Welcome to MalwareRemoval.com,
What if we told you that you could get malware removal help from experts, and that it was 100% free? MalwareRemoval.com provides free support for people with infected computers. Our help, and the tools we use are always 100% free. No hidden catch. We simply enjoy helping others. You enjoy a clean, safe computer.

Malware Removal Instructions

Is The Malware Really Gone?

MalwareRemoval.com provides free support for people with infected computers. Using plain language that anyone can understand, our community of volunteer experts will walk you through each step.

Is The Malware Really Gone?

Unread postby hikaymm » February 22nd, 2017, 5:08 pm

Problem description: I downloaded a bad file form a potential client (my bad) and a virus infected my computer. My paypal information was stolen (under control now, and all passwords on everythign have been changed via a different computer) and I realized this was due to malware because my browsers (both Chrome and IE) kept closing themselves. A scan via Windows Defender did not find anything. A scan via Malware Bytes did not find anything. Using virustotal, I was able to identify that a shortcut link hidden in the file I downloaded executed the download of a file called EULA.exe in addition to some trojan files that virustotal recognized. I don't know if they've been removed. Malwarebytes and Windows Defender come up clean. AVAST identified a trojan file in my system recovery folders which it removed. How can I be sure I've erased this malware? I can't find any indication that it is there, but I can't be sure it's gone either. Any advice would be appreciated.

FRST file:
Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 22-02-2017 01
Ran by Kayla (administrator) on KAYLA-PC (22-02-2017 16:03:34)
Running from C:\Users\Kayla\Downloads
Loaded Profiles: Kayla (Available Profiles: Kayla)
Platform: Windows 10 Home Version 1607 (X64) Language: English (United States)
Internet Explorer Version 11 (Default browser: Chrome)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/33 ... scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(Intel Corporation) C:\Windows\System32\igfxCUIService.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RtkAudioService64.exe
(AVAST Software) C:\Program Files\AVAST Software\Avast\AvastSvc.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(Intel Corporation) C:\Windows\System32\DptfPolicyConfigTDPService.exe
(Intel Corporation) C:\Windows\System32\ibtsiva.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Bluetooth\ibtrksrv.exe
(MarkAny) C:\Windows\ImageSAFERSvc.exe
(Intel Corporation) C:\Windows\System32\DptfPolicyCriticalService.exe
(Intel Corporation) C:\Windows\System32\DptfPolicyLpmService.exe
(Apple Inc.) C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(Intel Corporation) C:\Windows\System32\DptfParticipantProcessorService.exe
(Lenovo) C:\Program Files (x86)\Lenovo\Lenovo Smart Voice\LsvUIService.exe
(Malwarebytes) C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe
(Intel(R) Corporation) C:\Program Files\Intel\iCLS Client\HeciServer.exe
(PointGrab LTD) C:\Program Files (x86)\Lenovo\Motion Control\PGService.exe
(Lenovo) C:\Program Files\Lenovo Yoga PhoneCompanion\PhoneCompanionPusher.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnhService.exe
() C:\Program Files\CyberLink\Shared files\RichVideo64.exe
(Lenovo) C:\ProgramData\LenovoTransition\Server\x64\ymc.exe
(MarkAny) C:\Windows\System32\ImageSAFERStart_X86.exe
(MarkAny) C:\Windows\System32\ImageSAFERStart_X64.exe
(AVAST Software s.r.o.) C:\Program Files\AVAST Software\Avast\x64\aswidsagenta.exe
(Intel Corporation) C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe
(Google Inc.) C:\Program Files (x86)\Google\Update\1.3.32.7\GoogleCrashHandler.exe
(Google Inc.) C:\Program Files (x86)\Google\Update\1.3.32.7\GoogleCrashHandler64.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
(Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v3.0\WPF\PresentationFontCache.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
(Intel Corporation) C:\Windows\System32\igfxEM.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
(Intel Corporation) C:\Windows\System32\igfxHK.exe
() C:\Windows\System32\igfxTray.exe
(Microsoft Corporation) C:\Program Files\WindowsApps\Microsoft.MicrosoftStickyNotes_1.4.7.0_x64__8wekyb3d8bbwe\Microsoft.StickyNotes.exe
() C:\Program Files\WindowsApps\Microsoft.SkypeApp_11.11.110.0_x64__kzf8qxf38zg5c\SkypeHost.exe
(Intel Corporation) C:\Windows\System32\DptfPolicyLpmServiceHelper.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe
(Realtek semiconductor) C:\Windows\RTFTrack.exe
(Lenovo) C:\Program Files\Lenovo Yoga PhoneCompanion\Yoga Phone Companion.exe
() C:\Program Files (x86)\Lenovo\Lenovo Transition\Transition.exe
(Lenovo(beijing) Limited) C:\Program Files (x86)\Lenovo\Energy Manager\Energy Manager.exe
() C:\Program Files (x86)\Lenovo\Lenovo Transition\TransitionServer.exe
(Lenovo) C:\Program Files (x86)\Lenovo\Lenovo Smart Voice\LsvTrayLoad.exe
(Lenovo(beijing) Limited) C:\Program Files (x86)\Lenovo\Energy Manager\utility.exe
(Lenovo) C:\Program Files (x86)\Lenovo\Lenovo Smart Voice\LsvController.exe
(Malwarebytes) C:\Program Files\Malwarebytes\Anti-Malware\mbamtray.exe
(Kakao Corp. ) C:\Program Files (x86)\Kakao\KakaoTalk\KakaoTalk.exe
(AVAST Software) C:\Program Files\AVAST Software\Avast\avastui.exe
(Microsoft Corporation) C:\Windows\System32\InstallAgent.exe
(Microsoft Corporation) C:\Windows\System32\InstallAgentUserBroker.exe
(Intel Corporation) C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe
(Microsoft Corporation) C:\Windows\System32\SettingSyncHost.exe
(Microsoft Corporation) C:\Program Files\WindowsApps\Microsoft.ZuneMusic_10.16122.10271.0_x64__8wekyb3d8bbwe\Music.UI.exe
() C:\Program Files\WindowsApps\Microsoft.Windows.Photos_16.1118.10000.0_x64__8wekyb3d8bbwe\Microsoft.Photos.exe
() C:\Program Files\WindowsApps\Microsoft.WindowsCalculator_10.1702.312.0_x64__8wekyb3d8bbwe\Calculator.exe
(Microsoft Corporation) C:\Program Files\WindowsApps\Microsoft.ZuneVideo_10.16122.10291.0_x64__8wekyb3d8bbwe\Video.UI.exe
() C:\Program Files\Lenovo Yoga PhoneCompanion\adb.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe

==================== Registry (Whitelisted) ====================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [DptfPolicyLpmServiceHelper] => C:\WINDOWS\system32\DptfPolicyLpmServiceHelper.exe [111976 2013-08-03] (Intel Corporation)
HKLM\...\Run: [RtHDVCpl] => C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [13653208 2013-09-13] (Realtek Semiconductor)
HKLM\...\Run: [RtHDVBg_Dolby] => C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe [1321688 2013-08-30] (Realtek Semiconductor)
HKLM\...\Run: [RtsFT] => C:\WINDOWS\RTFTrack.exe [6340312 2013-07-19] (Realtek semiconductor)
HKLM\...\Run: [IgfxTray] => C:\windows\system32\igfxtray.exe [401896 2016-11-01] ()
HKLM\...\Run: [IAStorIcon] => C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe [287592 2013-08-07] (Intel Corporation)
HKLM\...\Run: [Yoga PhoneCompanion] => C:\Program Files\Lenovo Yoga PhoneCompanion\Yoga Phone Companion.exe [844304 2016-02-13] (Lenovo)
HKLM\...\Run: [AutoStartTransition] => C:\Program Files (x86)\Lenovo\Lenovo Transition\Transition.exe [294672 2016-02-13] ()
HKLM\...\Run: [Energy Manager] => C:\Program Files (x86)\Lenovo\Energy Manager\Energy Manager.exe [59925488 2016-02-13] (Lenovo(beijing) Limited)
HKLM\...\Run: [Lenovo Utility] => C:\Program Files (x86)\Lenovo\Energy Manager\Utility.exe [80880 2016-02-13] (Lenovo(beijing) Limited)
HKLM\...\Run: [SynTPEnh] => C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [3944136 2015-06-02] (Synaptics Incorporated)
HKLM\...\Run: [Logitech Download Assistant] => C:\Windows\system32\rundll32.exe C:\Windows\System32\LogiLDA.dll,LogiFetch
HKLM\...\Run: [Malwarebytes TrayApp] => C:\PROGRAM FILES\MALWAREBYTES\ANTI-MALWARE\mbamtray.exe [2780112 2017-01-20] (Malwarebytes)
HKLM\...\Run: [iTunesHelper] => C:\Program Files\iTunes\iTunesHelper.exe [176440 2017-01-19] (Apple Inc.)
HKLM-x32\...\Run: [Lenovo App Shop] => C:\Program Files (x86)\Lenovo\LenovoAppShop\bin\ismagent.exe [156000 2013-07-18] (Intel Corporation)
HKLM-x32\...\Run: [Yoga Picks] => C:\Program Files (x86)\Lenovo\Yoga Picks\Yoga Picks.exe [90640 2013-07-09] (Lenovo)
HKLM-x32\...\Run: [AvastUI.exe] => C:\Program Files\AVAST Software\Avast\AvLaunch.exe [205512 2017-02-22] (AVAST Software)
HKU\S-1-5-21-3778868831-2437984709-597761506-1001\...\Run: [KakaoTalk] => C:\Program Files (x86)\Kakao\KakaoTalk\KakaoTalk.exe [7757120 2017-02-20] (Kakao Corp. )
HKU\S-1-5-21-3778868831-2437984709-597761506-1001\...\Run: [Google Update] => C:\Users\Kayla\AppData\Local\Google\Update\1.3.32.7\GoogleUpdateCore.exe [601752 2016-12-16] (Google Inc.)
HKU\S-1-5-21-3778868831-2437984709-597761506-1001\...\Run: [GoogleDriveSync] => C:\Program Files (x86)\Google\Drive\googledrivesync.exe [23818360 2016-11-30] (Google)
HKU\S-1-5-21-3778868831-2437984709-597761506-1001\...\Run: [Steam] => C:\Program Files (x86)\Steam\steam.exe [2860832 2016-10-12] (Valve Corporation)
HKU\S-1-5-21-3778868831-2437984709-597761506-1001\...\Run: [Skype] => C:\Program Files (x86)\Skype\Phone\Skype.exe [27427808 2017-01-23] (Skype Technologies S.A.)
HKU\S-1-5-21-3778868831-2437984709-597761506-1001\...\Run: [RESTART_STICKY_NOTES] => C:\Windows\System32\StikyNot.exe
HKU\S-1-5-21-3778868831-2437984709-597761506-1001\...\Run: [Upwork] => C:\Program Files (x86)\Upwork\upwork.exe [2267912 2016-08-19] ()
HKU\S-1-5-21-3778868831-2437984709-597761506-1001\Control Panel\Desktop\\SCRNSAVE.EXE -> C:\windows\system32\scrnsave.scr [37376 2016-07-16] (Microsoft Corporation)
HKU\S-1-5-18\...\RunOnce: [Application Restart #1] => C:\Program Files\Common Files\microsoft shared\ink\TabTip.exe [371928 2016-07-16] (Microsoft Corporation)
ShellIconOverlayIdentifiers: [ GoogleDriveBlacklisted] -> {81539FE6-33C7-4CE7-90C7-1C7B8F2F2D42} => C:\Program Files (x86)\Google\Drive\googledrivesync64.dll [2016-11-30] (Google)
ShellIconOverlayIdentifiers: [ GoogleDriveSynced] -> {81539FE6-33C7-4CE7-90C7-1C7B8F2F2D40} => C:\Program Files (x86)\Google\Drive\googledrivesync64.dll [2016-11-30] (Google)
ShellIconOverlayIdentifiers: [ GoogleDriveSyncing] -> {81539FE6-33C7-4CE7-90C7-1C7B8F2F2D41} => C:\Program Files (x86)\Google\Drive\googledrivesync64.dll [2016-11-30] (Google)
ShellIconOverlayIdentifiers: [00asw] -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Program Files\AVAST Software\Avast\ashShA64.dll [2017-02-22] (AVAST Software)
Startup: C:\Users\Kayla\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Slack.lnk [2016-09-20]
ShortcutTarget: Slack.lnk -> C:\Users\Kayla\AppData\Local\slack\Update.exe ()

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

Tcpip\Parameters: [DhcpNameServer] 192.168.1.1
Tcpip\..\Interfaces\{d817da39-a1aa-4fe0-89d1-f37ebb3cc80b}: [DhcpNameServer] 192.168.1.1

Internet Explorer:
==================
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
HKU\S-1-5-21-3778868831-2437984709-597761506-1001\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://lenovo13.msn.com/?pc=LCJB
HKU\S-1-5-21-3778868831-2437984709-597761506-1001\Software\Microsoft\Internet Explorer\Main,Secondary Start Pages = hxxp://home.lenovo.com
SearchScopes: HKU\S-1-5-21-3778868831-2437984709-597761506-1001 -> DefaultScope {5643A7D9-8DED-47EA-AD54-8EB8C4298D32} URL =
SearchScopes: HKU\S-1-5-21-3778868831-2437984709-597761506-1001 -> {5643A7D9-8DED-47EA-AD54-8EB8C4298D32} URL =
DPF: HKLM-x32 {1219B6C3-CD4D-4243-9A4F-4C9F12FCC6E7} hxxps://ck.softforum.co.kr/CKKeyPro/yes ... roInst.cab
DPF: HKLM-x32 {477D5B9A-6479-44F8-9718-9340119B0308} hxxp://bank.keb.co.kr/veraport/down/veraport20.cab
DPF: HKLM-x32 {4F4BF502-1F0B-4955-9F48-16A71C8B53C5} hxxp://home.kobus.co.kr/download/MAOnFP ... _KOBUS.cab
DPF: HKLM-x32 {6CE20149-ABE3-462E-A1B4-5B549971AA38} C:\Users\Kayla\AppData\Local\Temp\4113861\TouchEnkey_Installer_32bit_3.1.0.34.exe
DPF: HKLM-x32 {B0A75875-3622-48BA-B5FF-45AD77AC2D0E} hxxps://www.bankpay.or.kr/BankPayEFT.cab
DPF: HKLM-x32 {C1143E84-B2B1-473B-9F20-E62DD754FCAF}
DPF: HKLM-x32 {E42F7FEB-DE20-43F4-A342-47F1DA77F667} hxxp://pgdownload.uplus.co.kr/lguplus/X ... .0.0.3.cab
DPF: HKLM-x32 {F939FEB8-9518-4A4A-BE60-D10FFB9557F2} hxxp://update.nprotect.net/netizenv55/b ... stall5.cab

FireFox:
========
FF Plugin-x32: @ahnlab.com/asp/npaosmgr.1 -> C:\Program Files (x86)\AhnLab\ASP\Components\aosmgr\conflict_584\npaosmgr.dll [2016-03-21] (AhnLab, Inc.)
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI ipt;version=4.0.5 -> C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIIPT.dll [2013-08-09] (Intel Corporation)
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI updater -> C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIUpdater.dll [2013-08-09] (Intel Corporation)
FF Plugin-x32: @interezen.co.kr/npi3gmanager -> C:\Program Files (x86)\Interezen\Plugins\NPI3GManager.dll [2016-04-13] (Interezen (c) Interezen.)
FF Plugin-x32: @microsoft.com/WLPG,version=16.4.3528.0331 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll [2014-03-31] (Microsoft Corporation)
FF Plugin-x32: @softforum.com/npKeyPro -> C:\windows\system32\npKeyPro.dll [No File]
FF Plugin-x32: @softforum.com/npxwebplugins -> C:\Program Files (x86)\SoftForum\XecureWeb\ActiveX\npxwebplugin.dll [2015-08-12] (SoftForum Co., Ltd.)
FF Plugin-x32: @softforum.com/npxwebplugins_file -> C:\Program Files (x86)\SoftForum\XecureWeb\ActiveX\npxwebplugin_file.dll [2015-08-12] (SoftForum Co., Ltd.)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.32.7\npGoogleUpdate3.dll [2016-12-16] (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.32.7\npGoogleUpdate3.dll [2016-12-16] (Google Inc.)
FF Plugin-x32: @wizvera.com/npVeraport20 -> C:\Program Files (x86)\Wizvera\Veraport20\npveraport20.dll [2013-02-14] ()
FF Plugin-x32: @www.ubikey.co.kr/application/npvinetransfer-plugin -> C:\Program Files (x86)\INFovine\npVineTransfer.dll [2015-07-16] (INFOVINE)
FF Plugin HKU\S-1-5-21-3778868831-2437984709-597761506-1001: @softforum.com/npxwebplugins -> C:\Program Files (x86)\SoftForum\XecureWeb\ActiveX\npxwebplugin.dll [2015-08-12] (SoftForum Co., Ltd.)
FF Plugin HKU\S-1-5-21-3778868831-2437984709-597761506-1001: @softforum.com/npxwebplugins_file -> C:\Program Files (x86)\SoftForum\XecureWeb\ActiveX\npxwebplugin_file.dll [2015-08-12] (SoftForum Co., Ltd.)
FF Plugin HKU\S-1-5-21-3778868831-2437984709-597761506-1001: @tools.google.com/Google Update;version=3 -> C:\Users\Kayla\AppData\Local\Google\Update\1.3.32.7\npGoogleUpdate3.dll [2016-12-16] (Google Inc.)
FF Plugin HKU\S-1-5-21-3778868831-2437984709-597761506-1001: @tools.google.com/Google Update;version=9 -> C:\Users\Kayla\AppData\Local\Google\Update\1.3.32.7\npGoogleUpdate3.dll [2016-12-16] (Google Inc.)
FF Plugin HKU\S-1-5-21-3778868831-2437984709-597761506-1001: @www.ubikey.co.kr/application/npvinetransfer-plugin -> C:\Program Files (x86)\INFovine\npVineTransfer.dll [2015-07-16] (INFOVINE)
FF Plugin HKU\S-1-5-21-3778868831-2437984709-597761506-1001: intel.com/AppUp -> C:\Program Files (x86)\Lenovo\LenovoAppShop\bin\npAppUp.dll [2013-07-18] (Intel)
FF Plugin HKU\S-1-5-21-3778868831-2437984709-597761506-1001: intel.com/AppUpx64 -> C:\Program Files (x86)\Lenovo\LenovoAppShop\bin\npAppUp_x64.dll [2013-07-18] (Intel)

Chrome:
=======
CHR DefaultProfile: Profile 1
CHR Profile: C:\Users\Kayla\AppData\Local\Google\Chrome\User Data\Default [2017-02-21]
CHR Profile: C:\Users\Kayla\AppData\Local\Google\Chrome\User Data\Profile 1 [2017-02-22]
CHR Extension: (Google Slides) - C:\Users\Kayla\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2017-02-21]
CHR Extension: (Google Docs) - C:\Users\Kayla\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\aohghmighlieiainnegkcijnfilokake [2017-02-21]
CHR Extension: (Google Drive) - C:\Users\Kayla\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\apdfllckaahabafndbhieahigkjlhalf [2017-02-21]
CHR Extension: (YouTube) - C:\Users\Kayla\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2017-02-21]
CHR Extension: (Google Sheets) - C:\Users\Kayla\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2017-02-21]
CHR Extension: (Google Docs Offline) - C:\Users\Kayla\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2017-02-21]
CHR Extension: (Application Launcher for Drive (by Google)) - C:\Users\Kayla\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\lmjegmlicamnimmfhcmpkclmigmmcbeh [2017-02-21]
CHR Extension: (Chrome Web Store Payments) - C:\Users\Kayla\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2017-02-21]
CHR Extension: (Gmail) - C:\Users\Kayla\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2017-02-21]
CHR Extension: (Chrome Media Router) - C:\Users\Kayla\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm [2017-02-21]
CHR HKU\S-1-5-21-3778868831-2437984709-597761506-1001\SOFTWARE\Google\Chrome\Extensions\...\Chrome\Extension: [lmjegmlicamnimmfhcmpkclmigmmcbeh] - hxxps://clients2.google.com/service/update2/crx

==================== Services (Whitelisted) ====================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R2 Apple Mobile Device Service; C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe [83768 2016-09-22] (Apple Inc.)
R3 aswbIDSAgent; C:\Program Files\AVAST Software\Avast\x64\aswidsagenta.exe [7142136 2017-02-22] (AVAST Software s.r.o.)
R2 avast! Antivirus; C:\Program Files\AVAST Software\Avast\AvastSvc.exe [262736 2017-02-22] (AVAST Software)
R2 DptfParticipantProcessorService; C:\WINDOWS\system32\DptfParticipantProcessorService.exe [115632 2013-08-03] (Intel Corporation)
R2 DptfPolicyConfigTDPService; C:\WINDOWS\system32\DptfPolicyConfigTDPService.exe [116656 2013-08-03] (Intel Corporation)
R2 DptfPolicyCriticalService; C:\WINDOWS\system32\DptfPolicyCriticalService.exe [148688 2013-08-03] (Intel Corporation)
R2 DptfPolicyLpmService; C:\WINDOWS\system32\DptfPolicyLpmService.exe [124880 2013-08-03] (Intel Corporation)
R2 IAStorDataMgrSvc; C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe [15720 2013-08-07] (Intel Corporation)
R2 igfxCUIService2.0.0.0; C:\WINDOWS\system32\igfxCUIService.exe [373744 2016-11-01] (Intel Corporation)
R2 Image Protection; C:\windows\ImageSAFERSvc.exe [438784 2014-11-17] (MarkAny) [File not signed]
R2 Intel(R) Capability Licensing Service Interface; C:\Program Files\Intel\iCLS Client\HeciServer.exe [733696 2013-05-11] (Intel(R) Corporation) [File not signed]
S3 Intel(R) Capability Licensing Service TCP IP Interface; C:\Program Files\Intel\iCLS Client\SocketHeciServer.exe [822232 2013-05-11] (Intel(R) Corporation)
R2 Intel(R) Wireless Bluetooth(R) 4.0 Radio Management; C:\Program Files (x86)\Intel\Bluetooth\ibtrksrv.exe [155448 2013-09-21] (Intel Corporation)
R2 jhi_service; C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe [169432 2013-08-09] (Intel Corporation)
R2 LsvUIService; C:\Program Files (x86)\Lenovo\Lenovo Smart Voice\LsvUIService.exe [70416 2016-02-13] (Lenovo)
R2 MBAMService; C:\Program Files\Malwarebytes\Anti-Malware\mbamservice.exe [4355024 2017-01-20] (Malwarebytes)
S3 MyFw40Service; C:\Program Files\AhnLab\ASP\MyFirewall 4.0\ASDSvc.exe [676832 2015-06-25] (AhnLab, Inc.)
R2 PGService; C:\Program Files (x86)\Lenovo\Motion Control\PGService.exe [162600 2013-08-30] (PointGrab LTD)
R2 PhoneCompanionPusher; C:\Program Files\Lenovo Yoga PhoneCompanion\PhoneCompanionPusher.exe [249872 2016-02-13] (Lenovo)
S3 PhoneCompanionVap; C:\Program Files\Lenovo Yoga PhoneCompanion\PhoneCompanionVap.exe [328720 2016-02-13] (Lenovo)
R2 RichVideo64; C:\Program Files\CyberLink\Shared files\RichVideo64.exe [390632 2012-04-24] ()
R2 RtkAudioService; C:\Program Files\Realtek\Audio\HDA\RtkAudioService64.exe [288472 2013-09-13] (Realtek Semiconductor)
R2 SynTPEnhService; C:\Program Files\Synaptics\SynTP\SynTPEnhService.exe [249032 2015-06-02] (Synaptics Incorporated)
S3 WdNisSvc; C:\Program Files\Windows Defender\NisSrv.exe [347328 2016-07-16] (Microsoft Corporation)
S3 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [103720 2016-07-16] (Microsoft Corporation)
R2 ymc; C:\ProgramData\LenovoTransition\Server\x64\ymc.exe [32016 2016-02-13] (Lenovo)
R2 ibtsiva; %SystemRoot%\system32\ibtsiva [X]

===================== Drivers (Whitelisted) ======================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

S3 AhnFlt2K; C:\windows\system32\drivers\AhnFlt2K.sys [82248 2015-01-19] (AhnLab, Inc.)
R2 AMonCDW8; C:\windows\system32\Drivers\AMonCDW8.sys [195248 2015-10-27] (AhnLab, Inc.)
S3 AntiStealth_MYFIREWALL40ASD; C:\Program Files\AhnLab\ASP\MyFirewall 4.0\AHAWKENT.sys [52920 2015-10-27] (AhnLab, Inc.)
S3 AntiStealth_MYFIREWALL40ASDF; C:\Program Files\AhnLab\ASP\MyFirewall 4.0\TfFRegNt.sys [191032 2015-10-27] (AhnLab, Inc.)
R1 aswbidsdriver; C:\WINDOWS\system32\drivers\aswbidsdrivera.sys [309784 2017-02-22] (AVAST Software s.r.o.)
R0 aswbidsh; C:\WINDOWS\system32\drivers\aswbidsha.sys [189768 2017-02-22] (AVAST Software s.r.o.)
R0 aswblog; C:\WINDOWS\system32\drivers\aswbloga.sys [334600 2017-02-22] (AVAST Software s.r.o.)
R0 aswbuniv; C:\WINDOWS\system32\drivers\aswbuniva.sys [48528 2017-02-22] (AVAST Software s.r.o.)
S3 aswHwid; C:\WINDOWS\system32\drivers\aswHwid.sys [38296 2017-02-22] (AVAST Software)
R1 aswKbd; C:\WINDOWS\system32\drivers\aswKbd.sys [32088 2017-02-22] (AVAST Software)
R2 aswMonFlt; C:\WINDOWS\system32\drivers\aswMonFlt.sys [126088 2017-02-22] (AVAST Software)
R1 aswRdr; C:\WINDOWS\system32\drivers\aswRdr2.sys [100640 2017-02-22] (AVAST Software)
R0 aswRvrt; C:\WINDOWS\system32\drivers\aswRvrt.sys [74680 2017-02-22] (AVAST Software)
R1 aswSnx; C:\WINDOWS\system32\drivers\aswSnx.sys [991496 2017-02-22] (AVAST Software)
R1 aswSP; C:\WINDOWS\system32\drivers\aswSP.sys [547904 2017-02-22] (AVAST Software)
R2 aswStm; C:\WINDOWS\system32\drivers\aswStm.sys [162528 2017-02-22] (AVAST Software)
R0 aswVmm; C:\WINDOWS\system32\drivers\aswVmm.sys [337080 2017-02-22] (AVAST Software)
S3 ATamptNt_MYFIREWALL40ASD; C:\Program Files\AhnLab\ASP\MyFirewall 4.0\atamptnt.sys [325168 2015-10-27] (AhnLab, Inc.)
S3 Cdm2DrNt; C:\windows\system32\Drivers\Cdm2DrNt.sys [98216 2014-09-16] (AhnLab, Inc.)
S3 dg_ssudbus; C:\WINDOWS\system32\DRIVERS\ssudbus.sys [131712 2016-09-04] (Samsung Electronics Co., Ltd.)
R3 DptfDevPch; C:\WINDOWS\system32\DRIVERS\DptfDevPch.sys [114680 2013-08-03] (Intel Corporation)
R3 DptfDevProc; C:\WINDOWS\system32\DRIVERS\DptfDevProc.sys [287160 2013-08-03] (Intel Corporation)
R3 DptfManager; C:\WINDOWS\system32\DRIVERS\DptfManager.sys [494272 2013-08-03] (Intel Corporation)
R1 ESProtectionDriver; C:\WINDOWS\system32\drivers\mbae64.sys [77416 2017-01-20] ()
R3 ibtusb; C:\WINDOWS\system32\DRIVERS\ibtusb.sys [230656 2016-12-12] (Intel Corporation)
R3 ISCT; C:\WINDOWS\System32\drivers\ISCTD64.sys [47008 2013-07-30] ()
R3 ISMgr; C:\windows\system32\ImageSAFERDrv64.sys [11256 2009-11-25] ()
S3 kck64; C:\windows\system32\kck64.sys [101152 2016-07-13] (Kings Information & Network)
R2 MBAMChameleon; C:\WINDOWS\system32\drivers\MBAMChameleon.sys [176584 2017-02-21] (Malwarebytes)
R3 MBAMFarflt; C:\WINDOWS\system32\drivers\farflt.sys [110536 2017-02-22] (Malwarebytes)
R3 MBAMProtection; C:\WINDOWS\system32\drivers\mbam.sys [43968 2017-02-22] (Malwarebytes)
R3 MBAMSwissArmy; C:\WINDOWS\system32\drivers\MBAMSwissArmy.sys [251848 2017-02-22] (Malwarebytes)
R3 MBAMWebProtection; C:\WINDOWS\system32\drivers\mwac.sys [91584 2017-02-22] (Malwarebytes)
R3 MEIx64; C:\WINDOWS\system32\DRIVERS\TeeDriverx64.sys [99288 2013-12-19] (Intel Corporation)
S3 NetAdapterCx; C:\WINDOWS\System32\drivers\NetAdapterCx.sys [90624 2016-07-16] ()
R3 NETwNb64; C:\WINDOWS\System32\drivers\Netwbw02.sys [3485696 2016-07-16] (Intel Corporation)
R3 rtsuvc; C:\WINDOWS\system32\DRIVERS\rtsuvc.sys [8247640 2013-07-19] (Realtek Semiconductor Corp.)
R3 SmbDrvI; C:\WINDOWS\system32\DRIVERS\Smb_driver_Intel.sys [42696 2015-06-02] (Synaptics Incorporated)
S3 ssudmdm; C:\WINDOWS\system32\DRIVERS\ssudmdm.sys [165504 2016-09-04] (Samsung Electronics Co., Ltd.)
S3 TNFwNt_MYFIREWALL40ASD; C:\Program Files\AhnLab\ASP\MyFirewall 4.0\TNFwNt.sys [162752 2015-08-21] (AhnLab, Inc.)
S3 TNNipsNt_MYFIREWALL40ASD; C:\Program Files\AhnLab\ASP\MyFirewall 4.0\TNNipsNt.sys [202544 2015-08-21] (AhnLab, Inc.)
S3 WdBoot; C:\WINDOWS\system32\drivers\WdBoot.sys [44056 2016-07-16] (Microsoft Corporation)
S3 WdFilter; C:\WINDOWS\system32\drivers\WdFilter.sys [290144 2016-07-16] (Microsoft Corporation)
S3 WdNisDrv; C:\WINDOWS\System32\Drivers\WdNisDrv.sys [123232 2016-07-16] (Microsoft Corporation)
S3 wsvd; C:\WINDOWS\system32\DRIVERS\wsvd.sys [102376 2012-06-13] ("CyberLink)

==================== NetSvcs (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)


==================== One Month Created files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2017-02-22 16:03 - 2017-02-22 16:03 - 00025575 _____ C:\Users\Kayla\Downloads\FRST.txt
2017-02-22 16:03 - 2017-02-22 16:03 - 00000000 ____D C:\FRST
2017-02-22 16:02 - 2017-02-22 16:02 - 02423296 _____ (Farbar) C:\Users\Kayla\Downloads\FRST64.exe
2017-02-22 14:17 - 2017-02-22 14:17 - 00000000 ____D C:\ProgramData\SWCUTemp
2017-02-22 13:23 - 2017-02-22 13:23 - 00001833 _____ C:\Users\Public\Desktop\iTunes.lnk
2017-02-22 13:23 - 2017-02-22 13:23 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\iTunes
2017-02-22 13:23 - 2017-02-22 13:23 - 00000000 ____D C:\Program Files\iTunes
2017-02-22 13:23 - 2017-02-22 13:23 - 00000000 ____D C:\Program Files\iPod
2017-02-22 13:16 - 2017-02-22 13:16 - 00001925 _____ C:\Users\Public\Desktop\QuickTime Player.lnk
2017-02-22 13:16 - 2017-02-22 13:16 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\QuickTime
2017-02-22 13:16 - 2017-02-22 13:16 - 00000000 ____D C:\Program Files (x86)\QuickTime
2017-02-22 12:56 - 2017-02-22 15:44 - 00004008 _____ C:\WINDOWS\System32\Tasks\SafeZone scheduled Autoupdate 1487786160
2017-02-22 12:56 - 2017-02-22 15:44 - 00001099 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Avast SafeZone Browser.lnk
2017-02-22 12:56 - 2017-02-22 12:56 - 00001099 _____ C:\Users\Public\Desktop\Avast SafeZone Browser.lnk
2017-02-22 12:55 - 2017-02-22 12:55 - 00032088 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswKbd.sys
2017-02-22 12:54 - 2017-02-22 12:54 - 00000000 ____D C:\Users\Kayla\AppData\Roaming\AVAST Software
2017-02-22 12:53 - 2017-02-22 15:26 - 00004268 _____ C:\WINDOWS\System32\Tasks\Avast Emergency Update
2017-02-22 12:53 - 2017-02-22 12:53 - 00547904 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswSP.sys
2017-02-22 12:53 - 2017-02-22 12:53 - 00398408 _____ (AVAST Software) C:\WINDOWS\system32\aswBoot.exe
2017-02-22 12:53 - 2017-02-22 12:53 - 00337080 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswvmm.sys
2017-02-22 12:53 - 2017-02-22 12:53 - 00162528 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswStm.sys
2017-02-22 12:53 - 2017-02-22 12:53 - 00126088 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswMonFlt.sys
2017-02-22 12:53 - 2017-02-22 12:53 - 00100640 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswRdr2.sys
2017-02-22 12:53 - 2017-02-22 12:53 - 00074680 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswRvrt.sys
2017-02-22 12:53 - 2017-02-22 12:53 - 00038296 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswHwid.sys
2017-02-22 12:53 - 2017-02-22 12:53 - 00001990 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Avast Free Antivirus.lnk
2017-02-22 12:53 - 2017-02-22 12:53 - 00001978 _____ C:\Users\Public\Desktop\Avast Free Antivirus.lnk
2017-02-22 12:53 - 2017-02-22 12:53 - 00000000 ____D C:\WINDOWS\System32\Tasks\AVAST Software
2017-02-22 12:53 - 2017-02-22 12:53 - 00000000 ____D C:\Program Files\Common Files\AV
2017-02-22 12:53 - 2017-02-22 12:52 - 00991496 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswSnx.sys
2017-02-22 12:53 - 2017-02-22 12:52 - 00334600 _____ (AVAST Software s.r.o.) C:\WINDOWS\system32\Drivers\aswbloga.sys
2017-02-22 12:53 - 2017-02-22 12:52 - 00309784 _____ (AVAST Software s.r.o.) C:\WINDOWS\system32\Drivers\aswbidsdrivera.sys
2017-02-22 12:53 - 2017-02-22 12:52 - 00189768 _____ (AVAST Software s.r.o.) C:\WINDOWS\system32\Drivers\aswbidsha.sys
2017-02-22 12:53 - 2017-02-22 12:52 - 00048528 _____ (AVAST Software s.r.o.) C:\WINDOWS\system32\Drivers\aswbuniva.sys
2017-02-22 12:51 - 2017-02-22 12:55 - 00000000 ____D C:\Program Files\AVAST Software
2017-02-22 12:50 - 2017-02-22 12:55 - 00000000 ____D C:\ProgramData\AVAST Software
2017-02-22 12:50 - 2017-02-22 12:50 - 06654960 _____ (AVAST Software) C:\Users\Kayla\Downloads\avast_free_antivirus_setup_online_cnet2.exe
2017-02-21 23:57 - 2017-02-22 14:16 - 00110536 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\farflt.sys
2017-02-21 20:35 - 2017-02-21 20:48 - 00414922 _____ C:\files.txt
2017-02-21 17:59 - 2017-02-22 14:16 - 00251848 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\MBAMSwissArmy.sys
2017-02-21 17:59 - 2017-02-22 14:16 - 00091584 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\mwac.sys
2017-02-21 17:59 - 2017-02-22 14:16 - 00043968 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\mbam.sys
2017-02-21 17:59 - 2017-02-21 17:59 - 55566792 _____ (Malwarebytes ) C:\Users\Kayla\Downloads\mb3-setup-consumer-3.0.6.1469.exe
2017-02-21 17:59 - 2017-02-21 17:59 - 00176584 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\MBAMChameleon.sys
2017-02-21 17:59 - 2017-02-21 17:59 - 00001923 _____ C:\Users\Public\Desktop\Malwarebytes.lnk
2017-02-21 17:59 - 2017-02-21 17:59 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes
2017-02-21 17:59 - 2017-02-21 17:59 - 00000000 ____D C:\ProgramData\Malwarebytes
2017-02-21 17:59 - 2017-02-21 17:59 - 00000000 ____D C:\Program Files\Malwarebytes
2017-02-21 17:59 - 2017-01-20 07:47 - 00077416 _____ C:\WINDOWS\system32\Drivers\mbae64.sys
2017-02-21 17:38 - 2017-02-21 17:38 - 00000214 _____ C:\WINDOWS\Tasks\CreateExplorerShellUnelevatedTask.job
2017-02-21 14:39 - 2017-02-21 14:39 - 00000068 ___SH C:\Users\Kayla\AppData\Roaming\.Identifier
2017-02-21 14:39 - 2017-02-21 14:39 - 00000000 ____D C:\WINDOWS\System32\Tasks\Update
2017-02-15 11:13 - 2017-02-18 15:36 - 00000000 ____D C:\Users\Kayla\Desktop\Katsu Panels
2017-02-11 23:54 - 2017-02-11 23:55 - 00000000 ____D C:\Users\Kayla\Documents\Tax
2017-02-11 21:34 - 2017-02-11 21:34 - 00413692 _____ C:\WINDOWS\Minidump\021117-4984-01.dmp
2017-02-09 15:09 - 2017-02-09 15:09 - 00000000 ____D C:\WINDOWS\Panther
2017-02-02 12:42 - 2017-02-02 12:42 - 00000000 ____D C:\WINDOWS\LastGood.Tmp
2017-01-30 21:56 - 2017-01-30 21:56 - 00003276 _____ C:\WINDOWS\System32\Tasks\OneDrive Standalone Update Task v2
2017-01-26 21:35 - 2017-01-26 21:35 - 00000000 ____D C:\Users\Kayla\Documents\Freelance Knowledge
2017-01-25 13:44 - 2016-12-21 02:08 - 00142848 _____ (Microsoft Corporation) C:\WINDOWS\system32\poqexec.exe
2017-01-25 13:44 - 2016-12-20 23:44 - 00120320 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\poqexec.exe

==================== One Month Modified files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2017-02-22 16:00 - 2016-09-11 21:46 - 00000000 ____D C:\Users\Kayla
2017-02-22 15:28 - 2016-09-11 21:45 - 00000000 ____D C:\WINDOWS\system32\SleepStudy
2017-02-22 15:28 - 2016-07-16 06:47 - 00000000 ____D C:\WINDOWS\AppReadiness
2017-02-22 14:32 - 2016-09-11 21:45 - 00000180 _____ C:\WINDOWS\system32\{A6D608F0-0BDE-491A-97AE-5C4B05D86E01}.bat
2017-02-22 14:32 - 2016-07-28 11:04 - 00000000 __SHD C:\Users\Kayla\IntelGraphicsProfiles
2017-02-22 14:21 - 2016-07-28 10:54 - 05151954 _____ C:\WINDOWS\system32\PerfStringBackup.INI
2017-02-22 14:16 - 2016-09-11 21:50 - 00000006 ____H C:\WINDOWS\Tasks\SA.DAT
2017-02-22 13:58 - 2016-07-16 01:04 - 00786432 _____ C:\WINDOWS\system32\config\BBI
2017-02-22 13:23 - 2016-10-02 10:04 - 00000000 ____D C:\Program Files\Common Files\Apple
2017-02-22 13:15 - 2016-08-26 08:27 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\7-Zip
2017-02-22 13:15 - 2016-08-26 08:27 - 00000000 ____D C:\Program Files\7-Zip
2017-02-22 12:59 - 2016-03-29 08:43 - 00000000 ___RD C:\Program Files (x86)\Skype
2017-02-22 12:59 - 2016-03-29 08:43 - 00000000 ____D C:\ProgramData\Skype
2017-02-22 12:57 - 2016-10-31 11:14 - 00000000 ____D C:\ProgramData\WinZip
2017-02-22 12:53 - 2016-07-16 06:47 - 00000000 ___HD C:\Program Files\WindowsApps
2017-02-21 23:40 - 2016-07-16 06:47 - 00000000 ____D C:\WINDOWS\registration
2017-02-21 15:54 - 2016-12-19 13:21 - 00000000 ____D C:\Users\Kayla\AppData\Local\CrashDumps
2017-02-21 15:46 - 2016-03-29 08:43 - 00000000 ____D C:\Users\Kayla\AppData\Roaming\Skype
2017-02-20 19:20 - 2016-07-16 06:47 - 00000000 ____D C:\WINDOWS\LiveKernelReports
2017-02-13 12:47 - 2016-09-17 00:49 - 00000000 ____D C:\Users\Kayla\Documents\Upwork
2017-02-11 21:34 - 2016-10-02 20:14 - 768618409 _____ C:\WINDOWS\MEMORY.DMP
2017-02-11 21:34 - 2016-10-02 20:14 - 00000000 ____D C:\WINDOWS\Minidump
2017-02-10 20:23 - 2016-06-11 03:47 - 00000000 ____D C:\Users\Kayla\AppData\Roaming\Audacity
2017-02-09 15:09 - 2016-02-15 11:20 - 00000000 __RDO C:\Users\Kayla\SkyDrive
2017-02-07 13:32 - 2016-07-16 06:47 - 00000000 ____D C:\WINDOWS\system32\NDF
2017-02-02 19:11 - 2016-02-15 11:37 - 00002283 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk
2017-02-02 19:11 - 2016-02-15 11:37 - 00002271 _____ C:\Users\Public\Desktop\Google Chrome.lnk
2017-02-02 12:42 - 2016-07-16 06:45 - 00000000 ____D C:\WINDOWS\INF
2017-01-30 21:56 - 2016-07-28 11:08 - 00002374 _____ C:\Users\Kayla\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\OneDrive.lnk
2017-01-25 14:22 - 2016-07-16 06:36 - 00000000 ____D C:\WINDOWS\CbsTemp

==================== Files in the root of some directories =======

2017-02-21 14:39 - 2017-02-21 14:39 - 0000068 ___SH () C:\Users\Kayla\AppData\Roaming\.Identifier
2016-02-15 11:17 - 2016-05-19 08:29 - 0023081 _____ () C:\Users\Kayla\AppData\Roaming\AbsoluteReminder.xml
2017-01-22 02:18 - 2017-01-22 02:18 - 0099384 _____ () C:\Users\Kayla\AppData\Roaming\inst.exe
2017-01-22 02:18 - 2017-01-22 02:18 - 0007859 _____ () C:\Users\Kayla\AppData\Roaming\pcouffin.cat
2017-01-22 02:18 - 2017-01-22 02:18 - 0001167 _____ () C:\Users\Kayla\AppData\Roaming\pcouffin.inf
2017-01-22 02:18 - 2017-01-22 02:18 - 0000055 _____ () C:\Users\Kayla\AppData\Roaming\pcouffin.log
2017-01-22 02:18 - 2017-01-22 02:18 - 0082816 _____ (VSO Software) C:\Users\Kayla\AppData\Roaming\pcouffin.sys
2016-09-11 21:45 - 2016-09-11 21:45 - 0000000 ____H () C:\ProgramData\DP45977C.lfl

Some files in TEMP:
====================
2017-02-22 12:56 - 2017-02-22 12:56 - 0095840 _____ (WinZip Computing, S.L.) C:\Users\Kayla\AppData\Local\Temp\CloseFAH.exe

==================== Bamital & volsnap ======================

(There is no automatic fix for files that do not pass verification.)

C:\WINDOWS\system32\winlogon.exe => File is digitally signed
C:\WINDOWS\system32\wininit.exe => File is digitally signed
C:\WINDOWS\explorer.exe => File is digitally signed
C:\WINDOWS\SysWOW64\explorer.exe => File is digitally signed
C:\WINDOWS\system32\svchost.exe => File is digitally signed
C:\WINDOWS\SysWOW64\svchost.exe => File is digitally signed
C:\WINDOWS\system32\services.exe => File is digitally signed
C:\WINDOWS\system32\User32.dll => File is digitally signed
C:\WINDOWS\SysWOW64\User32.dll => File is digitally signed
C:\WINDOWS\system32\userinit.exe => File is digitally signed
C:\WINDOWS\SysWOW64\userinit.exe => File is digitally signed
C:\WINDOWS\system32\rpcss.dll => File is digitally signed
C:\WINDOWS\system32\dnsapi.dll => File is digitally signed
C:\WINDOWS\SysWOW64\dnsapi.dll => File is digitally signed
C:\WINDOWS\system32\Drivers\volsnap.sys => File is digitally signed

LastRegBack: 2017-02-17 00:55

==================== End of FRST.txt ============================



Addition file:
Additional scan result of Farbar Recovery Scan Tool (x64) Version: 22-02-2017 01
Ran by Kayla (22-02-2017 16:04:18)
Running from C:\Users\Kayla\Downloads
Windows 10 Home Version 1607 (X64) (2016-09-12 02:53:05)
Boot Mode: Normal
==========================================================


==================== Accounts: =============================

Administrator (S-1-5-21-3778868831-2437984709-597761506-500 - Administrator - Disabled)
DefaultAccount (S-1-5-21-3778868831-2437984709-597761506-503 - Limited - Disabled)
Guest (S-1-5-21-3778868831-2437984709-597761506-501 - Limited - Disabled)
Kayla (S-1-5-21-3778868831-2437984709-597761506-1001 - Administrator - Enabled) => C:\Users\Kayla

==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AV: Avast Antivirus (Enabled - Up to date) {8EA8924E-BC81-DC44-8BB0-8BAE75D86EBF}
AV: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AV: Malwarebytes (Enabled - Up to date) {23007AD3-69FE-687C-2629-D584AFFAF72B}
AS: Malwarebytes (Enabled - Up to date) {98619B37-4FC4-67F2-1C99-EEF6D47DBD96}
AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: Avast Antivirus (Enabled - Up to date) {35C973AA-9ABB-D3CA-B100-B0DC0E5F2402}

==================== Installed Programs ======================

(Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

7-Zip 16.02 (x64) (HKLM\...\7-Zip) (Version: 16.02 - Igor Pavlov)
7-Zip 16.04 (x64 edition) (HKLM\...\{23170F69-40C1-2702-1604-000001000000}) (Version: 16.04.00.0 - Igor Pavlov)
Absolute Reminder (HKLM-x32\...\{40F4FF7A-B214-4453-B973-080B09CED019}) (Version: 2.3.0.1 - Absolute Software)
AhnLab Online Security (HKLM-x32\...\AhnLab Online Security) (Version: - AhnLab, Inc)
Apple Application Support (32-bit) (HKLM-x32\...\{9BA1A894-B42F-4805-BC8C-349C905A3930}) (Version: 5.3.1 - Apple Inc.)
Apple Application Support (64-bit) (HKLM\...\{7EAC8A42-9FAC-4F6B-AABF-C08C9F2E0F13}) (Version: 5.3.1 - Apple Inc.)
Apple Mobile Device Support (HKLM\...\{55BB2110-FB43-49B3-93F4-945A0CFB0A6C}) (Version: 10.0.1.3 - Apple Inc.)
Apple Software Update (HKLM-x32\...\{56EC47AA-5813-4FF6-8E75-544026FBEA83}) (Version: 2.2.0.150 - Apple Inc.)
Audacity 2.1.2 (HKLM-x32\...\Audacity®_is1) (Version: 2.1.2 - Audacity Team)
Avast Free Antivirus (HKLM-x32\...\Avast Antivirus) (Version: 17.1.2286 - AVAST Software)
AviSynth 2.6 (HKLM-x32\...\AviSynth) (Version: 2.6.0.6 - GPL Public release.)
AVStoDVD 2.8.5 (HKLM-x32\...\AVStoDVD) (Version: 2.8.5 - MrC)
Bonjour (HKLM\...\{56DDDFB8-7F79-4480-89D5-25E1F52AB28F}) (Version: 3.1.0.1 - Apple Inc.)
ChromecastApp (HKU\S-1-5-21-3778868831-2437984709-597761506-1001\...\{079ede36-133d-44b0-8053-c7c1fa8d2e0d}_is1) (Version: 1.5.1693.0 - Google Inc.)
CyberLink PowerDirector 10 (HKLM-x32\...\InstallShield_{B0B4F6D2-F2AE-451A-9496-6F2F6A897B32}) (Version: 10.0.0.2810 - CyberLink Corp.)
CyberLink PowerDirector 10 (Version: 10.0.0.2810 - CyberLink Corp.) Hidden
D3DX10 (x32 Version: 15.4.2368.0902 - Microsoft) Hidden
DaVinci Resolve (HKLM\...\{A6768A12-548B-45FF-9474-A62153C7DAB4}) (Version: 12.5.3014 - Blackmagic Design)
Dolby Digital Plus Home Theater (HKLM\...\{7E3D8FA1-6092-469A-955B-68FC4A2C67CA}) (Version: 7.3.2.2 - Dolby Laboratories Inc)
Energy Manager (HKLM-x32\...\InstallShield_{AC768037-7079-4658-AC24-2897650E0ABE}) (Version: 1.0.1.38 - Lenovo)
Energy Manager (x32 Version: 1.0.1.38 - Lenovo) Hidden
ÈÞ´ëÆùÀÎÁõ¼­(º¸°ü)¼­ºñ½º (HKLM-x32\...\INFovine) (Version: - INFovine)
FINAL FANTASY VII (HKLM-x32\...\Steam App 39140) (Version: - Square Enix)
FINAL FANTASY VIII (HKLM-x32\...\Steam App 39150) (Version: - SQUARE ENIX)
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 56.0.2924.87 - Google Inc.)
Google Drive (HKLM-x32\...\{07A12123-B717-496B-B471-48AF6407B433}) (Version: 1.32.4066.7445 - Google, Inc.)
Google Update Helper (x32 Version: 1.3.32.7 - Google Inc.) Hidden
HitFilm 4 Express (HKLM\...\{F8BB3662-69A1-4EF1-8674-ADD90AAD3D08}) (Version: 4.0.5723.10801 - FXHOME)
ImgBurn (HKLM-x32\...\ImgBurn) (Version: 2.5.8.0 - LIGHTNING UK!)
Intel Experience Center - Configuration (x32 Version: 1.7.0.179 - Intel) Hidden
Intel(R) Dynamic Platform and Thermal Framework (HKLM-x32\...\FFD10ECE-F715-4a86-9BD8-F6F47DA5DA1C) (Version: 7.1.0.2103 - Intel Corporation)
Intel(R) Experience Center Desktop Software (HKLM-x32\...\{3608ec0a-56b4-4d9d-b038-9b3e51d72582}) (Version: 1.7.0.179 - Intel)
Intel(R) Management Engine Components (HKLM-x32\...\{65153EA5-8B6E-43B6-857B-C6E4FC25798A}) (Version: 9.5.13.1706 - Intel Corporation)
Intel(R) Processor Graphics (HKLM-x32\...\{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}) (Version: 20.19.15.4531 - Intel Corporation)
Intel(R) PROSet/Wireless Software for Bluetooth(R) Technology(patch version 3.0.1337.1) (HKLM\...\{302600C1-6BDF-4FD1-1307-148929CC1385}) (Version: 3.1.1307.0362 - Intel Corporation)
Intel(R) Rapid Storage Technology (HKLM\...\{409CB30E-E457-4008-9B1A-ED1B9EA21140}) (Version: 12.8.0.1016 - Intel Corporation)
Intel(R) Update Manager (x32 Version: 1.6.2.69 - Intel Corporation) Hidden
Intel® PROSet/Wireless Software (HKLM-x32\...\{313c06de-4aa7-4a1f-930a-f10f80380426}) (Version: 17.14.0 - Intel Corporation)
IPinside Agent (HKLM-x32\...\IPinside Agent) (Version: 1.0.1.30 - interezen)
iTunes (HKLM\...\{9D0D2A8B-7E7B-4D88-8D50-24286ED6A5EB}) (Version: 12.5.5.5 - Apple Inc.)
KakaoTalk (HKLM-x32\...\KakaoTalk) (Version: 2.5.3.1451 - Kakao Corp.)
KOBUS - (Áõ¸í¼­¹ß±ÞÇÁ·Î±×·¥) (HKLM-x32\...\KOBUS - (Áõ¸í¼­¹ß±ÞÇÁ·Î±×·¥)) (Version: v2.6.0.20 - )
LAME v3.99.3 (for Windows) (HKLM-x32\...\LAME_is1) (Version: - )
LAV Filters 0.68 (HKLM-x32\...\lavfilters_is1) (Version: 0.68 - Hendrik Leppkes)
Lenovo App Shop (HKLM-x32\...\Lenovo App Shop 45246) (Version: 3.10.0.45246.24 - Lenovo)
Lenovo EasyCamera (HKLM-x32\...\{E0A7ED39-8CD6-4351-93C3-69CCA00D12B4}) (Version: 6.2.9200.10240 - Realtek Semiconductor Corp.)
Lenovo Motion Control (HKLM-x32\...\InstallShield_{A800D2BF-2F0D-4899-B265-C91C90981E8C}) (Version: 2.0.0.0829 - PointGrab)
Lenovo Motion Control (x32 Version: 2.0.0.0829 - PointGrab) Hidden
Lenovo OneKey Recovery (HKLM-x32\...\InstallShield_{46F4D124-20E5-4D12-BE52-EC177A7A4B42}) (Version: 8.0.0.2105 - CyberLink Corp.)
Lenovo OneKey Recovery (Version: 8.0.0.2105 - CyberLink Corp.) Hidden
Lenovo Service Bridge (HKU\S-1-5-21-3778868831-2437984709-597761506-1001\...\cbe8636f7dd0cf1d) (Version: 1.6.2.0 - Lenovo)
Lenovo Smart Voice (HKLM\...\Lenovo SmartVoice) (Version: 1.0.2.0 - Lenovo)
Lenovo Transition (HKLM\...\Lenovo Transition) (Version: 2.0.13.8211 - Lenovo)
Lenovo Yoga PhoneCompanion (HKLM-x32\...\InstallShield_{0F82EA83-B0C5-4AB9-9695-DFE92C5FD57B}) (Version: 1.1.9.3 - Lenovo)
Lenovo Yoga PhoneCompanion (x32 Version: 1.1.9.3 - Lenovo) Hidden
Life Is Strange™ (HKLM\...\Steam App 319630) (Version: - DONTNOD Entertainment)
Malwarebytes version 3.0.6.1469 (HKLM\...\{35065F43-4BB2-439A-BFF7-0F1014F2E0CD}_is1) (Version: 3.0.6.1469 - Malwarebytes)
Microsoft Office (HKLM-x32\...\{90150000-0138-0409-0000-0000000FF1CE}) (Version: 15.0.4454.1510 - Microsoft Corporation)
Microsoft OneDrive (HKU\S-1-5-21-3778868831-2437984709-597761506-1001\...\OneDriveSetup.exe) (Version: 17.3.6743.1212 - Microsoft Corporation)
Microsoft SQL Server 2005 Compact Edition [ENU] (HKLM-x32\...\{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}) (Version: 3.1.0000 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Movie Maker (x32 Version: 16.4.3528.0331 - Microsoft Corporation) Hidden
nProtect Netizen v5.5 (HKLM-x32\...\nProtect Netizen v5.5) (Version: - INCA Internet Co., Ltd.)
QuickTime 7 (HKLM-x32\...\{FF59BD75-466A-4D5A-AD23-AAD87C5FD44C}) (Version: 7.79.80.95 - Apple Inc.)
Realtek Card Reader (HKLM-x32\...\{5BC2B5AB-80DE-4E83-B8CF-426902051D0A}) (Version: 6.2.9200.30164 - Realtek Semiconductor Corp.)
Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.7040 - Realtek Semiconductor Corp.)
ReminderInstaller (HKLM-x32\...\InstallShield_{48B99BC9-CEB0-485E-96B1-4609BC86D2DE}) (Version: 1.00.0000 - Absolute Software.)
ReminderInstaller (x32 Version: 1.00.0000 - Absolute Software.) Hidden
SafeZone Stable 3.55.2393.561 (x32 Version: 3.55.2393.561 - Avast Software) Hidden
Skype™ 7.32 (HKLM-x32\...\{FC965A47-4839-40CA-B618-18F486F042C6}) (Version: 7.32.103 - Skype Technologies S.A.)
Slack (HKU\S-1-5-21-3778868831-2437984709-597761506-1001\...\slack) (Version: 2.2.1 - Slack Technologies)
Steam (HKLM-x32\...\Steam) (Version: 2.10.91.91 - Valve Corporation)
Synaptics Pointing Device Driver (HKLM\...\SynTPDeinstKey) (Version: 19.0.9.5 - Synaptics Incorporated)
The Elder Scrolls V: Skyrim (HKLM-x32\...\Steam App 72850) (Version: - Bethesda Game Studios)
The Sims(TM) 3 (HKLM\...\Steam App 47890) (Version: - The Sims Studio)
TouchEn key with E2E for 32bit (HKLM-x32\...\TouchEn_key) (Version: - RaonSecure Co., Ltd.)
Update for Korean Microsoft IME Standard Dictionary (HKLM\...\{75A54180-CA5E-47B8-AFBB-29337B976B21}) (Version: 16.0.662.1 - Microsoft Corporation)
Upwork version 4.1.351.0 (HKLM-x32\...\{F8678797-5A4B-43CF-88D0-EEF67DB3B55E}_is1) (Version: 4.1.351.0 - Upwork, Inc)
UserGuide (HKLM-x32\...\InstallShield_{F07C2CF8-4C53-4EC3-8162-A6221E36EB88}) (Version: 1.0.0.15 - Lenovo)
UserGuide (x32 Version: 1.0.0.15 - Lenovo) Hidden
Veraport20(Security module management) - 2,5,2,2 (HKLM-x32\...\{2D992E01-604B-472C-A883-1DDA105A24D5}_is1) (Version: 2,5,2,2 - Wizvera)
VSO ConvertXToDVD 6 (HKLM-x32\...\{8FC36FA6-C508-44FB-B137-1CB46D8258B2}_is1) (Version: 6.0.0.81 - VSO Software)
Windows Driver Package - Lenovo (ACPIVPC) System (02/17/2013 9.52.0.776) (HKLM\...\35DD26BE48DAF4A9F35F969F3CB1E3E1435E661E) (Version: 02/17/2013 9.52.0.776 - Lenovo)
Windows Driver Package - Lenovo (WUDFRd) LenovoVhid (07/25/2013 10.30.0.288) (HKLM\...\6BCA401E9CBEED970D75F55FA5320F60D11984E9) (Version: 07/25/2013 10.30.0.288 - Lenovo)
Windows Live Essentials (HKLM-x32\...\WinLiveSuite) (Version: 16.4.3528.0331 - Microsoft Corporation)
WPS Office (10.1.0.5471) (HKU\S-1-5-21-3778868831-2437984709-597761506-1001\...\Kingsoft Office) (Version: 10.1.0.5471 - Kingsoft Corp.)
XecureWeb Control (HKLM-x32\...\XecureWeb Control) (Version: 7, 2, 8, 2 - SoftForum Co., Ltd.)
Yoga Picks (HKLM-x32\...\{267C8BA0-876B-4589-9F14-EFB84ABCEA7F}) (Version: 1.00.013.0731 - Lenovo)

==================== Custom CLSID (Whitelisted): ==========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

CustomCLSID: HKU\S-1-5-21-3778868831-2437984709-597761506-1001_Classes\CLSID\{590C4387-5EBD-4D46-8A84-CD0BA2EF2856}\InprocServer32 -> C:\Users\Kayla\AppData\Local\Google\Update\1.3.30.3\psuser_64.dll => No File
CustomCLSID: HKU\S-1-5-21-3778868831-2437984709-597761506-1001_Classes\CLSID\{59B55F04-DE14-4BB8-92FF-C4A22EF2E5F4}\InprocServer32 -> C:\Users\Kayla\AppData\Local\Google\Update\1.3.31.5\psuser_64.dll => No File
CustomCLSID: HKU\S-1-5-21-3778868831-2437984709-597761506-1001_Classes\CLSID\{793EE463-1304-471C-ADF1-68C2FFB01247}\InprocServer32 -> C:\Users\Kayla\AppData\Local\Google\Update\1.3.29.5\psuser_64.dll => No File
CustomCLSID: HKU\S-1-5-21-3778868831-2437984709-597761506-1001_Classes\CLSID\{9E506282-69D3-5ABA-9C1D-15994B37F4AC}\InprocServer32 -> C:\Program Files (x86)\Lenovo\LenovoAppShop\bin\npAppUp_x64.dll (Intel)
CustomCLSID: HKU\S-1-5-21-3778868831-2437984709-597761506-1001_Classes\CLSID\{9E506282-69D3-5ABA-9C1D-15994B37F4AD}\InprocServer32 -> C:\Program Files (x86)\Lenovo\LenovoAppShop\bin\npAppUp_x64.dll (Intel)
CustomCLSID: HKU\S-1-5-21-3778868831-2437984709-597761506-1001_Classes\CLSID\{CB492AF1-2CEF-4E58-BE47-471C77D0C8BA}\InprocServer32 -> C:\Users\Kayla\AppData\Local\Google\Update\1.3.32.7\psuser_64.dll (Google Inc.)
CustomCLSID: HKU\S-1-5-21-3778868831-2437984709-597761506-1001_Classes\CLSID\{E8CF3E55-F919-49D9-ABC0-948E6CB34B9F}\InprocServer32 -> C:\Users\Kayla\AppData\Local\Google\Update\1.3.32.7\psuser_64.dll (Google Inc.)

==================== Scheduled Tasks (Whitelisted) =============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

Task: {02C7E434-18F1-4583-BC7A-55D58EF1B438} - System32\Tasks\ISM-UpdateService-e57b59e7-5862-4250-9ce0-76fb411dc0d2 => C:\Program Files (x86)\Intel\Intel(R) Update Manager\bin\Bootstrap.exe [2013-07-03] (Intel Corporation)
Task: {0AD57A7F-782A-4AC9-950C-F3AC976BA5E3} - System32\Tasks\GoogleUpdateTaskUserS-1-5-21-3778868831-2437984709-597761506-1001UA1d257f99b8b7688 => C:\Users\Kayla\AppData\Local\Google\Update\GoogleUpdate.exe [2016-02-18] (Google Inc.)
Task: {0E6E8283-650E-4028-BC1F-4548712F0C69} - \Microsoft\Windows\Setup\GWXTriggers\OutOfIdle-5d -> No File <==== ATTENTION
Task: {0FA890B3-C5B7-4D17-8A6D-8BF93178A27E} - System32\Tasks\OneDrive Standalone Update Task => C:\Users\Kayla\AppData\Local\Microsoft\OneDrive\17.3.6517.0809\OneDriveStandaloneUpdater.exe
Task: {101A7132-0C48-4844-AB07-84F4C5666C2C} - \Microsoft\Windows\Setup\GWXTriggers\Time-5d -> No File <==== ATTENTION
Task: {11803581-A3D3-4C73-B451-D5C2098F1BC9} - System32\Tasks\GoogleUpdateTaskUserS-1-5-21-3778868831-2437984709-597761506-1001Core1d1e9f76a11ca3e => C:\Users\Kayla\AppData\Local\Google\Update\GoogleUpdate.exe [2016-02-18] (Google Inc.)
Task: {12D9A1E8-B779-4694-996A-99FFDCCD0009} - \Microsoft\Windows\Setup\gwx\refreshgwxcontent -> No File <==== ATTENTION
Task: {1823B48C-9136-46D9-8538-7AD4169136F2} - System32\Tasks\Lenovo Smart Voice => C:\Program Files (x86)\Lenovo\Lenovo Smart Voice\LsvTrayLoad.exe [2016-02-13] (Lenovo)
Task: {27F29A4B-D091-467E-A767-5082559608D5} - \Microsoft\Windows\Setup\GWXTriggers\OnIdle-5d -> No File <==== ATTENTION
Task: {352E6CA0-7314-4DF4-89C4-682368D80D57} - System32\Tasks\Microsoft\Windows\Workplace Join\Automatic-Workplace-Join => %SystemRoot%\System32\AutoWorkplace.exe
Task: {359CBBEF-EB50-46A4-B5ED-2BF8387CB5DE} - \Microsoft\Windows\Setup\gwx\launchtrayprocess -> No File <==== ATTENTION
Task: {3C28B6F0-DE60-4B83-BCAF-24A34B0BB653} - System32\Tasks\Update\b526800b-4b75-436f-ba32-d039f88965f6 => C:\Users\Kayla\AppData\Roaming\ssetp.exe <==== ATTENTION
Task: {3D74E0CE-62B1-4771-904F-B431A16D8209} - \Microsoft\Windows\Setup\GWXTriggers\MachineUnlock-5d -> No File <==== ATTENTION
Task: {3DA3F865-6371-4F7B-BEED-73C39249B063} - \Microsoft\Windows\Setup\GWXTriggers\Logon-5d -> No File <==== ATTENTION
Task: {41AF85EE-58FF-4BCA-8B06-4698CAE4ABC3} - System32\Tasks\WpsNotifyTask_Kayla => C:\Users\Kayla\AppData\Local\Kingsoft\WPS Office\10.1.0.5471\wtoolex\wpsnotify.exe [2016-02-20] (Zhuhai Kingsoft Office Software Co.,Ltd)
Task: {4847E874-4FEB-46AC-8895-3D2DA38AB55C} - \Microsoft\Windows\Setup\GWXTriggers\Time-Weekend -> No File <==== ATTENTION
Task: {4C6B18BD-7F79-47A1-A302-1A5BE4CF51C7} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2016-02-15] (Google Inc.)
Task: {4E767E42-22B8-45C6-B394-4377FE15CE0C} - System32\Tasks\GoogleUpdateTaskUserS-1-5-21-3778868831-2437984709-597761506-1001UA1d1e9f76a332b07 => C:\Users\Kayla\AppData\Local\Google\Update\GoogleUpdate.exe [2016-02-18] (Google Inc.)
Task: {4FEF876D-1C81-41F9-8944-FA474BD2444D} - \Microsoft\Windows\Setup\gwx\rundetector -> No File <==== ATTENTION
Task: {71C5C211-478C-4C0D-88B5-4AC189FE5035} - System32\Tasks\Synaptics TouchPad Enhancements => C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [2015-06-02] (Synaptics Incorporated)
Task: {71FC7456-E22B-4606-BAC6-8FC17EE10D5A} - \Microsoft\Windows\Setup\gwx\refreshgwxconfigandcontent -> No File <==== ATTENTION
Task: {7843A63B-03A8-4685-8F90-640F97A3FA24} - \Microsoft\Windows\Setup\GWXTriggers\OutOfSleep-5d -> No File <==== ATTENTION
Task: {8B71F5AE-814A-40FB-86A0-86CFAF3D9979} - System32\Tasks\Avast Emergency Update => C:\Program Files\AVAST Software\Avast\AvEmUpdate.exe [2017-02-22] (AVAST Software)
Task: {9925F08F-E293-4042-B09D-D9E9A9614BE8} - System32\Tasks\GoogleUpdateTaskUserS-1-5-21-3778868831-2437984709-597761506-1001Core1d257f99b831a75 => C:\Users\Kayla\AppData\Local\Google\Update\GoogleUpdate.exe [2016-02-18] (Google Inc.)
Task: {9F905144-62C8-4FEE-8DEF-C05BEB9D953F} - System32\Tasks\SafeZone scheduled Autoupdate 1487786160 => C:\Program Files\AVAST Software\SZBrowser\launcher.exe [2017-02-15] (Avast Software)
Task: {BA2F087A-7DE3-4E13-AFE6-425ACCA5B1D4} - System32\Tasks\ISM-UpdateService-e57b59e7-5862-4250-9ce0-76fb411dc0d2-Logon => C:\Program Files (x86)\Intel\Intel(R) Update Manager\bin\Bootstrap.exe [2013-07-03] (Intel Corporation)
Task: {BBBEA170-BBFC-45A0-A5F6-22B355F48278} - \Microsoft\Windows\Setup\GWXTriggers\refreshgwxconfig-B -> No File <==== ATTENTION
Task: {BC021E80-42B7-416B-BC69-755D859B83C5} - \Microsoft\Windows\Setup\EOONotify -> No File <==== ATTENTION
Task: {BC174DE3-D99B-436D-95B0-32F2012157B3} - System32\Tasks\AVAST Software\Avast settings backup => C:\Program Files\Common Files\AV\avast! Antivirus\backup.exe [2017-02-22] (AVAST Software)
Task: {C0F9C33E-4305-4CA0-9512-B3661BD6BAF6} - \Lenovo\Lenovo Service Bridge\S-1-5-21-3778868831-2437984709-597761506-1001 -> No File <==== ATTENTION
Task: {C434638F-D463-413B-A9AB-30E472D9F982} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2016-02-15] (Google Inc.)
Task: {D0F40B4F-37D1-4B2D-8DD2-8C7ABC744763} - System32\Tasks\GoogleUpdateTaskUserS-1-5-21-3778868831-2437984709-597761506-1001Core => C:\Users\Kayla\AppData\Local\Google\Update\GoogleUpdate.exe [2016-02-18] (Google Inc.)
Task: {D49B43BB-EB40-41BF-AEF3-208BC410D297} - \Microsoft\Windows\Setup\GWXTriggers\ScheduleUpgradeTime -> No File <==== ATTENTION
Task: {E7B48CDF-51C4-4C2E-912A-07979D49EC2A} - System32\Tasks\GoogleUpdateTaskUserS-1-5-21-3778868831-2437984709-597761506-1001UA => C:\Users\Kayla\AppData\Local\Google\Update\GoogleUpdate.exe [2016-02-18] (Google Inc.)
Task: {F99D5072-66DA-4B11-99C1-ECA3A191DDAB} - \Microsoft\Windows\Setup\GWXTriggers\ScheduleUpgradeReminderTime -> No File <==== ATTENTION
Task: {FDC1ADED-6ABD-46CE-B720-BA98B2DA77E9} - \Microsoft\Windows\Setup\gwx\refreshgwxconfig -> No File <==== ATTENTION

(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)

Task: C:\WINDOWS\Tasks\CreateExplorerShellUnelevatedTask.job => C:\WINDOWS\explorer.exe
Task: C:\WINDOWS\Tasks\GoogleUpdateTaskUserS-1-5-21-3778868831-2437984709-597761506-1001Core.job => C:\Users\Kayla\AppData\Local\Google\Update\GoogleUpdate.exe
Task: C:\WINDOWS\Tasks\GoogleUpdateTaskUserS-1-5-21-3778868831-2437984709-597761506-1001Core1d1e9f76a11ca3e.job => C:\Users\Kayla\AppData\Local\Google\Update\GoogleUpdate.exe
Task: C:\WINDOWS\Tasks\GoogleUpdateTaskUserS-1-5-21-3778868831-2437984709-597761506-1001UA.job => C:\Users\Kayla\AppData\Local\Google\Update\GoogleUpdate.exe
Task: C:\WINDOWS\Tasks\GoogleUpdateTaskUserS-1-5-21-3778868831-2437984709-597761506-1001UA1d1e9f76a332b07.job => C:\Users\Kayla\AppData\Local\Google\Update\GoogleUpdate.exe
Task: C:\WINDOWS\Tasks\WpsNotifyTask_Kayla.job => C:\Users\Kayla\AppData\Local\Kingsoft\WPS Office\10.1.0.5471\wtoolex\wpsnotify.exe

==================== Shortcuts =============================

(The entries could be listed to be restored or removed.)

==================== Loaded Modules (Whitelisted) ==============

2016-07-16 06:42 - 2016-07-16 06:42 - 00231424 _____ () C:\WINDOWS\SYSTEM32\ism32k.dll
2016-12-13 14:51 - 2016-12-09 05:29 - 02681200 _____ () C:\WINDOWS\system32\CoreUIComponents.dll
2016-09-01 04:12 - 2016-09-01 04:12 - 00092472 _____ () C:\Program Files\Common Files\Apple\Apple Application Support\zlib1.dll
2017-01-13 13:56 - 2017-01-13 13:56 - 01353528 _____ () C:\Program Files\Common Files\Apple\Apple Application Support\libxml2.dll
2017-02-21 17:59 - 2017-01-20 07:47 - 02264352 _____ () C:\PROGRAM FILES\MALWAREBYTES\ANTI-MALWARE\PoliciesControllerImpl.dll
2017-02-21 17:59 - 2017-01-20 07:47 - 02254800 _____ () C:\PROGRAM FILES\MALWAREBYTES\ANTI-MALWARE\MwacLib.dll
2017-02-21 17:59 - 2017-01-20 07:47 - 02829776 _____ () C:\PROGRAM FILES\MALWAREBYTES\ANTI-MALWARE\arwlib.dll
2016-02-13 16:23 - 2012-04-24 21:43 - 00390632 ____N () C:\Program Files\CyberLink\Shared files\RichVideo64.exe
2016-02-13 16:24 - 2016-02-13 16:24 - 00061200 _____ () C:\ProgramData\LenovoTransition\Server\x64\dptf.dll
2016-12-13 14:51 - 2016-12-09 05:29 - 02681200 _____ () C:\WINDOWS\SYSTEM32\CoreUIComponents.dll
2016-05-27 01:50 - 2016-11-01 22:05 - 00401896 _____ () C:\WINDOWS\system32\igfxTray.exe
2016-09-16 05:05 - 2016-09-06 23:56 - 00134656 _____ () C:\Windows\ShellExperiences\Windows.UI.Shell.SharedUtilities.dll
2017-01-11 11:25 - 2016-12-21 02:09 - 00474112 _____ () C:\Windows\ShellExperiences\QuickActions.dll
2017-01-11 11:25 - 2016-12-21 01:54 - 09760768 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\CortanaApi.dll
2017-01-11 11:25 - 2016-12-21 01:48 - 01401856 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\Cortana.Core.dll
2017-01-11 11:25 - 2016-12-21 01:48 - 00757248 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\CSGSuggestLib.dll
2017-01-11 11:25 - 2016-12-21 01:48 - 01033216 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\Cortana.Actions.dll
2017-01-11 11:25 - 2016-12-21 01:48 - 02424320 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\Cortana.BackgroundTask.dll
2017-01-11 11:25 - 2016-12-21 01:53 - 04853760 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\RemindersUI.dll
2017-01-19 12:06 - 2017-01-19 12:06 - 01969360 _____ () C:\Program Files\WindowsApps\Microsoft.MicrosoftStickyNotes_1.4.7.0_x64__8wekyb3d8bbwe\Microsoft.Applications.Telemetry.Windows.dll
2017-01-19 12:06 - 2017-01-19 12:06 - 00381440 _____ () C:\Program Files\WindowsApps\Microsoft.MicrosoftStickyNotes_1.4.7.0_x64__8wekyb3d8bbwe\Microsoft.Notes.Upgrade.dll
2017-02-22 12:51 - 2017-02-22 12:51 - 00073728 _____ () C:\Program Files\WindowsApps\Microsoft.SkypeApp_11.11.110.0_x64__kzf8qxf38zg5c\SkypeHost.exe
2017-02-22 12:51 - 2017-02-22 12:51 - 00179712 _____ () C:\Program Files\WindowsApps\Microsoft.SkypeApp_11.11.110.0_x64__kzf8qxf38zg5c\SkypeBackgroundTasks.dll
2017-02-22 12:51 - 2017-02-22 12:51 - 42895360 _____ () C:\Program Files\WindowsApps\Microsoft.SkypeApp_11.11.110.0_x64__kzf8qxf38zg5c\SkyWrap.dll
2017-02-06 16:59 - 2017-02-06 16:59 - 02215424 _____ () C:\Program Files\WindowsApps\Microsoft.SkypeApp_11.11.110.0_x64__kzf8qxf38zg5c\roottools.dll
2016-02-13 16:24 - 2016-02-13 16:24 - 00294672 _____ () C:\Program Files (x86)\Lenovo\Lenovo Transition\Transition.exe
2016-02-13 16:24 - 2016-02-13 16:24 - 00108304 _____ () C:\Program Files (x86)\Lenovo\Lenovo Transition\TransitionServer.exe
2016-11-22 23:04 - 2016-11-22 23:04 - 00019456 _____ () C:\Program Files\WindowsApps\Microsoft.Windows.Photos_16.1118.10000.0_x64__8wekyb3d8bbwe\Microsoft.Photos.exe
2016-11-22 23:04 - 2016-11-22 23:04 - 20433408 _____ () C:\Program Files\WindowsApps\Microsoft.Windows.Photos_16.1118.10000.0_x64__8wekyb3d8bbwe\Microsoft.Photos.dll
2016-07-29 06:04 - 2016-07-29 06:04 - 00680448 _____ () C:\Program Files\WindowsApps\Microsoft.Windows.Photos_16.1118.10000.0_x64__8wekyb3d8bbwe\Microsoft.DesignCore.dll
2016-11-22 23:04 - 2016-11-22 23:04 - 01046528 _____ () C:\Program Files\WindowsApps\Microsoft.Windows.Photos_16.1118.10000.0_x64__8wekyb3d8bbwe\Microsoft.Sharing.dll
2016-11-22 23:04 - 2016-11-22 23:04 - 00353792 _____ () C:\Program Files\WindowsApps\Microsoft.Windows.Photos_16.1118.10000.0_x64__8wekyb3d8bbwe\Photos.Inking.dll
2017-02-14 22:20 - 2017-02-14 22:20 - 03865088 _____ () C:\Program Files\WindowsApps\Microsoft.WindowsCalculator_10.1702.312.0_x64__8wekyb3d8bbwe\Calculator.exe
2017-01-31 20:42 - 2017-01-31 20:43 - 01097072 _____ () C:\Program Files\WindowsApps\Microsoft.ZuneVideo_10.16122.10291.0_x64__8wekyb3d8bbwe\Microsoft.UI.Xaml.Controls.dll
2016-02-13 16:24 - 2016-02-13 16:24 - 00161792 _____ () C:\Program Files\Lenovo Yoga PhoneCompanion\adb.exe
2016-02-13 16:10 - 2013-08-09 07:25 - 01242584 _____ () C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\ACE.dll
2016-02-13 16:24 - 2016-02-13 16:24 - 00102672 _____ () C:\Program Files (x86)\Lenovo\Lenovo Transition\Config\3200\TransitionLib.dll
2016-02-13 16:24 - 2016-02-13 16:24 - 00101648 _____ () C:\Program Files (x86)\Lenovo\Lenovo Transition\LUpdatePackage.dll
2016-02-13 16:24 - 2016-02-13 16:24 - 00101648 _____ () C:\Program Files (x86)\Lenovo\Lenovo Smart Voice\LUpdatePackage.dll
2017-02-22 12:52 - 2017-02-22 12:52 - 00170216 _____ () C:\Program Files\AVAST Software\Avast\JsonRpcServer.dll
2017-02-22 12:53 - 2017-02-22 12:53 - 48936448 _____ () C:\Program Files\AVAST Software\Avast\libcef.dll
2017-02-22 12:52 - 2017-02-22 12:52 - 00289328 _____ () C:\Program Files\AVAST Software\Avast\gaming_mode_ui.dll
2017-02-22 12:52 - 2017-02-22 12:52 - 00655056 _____ () C:\Program Files\AVAST Software\Avast\ffl2.dll
2017-02-02 19:11 - 2017-02-01 04:01 - 01870168 _____ () C:\Program Files (x86)\Google\Chrome\Application\56.0.2924.87\libglesv2.dll
2017-02-02 19:11 - 2017-02-01 04:01 - 00085848 _____ () C:\Program Files (x86)\Google\Chrome\Application\56.0.2924.87\libegl.dll

==================== Alternate Data Streams (Whitelisted) =========

(If an entry is included in the fixlist, only the ADS will be removed.)

AlternateDataStreams: C:\Windows:nlsPreferences [386]

==================== Safe Mode (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)

HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MBAMChameleon => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MBAMService => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\MBAMChameleon => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\MBAMService => ""="Service"

==================== Association (Whitelisted) ===============

(If an entry is included in the fixlist, the registry item will be restored to default or removed.)


==================== Internet Explorer trusted/restricted ===============

(If an entry is included in the fixlist, it will be removed from the registry.)

IE trusted site: HKU\S-1-5-21-3778868831-2437984709-597761506-1001\...\dongbulife.com -> hxxp://dongbulife.com
IE trusted site: HKU\S-1-5-21-3778868831-2437984709-597761506-1001\...\esero.go.kr -> hxxp://www.esero.go.kr
IE trusted site: HKU\S-1-5-21-3778868831-2437984709-597761506-1001\...\hanwhalife.com -> hxxp://hanwhalife.com
IE trusted site: HKU\S-1-5-21-3778868831-2437984709-597761506-1001\...\hkbank.co.kr -> hxxp://hkbank.co.kr
IE trusted site: HKU\S-1-5-21-3778868831-2437984709-597761506-1001\...\hyundailife.com -> hxxp://hyundailife.com
IE trusted site: HKU\S-1-5-21-3778868831-2437984709-597761506-1001\...\ibk.co.kr -> hxxp://ibk.co.kr
IE trusted site: HKU\S-1-5-21-3778868831-2437984709-597761506-1001\...\ibk.co.kr -> hxxps://ibk.co.kr
IE trusted site: HKU\S-1-5-21-3778868831-2437984709-597761506-1001\...\jbbank.co.kr -> hxxps://jbbank.co.kr
IE trusted site: HKU\S-1-5-21-3778868831-2437984709-597761506-1001\...\kftc.or.kr -> hxxp://kftc.or.kr
IE trusted site: HKU\S-1-5-21-3778868831-2437984709-597761506-1001\...\prsb.co.kr -> hxxp://prsb.co.kr
IE trusted site: HKU\S-1-5-21-3778868831-2437984709-597761506-1001\...\samsungcard.com -> hxxps://samsungcard.com
IE trusted site: HKU\S-1-5-21-3778868831-2437984709-597761506-1001\...\scourt.go.kr -> hxxps://smartoffice.scourt.go.kr
IE trusted site: HKU\S-1-5-21-3778868831-2437984709-597761506-1001\...\shinhansavings.com -> hxxp://shinhansavings.com
IE trusted site: HKU\S-1-5-21-3778868831-2437984709-597761506-1001\...\smartmiraeasset.com -> hxxp://www.smartmiraeasset.com
IE trusted site: HKU\S-1-5-21-3778868831-2437984709-597761506-1001\...\standardchartered.co.kr -> hxxp://standardchartered.co.kr
IE trusted site: HKU\S-1-5-21-3778868831-2437984709-597761506-1001\...\standardchartered.co.kr -> hxxps://standardchartered.co.kr
IE trusted site: HKU\S-1-5-21-3778868831-2437984709-597761506-1001\...\suhyup-bank.com -> hxxps://suhyup-bank.com
IE trusted site: HKU\S-1-5-21-3778868831-2437984709-597761506-1001\...\wooribank.com -> hxxps://wooribank.com
IE trusted site: HKU\S-1-5-21-3778868831-2437984709-597761506-1001\...\ysebank.co.kr -> hxxp://ysebank.co.kr

==================== Hosts content: ===============================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2013-08-22 08:25 - 2013-08-22 08:25 - 00000824 ____A C:\WINDOWS\system32\Drivers\etc\hosts


==================== Other Areas ============================

(Currently there is no automatic fix for this section.)

HKU\S-1-5-21-3778868831-2437984709-597761506-1001\Control Panel\Desktop\\Wallpaper -> C:\Users\Kayla\Pictures\Anime Shit\freya3.jpg
DNS Servers: 192.168.1.1
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1)
Windows Firewall is enabled.

==================== MSCONFIG/TASK MANAGER disabled items ==

HKLM\...\StartupApproved\StartupFolder: => "FAH.lnk"
HKLM\...\StartupApproved\StartupFolder: => "Update Notifier.lnk"
HKLM\...\StartupApproved\Run: => "iTunesHelper"
HKLM\...\StartupApproved\Run32: => "Yoga Picks"
HKU\S-1-5-21-3778868831-2437984709-597761506-1001\...\StartupApproved\StartupFolder: => "Slack.lnk"
HKU\S-1-5-21-3778868831-2437984709-597761506-1001\...\StartupApproved\Run: => "GoogleDriveSync"
HKU\S-1-5-21-3778868831-2437984709-597761506-1001\...\StartupApproved\Run: => "Skype"
HKU\S-1-5-21-3778868831-2437984709-597761506-1001\...\StartupApproved\Run: => "Steam"
HKU\S-1-5-21-3778868831-2437984709-597761506-1001\...\StartupApproved\Run: => "OneDrive"
HKU\S-1-5-21-3778868831-2437984709-597761506-1001\...\StartupApproved\Run: => "Upwork"

==================== FirewallRules (Whitelisted) ===============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

FirewallRules: [vm-monitoring-nb-session] => (Allow) LPort=139
FirewallRules: [{8E0D7492-4DAA-42AE-8CAD-23829E48D775}] => (Allow) C:\Program Files\Common Files\mcafee\platform\McSvcHost\McSvHost.exe
FirewallRules: [{F5E9F2FC-1826-4C26-903A-A4C4BDF6B6E9}] => (Allow) C:\Program Files\Common Files\mcafee\platform\McSvcHost\McSvHost.exe
FirewallRules: [{9B566BCE-9C53-409F-8DC2-40EF2DA3153B}] => (Allow) C:\Program Files\CyberLink\PowerDirector10\PDR10.EXE
FirewallRules: [{A50354BC-F2E4-4E9F-8918-69E1EA6CE27D}] => (Allow) C:\Program Files (x86)\Lenovo\LenovoAppShop\bin\ismagent.exe
FirewallRules: [{F4D70303-55B5-40C6-8B8B-1627FADDC8A7}] => (Allow) C:\Program Files (x86)\Lenovo\LenovoAppShop\bin\ismloader.exe
FirewallRules: [{25E11C20-6B4C-4E89-B624-F59D307BE23C}] => (Allow) C:\Program Files\Common Files\mcafee\platform\McSvcHost\McSvHost.exe
FirewallRules: [{CF7501C7-1C21-4C49-B4D8-42C0B2FA846B}] => (Allow) C:\Program Files\Intel\WiFi\bin\PanDhcpDns.exe
FirewallRules: [TCP Query User{5C105F41-4705-41C3-8D83-BD6BCB40ADB2}C:\users\kayla\appdata\local\logmein rescue applet\lmir0001.tmp\lmi_rescue.exe] => (Allow) C:\users\kayla\appdata\local\logmein rescue applet\lmir0001.tmp\lmi_rescue.exe
FirewallRules: [UDP Query User{AC92DC26-7241-42CA-A504-E62C209D7345}C:\users\kayla\appdata\local\logmein rescue applet\lmir0001.tmp\lmi_rescue.exe] => (Allow) C:\users\kayla\appdata\local\logmein rescue applet\lmir0001.tmp\lmi_rescue.exe
FirewallRules: [{7E3B1FCC-DAB8-4EE2-B15D-366ADAE542DA}] => (Allow) C:\Program Files (x86)\Steam\Steam.exe
FirewallRules: [{46F2C19B-7F2B-41B4-A943-CB306C414951}] => (Allow) C:\Program Files (x86)\Steam\Steam.exe
FirewallRules: [{5486FDE7-17BC-45AC-8A06-79BFF047A3D4}] => (Allow) C:\Program Files (x86)\Steam\bin\steamwebhelper.exe
FirewallRules: [{BA04C638-4A55-4416-84DE-5FA138FA402F}] => (Allow) C:\Program Files (x86)\Steam\bin\steamwebhelper.exe
FirewallRules: [{B32411C6-33F5-4080-8337-AAF6F532DEB8}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Skyrim\SkyrimLauncher.exe
FirewallRules: [{6881A6A4-CE8B-4C16-995D-22A5F10BDB90}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Skyrim\SkyrimLauncher.exe
FirewallRules: [{AEF4F058-01CF-4A86-B809-97204E6AD4AD}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\FINAL FANTASY VIII\FF8_Launcher.exe
FirewallRules: [{4F585BCD-6FC1-41C9-9058-CA8B28C98B08}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\FINAL FANTASY VIII\FF8_Launcher.exe
FirewallRules: [{049C9736-484F-4E33-921D-81EF89008B1E}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\FINAL FANTASY VII\FF7_Launcher.exe
FirewallRules: [{A3149EAD-439E-4E22-B369-CE8572394099}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\FINAL FANTASY VII\FF7_Launcher.exe
FirewallRules: [{1DED648B-A170-4E75-8E34-827DF7A3E20B}] => (Allow) C:\Program Files (x86)\Windows Live\Contacts\wlcomm.exe
FirewallRules: [{D0F19E14-BE60-45F0-BFD2-D276F94128F1}] => (Allow) LPort=2869
FirewallRules: [{9E6A10FA-279E-4261-9D28-E7193D08CFFE}] => (Allow) LPort=1900
FirewallRules: [TCP Query User{1A7DE400-8E44-4422-AC44-1C59C1D13F68}C:\program files (x86)\skype\phone\skype.exe] => (Allow) C:\program files (x86)\skype\phone\skype.exe
FirewallRules: [UDP Query User{357F95AB-5AFE-46E1-8E2D-BD263642B473}C:\program files (x86)\skype\phone\skype.exe] => (Allow) C:\program files (x86)\skype\phone\skype.exe
FirewallRules: [{C04D0445-1E82-4D1D-9664-51710303C48B}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\The Sims 3\Game\Bin\Sims3Launcher.exe
FirewallRules: [{6D5158D3-8A8A-4C92-B8DE-B79D8A23917E}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\The Sims 3\Game\Bin\Sims3Launcher.exe
FirewallRules: [{349EA16F-2E9D-4218-8B9E-7C45B9F50012}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Life Is Strange\Binaries\Win32\LifeIsStrange.exe
FirewallRules: [{12CA8784-0843-4643-A7C9-EAAEBF50CB22}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Life Is Strange\Binaries\Win32\LifeIsStrange.exe
FirewallRules: [TCP Query User{BD770B1B-6604-452A-BAE3-A0273EC4B236}C:\windows\syswow64\melonntfy2.exe] => (Allow) C:\windows\syswow64\melonntfy2.exe
FirewallRules: [UDP Query User{EB9AD9CC-C3B3-44EE-9619-82BD59CB019C}C:\windows\syswow64\melonntfy2.exe] => (Allow) C:\windows\syswow64\melonntfy2.exe
FirewallRules: [{725FC957-6787-40A5-9AF4-7E603D7E14DC}] => (Block) C:\windows\syswow64\melonntfy2.exe
FirewallRules: [{6731D530-F6A3-46B7-AF88-CF0D66DD7D38}] => (Block) C:\windows\syswow64\melonntfy2.exe
FirewallRules: [{8C68A20E-45AA-4E59-9F08-39C9B91FC4C7}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe
FirewallRules: [{327F2FFF-D560-4B6F-8F1F-7388F25A5791}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe
FirewallRules: [{4F502CE9-FEAE-4366-8DA6-25F63A2218D3}] => (Allow) C:\Program Files (x86)\Bonjour\mDNSResponder.exe
FirewallRules: [{45FF20C8-2A09-4D0E-8A53-626535B39B7A}] => (Allow) C:\Program Files (x86)\Bonjour\mDNSResponder.exe
FirewallRules: [{D0DC2584-FD8E-45FD-9815-95432B98A501}] => (Allow) C:\Program Files\Blackmagic Design\DaVinci Resolve\Resolve.exe
FirewallRules: [{768045BE-0054-4BEB-85A4-78D07E21A75D}] => (Allow) C:\Program Files\Blackmagic Design\DaVinci Resolve\bmdpaneld.exe
FirewallRules: [{E30D39EB-A746-4715-A2CF-B87E6436AC10}] => (Allow) C:\Program Files\Blackmagic Design\DaVinci Resolve\JLCooperPanelDaemon.exe
FirewallRules: [{AA5653C0-6B59-42CD-ABEE-78AB79E08302}] => (Allow) C:\Program Files\Blackmagic Design\DaVinci Resolve\EuphonixPanelDaemon.exe
FirewallRules: [{B9DEED76-B7D5-415D-A7C9-1D0C0A5F8D0B}] => (Allow) C:\Program Files\Blackmagic Design\DaVinci Resolve\TangentPanelDaemon.exe
FirewallRules: [{4A204FC1-D463-481F-9F5A-7BCA5199C4E4}] => (Allow) C:\Program Files\Blackmagic Design\DaVinci Resolve\ElementsPanelDaemon.exe
FirewallRules: [{D34F9967-017C-4789-B563-910C9D855C8E}] => (Allow) C:\Program Files\Blackmagic Design\DaVinci Resolve\DPDecoder.exe
FirewallRules: [{610BCFCB-9CC8-4CAE-B14E-8A7103725C87}] => (Allow) C:\ProgramData\Blackmagic Design\DaVinci Resolve\Support\QtDecoder\QTDecoder.exe
FirewallRules: [{ACA067B7-E3F7-4E4F-A36F-E57C67FC965B}] => (Allow) C:\Program Files (x86)\qBittorrent\qbittorrent.exe
FirewallRules: [{4E9EB380-CD47-488C-A046-6F6B3714F4CE}] => (Allow) C:\Program Files (x86)\qBittorrent\qbittorrent.exe
FirewallRules: [TCP Query User{8EBD3B57-20E9-4A1B-87D9-3DEC9516FEB9}C:\program files (x86)\kakao\kakaotalk\kakaotalk.exe] => (Block) C:\program files (x86)\kakao\kakaotalk\kakaotalk.exe
FirewallRules: [UDP Query User{72E89FFC-01BD-4FD2-B4DF-AF2F81999E7D}C:\program files (x86)\kakao\kakaotalk\kakaotalk.exe] => (Block) C:\program files (x86)\kakao\kakaotalk\kakaotalk.exe
FirewallRules: [{E00CF83D-27FC-4877-B323-853AA350D1A5}] => (Allow) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
FirewallRules: [{4C7952B4-6886-4AA3-9647-E5A27998738E}] => (Allow) C:\Program Files\iTunes\iTunes.exe
FirewallRules: [{B2E472E6-6CB8-4EC9-8494-B4686724F76C}] => (Allow) C:\Program Files\AVAST Software\SZBrowser\3.55.2393.561\SZBrowser.exe

==================== Restore Points =========================

02-02-2017 12:42:38 Windows Update
10-02-2017 23:02:50 Scheduled Checkpoint
21-02-2017 21:24:21 Restore Operation

==================== Faulty Device Manager Devices =============


==================== Event log errors: =========================

Application errors:
==================
Error: (02/22/2017 12:55:50 PM) (Source: nlsX86cc) (EventID: 0) (User: )
Description: Event-ID 0

Error: (02/22/2017 12:54:02 PM) (Source: SideBySide) (EventID: 33) (User: )
Description: Activation context generation failed for "C:\Program Files\AVAST Software\Avast\setup\iplugins\IStats.dll".
Dependent Assembly Avast.VC110.CRT,processorArchitecture="x86",publicKeyToken="2036b14a11e83e4a",type="win32",version="11.0.60610.1" could not be found.
Please use sxstrace.exe for detailed diagnosis.

Error: (02/21/2017 11:56:36 PM) (Source: System Restore) (EventID: 8210) (User: )
Description: An unspecified error occurred during System Restore: (Scheduled Checkpoint). Additional information: 0x80070091.

Error: (02/21/2017 11:38:56 PM) (Source: System Restore) (EventID: 8210) (User: )
Description: An unspecified error occurred during System Restore: (Restore Operation). Additional information: 0x80070091.

Error: (02/21/2017 11:33:36 PM) (Source: System Restore) (EventID: 8210) (User: )
Description: An unspecified error occurred during System Restore: (Scheduled Checkpoint). Additional information: 0x80070091.

Error: (02/21/2017 09:24:24 PM) (Source: Microsoft-Windows-CAPI2) (EventID: 513) (User: )
Description: Cryptographic Services failed while processing the OnIdentity() call in the System Writer Object.

Details:
AddLegacyDriverFiles: Unable to back up image of binary Microsoft Link-Layer Discovery Protocol.

System Error:
Access is denied.
.

Error: (02/21/2017 05:38:45 PM) (Source: Microsoft-Windows-Immersive-Shell) (EventID: 5973) (User: KAYLA-PC)
Description: Activation of app Microsoft.Getstarted_4.5.6.0_x64__8wekyb3d8bbwe:App.AppX7mv0s3r0wanj0n66dy6vax24ps6avzvz.mca failed with error: -2144927149 See the Microsoft-Windows-TWinUI/Operational log for additional information.

Error: (02/21/2017 05:38:43 PM) (Source: Microsoft-Windows-Immersive-Shell) (EventID: 5973) (User: KAYLA-PC)
Description: Activation of app Microsoft.MicrosoftStickyNotes_8wekyb3d8bbwe!App failed with error: -2144927149 See the Microsoft-Windows-TWinUI/Operational log for additional information.

Error: (02/21/2017 04:15:19 PM) (Source: Microsoft-Windows-Immersive-Shell) (EventID: 2484) (User: KAYLA-PC)
Description: Package windows.immersivecontrolpanel_6.2.0.0_neutral_neutral_cw5n1h2txyewy+microsoft.windows.immersivecontrolpanel was terminated because it took too long to suspend.

Error: (02/21/2017 03:54:22 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: taskhostw.exe, version: 10.0.14393.0, time stamp: 0x57899a8f
Faulting module name: InputService.dll, version: 10.0.14393.576, time stamp: 0x584a77bd
Exception code: 0xc0000005
Fault offset: 0x0000000000022306
Faulting process id: 0x12d8
Faulting application start time: 0x01d28c83ea9c98bc
Faulting application path: C:\WINDOWS\system32\taskhostw.exe
Faulting module path: C:\WINDOWS\system32\InputService.dll
Report Id: 15bc7338-cb4f-4f2f-be91-6a8d848ebfca
Faulting package full name:
Faulting package-relative application ID:


System errors:
=============
Error: (02/22/2017 02:32:00 PM) (Source: DCOM) (EventID: 10016) (User: NT AUTHORITY)
Description: The application-specific permission settings do not grant Local Activation permission for the COM Server application with CLSID
{8D8F4F83-3594-4F07-8369-FC3C3CAE4919}
and APPID
{F72671A9-012C-4725-9D2F-2A4D32D65169}
to the user NT AUTHORITY\SYSTEM SID (S-1-5-18) from address LocalHost (Using LRPC) running in the application container Unavailable SID (Unavailable). This security permission can be modified using the Component Services administrative tool.

Error: (02/22/2017 01:58:36 PM) (Source: Service Control Manager) (EventID: 7023) (User: )
Description: The Tile Data model server service terminated with the following error:
%%2147943515 = A system shutdown is in progress.

Error: (02/22/2017 01:58:31 PM) (Source: DCOM) (EventID: 10016) (User: NT AUTHORITY)
Description: The application-specific permission settings do not grant Local Activation permission for the COM Server application with CLSID
{D63B10C5-BB46-4990-A94F-E40B9D520160}
and APPID
{9CA88EE3-ACB7-47C8-AFC4-AB702511C276}
to the user NT AUTHORITY\SYSTEM SID (S-1-5-18) from address LocalHost (Using LRPC) running in the application container Unavailable SID (Unavailable). This security permission can be modified using the Component Services administrative tool.

Error: (02/22/2017 12:51:18 PM) (Source: Microsoft-Windows-WindowsUpdateClient) (EventID: 20) (User: NT AUTHORITY)
Description: Installation Failure: Windows failed to install the following update with error 0x80073d02: Microsoft Sticky Notes.

Error: (02/21/2017 11:56:33 PM) (Source: DCOM) (EventID: 10016) (User: NT AUTHORITY)
Description: The application-specific permission settings do not grant Local Activation permission for the COM Server application with CLSID
{8D8F4F83-3594-4F07-8369-FC3C3CAE4919}
and APPID
{F72671A9-012C-4725-9D2F-2A4D32D65169}
to the user NT AUTHORITY\SYSTEM SID (S-1-5-18) from address LocalHost (Using LRPC) running in the application container Unavailable SID (Unavailable). This security permission can be modified using the Component Services administrative tool.

Error: (02/21/2017 11:39:54 PM) (Source: DCOM) (EventID: 10010) (User: KAYLA-PC)
Description: The server {21F282D1-A881-49E1-9A3A-26E44E39B86C} did not register with DCOM within the required timeout.

Error: (02/21/2017 11:39:37 PM) (Source: DCOM) (EventID: 10016) (User: NT AUTHORITY)
Description: The application-specific permission settings do not grant Local Activation permission for the COM Server application with CLSID
{D63B10C5-BB46-4990-A94F-E40B9D520160}
and APPID
{9CA88EE3-ACB7-47C8-AFC4-AB702511C276}
to the user NT AUTHORITY\SYSTEM SID (S-1-5-18) from address LocalHost (Using LRPC) running in the application container Unavailable SID (Unavailable). This security permission can be modified using the Component Services administrative tool.

Error: (02/21/2017 11:38:53 PM) (Source: DCOM) (EventID: 10016) (User: NT AUTHORITY)
Description: The application-specific permission settings do not grant Local Activation permission for the COM Server application with CLSID
{8D8F4F83-3594-4F07-8369-FC3C3CAE4919}
and APPID
{F72671A9-012C-4725-9D2F-2A4D32D65169}
to the user NT AUTHORITY\SYSTEM SID (S-1-5-18) from address LocalHost (Using LRPC) running in the application container Unavailable SID (Unavailable). This security permission can be modified using the Component Services administrative tool.

Error: (02/21/2017 11:35:23 PM) (Source: Service Control Manager) (EventID: 7011) (User: )
Description: A timeout (30000 milliseconds) was reached while waiting for a transaction response from the MBAMService service.

Error: (02/21/2017 11:34:50 PM) (Source: DCOM) (EventID: 10016) (User: NT AUTHORITY)
Description: The application-specific permission settings do not grant Local Activation permission for the COM Server application with CLSID
{D63B10C5-BB46-4990-A94F-E40B9D520160}
and APPID
{9CA88EE3-ACB7-47C8-AFC4-AB702511C276}
to the user NT AUTHORITY\SYSTEM SID (S-1-5-18) from address LocalHost (Using LRPC) running in the application container Unavailable SID (Unavailable). This security permission can be modified using the Component Services administrative tool.


CodeIntegrity:
===================================
Date: 2017-02-22 12:50:31.066
Description: Code Integrity determined that a process (\Device\HarddiskVolume5\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume5\Program Files\Bonjour\mdnsNSP.dll that did not meet the Custom 3 / Antimalware signing level requirements.

Date: 2017-02-22 12:50:31.061
Description: Code Integrity determined that a process (\Device\HarddiskVolume5\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume5\Program Files\Bonjour\mdnsNSP.dll that did not meet the Custom 3 / Antimalware signing level requirements.

Date: 2017-01-21 01:48:36.938
Description: Code Integrity determined that a process (\Device\HarddiskVolume5\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume5\Program Files\Bonjour\mdnsNSP.dll that did not meet the Custom 3 / Antimalware signing level requirements.

Date: 2017-01-21 01:48:36.936
Description: Code Integrity determined that a process (\Device\HarddiskVolume5\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume5\Program Files\Bonjour\mdnsNSP.dll that did not meet the Custom 3 / Antimalware signing level requirements.

Date: 2017-01-21 01:48:17.309
Description: Code Integrity determined that a process (\Device\HarddiskVolume5\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume5\Program Files\Bonjour\mdnsNSP.dll that did not meet the Custom 3 / Antimalware signing level requirements.

Date: 2017-01-21 01:48:17.306
Description: Code Integrity determined that a process (\Device\HarddiskVolume5\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume5\Program Files\Bonjour\mdnsNSP.dll that did not meet the Custom 3 / Antimalware signing level requirements.

Date: 2016-11-10 07:55:52.224
Description: Code Integrity determined that a process (\Device\HarddiskVolume5\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume5\Program Files\Bonjour\mdnsNSP.dll that did not meet the Custom 3 / Antimalware signing level requirements.

Date: 2016-11-10 07:55:52.222
Description: Code Integrity determined that a process (\Device\HarddiskVolume5\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume5\Program Files\Bonjour\mdnsNSP.dll that did not meet the Custom 3 / Antimalware signing level requirements.

Date: 2016-10-31 12:13:41.363
Description: Code Integrity determined that a process (\Device\HarddiskVolume5\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume5\Program Files\Bonjour\mdnsNSP.dll that did not meet the Custom 3 / Antimalware signing level requirements.

Date: 2016-10-31 12:13:41.362
Description: Code Integrity determined that a process (\Device\HarddiskVolume5\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume5\Program Files\Bonjour\mdnsNSP.dll that did not meet the Custom 3 / Antimalware signing level requirements.


==================== Memory info ===========================

Processor: Intel(R) Core(TM) i7-4500U CPU @ 1.80GHz
Percentage of memory in use: 46%
Total physical RAM: 8104.27 MB
Available physical RAM: 4372.59 MB
Total Virtual: 18344.27 MB
Available Virtual: 13577.49 MB

==================== Drives ================================

Drive c: (Windows8_OS) (Fixed) (Total:212.46 GB) (Free:45.08 GB) NTFS
Drive d: (LENOVO) (Fixed) (Total:4 GB) (Free:0.88 GB) NTFS

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (Size: 238.5 GB) (Disk ID: 909CDBF1)

Partition: GPT.

==================== End of Addition.txt ============================
hikaymm
Active Member
 
Posts: 2
Joined: February 22nd, 2017, 1:51 pm
Advertisement
Register to Remove

Re: Is The Malware Really Gone?

Unread postby mAL_rEm018 » February 24th, 2017, 1:13 pm

Please note that all instructions given are customised for this computer only, the tools used may cause damage if used on a computer with different infections.

If you think you have similar problems, please post a log in the Malware Removal forum and wait for help.

Failure to post replies within 3 days will result in this thread being closed.


Hello hikaymm,

Welcome to Malware Removal! My name is mAL_rEm018, but feel free to call me mAL. I will be helping you with your malware related problems :)

Please be aware that removing Malware is a potentially hazardous undertaking. I will take care not to knowingly suggest courses of action that might damage your computer. However it is impossible for me to foresee all interactions that may happen between the software on your computer and those we'll use to clear you of infection, and I cannot guarantee the safety of your system. It is possible that we might encounter situations where the only recourse is to re-format and re-install your operating system, or to necessitate you taking your computer to a repair shop.


Because of this, I advise you to backup any personal files and folders before you start.

To make sure everything goes smoothly, I would like you to observe the following rules:
  • You must have Administrator rights, permissions for this computer.
  • Please reply to this thread. Do not start another topic.
  • Perform all actions in the order given.
  • If you don't know, stop and ask!
  • DO NOT run any other fix or removal tools unless instructed to do so!
  • Don't attempt to install any new software (other than those I ask you to) until your computer is clean.
  • DO NOT post for help at any other forum. Applying fixes from multiple help sites can cause problems.
  • I advise you to print the instructions if possible, since your internet connection might not be available during some of the fixes.
  • Absence of symptoms does not mean that everything is clear, therefore stick with this topic until I give you the "all clear".

I am currently reviewing your logs and will return as soon as possible, with additional instructions. In the meantime I would like you to read and get acquainted with the following topic: HOW TO GET HELP IN THIS FORUM - everyone must read this, where the conditions for receiving help here are explained.
User avatar
mAL_rEm018
Admin/Teacher
Admin/Teacher
 
Posts: 2689
Joined: November 11th, 2013, 6:26 pm
Location: Saint-Petersburg, Russia

Re: Is The Malware Really Gone?

Unread postby mAL_rEm018 » February 25th, 2017, 3:43 am

Hello hikaymm,

Is this computer used for business purposes?

Backup your registry using TCRB
  • Please download TCRB to your Desktop.
  • Open Tweaking.com Registry Backup.
  • Click on the Backup Registry tab and ensure that all options are checked.
  • Press on Backup Now.
  • Wait until the backup is complete and exit the program.

Next..

Adwcleaner
  • Please download AdwCleaner to your Desktop.
  • Close all your programs and right-click AdwCleaner.exe and select Run as administrator.
  • Click on Scan.
  • After the scan is over, select Logfile.
  • A notepad window will open. Please copy/paste the contents in your next reply.
    Note: do not select Clean at this point


-----------------------------------------
In your next reply, I would like to see..
  • Answer to my question.
  • Did you have trouble with any of the steps?
  • AdwCleaner report
User avatar
mAL_rEm018
Admin/Teacher
Admin/Teacher
 
Posts: 2689
Joined: November 11th, 2013, 6:26 pm
Location: Saint-Petersburg, Russia

Re: Is The Malware Really Gone?

Unread postby hikaymm » February 27th, 2017, 12:54 am

Hi maL,

Thanks for the help.

1. Is this computer used for business purposes?
This is primarily a personal computer. I do not claim it as a business computer or anything like that, but I do use it to download files from freelancing clients / files I create, etc, since the computer I primarily do my work on does not have the space. If this makes me ineligible for help, I understand and apologize for wasting your time. When reading the guidelines, I didn't even consider that this could cross the line of "business computer" in your books. Let me know if that's the case.

2. No trouble with any of the steps.

3. Adwcleaner report below:

# AdwCleaner v6.043 - Logfile created 26/02/2017 at 23:47:29
# Updated on 27/01/2017 by Malwarebytes
# Database : 2017-02-24.1 [Server]
# Operating System : Windows 10 Home (X64)
# Username : Kayla - KAYLA-PC
# Running from : C:\Users\Kayla\Desktop\AdwCleaner.exe
# Mode: Scan
# Support : https://www.malwarebytes.com/support



***** [ Services ] *****

No malicious services found.


***** [ Folders ] *****

No malicious folders found.


***** [ Files ] *****

No malicious files found.


***** [ DLL ] *****

No malicious DLLs found.


***** [ WMI ] *****

No malicious keys found.


***** [ Shortcuts ] *****

No infected shortcut found.


***** [ Scheduled Tasks ] *****

No malicious task found.


***** [ Registry ] *****

No malicious registry entries found.


***** [ Web browsers ] *****

No malicious Firefox based browser items found.
Chrome pref Found: [C:\Users\Kayla\AppData\Local\Google\Chrome\User Data\Default\Web data] - aol.com
Chrome pref Found: [C:\Users\Kayla\AppData\Local\Google\Chrome\User Data\Default\Web data] - ask.com
Chrome pref Found: [C:\Users\Kayla\AppData\Local\Google\Chrome\User Data\Default\Secure Preferences ] - hxxp://search.babylon.com/?affID=111807 ... 39e575c9b4
Chrome pref Found: [C:\Users\Kayla\AppData\Local\Google\Chrome\User Data\Profile 1\Web data] - aol.com
Chrome pref Found: [C:\Users\Kayla\AppData\Local\Google\Chrome\User Data\Profile 1\Web data] - ask.com

*************************

C:\AdwCleaner\AdwCleaner[S0].txt - [1549 Bytes] - [26/02/2017 23:47:29]

########## EOF - C:\AdwCleaner\AdwCleaner[S0].txt - [1622 Bytes] ##########
hikaymm
Active Member
 
Posts: 2
Joined: February 22nd, 2017, 1:51 pm

Re: Is The Malware Really Gone?

Unread postby Gary R » February 27th, 2017, 7:38 pm

Business Use / Business Networked Computer
It appears you are using your computer for business purposes or connecting to a business network.

May I draw your attention to the topic: ALL USERS OF THIS FORUM MUST READ THIS FIRST, which you should have read before posting for help.

The section here explains why we do not offer help for such computers. Thank you for your understanding.


This topic is now closed.
User avatar
Gary R
Administrator
Administrator
 
Posts: 25888
Joined: June 28th, 2005, 11:36 am
Location: Yorkshire
Advertisement
Register to Remove


  • Similar Topics
    Replies
    Views
    Last post

Return to Infected? Virus, malware, adware, ransomware, oh my!



Who is online

Users browsing this forum: No registered users and 288 guests

Contact us:

Advertisements do not imply our endorsement of that product or service. Register to remove all ads. The forum is run by volunteers who donate their time and expertise. We make every attempt to ensure that the help and advice posted is accurate and will not cause harm to your computer. However, we do not guarantee that they are accurate and they are to be used at your own risk. All trademarks are the property of their respective owners.

Member site: UNITE Against Malware