0D2A8B-7E7B-4D88-8D50-24286ED6A5EB}) (Version: 12.5.5.5 - Apple Inc.)
KakaoTalk (HKLM-x32\...\KakaoTalk) (Version: 2.5.3.1451 - Kakao Corp.)
KOBUS - (Áõ¸í¼¹ß±ÞÇÁ·Î±×·¥) (HKLM-x32\...\KOBUS - (Áõ¸í¼¹ß±ÞÇÁ·Î±×·¥)) (Version: v2.6.0.20 - )
LAME v3.99.3 (for Windows) (HKLM-x32\...\LAME_is1) (Version: - )
LAV Filters 0.68 (HKLM-x32\...\lavfilters_is1) (Version: 0.68 - Hendrik Leppkes)
Lenovo App Shop (HKLM-x32\...\Lenovo App Shop 45246) (Version: 3.10.0.45246.24 - Lenovo)
Lenovo EasyCamera (HKLM-x32\...\{E0A7ED39-8CD6-4351-93C3-69CCA00D12B4}) (Version: 6.2.9200.10240 - Realtek Semiconductor Corp.)
Lenovo Motion Control (HKLM-x32\...\InstallShield_{A800D2BF-2F0D-4899-B265-C91C90981E8C}) (Version: 2.0.0.0829 - PointGrab)
Lenovo Motion Control (x32 Version: 2.0.0.0829 - PointGrab) Hidden
Lenovo OneKey Recovery (HKLM-x32\...\InstallShield_{46F4D124-20E5-4D12-BE52-EC177A7A4B42}) (Version: 8.0.0.2105 - CyberLink Corp.)
Lenovo OneKey Recovery (Version: 8.0.0.2105 - CyberLink Corp.) Hidden
Lenovo Service Bridge (HKU\S-1-5-21-3778868831-2437984709-597761506-1001\...\cbe8636f7dd0cf1d) (Version: 1.6.2.0 - Lenovo)
Lenovo Smart Voice (HKLM\...\Lenovo SmartVoice) (Version: 1.0.2.0 - Lenovo)
Lenovo Transition (HKLM\...\Lenovo Transition) (Version: 2.0.13.8211 - Lenovo)
Lenovo Yoga PhoneCompanion (HKLM-x32\...\InstallShield_{0F82EA83-B0C5-4AB9-9695-DFE92C5FD57B}) (Version: 1.1.9.3 - Lenovo)
Lenovo Yoga PhoneCompanion (x32 Version: 1.1.9.3 - Lenovo) Hidden
Life Is Strange™ (HKLM\...\Steam App 319630) (Version: - DONTNOD Entertainment)
Malwarebytes version 3.0.6.1469 (HKLM\...\{35065F43-4BB2-439A-BFF7-0F1014F2E0CD}_is1) (Version: 3.0.6.1469 - Malwarebytes)
Microsoft Office (HKLM-x32\...\{90150000-0138-0409-0000-0000000FF1CE}) (Version: 15.0.4454.1510 - Microsoft Corporation)
Microsoft OneDrive (HKU\S-1-5-21-3778868831-2437984709-597761506-1001\...\OneDriveSetup.exe) (Version: 17.3.6743.1212 - Microsoft Corporation)
Microsoft SQL Server 2005 Compact Edition [ENU] (HKLM-x32\...\{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}) (Version: 3.1.0000 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Movie Maker (x32 Version: 16.4.3528.0331 - Microsoft Corporation) Hidden
nProtect Netizen v5.5 (HKLM-x32\...\nProtect Netizen v5.5) (Version: - INCA Internet Co., Ltd.)
QuickTime 7 (HKLM-x32\...\{FF59BD75-466A-4D5A-AD23-AAD87C5FD44C}) (Version: 7.79.80.95 - Apple Inc.)
Realtek Card Reader (HKLM-x32\...\{5BC2B5AB-80DE-4E83-B8CF-426902051D0A}) (Version: 6.2.9200.30164 - Realtek Semiconductor Corp.)
Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.7040 - Realtek Semiconductor Corp.)
ReminderInstaller (HKLM-x32\...\InstallShield_{48B99BC9-CEB0-485E-96B1-4609BC86D2DE}) (Version: 1.00.0000 - Absolute Software.)
ReminderInstaller (x32 Version: 1.00.0000 - Absolute Software.) Hidden
SafeZone Stable 3.55.2393.561 (x32 Version: 3.55.2393.561 - Avast Software) Hidden
Skype™ 7.32 (HKLM-x32\...\{FC965A47-4839-40CA-B618-18F486F042C6}) (Version: 7.32.103 - Skype Technologies S.A.)
Slack (HKU\S-1-5-21-3778868831-2437984709-597761506-1001\...\slack) (Version: 2.2.1 - Slack Technologies)
Steam (HKLM-x32\...\Steam) (Version: 2.10.91.91 - Valve Corporation)
Synaptics Pointing Device Driver (HKLM\...\SynTPDeinstKey) (Version: 19.0.9.5 - Synaptics Incorporated)
The Elder Scrolls V: Skyrim (HKLM-x32\...\Steam App 72850) (Version: - Bethesda Game Studios)
The Sims(TM) 3 (HKLM\...\Steam App 47890) (Version: - The Sims Studio)
TouchEn key with E2E for 32bit (HKLM-x32\...\TouchEn_key) (Version: - RaonSecure Co., Ltd.)
Update for Korean Microsoft IME Standard Dictionary (HKLM\...\{75A54180-CA5E-47B8-AFBB-29337B976B21}) (Version: 16.0.662.1 - Microsoft Corporation)
Upwork version 4.1.351.0 (HKLM-x32\...\{F8678797-5A4B-43CF-88D0-EEF67DB3B55E}_is1) (Version: 4.1.351.0 - Upwork, Inc)
UserGuide (HKLM-x32\...\InstallShield_{F07C2CF8-4C53-4EC3-8162-A6221E36EB88}) (Version: 1.0.0.15 - Lenovo)
UserGuide (x32 Version: 1.0.0.15 - Lenovo) Hidden
Veraport20(Security module management) - 2,5,2,2 (HKLM-x32\...\{2D992E01-604B-472C-A883-1DDA105A24D5}_is1) (Version: 2,5,2,2 - Wizvera)
VSO ConvertXToDVD 6 (HKLM-x32\...\{8FC36FA6-C508-44FB-B137-1CB46D8258B2}_is1) (Version: 6.0.0.81 - VSO Software)
Windows Driver Package - Lenovo (ACPIVPC) System (02/17/2013 9.52.0.776) (HKLM\...\35DD26BE48DAF4A9F35F969F3CB1E3E1435E661E) (Version: 02/17/2013 9.52.0.776 - Lenovo)
Windows Driver Package - Lenovo (WUDFRd) LenovoVhid (07/25/2013 10.30.0.288) (HKLM\...\6BCA401E9CBEED970D75F55FA5320F60D11984E9) (Version: 07/25/2013 10.30.0.288 - Lenovo)
Windows Live Essentials (HKLM-x32\...\WinLiveSuite) (Version: 16.4.3528.0331 - Microsoft Corporation)
WPS Office (10.1.0.5471) (HKU\S-1-5-21-3778868831-2437984709-597761506-1001\...\Kingsoft Office) (Version: 10.1.0.5471 - Kingsoft Corp.)
XecureWeb Control (HKLM-x32\...\XecureWeb Control) (Version: 7, 2, 8, 2 - SoftForum Co., Ltd.)
Yoga Picks (HKLM-x32\...\{267C8BA0-876B-4589-9F14-EFB84ABCEA7F}) (Version: 1.00.013.0731 - Lenovo)
==================== Custom CLSID (Whitelisted): ==========================
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
CustomCLSID: HKU\S-1-5-21-3778868831-2437984709-597761506-1001_Classes\CLSID\{590C4387-5EBD-4D46-8A84-CD0BA2EF2856}\InprocServer32 -> C:\Users\Kayla\AppData\Local\Google\Update\1.3.30.3\psuser_64.dll => No File
CustomCLSID: HKU\S-1-5-21-3778868831-2437984709-597761506-1001_Classes\CLSID\{59B55F04-DE14-4BB8-92FF-C4A22EF2E5F4}\InprocServer32 -> C:\Users\Kayla\AppData\Local\Google\Update\1.3.31.5\psuser_64.dll => No File
CustomCLSID: HKU\S-1-5-21-3778868831-2437984709-597761506-1001_Classes\CLSID\{793EE463-1304-471C-ADF1-68C2FFB01247}\InprocServer32 -> C:\Users\Kayla\AppData\Local\Google\Update\1.3.29.5\psuser_64.dll => No File
CustomCLSID: HKU\S-1-5-21-3778868831-2437984709-597761506-1001_Classes\CLSID\{9E506282-69D3-5ABA-9C1D-15994B37F4AC}\InprocServer32 -> C:\Program Files (x86)\Lenovo\LenovoAppShop\bin\npAppUp_x64.dll (Intel)
CustomCLSID: HKU\S-1-5-21-3778868831-2437984709-597761506-1001_Classes\CLSID\{9E506282-69D3-5ABA-9C1D-15994B37F4AD}\InprocServer32 -> C:\Program Files (x86)\Lenovo\LenovoAppShop\bin\npAppUp_x64.dll (Intel)
CustomCLSID: HKU\S-1-5-21-3778868831-2437984709-597761506-1001_Classes\CLSID\{CB492AF1-2CEF-4E58-BE47-471C77D0C8BA}\InprocServer32 -> C:\Users\Kayla\AppData\Local\Google\Update\1.3.32.7\psuser_64.dll (Google Inc.)
CustomCLSID: HKU\S-1-5-21-3778868831-2437984709-597761506-1001_Classes\CLSID\{E8CF3E55-F919-49D9-ABC0-948E6CB34B9F}\InprocServer32 -> C:\Users\Kayla\AppData\Local\Google\Update\1.3.32.7\psuser_64.dll (Google Inc.)
==================== Scheduled Tasks (Whitelisted) =============
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
Task: {02C7E434-18F1-4583-BC7A-55D58EF1B438} - System32\Tasks\ISM-UpdateService-e57b59e7-5862-4250-9ce0-76fb411dc0d2 => C:\Program Files (x86)\Intel\Intel(R) Update Manager\bin\Bootstrap.exe [2013-07-03] (Intel Corporation)
Task: {0AD57A7F-782A-4AC9-950C-F3AC976BA5E3} - System32\Tasks\GoogleUpdateTaskUserS-1-5-21-3778868831-2437984709-597761506-1001UA1d257f99b8b7688 => C:\Users\Kayla\AppData\Local\Google\Update\GoogleUpdate.exe [2016-02-18] (Google Inc.)
Task: {0E6E8283-650E-4028-BC1F-4548712F0C69} - \Microsoft\Windows\Setup\GWXTriggers\OutOfIdle-5d -> No File <==== ATTENTION
Task: {0FA890B3-C5B7-4D17-8A6D-8BF93178A27E} - System32\Tasks\OneDrive Standalone Update Task => C:\Users\Kayla\AppData\Local\Microsoft\OneDrive\17.3.6517.0809\OneDriveStandaloneUpdater.exe
Task: {101A7132-0C48-4844-AB07-84F4C5666C2C} - \Microsoft\Windows\Setup\GWXTriggers\Time-5d -> No File <==== ATTENTION
Task: {11803581-A3D3-4C73-B451-D5C2098F1BC9} - System32\Tasks\GoogleUpdateTaskUserS-1-5-21-3778868831-2437984709-597761506-1001Core1d1e9f76a11ca3e => C:\Users\Kayla\AppData\Local\Google\Update\GoogleUpdate.exe [2016-02-18] (Google Inc.)
Task: {12D9A1E8-B779-4694-996A-99FFDCCD0009} - \Microsoft\Windows\Setup\gwx\refreshgwxcontent -> No File <==== ATTENTION
Task: {1823B48C-9136-46D9-8538-7AD4169136F2} - System32\Tasks\Lenovo Smart Voice => C:\Program Files (x86)\Lenovo\Lenovo Smart Voice\LsvTrayLoad.exe [2016-02-13] (Lenovo)
Task: {27F29A4B-D091-467E-A767-5082559608D5} - \Microsoft\Windows\Setup\GWXTriggers\OnIdle-5d -> No File <==== ATTENTION
Task: {352E6CA0-7314-4DF4-89C4-682368D80D57} - System32\Tasks\Microsoft\Windows\Workplace Join\Automatic-Workplace-Join => %SystemRoot%\System32\AutoWorkplace.exe
Task: {359CBBEF-EB50-46A4-B5ED-2BF8387CB5DE} - \Microsoft\Windows\Setup\gwx\launchtrayprocess -> No File <==== ATTENTION
Task: {3C28B6F0-DE60-4B83-BCAF-24A34B0BB653} - System32\Tasks\Update\b526800b-4b75-436f-ba32-d039f88965f6 => C:\Users\Kayla\AppData\Roaming\ssetp.exe <==== ATTENTION
Task: {3D74E0CE-62B1-4771-904F-B431A16D8209} - \Microsoft\Windows\Setup\GWXTriggers\MachineUnlock-5d -> No File <==== ATTENTION
Task: {3DA3F865-6371-4F7B-BEED-73C39249B063} - \Microsoft\Windows\Setup\GWXTriggers\Logon-5d -> No File <==== ATTENTION
Task: {41AF85EE-58FF-4BCA-8B06-4698CAE4ABC3} - System32\Tasks\WpsNotifyTask_Kayla => C:\Users\Kayla\AppData\Local\Kingsoft\WPS Office\10.1.0.5471\wtoolex\wpsnotify.exe [2016-02-20] (Zhuhai Kingsoft Office Software Co.,Ltd)
Task: {4847E874-4FEB-46AC-8895-3D2DA38AB55C} - \Microsoft\Windows\Setup\GWXTriggers\Time-Weekend -> No File <==== ATTENTION
Task: {4C6B18BD-7F79-47A1-A302-1A5BE4CF51C7} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2016-02-15] (Google Inc.)
Task: {4E767E42-22B8-45C6-B394-4377FE15CE0C} - System32\Tasks\GoogleUpdateTaskUserS-1-5-21-3778868831-2437984709-597761506-1001UA1d1e9f76a332b07 => C:\Users\Kayla\AppData\Local\Google\Update\GoogleUpdate.exe [2016-02-18] (Google Inc.)
Task: {4FEF876D-1C81-41F9-8944-FA474BD2444D} - \Microsoft\Windows\Setup\gwx\rundetector -> No File <==== ATTENTION
Task: {71C5C211-478C-4C0D-88B5-4AC189FE5035} - System32\Tasks\Synaptics TouchPad Enhancements => C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [2015-06-02] (Synaptics Incorporated)
Task: {71FC7456-E22B-4606-BAC6-8FC17EE10D5A} - \Microsoft\Windows\Setup\gwx\refreshgwxconfigandcontent -> No File <==== ATTENTION
Task: {7843A63B-03A8-4685-8F90-640F97A3FA24} - \Microsoft\Windows\Setup\GWXTriggers\OutOfSleep-5d -> No File <==== ATTENTION
Task: {8B71F5AE-814A-40FB-86A0-86CFAF3D9979} - System32\Tasks\Avast Emergency Update => C:\Program Files\AVAST Software\Avast\AvEmUpdate.exe [2017-02-22] (AVAST Software)
Task: {9925F08F-E293-4042-B09D-D9E9A9614BE8} - System32\Tasks\GoogleUpdateTaskUserS-1-5-21-3778868831-2437984709-597761506-1001Core1d257f99b831a75 => C:\Users\Kayla\AppData\Local\Google\Update\GoogleUpdate.exe [2016-02-18] (Google Inc.)
Task: {9F905144-62C8-4FEE-8DEF-C05BEB9D953F} - System32\Tasks\SafeZone scheduled Autoupdate 1487786160 => C:\Program Files\AVAST Software\SZBrowser\launcher.exe [2017-02-15] (Avast Software)
Task: {BA2F087A-7DE3-4E13-AFE6-425ACCA5B1D4} - System32\Tasks\ISM-UpdateService-e57b59e7-5862-4250-9ce0-76fb411dc0d2-Logon => C:\Program Files (x86)\Intel\Intel(R) Update Manager\bin\Bootstrap.exe [2013-07-03] (Intel Corporation)
Task: {BBBEA170-BBFC-45A0-A5F6-22B355F48278} - \Microsoft\Windows\Setup\GWXTriggers\refreshgwxconfig-B -> No File <==== ATTENTION
Task: {BC021E80-42B7-416B-BC69-755D859B83C5} - \Microsoft\Windows\Setup\EOONotify -> No File <==== ATTENTION
Task: {BC174DE3-D99B-436D-95B0-32F2012157B3} - System32\Tasks\AVAST Software\Avast settings backup => C:\Program Files\Common Files\AV\avast! Antivirus\backup.exe [2017-02-22] (AVAST Software)
Task: {C0F9C33E-4305-4CA0-9512-B3661BD6BAF6} - \Lenovo\Lenovo Service Bridge\S-1-5-21-3778868831-2437984709-597761506-1001 -> No File <==== ATTENTION
Task: {C434638F-D463-413B-A9AB-30E472D9F982} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2016-02-15] (Google Inc.)
Task: {D0F40B4F-37D1-4B2D-8DD2-8C7ABC744763} - System32\Tasks\GoogleUpdateTaskUserS-1-5-21-3778868831-2437984709-597761506-1001Core => C:\Users\Kayla\AppData\Local\Google\Update\GoogleUpdate.exe [2016-02-18] (Google Inc.)
Task: {D49B43BB-EB40-41BF-AEF3-208BC410D297} - \Microsoft\Windows\Setup\GWXTriggers\ScheduleUpgradeTime -> No File <==== ATTENTION
Task: {E7B48CDF-51C4-4C2E-912A-07979D49EC2A} - System32\Tasks\GoogleUpdateTaskUserS-1-5-21-3778868831-2437984709-597761506-1001UA => C:\Users\Kayla\AppData\Local\Google\Update\GoogleUpdate.exe [2016-02-18] (Google Inc.)
Task: {F99D5072-66DA-4B11-99C1-ECA3A191DDAB} - \Microsoft\Windows\Setup\GWXTriggers\ScheduleUpgradeReminderTime -> No File <==== ATTENTION
Task: {FDC1ADED-6ABD-46CE-B720-BA98B2DA77E9} - \Microsoft\Windows\Setup\gwx\refreshgwxconfig -> No File <==== ATTENTION
(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)
Task: C:\WINDOWS\Tasks\CreateExplorerShellUnelevatedTask.job => C:\WINDOWS\explorer.exe
Task: C:\WINDOWS\Tasks\GoogleUpdateTaskUserS-1-5-21-3778868831-2437984709-597761506-1001Core.job => C:\Users\Kayla\AppData\Local\Google\Update\GoogleUpdate.exe
Task: C:\WINDOWS\Tasks\GoogleUpdateTaskUserS-1-5-21-3778868831-2437984709-597761506-1001Core1d1e9f76a11ca3e.job => C:\Users\Kayla\AppData\Local\Google\Update\GoogleUpdate.exe
Task: C:\WINDOWS\Tasks\GoogleUpdateTaskUserS-1-5-21-3778868831-2437984709-597761506-1001UA.job => C:\Users\Kayla\AppData\Local\Google\Update\GoogleUpdate.exe
Task: C:\WINDOWS\Tasks\GoogleUpdateTaskUserS-1-5-21-3778868831-2437984709-597761506-1001UA1d1e9f76a332b07.job => C:\Users\Kayla\AppData\Local\Google\Update\GoogleUpdate.exe
Task: C:\WINDOWS\Tasks\WpsNotifyTask_Kayla.job => C:\Users\Kayla\AppData\Local\Kingsoft\WPS Office\10.1.0.5471\wtoolex\wpsnotify.exe
==================== Shortcuts =============================
(The entries could be listed to be restored or removed.)
==================== Loaded Modules (Whitelisted) ==============
2016-07-16 06:42 - 2016-07-16 06:42 - 00231424 _____ () C:\WINDOWS\SYSTEM32\ism32k.dll
2016-12-13 14:51 - 2016-12-09 05:29 - 02681200 _____ () C:\WINDOWS\system32\CoreUIComponents.dll
2016-09-01 04:12 - 2016-09-01 04:12 - 00092472 _____ () C:\Program Files\Common Files\Apple\Apple Application Support\zlib1.dll
2017-01-13 13:56 - 2017-01-13 13:56 - 01353528 _____ () C:\Program Files\Common Files\Apple\Apple Application Support\libxml2.dll
2017-02-21 17:59 - 2017-01-20 07:47 - 02264352 _____ () C:\PROGRAM FILES\MALWAREBYTES\ANTI-MALWARE\PoliciesControllerImpl.dll
2017-02-21 17:59 - 2017-01-20 07:47 - 02254800 _____ () C:\PROGRAM FILES\MALWAREBYTES\ANTI-MALWARE\MwacLib.dll
2017-02-21 17:59 - 2017-01-20 07:47 - 02829776 _____ () C:\PROGRAM FILES\MALWAREBYTES\ANTI-MALWARE\arwlib.dll
2016-02-13 16:23 - 2012-04-24 21:43 - 00390632 ____N () C:\Program Files\CyberLink\Shared files\RichVideo64.exe
2016-02-13 16:24 - 2016-02-13 16:24 - 00061200 _____ () C:\ProgramData\LenovoTransition\Server\x64\dptf.dll
2016-12-13 14:51 - 2016-12-09 05:29 - 02681200 _____ () C:\WINDOWS\SYSTEM32\CoreUIComponents.dll
2016-05-27 01:50 - 2016-11-01 22:05 - 00401896 _____ () C:\WINDOWS\system32\igfxTray.exe
2016-09-16 05:05 - 2016-09-06 23:56 - 00134656 _____ () C:\Windows\ShellExperiences\Windows.UI.Shell.SharedUtilities.dll
2017-01-11 11:25 - 2016-12-21 02:09 - 00474112 _____ () C:\Windows\ShellExperiences\QuickActions.dll
2017-01-11 11:25 - 2016-12-21 01:54 - 09760768 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\CortanaApi.dll
2017-01-11 11:25 - 2016-12-21 01:48 - 01401856 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\Cortana.Core.dll
2017-01-11 11:25 - 2016-12-21 01:48 - 00757248 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\CSGSuggestLib.dll
2017-01-11 11:25 - 2016-12-21 01:48 - 01033216 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\Cortana.Actions.dll
2017-01-11 11:25 - 2016-12-21 01:48 - 02424320 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\Cortana.BackgroundTask.dll
2017-01-11 11:25 - 2016-12-21 01:53 - 04853760 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\RemindersUI.dll
2017-01-19 12:06 - 2017-01-19 12:06 - 01969360 _____ () C:\Program Files\WindowsApps\Microsoft.MicrosoftStickyNotes_1.4.7.0_x64__8wekyb3d8bbwe\Microsoft.Applications.Telemetry.Windows.dll
2017-01-19 12:06 - 2017-01-19 12:06 - 00381440 _____ () C:\Program Files\WindowsApps\Microsoft.MicrosoftStickyNotes_1.4.7.0_x64__8wekyb3d8bbwe\Microsoft.Notes.Upgrade.dll
2017-02-22 12:51 - 2017-02-22 12:51 - 00073728 _____ () C:\Program Files\WindowsApps\Microsoft.SkypeApp_11.11.110.0_x64__kzf8qxf38zg5c\SkypeHost.exe
2017-02-22 12:51 - 2017-02-22 12:51 - 00179712 _____ () C:\Program Files\WindowsApps\Microsoft.SkypeApp_11.11.110.0_x64__kzf8qxf38zg5c\SkypeBackgroundTasks.dll
2017-02-22 12:51 - 2017-02-22 12:51 - 42895360 _____ () C:\Program Files\WindowsApps\Microsoft.SkypeApp_11.11.110.0_x64__kzf8qxf38zg5c\SkyWrap.dll
2017-02-06 16:59 - 2017-02-06 16:59 - 02215424 _____ () C:\Program Files\WindowsApps\Microsoft.SkypeApp_11.11.110.0_x64__kzf8qxf38zg5c\roottools.dll
2016-02-13 16:24 - 2016-02-13 16:24 - 00294672 _____ () C:\Program Files (x86)\Lenovo\Lenovo Transition\Transition.exe
2016-02-13 16:24 - 2016-02-13 16:24 - 00108304 _____ () C:\Program Files (x86)\Lenovo\Lenovo Transition\TransitionServer.exe
2016-11-22 23:04 - 2016-11-22 23:04 - 00019456 _____ () C:\Program Files\WindowsApps\Microsoft.Windows.Photos_16.1118.10000.0_x64__8wekyb3d8bbwe\Microsoft.Photos.exe
2016-11-22 23:04 - 2016-11-22 23:04 - 20433408 _____ () C:\Program Files\WindowsApps\Microsoft.Windows.Photos_16.1118.10000.0_x64__8wekyb3d8bbwe\Microsoft.Photos.dll
2016-07-29 06:04 - 2016-07-29 06:04 - 00680448 _____ () C:\Program Files\WindowsApps\Microsoft.Windows.Photos_16.1118.10000.0_x64__8wekyb3d8bbwe\Microsoft.DesignCore.dll
2016-11-22 23:04 - 2016-11-22 23:04 - 01046528 _____ () C:\Program Files\WindowsApps\Microsoft.Windows.Photos_16.1118.10000.0_x64__8wekyb3d8bbwe\Microsoft.Sharing.dll
2016-11-22 23:04 - 2016-11-22 23:04 - 00353792 _____ () C:\Program Files\WindowsApps\Microsoft.Windows.Photos_16.1118.10000.0_x64__8wekyb3d8bbwe\Photos.Inking.dll
2017-02-14 22:20 - 2017-02-14 22:20 - 03865088 _____ () C:\Program Files\WindowsApps\Microsoft.WindowsCalculator_10.1702.312.0_x64__8wekyb3d8bbwe\Calculator.exe
2017-01-31 20:42 - 2017-01-31 20:43 - 01097072 _____ () C:\Program Files\WindowsApps\Microsoft.ZuneVideo_10.16122.10291.0_x64__8wekyb3d8bbwe\Microsoft.UI.Xaml.Controls.dll
2016-02-13 16:24 - 2016-02-13 16:24 - 00161792 _____ () C:\Program Files\Lenovo Yoga PhoneCompanion\adb.exe
2016-02-13 16:10 - 2013-08-09 07:25 - 01242584 _____ () C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\ACE.dll
2016-02-13 16:24 - 2016-02-13 16:24 - 00102672 _____ () C:\Program Files (x86)\Lenovo\Lenovo Transition\Config\3200\TransitionLib.dll
2016-02-13 16:24 - 2016-02-13 16:24 - 00101648 _____ () C:\Program Files (x86)\Lenovo\Lenovo Transition\LUpdatePackage.dll
2016-02-13 16:24 - 2016-02-13 16:24 - 00101648 _____ () C:\Program Files (x86)\Lenovo\Lenovo Smart Voice\LUpdatePackage.dll
2017-02-22 12:52 - 2017-02-22 12:52 - 00170216 _____ () C:\Program Files\AVAST Software\Avast\JsonRpcServer.dll
2017-02-22 12:53 - 2017-02-22 12:53 - 48936448 _____ () C:\Program Files\AVAST Software\Avast\libcef.dll
2017-02-22 12:52 - 2017-02-22 12:52 - 00289328 _____ () C:\Program Files\AVAST Software\Avast\gaming_mode_ui.dll
2017-02-22 12:52 - 2017-02-22 12:52 - 00655056 _____ () C:\Program Files\AVAST Software\Avast\ffl2.dll
2017-02-02 19:11 - 2017-02-01 04:01 - 01870168 _____ () C:\Program Files (x86)\Google\Chrome\Application\56.0.2924.87\libglesv2.dll
2017-02-02 19:11 - 2017-02-01 04:01 - 00085848 _____ () C:\Program Files (x86)\Google\Chrome\Application\56.0.2924.87\libegl.dll
==================== Alternate Data Streams (Whitelisted) =========
(If an entry is included in the fixlist, only the ADS will be removed.)
AlternateDataStreams: C:\Windows:nlsPreferences [386]
==================== Safe Mode (Whitelisted) ===================
(If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MBAMChameleon => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MBAMService => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\MBAMChameleon => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\MBAMService => ""="Service"
==================== Association (Whitelisted) ===============
(If an entry is included in the fixlist, the registry item will be restored to default or removed.)
==================== Internet Explorer trusted/restricted ===============
(If an entry is included in the fixlist, it will be removed from the registry.)
IE trusted site: HKU\S-1-5-21-3778868831-2437984709-597761506-1001\...\dongbulife.com -> hxxp://dongbulife.com
IE trusted site: HKU\S-1-5-21-3778868831-2437984709-597761506-1001\...\esero.go.kr -> hxxp://www.esero.go.kr
IE trusted site: HKU\S-1-5-21-3778868831-2437984709-597761506-1001\...\hanwhalife.com -> hxxp://hanwhalife.com
IE trusted site: HKU\S-1-5-21-3778868831-2437984709-597761506-1001\...\hkbank.co.kr -> hxxp://hkbank.co.kr
IE trusted site: HKU\S-1-5-21-3778868831-2437984709-597761506-1001\...\hyundailife.com -> hxxp://hyundailife.com
IE trusted site: HKU\S-1-5-21-3778868831-2437984709-597761506-1001\...\ibk.co.kr -> hxxp://ibk.co.kr
IE trusted site: HKU\S-1-5-21-3778868831-2437984709-597761506-1001\...\ibk.co.kr -> hxxps://ibk.co.kr
IE trusted site: HKU\S-1-5-21-3778868831-2437984709-597761506-1001\...\jbbank.co.kr -> hxxps://jbbank.co.kr
IE trusted site: HKU\S-1-5-21-3778868831-2437984709-597761506-1001\...\kftc.or.kr -> hxxp://kftc.or.kr
IE trusted site: HKU\S-1-5-21-3778868831-2437984709-597761506-1001\...\prsb.co.kr -> hxxp://prsb.co.kr
IE trusted site: HKU\S-1-5-21-3778868831-2437984709-597761506-1001\...\samsungcard.com -> hxxps://samsungcard.com
IE trusted site: HKU\S-1-5-21-3778868831-2437984709-597761506-1001\...\scourt.go.kr -> hxxps://smartoffice.scourt.go.kr
IE trusted site: HKU\S-1-5-21-3778868831-2437984709-597761506-1001\...\shinhansavings.com -> hxxp://shinhansavings.com
IE trusted site: HKU\S-1-5-21-3778868831-2437984709-597761506-1001\...\smartmiraeasset.com -> hxxp://www.smartmiraeasset.com
IE trusted site: HKU\S-1-5-21-3778868831-2437984709-597761506-1001\...\standardchartered.co.kr -> hxxp://standardchartered.co.kr
IE trusted site: HKU\S-1-5-21-3778868831-2437984709-597761506-1001\...\standardchartered.co.kr -> hxxps://standardchartered.co.kr
IE trusted site: HKU\S-1-5-21-3778868831-2437984709-597761506-1001\...\suhyup-bank.com -> hxxps://suhyup-bank.com
IE trusted site: HKU\S-1-5-21-3778868831-2437984709-597761506-1001\...\wooribank.com -> hxxps://wooribank.com
IE trusted site: HKU\S-1-5-21-3778868831-2437984709-597761506-1001\...\ysebank.co.kr -> hxxp://ysebank.co.kr
==================== Hosts content: ===============================
(If needed Hosts: directive could be included in the fixlist to reset Hosts.)
2013-08-22 08:25 - 2013-08-22 08:25 - 00000824 ____A C:\WINDOWS\system32\Drivers\etc\hosts
==================== Other Areas ============================
(Currently there is no automatic fix for this section.)
HKU\S-1-5-21-3778868831-2437984709-597761506-1001\Control Panel\Desktop\\Wallpaper -> C:\Users\Kayla\Pictures\Anime Shit\freya3.jpg
DNS Servers: 192.168.1.1
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1)
Windows Firewall is enabled.
==================== MSCONFIG/TASK MANAGER disabled items ==
HKLM\...\StartupApproved\StartupFolder: => "FAH.lnk"
HKLM\...\StartupApproved\StartupFolder: => "Update Notifier.lnk"
HKLM\...\StartupApproved\Run: => "iTunesHelper"
HKLM\...\StartupApproved\Run32: => "Yoga Picks"
HKU\S-1-5-21-3778868831-2437984709-597761506-1001\...\StartupApproved\StartupFolder: => "Slack.lnk"
HKU\S-1-5-21-3778868831-2437984709-597761506-1001\...\StartupApproved\Run: => "GoogleDriveSync"
HKU\S-1-5-21-3778868831-2437984709-597761506-1001\...\StartupApproved\Run: => "Skype"
HKU\S-1-5-21-3778868831-2437984709-597761506-1001\...\StartupApproved\Run: => "Steam"
HKU\S-1-5-21-3778868831-2437984709-597761506-1001\...\StartupApproved\Run: => "OneDrive"
HKU\S-1-5-21-3778868831-2437984709-597761506-1001\...\StartupApproved\Run: => "Upwork"
==================== FirewallRules (Whitelisted) ===============
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
FirewallRules: [vm-monitoring-nb-session] => (Allow) LPort=139
FirewallRules: [{8E0D7492-4DAA-42AE-8CAD-23829E48D775}] => (Allow) C:\Program Files\Common Files\mcafee\platform\McSvcHost\McSvHost.exe
FirewallRules: [{F5E9F2FC-1826-4C26-903A-A4C4BDF6B6E9}] => (Allow) C:\Program Files\Common Files\mcafee\platform\McSvcHost\McSvHost.exe
FirewallRules: [{9B566BCE-9C53-409F-8DC2-40EF2DA3153B}] => (Allow) C:\Program Files\CyberLink\PowerDirector10\PDR10.EXE
FirewallRules: [{A50354BC-F2E4-4E9F-8918-69E1EA6CE27D}] => (Allow) C:\Program Files (x86)\Lenovo\LenovoAppShop\bin\ismagent.exe
FirewallRules: [{F4D70303-55B5-40C6-8B8B-1627FADDC8A7}] => (Allow) C:\Program Files (x86)\Lenovo\LenovoAppShop\bin\ismloader.exe
FirewallRules: [{25E11C20-6B4C-4E89-B624-F59D307BE23C}] => (Allow) C:\Program Files\Common Files\mcafee\platform\McSvcHost\McSvHost.exe
FirewallRules: [{CF7501C7-1C21-4C49-B4D8-42C0B2FA846B}] => (Allow) C:\Program Files\Intel\WiFi\bin\PanDhcpDns.exe
FirewallRules: [TCP Query User{5C105F41-4705-41C3-8D83-BD6BCB40ADB2}C:\users\kayla\appdata\local\logmein rescue applet\lmir0001.tmp\lmi_rescue.exe] => (Allow) C:\users\kayla\appdata\local\logmein rescue applet\lmir0001.tmp\lmi_rescue.exe
FirewallRules: [UDP Query User{AC92DC26-7241-42CA-A504-E62C209D7345}C:\users\kayla\appdata\local\logmein rescue applet\lmir0001.tmp\lmi_rescue.exe] => (Allow) C:\users\kayla\appdata\local\logmein rescue applet\lmir0001.tmp\lmi_rescue.exe
FirewallRules: [{7E3B1FCC-DAB8-4EE2-B15D-366ADAE542DA}] => (Allow) C:\Program Files (x86)\Steam\Steam.exe
FirewallRules: [{46F2C19B-7F2B-41B4-A943-CB306C414951}] => (Allow) C:\Program Files (x86)\Steam\Steam.exe
FirewallRules: [{5486FDE7-17BC-45AC-8A06-79BFF047A3D4}] => (Allow) C:\Program Files (x86)\Steam\bin\steamwebhelper.exe
FirewallRules: [{BA04C638-4A55-4416-84DE-5FA138FA402F}] => (Allow) C:\Program Files (x86)\Steam\bin\steamwebhelper.exe
FirewallRules: [{B32411C6-33F5-4080-8337-AAF6F532DEB8}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Skyrim\SkyrimLauncher.exe
FirewallRules: [{6881A6A4-CE8B-4C16-995D-22A5F10BDB90}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Skyrim\SkyrimLauncher.exe
FirewallRules: [{AEF4F058-01CF-4A86-B809-97204E6AD4AD}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\FINAL FANTASY VIII\FF8_Launcher.exe
FirewallRules: [{4F585BCD-6FC1-41C9-9058-CA8B28C98B08}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\FINAL FANTASY VIII\FF8_Launcher.exe
FirewallRules: [{049C9736-484F-4E33-921D-81EF89008B1E}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\FINAL FANTASY VII\FF7_Launcher.exe
FirewallRules: [{A3149EAD-439E-4E22-B369-CE8572394099}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\FINAL FANTASY VII\FF7_Launcher.exe
FirewallRules: [{1DED648B-A170-4E75-8E34-827DF7A3E20B}] => (Allow) C:\Program Files (x86)\Windows Live\Contacts\wlcomm.exe
FirewallRules: [{D0F19E14-BE60-45F0-BFD2-D276F94128F1}] => (Allow) LPort=2869
FirewallRules: [{9E6A10FA-279E-4261-9D28-E7193D08CFFE}] => (Allow) LPort=1900
FirewallRules: [TCP Query User{1A7DE400-8E44-4422-AC44-1C59C1D13F68}C:\program files (x86)\skype\phone\skype.exe] => (Allow) C:\program files (x86)\skype\phone\skype.exe
FirewallRules: [UDP Query User{357F95AB-5AFE-46E1-8E2D-BD263642B473}C:\program files (x86)\skype\phone\skype.exe] => (Allow) C:\program files (x86)\skype\phone\skype.exe
FirewallRules: [{C04D0445-1E82-4D1D-9664-51710303C48B}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\The Sims 3\Game\Bin\Sims3Launcher.exe
FirewallRules: [{6D5158D3-8A8A-4C92-B8DE-B79D8A23917E}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\The Sims 3\Game\Bin\Sims3Launcher.exe
FirewallRules: [{349EA16F-2E9D-4218-8B9E-7C45B9F50012}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Life Is Strange\Binaries\Win32\LifeIsStrange.exe
FirewallRules: [{12CA8784-0843-4643-A7C9-EAAEBF50CB22}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Life Is Strange\Binaries\Win32\LifeIsStrange.exe
FirewallRules: [TCP Query User{BD770B1B-6604-452A-BAE3-A0273EC4B236}C:\windows\syswow64\melonntfy2.exe] => (Allow) C:\windows\syswow64\melonntfy2.exe
FirewallRules: [UDP Query User{EB9AD9CC-C3B3-44EE-9619-82BD59CB019C}C:\windows\syswow64\melonntfy2.exe] => (Allow) C:\windows\syswow64\melonntfy2.exe
FirewallRules: [{725FC957-6787-40A5-9AF4-7E603D7E14DC}] => (Block) C:\windows\syswow64\melonntfy2.exe
FirewallRules: [{6731D530-F6A3-46B7-AF88-CF0D66DD7D38}] => (Block) C:\windows\syswow64\melonntfy2.exe
FirewallRules: [{8C68A20E-45AA-4E59-9F08-39C9B91FC4C7}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe
FirewallRules: [{327F2FFF-D560-4B6F-8F1F-7388F25A5791}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe
FirewallRules: [{4F502CE9-FEAE-4366-8DA6-25F63A2218D3}] => (Allow) C:\Program Files (x86)\Bonjour\mDNSResponder.exe
FirewallRules: [{45FF20C8-2A09-4D0E-8A53-626535B39B7A}] => (Allow) C:\Program Files (x86)\Bonjour\mDNSResponder.exe
FirewallRules: [{D0DC2584-FD8E-45FD-9815-95432B98A501}] => (Allow) C:\Program Files\Blackmagic Design\DaVinci Resolve\Resolve.exe
FirewallRules: [{768045BE-0054-4BEB-85A4-78D07E21A75D}] => (Allow) C:\Program Files\Blackmagic Design\DaVinci Resolve\bmdpaneld.exe
FirewallRules: [{E30D39EB-A746-4715-A2CF-B87E6436AC10}] => (Allow) C:\Program Files\Blackmagic Design\DaVinci Resolve\JLCooperPanelDaemon.exe
FirewallRules: [{AA5653C0-6B59-42CD-ABEE-78AB79E08302}] => (Allow) C:\Program Files\Blackmagic Design\DaVinci Resolve\EuphonixPanelDaemon.exe
FirewallRules: [{B9DEED76-B7D5-415D-A7C9-1D0C0A5F8D0B}] => (Allow) C:\Program Files\Blackmagic Design\DaVinci Resolve\TangentPanelDaemon.exe
FirewallRules: [{4A204FC1-D463-481F-9F5A-7BCA5199C4E4}] => (Allow) C:\Program Files\Blackmagic Design\DaVinci Resolve\ElementsPanelDaemon.exe
FirewallRules: [{D34F9967-017C-4789-B563-910C9D855C8E}] => (Allow) C:\Program Files\Blackmagic Design\DaVinci Resolve\DPDecoder.exe
FirewallRules: [{610BCFCB-9CC8-4CAE-B14E-8A7103725C87}] => (Allow) C:\ProgramData\Blackmagic Design\DaVinci Resolve\Support\QtDecoder\QTDecoder.exe
FirewallRules: [{ACA067B7-E3F7-4E4F-A36F-E57C67FC965B}] => (Allow) C:\Program Files (x86)\qBittorrent\qbittorrent.exe
FirewallRules: [{4E9EB380-CD47-488C-A046-6F6B3714F4CE}] => (Allow) C:\Program Files (x86)\qBittorrent\qbittorrent.exe
FirewallRules: [TCP Query User{8EBD3B57-20E9-4A1B-87D9-3DEC9516FEB9}C:\program files (x86)\kakao\kakaotalk\kakaotalk.exe] => (Block) C:\program files (x86)\kakao\kakaotalk\kakaotalk.exe
FirewallRules: [UDP Query User{72E89FFC-01BD-4FD2-B4DF-AF2F81999E7D}C:\program files (x86)\kakao\kakaotalk\kakaotalk.exe] => (Block) C:\program files (x86)\kakao\kakaotalk\kakaotalk.exe
FirewallRules: [{E00CF83D-27FC-4877-B323-853AA350D1A5}] => (Allow) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
FirewallRules: [{4C7952B4-6886-4AA3-9647-E5A27998738E}] => (Allow) C:\Program Files\iTunes\iTunes.exe
FirewallRules: [{B2E472E6-6CB8-4EC9-8494-B4686724F76C}] => (Allow) C:\Program Files\AVAST Software\SZBrowser\3.55.2393.561\SZBrowser.exe
==================== Restore Points =========================
02-02-2017 12:42:38 Windows Update
10-02-2017 23:02:50 Scheduled Checkpoint
21-02-2017 21:24:21 Restore Operation
==================== Faulty Device Manager Devices =============
==================== Event log errors: =========================
Application errors:
==================
Error: (02/22/2017 12:55:50 PM) (Source: nlsX86cc) (EventID: 0) (User: )
Description: Event-ID 0
Error: (02/22/2017 12:54:02 PM) (Source: SideBySide) (EventID: 33) (User: )
Description: Activation context generation failed for "C:\Program Files\AVAST Software\Avast\setup\iplugins\IStats.dll".
Dependent Assembly Avast.VC110.CRT,processorArchitecture="x86",publicKeyToken="2036b14a11e83e4a",type="win32",version="11.0.60610.1" could not be found.
Please use sxstrace.exe for detailed diagnosis.
Error: (02/21/2017 11:56:36 PM) (Source: System Restore) (EventID: 8210) (User: )
Description: An unspecified error occurred during System Restore: (Scheduled Checkpoint). Additional information: 0x80070091.
Error: (02/21/2017 11:38:56 PM) (Source: System Restore) (EventID: 8210) (User: )
Description: An unspecified error occurred during System Restore: (Restore Operation). Additional information: 0x80070091.
Error: (02/21/2017 11:33:36 PM) (Source: System Restore) (EventID: 8210) (User: )
Description: An unspecified error occurred during System Restore: (Scheduled Checkpoint). Additional information: 0x80070091.
Error: (02/21/2017 09:24:24 PM) (Source: Microsoft-Windows-CAPI2) (EventID: 513) (User: )
Description: Cryptographic Services failed while processing the OnIdentity() call in the System Writer Object.
Details:
AddLegacyDriverFiles: Unable to back up image of binary Microsoft Link-Layer Discovery Protocol.
System Error:
Access is denied.
.
Error: (02/21/2017 05:38:45 PM) (Source: Microsoft-Windows-Immersive-Shell) (EventID: 5973) (User: KAYLA-PC)
Description: Activation of app Microsoft.Getstarted_4.5.6.0_x64__8wekyb3d8bbwe:App.AppX7mv0s3r0wanj0n66dy6vax24ps6avzvz.mca failed with error: -2144927149 See the Microsoft-Windows-TWinUI/Operational log for additional information.
Error: (02/21/2017 05:38:43 PM) (Source: Microsoft-Windows-Immersive-Shell) (EventID: 5973) (User: KAYLA-PC)
Description: Activation of app Microsoft.MicrosoftStickyNotes_8wekyb3d8bbwe!App failed with error: -2144927149 See the Microsoft-Windows-TWinUI/Operational log for additional information.
Error: (02/21/2017 04:15:19 PM) (Source: Microsoft-Windows-Immersive-Shell) (EventID: 2484) (User: KAYLA-PC)
Description: Package windows.immersivecontrolpanel_6.2.0.0_neutral_neutral_cw5n1h2txyewy+microsoft.windows.immersivecontrolpanel was terminated because it took too long to suspend.
Error: (02/21/2017 03:54:22 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: taskhostw.exe, version: 10.0.14393.0, time stamp: 0x57899a8f
Faulting module name: InputService.dll, version: 10.0.14393.576, time stamp: 0x584a77bd
Exception code: 0xc0000005
Fault offset: 0x0000000000022306
Faulting process id: 0x12d8
Faulting application start time: 0x01d28c83ea9c98bc
Faulting application path: C:\WINDOWS\system32\taskhostw.exe
Faulting module path: C:\WINDOWS\system32\InputService.dll
Report Id: 15bc7338-cb4f-4f2f-be91-6a8d848ebfca
Faulting package full name:
Faulting package-relative application ID:
System errors:
=============
Error: (02/22/2017 02:32:00 PM) (Source: DCOM) (EventID: 10016) (User: NT AUTHORITY)
Description: The application-specific permission settings do not grant Local Activation permission for the COM Server application with CLSID
{8D8F4F83-3594-4F07-8369-FC3C3CAE4919}
and APPID
{F72671A9-012C-4725-9D2F-2A4D32D65169}
to the user NT AUTHORITY\SYSTEM SID (S-1-5-18) from address LocalHost (Using LRPC) running in the application container Unavailable SID (Unavailable). This security permission can be modified using the Component Services administrative tool.
Error: (02/22/2017 01:58:36 PM) (Source: Service Control Manager) (EventID: 7023) (User: )
Description: The Tile Data model server service terminated with the following error:
%%2147943515 = A system shutdown is in progress.
Error: (02/22/2017 01:58:31 PM) (Source: DCOM) (EventID: 10016) (User: NT AUTHORITY)
Description: The application-specific permission settings do not grant Local Activation permission for the COM Server application with CLSID
{D63B10C5-BB46-4990-A94F-E40B9D520160}
and APPID
{9CA88EE3-ACB7-47C8-AFC4-AB702511C276}
to the user NT AUTHORITY\SYSTEM SID (S-1-5-18) from address LocalHost (Using LRPC) running in the application container Unavailable SID (Unavailable). This security permission can be modified using the Component Services administrative tool.
Error: (02/22/2017 12:51:18 PM) (Source: Microsoft-Windows-WindowsUpdateClient) (EventID: 20) (User: NT AUTHORITY)
Description: Installation Failure: Windows failed to install the following update with error 0x80073d02: Microsoft Sticky Notes.
Error: (02/21/2017 11:56:33 PM) (Source: DCOM) (EventID: 10016) (User: NT AUTHORITY)
Description: The application-specific permission settings do not grant Local Activation permission for the COM Server application with CLSID
{8D8F4F83-3594-4F07-8369-FC3C3CAE4919}
and APPID
{F72671A9-012C-4725-9D2F-2A4D32D65169}
to the user NT AUTHORITY\SYSTEM SID (S-1-5-18) from address LocalHost (Using LRPC) running in the application container Unavailable SID (Unavailable). This security permission can be modified using the Component Services administrative tool.
Error: (02/21/2017 11:39:54 PM) (Source: DCOM) (EventID: 10010) (User: KAYLA-PC)
Description: The server {21F282D1-A881-49E1-9A3A-26E44E39B86C} did not register with DCOM within the required timeout.
Error: (02/21/2017 11:39:37 PM) (Source: DCOM) (EventID: 10016) (User: NT AUTHORITY)
Description: The application-specific permission settings do not grant Local Activation permission for the COM Server application with CLSID
{D63B10C5-BB46-4990-A94F-E40B9D520160}
and APPID
{9CA88EE3-ACB7-47C8-AFC4-AB702511C276}
to the user NT AUTHORITY\SYSTEM SID (S-1-5-18) from address LocalHost (Using LRPC) running in the application container Unavailable SID (Unavailable). This security permission can be modified using the Component Services administrative tool.
Error: (02/21/2017 11:38:53 PM) (Source: DCOM) (EventID: 10016) (User: NT AUTHORITY)
Description: The application-specific permission settings do not grant Local Activation permission for the COM Server application with CLSID
{8D8F4F83-3594-4F07-8369-FC3C3CAE4919}
and APPID
{F72671A9-012C-4725-9D2F-2A4D32D65169}
to the user NT AUTHORITY\SYSTEM SID (S-1-5-18) from address LocalHost (Using LRPC) running in the application container Unavailable SID (Unavailable). This security permission can be modified using the Component Services administrative tool.
Error: (02/21/2017 11:35:23 PM) (Source: Service Control Manager) (EventID: 7011) (User: )
Description: A timeout (30000 milliseconds) was reached while waiting for a transaction response from the MBAMService service.
Error: (02/21/2017 11:34:50 PM) (Source: DCOM) (EventID: 10016) (User: NT AUTHORITY)
Description: The application-specific permission settings do not grant Local Activation permission for the COM Server application with CLSID
{D63B10C5-BB46-4990-A94F-E40B9D520160}
and APPID
{9CA88EE3-ACB7-47C8-AFC4-AB702511C276}
to the user NT AUTHORITY\SYSTEM SID (S-1-5-18) from address LocalHost (Using LRPC) running in the application container Unavailable SID (Unavailable). This security permission can be modified using the Component Services administrative tool.
CodeIntegrity:
===================================
Date: 2017-02-22 12:50:31.066
Description: Code Integrity determined that a process (\Device\HarddiskVolume5\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume5\Program Files\Bonjour\mdnsNSP.dll that did not meet the Custom 3 / Antimalware signing level requirements.
Date: 2017-02-22 12:50:31.061
Description: Code Integrity determined that a process (\Device\HarddiskVolume5\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume5\Program Files\Bonjour\mdnsNSP.dll that did not meet the Custom 3 / Antimalware signing level requirements.
Date: 2017-01-21 01:48:36.938
Description: Code Integrity determined that a process (\Device\HarddiskVolume5\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume5\Program Files\Bonjour\mdnsNSP.dll that did not meet the Custom 3 / Antimalware signing level requirements.
Date: 2017-01-21 01:48:36.936
Description: Code Integrity determined that a process (\Device\HarddiskVolume5\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume5\Program Files\Bonjour\mdnsNSP.dll that did not meet the Custom 3 / Antimalware signing level requirements.
Date: 2017-01-21 01:48:17.309
Description: Code Integrity determined that a process (\Device\HarddiskVolume5\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume5\Program Files\Bonjour\mdnsNSP.dll that did not meet the Custom 3 / Antimalware signing level requirements.
Date: 2017-01-21 01:48:17.306
Description: Code Integrity determined that a process (\Device\HarddiskVolume5\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume5\Program Files\Bonjour\mdnsNSP.dll that did not meet the Custom 3 / Antimalware signing level requirements.
Date: 2016-11-10 07:55:52.224
Description: Code Integrity determined that a process (\Device\HarddiskVolume5\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume5\Program Files\Bonjour\mdnsNSP.dll that did not meet the Custom 3 / Antimalware signing level requirements.
Date: 2016-11-10 07:55:52.222
Description: Code Integrity determined that a process (\Device\HarddiskVolume5\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume5\Program Files\Bonjour\mdnsNSP.dll that did not meet the Custom 3 / Antimalware signing level requirements.
Date: 2016-10-31 12:13:41.363
Description: Code Integrity determined that a process (\Device\HarddiskVolume5\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume5\Program Files\Bonjour\mdnsNSP.dll that did not meet the Custom 3 / Antimalware signing level requirements.
Date: 2016-10-31 12:13:41.362
Description: Code Integrity determined that a process (\Device\HarddiskVolume5\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume5\Program Files\Bonjour\mdnsNSP.dll that did not meet the Custom 3 / Antimalware signing level requirements.
==================== Memory info ===========================
Processor: Intel(R) Core(TM) i7-4500U CPU @ 1.80GHz
Percentage of memory in use: 46%
Total physical RAM: 8104.27 MB
Available physical RAM: 4372.59 MB
Total Virtual: 18344.27 MB
Available Virtual: 13577.49 MB
==================== Drives ================================
Drive c: (Windows8_OS) (Fixed) (Total:212.46 GB) (Free:45.08 GB) NTFS
Drive d: (LENOVO) (Fixed) (Total:4 GB) (Free:0.88 GB) NTFS
==================== MBR & Partition Table ==================
========================================================
Disk: 0 (Size: 238.5 GB) (Disk ID: 909CDBF1)
Partition: GPT.
==================== End of Addition.txt ============================