Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

HijackThis Log: Please Help Diagnose


  • This topic is locked This topic is locked
26 replies to this topic

#1 NotEvenRemotelyAGeek

NotEvenRemotelyAGeek

  • Members
  • 13 posts
  • OFFLINE
  •  
  • Local time:11:07 AM

Posted 11 December 2016 - 05:00 PM

Hi there!  My computer has been scanned, rescanned and is still doing weird things (such as making my Windows 7 menu disappear for no apparent reason).  I am running Windows 8.1 and want to be sure that I've removed all the malware.  I had a Trojan Horse come to visit a couple of weeks ago.  It managed to slip past my Kaspersky Internet Security.
 
My Logfile is posted below.  Thanks for any help you can give.  I can't tell what's safe and what's not.  Should I be alarmed by listings with "Unknown owner" or "file missing"?
 
...
 
Logfile of Trend Micro HijackThis v2.0.5
Scan saved at 4:36:59 PM, on 11/12/2016
Platform: Unknown Windows (WinNT 6.02.1008)
MSIE: Internet Explorer v11.0 (11.00.9600.18123)
 
 
Boot mode: Normal
 
Running processes:
C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 17.0.0\avpui.exe
C:\program files (x86)\iobit\Classic Start\ClassicStart.exe
C:\WINDOWS\SysWOW64\UMonit.exe
C:\WINDOWS\jmesoft\hotkey.exe
C:\Program Files\Lenovo\LVT\LJYZ.exe
C:\Program Files (x86)\Lenovo\PowerDVD10\PDVD10Serv.exe
C:\Program Files (x86)\Lenovo\Power2Go\CLMLSvc.exe
C:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat\acrotray.exe
C:\Program Files (x86)\Creative\Creative Live! Cam\Live! Central 3\CTLVCentral3.exe
C:\WINDOWS\V0750Mon.exe
C:\Program Files (x86)\ControlCenter4\BrCtrlCntr.exe
C:\Program Files (x86)\Browny02\Brother\BrStMonW.exe
C:\Program Files (x86)\Brother\Brother Help\BrotherHelp.exe
C:\Program Files (x86)\ControlCenter4\BrCcUxSys.exe
C:\Program Files\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe
C:\Program Files\Lenovo\Lenovo Solution Center\LSCNotify.exe
C:\Program Files (x86)\Kaspersky Lab\Kaspersky Secure Connection 1.0\ksdeui.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Users\Zoe\Desktop\Security Measures\HijackThis.exe
C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe
 
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = Preserve
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.ca/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/p/?LinkId=255141
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/p/?LinkId=255141
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = 
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = 
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = 
F2 - REG:system.ini: UserInit=userinit.exe,
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: ScriptInjectionPluginBrowserHelperObject - {2E38825B-8815-42CF-9126-C58BC28D4591} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 17.0.0\IEExt\ie_plugin.dll
O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files (x86)\Microsoft Office\Office12\GrooveShellExtensions.dll
O2 - BHO: Java™ Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre1.8.0_112\bin\ssv.dll
O2 - BHO: Adobe PDF Conversion Toolbar Helper - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll
O2 - BHO: SSOIEAddonBHO - {DA5BCE70-D057-4D63-943D-5F3927EC59F1} - C:\Program Files (x86)\Sensible Vision\Fast Access\FAIESSO.dll
O2 - BHO: Java™ Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre1.8.0_112\bin\jp2ssv.dll
O2 - BHO: SmartSelect - {F4971EE7-DAA0-4053-9964-665D8EE6A077} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll
O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll
O3 - Toolbar: Kaspersky Protection Toolbar - {093F479D-712E-46CD-9E06-62E734A05F68} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 17.0.0\IEExt\ie_plugin.dll
O4 - HKLM\..\Run: [jmekey] C:\windows\jmesoft\hotkey.exe
O4 - HKLM\..\Run: [jmesoft] C:\Windows\jmesoft\ServiceLoader.exe
O4 - HKLM\..\Run: [Intel AppUp(SM) center] "C:\Program Files (x86)\Intel\IntelAppStore\bin\ismagent.exe" --domain-id F0399437-FD0C-4A48-B101-F0314A6172E4
O4 - HKLM\..\Run: [LVT] C:\Program Files\Lenovo\LVT\LJYZ.exe 1
O4 - HKLM\..\Run: [RemoteControl10] "C:\Program Files (x86)\Lenovo\PowerDVD10\PDVD10Serv.exe"
O4 - HKLM\..\Run: [CLMLServer] "C:\Program Files (x86)\Lenovo\Power2Go\CLMLSvc.exe"
O4 - HKLM\..\Run: [UpdateP2GoShortCut] "C:\Program Files (x86)\Lenovo\Power2Go\MUITransfer\MUIStartMenu.exe" "C:\Program Files (x86)\Lenovo\Power2Go" UpdateWithCreateOnce "SOFTWARE\CyberLink\Power2Go\6.0"
O4 - HKLM\..\Run: [Adobe Acrobat Speed Launcher] "C:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat\Acrobat_sl.exe"
O4 - HKLM\..\Run: [Acrobat Assistant 8.0] "C:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat\Acrotray.exe"
O4 - HKLM\..\Run: [GrooveMonitor] "C:\Program Files (x86)\Microsoft Office\Office12\GrooveMonitor.exe"
O4 - HKLM\..\Run: [Live! Central 3] "C:\Program Files (x86)\Creative\Creative Live! Cam\Live! Central 3\CTLVCentral3.exe" /mode2
O4 - HKLM\..\Run: [FastAccess Web Alert] C:\Program Files (x86)\Creative\Creative Live! Cam\Live! Central 3\FAInstaller\FATRY.exe
O4 - HKLM\..\Run: [V0750Mon.exe] C:\WINDOWS\V0750Mon.exe
O4 - HKLM\..\Run: [AvastUI.exe] "C:\Program Files\AVAST Software\Avast\AvastUI.exe" /nogui
O4 - HKLM\..\Run: [ControlCenter4] C:\Program Files (x86)\ControlCenter4\BrCcBoot.exe /autorun
O4 - HKLM\..\Run: [BrStsMon00] C:\Program Files (x86)\Browny02\Brother\BrStMonW.exe /AUTORUN
O4 - HKLM\..\Run: [BrHelp] C:\Program Files (x86)\Brother\Brother Help\BrotherHelp.exe /AUTORUN
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
O4 - HKCU\..\Run: [DAEMON Tools Lite] "C:\Program Files (x86)\DAEMON Tools Lite\DTLite.exe" -autorun
O4 - HKCU\..\Run: [Adobe Acrobat Synchronizer] "C:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat\AdobeCollabSync.exe"
O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~2\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~2\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~2\MICROS~2\Office12\REFIEBAR.DLL
O11 - Options group: [ACCELERATED_GRAPHICS] Accelerated graphics
O16 - DPF: {1ABA5FAC-1417-422B-BA82-45C35E2C908B} (20-20 3D Viewer for IKEA) - http://kitchenplanner.ikea.com/JP/Core/Player/2020PlayerAX_IKEA_Win32.cab
O16 - DPF: {4FF78044-96B4-4312-A5B7-FDA3CB328095} (ExentInf1 Class) - 
O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files (x86)\Microsoft Office\Office12\GrooveSystemServices.dll
O20 - Winlogon Notify: FastAccess - C:\Program Files (x86)\Sensible Vision\Fast Access\FALogNot.dll
O23 - Service: Adobe Acrobat Update Service (AdobeARMservice) - Adobe Systems Incorporated - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
O23 - Service: @%SystemRoot%\system32\Alg.exe,-112 (ALG) - Unknown owner - C:\WINDOWS\System32\alg.exe (file missing)
O23 - Service: AvastVBox COM Service (AvastVBoxSvc) - Unknown owner - C:\Program Files\AVAST Software\Avast\ng\vbox\AvastVBoxSVC.exe (file missing)
O23 - Service: Kaspersky Anti-Virus Service 17.0.0 (AVP17.0.0) - AO Kaspersky Lab - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 17.0.0\avp.exe
O23 - Service: BrYNSvc - Brother Industries, Ltd. - C:\Program Files (x86)\Browny02\BrYNSvc.exe
O23 - Service: Intel® Content Protection HECI Service (cphs) - Intel Corporation - C:\WINDOWS\SysWow64\IntelCpHeciSvc.exe
O23 - Service: @%SystemRoot%\system32\efssvc.dll,-100 (EFS) - Unknown owner - C:\WINDOWS\System32\lsass.exe (file missing)
O23 - Service: FAService - Sensible Vision  - C:\Program Files (x86)\Sensible Vision\Fast Access\FAService.exe
O23 - Service: @%systemroot%\system32\fxsresm.dll,-118 (Fax) - Unknown owner - C:\WINDOWS\system32\fxssvc.exe (file missing)
O23 - Service: Google Update Service (gupdate) (gupdate) - Google Inc. - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
O23 - Service: Google Update Service (gupdatem) (gupdatem) - Google Inc. - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
O23 - Service: Intel® Rapid Storage Technology (IAStorDataMgrSvc) - Intel Corporation - C:\Program Files\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe
O23 - Service: @%SystemRoot%\system32\ieetwcollectorres.dll,-1000 (IEEtwCollectorService) - Unknown owner - C:\WINDOWS\system32\IEEtwCollector.exe (file missing)
O23 - Service: Intel® HD Graphics Control Panel Service (igfxCUIService1.0.0.0) - Unknown owner - C:\WINDOWS\system32\igfxCUIService.exe (file missing)
O23 - Service: Intel® Capability Licensing Service Interface - Intel® Corporation - C:\Program Files\Intel\iCLS Client\HeciServer.exe
O23 - Service: Intel® Capability Licensing Service TCP IP Interface - Intel® Corporation - C:\Program Files\Intel\iCLS Client\SocketHeciServer.exe
O23 - Service: Intel® Dynamic Application Loader Host Interface Service (jhi_service) - Intel Corporation - C:\Program Files (x86)\Intel\Intel® Management Engine Components\DAL\jhi_service.exe
O23 - Service: JME Keyboard Driver (JME Keyboard) - Unknown owner - C:\Windows\jmesoft\Service.exe
O23 - Service: @keyiso.dll,-100 (KeyIso) - Unknown owner - C:\WINDOWS\system32\lsass.exe (file missing)
O23 - Service: klvssbrigde64 - AO Kaspersky Lab - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 17.0.0\x64\vssbridge64.exe
O23 - Service: Kaspersky Secure Connection Service 1.0.0 (KSDE1.0.0) - AO Kaspersky Lab - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Secure Connection 1.0\ksde.exe
O23 - Service: Intel® Management and Security Application Local Management Service (LMS) - Intel Corporation - C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe
O23 - Service: LSCWinService - Lenovo - C:\Program Files\Lenovo\Lenovo Solution Center\App\LSCWinService.exe
O23 - Service: @comres.dll,-2797 (MSDTC) - Unknown owner - C:\WINDOWS\System32\msdtc.exe (file missing)
O23 - Service: @%SystemRoot%\System32\netlogon.dll,-102 (Netlogon) - Unknown owner - C:\WINDOWS\system32\lsass.exe (file missing)
O23 - Service: Cyberlink RichVideo64 Service(CRVS) (RichVideo64) - Unknown owner - C:\Program Files\CyberLink\Shared files\RichVideo64.exe
O23 - Service: @%systemroot%\system32\Locator.exe,-2 (RpcLocator) - Unknown owner - C:\WINDOWS\system32\locator.exe (file missing)
O23 - Service: @%SystemRoot%\system32\samsrv.dll,-1 (SamSs) - Unknown owner - C:\WINDOWS\system32\lsass.exe (file missing)
O23 - Service: SMService - IObit - C:\program files (x86)\iobit\Classic Start\SMService.exe
O23 - Service: @%SystemRoot%\system32\snmptrap.exe,-3 (SNMPTRAP) - Unknown owner - C:\WINDOWS\System32\snmptrap.exe (file missing)
O23 - Service: @%systemroot%\system32\spoolsv.exe,-1 (Spooler) - Unknown owner - C:\WINDOWS\System32\spoolsv.exe (file missing)
O23 - Service: @%SystemRoot%\system32\sppsvc.exe,-101 (sppsvc) - Unknown owner - C:\WINDOWS\system32\sppsvc.exe (file missing)
O23 - Service: @%SystemRoot%\system32\ui0detect.exe,-101 (UI0Detect) - Unknown owner - C:\WINDOWS\system32\UI0Detect.exe (file missing)
O23 - Service: @%SystemRoot%\system32\vaultsvc.dll,-1003 (VaultSvc) - Unknown owner - C:\WINDOWS\system32\lsass.exe (file missing)
O23 - Service: @%SystemRoot%\system32\vds.exe,-100 (vds) - Unknown owner - C:\WINDOWS\System32\vds.exe (file missing)
O23 - Service: @%systemroot%\system32\vssvc.exe,-102 (VSS) - Unknown owner - C:\WINDOWS\system32\vssvc.exe (file missing)
O23 - Service: @%systemroot%\system32\wbengine.exe,-104 (wbengine) - Unknown owner - C:\WINDOWS\system32\wbengine.exe (file missing)
O23 - Service: @%ProgramFiles%\Windows Defender\MpAsDesc.dll,-320 (WdNisSvc) - Unknown owner - C:\Program Files (x86)\Windows Defender\NisSrv.exe (file missing)
O23 - Service: @%ProgramFiles%\Windows Defender\MpAsDesc.dll,-310 (WinDefend) - Unknown owner - C:\Program Files (x86)\Windows Defender\MsMpEng.exe (file missing)
O23 - Service: @%Systemroot%\system32\wbem\wmiapsrv.exe,-110 (wmiApSrv) - Unknown owner - C:\WINDOWS\system32\wbem\WmiApSrv.exe (file missing)
O23 - Service: @%PROGRAMFILES%\Windows Media Player\wmpnetwk.exe,-101 (WMPNetworkSvc) - Unknown owner - C:\Program Files (x86)\Windows Media Player\wmpnetwk.exe (file missing)
 
--
End of file - 12973 bytes
 


BC AdBot (Login to Remove)

 


#2 satchfan

satchfan

  • Malware Response Team
  • 2,864 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Devon, UK
  • Local time:05:07 PM

Posted 11 December 2016 - 05:22 PM

Hello NotEvenRemotelyAGeek and welcome to Bleeping Computer.

My name is Satchfan and I would be glad to help you with your computer problem.

Please read the following guidelines which will help to make cleaning your machine easier:

  • please follow all instructions in the order posted
  • please continue to review my answers until I tell you your machine appears to be clear. Absence of symptoms does not mean that everything is clear
  • all logs/reports, etc. must be posted in Notepad. Please ensure that word wrap is unchecked. In Notepad click Format, uncheck Word wrap if it is checked
  • if you don't understand something, please don't hesitate to ask for clarification before proceeding
  • the fixes are specific to your problem and should only be used for this issue on this machine.
  • please reply within 3 days. If you do not reply within this period I will post a reminder but topics with no reply in 4 days will be closed!

IMPORTANT:

Please DO NOT install/uninstall any programs unless asked to.
Please DO NOT run any scans other than those requested

===================================================

Note: Please follow these instructions in the order given.

===================================================

Download and run AdwCleaner

Download AdwCleaner from here and save it to your desktop.

  • run AdwCleaner by clicking on Scan
  • when it has finished, leave everything that was found checked, (ticked), then click on Clean
  • if it asks to reboot, allow the reboot
  • on reboot a log will be produced; please attach the content of the log to your next reply.

===================================================

Download and run Junkware Removal Tool

Please download Junkware Removal Tool to your desktop.

  • shut down your protection software now to avoid potential conflicts.
  • run the tool by double-clicking it. If you are using Windows Vista, 7, or 8; instead of double-clicking, right-mouse click JRT.exe and select "Run as Administrator"
  • the tool will open and start scanning your system
  • please be patient as this can take a while to complete depending on your system's specifications
  • on completion, a log (JRT.txt) is saved to your desktop and will automatically open
  • post the contents of JRT.txt into your next message.

===================================================

Run Farbar Recovery Scan Tool

Please download Farbar Recovery Scan Tool and save it to your Desktop.

Note: You need to run the version compatible with your system. If you are not sure which version applies to your system download both of them and try to run them. Only one of them will run on your system, that will be the right version.

  • right click to run as administrator (XP users click run after receipt of Windows Security Warning - Open File). When the tool opens click Yes to disclaimer.
  • press Scan button
  • it will produce a log called Frst.txt in the same directory the tool is run from
  • please copy and paste log back here.
  • the first time the tool is run it generates another log (Addition.txt - also located in the same directory as FRST.exe/FRST64.exe). Please also paste that along with the Frst.txt into your reply.

================================================

Logs to include with next post:

AdwCleaner log
JRT.txt
Frst.txt
Addition.txt


Thanks

Satchfan

 


My help is always free of charge. If you are happy with the help provided, if you wish you can make a donation to buy me a beer.


#3 NotEvenRemotelyAGeek

NotEvenRemotelyAGeek
  • Topic Starter

  • Members
  • 13 posts
  • OFFLINE
  •  
  • Local time:11:07 AM

Posted 11 December 2016 - 10:20 PM

Thank you, Satchfan.  I will start these steps right away.  Will let you know what happens and send the log files to you.

 

 



#4 NotEvenRemotelyAGeek

NotEvenRemotelyAGeek
  • Topic Starter

  • Members
  • 13 posts
  • OFFLINE
  •  
  • Local time:11:07 AM

Posted 11 December 2016 - 11:29 PM

Hi again, Satchfan.  I'm attaching the log files as requested.  (Note, I reran the JRT as I didn't actively choose Run as Administrator the first time.)

 

Thanks for your help!

 

NotEvenRemotelyAGeek

Attached Files



#5 satchfan

satchfan

  • Malware Response Team
  • 2,864 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Devon, UK
  • Local time:05:07 PM

Posted 12 December 2016 - 07:20 AM

P2P - I see you have P2P software, (uTorrent), installed on your machine.

We are not here to pass judgment on file-sharing as a concept but we will warn you that engaging in this activity will always make your computer very susceptible to infection and re-infection.

If your computer is infected, it almost certainly contributed to your current situation.

Please note: Even if you are using a "safe" P2P program, it is only the program that is safe. You will be sharing files from uncertified sources, and these are more often than not, infected. Those who write malware use P2P file-sharing as a major vehicle to spread their wares.

Please see this topic for more information:

P2P File Sharing Risks.

I would strongly recommend that you uninstall it now. You can do so via Control Panel, Programs, and then Programs and Features.

Should you decide to keep it, please don’t use it until we have finished up here.

================================================

Run Farbar Recovery Scan Tool

Open notepad. Please copy the contents of the code box below and paste it into Notepad.

CloseProcesses:
HKLM-x32\...\Run: [] => [X]
HKLM-x32\...\Run: [FATrayAlert] => [X]
HKLM-x32\...\Run: [FAStartup] => [X]
HKLM-x32\...\Run: [AvastUI.exe] => "C:\Program Files\AVAST Software\Avast\AvastUI.exe" /nogui
HKU\S-1-5-21-26081123-3961614288-2839776924-1001\...\Run: [Zoom] => 0
HKU\S-1-5-21-26081123-3961614288-2839776924-1001\...\MountPoints2: {470d92fd-de91-11e3-be9d-7427eac4b128} - "H:\LaunchU3.exe" -a
HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer: Restriction <======= ATTENTION
SearchScopes: HKU\.DEFAULT -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-19 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-20 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
BHO: avast! Online Security -> {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} -> C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll => No File
Toolbar: HKU\S-1-5-21-26081123-3961614288-2839776924-1001 -> No Name - {47833539-D0C5-4125-9FA8-0819E2EAAC93} -  No File
FF HKLM-x32\...\Firefox\Extensions: [wrc@avast.com] - C:\Program Files\AVAST Software\Avast\WebRep\FF => not found
FF Plugin-x32: www.exent.com/GameTreatWidget -> C:\Program Files (x86)\FreeRide Games\NPGameTreatPlugin.dll [No File]
CHR HKLM-x32\...\Chrome\Extension: [eofcbnmajmjmplflapaojjnihcjkigck] - C:\Program Files\AVAST Software\Avast\WebRep\Chrome\aswWebRepChromeSp.crx <not found>
CHR HKLM-x32\...\Chrome\Extension: [gomekmidlodglbbmalcneegieacbdmki] - C:\Program Files\AVAST Software\Avast\WebRep\Chrome\aswWebRepChrome.crx <not found>
S3 AvastVBoxSvc; "C:\Program Files\AVAST Software\Avast\ng\vbox\AvastVBoxSVC.exe" [X]
S2 VBoxAswDrv; \??\C:\Program Files\AVAST Software\Avast\ng\vbox\VBoxAswDrv.sys [X]
2016-12-11 22:46 - 2015-03-22 09:53 - 00002688 _____ C:\WINDOWS\System32\Tasks\HDNINSTSCHD
Task: {0D8A891D-890C-4808-84D8-2F436AB14653} - \Microsoft\Windows\Application Experience\AitAgent -> No File <==== ATTENTION
Task: {1274336E-AB06-46B6-A48C-0671C5557CC6} - \Microsoft\Windows\TaskScheduler\Maintenance Configurator -> No File <==== ATTENTION
Task: {1687544D-7247-4F5A-965A-A6E920E55278} - \Microsoft\Windows\TaskScheduler\Manual Maintenance -> No File <==== ATTENTION
Task: {22D11A4F-6300-4C85-805D-E28F82328A11} - System32\Tasks\avast! Emergency Update => C:\Program Files\AVAST Software\Avast\AvastEmUpdate.exe
Task: {40525C58-79C2-47A1-9AA2-F1D7FC4F0691} - \Microsoft\Windows\WindowsBackup\ConfigNotification -> No File <==== ATTENTION
Task: {575815E5-190E-4262-9DD4-78B5EDFE9706} - \IEError -> No File <==== ATTENTION
Task: {58E36783-E85B-4886-89DA-9DF5FFDA0DC9} - \boosterpop -> No File <==== ATTENTION
Task: {6F02587F-8A2B-4552-97F6-DEEF229E335B} - \Microsoft\Windows\TaskScheduler\Idle Maintenance -> No File <==== ATTENTION
Task: {B7992938-01F1-4F40-A0EC-0D23D2F0F152} - \Microsoft\Windows\TaskScheduler\Regular Maintenance -> No File <==== ATTENTION
Task: {CFD7C21A-808B-487B-A6EC-8A10E44E8360} - \Microsoft\Windows\SettingSync\BackupTask -> No File <==== ATTENTION
Task: {F4243BA2-AE36-4FCB-A1A9-445D8050AF22} - System32\Tasks\HDNINSTSCHD => C:\WINDOWS\PCBHDNW\hdnInstaller.exe <==== ATTENTION
AlternateDataStreams: C:\WINDOWS:nlsPreferences [386]
AlternateDataStreams: C:\ProgramData\Reprise:wupeogjxldtlfudivq`qsp`27hfm [0]
FirewallRules: [{D43B5797-34C6-47C3-9A16-7FDDE49FFAC2}] => C:\Program Files\AVAST Software\Avast\ng\vbox\aswFe.exe
FirewallRules: [{20E86EE6-B1EC-4A5F-9F55-FE48F4443340}] => C:\Program Files\AVAST Software\Avast\ng\vbox\aswFe.exe
FirewallRules: [{E4E3D4E2-677D-4CFB-B671-0F7ABA3A18E1}] => C:\Program Files\AVAST Software\Avast\ng\vbox\aswFe.exe
FirewallRules: [{DB8445CE-4CC4-40B4-BECE-9A7FDC88472F}] => C:\Program Files\AVAST Software\Avast\ng\vbox\aswFe.exe
C:\Program Files\AVAST Software
C:\Users\Zoe\AppData\Local\Z@!-857a38d1-7fb4-44ee-8480-b18e0bf81580.tmp
C:\Users\Zoe\AppData\Local\Z@S!-41f01c69-c705-4be3-9fc2-a0811095041a.tmp
Hosts:
EmptyTemp:

NOTE: This script was written specifically for this user, for use on that particular machine. Running this on another machine may cause damage to your operating system

  • save the files as fixlist.txt in the same folder as FRST – NOTE: It's important that both files, FRST and fixlist.txt are in the same location or the fix will not work
  • run FRST64 then click Fix just once and wait
  • it will create a log on your desktop, (Fixlog.txt); please post it to your reply.

================================================

Run CKScanner

You have illegal software on your system, which is probably how your computer became infected.

Besides being illegal, cracks/keygens are the most certain means of infecting your system, as ALL illegal software contains some form of malicious code.

This forum, as well as all the other top malware removal forums, does not condone the use of illegal software and does not offer support unless it is for the removal of it.

Continuing to help you could be viewed as supporting/condoning it. If you want to continue, I need you to uninstall all the illegal software that you have downloaded and installed.

 

When you have done that, do the following:

Download CKScanner by askey127 from here & save it to your Desktop.

  • double-click CKScanner.exe then click Search For Files
  • when the cursor hourglass disappears, click Save List To File
  • a message box will verify the file saved
  • double-click the CKFiles.txt icon on your desktop then copy/paste the contents in your next reply.

================================================

Please run FRST again and make sure there is a checkmark next to "Addition.txt" before you hit “Scan”.

Logs to include with next post:

Fixlog.txt
CKFiles.txt
New Frst.txt
New Addition.txt


Thanks

Satchfan

 


My help is always free of charge. If you are happy with the help provided, if you wish you can make a donation to buy me a beer.


#6 NotEvenRemotelyAGeek

NotEvenRemotelyAGeek
  • Topic Starter

  • Members
  • 13 posts
  • OFFLINE
  •  
  • Local time:11:07 AM

Posted 12 December 2016 - 09:49 AM

Hi Satchfan, I have found and deleted uTorrent (which I have never used).  I'm not even sure why it was there.  I've had no fewer than five different people "fix" this PC over the last three years.  

 

This leads to my next question:  How do I know what illegal software I have?  Do the logs show anything?  I have no idea how to find these.  Again, I rely on others to service this computer for me.

 

I am ready to run CKScanner but will await your response before moving ahead.  I don't want to do anything wrong!

 

Thank you.



#7 satchfan

satchfan

  • Malware Response Team
  • 2,864 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Devon, UK
  • Local time:05:07 PM

Posted 12 December 2016 - 10:00 AM

Adobe Acrobat X Pro appears to be an illegally-obtained version.

Unless you bought and paid for it, please uninstall it and then run CKScanner.


My help is always free of charge. If you are happy with the help provided, if you wish you can make a donation to buy me a beer.


#8 NotEvenRemotelyAGeek

NotEvenRemotelyAGeek
  • Topic Starter

  • Members
  • 13 posts
  • OFFLINE
  •  
  • Local time:11:07 AM

Posted 12 December 2016 - 10:32 AM

Hello, Satchfan.

 

I have removed Adobe Acrobat and have posted the four log files below.

 

Thank you.

 

NotEvenRemotelyAGeek

 

 

 Fix result of Farbar Recovery Scan Tool (x64) Version: 07-12-2016

Ran by Zoë (12-12-2016 09:30:43) Run:1

Running from C:\Users\Zoe\Desktop

Loaded Profiles: Zoë &  (Available Profiles: Zoë)

Boot Mode: Normal

==============================================

fixlist content:

*****************

CloseProcesses:

HKLM-x32\...\Run: [] => [X]

HKLM-x32\...\Run: [FATrayAlert] => [X]

HKLM-x32\...\Run: [FAStartup] => [X]

HKLM-x32\...\Run: [AvastUI.exe] => "C:\Program Files\AVAST Software\Avast\AvastUI.exe" /nogui

HKU\S-1-5-21-26081123-3961614288-2839776924-1001\...\Run: [Zoom] => 0

HKU\S-1-5-21-26081123-3961614288-2839776924-1001\...\MountPoints2: {470d92fd-de91-11e3-be9d-7427eac4b128} - "H:\LaunchU3.exe" -a

HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer: Restriction <======= ATTENTION

SearchScopes: HKU\.DEFAULT -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =

SearchScopes: HKU\S-1-5-19 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =

SearchScopes: HKU\S-1-5-20 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =

BHO: avast! Online Security ->

{8E5E2654-AD2D-48bf-AC2D-D17F00898D06} -> C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll => No File

Toolbar: HKU\S-1-5-21-26081123-3961614288-2839776924-1001 -> No Name - {47833539-D0C5-4125-9FA8-0819E2EAAC93} -  No File

FF HKLM-x32\...\Firefox\Extensions: [wrc@avast.com] - C:\Program Files\AVAST Software\Avast\WebRep\FF => not found

FF Plugin-x32: www.exent.com/GameTreatWidget -> C:\Program Files (x86)\FreeRide Games\NPGameTreatPlugin.dll [No File]

CHR HKLM-x32\...\Chrome\Extension: [eofcbnmajmjmplflapaojjnihcjkigck] - C:\Program Files\AVAST Software\Avast\WebRep\Chrome\aswWebRepChromeSp.crx <not found>

CHR HKLM-x32\...\Chrome\Extension: [gomekmidlodglbbmalcneegieacbdmki] - C:\Program Files\AVAST Software\Avast\WebRep\Chrome\aswWebRepChrome.crx <not found>

S3 AvastVBoxSvc; "C:\Program Files\AVAST Software\Avast\ng\vbox\AvastVBoxSVC.exe" [X]

S2 VBoxAswDrv; \??\C:\Program Files\AVAST Software\Avast\ng\vbox\VBoxAswDrv.sys [X]

2016-12-11

22:46 - 2015-03-22 09:53 - 00002688 _____ C:\WINDOWS\System32\Tasks\HDNINSTSCHD

Task: {0D8A891D-890C-4808-84D8-2F436AB14653} - \Microsoft\Windows\Application Experience\AitAgent -> No File <==== ATTENTION

Task: {1274336E-AB06-46B6-A48C-0671C5557CC6} - \Microsoft\Windows\TaskScheduler\Maintenance Configurator -> No File <==== ATTENTION

Task: {1687544D-7247-4F5A-965A-A6E920E55278} - \Microsoft\Windows\TaskScheduler\Manual Maintenance -> No File <==== ATTENTION

Task: {22D11A4F-6300-4C85-805D-E28F82328A11} - System32\Tasks\avast! Emergency Update => C:\Program Files\AVAST Software\Avast\AvastEmUpdate.exe

Task: {40525C58-79C2-47A1-9AA2-F1D7FC4F0691} - \Microsoft\Windows\WindowsBackup\ConfigNotification -> No File <==== ATTENTION

Task: {575815E5-190E-4262-9DD4-78B5EDFE9706} - \IEError -> No File <==== ATTENTION

Task: {58E36783-E85B-4886-89DA-9DF5FFDA0DC9} - \boosterpop -> No File <==== ATTENTION

Task: {6F02587F-8A2B-4552-97F6-DEEF229E335B} -

\Microsoft\Windows\TaskScheduler\Idle Maintenance -> No File <==== ATTENTION

Task: {B7992938-01F1-4F40-A0EC-0D23D2F0F152} - \Microsoft\Windows\TaskScheduler\Regular Maintenance -> No File <==== ATTENTION

Task: {CFD7C21A-808B-487B-A6EC-8A10E44E8360} - \Microsoft\Windows\SettingSync\BackupTask -> No File <==== ATTENTION

Task: {F4243BA2-AE36-4FCB-A1A9-445D8050AF22} - System32\Tasks\HDNINSTSCHD => C:\WINDOWS\PCBHDNW\hdnInstaller.exe <==== ATTENTION

AlternateDataStreams: C:\WINDOWS:nlsPreferences [386]

AlternateDataStreams: C:\ProgramData\Reprise:wupeogjxldtlfudivq`qsp`27hfm [0]

FirewallRules: [{D43B5797-34C6-47C3-9A16-7FDDE49FFAC2}] => C:\Program Files\AVAST Software\Avast\ng\vbox\aswFe.exe

FirewallRules: [{20E86EE6-B1EC-4A5F-9F55-FE48F4443340}] => C:\Program Files\AVAST Software\Avast\ng\vbox\aswFe.exe

FirewallRules: [{E4E3D4E2-677D-4CFB-B671-0F7ABA3A18E1}] => C:\Program Files\AVAST Software\Avast\ng\vbox\aswFe.exe

FirewallRules:

[{DB8445CE-4CC4-40B4-BECE-9A7FDC88472F}] => C:\Program Files\AVAST Software\Avast\ng\vbox\aswFe.exe

C:\Program Files\AVAST Software

C:\Users\Zoe\AppData\Local\Z@!-857a38d1-7fb4-44ee-8480-b18e0bf81580.tmp

C:\Users\Zoe\AppData\Local\Z@S!-41f01c69-c705-4be3-9fc2-a0811095041a.tmp

Hosts:

EmptyTemp:

 

*****************

 

Processes closed successfully.

HKLM\Software\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\\ => value removed successfully

HKLM\Software\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\\FATrayAlert => value removed successfully

HKLM\Software\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\\FAStartup => value removed successfully

HKLM\Software\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\\AvastUI.exe => value removed successfully

HKU\S-1-5-21-26081123-3961614288-2839776924-1001\Software\Microsoft\Windows\CurrentVersion\Run\\Zoom => value removed successfully

"HKU\S-1-5-21-26081123-3961614288-2839776924-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{470d92fd-de91-11e3-be9d-7427eac4b128}" => key removed successfully

HKCR\CLSID\{470d92fd-de91-11e3-be9d-7427eac4b128} => key not found.

"HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer" => key removed successfully

HKU\.DEFAULT\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope => value removed successfully

HKU\S-1-5-19\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope => value removed successfully

HKU\S-1-5-20\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope => value removed successfully

HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\BHO: avast! Online Security -> => key not found.

HKCR\CLSID\BHO: avast! Online Security -> => key not found.

{8E5E2654-AD2D-48bf-AC2D-D17F00898D06} -> C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll => No File => Error: No automatic fix found for this entry.

HKU\S-1-5-21-26081123-3961614288-2839776924-1001\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{47833539-D0C5-4125-9FA8-0819E2EAAC93} => value removed successfully

HKCR\CLSID\{47833539-D0C5-4125-9FA8-0819E2EAAC93} => key not found.

HKLM\Software\Wow6432Node\Mozilla\Firefox\Extensions\\wrc@avast.com => value removed successfully

"HKLM\Software\Wow6432Node\MozillaPlugins\www.exent.com/GameTreatWidget" => key removed successfully

"HKLM\SOFTWARE\Wow6432Node\Google\Chrome\Extensions\eofcbnmajmjmplflapaojjnihcjkigck" => key removed successfully

"HKLM\SOFTWARE\Wow6432Node\Google\Chrome\Extensions\gomekmidlodglbbmalcneegieacbdmki" => key removed successfully

AvastVBoxSvc => service removed successfully

VBoxAswDrv => service removed successfully

2016-12-11 => Error: No automatic fix found for this entry.

22:46 - 2015-03-22 09:53 - 00002688 _____ C:\WINDOWS\System32\Tasks\HDNINSTSCHD => Error: No automatic fix found for this entry.

"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{0D8A891D-890C-4808-84D8-2F436AB14653}" => key removed successfully

"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{0D8A891D-890C-4808-84D8-2F436AB14653}" => key removed successfully

"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Application Experience\AitAgent" => key removed successfully

"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{1274336E-AB06-46B6-A48C-0671C5557CC6}" => key removed successfully

"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{1274336E-AB06-46B6-A48C-0671C5557CC6}" => key removed successfully

"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\TaskScheduler\Maintenance Configurator" => key removed successfully

"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{1687544D-7247-4F5A-965A-A6E920E55278}" => key removed successfully

"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{1687544D-7247-4F5A-965A-A6E920E55278}" => key removed successfully

"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\TaskScheduler\Manual Maintenance" => key removed successfully

"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{22D11A4F-6300-4C85-805D-E28F82328A11}" => key removed successfully

"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{22D11A4F-6300-4C85-805D-E28F82328A11}" => key removed successfully

C:\WINDOWS\System32\Tasks\avast! Emergency Update => moved successfully

"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\avast! Emergency Update" => key removed successfully

"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{40525C58-79C2-47A1-9AA2-F1D7FC4F0691}" => key removed successfully

"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{40525C58-79C2-47A1-9AA2-F1D7FC4F0691}" => key removed successfully

"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\WindowsBackup\ConfigNotification" => key removed successfully

"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{575815E5-190E-4262-9DD4-78B5EDFE9706}" => key removed successfully

"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{575815E5-190E-4262-9DD4-78B5EDFE9706}" => key removed successfully

"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\IEError" => key removed successfully

"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{58E36783-E85B-4886-89DA-9DF5FFDA0DC9}" => key removed successfully

"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{58E36783-E85B-4886-89DA-9DF5FFDA0DC9}" => key removed successfully

"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\boosterpop" => key removed successfully

HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\Task: {6F02587F-8A2B-4552-97F6-DEEF229E335B} - => key not found.

\Microsoft\Windows\TaskScheduler\Idle Maintenance -> No File <==== ATTENTION => Error: No automatic fix found for this entry.

"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{B7992938-01F1-4F40-A0EC-0D23D2F0F152}" => key removed successfully

"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{B7992938-01F1-4F40-A0EC-0D23D2F0F152}" => key removed successfully

"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\TaskScheduler\Regular Maintenance" => key removed successfully

"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{CFD7C21A-808B-487B-A6EC-8A10E44E8360}" => key removed successfully

"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{CFD7C21A-808B-487B-A6EC-8A10E44E8360}" => key removed successfully

"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\SettingSync\BackupTask" => key removed successfully

"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{F4243BA2-AE36-4FCB-A1A9-445D8050AF22}" => key removed successfully

"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{F4243BA2-AE36-4FCB-A1A9-445D8050AF22}" => key removed successfully

C:\WINDOWS\System32\Tasks\HDNINSTSCHD => moved successfully

"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\HDNINSTSCHD" => key removed successfully

C:\WINDOWS => ":nlsPreferences" ADS removed successfully.

C:\ProgramData\Reprise => ":wupeogjxldtlfudivq`qsp`27hfm" ADS removed successfully.

HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{D43B5797-34C6-47C3-9A16-7FDDE49FFAC2} => value removed successfully

HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{20E86EE6-B1EC-4A5F-9F55-FE48F4443340} => value removed successfully

HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{E4E3D4E2-677D-4CFB-B671-0F7ABA3A18E1} => value removed successfully

HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\FirewallRules: => value not found.

[{DB8445CE-4CC4-40B4-BECE-9A7FDC88472F}] => C:\Program Files\AVAST Software\Avast\ng\vbox\aswFe.exe => Error: No automatic fix found for this entry.

C:\Program Files\AVAST Software => moved successfully

C:\Users\Zoe\AppData\Local\Z@!-857a38d1-7fb4-44ee-8480-b18e0bf81580.tmp => moved successfully

C:\Users\Zoe\AppData\Local\Z@S!-41f01c69-c705-4be3-9fc2-a0811095041a.tmp => moved successfully

"C:\Windows\System32\Drivers\etc\hosts" => Could not move.

Could not restore Hosts.

 

=========== EmptyTemp: ==========

 

BITS transfer queue => 8388608 B

DOMStore, IE Recovery, AppCache, Feeds Cache, Thumbcache, IconCache => 62398407 B

Java, Flash, Steam htmlcache => 595 B

Windows/system/drivers => 130822247 B

Edge => 0 B

Chrome => 436725741 B

Firefox => 0 B

Opera => 0 B

Temp, IE cache, history, cookies, recent:

Default => 0 B

Users => 0 B

ProgramData => 0 B

Public => 0 B

systemprofile => 214417 B

systemprofile32 => 10794 B

LocalService => 66858 B

NetworkService => 54115458 B

Zoe => 448621811 B

Zoë Christine => 2648218 B

RecycleBin => 6277359 B

EmptyTemp: => 1.1 GB temporary data Removed.

 

================================

 

The system needed a reboot.

==== End of Fixlog 09:31:12 ====

 

CKScanner 2.5 - Additional Security Risks - These are not necessarily bad

hosts 127.0.0.1 3dns-2.adobe.com

hosts 127.0.0.1 3dns-3.adobe.com

hosts 127.0.0.1 3dns-4.adobe.com

hosts 127.0.0.1 3dns-5.adobe.com

hosts 127.0.0.1 adobe-dns.adobe.com

hosts 127.0.0.1 adobe-dns-2.adobe.com

hosts 127.0.0.1 adobe-dns-3.adobe.com

hosts 127.0.0.1 adobe.activate.com

hosts 127.0.0.1 activate.adobe.com

hosts 127.0.0.1 activate.wip3.adobe.com

hosts 127.0.0.1 activate.wip4.adobe.com

hosts 127.0.0.1 activate-sea.adobe.com

hosts 127.0.0.1 activate-sjc0.adobe.com

hosts 127.0.0.1 ereg.adobe.com

hosts 127.0.0.1 ereg.wip3.adobe.com

hosts 127.0.0.1 ereg.wip4.adobe.com

hosts 127.0.0.1 practivate.adobe.com

hosts 127.0.0.1 www.wip3.adobe.com

hosts 127.0.0.1 www.wip4.adobe.com

hosts 127.0.0.1 www.adobeereg.com

hosts 127.0.0.1 adobeereg.com

hosts 127.0.0.1 hl2rcv.adobe.com

hosts 127.0.0.1 wwis-dubc1-vip30.adobe.com

hosts 127.0.0.1 wwis-dubc1-vip31.adobe.com

hosts 127.0.0.1 wwis-dubc1-vip32.adobe.com

hosts 127.0.0.1 wwis-dubc1-vip33.adobe.com

hosts 127.0.0.1 wwis-dubc1-vip34.adobe.com

hosts 127.0.0.1 wwis-dubc1-vip35.adobe.com

hosts 127.0.0.1 wwis-dubc1-vip36.adobe.com

hosts 127.0.0.1 wwis-dubc1-vip37.adobe.com

hosts 127.0.0.1 wwis-dubc1-vip38.adobe.com

hosts 127.0.0.1 wwis-dubc1-vip39.adobe.com

hosts 127.0.0.1 wwis-dubc1-vip40.adobe.com

hosts 127.0.0.1 wwis-dubc1-vip41.adobe.com

hosts 127.0.0.1 wwis-dubc1-vip42.adobe.com

hosts 127.0.0.1 wwis-dubc1-vip43.adobe.com

hosts 127.0.0.1 wwis-dubc1-vip44.adobe.com

hosts 127.0.0.1 wwis-dubc1-vip45.adobe.com

hosts 127.0.0.1 wwis-dubc1-vip46.adobe.com

hosts 127.0.0.1 wwis-dubc1-vip47.adobe.com

hosts 127.0.0.1 wwis-dubc1-vip48.adobe.com

hosts 127.0.0.1 wwis-dubc1-vip49.adobe.com

hosts 127.0.0.1 wwis-dubc1-vip50.adobe.com

hosts 127.0.0.1 wwis-dubc1-vip51.adobe.com

hosts 127.0.0.1 wwis-dubc1-vip52.adobe.com

hosts 127.0.0.1 wwis-dubc1-vip53.adobe.com

hosts 127.0.0.1 wwis-dubc1-vip54.adobe.com

hosts 127.0.0.1 wwis-dubc1-vip55.adobe.com

hosts 127.0.0.1 wwis-dubc1-vip56.adobe.com

hosts 127.0.0.1 wwis-dubc1-vip57.adobe.com

hosts 127.0.0.1 wwis-dubc1-vip58.adobe.com

hosts 127.0.0.1 wwis-dubc1-vip59.adobe.com

hosts 127.0.0.1 wwis-dubc1-vip60.adobe.com

hosts 127.0.0.1 wwis-dubc1-vip61.adobe.com

hosts 127.0.0.1 wwis-dubc1-vip62.adobe.com

hosts 127.0.0.1 wwis-dubc1-vip63.adobe.com

hosts 127.0.0.1 wwis-dubc1-vip64.adobe.com

hosts 127.0.0.1 wwis-dubc1-vip65.adobe.com

hosts 127.0.0.1 wwis-dubc1-vip66.adobe.com

hosts 127.0.0.1 wwis-dubc1-vip67.adobe.com

hosts 127.0.0.1 wwis-dubc1-vip68.adobe.com

hosts 127.0.0.1 wwis-dubc1-vip69.adobe.com

hosts 127.0.0.1 wwis-dubc1-vip70.adobe.com

hosts 127.0.0.1 wwis-dubc1-vip71.adobe.com

hosts 127.0.0.1 wwis-dubc1-vip72.adobe.com

hosts 127.0.0.1 wwis-dubc1-vip73.adobe.com

hosts 127.0.0.1 wwis-dubc1-vip74.adobe.com

hosts 127.0.0.1 wwis-dubc1-vip75.adobe.com

hosts 127.0.0.1 wwis-dubc1-vip76.adobe.com

hosts 127.0.0.1 wwis-dubc1-vip77.adobe.com

hosts 127.0.0.1 wwis-dubc1-vip78.adobe.com

hosts 127.0.0.1 wwis-dubc1-vip79.adobe.com

hosts 127.0.0.1 wwis-dubc1-vip80.adobe.com

hosts 127.0.0.1 wwis-dubc1-vip81.adobe.com

hosts 127.0.0.1 wwis-dubc1-vip82.adobe.com

hosts 127.0.0.1 wwis-dubc1-vip83.adobe.com

hosts 127.0.0.1 wwis-dubc1-vip84.adobe.com

hosts 127.0.0.1 wwis-dubc1-vip85.adobe.com

hosts 127.0.0.1 wwis-dubc1-vip86.adobe.com

hosts 127.0.0.1 wwis-dubc1-vip87.adobe.com

hosts 127.0.0.1 wwis-dubc1-vip88.adobe.com

hosts 127.0.0.1 wwis-dubc1-vip89.adobe.com

hosts 127.0.0.1 wwis-dubc1-vip90.adobe.com

hosts 127.0.0.1 wwis-dubc1-vip91.adobe.com

hosts 127.0.0.1 wwis-dubc1-vip92.adobe.com

hosts 127.0.0.1 wwis-dubc1-vip93.adobe.com

hosts 127.0.0.1 wwis-dubc1-vip94.adobe.com

hosts 127.0.0.1 wwis-dubc1-vip95.adobe.com

hosts 127.0.0.1 wwis-dubc1-vip96.adobe.com

hosts 127.0.0.1 wwis-dubc1-vip97.adobe.com

hosts 127.0.0.1 wwis-dubc1-vip98.adobe.com

hosts 127.0.0.1 wwis-dubc1-vip99.adobe.com

hosts 127.0.0.1 wwis-dubc1-vip100.adobe.com

hosts 127.0.0.1 wwis-dubc1-vip101.adobe.com

hosts 127.0.0.1 wwis-dubc1-vip102.adobe.com

hosts 127.0.0.1 wwis-dubc1-vip103.adobe.com

hosts 127.0.0.1 wwis-dubc1-vip104.adobe.com

hosts 127.0.0.1 wwis-dubc1-vip105.adobe.com

hosts 127.0.0.1 wwis-dubc1-vip106.adobe.com

hosts 127.0.0.1 wwis-dubc1-vip107.adobe.com

hosts 127.0.0.1 wwis-dubc1-vip108.adobe.com

hosts 127.0.0.1 wwis-dubc1-vip109.adobe.com

hosts 127.0.0.1 wwis-dubc1-vip110.adobe.com

hosts 127.0.0.1 wwis-dubc1-vip111.adobe.com

hosts 127.0.0.1 wwis-dubc1-vip112.adobe.com

hosts 127.0.0.1 wwis-dubc1-vip113.adobe.com

hosts 127.0.0.1 wwis-dubc1-vip114.adobe.com

hosts 127.0.0.1 wwis-dubc1-vip115.adobe.com

hosts 127.0.0.1 wwis-dubc1-vip116.adobe.com

hosts 127.0.0.1 wwis-dubc1-vip117.adobe.com

hosts 127.0.0.1 wwis-dubc1-vip118.adobe.com

hosts 127.0.0.1 wwis-dubc1-vip119.adobe.com

hosts 127.0.0.1 wwis-dubc1-vip120.adobe.com

hosts 127.0.0.1 wwis-dubc1-vip121.adobe.com

hosts 127.0.0.1 wwis-dubc1-vip122.adobe.com

hosts 127.0.0.1 wwis-dubc1-vip123.adobe.com

hosts 127.0.0.1 wwis-dubc1-vip124.adobe.com

hosts 127.0.0.1 wwis-dubc1-vip125.adobe.com

hosts 127.0.0.1    ereg.adobe.com

hosts 127.0.0.1    activate.wip3.adobe.com

hosts 127.0.0.1    wip3.adobe.com

hosts 127.0.0.1    3dns-3.adobe.com

hosts 127.0.0.1    3dns-2.adobe.com

hosts 127.0.0.1    adobe-dns.adobe.com

hosts 127.0.0.1    adobe-dns-2.adobe.com

hosts 127.0.0.1    adobe-dns-3.adobe.com

hosts 127.0.0.1    ereg.wip3.adobe.com

hosts 127.0.0.1    activate-sea.adobe.com

hosts 127.0.0.1    wwis-dubc1-vip60.adobe.com

hosts 127.0.0.1    activate-sjc0.adobe.com

hosts 127.0.0.1    adobe.activate.com

scanner sequence 3.ZZ.11.UTNAEZ

----- EOF -----

 

 

Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 07-12-2016

Ran by Zoë (administrator) on ZLENOVO (12-12-2016 10:18:19)

Running from C:\Users\Zoe\Desktop

Loaded Profiles: Zoë (Available Profiles: Zoë)

Platform: Windows 8.1 (Update) (X64) Language: English (United States)

Internet Explorer Version 11 (Default browser: Chrome)

Boot Mode: Normal

Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(Intel Corporation) C:\WINDOWS\System32\igfxCUIService.exe

(AO Kaspersky Lab) C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 17.0.0\avp.exe

(Intel® Corporation) C:\Program Files\Intel\iCLS Client\HeciServer.exe

() C:\WINDOWS\jmesoft\Service.exe

() C:\Program Files\CyberLink\Shared files\RichVideo64.exe

(IObit) C:\Program Files (x86)\IObit\Classic Start\SMService.exe

(Intel Corporation) C:\Program Files\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe

(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\DAL\Jhi_service.exe

(AO Kaspersky Lab) C:\Program Files (x86)\Kaspersky Lab\Kaspersky Secure Connection 1.0\ksde.exe

(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe

(AO Kaspersky Lab) C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 17.0.0\avpui.exe

(AO Kaspersky Lab) C:\Program Files (x86)\Kaspersky Lab\Kaspersky Secure Connection 1.0\ksdeui.exe

(Microsoft Corporation) C:\WINDOWS\Microsoft.NET\Framework64\v3.0\WPF\PresentationFontCache.exe

(IObit) C:\Program Files (x86)\IObit\Classic Start\ClassicStart.exe

(Intel Corporation) C:\WINDOWS\System32\igfxEM.exe

(Intel Corporation) C:\WINDOWS\System32\igfxHK.exe

(Intel Corporation) C:\WINDOWS\System32\igfxTray.exe

(IObit) C:\Program Files (x86)\IObit\Classic Start\StartMenu_Hook.exe

(IObit) C:\Program Files (x86)\IObit\Classic Start\InstallServices.exe

(Microsoft Corporation) C:\WINDOWS\System32\dllhost.exe

(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe

() C:\WINDOWS\SysWOW64\UMonit.exe

(Lenovo) C:\WINDOWS\jmesoft\hotkey.exe

() C:\WINDOWS\jmesoft\JME_LOAD.exe

(Lenovo) C:\Program Files\Lenovo\LVT\LJYZ.exe

(CyberLink Corp.) C:\Program Files (x86)\Lenovo\PowerDVD10\PDVD10Serv.exe

(CyberLink) C:\Program Files (x86)\Lenovo\Power2Go\CLMLSvc.exe

(Creative Technology Ltd) C:\Program Files (x86)\Creative\Creative Live! Cam\Live! Central 3\CTLVCentral3.exe

(Creative Technology Ltd.) C:\WINDOWS\V0750Mon.exe

(Brother Industries, Ltd.) C:\Program Files (x86)\ControlCenter4\BrCtrlCntr.exe

(Brother Industries, Ltd.) C:\Program Files (x86)\Browny02\Brother\BrStMonW.exe

(Brother Industries, Ltd.) C:\Program Files (x86)\Browny02\BrYNSvc.exe

(Brother Industries, Ltd.) C:\Program Files (x86)\ControlCenter4\BrCcUxSys.exe

(Brother Industries, Ltd.) C:\Program Files (x86)\Brother\Brother Help\BrotherHelp.exe

(Intel Corporation) C:\Program Files\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe

(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe

(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe

(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe

(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe

(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe

(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe

(Adobe Systems Incorporated) C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe

(Microsoft Corporation) C:\WINDOWS\SysWOW64\SearchProtocolHost.exe

==================== Registry (Whitelisted) ====================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [RTHDVCPL] => C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [13196432 2012-09-25] (Realtek Semiconductor)

HKLM\...\Run: [UMonit] => C:\windows\SysWOW64\UMonit.exe [28672 2012-07-24] ()

HKLM\...\Run: [IAStorIcon] => C:\Program Files\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe [286192 2013-01-31] (Intel Corporation)

HKLM-x32\...\Run: [jmekey] => C:\windows\jmesoft\hotkey.exe [118784 2013-07-24] (Lenovo)

HKLM-x32\...\Run: [jmesoft] => C:\Windows\jmesoft\ServiceLoader.exe [28672 2011-08-16] ()

HKLM-x32\...\Run: [Intel AppUp(SM) center] => C:\Program Files (x86)\Intel\IntelAppStore\bin\ismagent.exe [155488 2012-07-12] (Intel Corporation)

HKLM-x32\...\Run: [LVT] => C:\Program Files\Lenovo\LVT\LJYZ.exe [886112 2011-11-24] (Lenovo)

HKLM-x32\...\Run: [RemoteControl10] => C:\Program Files (x86)\Lenovo\PowerDVD10\PDVD10Serv.exe [95192 2013-03-08] (CyberLink Corp.)

HKLM-x32\...\Run: [CLMLServer] => C:\Program Files (x86)\Lenovo\Power2Go\CLMLSvc.exe [103720 2009-12-04] (CyberLink)

HKLM-x32\...\Run: [UpdateP2GoShortCut] => C:\Program Files (x86)\Lenovo\Power2Go\MUITransfer\MUIStartMenu.exe [214312 2011-12-06] (CyberLink Corp.)

HKLM-x32\...\Run: [GrooveMonitor] => C:\Program Files (x86)\Microsoft Office\Office12\GrooveMonitor.exe [30040 2009-02-26] (Microsoft Corporation)

HKLM-x32\...\Run: [Live! Central 3] => C:\Program Files (x86)\Creative\Creative Live! Cam\Live! Central 3\CTLVCentral3.exe [461312 2011-12-13] (Creative Technology Ltd)

HKLM-x32\...\Run: [FastAccess Web Alert] => C:\Program Files (x86)\Creative\Creative Live! Cam\Live! Central 3\FAInstaller\FATRY.exe [2033648 2011-07-11] (Microsoft)

HKLM-x32\...\Run: [V0750Mon.exe] => C:\WINDOWS\V0750Mon.exe [28672 2011-06-06] (Creative Technology Ltd.)

HKLM-x32\...\Run: [ControlCenter4] => C:\Program Files (x86)\ControlCenter4\BrCcBoot.exe [139264 2013-04-05] (Brother Industries, Ltd.)

HKLM-x32\...\Run: [BrStsMon00] => C:\Program Files (x86)\Browny02\Brother\BrStMonW.exe [4522496 2012-12-27] (Brother Industries, Ltd.)

HKLM-x32\...\Run: [BrHelp] => C:\Program Files (x86)\Brother\Brother Help\BrotherHelp.exe [2009088 2013-01-18] (Brother Industries, Ltd.)

HKLM-x32\...\Run: [SunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [587288 2016-09-22] (Oracle Corporation)

Winlogon\Notify\FastAccess: C:\Program Files (x86)\Sensible Vision\Fast Access\FALogNot.dll [2011-07-05] (Sensible Vision )

HKU\S-1-5-21-26081123-3961614288-2839776924-1001\...\Run: [DAEMON Tools Lite] => C:\Program Files (x86)\DAEMON Tools Lite\DTLite.exe [3675352 2013-10-28] (Disc Soft Ltd)

HKU\S-1-5-21-26081123-3961614288-2839776924-1001\...\Run: [Adobe Acrobat Synchronizer] => "C:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat\AdobeCollabSync.exe"

Lsa: [Notification Packages] scecli FAPassSync

ShellIconOverlayIdentifiers: [00avast] -> {472083B0-C522-11CF-8763-00608CC02F24} =>  No File

ShellIconOverlayIdentifiers: [SugarSyncBackedUp] -> {0C4A258A-3F3B-4FFF-80A7-9B3BEC139472} => C:\Program Files (x86)\SugarSync\SugarSyncShellExt_x64.dll [2012-05-14] (SugarSync, Inc.)

ShellIconOverlayIdentifiers: [SugarSyncPending] -> {62CCD8E3-9C21-41E1-B55E-1E26DFC68511} => C:\Program Files (x86)\SugarSync\SugarSyncShellExt_x64.dll [2012-05-14] (SugarSync, Inc.)

ShellIconOverlayIdentifiers: [SugarSyncRoot] -> {A759AFF6-5851-457D-A540-F4ECED148351} => C:\Program Files (x86)\SugarSync\SugarSyncShellExt_x64.dll [2012-05-14] (SugarSync, Inc.)

ShellIconOverlayIdentifiers: [SugarSyncShared] -> {1574C9EF-7D58-488F-B358-8B78C1538F51} => C:\Program Files (x86)\SugarSync\SugarSyncShellExt_x64.dll [2012-05-14] (SugarSync, Inc.)

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

Hosts: There are more than one entry in Hosts. See Hosts section of Addition.txt

Tcpip\Parameters: [DhcpNameServer] 192.168.2.1

Tcpip\..\Interfaces\{16D670A6-64C8-45F6-BF05-56CAEEB7F631}: [DhcpNameServer] 192.168.2.1

Tcpip\..\Interfaces\{A7CB3B0D-3720-4B78-92B4-672706EACB79}: [DhcpNameServer] 192.168.2.1

 

Internet Explorer:

==================

HKU\S-1-5-21-26081123-3961614288-2839776924-1001\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.google.ca/

BHO: Kaspersky Protection -> {2E38825B-8815-42CF-9126-C58BC28D4591} -> C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 17.0.0\x64\IEExt\ie_plugin.dll [2016-12-06] (AO Kaspersky Lab)

BHO: avast! Online Security -> {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} -> C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll => No File

BHO: Face recognition web login for FastAccess -> {DA5BCE70-D057-4D63-943D-5F3927EC59F1} -> C:\Program Files (x86)\Sensible Vision\Fast Access\x64\FAIESSO.dll [2011-07-05] (Sensible Vision )

BHO-x32: Groove GFS Browser Helper -> {72853161-30C5-4D22-B7F9-0BBC1D38A37E} -> C:\Program Files (x86)\Microsoft Office\Office12\GrooveShellExtensions.dll [2009-02-26] (Microsoft Corporation)

BHO-x32: Java™ Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre1.8.0_112\bin\ssv.dll [2016-12-01] (Oracle Corporation)

BHO-x32: Face recognition web login for FastAccess -> {DA5BCE70-D057-4D63-943D-5F3927EC59F1} -> C:\Program Files (x86)\Sensible Vision\Fast Access\FAIESSO.dll [2011-07-05] (Sensible Vision )

BHO-x32: Java™ Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre1.8.0_112\bin\jp2ssv.dll [2016-12-01] (Oracle Corporation)

Toolbar: HKLM - Kaspersky Protection Toolbar - {093F479D-712E-46CD-9E06-62E734A05F68} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 17.0.0\x64\IEExt\ie_plugin.dll [2016-12-06] (AO Kaspersky Lab)

DPF: HKLM-x32 {1ABA5FAC-1417-422B-BA82-45C35E2C908B} hxxp://kitchenplanner.ikea.com/JP/Core/Player/2020PlayerAX_IKEA_Win32.cab

DPF: HKLM-x32 {4FF78044-96B4-4312-A5B7-FDA3CB328095}

StartMenuInternet: IEXPLORE.EXE - iexplore.exe

FireFox:

========

FF HKLM\...\Firefox\Extensions: [light_plugin_F6F079488B53499DB99380A7E11A93F6@kaspersky.com] - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 17.0.0\FFExt\light_plugin_firefox\addon.xpi

FF Extension: (Kaspersky Protection) - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 17.0.0\FFExt\light_plugin_firefox\addon.xpi [2016-12-06]

FF HKLM-x32\...\Firefox\Extensions: [fassoxpcom@sensiblevision.com] - C:\Program Files (x86)\Sensible Vision\Fast Access\xpcom_fasso

FF Extension: (FastAccess Web Login) - C:\Program Files (x86)\Sensible Vision\Fast Access\xpcom_fasso [2015-01-04] [not signed]

FF HKLM-x32\...\Firefox\Extensions: [light_plugin_F6F079488B53499DB99380A7E11A93F6@kaspersky.com] - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 17.0.0\FFExt\light_plugin_firefox\addon.xpi

FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.50901.0\npctrl.dll [2016-08-31] ( Microsoft Corporation)

FF Plugin-x32: @exent.com/npExentControl,version=7.1.0.1 -> C:\Program Files (x86)\FreeRide Games\npExentControl.dll [2010-10-18] (Exent Technologies Ltd.)

FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI ipt;version=3.0.72 -> C:\Program Files (x86)\Intel\Intel® Management Engine Components\IPT\npIntelWebAPIIPT.dll [2013-01-23] (Intel Corporation)

FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI updater -> C:\Program Files (x86)\Intel\Intel® Management Engine Components\IPT\npIntelWebAPIUpdater.dll [2013-01-23] (Intel Corporation)

FF Plugin-x32: @java.com/DTPlugin,version=11.112.2 -> C:\Program Files (x86)\Java\jre1.8.0_112\bin\dtplugin\npDeployJava1.dll [2016-12-01] (Oracle Corporation)

FF Plugin-x32: @java.com/JavaPlugin,version=11.112.2 -> C:\Program Files (x86)\Java\jre1.8.0_112\bin\plugin2\npjp2.dll [2016-12-01] (Oracle Corporation)

FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files (x86)\Microsoft Silverlight\5.1.50901.0\npctrl.dll [2016-08-31] ( Microsoft Corporation)

FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.31.5\npGoogleUpdate3.dll [2016-07-28] (Google Inc.)

FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.31.5\npGoogleUpdate3.dll [2016-07-28] (Google Inc.)

FF Plugin ProgramFiles/Appdata: C:\Users\Zoe\AppData\Roaming\mozilla\plugins\npatgpc.dll [2015-08-27] (Cisco WebEx LLC)

StartMenuInternet: FIREFOX.EXE - firefox.exe

 

Chrome:

=======

CHR Profile: C:\Users\Zoe\AppData\Local\Google\Chrome\User Data\Default [2016-12-12]

CHR Extension: (Google Slides) - C:\Users\Zoe\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2015-11-16]

CHR Extension: (Google Docs) - C:\Users\Zoe\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2015-11-16]

CHR Extension: (Google Drive) - C:\Users\Zoe\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2015-11-16]

CHR Extension: (YouTube) - C:\Users\Zoe\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2015-11-16]

CHR Extension: (Google Search) - C:\Users\Zoe\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2015-11-16]

CHR Extension: (Google Sheets) - C:\Users\Zoe\AppData\Local\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2015-11-16]

CHR Extension: (Kaspersky Protection) - C:\Users\Zoe\AppData\Local\Google\Chrome\User Data\Default\Extensions\fhoibnponjcgjgcnfacekaijdbbplhib [2016-11-28]

CHR Extension: (Google Docs Offline) - C:\Users\Zoe\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2016-03-15]

CHR Extension: (Cisco WebEx Extension) - C:\Users\Zoe\AppData\Local\Google\Chrome\User Data\Default\Extensions\jlhmfgmfgeifomenelglieieghnjghma [2015-12-18]

CHR Extension: (Chrome Web Store Payments) - C:\Users\Zoe\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2016-04-01]

CHR Extension: (Gmail) - C:\Users\Zoe\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2015-11-16]

CHR Extension: (Chrome Media Router) - C:\Users\Zoe\AppData\Local\Google\Chrome\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm [2016-10-26]

CHR Extension: (Skype Calling) - C:\Users\Zoe\AppData\Local\Google\Chrome\User Data\Default\Extensions\poghlonenmjdkfghdpfomojhhfggildk [2016-03-01]

CHR HKLM\...\Chrome\Extension: [fhoibnponjcgjgcnfacekaijdbbplhib] - hxxps://chrome.google.com/webstore/detail/fhoibnponjcgjgcnfacekaijdbbplhib

CHR HKLM-x32\...\Chrome\Extension: [fhoibnponjcgjgcnfacekaijdbbplhib] - hxxps://chrome.google.com/webstore/detail/fhoibnponjcgjgcnfacekaijdbbplhib

==================== Services (Whitelisted) ====================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R2 AVP17.0.0; C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 17.0.0\avp.exe [241544 2016-06-28] (AO Kaspersky Lab)

R3 BrYNSvc; C:\Program Files (x86)\Browny02\BrYNSvc.exe [282112 2012-10-26] (Brother Industries, Ltd.) [File not signed]

S3 FAService; C:\Program Files (x86)\Sensible Vision\Fast Access\FAService.exe [2451440 2011-07-05] (Sensible Vision ) [File not signed]

R2 IAStorDataMgrSvc; C:\Program Files\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe [15344 2013-01-31] (Intel Corporation)

R2 igfxCUIService1.0.0.0; C:\WINDOWS\system32\igfxCUIService.exe [314696 2014-05-20] (Intel Corporation)

R2 Intel® Capability Licensing Service Interface; C:\Program Files\Intel\iCLS Client\HeciServer.exe [732160 2012-12-10] (Intel® Corporation) [File not signed]

S3 Intel® Capability Licensing Service TCP IP Interface; C:\Program Files\Intel\iCLS Client\SocketHeciServer.exe [803872 2012-12-10] (Intel® Corporation)

R2 jhi_service; C:\Program Files (x86)\Intel\Intel® Management Engine Components\DAL\jhi_service.exe [167736 2013-01-30] (Intel Corporation)

R2 JME Keyboard; C:\Windows\jmesoft\Service.exe [32768 2011-08-16] () [File not signed]

S3 klvssbrigde64; C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 17.0.0\x64\vssbridge64.exe [77328 2016-06-28] (AO Kaspersky Lab)

R2 KSDE1.0.0; C:\Program Files (x86)\Kaspersky Lab\Kaspersky Secure Connection 1.0\ksde.exe [241544 2016-06-28] (AO Kaspersky Lab)

S3 LSCWinService; C:\Program Files\Lenovo\Lenovo Solution Center\App\LSCWinService.exe [272440 2015-03-09] (Lenovo)

R2 RichVideo64; C:\Program Files\CyberLink\Shared files\RichVideo64.exe [390632 2013-05-14] ()

R2 SMService; C:\program files (x86)\iobit\Classic Start\SMService.exe [1063200 2015-12-29] (IObit)

S3 WdNisSvc; C:\Program Files\Windows Defender\NisSrv.exe [366552 2015-07-07] (Microsoft Corporation)

S3 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [23824 2015-07-07] (Microsoft Corporation)

 

===================== Drivers (Whitelisted) ======================

 

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

 

R2 aswHwid; C:\WINDOWS\system32\drivers\aswHwid.sys [29168 2015-04-24] ()

R0 cm_km; C:\WINDOWS\System32\DRIVERS\cm_km.sys [238936 2016-06-10] (AO Kaspersky Lab)

R1 dtsoftbus01; C:\WINDOWS\System32\drivers\dtsoftbus01.sys [283064 2014-06-10] (Disc Soft Ltd)

R3 GeneStor; C:\WINDOWS\System32\drivers\GeneStor.sys [60928 2012-07-06] (GenesysLogic)

R0 kl1; C:\WINDOWS\System32\DRIVERS\kl1.sys [554416 2016-06-02] (AO Kaspersky Lab)

R0 klbackupdisk; C:\WINDOWS\System32\DRIVERS\klbackupdisk.sys [63920 2016-06-07] (AO Kaspersky Lab)

R1 klbackupflt; C:\WINDOWS\System32\DRIVERS\klbackupflt.sys [86352 2016-06-15] (AO Kaspersky Lab)

R2 kldisk; C:\WINDOWS\system32\DRIVERS\kldisk.sys [78216 2016-05-31] (AO Kaspersky Lab)

S0 klelam; C:\WINDOWS\System32\DRIVERS\klelam.sys [28792 2016-03-31] (AO Kaspersky Lab)

R3 klflt; C:\WINDOWS\system32\DRIVERS\klflt.sys [191312 2016-06-26] (AO Kaspersky Lab)

R1 klhk; C:\WINDOWS\System32\drivers\klhk.sys [435032 2016-09-12] (AO Kaspersky Lab)

R1 KLIF; C:\WINDOWS\System32\DRIVERS\klif.sys [1019616 2016-12-06] (AO Kaspersky Lab)

R1 KLIM6; C:\WINDOWS\system32\DRIVERS\klim6.sys [57424 2016-12-06] (AO Kaspersky Lab)

R3 klkbdflt; C:\WINDOWS\system32\DRIVERS\klkbdflt.sys [52136 2016-05-19] (AO Kaspersky Lab)

R3 klmouflt; C:\WINDOWS\system32\DRIVERS\klmouflt.sys [41656 2015-06-07] (Kaspersky Lab ZAO)

R1 klpd; C:\WINDOWS\System32\DRIVERS\klpd.sys [45488 2016-05-31] (AO Kaspersky Lab)

R3 kltap; C:\WINDOWS\system32\DRIVERS\kltap.sys [52152 2016-06-07] (The OpenVPN Project)

R1 klwfp; C:\WINDOWS\system32\DRIVERS\klwfp.sys [85320 2016-06-18] (AO Kaspersky Lab)

R1 Klwtp; C:\WINDOWS\system32\DRIVERS\klwtp.sys [134880 2016-12-06] (AO Kaspersky Lab)

R1 kneps; C:\WINDOWS\system32\DRIVERS\kneps.sys [194480 2016-06-14] (AO Kaspersky Lab)

R3 V0750Vid; C:\WINDOWS\system32\DRIVERS\V0750Vid.sys [378368 2012-04-26] (Creative Technology Ltd.)

R3 VirtCam; C:\WINDOWS\system32\DRIVERS\VirtCam.sys [188672 2011-09-07] (Creative Technology Ltd.)

S3 WdBoot; C:\WINDOWS\system32\drivers\WdBoot.sys [44560 2015-07-07] (Microsoft Corporation)

S3 WdFilter; C:\WINDOWS\system32\drivers\WdFilter.sys [270168 2015-07-07] (Microsoft Corporation)

S3 WdNisDrv; C:\WINDOWS\System32\Drivers\WdNisDrv.sys [114520 2015-07-07] (Microsoft Corporation)

S3 WirelessKeyboardFilter; C:\WINDOWS\System32\drivers\WirelessKeyboardFilter.sys [49896 2016-07-22] (Microsoft Corporation)

S3 wsvd; C:\WINDOWS\system32\DRIVERS\wsvd.sys [102376 2012-06-13] ("CyberLink)

R2 X5XSEx_Pr148; C:\Program Files (x86)\FreeRide Games\X5XSEx_Pr148.Sys [56136 2012-08-02] (Exent Technologies Ltd.)

==================== NetSvcs (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

 

==================== One Month Created files and folders ========

 

(If an entry is included in the fixlist, the file/folder will be moved.)

 

2016-12-12 10:16 - 2016-12-12 10:16 - 00005822 _____ C:\Users\Zoe\Desktop\ckfiles.txt

2016-12-12 09:41 - 2016-12-12 09:41 - 00468480 _____ () C:\Users\Zoe\Desktop\CKScanner.exe

2016-12-12 09:30 - 2016-12-12 09:31 - 00013552 _____ C:\Users\Zoe\Desktop\Fixlog.txt

2016-12-12 09:29 - 2016-12-12 09:29 - 00007606 _____ C:\Users\Zoe\Desktop\latest email from satchfan.txt

2016-12-11 23:30 - 2016-12-12 09:23 - 00000000 ____D C:\ProgramData\ProductData

2016-12-11 22:59 - 2016-12-11 23:00 - 00032305 _____ C:\Users\Zoe\Desktop\Addition.txt

2016-12-11 22:58 - 2016-12-12 10:18 - 00020167 _____ C:\Users\Zoe\Desktop\FRST.txt

2016-12-11 22:58 - 2016-12-12 10:18 - 00000000 ____D C:\FRST

2016-12-11 22:57 - 2016-12-11 23:09 - 00000609 _____ C:\Users\Zoe\Desktop\JRT additional try.txt

2016-12-11 22:51 - 2016-12-11 22:51 - 02420224 _____ (Farbar) C:\Users\Zoe\Downloads\FRST64.exe

2016-12-11 22:51 - 2016-12-11 22:51 - 02420224 _____ (Farbar) C:\Users\Zoe\Desktop\FRST64.exe

2016-12-11 22:51 - 2016-12-11 22:51 - 01761792 _____ (Farbar) C:\Users\Zoe\Downloads\FRST.exe

2016-12-11 22:49 - 2016-12-11 23:08 - 00001782 _____ C:\Users\Zoe\Desktop\JRT scan log.txt

2016-12-11 22:48 - 2016-12-11 22:54 - 00000609 _____ C:\Users\Zoe\Desktop\JRT.txt

2016-12-11 22:34 - 2016-12-11 22:34 - 01631928 _____ (Malwarebytes) C:\Users\Zoe\Desktop\JRT.exe

2016-12-11 22:29 - 2016-12-11 23:08 - 00006062 _____ C:\Users\Zoe\Desktop\AdwCleaner[C0].txt

2016-12-11 22:13 - 2016-12-11 22:13 - 03968464 _____ C:\Users\Zoe\Desktop\adwcleaner_6.040.exe

2016-12-11 16:06 - 2016-12-11 16:07 - 00000161 _____ C:\Users\Zoe\Desktop\How to use AutoRuns.url

2016-12-11 15:42 - 2016-12-11 15:42 - 00000000 ____D C:\ProgramData\s34o

2016-12-11 15:42 - 2016-12-11 15:42 - 00000000 ____D C:\ProgramData\s2m8

2016-12-11 15:20 - 2016-12-11 17:05 - 00000000 ____D C:\Users\Zoe\Desktop\Security Measures

2016-12-11 15:19 - 2016-12-11 15:19 - 01304400 _____ C:\Users\Zoe\Downloads\Autoruns.zip

2016-12-11 15:18 - 2016-12-11 15:18 - 00388608 _____ (Trend Micro Inc.) C:\Users\Zoe\Downloads\HijackThis.exx

2016-12-07 12:02 - 2016-12-07 12:02 - 00001538 _____ C:\Users\Zoe\Downloads\webinar-646837688.ics

2016-12-04 18:43 - 2016-12-04 18:43 - 00000629 _____ C:\Users\Zoe\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Links.lnk

2016-12-04 18:33 - 2016-12-04 18:33 - 00000089 _____ C:\Users\Zoe\Desktop\Appian Tasks.url

2016-12-04 14:25 - 2016-12-04 14:37 - 00000000 ____D C:\FixMeStick

2016-12-04 10:50 - 2016-12-04 10:50 - 00000000 ____D C:\FixMeStick Quarantine

2016-12-02 08:28 - 2016-12-02 08:48 - 00000000 ____D C:\Users\Zoe\Desktop\Restonic MAttress

2016-12-01 15:16 - 2016-12-01 15:16 - 00097856 _____ (Oracle Corporation) C:\WINDOWS\SysWOW64\WindowsAccessBridge-32.dll

2016-12-01 15:16 - 2016-12-01 15:16 - 00000000 ____D C:\Users\Zoe\AppData\Roaming\Sun

2016-12-01 15:16 - 2016-12-01 15:16 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Java

2016-12-01 15:16 - 2016-12-01 15:16 - 00000000 ____D C:\Program Files (x86)\Java

2016-12-01 15:07 - 2016-12-01 15:07 - 00018063 _____ C:\Users\Zoe\Documents\Great news! Your reservation is ready for pickup..pdf

2016-12-01 12:21 - 2016-12-01 12:21 - 09535937 _____ C:\Users\Zoe\Desktop\GSI6_ZLENOVO_Zoë_12_01_2016_12_15_57.zip

2016-12-01 12:21 - 2016-12-01 12:21 - 00000000 ____D C:\ProgramData\s6to

2016-12-01 12:18 - 2016-12-01 12:18 - 00000000 ____D C:\ProgramData\s59c

2016-12-01 12:18 - 2016-12-01 12:18 - 00000000 ____D C:\ProgramData\s4sk

2016-12-01 12:15 - 2016-12-01 12:15 - 08955415 _____ C:\Users\Zoe\Downloads\GetSystemInfo6.1.zip

2016-12-01 12:15 - 2016-12-01 12:15 - 00000000 ____D C:\ProgramData\s5sc

2016-12-01 12:15 - 2016-12-01 12:15 - 00000000 ____D C:\ProgramData\s2k0

2016-11-28 12:01 - 2016-12-06 10:25 - 00001401 _____ C:\Users\Public\Desktop\Kaspersky Secure Connection.lnk

2016-11-28 12:01 - 2016-11-28 12:01 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Kaspersky Secure Connection

2016-11-28 12:01 - 2016-11-28 12:01 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Kaspersky Internet Security

2016-11-28 12:01 - 2016-11-28 12:00 - 00002177 _____ C:\Users\Public\Desktop\Safe Money.lnk

2016-11-28 12:01 - 2016-11-28 12:00 - 00002159 _____ C:\Users\Public\Desktop\Kaspersky Internet Security.lnk

2016-11-28 12:00 - 2016-12-12 09:51 - 00003032 _____ C:\WINDOWS\System32\Tasks\Kaspersky_Upgrade_Launcher_{278ADC42-419D-4547-A6CA-5B74BE0AD901}

2016-11-28 12:00 - 2016-11-28 12:12 - 00000000 ____D C:\Program Files\Common Files\AV

2016-11-28 11:59 - 2016-12-06 10:24 - 01019616 _____ (AO Kaspersky Lab) C:\WINDOWS\system32\Drivers\klif.sys

2016-11-28 11:59 - 2016-09-12 23:03 - 00435032 _____ (AO Kaspersky Lab) C:\WINDOWS\system32\Drivers\klhk.sys

2016-11-28 11:59 - 2016-06-26 15:14 - 00191312 _____ (AO Kaspersky Lab) C:\WINDOWS\system32\Drivers\klflt.sys

2016-11-28 11:57 - 2016-11-28 11:58 - 184496160 _____ (Kaspersky Lab) C:\Users\Zoe\Downloads\kis17.0.0.611aben_11548.exe

2016-11-28 09:28 - 2016-11-28 09:28 - 05886793 _____ C:\Users\Zoe\Desktop\edocuments_50452853.pdf

2016-11-17 13:56 - 2016-11-17 13:56 - 00133448 _____ (Zoom Video Communications, Inc.) C:\Users\Zoe\Downloads\Zoom_launcher (1).exe

2016-11-17 10:00 - 2016-11-17 10:00 - 00939323 _____ C:\Users\Zoe\Downloads\stylistic_editing_study_guide-sample.pdf

2016-11-15 15:08 - 2016-11-15 15:07 - 00133448 _____ (Zoom Video Communications, Inc.) C:\Users\Zoe\Desktop\Zoom_launcher.exe

2016-11-15 15:07 - 2016-12-12 10:12 - 00000000 ____D C:\Users\Zoe\AppData\Roaming\Zoom

2016-11-15 15:07 - 2016-11-15 15:07 - 00133448 _____ (Zoom Video Communications, Inc.) C:\Users\Zoe\Downloads\Zoom_launcher.exe

2016-11-15 14:59 - 2016-11-15 14:59 - 00001588 _____ C:\Users\Zoe\Downloads\vCalendar (1).vcs

2016-11-15 14:55 - 2016-11-15 14:55 - 00001588 _____ C:\Users\Zoe\Downloads\vCalendar.vcs

2016-11-12 21:07 - 2016-11-12 21:07 - 04746554 _____ C:\Users\Zoe\Downloads\abitibi_geological_compilation.pdf

2016-11-12 06:35 - 2016-11-12 06:35 - 03827599 _____ C:\Users\Zoe\Downloads\Sanimax  Enrolment ppt  3Nov16.pptx

2016-11-12 06:34 - 2016-11-12 06:34 - 05038003 _____ C:\Users\Zoe\Downloads\AC Nielsen  Annual Review Presentation.pptx

2016-11-12 06:34 - 2016-11-12 06:34 - 03555097 _____ C:\Users\Zoe\Downloads\Sanimax  Retirement Income Presentation ENG  10Nov16.pptx

==================== One Month Modified files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2016-12-12 10:16 - 2014-01-05 16:53 - 00003594 _____ C:\WINDOWS\System32\Tasks\Optimize Start Menu Cache Files-S-1-5-21-26081123-3961614288-2839776924-1001

2016-12-12 10:12 - 2013-09-22 15:00 - 00000000 ____D C:\ProgramData\Adobe

2016-12-12 09:52 - 2016-07-09 19:12 - 00000000 ____D C:\ProgramData\Kaspersky Lab

2016-12-12 09:34 - 2013-08-22 09:45 - 00000006 ____H C:\WINDOWS\Tasks\SA.DAT

2016-12-12 09:33 - 2014-03-16 13:50 - 02829824 ___SH C:\Users\Zoe\Desktop\Thumbs.db

2016-12-12 09:32 - 2016-07-27 14:01 - 00000000 ____D C:\Users\Zoe\Desktop\System protection

2016-12-12 09:32 - 2013-08-22 10:36 - 00000000 ____D C:\WINDOWS\AppReadiness

2016-12-12 09:31 - 2014-01-07 12:52 - 00000000 ____D C:\Users\Zoe\AppData\LocalLow\Temp

2016-12-12 09:24 - 2014-01-07 21:57 - 00000000 ____D C:\Users\Zoe\AppData\Roaming\uTorrent

2016-12-12 09:20 - 2015-11-16 21:17 - 00000918 _____ C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore.job

2016-12-11 23:30 - 2013-08-22 08:36 - 00000000 ____D C:\WINDOWS\Inf

2016-12-11 23:07 - 2015-11-16 21:17 - 00000922 _____ C:\WINDOWS\Tasks\GoogleUpdateTaskMachineUA.job

2016-12-11 22:33 - 2014-03-18 05:03 - 00869476 _____ C:\WINDOWS\system32\PerfStringBackup.INI

2016-12-11 22:27 - 2013-08-22 08:25 - 00524288 ___SH C:\WINDOWS\system32\config\BBI

2016-12-11 22:26 - 2015-03-24 17:07 - 00000000 ____D C:\AdwCleaner

2016-12-11 16:31 - 2014-01-05 16:46 - 00000000 ____D C:\Users\Zoe\AppData\Local\VirtualStore

2016-12-11 09:16 - 2014-01-07 22:20 - 00000000 ____D C:\Users\Zoe\Documents\Zoë

2016-12-07 20:33 - 2016-01-01 12:12 - 00008203 _____ C:\WINDOWS\BRRBCOM.INI

2016-12-06 10:25 - 2013-08-22 08:25 - 00262144 ___SH C:\WINDOWS\system32\config\ELAM

2016-12-06 10:24 - 2016-09-12 23:03 - 00134880 _____ (AO Kaspersky Lab) C:\WINDOWS\system32\Drivers\klwtp.sys

2016-12-06 10:24 - 2016-09-12 23:03 - 00057424 _____ (AO Kaspersky Lab) C:\WINDOWS\system32\Drivers\klim6.sys

2016-12-04 14:21 - 2016-03-01 16:21 - 00000000 ____D C:\Users\Zoe\AppData\Local\SkypePlugin

2016-12-01 15:04 - 2016-07-27 14:05 - 00000000 ____D C:\Users\Zoe\Desktop\Ontario Learn

2016-12-01 12:15 - 2016-03-01 19:16 - 11011656 _____ (AO Kaspersky Lab) C:\Users\Zoe\Desktop\GetSystemInfo6.1.exe

2016-11-30 22:32 - 2014-01-07 20:36 - 00000000 ____D C:\Users\Zoe\AppData\LocalLow\IObit

2016-11-30 22:19 - 2014-01-07 20:36 - 00000000 ____D C:\Program Files (x86)\IObit

2016-11-30 22:19 - 2013-09-22 15:01 - 00000000 ____D C:\Program Files (x86)\Adobe

2016-11-28 12:01 - 2016-07-09 19:12 - 00000000 ____D C:\Program Files (x86)\Kaspersky Lab

2016-11-28 12:00 - 2012-07-26 03:12 - 00000000 ___HD C:\WINDOWS\ELAMBKUP

2016-11-28 09:32 - 2016-11-11 08:40 - 00000000 ____D C:\Users\Zoe\Desktop\Photos for Dad and Irene

2016-11-25 09:13 - 2013-08-22 10:36 - 00000000 ___HD C:\Program Files\WindowsApps

2016-11-14 17:09 - 2015-11-16 21:17 - 00002226 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk

 

==================== Files in the root of some directories =======

 

2015-04-29 18:58 - 2015-05-07 14:53 - 0004608 _____ () C:\Users\Zoe\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini

2016-02-09 16:13 - 2016-02-09 16:13 - 0353118 _____ () C:\Users\Zoe\AppData\Local\SquareClock.Production_HBMV1Icon.ico

2013-09-22 14:53 - 2013-09-22 14:53 - 0000198 ____H () C:\ProgramData\Lenovo-14736.vbs

 

Files to move or delete:

====================

C:\Users\Zoe\otrdtt_patient_windows_CA.exe

 

Some files in TEMP:

====================

C:\Users\Zoe\AppData\Local\Temp\CptInstall.exe

C:\Users\Zoe\AppData\Local\Temp\CptShare.dll

C:\Users\Zoe\AppData\Local\Temp\zCrashReport.dll

 

==================== Bamital & volsnap ======================

 

(There is no automatic fix for files that do not pass verification.)

 

C:\WINDOWS\system32\winlogon.exe => File is digitally signed

C:\WINDOWS\system32\wininit.exe => File is digitally signed

C:\WINDOWS\explorer.exe => File is digitally signed

C:\WINDOWS\SysWOW64\explorer.exe => File is digitally signed

C:\WINDOWS\system32\svchost.exe => File is digitally signed

C:\WINDOWS\SysWOW64\svchost.exe => File is digitally signed

C:\WINDOWS\system32\services.exe => File is digitally signed

C:\WINDOWS\system32\User32.dll => File is digitally signed

C:\WINDOWS\SysWOW64\User32.dll => File is digitally signed

C:\WINDOWS\system32\userinit.exe => File is digitally signed

C:\WINDOWS\SysWOW64\userinit.exe => File is digitally signed

C:\WINDOWS\system32\rpcss.dll => File is digitally signed

C:\WINDOWS\system32\dnsapi.dll => File is digitally signed

C:\WINDOWS\SysWOW64\dnsapi.dll => File is digitally signed

C:\WINDOWS\system32\Drivers\volsnap.sys => File is digitally signed

 

LastRegBack: 2016-12-11 17:13

 

==================== End of FRST.txt ============================

 

Additional scan result of Farbar Recovery Scan Tool (x64) Version: 07-12-2016

Ran by Zoë (12-12-2016 10:18:54)

Running from C:\Users\Zoe\Desktop

Windows 8.1 (Update) (X64) (2014-06-09 02:13:21)

Boot Mode: Normal

==========================================================

 

==================== Accounts: =============================

 

Administrator (S-1-5-21-26081123-3961614288-2839776924-500 - Administrator - Disabled)

Guest (S-1-5-21-26081123-3961614288-2839776924-501 - Limited - Disabled)

HomeGroupUser$ (S-1-5-21-26081123-3961614288-2839776924-1005 - Limited - Enabled)

Zoë (S-1-5-21-26081123-3961614288-2839776924-1001 - Administrator - Enabled) => C:\Users\Zoe

==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AV: Kaspersky Internet Security (Enabled - Up to date) {86367591-4BE4-AE08-2FD9-7FCB8259CD98}

AV: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

AS: Kaspersky Internet Security (Enabled - Up to date) {3D579475-6DDE-A186-1569-44B9F9DE8725}

AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

FW: Kaspersky Internet Security (Enabled) {BE0DF4B4-018B-AF50-0486-D6FE7C8A8AE3}

==================== Installed Programs ======================

(Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

Advanced Audio FX Engine (HKLM-x32\...\Advanced Audio FX Engine) (Version: 1.12.05 - Creative Technology Ltd)

Brother MFL-Pro Suite MFC-J475DW (HKLM-x32\...\{7B4C83B6-17C1-4BFD-B86D-4D7AD4498CBB}) (Version: 1.0.4.0 - Brother Industries, Ltd.)

Cisco WebEx Meetings (HKU\S-1-5-21-26081123-3961614288-2839776924-1001\...\ActiveTouchMeetingClient) (Version:  - Cisco WebEx LLC)

Creative HD CODEC (HKLM-x32\...\Creative HD CODEC) (Version: 1.1.1.3 - Creative Technology Ltd)

Creative HD CODEC (x32 Version: 1.1.1.3 - Creative Technology Ltd) Hidden

Creative Live! Central 3 (HKLM-x32\...\Creative Live! Central 2) (Version: 3.01.14 - Creative Technology Ltd)

Creative Software AutoUpdate (HKLM-x32\...\Creative Software AutoUpdate) (Version: 1.41 - Creative Technology Limited)

Creative System Information (HKLM-x32\...\SysInfo) (Version: 1.10 - Creative Technology Limited)

CyberLink PhotoDirector 3 (HKLM-x32\...\InstallShield_{39337565-330E-4ab6-A9AE-AC81E0720B10}) (Version: 3.0.1.4107 - CyberLink Corp.)

CyberLink PowerDirector 10 (HKLM-x32\...\InstallShield_{B0B4F6D2-F2AE-451A-9496-6F2F6A897B32}) (Version: 10.0.0.2810 - CyberLink Corp.)

CyberLink PowerDirector 10 (Version: 10.0.0.2810 - CyberLink Corp.) Hidden

DAEMON Tools Lite (HKLM-x32\...\DAEMON Tools Lite) (Version: 4.48.1.0347 - Disc Soft Ltd)

Driver & Application Installation (HKLM-x32\...\{BFECCF2A-F094-4066-8BFA-29CCBB7F6602}) (Version: 6.12.0911 - Lenovo)

FastAccess (HKLM\...\{59F70AEF-FBB5-4042-92CE-89C962CEF1B5}) (Version: 2.10.62.1 - Sensible Vision)

FastAccess Web Alert (HKLM-x32\...\FastAccess Web Alert) (Version: 1.00 - Sensible Vision)

FreeRide Games (HKLM-x32\...\{6C26A305-4549-4A8A-9F03-25719C03B0FB}) (Version: 07.05.83.01 - Exent Technologies)

Genesys USB Mass Storage Device (HKLM-x32\...\{959B7F35-2819-40C5-A0CD-3C53B5FCC935}) (Version: 4.1.1.0 - Genesys Logic)

Google Chrome (HKLM-x32\...\Google Chrome) (Version: 54.0.2840.99 - Google Inc.)

Google Update Helper (x32 Version: 1.3.25.11 - Google Inc.) Hidden

Google Update Helper (x32 Version: 1.3.31.5 - Google Inc.) Hidden

GotoCamera Client (HKLM-x32\...\GotoCameraClient) (Version:  - Pechora Technologies)

Intel AppUp(SM) center (HKLM-x32\...\Intel AppUp(SM) center 33057) (Version: 3.6.1.33057.10 - Intel)

Intel® Management Engine Components (HKLM-x32\...\{65153EA5-8B6E-43B6-857B-C6E4FC25798A}) (Version: 9.0.0.1310 - Intel Corporation)

Intel® Processor Graphics (HKLM-x32\...\{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}) (Version: 10.18.10.3621 - Intel Corporation)

Intel® Rapid Storage Technology (HKLM\...\{409CB30E-E457-4008-9B1A-ED1B9EA21140}) (Version: 12.0.0.1083 - Intel Corporation)

Intel® SDK for OpenCL - CPU Only Runtime Package (HKLM-x32\...\{FCB3772C-B7D0-4933-B1A9-3707EBACC573}) (Version: 3.0.0.66956 - Intel Corporation)

Java 8 Update 112 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F32180112F0}) (Version: 8.0.1120.15 - Oracle Corporation)

Kaspersky Internet Security (HKLM-x32\...\InstallWIX_{E27B1D7B-3B34-43A2-9FC0-9828D5DF46E2}) (Version: 17.0.0.611 - Kaspersky Lab)

Kaspersky Internet Security (x32 Version: 17.0.0.611 - Kaspersky Lab) Hidden

Kaspersky Secure Connection (HKLM-x32\...\InstallWIX_{1CF84962-50F8-48CA-9082-B70F3A02C686}) (Version: 17.0.0.611 - Kaspersky Lab)

Kaspersky Secure Connection (x32 Version: 17.0.0.611 - Kaspersky Lab) Hidden

Lenovo Assistant (HKLM-x32\...\{B2DE4F30-B8C7-49C0-85B9-2F37A5290F00}) (Version: 2.0.0.29 - Lenovo)

Lenovo Blacksilk USB Keyboard Driver (HKLM-x32\...\{B266E062-D6C5-485B-B426-51B152B041A6}) (Version: V1.6.13.0724 - Lenovo)

Lenovo Photos (HKLM-x32\...\Lenovo Photos) (Version: 4.8.5 - CEWE COLOR AG u Co. OHG)

Lenovo Power2Go (HKLM-x32\...\InstallShield_{40BF1E83-20EB-11D8-97C5-0009C5020658}) (Version: 6.0.7408 - CyberLink Corp.)

Lenovo Power2Go (x32 Version: 6.0.7408 - CyberLink Corp.) Hidden

Lenovo PowerDVD10 (HKLM-x32\...\InstallShield_{DEC235ED-58A4-4517-A278-C41E8DAEAB3B}) (Version: 10.0.5108.52 - CyberLink Corp.)

Lenovo PowerDVD10 (x32 Version: 10.0.5108.52 - CyberLink Corp.) Hidden

Lenovo Rescue System (HKLM-x32\...\InstallShield_{46F4D124-20E5-4D12-BE52-EC177A7A4B42}) (Version: 4.0.0.1511 - CyberLink Corp.)

Lenovo Rescue System (Version: 4.0.0.1511 - CyberLink Corp.) Hidden

Lenovo Solution Center (HKLM\...\{1CA74803-5CB2-4C03-BDBE-061EDC81CC7F}) (Version: 2.8.004.00 - Lenovo Group Limited)

Lenovo_Wireless_Driver (HKLM-x32\...\{FF1194C3-E958-442E-A074-D532608A9370}) (Version: 10.00.209 - Lenovo)

LifeScan USB Device Driver vSL3.0 (Driver Removal) (HKLM-x32\...\LFSVCOMM&10C4&85A7) (Version:  - LifeScan Inc)

Live! Cam Connect HD VF0750 Driver (1.01.01.00) (HKLM\...\Creative VF0750) (Version:  - Creative Technology Ltd.)

LVT (HKLM-x32\...\{9E3469A6-443A-452C-BF44-8D7CE3A9A7E2}) (Version: 5.00.0914 - Lenovo)

Microsoft Office 2007 Service Pack 3 (SP3) (HKLM-x32\...\{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{6E107EB7-8B55-48BF-ACCB-199F86A2CD93}) (Version:  - Microsoft)

Microsoft Office Enterprise 2007 (HKLM-x32\...\ENTERPRISE) (Version: 12.0.6612.1000 - Microsoft Corporation)

Microsoft Office File Validation Add-In (HKLM-x32\...\{90140000-2005-0000-0000-0000000FF1CE}) (Version: 14.0.5130.5003 - Microsoft Corporation)

Microsoft Office Outlook Connector (HKLM-x32\...\{95140000-0081-0409-0000-0000000FF1CE}) (Version: 14.0.6123.5001 - Microsoft Corporation)

Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.50901.0 - Microsoft Corporation)

Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)

Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation)

Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)

Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729 (HKLM-x32\...\{6AFCA4E1-9B78-3640-8F72-A7BF33448200}) (Version: 9.0.30729 - Microsoft Corporation)

Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)

Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)

Microsoft Visual C++ 2010  x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)

Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)

MobileCamStreamer (HKLM-x32\...\{2F0ED3F6-08DE-44A3-ACE3-88F7B76BCB7D}) (Version: 1.5.0 - Mobideos)

PCMATICPLUS (HKLM-x32\...\{783E55B8-AD96-4DE7-9DFD-2B8492B1BD43}) (Version: 1.0.0 - PCMATICPLUSSOL)

Realtek Ethernet Controller Driver (HKLM-x32\...\{8833FFB6-5B0C-4764-81AA-06DFEED9A476}) (Version: 8.10.1226.2012 - Realtek)

Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.6743 - Realtek Semiconductor Corp.)

Shared C Run-time for x64 (HKLM\...\{EF79C448-6946-4D71-8134-03407888C054}) (Version: 10.0.0 - McAfee)

Start Menu 8 (HKLM-x32\...\IObit_StartMenu8_is1) (Version: 3.1.0.3 - IObit)

SugarSync Manager (HKLM-x32\...\SugarSync) (Version: 1.9.61.90905 - SugarSync, Inc.)

Update for 2007 Microsoft Office System (KB967642) (HKLM-x32\...\{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{C444285D-5E4F-48A4-91DD-47AAAA68E92D}) (Version:  - Microsoft)

Webcam Virtual Driver (HKLM-x32\...\Webcam Virtual Driver) (Version: 1.00.08.0907 - Creative Technology Ltd)

Webcam Virtual Driver (x32 Version: 1.00.08.0907 - Creative Technology Ltd) Hidden

Windows Driver Package - FTDI CDM Driver Package - Bus/D2XX Driver (04/10/2012 2.08.24) (HKLM\...\4C8545EEB6143B6AD3858B5D1E0AEE76040B1435) (Version: 04/10/2012 2.08.24 - FTDI)

Windows Driver Package - FTDI CDM Driver Package - VCP Driver (04/10/2012 2.08.24) (HKLM\...\6849F67BACD4DA5A5B9D46803E6850D0BE8B3826) (Version: 04/10/2012 2.08.24 - FTDI)

Windows Driver Package - Prolific (Ser2pl) Ports  (02/05/2013 3.4.48.272) (HKLM\...\E505C6C0C866B222F96FF0A84F48FCA4F537947F) (Version: 02/05/2013 3.4.48.272 - Prolific)

==================== Custom CLSID (Whitelisted): ==========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

CustomCLSID: HKU\S-1-5-21-26081123-3961614288-2839776924-1001_Classes\CLSID\{820D63D5-8CFF-46DE-86AF-4997DEDD6DB5}\localserver32 -> C:\WINDOWS\system32\igfxEM.exe (Intel Corporation)

==================== Scheduled Tasks (Whitelisted) =============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

Task: {3DBDB81E-E26A-48AD-A6ED-F1F3C7A4C882} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2015-11-16] (Google Inc.)

Task: {60219488-5F8A-41B7-8D3E-6440C29906D5} - System32\Tasks\Lenovo\Lenovo-14736 => C:\ProgramData\Lenovo-14736.vbs [2013-09-22] ()

Task: {6F02587F-8A2B-4552-97F6-DEEF229E335B} - \Microsoft\Windows\TaskScheduler\Idle Maintenance -> No File <==== ATTENTION

Task: {71CAB299-3D7D-46EF-BD7B-A9B5BE8EB337} - System32\Tasks\Lenovo\LSC\LSCHardwareScanPostpone => C:\Program Files\Lenovo\Lenovo Solution Center\LSC.exe [2015-03-09] ()

Task: {76029948-AEAA-4394-8331-7B3E3E01CB62} - System32\Tasks\Lenovo\Lenovo Solution Center Launcher => C:\Program Files\lenovo\lenovo solution center\App\LSCService.exe [2015-03-09] (Lenovo)

Task: {7FF81D3D-2469-4BFB-BE42-8D4F7114EBB1} - System32\Tasks\Kaspersky_Upgrade_Launcher_{278ADC42-419D-4547-A6CA-5B74BE0AD901} => C:\Program Files\Common Files\AV\Kaspersky Lab\upgrade_launcher.exe [2016-08-23] (AO Kaspersky Lab)

Task: {80A09694-2E0C-457F-A063-867500F1CDBD} - System32\Tasks\Adobe Acrobat Update Task => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2015-07-07] (Adobe Systems Incorporated)

Task: {82DDD8B4-5907-4EBF-BABC-73047CE8E6C4} - System32\Tasks\Lenovo\Lenovo Customer Feedback Program => C:\Program Files\Lenovo\Customer Feedback Program\Lenovo.TVT.CustomerFeedback.Agent.exe

Task: {832D9F83-B090-4F6E-90F7-3B0B87233898} - System32\Tasks\Lenovo\LSC\Time72Task => C:\Program Files\Lenovo\Lenovo Solution Center\LSC.exe [2015-03-09] ()

Task: {871FC083-CCF8-4528-BB69-A3D00C699F34} - System32\Tasks\Microsoft\Windows\PLA\LSC Memory => Rundll32.exe C:\WINDOWS\system32\pla.dll,PlaHost "LSC Memory" "$(Arg0)"

Task: {8C0A1437-F0EA-46C6-B2D4-5D657EE55EDF} - System32\Tasks\START SKYDRIVE => C:\WINDOWS\System32\SkyDrive.exe [2014-10-30] (Microsoft Corporation)

Task: {9685AFDA-A51D-4BC5-817F-E6EAE6BF0834} - System32\Tasks\Microsoft\Windows\RemovalTools\MRT_HB => C:\WINDOWS\system32\MRT.exe [2016-11-09] (Microsoft Corporation)

Task: {B03C813D-708C-4E19-AE67-4B4EFECB5675} - System32\Tasks\Lenovo\LSC\RebootCountTask => C:\Program Files\Lenovo\Lenovo Solution Center\LSC.exe [2015-03-09] ()

Task: {C405CE9D-D85F-416D-8A26-C66A49E8573A} - System32\Tasks\Lenovo\Lenovo Customer Feedback Program 64 => C:\Program Files (x86)\Lenovo\Customer Feedback Program\Lenovo.TVT.CustomerFeedback.Agent.exe [2015-03-09] (Lenovo)

Task: {EB5E5606-4A5F-4CE9-A7F1-31ABAA2114CB} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2015-11-16] (Google Inc.)

Task: {EFEF35BF-85B0-48BD-8D09-9712BED75FEB} - System32\Tasks\Lenovo\LSC\LSCHardwareScan => C:\Program Files\Lenovo\Lenovo Solution Center\LSC.exe [2015-03-09] ()

Task: {F8D21119-C383-45FF-9E28-87394F8E0F9B} - System32\Tasks\Lenovo\LSC\Lenovo Solution Center Notifications => C:\Program Files\Lenovo\Lenovo Solution Center\LSCNotify.exe [2015-03-09] (Lenovo)

(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)

Task: C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe

Task: C:\WINDOWS\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe

 

==================== Shortcuts =============================

 

(The entries could be listed to be restored or removed.)

 

==================== Loaded Modules (Whitelisted) ==============

 

2011-07-05 15:25 - 2011-07-05 15:25 - 00095216 _____ () C:\WINDOWS\system32\FAIEExtension.DLL

2013-09-22 14:51 - 2011-08-16 22:46 - 00032768 _____ () C:\Windows\jmesoft\Service.exe

2013-09-22 15:06 - 2013-05-14 13:53 - 00390632 _____ () C:\Program Files\CyberLink\Shared files\RichVideo64.exe

2016-03-17 15:40 - 2005-04-21 23:36 - 00143360 _____ () C:\WINDOWS\system32\BrSNMP64.dll

2013-09-22 14:48 - 2012-07-24 06:36 - 00028672 _____ () C:\WINDOWS\SysWOW64\UMonit.exe

2013-09-22 14:51 - 2011-08-16 22:46 - 00024576 _____ () C:\Windows\jmesoft\JME_LOAD.exe

2016-06-28 00:19 - 2016-06-28 00:19 - 00865232 _____ () C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 17.0.0\kpcengine.2.3.dll

2013-09-22 14:49 - 2013-01-23 02:57 - 01199576 _____ () C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\ACE.dll

2016-08-03 09:47 - 2015-12-29 10:30 - 00355616 _____ () C:\program files (x86)\iobit\Classic Start\madExcept_.bpl

2016-08-03 09:47 - 2015-12-29 10:29 - 00190240 _____ () C:\program files (x86)\iobit\Classic Start\madBasic_.bpl

2016-08-03 09:47 - 2015-12-29 10:30 - 00057632 _____ () C:\program files (x86)\iobit\Classic Start\madDisAsm_.bpl

2016-08-03 09:47 - 2015-12-29 10:30 - 00275576 _____ () C:\program files (x86)\iobit\Classic Start\sqlite3.dll

2016-08-03 09:47 - 2015-12-29 10:30 - 00059680 _____ () C:\program files (x86)\iobit\Classic Start\parseAuto.dll

2016-08-03 09:47 - 2015-12-29 10:30 - 00625440 _____ () C:\program files (x86)\iobit\Classic Start\ProductStatistics.dll

2016-08-03 09:47 - 2015-12-29 10:31 - 00047904 _____ () C:\program files (x86)\iobit\Classic Start\winkey.dll

2013-09-22 14:51 - 2011-05-17 15:27 - 00028672 _____ () C:\Windows\jmesoft\hidhook.dll

2009-12-04 18:59 - 2009-12-04 18:59 - 00619816 _____ () C:\Program Files (x86)\Lenovo\Power2Go\CLMediaLibrary.dll

2009-12-04 19:04 - 2009-12-04 19:04 - 00013096 _____ () C:\Program Files (x86)\Lenovo\Power2Go\CLMLSvcPS.dll

2016-03-17 15:40 - 2009-02-27 15:38 - 00139264 ____R () C:\Program Files (x86)\Brother\BrUtilities\BrLogAPI.dll

2016-11-14 17:09 - 2016-11-08 15:29 - 01819240 _____ () C:\Program Files (x86)\Google\Chrome\Application\54.0.2840.99\libglesv2.dll

2016-11-14 17:09 - 2016-11-08 15:29 - 00093288 _____ () C:\Program Files (x86)\Google\Chrome\Application\54.0.2840.99\libegl.dll

2009-02-26 12:46 - 2009-02-26 12:46 - 00064344 _____ () C:\Program Files (x86)\Microsoft Office\Office12\ADDINS\ColleagueImport.dll

2011-06-22 10:46 - 2011-06-22 10:46 - 00434016 _____ () C:\Program Files (x86)\Microsoft Office\Office12\ADDINS\UmOutlookAddin.dll

2015-11-11 03:41 - 2015-11-11 03:41 - 00756376 _____ () C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE12\MSPTLS.DLL

==================== Alternate Data Streams (Whitelisted) =========

(If an entry is included in the fixlist, only the ADS will be removed.)

 

==================== Safe Mode (Whitelisted) ===================

 

(If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)

 

HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\str => ""="service"

 

==================== Association (Whitelisted) ===============

 

(If an entry is included in the fixlist, the registry item will be restored to default or removed.)

 

==================== Internet Explorer trusted/restricted ===============

(If an entry is included in the fixlist, it will be removed from the registry.)

 

==================== Hosts content: ==========================

 

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

 

2012-07-26 00:26 - 2014-01-07 22:15 - 00007375 ____A C:\WINDOWS\system32\Drivers\etc\hosts

 

127.0.0.1 3dns-2.adobe.com #192.150.22.22

127.0.0.1 3dns-3.adobe.com #192.150.14.21

127.0.0.1 3dns-4.adobe.com #192.150.18.247

127.0.0.1 3dns-5.adobe.com #192.150.22.46

127.0.0.1 adobe-dns.adobe.com #192.150.11.30

127.0.0.1 adobe-dns-2.adobe.com #192.150.11.247

127.0.0.1 adobe-dns-3.adobe.com #192.150.22.30

127.0.0.1 adobe.activate.com #69.175.22.26

127.0.0.1 activate.adobe.com #192.150.22.40

127.0.0.1 activate.wip3.adobe.com #192.150.22.40

127.0.0.1 activate.wip4.adobe.com #192.150.22.40

127.0.0.1 activate-sea.adobe.com #192.150.22.40

127.0.0.1 activate-sjc0.adobe.com #192.150.14.69

127.0.0.1 ereg.adobe.com #192.150.18.103

127.0.0.1 ereg.wip3.adobe.com #192.150.18.63

127.0.0.1 ereg.wip4.adobe.com #192.150.18.103

127.0.0.1 practivate.adobe.com #192.150.18.54

127.0.0.1 www.wip3.adobe.com #192.150.8.60

127.0.0.1 www.wip4.adobe.com #192.150.18.200

127.0.0.1 www.adobeereg.com #75.125.24.83

127.0.0.1 adobeereg.com #207.66.2.10

127.0.0.1 hl2rcv.adobe.com #192.150.14.174

127.0.0.1 wwis-dubc1-vip30.adobe.com #192.150.8.30

127.0.0.1 wwis-dubc1-vip31.adobe.com #192.150.8.31

127.0.0.1 wwis-dubc1-vip32.adobe.com #192.150.8.32

127.0.0.1 wwis-dubc1-vip33.adobe.com #192.150.8.33

127.0.0.1 wwis-dubc1-vip34.adobe.com #192.150.8.34

127.0.0.1 wwis-dubc1-vip35.adobe.com #192.150.8.35

127.0.0.1 wwis-dubc1-vip36.adobe.com #192.150.8.36

127.0.0.1 wwis-dubc1-vip37.adobe.com #192.150.8.37

There are 100 more lines.

 

==================== Other Areas ============================

 

(Currently there is no automatic fix for this section.)

 

HKU\S-1-5-21-26081123-3961614288-2839776924-1001\Control Panel\Desktop\\Wallpaper -> C:\Users\Zoe\AppData\Roaming\Microsoft\Windows\Themes\TranscodedWallpaper

DNS Servers: 192.168.2.1

HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 2) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1)

Windows Firewall is enabled.

==================== MSCONFIG/TASK MANAGER disabled items ==

 

==================== FirewallRules (Whitelisted) ===============

 

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

 

FirewallRules: [vm-monitoring-nb-session] => LPort=139

FirewallRules: [{8ED9BB69-39F2-4F92-B199-18144E8667A8}] => C:\Users\Zoe\AppData\Roaming\uTorrent\uTorrent.exe

FirewallRules: [{D46ADA49-A6D7-4F9F-B944-1C11CD5528C6}] => C:\Users\Zoe\AppData\Roaming\uTorrent\uTorrent.exe

FirewallRules: [{E134C8D4-392C-46E4-9712-70B0A44B4ECF}] => C:\Program Files\CyberLink\PowerDirector10\PDR10.EXE

FirewallRules: [{DC51FD07-3174-441F-978A-7D8A4B1783E1}] => C:\Program Files (x86)\Lenovo\PowerDVD10\PowerDVD10.EXE

FirewallRules: [{6A7554E3-49D1-44A3-906B-35A22A53E21B}] => C:\Program Files (x86)\Lenovo\PowerDVD10\PowerDVD Cinema\PowerDVDCinema10.exe

FirewallRules: [{DB8445CE-4CC4-40B4-BECE-9A7FDC88472F}] => C:\Program Files\AVAST Software\Avast\ng\vbox\aswFe.exe

FirewallRules: [TCP Query User{9E8C9A10-0530-48DD-BBF6-80892C38F289}C:\users\zoe\appdata\local\skypeplugin\7.15.0.49\pluginhost.exe] => C:\users\zoe\appdata\local\skypeplugin\7.15.0.49\pluginhost.exe

FirewallRules: [UDP Query User{DAD925E1-9855-43C6-994A-7CA7EA84C880}C:\users\zoe\appdata\local\skypeplugin\7.15.0.49\pluginhost.exe] => C:\users\zoe\appdata\local\skypeplugin\7.15.0.49\pluginhost.exe

FirewallRules: [{DD9B2C08-E399-4FA5-86DC-AC4E39BDF062}] => C:\users\zoe\appdata\local\skypeplugin\7.15.0.49\pluginhost.exe

FirewallRules: [{D7BFF8D4-1F78-47A4-8CFA-8299B48F67D4}] => C:\users\zoe\appdata\local\skypeplugin\7.15.0.49\pluginhost.exe

FirewallRules: [{C6677E78-8A4B-49D6-B0B8-A59C59A65FD0}] => C:\Program Files (x86)\Brother\Brmfl13b\FAXRX.EXE

FirewallRules: [{1D62FFDB-CDFD-4F69-9EBF-A306F4183B32}] => LPort=54925

FirewallRules: [{AF1BE9C7-4E3C-41D4-95B5-BAB556EB2276}] => C:\Program Files (x86)\Google\Chrome\Application\chrome.exe

==================== Restore Points =========================

26-11-2016 10:30:00 Scheduled Checkpoint

28-11-2016 16:45:48 Removed SketchUp 2016

30-11-2016 22:17:05 Removed SketchUp 2016

04-12-2016 14:17:39 Removed Skype Web Plugin

11-12-2016 17:24:42 Scheduled Checkpoint

11-12-2016 22:46:05 JRT Pre-Junkware Removal

11-12-2016 22:52:40 JRT Pre-Junkware Removal

12-12-2016 10:07:34 Removed Adobe Acrobat X Pro - English, Français, Deutsch.

 

==================== Faulty Device Manager Devices =============

 

==================== Event log errors: =========================

Application errors:

==================

Error: (12/12/2016 09:23:55 AM) (Source: Windows Search Service) (EventID: 3079) (User: )

Description: Notifications for the volume C:\ are not active.

 

Context: Windows Application

 

Details:

The parameter is incorrect.  (HRESULT : 0x80070057) (0x80070057)

Error: (12/11/2016 10:18:34 PM) (Source: Windows Search Service) (EventID: 3079) (User: )

Description: Notifications for the volume C:\ are not active.

 

Context: Windows Application

 

Details:

The parameter is incorrect.  (HRESULT : 0x80070057) (0x80070057)

Error: (12/04/2016 05:06:09 PM) (Source: Windows Search Service) (EventID: 3079) (User: )

Description: Notifications for the volume C:\ are not active.

 

Context: Windows Application

 

Details:

The parameter is incorrect.  (HRESULT : 0x80070057) (0x80070057)

Error: (12/02/2016 08:26:56 AM) (Source: Windows Search Service) (EventID: 3079) (User: )

Description: Notifications for the volume C:\ are not active.

 

Context: Windows Application

 

Details:

The volume change journal is being deleted.  (HRESULT : 0x8007049a) (0x8007049a)

Error: (12/01/2016 02:39:42 PM) (Source: Microsoft-Windows-Immersive-Shell) (EventID: 5973) (User: ZLenovo)

Description: Activation of app microsoft.windowscommunicationsapps_8wekyb3d8bbwe!ppleae38af2e007f4358a809ac99a64a67c1 failed with error: -2147009284 See the Microsoft-Windows-TWinUI/Operational log for additional information.

 

Error: (12/01/2016 02:39:42 PM) (Source: Microsoft-Windows-Immersive-Shell) (EventID: 5973) (User: ZLenovo)

Description: Activation of app microsoft.windowscommunicationsapps_8wekyb3d8bbwe!ppleae38af2e007f4358a809ac99a64a67c1 failed with error: -2147009284 See the Microsoft-Windows-TWinUI/Operational log for additional information.

Error: (12/01/2016 02:18:40 PM) (Source: Microsoft-Windows-Immersive-Shell) (EventID: 5973) (User: ZLenovo)

Description: Activation of app microsoft.windowscommunicationsapps_8wekyb3d8bbwe!ppleae38af2e007f4358a809ac99a64a67c1 failed with error: -2147009284 See the Microsoft-Windows-TWinUI/Operational log for additional information.

 

Error: (12/01/2016 02:18:40 PM) (Source: Microsoft-Windows-Immersive-Shell) (EventID: 5973) (User: ZLenovo)

Description: Activation of app microsoft.windowscommunicationsapps_8wekyb3d8bbwe!ppleae38af2e007f4358a809ac99a64a67c1 failed with error: -2147009284 See the Microsoft-Windows-TWinUI/Operational log for additional information.

Error: (12/01/2016 02:18:40 PM) (Source: Microsoft-Windows-Immersive-Shell) (EventID: 5973) (User: ZLenovo)

Description: Activation of app microsoft.windowscommunicationsapps_8wekyb3d8bbwe!ppleae38af2e007f4358a809ac99a64a67c1 failed with error: -2147009284 See the Microsoft-Windows-TWinUI/Operational log for additional information.

 

Error: (12/01/2016 02:18:10 PM) (Source: Microsoft-Windows-Immersive-Shell) (EventID: 5973) (User: ZLenovo)

Description: Activation of app microsoft.windowscommunicationsapps_8wekyb3d8bbwe!ppleae38af2e007f4358a809ac99a64a67c1 failed with error: -2147009284 See the Microsoft-Windows-TWinUI/Operational log for additional information.

 

System errors:

=============

Error: (12/12/2016 09:34:35 AM) (Source: Microsoft-Windows-TaskScheduler) (EventID: 413) (User: NT AUTHORITY)

Description: Task Scheduler service failed to load tasks at service startup. Additional Data: Error Value: 2147942523.

Error: (12/12/2016 09:34:35 AM) (Source: Microsoft-Windows-TaskScheduler) (EventID: 413) (User: NT AUTHORITY)

Description: Task Scheduler service failed to load tasks at service startup. Additional Data: Error Value: 2147942523.

 

Error: (12/12/2016 09:34:35 AM) (Source: Microsoft-Windows-TaskScheduler) (EventID: 412) (User: NT AUTHORITY)

Description: Task Scheduler service failed to launch tasks triggered by computer startup. Additional Data: Error Value: 2147942523.

Error: (12/12/2016 09:32:44 AM) (Source: Microsoft-Windows-WindowsUpdateClient) (EventID: 20) (User: NT AUTHORITY)

Description: Installation Failure: Windows failed to install the following update with error 0x80070003: E046963F.LenovoCompanion.

 

Error: (12/12/2016 09:32:44 AM) (Source: Microsoft-Windows-WindowsUpdateClient) (EventID: 20) (User: NT AUTHORITY)

Description: Installation Failure: Windows failed to install the following update with error 0x80070003: Microsoft.BingNews.

Error: (12/12/2016 09:32:38 AM) (Source: Microsoft-Windows-WindowsUpdateClient) (EventID: 20) (User: NT AUTHORITY)

Description: Installation Failure: Windows failed to install the following update with error 0x80070003: Microsoft.BingWeather.

 

Error: (12/12/2016 09:32:38 AM) (Source: Microsoft-Windows-WindowsUpdateClient) (EventID: 20) (User: NT AUTHORITY)

Description: Installation Failure: Windows failed to install the following update with error 0x80070003: AccuWeather.AccuWeatherforWindows8.

Error: (12/12/2016 09:32:32 AM) (Source: Microsoft-Windows-WindowsUpdateClient) (EventID: 20) (User: NT AUTHORITY)

Description: Installation Failure: Windows failed to install the following update with error 0x80070003: Microsoft.BingFinance.

 

Error: (12/12/2016 09:32:32 AM) (Source: Microsoft-Windows-WindowsUpdateClient) (EventID: 20) (User: NT AUTHORITY)

Description: Installation Failure: Windows failed to install the following update with error 0x80070003: Microsoft.BingSports.

Error: (12/12/2016 09:31:14 AM) (Source: Service Control Manager) (EventID: 7032) (User: )

Description: The Service Control Manager tried to take a corrective action (Restart the service) after the unexpected termination of the Windows Search service, but this action failed with the following error:

An instance of the service is already running.

 

CodeIntegrity:

===================================

  Date: 2016-11-28 12:01:57.558

  Description: Code Integrity determined that a process (\Device\HarddiskVolume5\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume5\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements.

  Date: 2016-11-28 12:01:57.275

  Description: Code Integrity determined that a process (\Device\HarddiskVolume5\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume5\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements.

 

  Date: 2016-11-28 12:01:56.975

  Description: Code Integrity determined that a process (\Device\HarddiskVolume5\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume5\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements.

  Date: 2016-11-17 13:57:47.746

  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume5\WINDOWS\System32\V0750Afx64.dll because the set of per-page image hashes could not be found on the system.

 

  Date: 2016-03-13 20:31:54.344

  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume5\Windows\System32\V0750Afx64.dll because the set of per-page image hashes could not be found on the system.

  Date: 2016-03-13 20:30:09.247

  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume5\Windows\System32\V0750Afx64.dll because the set of per-page image hashes could not be found on the system.

 

  Date: 2016-03-13 20:30:05.274

  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume5\Windows\System32\V0750Afx64.dll because the set of per-page image hashes could not be found on the system.

  Date: 2016-03-07 23:11:22.770

  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume5\Windows\System32\V0750Afx64.dll because the set of per-page image hashes could not be found on the system.

 

  Date: 2016-03-07 23:10:35.411

  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume5\Windows\System32\V0750Afx64.dll because the set of per-page image hashes could not be found on the system.

  Date: 2016-03-01 16:25:54.881

  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume5\Windows\System32\V0750Afx64.dll because the set of per-page image hashes could not be found on the system.

 

==================== Memory info ===========================

Processor: Intel® Pentium® CPU G3220 @ 3.00GHz

Percentage of memory in use: 35%

Total physical RAM: 8106.36 MB

Available physical RAM: 5202.16 MB

Total Virtual: 10922.36 MB

Available Virtual: 7884.54 MB

 

==================== Drives ================================

 

Drive c: (Windows8_OS) (Fixed) (Total:904.81 GB) (Free:709.5 GB) NTFS ==>[system with boot components (obtained from drive)]

 

==================== MBR & Partition Table ==================

 

========================================================

Disk: 0 (Size: 931.5 GB) (Disk ID: 6F167A79)

Partition: GPT.

==================== End of Addition.txt ============================



#9 satchfan

satchfan

  • Malware Response Team
  • 2,864 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Devon, UK
  • Local time:05:07 PM

Posted 12 December 2016 - 11:28 AM

Thank you for the logs.

 

I'm busy at the moment but will reply later.


My help is always free of charge. If you are happy with the help provided, if you wish you can make a donation to buy me a beer.


#10 satchfan

satchfan

  • Malware Response Team
  • 2,864 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Devon, UK
  • Local time:05:07 PM

Posted 12 December 2016 - 12:30 PM

Please temporarily disable Kaspersky Internet Security.

Run Farbar Recovery Scan Tool

Open notepad. Please copy the contents of the code box below and paste it into Notepad.

CloseProcesses:
C:\WINDOWS\system32\Drivers\etc\hosts

NOTE: This script was written specifically for this user, for use on that particular machine. Running this on another machine may cause damage to your operating system

  • save the files as fixlist.txt in the same folder as FRST – NOTE: It's important that both files, FRST and fixlist.txt are in the same location or the fix will not work
  • run FRST64 then click Fix just once and wait
  • it will create a log on your desktop, (Fixlog.txt); please post it to your reply.

Thanks

Satchfan

 


My help is always free of charge. If you are happy with the help provided, if you wish you can make a donation to buy me a beer.


#11 NotEvenRemotelyAGeek

NotEvenRemotelyAGeek
  • Topic Starter

  • Members
  • 13 posts
  • OFFLINE
  •  
  • Local time:11:07 AM

Posted 12 December 2016 - 01:49 PM

Hi Satchfan,

 

Here is my Fixlog.txt.  My fingers are crossed!

 

N.E.R.A.G.

 

Fix result of Farbar Recovery Scan Tool (x64) Version: 07-12-2016
Ran by Zoë (12-12-2016 13:38:38) Run:2
Running from C:\Users\Zoe\Desktop
Loaded Profiles: Zoë (Available Profiles: Zoë)
Boot Mode: Normal
==============================================
 
fixlist content:
*****************
CloseProcesses:
C:\WINDOWS\system32\Drivers\etc\hosts
 
*****************
 
Processes closed successfully.
C:\WINDOWS\system32\Drivers\etc\hosts => moved successfully
 
 
The system needed a reboot.
 
==== End of Fixlog 13:38:39 ====


#12 satchfan

satchfan

  • Malware Response Team
  • 2,864 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Devon, UK
  • Local time:05:07 PM

Posted 12 December 2016 - 05:19 PM

Please be sure that Kaspersky Internet Security is still disabled.

Run Farbar Recovery Scan Tool

Open notepad. Please copy the contents of the code box below and paste it into Notepad.

CloseProcesses:
Hosts:

NOTE: This script was written specifically for this user, for use on that particular machine. Running this on another machine may cause damage to your operating system

  • save the files as fixlist.txt in the same folder as FRST – NOTE: It's important that both files, FRST and fixlist.txt are in the same location or the fix will not work
  • run FRST64 then click Fix just once and wait
  • it will create a log on your desktop, (Fixlog.txt); please post it to your reply.

Thanks

Satchfan

 


My help is always free of charge. If you are happy with the help provided, if you wish you can make a donation to buy me a beer.


#13 NotEvenRemotelyAGeek

NotEvenRemotelyAGeek
  • Topic Starter

  • Members
  • 13 posts
  • OFFLINE
  •  
  • Local time:11:07 AM

Posted 12 December 2016 - 05:34 PM

Hi again, here is the latest Fixlog.txt:

 

Fix result of Farbar Recovery Scan Tool (x64) Version: 07-12-2016
Ran by Zoë (12-12-2016 17:29:46) Run:3
Running from C:\Users\Zoe\Desktop
Loaded Profiles: Zoë (Available Profiles: Zoë)
Boot Mode: Normal
==============================================
 
fixlist content:
*****************
CloseProcesses:
Hosts:
 
*****************
 
Processes closed successfully.
Hosts restored successfully.
 
 
The system needed a reboot.
 
==== End of Fixlog 17:29:46 ====


#14 satchfan

satchfan

  • Malware Response Team
  • 2,864 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Devon, UK
  • Local time:05:07 PM

Posted 13 December 2016 - 02:56 AM

Run Malwarebytes Anti-Malware

Please download Malwarebytes Anti-Malware to your desktop.

  • double-click mb3-setup-1878.1878-3.5.1.2522.exe and follow the prompts to install the program
  • at the end, be sure a checkmark is placed next to the following
    • Launch Malwarebytes Anti-Malware
    • a 14 day trial of the Premium features is pre-selected: deselect this if you don’t want it, (it won’t diminish the scanning and removal capabilities of the program).
  • click Finish.
  • on the Dashboard, click Update Now
  • after the update completes, click the Scan Now' button.
  • if an update is available, clicking the Update Now button will update it
  • a Threat Scan will begin.
  • when the scan is complete, if malware has been detected, click Apply Actions to allow MBAM to clean what was found
  • when the prompt to restart the computer appears, click Yes.
  • after the restart once you are back at your desktop, open MBAM once more
  • click on the “History” tab, the “Application Logs”
  • double-click on the scan log which shows the date and time of the scan just performed.
  • click Copy to Clipboard
  • please paste the contents of the clipboard into your reply.

Can you tell me if there are any outstanding problems.

Satchfan


Edited by satchfan, 13 December 2016 - 02:56 AM.

My help is always free of charge. If you are happy with the help provided, if you wish you can make a donation to buy me a beer.


#15 NotEvenRemotelyAGeek

NotEvenRemotelyAGeek
  • Topic Starter

  • Members
  • 13 posts
  • OFFLINE
  •  
  • Local time:11:07 AM

Posted 13 December 2016 - 09:40 AM

Hi Satchfan, quick question... When Malwarebytes tells me to close all applications, does that include Kaspersky (which is currently running a scan in the background)?

 

Thanks!






0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users